Update apiextensions-apiserver dependency manually (temporally)

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/BUILD

@@ -0,0 +1,91 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "apiserver.go",
+        "customresource_discovery.go",
+        "customresource_discovery_controller.go",
+        "customresource_handler.go",
+    ],
+    importpath = "k8s.io/apiextensions-apiserver/pkg/apiserver",
+    deps = [
+        "//vendor/github.com/go-openapi/spec:go_default_library",
+        "//vendor/github.com/go-openapi/strfmt:go_default_library",
+        "//vendor/github.com/go-openapi/validate:go_default_library",
+        "//vendor/github.com/golang/glog:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/install:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/validation:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/client/clientset/internalclientset:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion/apiextensions/internalversion:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/internalversion:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/controller/finalizer:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/controller/status:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/registry/customresource:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/api/meta:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apimachinery/announced:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/labels:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/serializer/json:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/serializer/versioning:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/runtime:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/version:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/endpoints/discovery:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/endpoints/handlers:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/registry/generic/registry:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/server:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
+        "//vendor/k8s.io/client-go/discovery:go_default_library",
+        "//vendor/k8s.io/client-go/tools/cache:go_default_library",
+        "//vendor/k8s.io/client-go/util/workqueue:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [
+        ":package-srcs",
+        "//staging/src/k8s.io/apiextensions-apiserver/pkg/apiserver/validation:all-srcs",
+    ],
+    tags = ["automanaged"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["customresource_handler_test.go"],
+    embed = [":go_default_library"],
+    importpath = "k8s.io/apiextensions-apiserver/pkg/apiserver",
+    deps = ["//vendor/k8s.io/apimachinery/pkg/apis/meta/v1/unstructured:go_default_library"],
+)

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/apiserver.go

@@ -0,0 +1,214 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apiserver
+
+import (
+	"fmt"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/golang/glog"
+
+	"k8s.io/apimachinery/pkg/apimachinery/announced"
+	"k8s.io/apimachinery/pkg/apimachinery/registered"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"k8s.io/apimachinery/pkg/version"
+	"k8s.io/apiserver/pkg/endpoints/discovery"
+	genericregistry "k8s.io/apiserver/pkg/registry/generic"
+	"k8s.io/apiserver/pkg/registry/rest"
+	genericapiserver "k8s.io/apiserver/pkg/server"
+
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/install"
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
+	"k8s.io/apiextensions-apiserver/pkg/client/clientset/internalclientset"
+	internalinformers "k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion"
+	"k8s.io/apiextensions-apiserver/pkg/controller/finalizer"
+	"k8s.io/apiextensions-apiserver/pkg/controller/status"
+	"k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition"
+
+	// make sure the generated client works
+	_ "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset"
+	_ "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions"
+	_ "k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion"
+)
+
+var (
+	groupFactoryRegistry = make(announced.APIGroupFactoryRegistry)
+	registry             = registered.NewOrDie("")
+	Scheme               = runtime.NewScheme()
+	Codecs               = serializer.NewCodecFactory(Scheme)
+
+	// if you modify this, make sure you update the crEncoder
+	unversionedVersion = schema.GroupVersion{Group: "", Version: "v1"}
+	unversionedTypes   = []runtime.Object{
+		&metav1.Status{},
+		&metav1.WatchEvent{},
+		&metav1.APIVersions{},
+		&metav1.APIGroupList{},
+		&metav1.APIGroup{},
+		&metav1.APIResourceList{},
+	}
+)
+
+func init() {
+	install.Install(groupFactoryRegistry, registry, Scheme)
+
+	// we need to add the options to empty v1
+	metav1.AddToGroupVersion(Scheme, schema.GroupVersion{Group: "", Version: "v1"})
+
+	Scheme.AddUnversionedTypes(unversionedVersion, unversionedTypes...)
+}
+
+type ExtraConfig struct {
+	CRDRESTOptionsGetter genericregistry.RESTOptionsGetter
+}
+
+type Config struct {
+	GenericConfig *genericapiserver.RecommendedConfig
+	ExtraConfig   ExtraConfig
+}
+
+type completedConfig struct {
+	GenericConfig genericapiserver.CompletedConfig
+	ExtraConfig   *ExtraConfig
+}
+
+type CompletedConfig struct {
+	// Embed a private pointer that cannot be instantiated outside of this package.
+	*completedConfig
+}
+
+type CustomResourceDefinitions struct {
+	GenericAPIServer *genericapiserver.GenericAPIServer
+
+	// provided for easier embedding
+	Informers internalinformers.SharedInformerFactory
+}
+
+// Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
+func (cfg *Config) Complete() CompletedConfig {
+	c := completedConfig{
+		cfg.GenericConfig.Complete(),
+		&cfg.ExtraConfig,
+	}
+
+	c.GenericConfig.EnableDiscovery = false
+	c.GenericConfig.Version = &version.Info{
+		Major: "0",
+		Minor: "1",
+	}
+
+	return CompletedConfig{&c}
+}
+
+// New returns a new instance of CustomResourceDefinitions from the given config.
+func (c completedConfig) New(delegationTarget genericapiserver.DelegationTarget) (*CustomResourceDefinitions, error) {
+	genericServer, err := c.GenericConfig.New("apiextensions-apiserver", delegationTarget)
+	if err != nil {
+		return nil, err
+	}
+
+	s := &CustomResourceDefinitions{
+		GenericAPIServer: genericServer,
+	}
+
+	apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(apiextensions.GroupName, registry, Scheme, metav1.ParameterCodec, Codecs)
+	apiGroupInfo.GroupMeta.GroupVersion = v1beta1.SchemeGroupVersion
+	customResourceDefintionStorage := customresourcedefinition.NewREST(Scheme, c.GenericConfig.RESTOptionsGetter)
+	v1beta1storage := map[string]rest.Storage{}
+	v1beta1storage["customresourcedefinitions"] = customResourceDefintionStorage
+	v1beta1storage["customresourcedefinitions/status"] = customresourcedefinition.NewStatusREST(Scheme, customResourceDefintionStorage)
+	apiGroupInfo.VersionedResourcesStorageMap["v1beta1"] = v1beta1storage
+
+	if err := s.GenericAPIServer.InstallAPIGroup(&apiGroupInfo); err != nil {
+		return nil, err
+	}
+
+	crdClient, err := internalclientset.NewForConfig(s.GenericAPIServer.LoopbackClientConfig)
+	if err != nil {
+		// it's really bad that this is leaking here, but until we can fix the test (which I'm pretty sure isn't even testing what it wants to test),
+		// we need to be able to move forward
+		kubeAPIVersions := os.Getenv("KUBE_API_VERSIONS")
+		if len(kubeAPIVersions) == 0 {
+			return nil, fmt.Errorf("failed to create clientset: %v", err)
+		}
+
+		// KUBE_API_VERSIONS is used in test-update-storage-objects.sh, disabling a number of API
+		// groups. This leads to a nil client above and undefined behaviour further down.
+		//
+		// TODO: get rid of KUBE_API_VERSIONS or define sane behaviour if set
+		glog.Errorf("Failed to create clientset with KUBE_API_VERSIONS=%q. KUBE_API_VERSIONS is only for testing. Things will break.", kubeAPIVersions)
+	}
+	s.Informers = internalinformers.NewSharedInformerFactory(crdClient, 5*time.Minute)
+
+	delegateHandler := delegationTarget.UnprotectedHandler()
+	if delegateHandler == nil {
+		delegateHandler = http.NotFoundHandler()
+	}
+
+	versionDiscoveryHandler := &versionDiscoveryHandler{
+		discovery: map[schema.GroupVersion]*discovery.APIVersionHandler{},
+		delegate:  delegateHandler,
+	}
+	groupDiscoveryHandler := &groupDiscoveryHandler{
+		discovery: map[string]*discovery.APIGroupHandler{},
+		delegate:  delegateHandler,
+	}
+	crdHandler := NewCustomResourceDefinitionHandler(
+		versionDiscoveryHandler,
+		groupDiscoveryHandler,
+		s.GenericAPIServer.RequestContextMapper(),
+		s.Informers.Apiextensions().InternalVersion().CustomResourceDefinitions().Lister(),
+		s.Informers.Apiextensions().InternalVersion().CustomResourceDefinitions(),
+		delegateHandler,
+		c.ExtraConfig.CRDRESTOptionsGetter,
+		c.GenericConfig.AdmissionControl,
+	)
+	s.GenericAPIServer.Handler.NonGoRestfulMux.Handle("/apis", crdHandler)
+	s.GenericAPIServer.Handler.NonGoRestfulMux.HandlePrefix("/apis/", crdHandler)
+
+	// this only happens when KUBE_API_VERSIONS is set.  We must return without adding controllers or poststarthooks which would affect healthz
+	if crdClient == nil {
+		return s, nil
+	}
+
+	crdController := NewDiscoveryController(s.Informers.Apiextensions().InternalVersion().CustomResourceDefinitions(), versionDiscoveryHandler, groupDiscoveryHandler, c.GenericConfig.RequestContextMapper)
+	namingController := status.NewNamingConditionController(s.Informers.Apiextensions().InternalVersion().CustomResourceDefinitions(), crdClient.Apiextensions())
+	finalizingController := finalizer.NewCRDFinalizer(
+		s.Informers.Apiextensions().InternalVersion().CustomResourceDefinitions(),
+		crdClient.Apiextensions(),
+		crdHandler,
+	)
+
+	s.GenericAPIServer.AddPostStartHook("start-apiextensions-informers", func(context genericapiserver.PostStartHookContext) error {
+		s.Informers.Start(context.StopCh)
+		return nil
+	})
+	s.GenericAPIServer.AddPostStartHook("start-apiextensions-controllers", func(context genericapiserver.PostStartHookContext) error {
+		go crdController.Run(context.StopCh)
+		go namingController.Run(context.StopCh)
+		go finalizingController.Run(5, context.StopCh)
+		return nil
+	})
+
+	return s, nil
+}

