From 69949dda0a58f901d7cd87e5657f4e42d568dffc Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Wed, 30 Oct 2019 19:22:03 -0700 Subject: [PATCH] Update vendor --- go.mod | 2 +- go.sum | 10 +- .../go-windows-terminal-sequences/README.md | 1 - .../sequences_dummy.go | 11 - .../rancher/dynamiclistener/factory/ca.go | 80 +++ .../dynamiclistener/factory/cert_utils.go | 105 ++++ .../rancher/dynamiclistener/factory/gen.go | 164 ++++++ .../github.com/rancher/dynamiclistener/go.mod | 15 +- .../github.com/rancher/dynamiclistener/go.sum | 129 +++- .../rancher/dynamiclistener/listener.go | 198 +++++++ .../rancher/dynamiclistener/read.go | 50 -- .../rancher/dynamiclistener/redirect.go | 46 ++ .../rancher/dynamiclistener/server.go | 556 ------------------ .../dynamiclistener/storage/file/file.go | 42 ++ .../storage/kubernetes/controller.go | 109 ++++ .../dynamiclistener/storage/memory/memory.go | 42 ++ .../github.com/rancher/dynamiclistener/tcp.go | 38 ++ .../rancher/dynamiclistener/types.go | 63 -- .../rancher/kine/pkg/client/client.go | 107 ---- vendor/modules.txt | 79 +-- 20 files changed, 980 insertions(+), 867 deletions(-) delete mode 100644 vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go create mode 100644 vendor/github.com/rancher/dynamiclistener/factory/ca.go create mode 100644 vendor/github.com/rancher/dynamiclistener/factory/cert_utils.go create mode 100644 vendor/github.com/rancher/dynamiclistener/factory/gen.go create mode 100644 vendor/github.com/rancher/dynamiclistener/listener.go delete mode 100644 vendor/github.com/rancher/dynamiclistener/read.go create mode 100644 vendor/github.com/rancher/dynamiclistener/redirect.go delete mode 100644 vendor/github.com/rancher/dynamiclistener/server.go create mode 100644 vendor/github.com/rancher/dynamiclistener/storage/file/file.go create mode 100644 vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go create mode 100644 vendor/github.com/rancher/dynamiclistener/storage/memory/memory.go create mode 100644 vendor/github.com/rancher/dynamiclistener/tcp.go delete mode 100644 vendor/github.com/rancher/dynamiclistener/types.go delete mode 100644 vendor/github.com/rancher/kine/pkg/client/client.go diff --git a/go.mod b/go.mod index b53ae846d8..3fb3a5b930 100644 --- a/go.mod +++ b/go.mod @@ -96,7 +96,7 @@ require ( github.com/opencontainers/runc v1.0.0-rc2.0.20190611121236-6cc515888830 github.com/pkg/errors v0.8.1 github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8 // indirect - github.com/rancher/dynamiclistener v0.1.1-0.20191010011134-8a2488bc860a + github.com/rancher/dynamiclistener v0.1.1-0.20191031022009-6224794ef3cb github.com/rancher/helm-controller v0.2.2 github.com/rancher/kine v0.0.0-00010101000000-000000000000 github.com/rancher/remotedialer v0.2.0 diff --git a/go.sum b/go.sum index 816b6305de..3cecdc1640 100644 --- a/go.sum +++ b/go.sum @@ -418,9 +418,8 @@ github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgo github.com/knative/build v0.6.0/go.mod h1:/sU74ZQkwlYA5FwYDJhYTy61i/Kn+5eWfln2jDbw3Qo= github.com/knative/pkg v0.0.0-20190514205332-5e4512dcb2ca/go.mod h1:7Ijfhw7rfB+H9VtosIsDYvZQ+qYTz7auK3fHW/5z4ww= github.com/knative/serving v0.6.1/go.mod h1:ljvMfwQy2qanaM/8xnBSK4Mz3Vv2NawC2fo5kFRJS1A= +github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -563,8 +562,8 @@ github.com/rancher/containerd v1.3.0-k3s.4 h1:Vq9EJQEm01eeWaBtgU35KxWeuVU5LwW43E github.com/rancher/containerd v1.3.0-k3s.4/go.mod h1:ZMfzmqce2Z+QSEqdHMfeJs1TZ/UeJ1aDrazjpQT4ehM= github.com/rancher/cri-tools v1.16.1-k3s.1 h1:iporgQ46noE6dtLzq6fWcIO2qjyPZy2m42d2P+UnGJg= github.com/rancher/cri-tools v1.16.1-k3s.1/go.mod h1:TEKhKv2EJIZp+p9jnEy4C63g8CosJzsI4kyKKkHag+8= -github.com/rancher/dynamiclistener v0.1.1-0.20191010011134-8a2488bc860a h1:1bUYAv5U/Ky4YJ9o8gWxX+vNcjpIL3JWNBao70OlkFE= -github.com/rancher/dynamiclistener v0.1.1-0.20191010011134-8a2488bc860a/go.mod h1:8hbGf35mB7ormKEFqsAgjgeI5rLbj5N764jG41dNhps= +github.com/rancher/dynamiclistener v0.1.1-0.20191031022009-6224794ef3cb h1:bMoA9UHr1QNTWVrf0fSJCba6YDU1xmt2jmeohpiugKg= +github.com/rancher/dynamiclistener v0.1.1-0.20191031022009-6224794ef3cb/go.mod h1:fs/dxyNcB3YT6W9fVz4bDGfhmSQS17QQup6BIcGF++s= github.com/rancher/flannel v0.11.0-k3s.1 h1:mIwnfWDafjzQgFkZeJ1AkFrrAT3EdBaA1giE0eLJKo8= github.com/rancher/flannel v0.11.0-k3s.1/go.mod h1:Hn4ZV+eq0LhLZP63xZnxdGwXEoRSxs5sxELxu27M3UA= github.com/rancher/helm-controller v0.2.2 h1:MUqisy53/Ay1EYOF2uTCYBbGpgtZLNKKrI01BdxIbQo= @@ -682,7 +681,6 @@ github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRci github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stripe/safesql v0.2.0/go.mod h1:q7b2n0JmzM1mVGfcYpanfVb2j23cXZeWFxcILPn3JV4= github.com/syndtr/gocapability v0.0.0-20160928074757-e7cb7fa329f4/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8 h1:zLV6q4e8Jv9EHjNg/iHfzwDkCve6Ua5jCygptrtXHvI= github.com/syndtr/gocapability v0.0.0-20170704070218-db04d3cc01c8/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= @@ -741,7 +739,6 @@ golang.org/x/crypto v0.0.0-20190228161510-8dd112bcdc25/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190313024323-a1f597ede03a/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -808,7 +805,6 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190509141414-a5b02f93d862/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190730183949-1393eb018365/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3 h1:7TYNF4UdlohbFwpNH04CoPMp1cHUZgO1Ebq5r2hIjfo= diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md index 195333e51d..949b77e304 100644 --- a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md +++ b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md @@ -26,7 +26,6 @@ The tool is sponsored by the [marvin + konsorten GmbH](http://www.konsorten.de). We thank all the authors who provided code to this library: * Felix Kollmann -* Nicolas Perraut ## License diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go deleted file mode 100644 index df61a6f2f6..0000000000 --- a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go +++ /dev/null @@ -1,11 +0,0 @@ -// +build linux darwin - -package sequences - -import ( - "fmt" -) - -func EnableVirtualTerminalProcessing(stream uintptr, enable bool) error { - return fmt.Errorf("windows only package") -} diff --git a/vendor/github.com/rancher/dynamiclistener/factory/ca.go b/vendor/github.com/rancher/dynamiclistener/factory/ca.go new file mode 100644 index 0000000000..a35738ccb4 --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/factory/ca.go @@ -0,0 +1,80 @@ +package factory + +import ( + "crypto/ecdsa" + "crypto/x509" + "io/ioutil" + "os" +) + +func GenCA() (*x509.Certificate, *ecdsa.PrivateKey, error) { + caKey, err := NewPrivateKey() + if err != nil { + return nil, nil, err + } + + caCert, err := NewSelfSignedCACert(caKey, "dynamiclistener-ca", "dynamiclistener-org") + if err != nil { + return nil, nil, err + } + + return caCert, caKey, nil +} + +func LoadOrGenCA() (*x509.Certificate, *ecdsa.PrivateKey, error) { + cert, key, err := loadCA() + if err == nil { + return cert, key, nil + } + + cert, key, err = GenCA() + if err != nil { + return nil, nil, err + } + + certBytes, keyBytes, err := Marshal(cert, key) + if err != nil { + return nil, nil, err + } + + if err := os.MkdirAll("./certs", 0700); err != nil { + return nil, nil, err + } + + if err := ioutil.WriteFile("./certs/ca.pem", certBytes, 0600); err != nil { + return nil, nil, err + } + + if err := ioutil.WriteFile("./certs/ca.key", keyBytes, 0600); err != nil { + return nil, nil, err + } + + return cert, key, nil +} + +func loadCA() (*x509.Certificate, *ecdsa.PrivateKey, error) { + return LoadCerts("./certs/ca.pem", "./certs/ca.key") +} + +func LoadCerts(certFile, keyFile string) (*x509.Certificate, *ecdsa.PrivateKey, error) { + caPem, err := ioutil.ReadFile(certFile) + if err != nil { + return nil, nil, err + } + caKey, err := ioutil.ReadFile(keyFile) + if err != nil { + return nil, nil, err + } + + key, err := ParseECPrivateKeyPEM(caKey) + if err != nil { + return nil, nil, err + } + + cert, err := ParseCertPEM(caPem) + if err != nil { + return nil, nil, err + } + + return cert, key, nil +} diff --git a/vendor/github.com/rancher/dynamiclistener/factory/cert_utils.go b/vendor/github.com/rancher/dynamiclistener/factory/cert_utils.go new file mode 100644 index 0000000000..459bd2e849 --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/factory/cert_utils.go @@ -0,0 +1,105 @@ +package factory + +import ( + "crypto" + "crypto/ecdsa" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "fmt" + "math" + "math/big" + "net" + "time" +) + +const ( + ECPrivateKeyBlockType = "EC PRIVATE KEY" + CertificateBlockType = "CERTIFICATE" +) + +func NewSelfSignedCACert(key crypto.Signer, cn string, org ...string) (*x509.Certificate, error) { + now := time.Now() + tmpl := x509.Certificate{ + BasicConstraintsValid: true, + IsCA: true, + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign, + NotAfter: now.Add(time.Hour * 24 * 365 * 10).UTC(), + NotBefore: now.UTC(), + SerialNumber: new(big.Int).SetInt64(0), + Subject: pkix.Name{ + CommonName: cn, + Organization: org, + }, + } + + certDERBytes, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, key.Public(), key) + if err != nil { + return nil, err + } + + return x509.ParseCertificate(certDERBytes) +} + +func NewSignedCert(signer crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer, cn string, orgs []string, + domains []string, ips []net.IP) (*x509.Certificate, error) { + + serialNumber, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64)) + if err != nil { + return nil, err + } + + parent := x509.Certificate{ + DNSNames: domains, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + IPAddresses: ips, + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + NotAfter: time.Now().Add(time.Hour * 24 * 365).UTC(), + NotBefore: caCert.NotBefore, + SerialNumber: serialNumber, + Subject: pkix.Name{ + CommonName: cn, + Organization: orgs, + }, + } + + cert, err := x509.CreateCertificate(rand.Reader, &parent, caCert, signer.Public(), caKey) + if err != nil { + return nil, err + } + + return x509.ParseCertificate(cert) +} + +func ParseECPrivateKeyPEM(keyData []byte) (*ecdsa.PrivateKey, error) { + var privateKeyPemBlock *pem.Block + for { + privateKeyPemBlock, keyData = pem.Decode(keyData) + if privateKeyPemBlock == nil { + break + } + + if privateKeyPemBlock.Type == ECPrivateKeyBlockType { + return x509.ParseECPrivateKey(privateKeyPemBlock.Bytes) + } + } + + return nil, fmt.Errorf("pem does not include a valid EC private key") +} + +func ParseCertPEM(pemCerts []byte) (*x509.Certificate, error) { + var pemBlock *pem.Block + for { + pemBlock, pemCerts = pem.Decode(pemCerts) + if pemBlock == nil { + break + } + + if pemBlock.Type == CertificateBlockType { + return x509.ParseCertificate(pemBlock.Bytes) + } + } + + return nil, fmt.Errorf("pem does not include a valid x509 cert") +} diff --git a/vendor/github.com/rancher/dynamiclistener/factory/gen.go b/vendor/github.com/rancher/dynamiclistener/factory/gen.go new file mode 100644 index 0000000000..2341748134 --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/factory/gen.go @@ -0,0 +1,164 @@ +package factory + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/sha256" + "crypto/x509" + "encoding/hex" + "encoding/pem" + "net" + "sort" + "strings" + + v1 "k8s.io/api/core/v1" +) + +const ( + cnPrefix = "listener.cattle.io/cn-" + static = "listener.cattle.io/static" + hashKey = "listener.cattle.io/hash" +) + +type TLS struct { + CACert *x509.Certificate + CAKey crypto.Signer + CN string + Organization []string +} + +func collectCNs(secret *v1.Secret) (domains []string, ips []net.IP, hash string, err error) { + var ( + cns []string + digest = sha256.New() + ) + for k, v := range secret.Annotations { + if strings.HasPrefix(k, cnPrefix) { + cns = append(cns, v) + } + } + + sort.Strings(cns) + + for _, v := range cns { + digest.Write([]byte(v)) + ip := net.ParseIP(v) + if ip == nil { + domains = append(domains, v) + } else { + ips = append(ips, ip) + } + } + + hash = hex.EncodeToString(digest.Sum(nil)) + return +} + +func (t *TLS) AddCN(secret *v1.Secret, cn ...string) (*v1.Secret, bool, error) { + var ( + err error + ) + + if !NeedsUpdate(secret, cn...) { + return secret, false, nil + } + + secret = populateCN(secret, cn...) + + privateKey, err := getPrivateKey(secret) + if err != nil { + return nil, false, err + } + + domains, ips, hash, err := collectCNs(secret) + if err != nil { + return nil, false, err + } + + newCert, err := t.newCert(domains, ips, privateKey) + if err != nil { + return nil, false, err + } + + certBytes, keyBytes, err := Marshal(newCert, privateKey) + if err != nil { + return nil, false, err + } + + if secret.Data == nil { + secret.Data = map[string][]byte{} + } + secret.Data[v1.TLSCertKey] = certBytes + secret.Data[v1.TLSPrivateKeyKey] = keyBytes + secret.Annotations[hashKey] = hash + + return secret, true, nil +} + +func (t *TLS) newCert(domains []string, ips []net.IP, privateKey *ecdsa.PrivateKey) (*x509.Certificate, error) { + return NewSignedCert(privateKey, t.CACert, t.CAKey, t.CN, t.Organization, domains, ips) +} + +func populateCN(secret *v1.Secret, cn ...string) *v1.Secret { + secret = secret.DeepCopy() + if secret.Annotations == nil { + secret.Annotations = map[string]string{} + } + for _, cn := range cn { + secret.Annotations[cnPrefix+cn] = cn + } + return secret +} + +func NeedsUpdate(secret *v1.Secret, cn ...string) bool { + if secret.Annotations[static] == "true" { + return false + } + + for _, cn := range cn { + if secret.Annotations[cnPrefix+cn] == "" { + return true + } + } + + return false +} + +func getPrivateKey(secret *v1.Secret) (*ecdsa.PrivateKey, error) { + keyBytes := secret.Data[v1.TLSPrivateKeyKey] + if len(keyBytes) == 0 { + return NewPrivateKey() + } + + privateKey, err := ParseECPrivateKeyPEM(keyBytes) + if err == nil { + return privateKey, nil + } + + return NewPrivateKey() +} + +func Marshal(x509Cert *x509.Certificate, privateKey *ecdsa.PrivateKey) ([]byte, []byte, error) { + certBlock := pem.Block{ + Type: CertificateBlockType, + Bytes: x509Cert.Raw, + } + + keyBytes, err := x509.MarshalECPrivateKey(privateKey) + if err != nil { + return nil, nil, err + } + + keyBlock := pem.Block{ + Type: ECPrivateKeyBlockType, + Bytes: keyBytes, + } + + return pem.EncodeToMemory(&certBlock), pem.EncodeToMemory(&keyBlock), nil +} + +func NewPrivateKey() (*ecdsa.PrivateKey, error) { + return ecdsa.GenerateKey(elliptic.P256(), rand.Reader) +} diff --git a/vendor/github.com/rancher/dynamiclistener/go.mod b/vendor/github.com/rancher/dynamiclistener/go.mod index c1ca544194..f08bac29eb 100644 --- a/vendor/github.com/rancher/dynamiclistener/go.mod +++ b/vendor/github.com/rancher/dynamiclistener/go.mod @@ -3,16 +3,9 @@ module github.com/rancher/dynamiclistener go 1.12 require ( - github.com/hashicorp/golang-lru v0.5.1 - github.com/kisielk/gotool v1.0.0 // indirect - github.com/konsorten/go-windows-terminal-sequences v1.0.2 // indirect + github.com/rancher/wrangler v0.1.4 + github.com/rancher/wrangler-api v0.2.0 github.com/sirupsen/logrus v1.4.1 - github.com/stretchr/testify v1.3.0 // indirect - github.com/stripe/safesql v0.2.0 // indirect - golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284 - golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c // indirect - golang.org/x/sys v0.0.0-20190509141414-a5b02f93d862 // indirect - golang.org/x/text v0.3.2 // indirect - mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed // indirect - mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b // indirect + k8s.io/api v0.0.0-20190409021203-6e4e0e4f393b + k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d ) diff --git a/vendor/github.com/rancher/dynamiclistener/go.sum b/vendor/github.com/rancher/dynamiclistener/go.sum