diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml index 5f37a43c7..8c69889fa 100644 --- a/.github/workflows/trivy.yaml +++ b/.github/workflows/trivy.yaml @@ -23,7 +23,6 @@ jobs: make docker build -t test/csi-snapshotter:latest -f ./cmd/csi-snapshotter/Dockerfile --output=type=docker --label revision=latest . docker build -t test/snapshot-controller:latest -f ./cmd/snapshot-controller/Dockerfile --output=type=docker --label revision=latest . - docker build -t test/snapshot-validation-webhook:latest -f ./cmd/snapshot-validation-webhook/Dockerfile --output=type=docker --label revision=latest . - name: Run Trivy vulnerability scanner on csi-snapshotter image uses: aquasecurity/trivy-action@master @@ -48,15 +47,3 @@ jobs: ignore-unfixed: true vuln-type: 'os,library' severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' - - - name: Run Trivy vulnerability scanner on snapshot-validation-webhook image - uses: aquasecurity/trivy-action@master - env: - TRIVY_DB_REPOSITORY: "public.ecr.aws/aquasecurity/trivy-db:2" - with: - image-ref: 'test/snapshot-validation-webhook:latest' - format: 'table' - exit-code: '1' - ignore-unfixed: true - vuln-type: 'os,library' - severity: 'CRITICAL,HIGH,MEDIUM,LOW,UNKNOWN' diff --git a/Makefile b/Makefile index ab0a3ae77..ec3520a51 100644 --- a/Makefile +++ b/Makefile @@ -12,9 +12,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -.PHONY: all snapshot-controller csi-snapshotter snapshot-validation-webhook clean test +.PHONY: all snapshot-controller csi-snapshotter clean test -CMDS=snapshot-controller csi-snapshotter snapshot-validation-webhook +CMDS=snapshot-controller csi-snapshotter all: build include release-tools/build.make diff --git a/README.md b/README.md index f79903734..4ef9242cc 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,7 @@ The volume snapshot feature supports CSI v1.0 and higher. It was introduced as a The volume group snapshot feature supports CSI v1.10.0 and higher, and have been introduced in [Kubernetes 1.27 as an alpha feature](https://kubernetes.io/blog/2023/05/08/kubernetes-1-27-volume-group-snapshot-alpha/). -> :warning: **WARNING**: There is a new validating webhook server which provides tightened validation on snapshot objects. This SHOULD be installed by all users of this feature. More details [below](#validating-webhook). - +> :warning: **WARNING**: The validation webhook was deprecated in v8.0.0 and it is now removed. The validation webhook would prevent creating multiple default volume snapshot classes and multiple default volume group snapshot classes for the same CSI driver. With the removal of the validation webhook, an error will still be raised when dynamically provisioning a VolumeSnapshot or VolumeGroupSnapshot when multiple default volume snapshot classes or multiple default volume group snapshot classes for the same CSI driver exist. ## Overview @@ -29,9 +28,9 @@ This information reflects the head of this branch. | [CSI Spec v1.0.0](https://github.com/container-storage-interface/spec/releases/tag/v1.0.0) | [CSI Spec v1.5.0](https://github.com/container-storage-interface/spec/releases/tag/v1.5.0) | k8s.gcr.io/sig-storage/snapshot-controller | 1.20 | 1.20 | | [CSI Spec v1.0.0](https://github.com/container-storage-interface/spec/releases/tag/v1.0.0) | [CSI Spec v1.5.0](https://github.com/container-storage-interface/spec/releases/tag/v1.5.0) | k8s.gcr.io/sig-storage/snapshot-validation-webhook | 1.20 | 1.20 | -Note: snapshot-controller, snapshot-validation-webhook, csi-snapshotter v4.1 requires v1 snapshot CRDs to be installed, but it serves both v1 and v1beta1 snapshot objects. Storage version is changed from v1beta1 to v1 in 4.1.0 so v1beta1 is deprecated and will be removed in a future release. +Note: snapshot-controller, csi-snapshotter v4.1 requires v1 snapshot CRDs to be installed, but it serves both v1 and v1beta1 snapshot objects. Storage version is changed from v1beta1 to v1 in 4.1.0 so v1beta1 is deprecated and will be removed in a future release. -Note: when the volume group snapshot feature is enabled, snapshot-controller, snapshot-validation-webhook, csi-snapshotter require the v1alpha1 volumegroupsnapshot CRDs to be installed. +Note: when the volume group snapshot feature is enabled, snapshot-controller, csi-snapshotter require the v1alpha1 volumegroupsnapshot CRDs to be installed. ## Feature Status @@ -59,7 +58,6 @@ Volume Snapshot feature contains the following components: * [Kubernetes Volume Snapshot and Volume Group Snapshot CRDs](https://github.com/kubernetes-csi/external-snapshotter/tree/master/client/config/crd) * [Volume snapshot and volume group snapshot controller](https://github.com/kubernetes-csi/external-snapshotter/tree/master/pkg/common-controller) -* [Snapshot and volume group snapshot validation webhook](https://github.com/kubernetes-csi/external-snapshotter/tree/master/pkg/validation-webhook) * CSI Driver along with [CSI Snapshotter sidecar](https://github.com/kubernetes-csi/external-snapshotter/tree/master/pkg/sidecar-controller) The Volume Snapshot feature depends on a volume snapshot controller and the volume snapshot CRDs. Both the controller and the CRDs are independent of any CSI driver. The CSI Snapshotter sidecar must run once per CSI driver. The single snapshot controller deployment works for all CSI drivers in a cluster. With leader election configured, the CSI sidecars and snapshot controller elect one leader per deployment. If deployed with two or more pods and leader election is enabled, the non-leader containers will attempt to get the lease. If the leader container dies, a non-leader will take over. @@ -68,8 +66,6 @@ Therefore, it is strongly recommended that Kubernetes distributors bundle and de If your Kubernetes distribution does not bundle the snapshot controller, you may manually install these components by executing the