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_discovery.go

@@ -0,0 +1,127 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apiserver
+
+import (
+	"net/http"
+	"strings"
+	"sync"
+
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apiserver/pkg/endpoints/discovery"
+)
+
+type versionDiscoveryHandler struct {
+	// TODO, writing is infrequent, optimize this
+	discoveryLock sync.RWMutex
+	discovery     map[schema.GroupVersion]*discovery.APIVersionHandler
+
+	delegate http.Handler
+}
+
+func (r *versionDiscoveryHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	pathParts := splitPath(req.URL.Path)
+	// only match /apis/<group>/<version>
+	if len(pathParts) != 3 || pathParts[0] != "apis" {
+		r.delegate.ServeHTTP(w, req)
+		return
+	}
+	discovery, ok := r.getDiscovery(schema.GroupVersion{Group: pathParts[1], Version: pathParts[2]})
+	if !ok {
+		r.delegate.ServeHTTP(w, req)
+		return
+	}
+
+	discovery.ServeHTTP(w, req)
+}
+
+func (r *versionDiscoveryHandler) getDiscovery(gv schema.GroupVersion) (*discovery.APIVersionHandler, bool) {
+	r.discoveryLock.RLock()
+	defer r.discoveryLock.RUnlock()
+
+	ret, ok := r.discovery[gv]
+	return ret, ok
+}
+
+func (r *versionDiscoveryHandler) setDiscovery(gv schema.GroupVersion, discovery *discovery.APIVersionHandler) {
+	r.discoveryLock.Lock()
+	defer r.discoveryLock.Unlock()
+
+	r.discovery[gv] = discovery
+}
+
+func (r *versionDiscoveryHandler) unsetDiscovery(gv schema.GroupVersion) {
+	r.discoveryLock.Lock()
+	defer r.discoveryLock.Unlock()
+
+	delete(r.discovery, gv)
+}
+
+type groupDiscoveryHandler struct {
+	// TODO, writing is infrequent, optimize this
+	discoveryLock sync.RWMutex
+	discovery     map[string]*discovery.APIGroupHandler
+
+	delegate http.Handler
+}
+
+func (r *groupDiscoveryHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	pathParts := splitPath(req.URL.Path)
+	// only match /apis/<group>
+	if len(pathParts) != 2 || pathParts[0] != "apis" {
+		r.delegate.ServeHTTP(w, req)
+		return
+	}
+	discovery, ok := r.getDiscovery(pathParts[1])
+	if !ok {
+		r.delegate.ServeHTTP(w, req)
+		return
+	}
+
+	discovery.ServeHTTP(w, req)
+}
+
+func (r *groupDiscoveryHandler) getDiscovery(group string) (*discovery.APIGroupHandler, bool) {
+	r.discoveryLock.RLock()
+	defer r.discoveryLock.RUnlock()
+
+	ret, ok := r.discovery[group]
+	return ret, ok
+}
+
+func (r *groupDiscoveryHandler) setDiscovery(group string, discovery *discovery.APIGroupHandler) {
+	r.discoveryLock.Lock()
+	defer r.discoveryLock.Unlock()
+
+	r.discovery[group] = discovery
+}
+
+func (r *groupDiscoveryHandler) unsetDiscovery(group string) {
+	r.discoveryLock.Lock()
+	defer r.discoveryLock.Unlock()
+
+	delete(r.discovery, group)
+}
+
+// splitPath returns the segments for a URL path.
+func splitPath(path string) []string {
+	path = strings.Trim(path, "/")
+	if path == "" {
+		return []string{}
+	}
+	return strings.Split(path, "/")
+}