index 77091287e4..b940275223 100644 --- a/vendor/github.com/rancher/dynamiclistener/go.sum +++ b/vendor/github.com/rancher/dynamiclistener/go.sum @@ -1,47 +1,132 @@ +cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= +github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= +github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= +github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= +github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= +github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= +github.com/gogo/protobuf v1.2.1 h1:/s5zKNz0uPFCZ5hddgPdo2TK2TVrUNMn0OOX8/aZMTE= +github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk= +github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg= +github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-containerregistry v0.0.0-20190617215043-876b8855d23c/go.mod h1:yZAFP63pRshzrEYLXLGPmUt0Ay+2zdjmMN1loCnRLUk= +github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= +github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= +github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/googleapis/gnostic v0.0.0-20170426233943-68f4ded48ba9/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/gnostic v0.2.0 h1:l6N3VoaVzTncYYW+9yOz2LJJammFZGBO13sqgEhpy9g= +github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= +github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/jetstack/cert-manager v0.7.2/go.mod h1:nbddmhjWxYGt04bxvwVGUSeLhZ2PCyNvd7MpXdq+yWY= +github.com/json-iterator/go v0.0.0-20180612202835-f2b4162afba3/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/json-iterator/go v1.1.6 h1:MrUvLMLTMxbqFJ9kzlvat/rYZqZnW3u4wkLzWTaFwKs= +github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= +github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/gotool v1.0.0 h1:AV2c/EiW3KqPNT9ZKl07ehoAGi4C5/01Cfbblndcapg= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/knative/build v0.6.0/go.mod h1:/sU74ZQkwlYA5FwYDJhYTy61i/Kn+5eWfln2jDbw3Qo= +github.com/knative/pkg v0.0.0-20190514205332-5e4512dcb2ca/go.mod h1:7Ijfhw7rfB+H9VtosIsDYvZQ+qYTz7auK3fHW/5z4ww= +github.com/knative/serving v0.6.1/go.mod h1:ljvMfwQy2qanaM/8xnBSK4Mz3Vv2NawC2fo5kFRJS1A= github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= -github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= +github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= +github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= +github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= +github.com/modern-go/reflect2 v0.0.0-20180320133207-05fbef0ca5da/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/modern-go/reflect2 v1.0.1 h1:9f412s+6RmYXLWZSEzVVgPGK7C2PphHj5RJrvfx9AWI= +github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= +github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= +github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= +github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v0.0.0-20151028094244-d8ed2627bdf0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rancher/wrangler v0.1.4 h1:bdzBw4H9JKQhXPBPNp4eHbmrkA24+VII865VLiVWcw8= +github.com/rancher/wrangler v0.1.4/go.mod h1:EYP7cqpg42YqElaCm+U9ieSrGQKAXxUH5xsr+XGpWyE= +github.com/rancher/wrangler-api v0.2.0 h1:VR7hLNnDrKykKLqthtwZ58pDDtUa9ijSNToPaJLEkWc= +github.com/rancher/wrangler-api v0.2.0/go.mod h1:zTPdNLZO07KvRaVOx6XQbKBSV55Fnn4s7nqmrMPJqd8= github.com/sirupsen/logrus v1.4.1 h1:GL2rEmy6nsikmW0r8opw9JIRScdMF5hA8cOYLH7In1k= github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q= +github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff h1:VARhShG49tiji6mdRNp7JTNDtJ0FhuprF93GBQ37xGU= +github.com/spf13/pflag v0.0.0-20170130214245-9ff6c6923cff/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stripe/safesql v0.2.0 h1:xiefmCDd8c35PVSGrL2FhBiaKxviXnGziBDOpOejeBE= -github.com/stripe/safesql v0.2.0/go.mod h1:q7b2n0JmzM1mVGfcYpanfVb2j23cXZeWFxcILPn3JV4= +github.com/tektoncd/pipeline v0.4.0/go.mod h1:IZzJdiX9EqEMuUcgdnElozdYYRh0/ZRC+NKMLj1K3Yw= +golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2 h1:VklqNMn3ovrHsnt90PveolxSbWFaJdECFbxSq0Mqo2M= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284 h1:rlLehGeYg6jfoyz/eDqDU1iRXLKfR42nnNh57ytKEWo= -golang.org/x/crypto v0.0.0-20190506204251-e1dfcc566284/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ= -golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c h1:uOCk1iQW6Vc18bnC13MfzScl+wdKBmM9Y9kU7Z83/lw= -golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= +golang.org/x/net v0.0.0-20190311183353-d8887717615a h1:oWX7TPOiFAMXLq8o0ikBYfCJVlRHBcsciT5bXOrH628= +golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a h1:tImsplftrFpALCYumobsd0K86vlAs/eXGFms2txfJfA= +golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33 h1:I6FyU15t786LL7oL/hn43zqTuEGr4PN7F4XJ1p4E3Y8= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a h1:1BGLXjeY4akVXGgbC9HugT3Jv3hCI0z56oJR5vAMgBU= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI= -golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190509141414-a5b02f93d862 h1:rM0ROo5vb9AdYJi1110yjWGMej9ITfKddS89P3Fkhug= -golang.org/x/sys v0.0.0-20190509141414-a5b02f93d862/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs= -golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e h1:FDhOuMEY4JVRztM/gsbk+IKUQ8kj74bxZrgw87eMMVc= -golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed h1:WX1yoOaKQfddO/mLzdV4wptyWgoH/6hwLs7QHTixo0I= -mvdan.cc/interfacer v0.0.0-20180901003855-c20040233aed/go.mod h1:Xkxe497xwlCKkIaQYRfC7CSLworTXY9RMqwhhCm+8Nc= -mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b h1:DxJ5nJdkhDlLok9K6qO+5290kphDJbHOQO1DFFFTeBo= -mvdan.cc/lint v0.0.0-20170908181259-adc824a0674b/go.mod h1:2odslEg/xrtNQqCYg2/jCoyKnw3vv5biOc3JnIcYfL4= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 h1:SvFZT6jyqRaOeXpc5h/JSfZenJ2O330aBsf7JfSUXmQ= +golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190328211700-ab21143f2384/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508= +google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= +gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +k8s.io/api v0.0.0-20190409021203-6e4e0e4f393b h1:aBGgKJUM9Hk/3AE8WaZIApnTxG35kbuQba2w+SXqezo= +k8s.io/api v0.0.0-20190409021203-6e4e0e4f393b/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA= +k8s.io/apiextensions-apiserver v0.0.0-20190409022649-727a075fdec8/go.mod h1:IxkesAMoaCRoLrPJdZNZUQp9NfZnzqaVzLhb2VEQzXE= +k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d h1:Jmdtdt1ZnoGfWWIIik61Z7nKYgO3J+swQJtPYsP9wHA= +k8s.io/apimachinery v0.0.0-20190404173353-6a84e37a896d/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0= +k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible h1:U5Bt+dab9K8qaUmXINrkXO135kA11/i5Kg1RUydgaMQ= +k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible/go.mod h1:7vJpHMYJwNQCWgzmNV+VYUl1zCObLyodBc8nIyt8L5s= +k8s.io/code-generator v0.0.0-20190311093542-50b561225d70/go.mod h1:MYiN+ZJZ9HkETbgVZdWw2AsuAi9PZ4V80cwfuf2axe8= +k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/gengo v0.0.0-20190327210449-e17681d19d3a/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= +k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.0 h1:0VPpR+sizsiivjIfIAQH/rl8tan6jvWkS7lU+0di3lE= +k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/kube-openapi v0.0.0-20190502190224-411b2483e503/go.mod h1:iU+ZGYsNlvU9XKUSso6SQfKTCCw7lFduMZy26Mgr2Fw= +k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5 h1:VBM/0P5TWxwk+Nw6Z+lAw3DKgO76g90ETOiA6rfLV1Y= +k8s.io/utils v0.0.0-20190506122338-8fab8cb257d5/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +sigs.k8s.io/structured-merge-diff v0.0.0-20190426204423-ea680f03cc65/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= +sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= +sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= diff --git a/vendor/github.com/rancher/dynamiclistener/listener.go