Replace godep with dep

2017-10-06 17:26:14 -03:00 · 2017-10-06 17:26:14 -03:00 · bf5616c65b
commit bf5616c65b
parent 1e7489927c
14883 changed files with 3937406 additions and 361781 deletions
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/validation/BUILD
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/validation/BUILD
@ -0,0 +1,37 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["validation_test.go"],
+    library = ":go_default_library",
+    deps = ["//vendor/k8s.io/apiserver/pkg/apis/audit:go_default_library"],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["validation.go"],
+    deps = [
+        "//vendor/k8s.io/apimachinery/pkg/api/validation:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/validation/field:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/apis/audit:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/validation/validation.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/validation/validation.go
@ -0,0 +1,131 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"strings"
+
+	"k8s.io/apimachinery/pkg/api/validation"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	"k8s.io/apiserver/pkg/apis/audit"
+)
+
+func ValidatePolicy(policy *audit.Policy) field.ErrorList {
+	var allErrs field.ErrorList
+	rulePath := field.NewPath("rules")
+	for i, rule := range policy.Rules {
+		allErrs = append(allErrs, validatePolicyRule(rule, rulePath.Index(i))...)
+	}
+	return allErrs
+}
+
+func validatePolicyRule(rule audit.PolicyRule, fldPath *field.Path) field.ErrorList {
+	var allErrs field.ErrorList
+	allErrs = append(allErrs, validateLevel(rule.Level, fldPath.Child("level"))...)
+	allErrs = append(allErrs, validateNonResourceURLs(rule.NonResourceURLs, fldPath.Child("nonResourceURLs"))...)
+	allErrs = append(allErrs, validateResources(rule.Resources, fldPath.Child("resources"))...)
+	allErrs = append(allErrs, validateOmitStages(rule.OmitStages, fldPath.Child("omitStages"))...)
+
+	if len(rule.NonResourceURLs) > 0 {
+		if len(rule.Resources) > 0 || len(rule.Namespaces) > 0 {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("nonResourceURLs"), rule.NonResourceURLs, "rules cannot apply to both regular resources and non-resource URLs"))
+		}
+	}
+
+	return allErrs
+}
+
+var validLevels = []string{
+	string(audit.LevelNone),
+	string(audit.LevelMetadata),
+	string(audit.LevelRequest),
+	string(audit.LevelRequestResponse),
+}
+
+var validOmitStages = []string{
+	string(audit.StageRequestReceived),
+	string(audit.StageResponseStarted),
+	string(audit.StageResponseComplete),
+	string(audit.StagePanic),
+}
+
+func validateLevel(level audit.Level, fldPath *field.Path) field.ErrorList {
+	switch level {
+	case audit.LevelNone, audit.LevelMetadata, audit.LevelRequest, audit.LevelRequestResponse:
+		return nil
+	case "":
+		return field.ErrorList{field.Required(fldPath, "")}
+	default:
+		return field.ErrorList{field.NotSupported(fldPath, level, validLevels)}
+	}
+}
+
+func validateNonResourceURLs(urls []string, fldPath *field.Path) field.ErrorList {
+	var allErrs field.ErrorList
+	for i, url := range urls {
+		if url == "*" {
+			continue
+		}
+
+		if !strings.HasPrefix(url, "/") {
+			allErrs = append(allErrs, field.Invalid(fldPath.Index(i), url, "non-resource URL rules must begin with a '/' character"))
+		}
+
+		if url != "" && strings.ContainsRune(url[:len(url)-1], '*') {
+			allErrs = append(allErrs, field.Invalid(fldPath.Index(i), url, "non-resource URL wildcards '*' must be the final character of the rule"))
+		}
+	}
+	return allErrs
+}
+
+func validateResources(groupResources []audit.GroupResources, fldPath *field.Path) field.ErrorList {
+	var allErrs field.ErrorList
+	for _, groupResource := range groupResources {
+		// The empty string represents the core API group.
+		if len(groupResource.Group) != 0 {
+			// Group names must be lower case and be valid DNS subdomains.