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_discovery_controller.go

@@ -0,0 +1,222 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apiserver
+
+import (
+	"fmt"
+	"time"
+
+	"github.com/golang/glog"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/apimachinery/pkg/util/wait"
+	"k8s.io/apiserver/pkg/endpoints/discovery"
+	"k8s.io/apiserver/pkg/endpoints/request"
+	"k8s.io/client-go/tools/cache"
+	"k8s.io/client-go/util/workqueue"
+
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
+	informers "k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion/apiextensions/internalversion"
+	listers "k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/internalversion"
+)
+
+type DiscoveryController struct {
+	versionHandler *versionDiscoveryHandler
+	groupHandler   *groupDiscoveryHandler
+	contextMapper  request.RequestContextMapper
+
+	crdLister  listers.CustomResourceDefinitionLister
+	crdsSynced cache.InformerSynced
+
+	// To allow injection for testing.
+	syncFn func(version schema.GroupVersion) error
+
+	queue workqueue.RateLimitingInterface
+}
+
+func NewDiscoveryController(crdInformer informers.CustomResourceDefinitionInformer, versionHandler *versionDiscoveryHandler, groupHandler *groupDiscoveryHandler, contextMapper request.RequestContextMapper) *DiscoveryController {
+	c := &DiscoveryController{
+		versionHandler: versionHandler,
+		groupHandler:   groupHandler,
+		crdLister:      crdInformer.Lister(),
+		crdsSynced:     crdInformer.Informer().HasSynced,
+		contextMapper:  contextMapper,
+
+		queue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "DiscoveryController"),
+	}
+
+	crdInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
+		AddFunc:    c.addCustomResourceDefinition,
+		UpdateFunc: c.updateCustomResourceDefinition,
+		DeleteFunc: c.deleteCustomResourceDefinition,
+	})
+
+	c.syncFn = c.sync
+
+	return c
+}
+
+func (c *DiscoveryController) sync(version schema.GroupVersion) error {
+
+	apiVersionsForDiscovery := []metav1.GroupVersionForDiscovery{}
+	apiResourcesForDiscovery := []metav1.APIResource{}
+
+	crds, err := c.crdLister.List(labels.Everything())
+	if err != nil {
+		return err
+	}
+	foundVersion := false
+	foundGroup := false
+	for _, crd := range crds {
+		if !apiextensions.IsCRDConditionTrue(crd, apiextensions.Established) {
+			continue
+		}
+
+		if crd.Spec.Group != version.Group {
+			continue
+		}
+		foundGroup = true
+		apiVersionsForDiscovery = append(apiVersionsForDiscovery, metav1.GroupVersionForDiscovery{
+			GroupVersion: crd.Spec.Group + "/" + crd.Spec.Version,
+			Version:      crd.Spec.Version,
+		})
+
+		if crd.Spec.Version != version.Version {
+			continue
+		}
+		foundVersion = true
+
+		verbs := metav1.Verbs([]string{"delete", "deletecollection", "get", "list", "patch", "create", "update", "watch"})
+		// if we're terminating we don't allow some verbs
+		if apiextensions.IsCRDConditionTrue(crd, apiextensions.Terminating) {
+			verbs = metav1.Verbs([]string{"delete", "deletecollection", "get", "list", "watch"})
+		}
+
+		apiResourcesForDiscovery = append(apiResourcesForDiscovery, metav1.APIResource{
+			Name:         crd.Status.AcceptedNames.Plural,
+			SingularName: crd.Status.AcceptedNames.Singular,
+			Namespaced:   crd.Spec.Scope == apiextensions.NamespaceScoped,
+			Kind:         crd.Status.AcceptedNames.Kind,
+			Verbs:        verbs,
+			ShortNames:   crd.Status.AcceptedNames.ShortNames,
+		})
+	}
+
+	if !foundGroup {
+		c.groupHandler.unsetDiscovery(version.Group)
+		c.versionHandler.unsetDiscovery(version)
+		return nil
+	}
+
+	apiGroup := metav1.APIGroup{
+		Name:     version.Group,
+		Versions: apiVersionsForDiscovery,
+		// the preferred versions for a group is arbitrary since there cannot be duplicate resources
+		PreferredVersion: apiVersionsForDiscovery[0],
+	}
+	c.groupHandler.setDiscovery(version.Group, discovery.NewAPIGroupHandler(Codecs, apiGroup, c.contextMapper))
+
+	if !foundVersion {
+		c.versionHandler.unsetDiscovery(version)
+		return nil
+	}
+	c.versionHandler.setDiscovery(version, discovery.NewAPIVersionHandler(Codecs, version, discovery.APIResourceListerFunc(func() []metav1.APIResource {
+		return apiResourcesForDiscovery
+	}), c.contextMapper))
+
+	return nil
+}
+
+func (c *DiscoveryController) Run(stopCh <-chan struct{}) {
+	defer utilruntime.HandleCrash()
+	defer c.queue.ShutDown()
+	defer glog.Infof("Shutting down DiscoveryController")
+
+	glog.Infof("Starting DiscoveryController")
+
+	if !cache.WaitForCacheSync(stopCh, c.crdsSynced) {
+		utilruntime.HandleError(fmt.Errorf("timed out waiting for caches to sync"))
+		return
+	}
+
+	// only start one worker thread since its a slow moving API
+	go wait.Until(c.runWorker, time.Second, stopCh)
+
+	<-stopCh
+}
+
+func (c *DiscoveryController) runWorker() {
+	for c.processNextWorkItem() {
+	}
+}
+
+// processNextWorkItem deals with one key off the queue.  It returns false when it's time to quit.
+func (c *DiscoveryController) processNextWorkItem() bool {
+	key, quit := c.queue.Get()
+	if quit {
+		return false
+	}
+	defer c.queue.Done(key)
+
+	err := c.syncFn(key.(schema.GroupVersion))
+	if err == nil {
+		c.queue.Forget(key)
+		return true
+	}
+
+	utilruntime.HandleError(fmt.Errorf("%v failed with: %v", key, err))
+	c.queue.AddRateLimited(key)
+
+	return true
+}
+
+func (c *DiscoveryController) enqueue(obj *apiextensions.CustomResourceDefinition) {
+	c.queue.Add(schema.GroupVersion{Group: obj.Spec.Group, Version: obj.Spec.Version})
+}
+
+func (c *DiscoveryController) addCustomResourceDefinition(obj interface{}) {
+	castObj := obj.(*apiextensions.CustomResourceDefinition)
+	glog.V(4).Infof("Adding customresourcedefinition %s", castObj.Name)
+	c.enqueue(castObj)
+}
+
+func (c *DiscoveryController) updateCustomResourceDefinition(obj, _ interface{}) {
+	castObj := obj.(*apiextensions.CustomResourceDefinition)
+	glog.V(4).Infof("Updating customresourcedefinition %s", castObj.Name)
+	c.enqueue(castObj)
+}
+
+func (c *DiscoveryController) deleteCustomResourceDefinition(obj interface{}) {
+	castObj, ok := obj.(*apiextensions.CustomResourceDefinition)
+	if !ok {
+		tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			glog.Errorf("Couldn't get object from tombstone %#v", obj)
+			return
+		}
+		castObj, ok = tombstone.Obj.(*apiextensions.CustomResourceDefinition)
+		if !ok {
+			glog.Errorf("Tombstone contained object that is not expected %#v", obj)
+			return
+		}
+	}
+	glog.V(4).Infof("Deleting customresourcedefinition %q", castObj.Name)
+	c.enqueue(castObj)
+}