b/vendor/github.com/rancher/dynamiclistener/listener.go new file mode 100644 index 0000000000..7ba1a6904a --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/listener.go @@ -0,0 +1,198 @@ +package dynamiclistener + +import ( + "crypto" + "crypto/tls" + "crypto/x509" + "net" + "net/http" + "sync" + + "github.com/rancher/dynamiclistener/factory" + "github.com/sirupsen/logrus" + v1 "k8s.io/api/core/v1" +) + +type TLSStorage interface { + Get() (*v1.Secret, error) + Update(secret *v1.Secret) error +} + +type Config struct { + CN string + Organization []string + TLSConfig tls.Config + SANs []string +} + +func NewListener(l net.Listener, storage TLSStorage, caCert *x509.Certificate, caKey crypto.Signer, config Config) (net.Listener, http.Handler, error) { + if config.CN == "" { + config.CN = "dynamic" + } + if len(config.Organization) == 0 { + config.Organization = []string{"dynamic"} + } + + dynamicListener := &listener{ + factory: &factory.TLS{ + CACert: caCert, + CAKey: caKey, + CN: config.CN, + Organization: config.Organization, + }, + Listener: l, + storage: &nonNil{storage: storage}, + sans: config.SANs, + tlsConfig: config.TLSConfig, + } + dynamicListener.tlsConfig.GetCertificate = dynamicListener.getCertificate + + return tls.NewListener(dynamicListener, &dynamicListener.tlsConfig), dynamicListener.cacheHandler(), nil +} + +type listener struct { + sync.RWMutex + net.Listener + + factory *factory.TLS + storage TLSStorage + version string + tlsConfig tls.Config + cert *tls.Certificate + sans []string +} + +func (l *listener) Accept() (net.Conn, error) { + conn, err := l.Listener.Accept() + if err != nil { + return conn, err + } + + addr := conn.RemoteAddr() + if addr == nil { + return conn, nil + } + + host, _, err := net.SplitHostPort(addr.String()) + if err != nil { + logrus.Errorf("failed to parse network %s: %v", addr.Network(), err) + return conn, nil + } + + return conn, l.updateCert(host) +} + +func (l *listener) getCertificate(hello *tls.ClientHelloInfo) (*tls.Certificate, error) { + if hello.ServerName != "" { + if err := l.updateCert(hello.ServerName); err != nil { + return nil, err + } + } + + return l.loadCert() +} + +func (l *listener) updateCert(cn string) error { + l.RLock() + defer l.RUnlock() + + secret, err := l.storage.Get() + if err != nil { + return err + } + + if !factory.NeedsUpdate(secret, append(l.sans, cn)...) { + return nil + } + + l.RUnlock() + l.Lock() + defer l.RLock() + defer l.Unlock() + + secret, updated, err := l.factory.AddCN(secret, append(l.sans, cn)...) + if err != nil { + return err + } + + if updated { + if err := l.storage.Update(secret); err != nil { + return err + } + // clear version to force cert reload + l.version = "" + } + + return nil +} + +func (l *listener) loadCert() (*tls.Certificate, error) { + l.RLock() + defer l.RUnlock() + + secret, err := l.storage.Get() + if err != nil { + return nil, err + } + if l.cert != nil && l.version == secret.ResourceVersion { + return l.cert, nil + } + + defer l.RLock() + l.RUnlock() + l.Lock() + defer l.Unlock() + + secret, err = l.storage.Get() + if err != nil { + return nil, err + } + if l.cert != nil && l.version == secret.ResourceVersion { + return l.cert, nil + } + + cert, err := tls.X509KeyPair(secret.Data[v1.TLSCertKey], secret.Data[v1.TLSPrivateKeyKey]) + if err != nil { + return nil, err + } + + l.cert = &cert + return l.cert, nil +} + +func (l *listener) cacheHandler() http.Handler { + return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { + h, _, err := net.SplitHostPort(req.Host) + if err != nil { + h = req.Host + } + + ip := net.ParseIP(h) + if len(ip) > 0 { + l.updateCert(h) + } + }) +} + +type nonNil struct { + sync.Mutex + storage TLSStorage +} + +func (n *nonNil) Get() (*v1.Secret, error) { + n.Lock() + defer n.Unlock() + + s, err := n.storage.Get() + if err != nil || s == nil { + return &v1.Secret{}, err + } + return s, nil +} + +func (n *nonNil) Update(secret *v1.Secret) error { + n.Lock() + defer n.Unlock() + + return n.storage.Update(secret) +} diff --git a/vendor/github.com/rancher/dynamiclistener/read.go b/vendor/github.com/rancher/dynamiclistener/read.go deleted file mode 100644 index bf99514768..0000000000 --- a/vendor/github.com/rancher/dynamiclistener/read.go +++ /dev/null @@ -1,50 +0,0 @@ -package dynamiclistener - -import ( - "fmt" - "io/ioutil" - "path/filepath" -) - -func ReadTLSConfig(userConfig *UserConfig) error { - var err error - - path := userConfig.CertPath - - userConfig.CACerts, err = readPEM(filepath.Join(path, "cacerts.pem")) - if err != nil { - return err - } - - userConfig.Key, err = readPEM(filepath.Join(path, "key.pem")) - if err != nil { - return err - } - - userConfig.Cert, err = readPEM(filepath.Join(path, "cert.pem")) - if err != nil { - return err - } - - valid := false - if userConfig.Key != "" && userConfig.Cert != "" { - valid = true - } else if userConfig.Key == "" && userConfig.Cert == "" { - valid = true - } - - if !valid { - return fmt.Errorf("invalid SSL configuration found, please set cert/key, cert/key/cacerts, cacerts only, or none") - } - - return nil -} - -func readPEM(path string) (string, error) { - content, err := ioutil.ReadFile(path) - if err != nil { - return "", nil - } - - return string(content), nil -} diff --git a/vendor/github.com/rancher/dynamiclistener/redirect.go b/vendor/github.com/rancher/dynamiclistener/redirect.go new file mode 100644 index 0000000000..264efdee19 --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/redirect.go @@ -0,0 +1,46 @@ +package dynamiclistener + +import ( + "fmt" + "net" + "net/http" + "strconv" + "strings" +) + +// Approach taken from letsencrypt, except manglePort is specific to us +func HTTPRedirect(next http.Handler) http.Handler { + return http.HandlerFunc( + func(rw http.ResponseWriter, r *http.Request) { + fmt.Println("!!!!!", r.URL.String(), r.Header) + if r.Header.Get("x-Forwarded-Proto") == "https" || + r.Header.Get("x-Forwarded-Proto") == "wss" || + strings.HasPrefix(r.URL.Path, "/ping") || + strings.HasPrefix(r.URL.Path, "/health") { + next.ServeHTTP(rw, r) + return + } + if r.Method != "GET" && r.Method != "HEAD" { + http.Error(rw, "Use HTTPS", http.StatusBadRequest) + return + } + target := "https://" + manglePort(r.Host) + r.URL.RequestURI() + http.Redirect(rw, r, target, http.StatusFound) + }) +} + +func manglePort(hostport string) string { + host, port, err := net.SplitHostPort(hostport) + if err != nil { + return hostport + } + + portInt, err := strconv.Atoi(port) + if err != nil { + return hostport + } + + portInt = ((portInt / 1000) * 1000) + 443 + + return net.JoinHostPort(host, strconv.Itoa(portInt)) +} diff --git a/vendor/github.com/rancher/dynamiclistener/server.go b/vendor/github.com/rancher/dynamiclistener/server.go deleted file mode 100644 index 2c01dbf0b8..0000000000 --- a/vendor/github.com/rancher/dynamiclistener/server.go +++ /dev/null @@ -1,556 +0,0 @@ -package dynamiclistener - -import ( - "context" - "crypto" - "crypto/ecdsa" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "encoding/base64" - "encoding/pem" - "errors" - "fmt" - "log" - "net" - "net/http" - "reflect" - "strconv" - "strings" - "sync" - "time" - - cert "github.com/rancher/dynamiclistener/cert" - "github.com/sirupsen/logrus" -) - -type server struct { - sync.Mutex - - userConfig UserConfig - listenConfigStorage ListenerConfigStorage - tlsCert *tls.Certificate - - ips map[string]bool - domains map[string]bool - cn string - - listeners []net.Listener - servers []*http.Server - - activeCA *x509.Certificate - activeCAKey crypto.Signer -} - -func NewServer(listenConfigStorage ListenerConfigStorage, config UserConfig) (ServerInterface, error) { - s := &server{ - userConfig: config, - listenConfigStorage: listenConfigStorage, - cn: "cattle", - } - - s.ips = map[string]bool{} - s.domains = map[string]bool{} - - if err := s.userConfigure(); err != nil { - return nil, err - } - - lc, err := listenConfigStorage.Get() - if err != nil { - return nil, err - } - - return s, s.Update(lc) -} - -func (s *server) CACert() (string, error) { - if s.userConfig.NoCACerts { - return "", nil - } - if s.userConfig.CACerts != "" { - return s.userConfig.CACerts, nil - } - return "", fmt.Errorf("ca cert not found") -} - -func marshalPrivateKey(privateKey crypto.Signer) (string, []byte, error) { - var ( - keyType string - bytes []byte - err error - ) - if key, ok := privateKey.