following steps. Note that the snapshot controller YAML files in the git repository deploy into the default namespace for system testing purposes. For general use, update the snapshot controller YAMLs with an appropriate namespace prior to installing. For example, on a Vanilla Kubernetes cluster update the namespace from 'default' to 'kube-system' prior to issuing the kubectl create command. -There is a new validating webhook server which provides tightened validation on snapshot objects. The cluster admin or Kubernetes distribution admin should install the webhook alongside the snapshot controllers and CRDs. More details [below](#validating-webhook). - Install Snapshot and Volume Group Snapshot CRDs: * kubectl kustomize client/config/crd | kubectl create -f - * https://github.com/kubernetes-csi/external-snapshotter/tree/master/client/config/crd @@ -86,44 +82,6 @@ Install CSI Driver: * kubectl kustomize deploy/kubernetes/csi-snapshotter | kubectl create -f - * https://github.com/kubernetes-csi/external-snapshotter/tree/master/deploy/kubernetes/csi-snapshotter -### Validating Webhook - -The snapshot validating webhook is an HTTP callback which responds to [admission requests](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/). It is part of a larger [plan](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1900-volume-snapshot-validation-webhook) to tighten validation for volume snapshot objects. This webhook introduces the [ratcheting validation](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1900-volume-snapshot-validation-webhook#backwards-compatibility) mechanism targeting the tighter validation. The cluster admin or Kubernetes distribution admin should install the webhook alongside the snapshot controllers and CRDs. - -Along with the validation webhook, the volume snapshot controller will start [labeling](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1900-volume-snapshot-validation-webhook#automatic-labelling-of-invalid-objects) invalid snapshot objects which already existed. This is to enable quick identification of invalid snapshot objects in the system by running: -``` -kubectl get volumesnapshots --selector=snapshot.storage.kubernetes.io/invalid-snapshot-resource: "" -kubectl get volumesnapshotcontents --selector=snapshot.storage.kubernetes.io/invalid-snapshot-content-resource: "" -``` - -Users should run this to identify, remove any invalid objects, and correct their workflows before upgrading to v1. Once the API has been switched to the v1 type, those invalid objects will not be deletable from the system. - -If there are no existing invalid v1beta1 objects, after upgrading to v1, the webhook and schema validation will prevent the user from creating new invalid v1 and v1beta1 objects. - -If there are existing invalid v1beta1 objects, the user should make sure that the snapshot controller is upgraded to v3.0.0 or higher (v3.0.3 is the latest recommended v3.0.x release) and install the corresponding validation webhook before upgrading to v1 so that those invalid objects will be labeled and can be identified easily and removed before upgrading to v1. - -If there are existing invalid v1beta1 objects, and the user didn't upgrade to the snapshot controller 3.0.0 or higher and install the corresponding validation webhook before upgrading to v1, those existing invalid v1beta1 objects will not be labeled by the snapshot controller. - -So the recommendation is that before upgrading to v1 CRDs and upgrading snapshot controller and validation webhook to v4.0, the user should upgrade to the snapshot controller 3.0.0 and higher (v3.0.3 is the latest recommended version for 3.0.x) and install the corresponding validation webhook so that all existing invalid objects will be labeled and can be easily identified and deleted. - -> :warning: **WARNING**: Cluster admins choosing not to install the webhook server and participate in the phased release process can cause future problems when upgrading from `v1beta1` to `v1` volumesnapshot API, if there are currently persisted objects which fail the new stricter validation. Potential impacts include being unable to delete invalid snapshot objects. - -Read more about how to install the example webhook [here](deploy/kubernetes/webhook-example/README.md). - -#### Validating Webhook Command Line Options - -* `--tls-cert-file`: File containing the x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). Required. - -* `--tls-private-key-file`: File containing the x509 private key matching --tls-cert-file. Required. - -* `--port`: Secure port that the webhook listens on (default 443) - -* `--kubeconfig `: Path to Kubernetes client configuration that the webhook uses to connect to Kubernetes API server. When omitted, default token provided by Kubernetes will be used. This option is useful only when the snapshot controller does not run as a Kubernetes pod, e.g. for debugging. - -* `--prevent-volume-mode-conversion`: Boolean that prevents an unauthorised user from modifying the volume mode when creating a PVC from an existing VolumeSnapshot. Was present as an alpha feature in `v6.0.0`; Having graduated to beta, defaults to true. - -#### Validating Webhook Validations - ##### Volume Snapshot * Spec.VolumeSnapshotClassName must not be an empty string or nil on creation @@ -280,8 +238,6 @@ If you have already deployed v1alpha1 snapshot APIs and external-snapshotter sid ### Upgrade from v1beta1 to v1 -Validation webhook should be installed before upgrading to v1. Potential impacts of not installing the validation webhook before upgrading to v1 include being unable to delete invalid snapshot objects. See the section on Validation Webhook for details. - * When upgrading to 4.0, change from v1beta1 to v1 is backward compatible because both v1 and v1beta1 are served while the stored API version is still v1beta1. Future