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler.go

@@ -0,0 +1,580 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apiserver
+
+import (
+	"fmt"
+	"io"
+	"net/http"
+	"path"
+	"sync"
+	"sync/atomic"
+	"time"
+
+	openapispec "github.com/go-openapi/spec"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+	"github.com/golang/glog"
+
+	apiequality "k8s.io/apimachinery/pkg/api/equality"
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/api/meta"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/runtime/serializer/json"
+	"k8s.io/apimachinery/pkg/runtime/serializer/versioning"
+	"k8s.io/apimachinery/pkg/types"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/apiserver/pkg/admission"
+	"k8s.io/apiserver/pkg/endpoints/handlers"
+	apirequest "k8s.io/apiserver/pkg/endpoints/request"
+	"k8s.io/apiserver/pkg/registry/generic"
+	genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
+	"k8s.io/apiserver/pkg/storage/storagebackend"
+	"k8s.io/client-go/discovery"
+	cache "k8s.io/client-go/tools/cache"
+
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
+	apiservervalidation "k8s.io/apiextensions-apiserver/pkg/apiserver/validation"
+	informers "k8s.io/apiextensions-apiserver/pkg/client/informers/internalversion/apiextensions/internalversion"
+	listers "k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/internalversion"
+	"k8s.io/apiextensions-apiserver/pkg/controller/finalizer"
+	"k8s.io/apiextensions-apiserver/pkg/registry/customresource"
+)
+
+// crdHandler serves the `/apis` endpoint.
+// This is registered as a filter so that it never collides with any explicitly registered endpoints
+type crdHandler struct {
+	versionDiscoveryHandler *versionDiscoveryHandler
+	groupDiscoveryHandler   *groupDiscoveryHandler
+
+	customStorageLock sync.Mutex
+	// customStorage contains a crdStorageMap
+	customStorage atomic.Value
+
+	requestContextMapper apirequest.RequestContextMapper
+
+	crdLister listers.CustomResourceDefinitionLister
+
+	delegate          http.Handler
+	restOptionsGetter generic.RESTOptionsGetter
+	admission         admission.Interface
+}
+
+// crdInfo stores enough information to serve the storage for the custom resource
+type crdInfo struct {
+	// spec and acceptedNames are used to compare against if a change is made on a CRD. We only update
+	// the storage if one of these changes.
+	spec          *apiextensions.CustomResourceDefinitionSpec
+	acceptedNames *apiextensions.CustomResourceDefinitionNames
+
+	storage      *customresource.REST
+	requestScope handlers.RequestScope
+}
+
+// crdStorageMap goes from customresourcedefinition to its storage
+type crdStorageMap map[types.UID]*crdInfo
+
+func NewCustomResourceDefinitionHandler(
+	versionDiscoveryHandler *versionDiscoveryHandler,
+	groupDiscoveryHandler *groupDiscoveryHandler,
+	requestContextMapper apirequest.RequestContextMapper,
+	crdLister listers.CustomResourceDefinitionLister,
+	crdInformer informers.CustomResourceDefinitionInformer,
+	delegate http.Handler,
+	restOptionsGetter generic.RESTOptionsGetter,
+	admission admission.Interface) *crdHandler {
+	ret := &crdHandler{
+		versionDiscoveryHandler: versionDiscoveryHandler,
+		groupDiscoveryHandler:   groupDiscoveryHandler,
+		customStorage:           atomic.Value{},
+		requestContextMapper:    requestContextMapper,
+		crdLister:               crdLister,
+		delegate:                delegate,
+		restOptionsGetter:       restOptionsGetter,
+		admission:               admission,
+	}
+
+	crdInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{
+		UpdateFunc: ret.updateCustomResourceDefinition,
+		DeleteFunc: func(obj interface{}) {
+			ret.removeDeadStorage()
+		},
+	})
+
+	ret.customStorage.Store(crdStorageMap{})
+	return ret
+}
+
+func (r *crdHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
+	ctx, ok := r.requestContextMapper.Get(req)
+	if !ok {
+		// programmer error
+		panic("missing context")
+	}
+	requestInfo, ok := apirequest.RequestInfoFrom(ctx)
+	if !ok {
+		// programmer error
+		panic("missing requestInfo")
+	}
+	if !requestInfo.IsResourceRequest {
+		pathParts := splitPath(requestInfo.Path)
+		// only match /apis/<group>/<version>
+		// only registered under /apis
+		if len(pathParts) == 3 {
+			r.versionDiscoveryHandler.ServeHTTP(w, req)
+			return
+		}
+		// only match /apis/<group>
+		if len(pathParts) == 2 {
+			r.groupDiscoveryHandler.ServeHTTP(w, req)
+			return
+		}
+
+		r.delegate.ServeHTTP(w, req)
+		return
+	}
+
+	crdName := requestInfo.Resource + "." + requestInfo.APIGroup
+	crd, err := r.crdLister.Get(crdName)
+	if apierrors.IsNotFound(err) {
+		r.delegate.ServeHTTP(w, req)
+		return
+	}
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+	if crd.Spec.Version != requestInfo.APIVersion {
+		r.delegate.ServeHTTP(w, req)
+		return
+	}
+	if !apiextensions.IsCRDConditionTrue(crd, apiextensions.Established) {
+		r.delegate.ServeHTTP(w, req)
+	}
+	if len(requestInfo.Subresource) > 0 {
+		http.NotFound(w, req)
+		return
+	}
+
+	terminating := apiextensions.IsCRDConditionTrue(crd, apiextensions.Terminating)
+
+	crdInfo, err := r.getServingInfoFor(crd)
+	if err != nil {
+		http.Error(w, err.Error(), http.StatusInternalServerError)
+		return
+	}
+
+	storage := crdInfo.storage
+	requestScope := crdInfo.requestScope
+	minRequestTimeout := 1 * time.Minute
+
+	switch requestInfo.Verb {
+	case "get":
+		handler := handlers.GetResource(storage, storage, requestScope)
+		handler(w, req)
+		return
+	case "list":
+		forceWatch := false
+		handler := handlers.ListResource(storage, storage, requestScope, forceWatch, minRequestTimeout)
+		handler(w, req)
+		return
+	case "watch":
+		forceWatch := true
+		handler := handlers.ListResource(storage, storage, requestScope, forceWatch, minRequestTimeout)
+		handler(w, req)
+		return
+	case "create":
+		if terminating {
+			http.Error(w, fmt.Sprintf("%v not allowed while CustomResourceDefinition is terminating", requestInfo.Verb), http.StatusMethodNotAllowed)
+			return
+		}
+		handler := handlers.CreateResource(storage, requestScope, discovery.NewUnstructuredObjectTyper(nil), r.admission)
+		handler(w, req)
+		return
+	case "update":
+		if terminating {