(*ecdsa.PrivateKey); ok { - keyType = cert.ECPrivateKeyBlockType - bytes, err = x509.MarshalECPrivateKey(key) - } else if key, ok := privateKey.(*rsa.PrivateKey); ok { - keyType = cert.RSAPrivateKeyBlockType - bytes = x509.MarshalPKCS1PrivateKey(key) - } else { - keyType = cert.PrivateKeyBlockType - bytes, err = x509.MarshalPKCS8PrivateKey(privateKey) - } - if err != nil { - logrus.Errorf("Unable to marshal private key: %v", err) - } - return keyType, bytes, err -} - -func newPrivateKey() (crypto.Signer, error) { - caKeyBytes, err := cert.MakeEllipticPrivateKeyPEM() - if err != nil { - return nil, err - } - caKeyIFace, err := cert.ParsePrivateKeyPEM(caKeyBytes) - if err != nil { - return nil, err - } - return caKeyIFace.(crypto.Signer), nil -} - -func (s *server) save() (_err error) { - defer func() { - if _err != nil { - logrus.Errorf("Saving cert error: %s", _err) - } - }() - - certStr, err := certToString(s.tlsCert) - if err != nil { - return err - } - cfg, err := s.listenConfigStorage.Get() - if err != nil { - return err - } - cfg.GeneratedCerts = map[string]string{s.cn: certStr} - - _, err = s.listenConfigStorage.Set(cfg) - return err -} - -func (s *server) userConfigure() error { - if s.userConfig.HTTPSPort == 0 { - s.userConfig.HTTPSPort = 8443 - } - - for _, d := range s.userConfig.Domains { - s.domains[d] = true - } - - for _, ip := range s.userConfig.KnownIPs { - if netIP := net.ParseIP(ip); netIP != nil { - s.ips[ip] = true - } - } - - if bindAddress := net.ParseIP(s.userConfig.BindAddress); bindAddress != nil { - s.ips[s.userConfig.BindAddress] = true - } - - if s.activeCA == nil && s.activeCAKey == nil { - if s.userConfig.CACerts != "" && s.userConfig.CAKey != "" { - ca, err := cert.ParseCertsPEM([]byte(s.userConfig.CACerts)) - if err != nil { - return err - } - key, err := cert.ParsePrivateKeyPEM([]byte(s.userConfig.CAKey)) - if err != nil { - return err - } - s.activeCA = ca[0] - s.activeCAKey = key.(crypto.Signer) - } else { - ca, key, err := genCA() - if err != nil { - return err - } - s.activeCA = ca - s.activeCAKey = key - } - } - - return nil -} - -func genCA() (*x509.Certificate, crypto.Signer, error) { - caKey, err := newPrivateKey() - if err != nil { - return nil, nil, err - } - - caCert, err := cert.NewSelfSignedCACert(cert.Config{ - CommonName: "k3s-ca", - Organization: []string{"k3s-org"}, - }, caKey) - if err != nil { - return nil, nil, err - } - - return caCert, caKey, nil -} - -func (s *server) Update(status *ListenerStatus) (_err error) { - s.Lock() - defer func() { - s.Unlock() - if _err != nil { - logrus.Errorf("Update cert error: %s", _err) - } - if s.tlsCert == nil { - s.getCertificate(&tls.ClientHelloInfo{ServerName: "localhost"}) - } - }() - - certString := status.GeneratedCerts[s.cn] - tlsCert, err := stringToCert(certString) - if err != nil { - logrus.Errorf("Update cert unable to convert string to cert: %s", err) - s.tlsCert = nil - } - if tlsCert != nil { - s.tlsCert = tlsCert - for i, certBytes := range tlsCert.Certificate { - parsedCert, err := x509.ParseCertificate(certBytes) - if err != nil { - logrus.Errorf("Update cert %d parse error: %s", i, err) - s.tlsCert = nil - break - } - isExpired := cert.IsCertExpired(parsedCert) - if isExpired { - logrus.Infof("certificate is about to expire") - s.tlsCert = nil - break - } - ips := map[string]bool{} - for _, ip := range parsedCert.IPAddresses { - ips[ip.String()] = true - } - - domains := map[string]bool{} - for _, domain := range parsedCert.DNSNames { - domains[domain] = true - } - - if !(reflect.DeepEqual(ips, s.ips) && reflect.DeepEqual(domains, s.domains)) { - subset := true - for ip := range s.ips { - if !ips[ip] { - subset = false - break - } - } - if subset { - for domain := range s.domains { - if !domains[domain] { - subset = false - break - } - } - } - if !subset { - s.tlsCert = nil - } - for ip := range ips { - s.ips[ip] = true - } - for domain := range domains { - s.domains[domain] = true - } - } - } - } - - return s.reload() -} - -func (s *server) shutdown() error { - for _, listener := range s.listeners { - if err := listener.Close(); err != nil { - return err - } - } - s.listeners = nil - - for _, server := range s.servers { - go server.Shutdown(context.Background()) - } - s.servers = nil - - return nil -} - -func (s *server) reload() error { - if len(s.listeners) > 0 { - return nil - } - - if err := s.shutdown(); err != nil { - return err - } - - if err := s.serveHTTPS(); err != nil { - return err - } - - return nil -} - -func (s *server) getCertificate(hello *tls.ClientHelloInfo) (_servingCert *tls.Certificate, _err error) { - s.Lock() - changed := false - - defer func() { - defer s.Unlock() - - if _err != nil { - logrus.Errorf("Get certificate error: %s", _err) - return - } - - if changed { - s.save() - } - }() - - if hello.ServerName != "" && !s.domains[hello.ServerName] { - s.tlsCert = nil - s.domains[hello.ServerName] = true - } - - if s.tlsCert != nil { - return s.tlsCert, nil - } - - ips := []net.IP{} - for ipStr := range s.ips { - if ip := net.ParseIP(ipStr); ip != nil { - ips = append(ips, ip) - } - } - - dnsNames := []string{} - for domain := range s.domains { - dnsNames = append(dnsNames, domain) - } - - cfg := cert.Config{ - CommonName: s.cn, - Organization: s.activeCA.Subject.Organization, - Usages: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - AltNames: cert.AltNames{ - DNSNames: dnsNames, - IPs: ips, - }, - } - - key, err := newPrivateKey() - if err != nil { - return nil, err - } - - cert, err := cert.NewSignedCert(cfg, key, s.activeCA, s.activeCAKey) - if err != nil { - return nil, err - } - - tlsCert := &tls.Certificate{ - Certificate: [][]byte{ - cert.Raw, - }, - PrivateKey: key, - } - - changed = true - s.tlsCert = tlsCert - return tlsCert, nil -} - -func (s *server) cacheHandler(handler http.Handler) http.Handler { - return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { - h, _, err := net.SplitHostPort(req.Host) - if err != nil { - h = req.Host - } - - s.Lock() - if ip := net.ParseIP(h); ip != nil { - if !s.ips[h] { - s.ips[h] = true - s.tlsCert = nil - } - } else { - if !s.domains[h] { - s.domains[h] = true - s.tlsCert = nil - } - } - s.Unlock() - - handler.ServeHTTP(resp, req) - }) -} - -func (s *server) serveHTTPS() error { - conf := &tls.Config{ - ClientAuth: tls.RequestClientCert, - GetCertificate: s.getCertificate, - PreferServerCipherSuites: true, - } - - listener, err := s.newListener(s.userConfig.BindAddress, s.userConfig.HTTPSPort, conf) - if err != nil { - return err - } - - logger := logrus.StandardLogger() - server := &http.Server{ - Handler: s.cacheHandler(s.Handler()), - ErrorLog: log.New(logger.WriterLevel(logrus.DebugLevel), "", log.LstdFlags), - } - - s.servers = append(s.servers, server) - s.startServer(listener, server) - - if s.userConfig.HTTPPort > 0 { - httpListener, err := s.newListener(s.userConfig.BindAddress, s.userConfig.HTTPPort, nil) - if err != nil { - return err - } - - httpServer := &http.Server{ - Handler: s.cacheHandler(httpRedirect(s.Handler())), - ErrorLog: log.New(logger.WriterLevel(logrus.DebugLevel), "", log.LstdFlags), - } - - s.servers = append(s.servers, httpServer) - s.startServer(httpListener, httpServer) - } - - return nil -} - -// Approach taken from letsencrypt, except manglePort is specific to us -func httpRedirect(next http.Handler) http.Handler { - return http.HandlerFunc( - func(rw