Replace godep with dep

vendor/k8s.io/apiserver/pkg/authentication/group/BUILD

@@ -0,0 +1,46 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "group_adder_test.go",
+        "token_group_adder_test.go",
+    ],
+    library = ":go_default_library",
+    deps = [
+        "//vendor/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library",
+    ],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "authenticated_group_adder.go",
+        "group_adder.go",
+        "token_group_adder.go",
+    ],
+    deps = [
+        "//vendor/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)

vendor/k8s.io/apiserver/pkg/authentication/group/authenticated_group_adder.go

@@ -0,0 +1,60 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package group
+
+import (
+	"net/http"
+
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"k8s.io/apiserver/pkg/authentication/user"
+)
+
+// AuthenticatedGroupAdder adds system:authenticated group when appropriate
+type AuthenticatedGroupAdder struct {
+	// Authenticator is delegated to make the authentication decision
+	Authenticator authenticator.Request
+}
+
+// NewAuthenticatedGroupAdder wraps a request authenticator, and adds the system:authenticated group when appropriate.
+// Authentication must succeed, the user must not be system:anonymous, the groups system:authenticated or system:unauthenticated must
+// not be present
+func NewAuthenticatedGroupAdder(auth authenticator.Request) authenticator.Request {
+	return &AuthenticatedGroupAdder{auth}
+}
+
+func (g *AuthenticatedGroupAdder) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
+	u, ok, err := g.Authenticator.AuthenticateRequest(req)
+	if err != nil || !ok {
+		return nil, ok, err
+	}
+
+	if u.GetName() == user.Anonymous {
+		return u, true, nil
+	}
+	for _, group := range u.GetGroups() {
+		if group == user.AllAuthenticated || group == user.AllUnauthenticated {
+			return u, true, nil
+		}
+	}
+
+	return &user.DefaultInfo{
+		Name:   u.GetName(),
+		UID:    u.GetUID(),
+		Groups: append(u.GetGroups(), user.AllAuthenticated),
+		Extra:  u.GetExtra(),
+	}, true, nil
+}

vendor/k8s.io/apiserver/pkg/authentication/group/group_adder.go

@@ -0,0 +1,50 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package group
+
+import (
+	"net/http"
+
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"k8s.io/apiserver/pkg/authentication/user"
+)
+
+// GroupAdder adds groups to an authenticated user.Info
+type GroupAdder struct {
+	// Authenticator is delegated to make the authentication decision
+	Authenticator authenticator.Request
+	// Groups are additional groups to add to the user.Info from a successful authentication
+	Groups []string
+}
+
+// NewGroupAdder wraps a request authenticator, and adds the specified groups to the returned user when authentication succeeds
+func NewGroupAdder(auth authenticator.Request, groups []string) authenticator.Request {
+	return &GroupAdder{auth, groups}
+}
+
+func (g *GroupAdder) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
+	u, ok, err := g.Authenticator.AuthenticateRequest(req)
+	if err != nil || !ok {
+		return nil, ok, err
+	}
+	return &user.DefaultInfo{
+		Name:   u.GetName(),
+		UID:    u.GetUID(),
+		Groups: append(u.GetGroups(), g.Groups...),
+		Extra:  u.GetExtra(),
+	}, true, nil
+}