+			http.Error(w, fmt.Sprintf("%v not allowed while CustomResourceDefinition is terminating", requestInfo.Verb), http.StatusMethodNotAllowed)
+			return
+		}
+		handler := handlers.UpdateResource(storage, requestScope, discovery.NewUnstructuredObjectTyper(nil), r.admission)
+		handler(w, req)
+		return
+	case "patch":
+		if terminating {
+			http.Error(w, fmt.Sprintf("%v not allowed while CustomResourceDefinition is terminating", requestInfo.Verb), http.StatusMethodNotAllowed)
+			return
+		}
+		handler := handlers.PatchResource(storage, requestScope, r.admission, unstructured.UnstructuredObjectConverter{})
+		handler(w, req)
+		return
+	case "delete":
+		allowsOptions := true
+		handler := handlers.DeleteResource(storage, allowsOptions, requestScope, r.admission)
+		handler(w, req)
+		return
+	case "deletecollection":
+		checkBody := true
+		handler := handlers.DeleteCollection(storage, checkBody, requestScope, r.admission)
+		handler(w, req)
+		return
+
+	default:
+		http.Error(w, fmt.Sprintf("unhandled verb %q", requestInfo.Verb), http.StatusMethodNotAllowed)
+		return
+	}
+}
+
+// removeDeadStorage removes REST storage that isn't being used
+func (r *crdHandler) removeDeadStorage() {
+	// these don't have to be live.  A snapshot is fine
+	// if we wrongly delete, that's ok.  The rest storage will be recreated on the next request
+	// if we wrongly miss one, that's ok.  We'll get it next time
+	storageMap := r.customStorage.Load().(crdStorageMap)
+	allCustomResourceDefinitions, err := r.crdLister.List(labels.Everything())
+	if err != nil {
+		utilruntime.HandleError(err)
+		return
+	}
+
+	for uid, s := range storageMap {
+		found := false
+		for _, crd := range allCustomResourceDefinitions {
+			if crd.UID == uid {
+				found = true
+				break
+			}
+		}
+		if !found {
+			glog.V(4).Infof("Removing dead CRD storage for %v", s.requestScope.Resource)
+			s.storage.DestroyFunc()
+			delete(storageMap, uid)
+		}
+	}
+
+	r.customStorageLock.Lock()
+	defer r.customStorageLock.Unlock()
+
+	r.customStorage.Store(storageMap)
+}
+
+// GetCustomResourceListerCollectionDeleter returns the ListerCollectionDeleter for
+// the given uid, or nil if one does not exist.
+func (r *crdHandler) GetCustomResourceListerCollectionDeleter(crd *apiextensions.CustomResourceDefinition) finalizer.ListerCollectionDeleter {
+	info, err := r.getServingInfoFor(crd)
+	if err != nil {
+		utilruntime.HandleError(err)
+	}
+	return info.storage
+}
+
+func (r *crdHandler) getServingInfoFor(crd *apiextensions.CustomResourceDefinition) (*crdInfo, error) {
+	storageMap := r.customStorage.Load().(crdStorageMap)
+	ret, ok := storageMap[crd.UID]
+	if ok {
+		return ret, nil
+	}
+
+	r.customStorageLock.Lock()
+	defer r.customStorageLock.Unlock()
+
+	ret, ok = storageMap[crd.UID]
+	if ok {
+		return ret, nil
+	}
+
+	// In addition to Unstructured objects (Custom Resources), we also may sometimes need to
+	// decode unversioned Options objects, so we delegate to parameterScheme for such types.
+	parameterScheme := runtime.NewScheme()
+	parameterScheme.AddUnversionedTypes(schema.GroupVersion{Group: crd.Spec.Group, Version: crd.Spec.Version},
+		&metav1.ListOptions{},
+		&metav1.ExportOptions{},
+		&metav1.GetOptions{},
+		&metav1.DeleteOptions{},
+	)
+	parameterCodec := runtime.NewParameterCodec(parameterScheme)
+
+	kind := schema.GroupVersionKind{Group: crd.Spec.Group, Version: crd.Spec.Version, Kind: crd.Status.AcceptedNames.Kind}
+	typer := unstructuredObjectTyper{
+		delegate:          parameterScheme,
+		unstructuredTyper: discovery.NewUnstructuredObjectTyper(nil),
+	}
+	creator := unstructuredCreator{}
+
+	// convert CRD schema to openapi schema
+	openapiSchema := &openapispec.Schema{}
+	if err := apiservervalidation.ConvertToOpenAPITypes(crd, openapiSchema); err != nil {
+		return nil, err
+	}
+	if err := openapispec.ExpandSchema(openapiSchema, nil, nil); err != nil {
+		return nil, err
+	}
+	validator := validate.NewSchemaValidator(openapiSchema, nil, "", strfmt.Default)
+
+	storage := customresource.NewREST(
+		schema.GroupResource{Group: crd.Spec.Group, Resource: crd.Status.AcceptedNames.Plural},
+		schema.GroupVersionKind{Group: crd.Spec.Group, Version: crd.Spec.Version, Kind: crd.Status.AcceptedNames.ListKind},
+		customresource.NewStrategy(
+			typer,
+			crd.Spec.Scope == apiextensions.NamespaceScoped,
+			kind,
+			validator,
+		),
+		r.restOptionsGetter,
+	)
+
+	selfLinkPrefix := ""
+	switch crd.Spec.Scope {
+	case apiextensions.ClusterScoped:
+		selfLinkPrefix = "/" + path.Join("apis", crd.Spec.Group, crd.Spec.Version) + "/"
+	case apiextensions.NamespaceScoped:
+		selfLinkPrefix = "/" + path.Join("apis", crd.Spec.Group, crd.Spec.Version, "namespaces") + "/"
+	}
+
+	clusterScoped := crd.Spec.Scope == apiextensions.ClusterScoped
+
+	requestScope := handlers.RequestScope{
+		Namer: handlers.ContextBasedNaming{
+			GetContext: func(req *http.Request) apirequest.Context {
+				ret, _ := r.requestContextMapper.Get(req)
+				return ret
+			},
+			SelfLinker:         meta.NewAccessor(),
+			ClusterScoped:      clusterScoped,
+			SelfLinkPathPrefix: selfLinkPrefix,
+		},
+		ContextFunc: func(req *http.Request) apirequest.Context {
+			ret, _ := r.requestContextMapper.Get(req)
+			return ret
+		},
+
+		Serializer:     unstructuredNegotiatedSerializer{typer: typer, creator: creator},
+		ParameterCodec: parameterCodec,
+
+		Creater: creator,
+		Convertor: crdObjectConverter{
+			UnstructuredObjectConverter: unstructured.UnstructuredObjectConverter{},
+			clusterScoped:               clusterScoped,
+		},
+		Defaulter:       unstructuredDefaulter{parameterScheme},
+		Typer:           typer,
+		UnsafeConvertor: unstructured.UnstructuredObjectConverter{},
+
+		Resource:    schema.GroupVersionResource{Group: crd.Spec.Group, Version: crd.Spec.Version, Resource: crd.Status.AcceptedNames.Plural},
+		Kind:        kind,
+		Subresource: "",
+
+		MetaGroupVersion: metav1.SchemeGroupVersion,
+	}
+
+	ret = &crdInfo{
+		spec:          &crd.Spec,
+		acceptedNames: &crd.Status.AcceptedNames,
+
+		storage:      storage,
+		requestScope: requestScope,
+	}
+
+	storageMap2 := make(crdStorageMap, len(storageMap))
+