http.ResponseWriter, r *http.Request) { - if r.Header.Get("x-Forwarded-Proto") == "https" || - strings.HasPrefix(r.URL.Path, "/ping") || - strings.HasPrefix(r.URL.Path, "/health") { - next.ServeHTTP(rw, r) - return - } - if r.Method != "GET" && r.Method != "HEAD" { - http.Error(rw, "Use HTTPS", http.StatusBadRequest) - return - } - target := "https://" + manglePort(r.Host) + r.URL.RequestURI() - http.Redirect(rw, r, target, http.StatusFound) - }) -} - -func manglePort(hostport string) string { - host, port, err := net.SplitHostPort(hostport) - if err != nil { - return hostport - } - - portInt, err := strconv.Atoi(port) - if err != nil { - return hostport - } - - portInt = ((portInt / 1000) * 1000) + 443 - - return net.JoinHostPort(host, strconv.Itoa(portInt)) -} - -func (s *server) startServer(listener net.Listener, server *http.Server) { - go func() { - if err := server.Serve(listener); err != nil { - logrus.Errorf("server on %v returned err: %v", listener.Addr(), err) - } - }() -} - -func (s *server) Handler() http.Handler { - return s.userConfig.Handler -} - -func (s *server) newListener(ip string, port int, config *tls.Config) (net.Listener, error) { - addr := fmt.Sprintf("%s:%d", ip, port) - l, err := net.Listen("tcp", addr) - if err != nil { - return nil, err - } - - l = tcpKeepAliveListener{l.(*net.TCPListener)} - - if config != nil { - l = tls.NewListener(l, config) - } - - s.listeners = append(s.listeners, l) - logrus.Info("Listening on ", addr) - return l, nil -} - -func stringToCert(certString string) (*tls.Certificate, error) { - parts := strings.Split(certString, "#") - if len(parts) != 2 { - return nil, errors.New("Unable to split cert into two parts") - } - - certPart, keyPart := parts[0], parts[1] - keyBytes, err := base64.StdEncoding.DecodeString(keyPart) - if err != nil { - return nil, err - } - - key, err := cert.ParsePrivateKeyPEM(keyBytes) - if err != nil { - return nil, err - } - - certBytes, err := base64.StdEncoding.DecodeString(certPart) - if err != nil { - return nil, err - } - - return &tls.Certificate{ - Certificate: [][]byte{certBytes}, - PrivateKey: key, - }, nil -} - -func certToString(cert *tls.Certificate) (string, error) { - keyType, keyBytes, err := marshalPrivateKey(cert.PrivateKey.(crypto.Signer)) - if err != nil { - return "", err - } - - privateKeyPemBlock := &pem.Block{ - Type: keyType, - Bytes: keyBytes, - } - pemBytes := pem.EncodeToMemory(privateKeyPemBlock) - - certString := base64.StdEncoding.EncodeToString(cert.Certificate[0]) - keyString := base64.StdEncoding.EncodeToString(pemBytes) - return certString + "#" + keyString, nil -} - -type tcpKeepAliveListener struct { - *net.TCPListener -} - -func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) { - tc, err := ln.AcceptTCP() - if err != nil { - return - } - tc.SetKeepAlive(true) - tc.SetKeepAlivePeriod(3 * time.Minute) - return tc, nil -} diff --git a/vendor/github.com/rancher/dynamiclistener/storage/file/file.go b/vendor/github.com/rancher/dynamiclistener/storage/file/file.go new file mode 100644 index 0000000000..ba738bcdbe --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/storage/file/file.go @@ -0,0 +1,42 @@ +package file + +import ( + "encoding/json" + "github.com/rancher/dynamiclistener" + "k8s.io/api/core/v1" + "os" +) + +func New(file string) dynamiclistener.TLSStorage { + return &storage{ + file: file, + } +} + +type storage struct { + file string +} + +func (s *storage) Get() (*v1.Secret, error) { + f, err := os.Open(s.file) + if os.IsNotExist(err) { + return nil, nil + } else if err != nil { + return nil, err + } + defer f.Close() + + secret := v1.Secret{} + return &secret, json.NewDecoder(f).Decode(&secret) +} + +func (s *storage) Update(secret *v1.Secret) error { + f, err := os.Create(s.file) + if err != nil { + return err + } + defer f.Close() + + return json.NewEncoder(f).Encode(secret) +} + diff --git a/vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go b/vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go new file mode 100644 index 0000000000..d5198a2c9d --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/storage/kubernetes/controller.go @@ -0,0 +1,109 @@ +package kubernetes + +import ( + "context" + "sync" + "time" + + "github.com/rancher/dynamiclistener" + "github.com/rancher/wrangler-api/pkg/generated/controllers/core" + v1controller "github.com/rancher/wrangler-api/pkg/generated/controllers/core/v1" + "github.com/rancher/wrangler/pkg/start" + v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" +) + +type CoreGetter func() *core.Factory + +func New(ctx context.Context, core CoreGetter, namespace, name string, backing dynamiclistener.TLSStorage) dynamiclistener.TLSStorage { + storage := &storage{ + name: name, + namespace: namespace, + storage: backing, + ctx: ctx, + } + + // lazy init + go func() { + for { + core := core() + if core != nil { + storage.init(core.Core().V1().Secret()) + start.All(ctx, 5, core) + return + } + + select { + case <-ctx.Done(): + return + case <-time.After(time.Second): + } + } + }() + + return storage +} + +type storage struct { + sync.Mutex + + namespace, name string + storage dynamiclistener.TLSStorage + secrets v1controller.SecretClient + ctx context.Context +} + +func (s *storage) init(secrets v1controller.SecretController) { + s.Lock() + defer s.Unlock() + + secrets.OnChange(s.ctx, "tls-storage", func(key string, secret *v1.Secret) (*v1.Secret, error) { + if secret == nil { + return nil, nil + } + if secret.Namespace == s.namespace && secret.Name == s.name { + if err := s.Update(secret); err != nil { + return nil, err + } + } + + return secret, nil + }) + s.secrets = secrets +} + +func (s *storage) Get() (*v1.Secret, error) { + s.Lock() + defer s.Unlock() + + return s.storage.Get() +} + +func (s *storage) Update(secret *v1.Secret) (err error) { + s.Lock() + defer s.Unlock() + + if s.secrets != nil { + if secret.UID == "" { + secret.Name = s.name + secret.Namespace = s.namespace + secret, err = s.secrets.Create(secret) + if err != nil { + return err + } + } else { + existingSecret, err := s.storage.Get() + if err != nil { + return err + } + if !equality.Semantic.DeepEqual(secret.Data, existingSecret.Data) { + secret, err = s.secrets.Update(secret) + if err != nil { + return err + } + } + } + } + + return s.storage.Update(secret) +} diff --git a/vendor/github.com/rancher/dynamiclistener/storage/memory/memory.go b/vendor/github.com/rancher/dynamiclistener/storage/memory/memory.go new file mode 100644 index 0000000000..079f180739 --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/storage/memory/memory.go @@ -0,0 +1,42 @@ +package memory + +import ( + "github.com/rancher/dynamiclistener" + v1 "k8s.io/api/core/v1" +) + +func New() dynamiclistener.TLSStorage { + return &memory{} +} + +func NewBacked(storage dynamiclistener.TLSStorage) dynamiclistener.TLSStorage { + return &memory{storage: storage} +} + +type memory struct { + storage dynamiclistener.TLSStorage + secret *v1.Secret +} + +func (m *memory) Get() (*v1.Secret, error) { + if m.secret == nil && m.storage != nil { + secret, err := m.storage.Get() + if err != nil { + return nil, err + } + m.secret = secret + } + + return m.secret, nil +} + +func (m *memory) Update(secret *v1.Secret) error { + if m.storage != nil { + if err := m.storage.Update(secret); err != nil { + return err + } + } + + m.secret = secret + return nil +} diff --git a/vendor/github.com/rancher/dynamiclistener/tcp.go b/vendor/github.com/rancher/dynamiclistener/tcp.go new file mode 100644 index 0000000000..3f41588ccc --- /dev/null +++ b/vendor/github.com/rancher/dynamiclistener/tcp.go @@ -0,0 +1,38 @@ +package dynamiclistener + +import ( + "fmt" + "net" + "reflect" + "time" +) + +func NewTCPListener(ip string, port int) (net.Listener, error) { + l, err := net.Listen("tcp", fmt.Sprintf("%s:%d", ip, port)) + if err != nil { + return nil, err + } + + tcpListener, ok := l.