releases will switch the stored version to v1 and gradually remove v1beta1 support. * When upgrading from 3.x to 4.1, change from v1beta1 to v1 is no longer backward compatible because stored API version is changed to v1 although both v1 and v1beta1 are still served. v1beta1 is deprecated in 4.1. * v1beta1 support will be removed in a future release. It is recommended for users to switch to v1 as soon as possible. Any previously created invalid v1beta1 objects have to be deleted before upgrading to version 4.1. diff --git a/cmd/snapshot-validation-webhook/Dockerfile b/cmd/snapshot-validation-webhook/Dockerfile deleted file mode 100644 index 68cf7548f..000000000 --- a/cmd/snapshot-validation-webhook/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM gcr.io/distroless/static:latest -LABEL maintainers="Kubernetes Authors" -LABEL description="Snapshot Validation Webhook" -ARG binary=./bin/snapshot-validation-webhook - -COPY ${binary} snapshot-validation-webhook -ENTRYPOINT ["/snapshot-validation-webhook"] diff --git a/cmd/snapshot-validation-webhook/main.go b/cmd/snapshot-validation-webhook/main.go deleted file mode 100644 index 9d7a9c148..000000000 --- a/cmd/snapshot-validation-webhook/main.go +++ /dev/null @@ -1,33 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package main - -import ( - "flag" - - webhook "github.com/kubernetes-csi/external-snapshotter/v8/pkg/validation-webhook" - "k8s.io/klog/v2" -) - -func main() { - rootCmd := webhook.CmdWebhook - - loggingFlags := &flag.FlagSet{} - klog.InitFlags(loggingFlags) - rootCmd.PersistentFlags().AddGoFlagSet(loggingFlags) - rootCmd.Execute() -} diff --git a/deploy/kubernetes/webhook-example/README.md b/deploy/kubernetes/webhook-example/README.md deleted file mode 100644 index 4c0a66f69..000000000 --- a/deploy/kubernetes/webhook-example/README.md +++ /dev/null @@ -1,71 +0,0 @@ -# Validating Webhook - -The snapshot validating webhook is an HTTP callback which responds to [admission requests](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/). It is part of a larger [plan](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1900-volume-snapshot-validation-webhook#proposal) to tighten validation for volume snapshot objects. This webhook introduces the [ratcheting validation](https://github.com/kubernetes/enhancements/tree/master/keps/sig-storage/1900-volume-snapshot-validation-webhook#backwards-compatibility) mechanism targeting the tighter validation. The cluster admin or Kubernetes distribution admin should install the webhook alongside the snapshot controllers and CRDs. - -## How to build the webhook - -Build the binary - -```bash -make -``` - -Build the docker image - -```bash -docker build -t snapshot-validation-webhook:latest -f ./cmd/snapshot-validation-webhook/Dockerfile . -``` - -## How to deploy the webhook - -The webhook server is provided as an image which can be built from this repository. It can be deployed anywhere, as long as the api server is able to reach it over HTTPS. It is recommended to deploy the webhook server in the cluster as snapshotting is latency sensitive. A `ValidatingWebhookConfiguration` object is needed to configure the api server to contact the webhook server. Please see the [documentation](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) for more details. The webhook server code is adapted from the [webhook server](https://github.com/kubernetes/kubernetes/tree/v1.18.6/test/images/agnhost/webhook) used in the kubernetes/kubernetes end to end testing code. - -### Example in-cluster deployment using Kubernetes Secrets - -Please note this is not considered to be a production ready method to deploy the certificates and is only provided for demo purposes. This is only one of many ways to deploy the certificates, it is your responsibility to ensure the security of your cluster. TLS certificates and private keys should be handled with care and you may not want to keep them in plain Kubernetes secrets. - -This method was heavily adapted from [banzai cloud](https://banzaicloud.com/blog/k8s-admission-webhooks/). - -#### Method - -These commands should be run from the top level directory. - -1. Run the `create-cert.sh` script. Note using the default namespace will allow anyone with access to that namespace to read your secret. It is recommended to change the namespace in all the files and the commands given below. - - - ```bash - # This script will create a TLS certificate signed by the [cluster](https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster/). It will place the public and private key into a secret on the cluster. - ./deploy/kubernetes/webhook-example/create-cert.sh --service snapshot-validation-service --secret snapshot-validation-secret --namespace default # Make sure to use a different namespace - ``` - -2. Patch the `ValidatingWebhookConfiguration` file from the template, filling in the CA bundle field. - - ```bash - cat ./deploy/kubernetes/webhook-example/admission-configuration-template | ./deploy/kubernetes/webhook-example/patch-ca-bundle.sh > ./deploy/kubernetes/webhook-example/admission-configuration.yaml - ``` - -3. Change the namespace in the generated `admission-configuration.yaml` file. Change the namespace in the service and deployment in the `webhook.yaml` file. - -4. Create the deployment, service, RBAC, and admission configuration objects on the cluster. - - ```bash - kubectl apply -f ./deploy/kubernetes/webhook-example - ``` - -Once all the pods from the deployment are up and running, you should be ready to go. - -#### Verify the webhook works - -Try to create an invalid snapshot object, the snapshot creation should fail. - -```bash -kubectl create -f ./examples/kubernetes/invalid-snapshot-v1.yaml -``` - -### Other methods to deploy the webhook server - -Look into [cert-manager](https://cert-manager.io/) to handle the