+	// Copy because we cannot write to storageMap without a race
+	// as it is used without locking elsewhere
+	for k, v := range storageMap {
+		storageMap2[k] = v
+	}
+
+	storageMap2[crd.UID] = ret
+	r.customStorage.Store(storageMap2)
+	return ret, nil
+}
+
+// crdObjectConverter is a converter that supports field selectors for CRDs.
+type crdObjectConverter struct {
+	unstructured.UnstructuredObjectConverter
+	clusterScoped bool
+}
+
+func (c crdObjectConverter) ConvertFieldLabel(version, kind, label, value string) (string, string, error) {
+	// We currently only support metadata.namespace and metadata.name.
+	switch {
+	case label == "metadata.name":
+		return label, value, nil
+	case !c.clusterScoped && label == "metadata.namespace":
+		return label, value, nil
+	default:
+		return "", "", fmt.Errorf("field label not supported: %s", label)
+	}
+}
+
+func (c *crdHandler) updateCustomResourceDefinition(oldObj, newObj interface{}) {
+	oldCRD := oldObj.(*apiextensions.CustomResourceDefinition)
+	newCRD := newObj.(*apiextensions.CustomResourceDefinition)
+
+	c.customStorageLock.Lock()
+	defer c.customStorageLock.Unlock()
+	storageMap := c.customStorage.Load().(crdStorageMap)
+
+	oldInfo, found := storageMap[newCRD.UID]
+	if !found {
+		return
+	}
+	if apiequality.Semantic.DeepEqual(&newCRD.Spec, oldInfo.spec) && apiequality.Semantic.DeepEqual(&newCRD.Status.AcceptedNames, oldInfo.acceptedNames) {
+		glog.V(6).Infof("Ignoring customresourcedefinition %s update because neither spec, nor accepted names changed", oldCRD.Name)
+		return
+	}
+
+	glog.V(4).Infof("Updating customresourcedefinition %s", oldCRD.Name)
+	storageMap2 := make(crdStorageMap, len(storageMap))
+
+	// Copy because we cannot write to storageMap without a race
+	// as it is used without locking elsewhere
+	for k, v := range storageMap {
+		if k == oldCRD.UID {
+			v.storage.DestroyFunc()
+			continue
+		}
+		storageMap2[k] = v
+	}
+
+	c.customStorage.Store(storageMap2)
+}
+
+type unstructuredNegotiatedSerializer struct {
+	typer   runtime.ObjectTyper
+	creator runtime.ObjectCreater
+}
+
+func (s unstructuredNegotiatedSerializer) SupportedMediaTypes() []runtime.SerializerInfo {
+	return []runtime.SerializerInfo{
+		{
+			MediaType:        "application/json",
+			EncodesAsText:    true,
+			Serializer:       json.NewSerializer(json.DefaultMetaFactory, s.creator, s.typer, false),
+			PrettySerializer: json.NewSerializer(json.DefaultMetaFactory, s.creator, s.typer, true),
+			StreamSerializer: &runtime.StreamSerializerInfo{
+				EncodesAsText: true,
+				Serializer:    json.NewSerializer(json.DefaultMetaFactory, s.creator, s.typer, false),
+				Framer:        json.Framer,
+			},
+		},
+	}
+}
+
+func (s unstructuredNegotiatedSerializer) EncoderForVersion(serializer runtime.Encoder, gv runtime.GroupVersioner) runtime.Encoder {
+	return versioning.NewDefaultingCodecForScheme(Scheme, crEncoderInstance, nil, gv, nil)
+}
+
+func (s unstructuredNegotiatedSerializer) DecoderToVersion(serializer runtime.Decoder, gv runtime.GroupVersioner) runtime.Decoder {
+	return unstructuredDecoder{delegate: Codecs.DecoderToVersion(serializer, gv)}
+}
+
+type unstructuredDecoder struct {
+	delegate runtime.Decoder
+}
+
+func (d unstructuredDecoder) Decode(data []byte, defaults *schema.GroupVersionKind, into runtime.Object) (runtime.Object, *schema.GroupVersionKind, error) {
+	// Delegate for things other than Unstructured.
+	if _, ok := into.(runtime.Unstructured); !ok && into != nil {
+		return d.delegate.Decode(data, defaults, into)
+	}
+	return unstructured.UnstructuredJSONScheme.Decode(data, defaults, into)
+}
+
+type unstructuredObjectTyper struct {
+	delegate          runtime.ObjectTyper
+	unstructuredTyper runtime.ObjectTyper
+}
+
+func (t unstructuredObjectTyper) ObjectKinds(obj runtime.Object) ([]schema.GroupVersionKind, bool, error) {
+	// Delegate for things other than Unstructured.
+	if _, ok := obj.(runtime.Unstructured); !ok {
+		return t.delegate.ObjectKinds(obj)
+	}
+	return t.unstructuredTyper.ObjectKinds(obj)
+}
+
+func (t unstructuredObjectTyper) Recognizes(gvk schema.GroupVersionKind) bool {
+	return t.delegate.Recognizes(gvk) || t.unstructuredTyper.Recognizes(gvk)
+}
+
+var crEncoderInstance = crEncoder{}
+
+// crEncoder *usually* encodes using the unstructured.UnstructuredJSONScheme, but if the type is Status or WatchEvent
+// it will serialize them out using the converting codec.
+type crEncoder struct{}
+
+func (crEncoder) Encode(obj runtime.Object, w io.Writer) error {
+	switch t := obj.(type) {
+	case *metav1.Status, *metav1.WatchEvent:
+		for _, info := range Codecs.SupportedMediaTypes() {
+			// we are always json
+			if info.MediaType == "application/json" {
+				return info.Serializer.Encode(obj, w)
+			}
+		}
+
+		return fmt.Errorf("unable to find json serializer for %T", t)
+
+	default:
+		return unstructured.UnstructuredJSONScheme.Encode(obj, w)
+	}
+}
+
+type unstructuredCreator struct{}
+
+func (c unstructuredCreator) New(kind schema.GroupVersionKind) (runtime.Object, error) {
+	ret := &unstructured.Unstructured{}
+	ret.SetGroupVersionKind(kind)
+	return ret, nil
+}
+
+type unstructuredDefaulter struct {
+	delegate runtime.ObjectDefaulter
+}
+
+func (d unstructuredDefaulter) Default(in runtime.Object) {
+	// Delegate for things other than Unstructured.
+	if _, ok := in.(runtime.Unstructured); !ok {
+		d.delegate.Default(in)
+	}
+}
+
+type CRDRESTOptionsGetter struct {
+	StorageConfig           storagebackend.Config
+	StoragePrefix           string
+	EnableWatchCache        bool
+	DefaultWatchCacheSize   int
+	EnableGarbageCollection bool
+	DeleteCollectionWorkers int
+}
+
+func (t CRDRESTOptionsGetter) GetRESTOptions(resource schema.GroupResource) (generic.RESTOptions, error) {
+	ret := generic.RESTOptions{
+		StorageConfig:           &t.StorageConfig,
+		Decorator:               generic.UndecoratedStorage,
+		EnableGarbageCollection: t.EnableGarbageCollection,
+		DeleteCollectionWorkers: t.DeleteCollectionWorkers,
+		ResourcePrefix:          resource.Group + "/" + resource.Resource,
+	}
+	if t.EnableWatchCache {
+		ret.Decorator = genericregistry.StorageWithCacher(t.DefaultWatchCacheSize)
+	}
+	return ret, nil
+}