(*net.TCPListener) + if !ok { + return nil, fmt.Errorf("wrong listener type: %v", reflect.TypeOf(tcpListener)) + } + + return tcpKeepAliveListener{ + TCPListener: tcpListener, + }, nil +} + +type tcpKeepAliveListener struct { + *net.TCPListener +} + +func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) { + tc, err := ln.AcceptTCP() + if err != nil { + return + } + tc.SetKeepAlive(true) + tc.SetKeepAlivePeriod(3 * time.Minute) + return tc, nil +} diff --git a/vendor/github.com/rancher/dynamiclistener/types.go b/vendor/github.com/rancher/dynamiclistener/types.go deleted file mode 100644 index 7fabf1c950..0000000000 --- a/vendor/github.com/rancher/dynamiclistener/types.go +++ /dev/null @@ -1,63 +0,0 @@ -package dynamiclistener - -import ( - "net/http" -) - -type ListenerConfigStorage interface { - Set(*ListenerStatus) (*ListenerStatus, error) - Get() (*ListenerStatus, error) -} - -type ServerInterface interface { - Update(status *ListenerStatus) error - CACert() (string, error) -} - -type UserConfig struct { - // Required fields - - Handler http.Handler - HTTPPort int - HTTPSPort int - CertPath string - - // Optional fields - - KnownIPs []string - Domains []string - Mode string - NoCACerts bool - CACerts string - CAKey string - Cert string - Key string - BindAddress string -} - -type ListenerStatus struct { - Revision string `json:"revision,omitempty"` - CACert string `json:"caCert,omitempty"` - CAKey string `json:"caKey,omitempty"` - GeneratedCerts map[string]string `json:"generatedCerts" norman:"nocreate,noupdate"` - KnownIPs map[string]bool `json:"knownIps" norman:"nocreate,noupdate"` -} - -func (l *ListenerStatus) DeepCopyInto(t *ListenerStatus) { - t.Revision = l.Revision - t.CACert = l.CACert - t.CAKey = l.CAKey - t.GeneratedCerts = copyMap(t.GeneratedCerts) - t.KnownIPs = map[string]bool{} - for k, v := range l.KnownIPs { - t.KnownIPs[k] = v - } -} - -func copyMap(m map[string]string) map[string]string { - ret := map[string]string{} - for k, v := range m { - ret[k] = v - } - return ret -} diff --git a/vendor/github.com/rancher/kine/pkg/client/client.go b/vendor/github.com/rancher/kine/pkg/client/client.go deleted file mode 100644 index 1b41f73c58..0000000000 --- a/vendor/github.com/rancher/kine/pkg/client/client.go +++ /dev/null @@ -1,107 +0,0 @@ -package client - -import ( - "context" - "fmt" - "time" - - "github.com/coreos/etcd/clientv3" - "github.com/rancher/kine/pkg/endpoint" -) - -type Value struct { - Data []byte - Modified int64 -} - -type Client interface { - Get(ctx context.Context, key string) (Value, error) - Put(ctx context.Context, key string, value []byte) error - Create(ctx context.Context, key string, value []byte) error - Update(ctx context.Context, key string, revision int64, value []byte) error - Close() error -} - -type client struct { - c *clientv3.Client -} - -func New(config endpoint.ETCDConfig) (Client, error) { - tlsConfig, err := config.TLSConfig.ClientConfig() - if err != nil { - return nil, err - } - - c, err := clientv3.New(clientv3.Config{ - Endpoints: config.Endpoints, - DialTimeout: 5 * time.Second, - TLS: tlsConfig, - }) - if err != nil { - return nil, err - } - - return &client{ - c: c, - }, nil -} - -func (c *client) Get(ctx context.Context, key string) (Value, error) { - resp, err := c.c.Get(ctx, key) - if err != nil { - return Value{}, err - } - - if len(resp.Kvs) == 1 { - return Value{ - Data: resp.Kvs[0].Value, - Modified: resp.Kvs[0].ModRevision, - }, nil - } - - return Value{}, nil -} - -func (c *client) Put(ctx context.Context, key string, value []byte) error { - val, err := c.Get(ctx, key) - if err != nil { - return err - } - if val.Modified == 0 { - return c.Create(ctx, key, value) - } - return c.Update(ctx, key, val.Modified, value) -} - -func (c *client) Create(ctx context.Context, key string, value []byte) error { - resp, err := c.c.Txn(ctx). - If(clientv3.Compare(clientv3.ModRevision(key), "=", 0)). - Then(clientv3.OpPut(key, string(value))). - Commit() - if err != nil { - return err - } - if !resp.Succeeded { - return fmt.Errorf("key exists") - } - return nil -} - -func (c *client) Update(ctx context.Context, key string, revision int64, value []byte) error { - resp, err := c.c.Txn(ctx). - If(clientv3.Compare(clientv3.ModRevision(key), "=", revision)). - Then(clientv3.OpPut(key, string(value))). - Else(clientv3.OpGet(key)). - Commit() - if err != nil { - return err - } - if !resp.Succeeded { - return fmt.Errorf("revision %d doesnt match", revision) - } - return nil -} - -func (c *client) Close() error { - return c.c.Close() -} diff --git a/vendor/modules.txt b/vendor/modules.txt index 48315445a4..2b20da90cf 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -479,9 +479,9 @@ github.com/godbus/dbus github.com/gogo/googleapis/google/rpc # github.com/gogo/protobuf v1.3.0 github.com/gogo/protobuf/types -github.com/gogo/protobuf/gogoproto github.com/gogo/protobuf/proto github.com/gogo/protobuf/sortkeys +github.com/gogo/protobuf/gogoproto github.com/gogo/protobuf/protoc-gen-gogo/descriptor # github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef github.com/golang/groupcache/lru @@ -617,7 +617,7 @@ github.com/json-iterator/go github.com/juju/errors # github.com/karrick/godirwalk v1.7.5 github.com/karrick/godirwalk -# github.com/konsorten/go-windows-terminal-sequences v1.0.2 +# github.com/konsorten/go-windows-terminal-sequences v1.0.1 github.com/konsorten/go-windows-terminal-sequences # github.com/kubernetes-sigs/cri-tools v0.0.0-00010101000000-000000000000 => github.com/rancher/cri-tools v1.16.1-k3s.1 github.com/kubernetes-sigs/cri-tools/cmd/crictl @@ -726,8 +726,12 @@ github.com/prometheus/procfs/internal/util # github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8 github.com/rakelkar/gonetsh/netroute github.com/rakelkar/gonetsh/netsh -# github.com/rancher/dynamiclistener v0.1.1-0.20191010011134-8a2488bc860a +# github.com/rancher/dynamiclistener v0.1.1-0.20191031022009-6224794ef3cb github.com/rancher/dynamiclistener +github.com/rancher/dynamiclistener/factory +github.com/rancher/dynamiclistener/storage/file +github.com/rancher/dynamiclistener/storage/kubernetes +github.com/rancher/dynamiclistener/storage/memory github.com/rancher/dynamiclistener/cert # github.com/rancher/helm-controller v0.2.2 github.com/rancher/helm-controller/pkg/generated/controllers/helm.cattle.io @@ -745,7 +749,6 @@ github.com/rancher/helm-controller/pkg/generated/informers/externalversions/inte github.com/rancher/helm-controller/pkg/apis/helm.cattle.io # github.com/rancher/kine v0.0.0-00010101000000-000000000000 => github.com/ibuildthecloud/kine v0.1.0 github.com/rancher/kine/pkg/endpoint -github.com/rancher/kine/pkg/client github.com/rancher/kine/pkg/drivers/mysql github.com/rancher/kine/pkg/drivers/pgsql github.com/rancher/kine/pkg/drivers/sqlite @@ -758,8 +761,8 @@ github.com/rancher/kine/pkg/broadcaster # github.com/rancher/remotedialer v0.2.0 github.com/rancher/remotedialer # github.com/rancher/wrangler v0.2.0 -github.com/rancher/wrangler/pkg/start github.com/rancher/wrangler/pkg/signals +github.com/rancher/wrangler/pkg/start github.com/rancher/wrangler/pkg/controller-gen github.com/rancher/wrangler/pkg/controller-gen/args github.com/rancher/wrangler/pkg/cleanup @@ -1021,15 +1024,15 @@ google.golang.org/api/transport/http/internal/propagation # google.golang.org/appengine v1.5.0 google.golang.org/appengine/cloudsql google.golang.org/appengine/urlfetch +google.golang.org/appengine google.golang.org/appengine/internal google.golang.org/appengine/internal/urlfetch -google.golang.org/appengine +google.golang.org/appengine/internal/app_identity +google.golang.org/appengine/internal/modules google.golang.org/appengine/internal/base google.golang.org/appengine/internal/datastore google.golang.org/appengine/internal/log google.golang.org/appengine/internal/remote_api -google.golang.org/appengine/internal/app_identity -google.golang.org/appengine/internal/modules # google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 google.golang.org/genproto/googleapis/rpc/status google.golang.org/genproto/googleapis/api/annotations @@ -1092,12 +1095,14 @@ k8s.io/api/core/v1 k8s.io/api/extensions/v1beta1 k8s.io/api/networking/v1 k8s.io/api/apps/v1 +k8s.io/api/authentication/v1 +k8s.io/api/autoscaling/v1 +k8s.io/api/policy/v1beta1 k8s.io/api/apps/v1beta1 k8s.io/api/admissionregistration/v1 k8s.io/api/admissionregistration/v1beta1 k8s.io/api/apps/v1beta2 k8s.io/api/auditregistration/v1alpha1 -k8s.io/api/autoscaling/v1 k8s.io/api/autoscaling/v2beta1 k8s.io/api/autoscaling/v2beta2 k8s.io/api/batch/v1 @@ -1111,7 +1116,6 @@ k8s.io/api/events/v1beta1 k8s.io/api/networking/v1beta1 k8s.io/api/node/v1alpha1 k8s.io/api/node/v1beta1 -k8s.io/api/policy/v1beta1 k8s.io/api/rbac/v1 k8s.io/api/rbac/v1alpha1 k8s.io/api/rbac/v1beta1 @@ -1122,7 +1126,6 @@ k8s.io/api/settings/v1alpha1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -k8s.io/api/authentication/v1 k8s.io/api/authentication/v1beta1 k8s.io/api/authorization/v1 k8s.io/api/authorization/v1beta1 @@ -1178,9 +1181,10 @@ k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions/apiextensio k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1 # k8s.io/apimachinery v0.0.0 => github.com/rancher/kubernetes/staging/src/k8s.io/apimachinery v1.16.2-k3s.1 +k8s.io/apimachinery/pkg/api/equality +k8s.io/apimachinery/pkg/apis/meta/v1 k8s.io/apimachinery/pkg/util/json k8s.io/apimachinery/pkg/util/net -k8s.io/apimachinery/pkg/apis/meta/v1 k8s.io/apimachinery/pkg/labels k8s.io/apimachinery/pkg/util/intstr k8s.io/apimachinery/pkg/fields @@ -1193,20 +1197,20 @@ k8s.io/apimachinery/pkg/apis/meta/v1/unstructured k8s.io/apimachinery/pkg/util/yaml k8s.io/apimachinery/pkg/runtime/serializer k8s.io/apimachinery/pkg/util/runtime -k8s.io/apimachinery/pkg/api/equality +k8s.io/apimachinery/pkg/api/resource +k8s.io/apimachinery/pkg/conversion +k8s.io/apimachinery/pkg/selection k8s.io/apimachinery/pkg/util/errors k8s.io/apimachinery/pkg/util/validation k8s.io/apimachinery/pkg/util/sets k8s.io/apimachinery/pkg/util/wait k8s.io/apimachinery/pkg/util/strategicpatch -k8s.io/apimachinery/pkg/api/resource -k8s.io/apimachinery/pkg/conversion -k8s.io/apimachinery/pkg/selection k8s.io/apimachinery/pkg/api/meta k8s.io/apimachinery/pkg/util/cache k8s.io/apimachinery/pkg/util/clock k8s.io/apimachinery/pkg/util/diff k8s.io/apimachinery/pkg/util/naming +k8s.io/apimachinery/pkg/runtime/serializer/streaming k8s.io/apimachinery/pkg/conversion/queryparams k8s.io/apimachinery/pkg/api/validation/path k8s.io/apimachinery/pkg/apis/meta/internalversion @@ -1215,7 +1219,6 @@ k8s.io/apimachinery/pkg/util/rand k8s.io/apimachinery/pkg/util/jsonmergepatch k8s.io/apimachinery/pkg/util/validation/field k8s.io/apimachinery/pkg/version -k8s.io/apimachinery/pkg/runtime/serializer/streaming k8s.io/apimachinery/pkg/runtime/serializer/json k8s.io/apimachinery/pkg/runtime/serializer/protobuf k8s.io/apimachinery/pkg/runtime/serializer/recognizer @@ -1224,9 +1227,9 @@ k8s.io/apimachinery/pkg/util/waitgroup k8s.io/apimachinery/pkg/util/httpstream k8s.io/apimachinery/pkg/util/remotecommand k8s.io/apimachinery/pkg/util/httpstream/spdy +k8s.io/apimachinery/third_party/forked/golang/reflect k8s.io/apimachinery/pkg/util/mergepatch k8s.io/apimachinery/third_party/forked/golang/json -k8s.io/apimachinery/third_party/forked/golang/reflect k8s.io/apimachinery/pkg/util/version k8s.io/apimachinery/pkg/util/proxy k8s.io/apimachinery/pkg/apis/meta/v1beta1 @@ -1366,31 +1369,22 @@ k8s.io/cli-runtime/pkg/kustomize/k8sdeps/transformer/hash k8s.io/cli-runtime/pkg/kustomize/k8sdeps/transformer/patch k8s.io/cli-runtime/pkg/kustomize/k8sdeps/kv # k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible => github.com/rancher/kubernetes/staging/src/k8s.io/client-go v1.16.2-k3s.1 -k8s.io/client-go/tools/clientcmd -k8s.io/client-go/util/cert k8s.io/client-go/kubernetes +k8s.io/client-go/kubernetes/typed/core/v1 +k8s.io/client-go/tools/clientcmd k8s.io/client-go/informers k8s.io/client-go/listers/core/v1 k8s.io/client-go/tools/cache -k8s.io/client-go/transport +k8s.io/client-go/rest k8s.io/client-go/tools/clientcmd/api k8s.io/client-go/discovery -k8s.io/client-go/rest k8s.io/client-go/util/flowcontrol k8s.io/client-go/discovery/fake k8s.io/client-go/testing k8s.io/client-go/kubernetes/typed/apps/v1 -k8s.io/client-go/kubernetes/typed/core/v1 k8s.io/client-go/tools/portforward k8s.io/client-go/tools/remotecommand k8s.io/client-go/transport/spdy -k8s.io/client-go/informers/core -k8s.io/client-go/kubernetes/scheme -k8s.io/client-go/informers/core/v1 -k8s.io/client-go/tools/auth -k8s.io/client-go/tools/clientcmd/api/latest -k8s.io/client-go/util/homedir -k8s.io/client-go/util/keyutil k8s.io/client-go/kubernetes/typed/admissionregistration/v1 k8s.io/client-go/kubernetes/typed/admissionregistration/v1beta1 k8s.io/client-go/kubernetes/typed/apps/v1beta1 @@ -1427,6 +1421,11 @@ k8s.io/client-go/kubernetes/typed/settings/v1alpha1 k8s.io/client-go/kubernetes/typed/storage/v1 k8s.io/client-go/kubernetes/typed/storage/v1alpha1 k8s.io/client-go/kubernetes/typed/storage/v1beta1 +k8s.io/client-go/kubernetes/scheme +k8s.io/client-go/tools/reference +k8s.io/client-go/tools/auth +k8s.io/client-go/tools/clientcmd/api/latest +k8s.io/client-go/util/homedir k8s.io/client-go/informers/admissionregistration k8s.io/client-go/informers/apps k8s.io/client-go/informers/auditregistration @@ -1434,6 +1433,7 @@ k8s.io/client-go/informers/autoscaling k8s.io/client-go/informers/batch k8s.io/client-go/informers/certificates k8s.io/client-go/informers/coordination +k8s.io/client-go/informers/core k8s.io/client-go/informers/discovery k8s.io/client-go/informers/events k8s.io/client-go/informers/extensions @@ -1447,10 +1447,17 @@ k8s.io/client-go/informers/settings k8s.io/client-go/informers/storage k8s.io/client-go/tools/pager k8s.io/client-go/util/retry +k8s.io/client-go/pkg/version +k8s.io/client-go/plugin/pkg/client/auth/exec +k8s.io/client-go/rest/watch +k8s.io/client-go/tools/metrics +k8s.io/client-go/transport +k8s.io/client-go/util/cert +k8s.io/client-go/informers/core/v1 k8s.io/client-go/tools/record k8s.io/client-go/util/certificate k8s.io/client-go/util/connrotation -k8s.io/client-go/tools/metrics +k8s.io/client-go/util/keyutil k8s.io/client-go/tools/leaderelection k8s.io/client-go/tools/leaderelection/resourcelock k8s.io/client-go/discovery/cached @@ -1460,13 +1467,9 @@ k8s.io/client-go/metadata k8s.io/client-go/metadata/metadatainformer k8s.io/client-go/restmapper k8s.io/client-go/scale -k8s.io/client-go/pkg/version -k8s.io/client-go/plugin/pkg/client/auth/exec -k8s.io/client-go/rest/watch k8s.io/client-go/util/workqueue k8s.io/client-go/informers/apps/v1 k8s.io/client-go/listers/apps/v1 -k8s.io/client-go/tools/reference k8s.io/client-go/util/exec k8s.io/client-go/tools/clientcmd/api/v1 k8s.io/client-go/informers/admissionregistration/v1 @@ -1501,6 +1504,9 @@ k8s.io/client-go/informers/settings/v1alpha1 k8s.io/client-go/informers/storage/v1 k8s.io/client-go/informers/storage/v1alpha1 k8s.io/client-go/informers/storage/v1beta1 +k8s.io/client-go/pkg/apis/clientauthentication +k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1 +k8s.io/client-go/pkg/apis/clientauthentication/v1beta1 k8s.io/client-go/tools/record/util k8s.io/client-go/util/certificate/csr k8s.io/client-go/listers/storage/v1beta1 @@ -1522,9 +1528,6 @@ k8s.io/client-go/listers/coordination/v1beta1 k8s.io/client-go/listers/autoscaling/v1 k8s.io/client-go/listers/storage/v1 k8s.io/client-go/tools/events -k8s.io/client-go/pkg/apis/clientauthentication -k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1 -k8s.io/client-go/pkg/apis/clientauthentication/v1beta1 k8s.io/client-go/discovery/cached/disk k8s.io/client-go/util/jsonpath k8s.io/client-go/listers/admissionregistration/v1