+			// reference: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md
+			// an error is returned for group name like rbac.authorization.k8s.io/v1beta1
+			// rbac.authorization.k8s.io is the valid one
+			if msgs := validation.NameIsDNSSubdomain(groupResource.Group, false); len(msgs) != 0 {
+				allErrs = append(allErrs, field.Invalid(fldPath.Child("group"), groupResource.Group, strings.Join(msgs, ",")))
+			}
+		}
+
+		if len(groupResource.ResourceNames) > 0 && len(groupResource.Resources) == 0 {
+			allErrs = append(allErrs, field.Invalid(fldPath.Child("resourceNames"), groupResource.ResourceNames, "using resourceNames requires at least one resource"))
+		}
+	}
+	return allErrs
+}
+
+func validateOmitStages(omitStages []audit.Stage, fldPath *field.Path) field.ErrorList {
+	var allErrs field.ErrorList
+	for i, stage := range omitStages {
+		valid := false
+		for _, validOmitStage := range validOmitStages {
+			if string(stage) == validOmitStage {
+				valid = true
+				break
+			}
+		}
+		if !valid {
+			allErrs = append(allErrs, field.Invalid(fldPath.Index(i), string(stage), "allowed stages are "+strings.Join(validOmitStages, ",")))
+		}
+	}
+	return allErrs
+}
--- a/vendor/k8s.io/apiserver/pkg/apis/audit/validation/validation_test.go
+++ b/vendor/k8s.io/apiserver/pkg/apis/audit/validation/validation_test.go
@ -0,0 +1,134 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"testing"
+
+	"k8s.io/apiserver/pkg/apis/audit"
+)
+
+func TestValidatePolicy(t *testing.T) {
+	validRules := []audit.PolicyRule{
+		{ // Defaulting rule
+			Level: audit.LevelMetadata,
+		}, { // Matching non-humans
+			Level:      audit.LevelNone,
+			UserGroups: []string{"system:serviceaccounts", "system:nodes"},
+		}, { // Specific request
+			Level:      audit.LevelRequestResponse,
+			Verbs:      []string{"get"},
+			Resources:  []audit.GroupResources{{Group: "rbac.authorization.k8s.io", Resources: []string{"roles", "rolebindings"}}},
+			Namespaces: []string{"kube-system"},
+		}, { // Some non-resource URLs
+			Level:      audit.LevelMetadata,
+			UserGroups: []string{"developers"},
+			NonResourceURLs: []string{
+				"/logs*",
+				"/healthz*",
+				"/metrics",
+				"*",
+			},
+		}, { // Omit RequestReceived stage
+			Level: audit.LevelMetadata,
+			OmitStages: []audit.Stage{
+				audit.Stage("RequestReceived"),
+			},
+		},
+	}
+	successCases := []audit.Policy{}
+	for _, rule := range validRules {
+		successCases = append(successCases, audit.Policy{Rules: []audit.PolicyRule{rule}})
+	}
+	successCases = append(successCases, audit.Policy{})                  // Empty policy is valid.
+	successCases = append(successCases, audit.Policy{Rules: validRules}) // Multiple rules.
+
+	for i, policy := range successCases {
+		if errs := ValidatePolicy(&policy); len(errs) != 0 {
+			t.Errorf("[%d] Expected policy %#v to be valid: %v", i, policy, errs)
+		}
+	}
+
+	invalidRules := []audit.PolicyRule{
+		{}, // Empty rule (missing Level)
+		{ // Missing level
+			Verbs:      []string{"get"},
+			Resources:  []audit.GroupResources{{Resources: []string{"secrets"}}},
+			Namespaces: []string{"kube-system"},
+		}, { // Invalid Level
+			Level: "FooBar",
+		}, { // NonResourceURLs + Namespaces
+			Level:           audit.LevelMetadata,
+			Namespaces:      []string{"default"},
+			NonResourceURLs: []string{"/logs*"},
+		}, { // NonResourceURLs + ResourceKinds
+			Level:           audit.LevelMetadata,
+			Resources:       []audit.GroupResources{{Resources: []string{"secrets"}}},
+			NonResourceURLs: []string{"/logs*"},
+		}, { // invalid group name
+			Level:     audit.LevelMetadata,
+			Resources: []audit.GroupResources{{Group: "rbac.authorization.k8s.io/v1beta1", Resources: []string{"roles"}}},
+		}, { // invalid non-resource URLs
+			Level: audit.LevelMetadata,
+			NonResourceURLs: []string{
+				"logs",
+				"/healthz*",
+			},
+		}, { // empty non-resource URLs
+			Level: audit.LevelMetadata,
+			NonResourceURLs: []string{
+				"",
+				"/healthz*",
+			},
+		}, { // invalid non-resource URLs with multi "*"
+			Level: audit.LevelMetadata,
+			NonResourceURLs: []string{
+				"/logs/*/*",
+				"/metrics",
+			},
+		}, { // invalid non-resrouce URLs with "*" not in the end
+			Level: audit.LevelMetadata,
+			NonResourceURLs: []string{
+				"/logs/*.log",
+				"/metrics",
+			},
+		},
+		{ // ResourceNames without Resources
+			Level:      audit.LevelMetadata,
+			Verbs:      []string{"get"},
+			Resources:  []audit.GroupResources{{ResourceNames: []string{"leader"}}},
+			Namespaces: []string{"kube-system"},
+		},
+		{ // invalid omitStages
+			Level: audit.LevelMetadata,
+			OmitStages: []audit.Stage{
+				audit.Stage("foo"),
+			},
+		},
+	}
+	errorCases := []audit.Policy{}
+	for _, rule := range invalidRules {
+		errorCases = append(errorCases, audit.Policy{Rules: []audit.PolicyRule{rule}})
+	}
+	errorCases = append(errorCases, audit.Policy{Rules: append(validRules, audit.PolicyRule{})}) // Multiple rules.
+
+	for i, policy := range errorCases {
+		if errs := ValidatePolicy(&policy); len(errs) == 0 {
+			t.Errorf("[%d] Expected policy %#v to be invalid!", i, policy)
+		}
+	}
+}