vendor/k8s.io/apiserver/pkg/authentication/group/group_adder_test.go

@@ -0,0 +1,111 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package group
+
+import (
+	"net/http"
+	"reflect"
+	"testing"
+
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"k8s.io/apiserver/pkg/authentication/user"
+)
+
+func TestGroupAdder(t *testing.T) {
+	adder := authenticator.Request(
+		NewGroupAdder(
+			authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
+				return &user.DefaultInfo{Name: "user", Groups: []string{"original"}}, true, nil
+			}),
+			[]string{"added"},
+		),
+	)
+
+	user, _, _ := adder.AuthenticateRequest(nil)
+	if !reflect.DeepEqual(user.GetGroups(), []string{"original", "added"}) {
+		t.Errorf("Expected original,added groups, got %#v", user.GetGroups())
+	}
+}
+
+func TestAuthenticatedGroupAdder(t *testing.T) {
+	tests := []struct {
+		name         string
+		inputUser    user.Info
+		expectedUser user.Info
+	}{
+		{
+			name: "add",
+			inputUser: &user.DefaultInfo{
+				Name:   "user",
+				Groups: []string{"some-group"},
+			},
+			expectedUser: &user.DefaultInfo{
+				Name:   "user",
+				Groups: []string{"some-group", user.AllAuthenticated},
+			},
+		},
+		{
+			name: "don't double add",
+			inputUser: &user.DefaultInfo{
+				Name:   "user",
+				Groups: []string{user.AllAuthenticated, "some-group"},
+			},
+			expectedUser: &user.DefaultInfo{
+				Name:   "user",
+				Groups: []string{user.AllAuthenticated, "some-group"},
+			},
+		},
+		{
+			name: "don't add for anon",
+			inputUser: &user.DefaultInfo{
+				Name:   user.Anonymous,
+				Groups: []string{"some-group"},
+			},
+			expectedUser: &user.DefaultInfo{
+				Name:   user.Anonymous,
+				Groups: []string{"some-group"},
+			},
+		},
+		{
+			name: "don't add for unauthenticated group",
+			inputUser: &user.DefaultInfo{
+				Name:   "user",
+				Groups: []string{user.AllUnauthenticated, "some-group"},
+			},
+			expectedUser: &user.DefaultInfo{
+				Name:   "user",
+				Groups: []string{user.AllUnauthenticated, "some-group"},
+			},
+		},
+	}
+
+	for _, test := range tests {
+		adder := authenticator.Request(
+			NewAuthenticatedGroupAdder(
+				authenticator.RequestFunc(func(req *http.Request) (user.Info, bool, error) {
+					return test.inputUser, true, nil
+				}),
+			),
+		)
+
+		user, _, _ := adder.AuthenticateRequest(nil)
+		if !reflect.DeepEqual(user, test.expectedUser) {
+			t.Errorf("got %#v", user)
+		}
+	}
+
+}

vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder.go

@@ -0,0 +1,48 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package group
+
+import (
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"k8s.io/apiserver/pkg/authentication/user"
+)
+
+// TokenGroupAdder adds groups to an authenticated user.Info
+type TokenGroupAdder struct {
+	// Authenticator is delegated to make the authentication decision
+	Authenticator authenticator.Token
+	// Groups are additional groups to add to the user.Info from a successful authentication
+	Groups []string
+}
+
+// NewTokenGroupAdder wraps a token authenticator, and adds the specified groups to the returned user when authentication succeeds
+func NewTokenGroupAdder(auth authenticator.Token, groups []string) authenticator.Token {
+	return &TokenGroupAdder{auth, groups}
+}
+
+func (g *TokenGroupAdder) AuthenticateToken(token string) (user.Info, bool, error) {
+	u, ok, err := g.Authenticator.AuthenticateToken(token)
+	if err != nil || !ok {
+		return nil, ok, err
+	}
+	return &user.DefaultInfo{
+		Name:   u.GetName(),
+		UID:    u.GetUID(),
+		Groups: append(u.GetGroups(), g.Groups...),
+		Extra:  u.GetExtra(),
+	}, true, nil
+}

vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder_test.go

@@ -0,0 +1,41 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package group
+
+import (
+	"reflect"
+	"testing"
+
+	"k8s.io/apiserver/pkg/authentication/authenticator"
+	"k8s.io/apiserver/pkg/authentication/user"
+)
+
+func TestTokenGroupAdder(t *testing.T) {
+	adder := authenticator.Token(
+		NewTokenGroupAdder(
+			authenticator.TokenFunc(func(token string) (user.Info, bool, error) {
+				return &user.DefaultInfo{Name: "user", Groups: []string{"original"}}, true, nil
+			}),
+			[]string{"added"},
+		),
+	)
+
+	user, _, _ := adder.AuthenticateToken("")
+	if !reflect.DeepEqual(user.GetGroups(), []string{"original", "added"}) {
+		t.Errorf("Expected original,added groups, got %#v", user.GetGroups())
+	}
+}