Update godeps

vendor/k8s.io/kubernetes/plugin/pkg/client/auth/BUILD

@@ -0,0 +1,21 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["plugins.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//plugin/pkg/client/auth/gcp:go_default_library",
+        "//plugin/pkg/client/auth/oidc:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/plugin/pkg/client/auth/gcp/BUILD

@@ -0,0 +1,34 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["gcp.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/client/restclient:go_default_library",
+        "//pkg/util/jsonpath:go_default_library",
+        "//pkg/util/yaml:go_default_library",
+        "//vendor:github.com/golang/glog",
+        "//vendor:golang.org/x/net/context",
+        "//vendor:golang.org/x/oauth2",
+        "//vendor:golang.org/x/oauth2/google",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["gcp_test.go"],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = ["//vendor:golang.org/x/oauth2"],
+)

vendor/k8s.io/kubernetes/plugin/pkg/client/auth/gcp/OWNERS

@@ -0,0 +1,3 @@
+assignees:
+  - cjcullen
+  - jlowdermilk

vendor/k8s.io/kubernetes/plugin/pkg/client/auth/gcp/gcp.go

@@ -17,25 +17,27 @@ limitations under the License.
 package gcp
 
 import (
+	"bytes"
+	"encoding/json"
+	"fmt"
 	"net/http"
+	"os/exec"
+	"strings"
 	"time"
 
 	"github.com/golang/glog"
 	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
 	"golang.org/x/oauth2/google"
-
-	clientreporestclient "k8s.io/client-go/1.4/rest"
 	"k8s.io/kubernetes/pkg/client/restclient"
+	"k8s.io/kubernetes/pkg/util/jsonpath"
+	"k8s.io/kubernetes/pkg/util/yaml"
 )
 
 func init() {
 	if err := restclient.RegisterAuthProviderPlugin("gcp", newGCPAuthProvider); err != nil {
 		glog.Fatalf("Failed to register gcp auth plugin: %v", err)
 	}
-	if err := clientreporestclient.RegisterAuthProviderPlugin("gcp", newGCPAuthProviderForClientRepo); err != nil {
-		glog.Fatalf("Failed to register gcp auth plugin: %v", err)
-	}
 }
 
 type gcpAuthProvider struct {
@@ -44,20 +46,22 @@ type gcpAuthProvider struct {
 }
 
 func newGCPAuthProvider(_ string, gcpConfig map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
-	ts, err := newCachedTokenSource(gcpConfig["access-token"], gcpConfig["expiry"], persister)
+	cmd, useCmd := gcpConfig["cmd-path"]
+	var ts oauth2.TokenSource
+	var err error
+	if useCmd {
+		ts, err = newCmdTokenSource(cmd, gcpConfig["token-key"], gcpConfig["expiry-key"], gcpConfig["time-fmt"])
+	} else {
+		ts, err = google.DefaultTokenSource(context.Background(), "https://www.googleapis.com/auth/cloud-platform")
+	}
 	if err != nil {
 		return nil, err
 	}
-	return &gcpAuthProvider{ts, persister}, nil
-}
-
-// newGCPAuthProviderForClientRepo is the same as newGCPAuthProvider, but is programmed against client-go's interface
-func newGCPAuthProviderForClientRepo(_ string, gcpConfig map[string]string, persister clientreporestclient.AuthProviderConfigPersister) (clientreporestclient.AuthProvider, error) {
-	ts, err := newCachedTokenSource(gcpConfig["access-token"], gcpConfig["expiry"], persister)
+	cts, err := newCachedTokenSource(gcpConfig["access-token"], gcpConfig["expiry"], persister, ts, gcpConfig)
 	if err != nil {
 		return nil, err
 	}
-	return &gcpAuthProvider{ts, persister}, nil
+	return &gcpAuthProvider{cts, persister}, nil
 }
 
 func (g *gcpAuthProvider) WrapTransport(rt http.RoundTripper) http.RoundTripper {
@@ -74,22 +78,23 @@ type cachedTokenSource struct {
 	accessToken string
 	expiry      time.Time
 	persister   restclient.AuthProviderConfigPersister
+	cache       map[string]string
 }
 
-func newCachedTokenSource(accessToken, expiry string, persister restclient.AuthProviderConfigPersister) (*cachedTokenSource, error) {
+func newCachedTokenSource(accessToken, expiry string, persister restclient.AuthProviderConfigPersister, ts oauth2.TokenSource, cache map[string]string) (*cachedTokenSource, error) {
 	var expiryTime time.Time
 	if parsedTime, err := time.Parse(time.RFC3339Nano, expiry); err == nil {
 		expiryTime = parsedTime
 	}
-	ts, err := google.DefaultTokenSource(context.Background(), "https://www.googleapis.com/auth/cloud-platform")
-	if err != nil {
-		return nil, err
+	if cache == nil {
+		cache = make(map[string]string)
 	}
 	return &cachedTokenSource{
 		source:      ts,
 		accessToken: accessToken,
 		expiry:      expiryTime,
 		persister:   persister,
+		cache:       cache,
 	}, nil
 }
 