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/customresource_handler_test.go

@@ -0,0 +1,91 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package apiserver
+
+import (
+	"testing"
+
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+func TestConvertFieldLabel(t *testing.T) {
+	tests := []struct {
+		name          string
+		clusterScoped bool
+		label         string
+		expectError   bool
+	}{
+		{
+			name:          "cluster scoped - name is ok",
+			clusterScoped: true,
+			label:         "metadata.name",
+		},
+		{
+			name:          "cluster scoped - namespace is not ok",
+			clusterScoped: true,
+			label:         "metadata.namespace",
+			expectError:   true,
+		},
+		{
+			name:          "cluster scoped - other field is not ok",
+			clusterScoped: true,
+			label:         "some.other.field",
+			expectError:   true,
+		},
+		{
+			name:  "namespace scoped - name is ok",
+			label: "metadata.name",
+		},
+		{
+			name:  "namespace scoped - namespace is ok",
+			label: "metadata.namespace",
+		},
+		{
+			name:        "namespace scoped - other field is not ok",
+			label:       "some.other.field",
+			expectError: true,
+		},
+	}
+
+	for _, test := range tests {
+		t.Run(test.name, func(t *testing.T) {
+
+			c := crdObjectConverter{
+				UnstructuredObjectConverter: unstructured.UnstructuredObjectConverter{},
+				clusterScoped:               test.clusterScoped,
+			}
+
+			label, value, err := c.ConvertFieldLabel("", "", test.label, "value")
+			if e, a := test.expectError, err != nil; e != a {
+				t.Fatalf("err: expected %t, got %t", e, a)
+			}
+			if test.expectError {
+				if e, a := "field label not supported: "+test.label, err.Error(); e != a {
+					t.Errorf("err: expected %s, got %s", e, a)
+				}
+				return
+			}
+
+			if e, a := test.label, label; e != a {
+				t.Errorf("label: expected %s, got %s", e, a)
+			}
+			if e, a := "value", value; e != a {
+				t.Errorf("value: expected %s, got %s", e, a)
+			}
+		})
+	}
+}

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/BUILD

@@ -0,0 +1,49 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["validation.go"],
+    importpath = "k8s.io/apiextensions-apiserver/pkg/apiserver/validation",
+    deps = [
+        "//vendor/github.com/go-openapi/spec:go_default_library",
+        "//vendor/github.com/go-openapi/validate:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["validation_test.go"],
+    embed = [":go_default_library"],
+    importpath = "k8s.io/apiextensions-apiserver/pkg/apiserver/validation",
+    deps = [
+        "//vendor/github.com/go-openapi/spec:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/fuzzer:go_default_library",
+        "//vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/api/equality:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/api/testing/fuzzer:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/json:go_default_library",
+    ],
+)