certificates, and this kube-builder [tutorial](https://book.kubebuilder.io/cronjob-tutorial/cert-manager.html) on how to deploy a webhook. - -#### Important - -Please see the deployment [yaml](./webhook.yaml) for the arguments expected by the webhook server. The snapshot validation webhook is served at the path `/volumesnapshot`. diff --git a/deploy/kubernetes/webhook-example/admission-configuration-template b/deploy/kubernetes/webhook-example/admission-configuration-template deleted file mode 100644 index 3d8ccc63c..000000000 --- a/deploy/kubernetes/webhook-example/admission-configuration-template +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: "validation-webhook.snapshot.storage.k8s.io" -webhooks: -- name: "validation-webhook.snapshot.storage.k8s.io" - rules: - - apiGroups: ["snapshot.storage.k8s.io"] - apiVersions: ["v1"] - operations: ["CREATE", "UPDATE"] - resources: ["volumesnapshotclasses"] - scope: "*" - clientConfig: - service: - namespace: "default" - name: "snapshot-validation-service" - path: "/volumesnapshot" - caBundle: ${CA_BUNDLE} - admissionReviewVersions: ["v1"] - sideEffects: None - failurePolicy: Ignore # We recommend switching to Fail only after successful installation of the webhook server and webhook. - timeoutSeconds: 2 # This will affect the latency and performance. Finetune this value based on your application's tolerance. ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: "validation-webhook.groupsnapshot.storage.k8s.io" -webhooks: -- name: "validation-webhook.groupsnapshot.storage.k8s.io" - rules: - - apiGroups: ["groupsnapshot.storage.k8s.io"] - apiVersions: ["v1alpha1"] - operations: ["CREATE", "UPDATE"] - resources: ["volumegroupsnapshotclasses"] - scope: "*" - clientConfig: - service: - namespace: "default" - name: "snapshot-validation-service" - path: "/volumegroupsnapshot" - caBundle: ${CA_BUNDLE} - admissionReviewVersions: ["v1"] - sideEffects: None - failurePolicy: Ignore # We recommend switching to Fail only after successful installation of the webhook server and webhook. - timeoutSeconds: 2 # This will affect the latency and performance. Finetune this value based on your application's tolerance. diff --git a/deploy/kubernetes/webhook-example/create-cert.sh b/deploy/kubernetes/webhook-example/create-cert.sh deleted file mode 100755 index 4cafaf1f4..000000000 --- a/deploy/kubernetes/webhook-example/create-cert.sh +++ /dev/null @@ -1,127 +0,0 @@ -#!/bin/bash -# File originally from https://github.com/banzaicloud/admission-webhook-example/blob/blog/deployment/webhook-create-signed-cert.sh - -set -e - -usage() { - cat <> ${tmpdir}/csr.conf -[req] -req_extensions = v3_req -distinguished_name = req_distinguished_name -[req_distinguished_name] -[ v3_req ] -basicConstraints = CA:FALSE -keyUsage = nonRepudiation, digitalSignature, keyEncipherment -extendedKeyUsage = serverAuth -subjectAltName = @alt_names -[alt_names] -DNS.1 = ${service} -DNS.2 = ${service}.${namespace} -DNS.3 = ${service}.${namespace}.svc -EOF - -openssl genrsa -out ${tmpdir}/server-key.pem 2048 -openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=system:node:${service}.${namespace}.svc;/O=system:nodes" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf - -# clean-up any previously created CSR for our service. Ignore errors if not present. -kubectl delete csr ${csrName} 2>/dev/null || true - -# create server cert/key CSR and send to k8s API -cat <&2 - exit 1 -fi -echo ${serverCert} | openssl base64 -d -A -out ${tmpdir}/server-cert.pem - - -# create the secret with CA cert and server cert/key -kubectl create secret tls ${secret} \ - --key=${tmpdir}/server-key.pem \ - --cert=${tmpdir}/server-cert.pem \ - --dry-run=client -o yaml | - kubectl -n ${namespace} apply -f - diff --git a/deploy/kubernetes/webhook-example/patch-ca-bundle.sh b/deploy/kubernetes/webhook-example/patch-ca-bundle.sh deleted file mode 100755 index 723af5cec..000000000 --- a/deploy/kubernetes/webhook-example/patch-ca-bundle.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash -# File originally from https://github.com/banzaicloud/admission-webhook-example/blob/blog/deployment/webhook-patch-ca-bundle.sh - -ROOT=$(cd $(dirname $0)/../../; pwd) - -set -o errexit -set -o nounset -set -o pipefail - -export CA_BUNDLE=$(kubectl config view --raw -o json | jq -r '.clusters[0].cluster."certificate-authority-data"' | tr -d '"') - -if command -v envsubst >/dev/null 2>&1; then - envsubst -else - sed -e "s|\${CA_BUNDLE}|${CA_BUNDLE}|g" -fi diff --git a/deploy/kubernetes/webhook-example/rbac-snapshot-webhook.yaml b/deploy/kubernetes/webhook-example/rbac-snapshot-webhook.yaml deleted file mode 100644 index a26369f23..000000000 --- a/deploy/kubernetes/webhook-example/rbac-snapshot-webhook.yaml +++ /dev/null @@ -1,38 +0,0 @@ -# RBAC file for the snapshot webhook. -# -# The snapshot webhook implements the validation and admission for CSI snapshot functionality. -# It should be installed as part of the base Kubernetes distribution in an appropriate -# namespace for components implementing base system functionality. For installing with -# Vanilla Kubernetes, kube-system makes sense for the namespace. - ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: snapshot-webhook - namespace: default # NOTE: change the namespace ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-webhook-runner -rules: - - apiGroups: ["snapshot.storage.k8s.io"] - resources: ["volumesnapshotclasses"] - verbs: ["get", "list", "watch"] - - apiGroups: ["groupsnapshot.storage.k8s.io"] - resources: ["volumegroupsnapshotclasses"] - verbs: ["get", "list", "watch"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: snapshot-webhook-role -subjects: - - kind: ServiceAccount - name: snapshot-webhook - namespace: default # NOTE: change the namespace -roleRef: - kind: ClusterRole - name: snapshot-webhook-runner - apiGroup: rbac.authorization.k8s.io diff --git a/deploy/kubernetes/webhook-example/webhook.yaml b/deploy/kubernetes/webhook-example/webhook.yaml deleted file mode 100644 index 2550efb76..000000000 --- a/deploy/kubernetes/webhook-example/webhook.yaml +++ /dev/null @@ -1,51 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: snapshot-validation-deployment - namespace: default # NOTE: change the namespace - labels: - app.kubernetes.io/name: snapshot-validation -spec: - replicas: 3 - selector: - matchLabels: - app.kubernetes.io/name: snapshot-validation - template: - metadata: - labels: - app.kubernetes.io/name: snapshot-validation - spec: - serviceAccountName: snapshot-webhook - containers: - - name: snapshot-validation - image: registry.k8s.io/sig-storage/snapshot-validation-webhook:v8.0.1 # change the image if you wish to use your own custom validation server image - imagePullPolicy: IfNotPresent - args: - - '--tls-cert-file=/etc/snapshot-validation-webhook/certs/tls.crt' - - '--tls-private-key-file=/etc/snapshot-validation-webhook/certs/tls.key' - # uncomment the following line to enable webhook for VolumeGroupSnapshot, VolumeGroupSnapshotContent and VolumeGroupSnapshotClass. - # - '--enable-volume-group-snapshot-webhook' - ports: - - containerPort: 443 # change the port as needed - volumeMounts: - - name: snapshot-validation-webhook-certs - mountPath: /etc/snapshot-validation-webhook/certs - readOnly: true - volumes: - - name: snapshot-validation-webhook-certs - secret: - secretName: snapshot-validation-secret ---- -apiVersion: v1 -kind: Service -metadata: - name: snapshot-validation-service - namespace: default # NOTE: change the namespace -spec: - selector: - app.kubernetes.io/name: snapshot-validation - ports: - - protocol: TCP - port: 443 # Change if needed - targetPort: 443 # Change if the webserver image expects a different port diff --git a/go.mod b/go.mod index f89383fba..b1abb896d 100644 --- a/go.mod +++ b/go.mod @@ -6,16 +6,13 @@ require ( // TODO: update version once it is officially released github.com/container-storage-interface/spec v1.10.1-0.20241022120259-f6b6d53db606 github.com/evanphx/json-patch v5.9.0+incompatible - github.com/fsnotify/fsnotify v1.8.0 github.com/golang/mock v1.6.0 - github.com/google/gofuzz v1.2.0 github.com/kubernetes-csi/csi-lib-utils v0.19.0 github.com/kubernetes-csi/csi-test/v5 v5.3.1 github.com/kubernetes-csi/external-snapshotter/client/v8 v8.0.0 github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/prometheus/common v0.60.1 - github.com/spf13/cobra v1.8.1 google.golang.org/grpc v1.67.1 google.golang.org/protobuf v1.35.1 k8s.io/api v0.31.0 @@ -44,6 +41,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect + github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/imdario/mergo v0.3.13 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect @@ -56,6 +54,7 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect + github.com/spf13/cobra v1.8.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/x448/float16 v0.8.4 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect diff --git a/go.sum b/go.sum index d78c6d876..5bde46a00 100644 --- a/go.sum +++ b/go.sum @@ -15,8 +15,6 @@ github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtz github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= -github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= diff --git a/pkg/common-controller/groupsnapshot_controller_helper.go b/pkg/common-controller/groupsnapshot_controller_helper.go index 1691b6919..716ef6d0e 100644 --- a/pkg/common-controller/groupsnapshot_controller_helper.go +++ b/pkg/common-controller/groupsnapshot_controller_helper.go @@ -303,7 +303,7 @@ func (ctrl *csiSnapshotCommonController) syncGroupSnapshot(ctx context.Context, if groupSnapshot.ObjectMeta.DeletionTimestamp != nil { return ctrl.processGroupSnapshotWithDeletionTimestamp(groupSnapshot) } - // Keep this check in the controller since the validation webhook may not have been deployed. + klog.V(5).Infof("syncGroupSnapshot[%s]: validate group snapshot to make sure source has been correctly specified", utils.GroupSnapshotKey(groupSnapshot)) if (groupSnapshot.Spec.Source.Selector == nil && groupSnapshot.Spec.Source.VolumeGroupSnapshotContentName == nil) || (groupSnapshot.Spec.Source.Selector != nil && groupSnapshot.Spec.Source.VolumeGroupSnapshotContentName != nil) { @@ -1159,7 +1159,6 @@ func (ctrl *csiSnapshotCommonController) syncGroupSnapshotContent(groupSnapshotC klog.V(5).Infof("syncGroupSnapshotContent[%s]: check if we should add invalid label on group snapshot content", groupSnapshotContent.Name) - // Keep this check in the controller since the validation webhook may not have been deployed. if (groupSnapshotContent.Spec.Source.GroupSnapshotHandles == nil && len(groupSnapshotContent.Spec.Source.VolumeHandles) == 0) || (groupSnapshotContent.Spec.Source.GroupSnapshotHandles != nil && len(groupSnapshotContent.Spec.Source.VolumeHandles) > 0) { err := fmt.Errorf("Exactly one of GroupSnapshotHandles and VolumeHandles should be specified") diff --git a/pkg/common-controller/snapshot_controller.go b/pkg/common-controller/snapshot_controller.go index 6faed3915..119c5276e 100644 --- a/pkg/common-controller/snapshot_controller.go +++ b/pkg/common-controller/snapshot_controller.go @@ -92,7 +92,6 @@ func (ctrl *csiSnapshotCommonController) syncContent(content *crdv1.VolumeSnapsh klog.V(5).Infof("syncContent[%s]: check if we should add invalid label on content", content.Name) - // Keep this check in the controller since the validation webhook may not have been deployed. if (content.Spec.Source.VolumeHandle == nil && content.Spec.Source.SnapshotHandle == nil) || (content.Spec.Source.VolumeHandle != nil && content.Spec.Source.SnapshotHandle != nil) { err := fmt.Errorf("Exactly one of VolumeHandle and SnapshotHandle should be specified") @@ -193,7 +192,6 @@ func (ctrl *csiSnapshotCommonController) syncSnapshot(snapshot *crdv1.VolumeSnap return ctrl.processSnapshotWithDeletionTimestamp(snapshot) } - // Keep this check in the controller since the validation webhook may not have been deployed. klog.V(5).Infof("syncSnapshot[%s]: validate snapshot to make sure source has been correctly specified", utils.SnapshotKey(snapshot)) if (snapshot.Spec.Source.PersistentVolumeClaimName == nil && snapshot.Spec.Source.VolumeSnapshotContentName == nil) || (snapshot.Spec.Source.PersistentVolumeClaimName != nil && snapshot.Spec.Source.VolumeSnapshotContentName != nil) { diff --git a/pkg/validation-webhook/certwatcher.go b/pkg/validation-webhook/certwatcher.go deleted file mode 100644 index 6ea928317..000000000 --- a/pkg/validation-webhook/certwatcher.go +++ /dev/null @@ -1,164 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "context" - "crypto/tls" - "sync" - - "github.com/fsnotify/fsnotify" - "k8s.io/klog/v2" -) - -// This file originated from github.com/kubernetes-sigs/controller-runtime/pkg/webhook/internal/certwatcher. -// We cannot import this package as it's an internal one. In addition, we cannot yet easily integrate -// with controller-runtime/pkg/webhook directly, as it would require extensive rework: -// https://github.com/kubernetes-csi/external-snapshotter/issues/422 - -// CertWatcher watches certificate and key files for changes. When either file -// changes, it reads and parses both and calls an optional callback with the new -// certificate. -type CertWatcher struct { - sync.Mutex - - currentCert *tls.Certificate - watcher *fsnotify.Watcher - - certPath string - keyPath string -} - -// NewCertWatcher returns a new CertWatcher watching the given certificate and key. -func NewCertWatcher(certPath, keyPath string) (*CertWatcher, error) { - var err error - - cw := &CertWatcher{ - certPath: certPath, - keyPath: keyPath, - } - - // Initial read of certificate and key. - if err := cw.ReadCertificate(); err != nil { - return nil, err - } - - cw.watcher, err = fsnotify.NewWatcher() - if err != nil { - return nil, err - } - - return cw, nil -} - -// GetCertificate fetches the currently loaded certificate, which may be nil. -func (cw *CertWatcher) GetCertificate(_ *tls.ClientHelloInfo) (*tls.Certificate, error) { - cw.Lock() - defer cw.Unlock() - return cw.currentCert, nil -} - -// Start starts the watch on the certificate and key files. -func (cw *CertWatcher) Start(ctx context.Context) error { - files := []string{cw.certPath, cw.keyPath} - - for _, f := range files { - if err := cw.watcher.Add(f); err != nil { - return err - } - } - - go cw.Watch() - - // Block until the context is done. - <-ctx.Done() - - return cw.watcher.Close() -} - -// Watch reads events from the watcher's channel and reacts to changes. -func (cw *CertWatcher) Watch() { - for { - select { - case event, ok := <-cw.watcher.Events: - // Channel is closed. - if !ok { - return - } - - cw.handleEvent(event) - - case err, ok := <-cw.watcher.Errors: - // Channel is closed. - if !ok { - return - } - - klog.Error(err, "certificate watch error") - } - } -} - -// ReadCertificate reads the certificate and key files from disk, parses them, -// and updates the current certificate on the watcher. If a callback is set, it -// is invoked with the new certificate. -func (cw *CertWatcher) ReadCertificate() error { - cert, err := tls.LoadX509KeyPair(cw.certPath, cw.keyPath) - if err != nil { - return err - } - - cw.Lock() - cw.currentCert = &cert - cw.Unlock() - - klog.Info("Updated current TLS certificate") - - return nil -} - -func (cw *CertWatcher) handleEvent(event fsnotify.Event) { - // Only care about events which may modify the contents of the file. - if !(isWrite(event) || isRemove(event) || isCreate(event)) { - return - } - - klog.V(1).Info("certificate event", "event", event) - - // If the file was removed, re-add the watch. - if isRemove(event) { - if err := cw.watcher.Add(event.Name); err != nil { - klog.Error(err, "error re-watching file") - } - } - - if err := cw.ReadCertificate(); err != nil { - klog.Error(err, "error re-reading certificate") - } -} - -func isWrite(event fsnotify.Event) bool { - return event.Op&fsnotify.Write == fsnotify.Write -} - -func isCreate(event fsnotify.Event) bool { - return event.Op&fsnotify.Create == fsnotify.Create -} - -func isRemove(event fsnotify.Event) bool { - return event.Op&fsnotify.Remove == fsnotify.Remove -} diff --git a/pkg/validation-webhook/config.go b/pkg/validation-webhook/config.go deleted file mode 100644 index 59add5b2b..000000000 --- a/pkg/validation-webhook/config.go +++ /dev/null @@ -1,41 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "crypto/tls" - - "k8s.io/klog/v2" -) - -// Config contains the server (the webhook) cert and key. -type Config struct { - CertFile string - KeyFile string -} - -func configTLS(config Config) *tls.Config { - sCert, err := tls.LoadX509KeyPair(config.CertFile, config.KeyFile) - if err != nil { - klog.Fatal(err) - } - return &tls.Config{ - Certificates: []tls.Certificate{sCert}, - // TODO: uses mutual tls after we agree on what cert the apiserver should use. - // ClientAuth: tls.RequireAndVerifyClientCert, - } -} diff --git a/pkg/validation-webhook/convert.go b/pkg/validation-webhook/convert.go deleted file mode 100644 index cca0b8024..000000000 --- a/pkg/validation-webhook/convert.go +++ /dev/null @@ -1,105 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - v1 "k8s.io/api/admission/v1" - "k8s.io/api/admission/v1beta1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -func convertAdmissionRequestToV1(r *v1beta1.AdmissionRequest) *v1.AdmissionRequest { - return &v1.AdmissionRequest{ - Kind: r.Kind, - Namespace: r.Namespace, - Name: r.Name, - Object: r.Object, - Resource: r.Resource, - Operation: v1.Operation(r.Operation), - UID: r.UID, - DryRun: r.DryRun, - OldObject: r.OldObject, - Options: r.Options, - RequestKind: r.RequestKind, - RequestResource: r.RequestResource, - RequestSubResource: r.RequestSubResource, - SubResource: r.SubResource, - UserInfo: r.UserInfo, - } -} - -func convertAdmissionRequestToV1beta1(r *v1.AdmissionRequest) *v1beta1.AdmissionRequest { - return &v1beta1.AdmissionRequest{ - Kind: r.Kind, - Namespace: r.Namespace, - Name: r.Name, - Object: r.Object, - Resource: r.Resource, - Operation: v1beta1.Operation(r.Operation), - UID: r.UID, - DryRun: r.DryRun, - OldObject: r.OldObject, - Options: r.Options, - RequestKind: r.RequestKind, - RequestResource: r.RequestResource, - RequestSubResource: r.RequestSubResource, - SubResource: r.SubResource, - UserInfo: r.UserInfo, - } -} - -func convertAdmissionResponseToV1(r *v1beta1.AdmissionResponse) *v1.AdmissionResponse { - var pt *v1.PatchType - if r.PatchType != nil { - t := v1.PatchType(*r.PatchType) - pt = &t - } - return &v1.AdmissionResponse{ - UID: r.UID, - Allowed: r.Allowed, - AuditAnnotations: r.AuditAnnotations, - Patch: r.Patch, - PatchType: pt, - Result: r.Result, - Warnings: r.Warnings, - } -} - -func convertAdmissionResponseToV1beta1(r *v1.AdmissionResponse) *v1beta1.AdmissionResponse { - var pt *v1beta1.PatchType - if r.PatchType != nil { - t := v1beta1.PatchType(*r.PatchType) - pt = &t - } - return &v1beta1.AdmissionResponse{ - UID: r.UID, - Allowed: r.Allowed, - AuditAnnotations: r.AuditAnnotations, - Patch: r.Patch, - PatchType: pt, - Result: r.Result, - Warnings: r.Warnings, - } -} - -func toV1AdmissionResponse(err error) *v1.AdmissionResponse { - return &v1.AdmissionResponse{ - Result: &metav1.Status{ - Message: err.Error(), - }, - } -} diff --git a/pkg/validation-webhook/convert_test.go b/pkg/validation-webhook/convert_test.go deleted file mode 100644 index f411cbf83..000000000 --- a/pkg/validation-webhook/convert_test.go +++ /dev/null @@ -1,63 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "fmt" - "math/rand" - "reflect" - "testing" - - fuzz "github.com/google/gofuzz" - - v1 "k8s.io/api/admission/v1" - "k8s.io/api/admission/v1beta1" - "k8s.io/apimachinery/pkg/api/apitesting/fuzzer" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - "k8s.io/apimachinery/pkg/util/diff" -) - -func TestConvertAdmissionRequestToV1(t *testing.T) { - f := fuzzer.FuzzerFor(AdmissionfuzzerFuncs, rand.NewSource(rand.Int63()), serializer.NewCodecFactory(runtime.NewScheme())) - for i := 0; i < 100; i++ { - t.Run(fmt.Sprintf("Run %d/100", i), func(t *testing.T) { - orig := &v1beta1.AdmissionRequest{} - f.Fuzz(orig) - converted := convertAdmissionRequestToV1(orig) - rt := convertAdmissionRequestToV1beta1(converted) - if !reflect.DeepEqual(orig, rt) { - t.Errorf("expected all request fields to be in converted object but found unaccounted for differences, diff:\n%s", diff.ObjectReflectDiff(orig, converted)) - } - }) - } -} - -func TestConvertAdmissionResponseToV1beta1(t *testing.T) { - f := fuzz.New() - for i := 0; i < 100; i++ { - t.Run(fmt.Sprintf("Run %d/100", i), func(t *testing.T) { - orig := &v1.AdmissionResponse{} - f.Fuzz(orig) - converted := convertAdmissionResponseToV1beta1(orig) - rt := convertAdmissionResponseToV1(converted) - if !reflect.DeepEqual(orig, rt) { - t.Errorf("expected all fields to be in converted object but found unaccounted for differences, diff:\n%s", diff.ObjectReflectDiff(orig, converted)) - } - }) - } -} diff --git a/pkg/validation-webhook/fuzzer.go b/pkg/validation-webhook/fuzzer.go deleted file mode 100644 index 7e5222cf4..000000000 --- a/pkg/validation-webhook/fuzzer.go +++ /dev/null @@ -1,43 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// NOTE: This file is copied from -// https://github.com/kubernetes/kubernetes/blob/v1.29.0-alpha.0/pkg/apis/admission/fuzzer/fuzzer.go -// so that external-snapshotter no longer needs to depend on k8s.io/kubernetes - -package webhook - -import ( - fuzz "github.com/google/gofuzz" - - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/runtime" - runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer" -) - -// Funcs returns the fuzzer functions for the admission api group. -var AdmissionfuzzerFuncs = func(codecs runtimeserializer.CodecFactory) []interface{} { - return []interface{}{ - func(s *runtime.RawExtension, c fuzz.Continue) { - u := &unstructured.Unstructured{Object: map[string]interface{}{ - "apiVersion": "unknown.group/unknown", - "kind": "Something", - "somekey": "somevalue", - }} - s.Object = u - }, - } -} diff --git a/pkg/validation-webhook/groupsnapshot.go b/pkg/validation-webhook/groupsnapshot.go deleted file mode 100644 index 844164e4d..000000000 --- a/pkg/validation-webhook/groupsnapshot.go +++ /dev/null @@ -1,124 +0,0 @@ -/* -Copyright 2023 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "fmt" - - volumegroupsnapshotv1alpha1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumegroupsnapshot/v1alpha1" - groupsnapshotlisters "github.com/kubernetes-csi/external-snapshotter/client/v8/listers/volumegroupsnapshot/v1alpha1" - "github.com/kubernetes-csi/external-snapshotter/v8/pkg/utils" - v1 "k8s.io/api/admission/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/klog/v2" -) - -var ( - // GroupSnapshotClassV1Apha1GVR is GroupVersionResource for v1alpha1 VolumeGroupSnapshotClasses - GroupSnapshotClassV1Apha1GVR = metav1.GroupVersionResource{Group: volumegroupsnapshotv1alpha1.GroupName, Version: "v1alpha1", Resource: "volumegroupsnapshotclasses"} -) - -type GroupSnapshotAdmitter interface { - Admit(v1.AdmissionReview) *v1.AdmissionResponse -} - -type groupSnapshotAdmitter struct { - lister groupsnapshotlisters.VolumeGroupSnapshotClassLister -} - -func NewGroupSnapshotAdmitter(lister groupsnapshotlisters.VolumeGroupSnapshotClassLister) GroupSnapshotAdmitter { - return &groupSnapshotAdmitter{ - lister: lister, - } -} - -// Add a label {"added-label": "yes"} to the object -func (a groupSnapshotAdmitter) Admit(ar v1.AdmissionReview) *v1.AdmissionResponse { - klog.V(2).Info("admitting volumegroupsnapshotclasses") - - reviewResponse := &v1.AdmissionResponse{ - Allowed: true, - Result: &metav1.Status{}, - } - - // Admit requests other than Update and Create - if !