@@ -107,13 +112,100 @@ func (t *cachedTokenSource) Token() (*oauth2.Token, error) {
 		return nil, err
 	}
 	if t.persister != nil {
-		cached := map[string]string{
-			"access-token": tok.AccessToken,
-			"expiry":       tok.Expiry.Format(time.RFC3339Nano),
-		}
-		if err := t.persister.Persist(cached); err != nil {
+		t.cache["access-token"] = tok.AccessToken
+		t.cache["expiry"] = tok.Expiry.Format(time.RFC3339Nano)
+		if err := t.persister.Persist(t.cache); err != nil {
 			glog.V(4).Infof("Failed to persist token: %v", err)
 		}
 	}
 	return tok, nil
 }
+
+type commandTokenSource struct {
+	cmd       string
+	args      []string
+	tokenKey  string
+	expiryKey string
+	timeFmt   string
+}
+
+func newCmdTokenSource(cmd, tokenKey, expiryKey, timeFmt string) (*commandTokenSource, error) {
+	if len(timeFmt) == 0 {
+		timeFmt = time.RFC3339Nano
+	}
+	if len(tokenKey) == 0 {
+		tokenKey = "{.access_token}"
+	}
+	if len(expiryKey) == 0 {
+		expiryKey = "{.token_expiry}"
+	}
+	fields := strings.Fields(cmd)
+	if len(fields) == 0 {
+		return nil, fmt.Errorf("missing access token cmd")
+	}
+	return &commandTokenSource{
+		cmd:       fields[0],
+		args:      fields[1:],
+		tokenKey:  tokenKey,
+		expiryKey: expiryKey,
+		timeFmt:   timeFmt,
+	}, nil
+}
+
+func (c *commandTokenSource) Token() (*oauth2.Token, error) {
+	fullCmd := fmt.Sprintf("%s %s", c.cmd, strings.Join(c.args, " "))
+	cmd := exec.Command(c.cmd, c.args...)
+	output, err := cmd.Output()
+	if err != nil {
+		return nil, fmt.Errorf("error executing access token command %q: %v", fullCmd, err)
+	}
+	token, err := c.parseTokenCmdOutput(output)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing output for access token command %q: %v", fullCmd, err)
+	}
+	return token, nil
+}
+
+func (c *commandTokenSource) parseTokenCmdOutput(output []byte) (*oauth2.Token, error) {
+	output, err := yaml.ToJSON(output)
+	if err != nil {
+		return nil, err
+	}
+	var data interface{}
+	if err := json.Unmarshal(output, &data); err != nil {
+		return nil, err
+	}
+
+	accessToken, err := parseJSONPath(data, "token-key", c.tokenKey)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing token-key %q: %v", c.tokenKey, err)
+	}
+	expiryStr, err := parseJSONPath(data, "expiry-key", c.expiryKey)
+	if err != nil {
+		return nil, fmt.Errorf("error parsing expiry-key %q: %v", c.expiryKey, err)
+	}
+	var expiry time.Time
+	if t, err := time.Parse(c.timeFmt, expiryStr); err != nil {
+		glog.V(4).Infof("Failed to parse token expiry from %s (fmt=%s): %v", expiryStr, c.timeFmt, err)
+	} else {
+		expiry = t
+	}
+
+	return &oauth2.Token{
+		AccessToken: accessToken,
+		TokenType:   "Bearer",
+		Expiry:      expiry,
+	}, nil
+}
+
+func parseJSONPath(input interface{}, name, template string) (string, error) {
+	j := jsonpath.New(name)
+	buf := new(bytes.Buffer)
+	if err := j.Parse(template); err != nil {
+		return "", err
+	}
+	if err := j.Execute(buf, input); err != nil {
+		return "", err
+	}
+	return buf.String(), nil
+}

vendor/k8s.io/kubernetes/plugin/pkg/client/auth/oidc/BUILD

@@ -0,0 +1,40 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["oidc.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/client/restclient:go_default_library",
+        "//pkg/util/wait:go_default_library",
+        "//vendor:github.com/coreos/go-oidc/jose",
+        "//vendor:github.com/coreos/go-oidc/oauth2",
+        "//vendor:github.com/coreos/go-oidc/oidc",
+        "//vendor:github.com/golang/glog",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["oidc_test.go"],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/util/diff:go_default_library",
+        "//pkg/util/wait:go_default_library",
+        "//plugin/pkg/auth/authenticator/token/oidc/testing:go_default_library",
+        "//vendor:github.com/coreos/go-oidc/jose",
+        "//vendor:github.com/coreos/go-oidc/key",
+        "//vendor:github.com/coreos/go-oidc/oauth2",
+    ],
+)

vendor/k8s.io/kubernetes/plugin/pkg/client/auth/oidc/OWNERS

@@ -1,2 +1,2 @@
 assignees:
-  - bobbyrullo
+  - ericchiang

vendor/k8s.io/kubernetes/plugin/pkg/client/auth/plugins.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package plugins
+package auth
 
 import (
 	// Initialize all known client auth plugins.