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/validation.go

@@ -0,0 +1,241 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"github.com/go-openapi/spec"
+	"github.com/go-openapi/validate"
+
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
+)
+
+// ValidateCustomResource validates the Custom Resource against the schema in the CustomResourceDefinition.
+// CustomResource is a JSON data structure.
+func ValidateCustomResource(customResource interface{}, validator *validate.SchemaValidator) error {
+	result := validator.Validate(customResource)
+	if result.AsError() != nil {
+		return result.AsError()
+	}
+	return nil
+}
+
+// ConvertToOpenAPITypes is used to convert internal types to go-openapi types.
+func ConvertToOpenAPITypes(in *apiextensions.CustomResourceDefinition, out *spec.Schema) error {
+	if in.Spec.Validation != nil {
+		if err := convertJSONSchemaProps(in.Spec.Validation.OpenAPIV3Schema, out); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func convertJSONSchemaProps(in *apiextensions.JSONSchemaProps, out *spec.Schema) error {
+	if in == nil {
+		return nil
+	}
+
+	out.ID = in.ID
+	out.Schema = spec.SchemaURL(in.Schema)
+	out.Description = in.Description
+	if in.Type != "" {
+		out.Type = spec.StringOrArray([]string{in.Type})
+	}
+	out.Format = in.Format
+	out.Title = in.Title
+	out.Maximum = in.Maximum
+	out.ExclusiveMaximum = in.ExclusiveMaximum
+	out.Minimum = in.Minimum
+	out.ExclusiveMinimum = in.ExclusiveMinimum
+	out.MaxLength = in.MaxLength
+	out.MinLength = in.MinLength
+	out.Pattern = in.Pattern
+	out.MaxItems = in.MaxItems
+	out.MinItems = in.MinItems
+	out.UniqueItems = in.UniqueItems
+	out.MultipleOf = in.MultipleOf
+	out.MaxProperties = in.MaxProperties
+	out.MinProperties = in.MinProperties
+	out.Required = in.Required
+
+	if in.Default != nil {
+		out.Default = *(in.Default)
+	}
+	if in.Example != nil {
+		out.Example = *(in.Example)
+	}
+
+	out.Enum = make([]interface{}, len(in.Enum))
+	for k, v := range in.Enum {
+		out.Enum[k] = v
+	}
+
+	if err := convertSliceOfJSONSchemaProps(&in.AllOf, &out.AllOf); err != nil {
+		return err
+	}
+	if err := convertSliceOfJSONSchemaProps(&in.OneOf, &out.OneOf); err != nil {
+		return err
+	}
+	if err := convertSliceOfJSONSchemaProps(&in.AnyOf, &out.AnyOf); err != nil {
+		return err
+	}
+
+	if in.Not != nil {
+		in, out := &in.Not, &out.Not
+		*out = new(spec.Schema)
+		if err := convertJSONSchemaProps(*in, *out); err != nil {
+			return err
+		}
+	}
+
+	var err error
+	out.Properties, err = convertMapOfJSONSchemaProps(in.Properties)
+	if err != nil {
+		return err
+	}
+
+	out.PatternProperties, err = convertMapOfJSONSchemaProps(in.PatternProperties)
+	if err != nil {
+		return err
+	}
+
+	out.Definitions, err = convertMapOfJSONSchemaProps(in.Definitions)
+	if err != nil {
+		return err
+	}
+
+	if in.Ref != nil {
+		out.Ref, err = spec.NewRef(*in.Ref)
+		if err != nil {
+			return err
+		}
+	}
+
+	if in.AdditionalProperties != nil {
+		in, out := &in.AdditionalProperties, &out.AdditionalProperties
+		*out = new(spec.SchemaOrBool)
+		if err := convertJSONSchemaPropsorBool(*in, *out); err != nil {
+			return err
+		}
+	}
+
+	if in.AdditionalItems != nil {
+		in, out := &in.AdditionalItems, &out.AdditionalItems
+		*out = new(spec.SchemaOrBool)
+		if err := convertJSONSchemaPropsorBool(*in, *out); err != nil {
+			return err
+		}
+	}
+
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = new(spec.SchemaOrArray)
+		if err := convertJSONSchemaPropsOrArray(*in, *out); err != nil {
+			return err
+		}
+	}
+
+	if in.Dependencies != nil {
+		in, out := &in.Dependencies, &out.Dependencies
+		*out = make(spec.Dependencies, len(*in))
+		for key, val := range *in {
+			newVal := new(spec.SchemaOrStringArray)
+			if err := convertJSONSchemaPropsOrStringArray(&val, newVal); err != nil {
+				return err
+			}
+			(*out)[key] = *newVal
+		}
+	}
+
+	if in.ExternalDocs != nil {
+		out.ExternalDocs = &spec.ExternalDocumentation{}
+		out.ExternalDocs.Description = in.ExternalDocs.Description
+		out.ExternalDocs.URL = in.ExternalDocs.URL
+	}
+
+	return nil
+}
+
+func convertSliceOfJSONSchemaProps(in *[]apiextensions.JSONSchemaProps, out *[]spec.Schema) error {
+	if in != nil {
+		for _, jsonSchemaProps := range *in {
+			schema := spec.Schema{}
+			if err := convertJSONSchemaProps(&jsonSchemaProps, &schema); err != nil {
+				return err
+			}
+			*out = append(*out, schema)
+		}
+	}
+	return nil
+}
+
+func convertMapOfJSONSchemaProps(in map[string]apiextensions.JSONSchemaProps) (map[string]spec.Schema, error) {
+	out := make(map[string]spec.Schema)
+	if len(in) != 0 {
+		for k, jsonSchemaProps := range in {
+			schema := spec.Schema{}
+			if err := convertJSONSchemaProps(&jsonSchemaProps, &schema); err != nil {
+				return nil, err
+			}
+			out[k] = schema
+		}
+	}
+	return out, nil
+}
+
+func convertJSONSchemaPropsOrArray(in *apiextensions.JSONSchemaPropsOrArray, out *spec.SchemaOrArray) error {
+	if in.Schema != nil {
+		in, out := &in.Schema, &out.Schema
+		*out = new(spec.Schema)
+		if err := convertJSONSchemaProps(*in, *out); err != nil {
+			return err
+		}
+	}
+	if in.JSONSchemas != nil {
+		in, out := &in.JSONSchemas, &out.Schemas
+		*out = make([]spec.Schema, len(*in))
+		for i := range *in {
+			if err := convertJSONSchemaProps(&(*in)[i], &(*out)[i]); err != nil {
+				return err
+			}
+		}
+	}
+	return nil
+}
+
+func convertJSONSchemaPropsorBool(in *apiextensions.JSONSchemaPropsOrBool, out *spec.SchemaOrBool) error {
+	out.Allows = in.Allows
+	if in.Schema != nil {
+		in, out := &in.Schema, &out.Schema
+		*out = new(spec.Schema)
+		if err := convertJSONSchemaProps(*in, *out); err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func convertJSONSchemaPropsOrStringArray(in *apiextensions.JSONSchemaPropsOrStringArray, out *spec.SchemaOrStringArray) error {
+	out.Property = in.Property
+	if in.Schema != nil {
+		in, out := &in.Schema, &out.Schema
+		*out = new(spec.Schema)
+		if err := convertJSONSchemaProps(*in, *out); err != nil {
+			return err
+		}
+	}
+	return nil
+}

vendor/k8s.io/apiextensions-apiserver/pkg/apiserver/validation/validation_test.go

@@ -0,0 +1,87 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package validation
+
+import (
+	"math/rand"
+	"testing"
+
+	"github.com/go-openapi/spec"
+
+	apiequality "k8s.io/apimachinery/pkg/api/equality"
+	"k8s.io/apimachinery/pkg/api/testing/fuzzer"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
+	"k8s.io/apimachinery/pkg/util/json"
+
+	"k8s.io/apiextensions-apiserver/pkg/apis/apiextensions"
+	apiextensionsfuzzer "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/fuzzer"
+	apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
+)
+
+// TestRoundTrip checks the conversion to go-openapi types.
+// internal -> go-openapi -> JSON -> external -> internal
+func TestRoundTrip(t *testing.T) {
+	scheme := runtime.NewScheme()
+	codecs := serializer.NewCodecFactory(scheme)
+
+	// add internal and external types to scheme
+	if err := apiextensions.AddToScheme(scheme); err != nil {
+		t.Fatal(err)
+	}
+	if err := apiextensionsv1beta1.AddToScheme(scheme); err != nil {
+		t.Fatal(err)
+	}
+
+	seed := rand.Int63()
+	fuzzerFuncs := fuzzer.MergeFuzzerFuncs(apiextensionsfuzzer.Funcs)
+	f := fuzzer.FuzzerFor(fuzzerFuncs, rand.NewSource(seed), codecs)
+
+	for i := 0; i < 20; i++ {
+		// fuzz internal types
+		internal := &apiextensions.JSONSchemaProps{}
+		f.Fuzz(internal)
+
+		// internal -> go-openapi
+		openAPITypes := &spec.Schema{}
+		if err := convertJSONSchemaProps(internal, openAPITypes); err != nil {
+			t.Fatal(err)
+		}
+
+		// go-openapi -> JSON
+		openAPIJSON, err := json.Marshal(openAPITypes)
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		// JSON -> external
+		external := &apiextensionsv1beta1.JSONSchemaProps{}
+		if err := json.Unmarshal(openAPIJSON, external); err != nil {
+			t.Fatal(err)
+		}
+
+		// external -> internal
+		internalRoundTripped := &apiextensions.JSONSchemaProps{}
+		if err := scheme.Convert(external, internalRoundTripped, nil); err != nil {
+			t.Fatal(err)
+		}
+
+		if !apiequality.Semantic.DeepEqual(internal, internalRoundTripped) {
+			t.Fatalf("expected\n\t%#v, got \n\t%#v", internal, internalRoundTripped)
+		}
+	}
+}