(ar.Request.Operation == v1.Update || ar.Request.Operation == v1.Create) { - return reviewResponse - } - - raw := ar.Request.Object.Raw - oldRaw := ar.Request.OldObject.Raw - - deserializer := codecs.UniversalDeserializer() - switch ar.Request.Resource { - case GroupSnapshotClassV1Apha1GVR: - groupSnapClass := &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{} - if _, _, err := deserializer.Decode(raw, nil, groupSnapClass); err != nil { - klog.Error(err) - return toV1AdmissionResponse(err) - } - oldGroupSnapClass := &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{} - if _, _, err := deserializer.Decode(oldRaw, nil, oldGroupSnapClass); err != nil { - klog.Error(err) - return toV1AdmissionResponse(err) - } - return decideGroupSnapshotClassV1Alpha1(groupSnapClass, oldGroupSnapClass, a.lister) - default: - err := fmt.Errorf("expect resource to be %s, but found %v", - GroupSnapshotClassV1Apha1GVR, ar.Request.Resource) - klog.Error(err) - return toV1AdmissionResponse(err) - } -} - -func decideGroupSnapshotClassV1Alpha1(groupSnapClass, oldGroupSnapClass *volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass, lister groupsnapshotlisters.VolumeGroupSnapshotClassLister) *v1.AdmissionResponse { - reviewResponse := &v1.AdmissionResponse{ - Allowed: true, - Result: &metav1.Status{}, - } - - // Only Validate when a new group snapshot class is being set as a default. - if groupSnapClass.Annotations[utils.IsDefaultGroupSnapshotClassAnnotation] != "true" { - return reviewResponse - } - - // If the old group snapshot class has this, then we can assume that it was validated if driver is the same. - if oldGroupSnapClass.Annotations[utils.IsDefaultGroupSnapshotClassAnnotation] == "true" && oldGroupSnapClass.Driver == groupSnapClass.Driver { - return reviewResponse - } - - ret, err := lister.List(labels.Everything()) - if err != nil { - reviewResponse.Allowed = false - reviewResponse.Result.Message = err.Error() - return reviewResponse - } - - for _, groupSnapshotClass := range ret { - if groupSnapshotClass.Annotations[utils.IsDefaultGroupSnapshotClassAnnotation] != "true" { - continue - } - if groupSnapshotClass.Driver == groupSnapClass.Driver { - reviewResponse.Allowed = false - reviewResponse.Result.Message = fmt.Sprintf("default group snapshot class: %v already exists for driver: %v", groupSnapshotClass.Name, groupSnapClass.Driver) - return reviewResponse - } - } - - return reviewResponse -} diff --git a/pkg/validation-webhook/groupsnapshot_test.go b/pkg/validation-webhook/groupsnapshot_test.go deleted file mode 100644 index 17fda56ba..000000000 --- a/pkg/validation-webhook/groupsnapshot_test.go +++ /dev/null @@ -1,315 +0,0 @@ -/* -Copyright 2023 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "encoding/json" - "testing" - - volumegroupsnapshotv1alpha1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumegroupsnapshot/v1alpha1" - groupsnapshotlisters "github.com/kubernetes-csi/external-snapshotter/client/v8/listers/volumegroupsnapshot/v1alpha1" - "github.com/kubernetes-csi/external-snapshotter/v8/pkg/utils" - v1 "k8s.io/api/admission/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" -) - -type fakeGroupSnapshotLister struct { - values []*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass -} - -func (f *fakeGroupSnapshotLister) List(selector labels.Selector) (ret []*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass, err error) { - return f.values, nil -} - -func (f *fakeGroupSnapshotLister) Get(name string) (*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass, error) { - for _, v := range f.values { - if v.Name == name { - return v, nil - } - } - return nil, nil -} - -func TestAdmitVolumeGroupSnapshotClassV1Alpha1(t *testing.T) { - testCases := []struct { - name string - groupSnapClass *volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass - oldGroupSnapClass *volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass - shouldAdmit bool - msg string - operation v1.Operation - lister groupsnapshotlisters.VolumeGroupSnapshotClassLister - }{ - { - name: "new default for group snapshot class with no existing group snapshot classes", - groupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldGroupSnapClass: nil, - shouldAdmit: true, - msg: "", - operation: v1.Create, - lister: &fakeGroupSnapshotLister{values: []*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{}}, - }, - { - name: "new default for group snapshot class for with existing default group snapshot class with different drivers", - groupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldGroupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{}, - shouldAdmit: true, - msg: "", - operation: v1.Create, - lister: &fakeGroupSnapshotLister{values: []*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "existing.test.csi.io", - }, - }}, - }, - { - name: "new default for group snapshot class with existing default group snapshot class same driver", - groupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldGroupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{}, - shouldAdmit: false, - msg: "default group snapshot class: driver-a already exists for driver: test.csi.io", - operation: v1.Create, - lister: &fakeGroupSnapshotLister{values: []*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "driver-a", - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - }}, - }, - { - name: "default for group snapshot class with existing default group snapshot class same driver update", - groupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldGroupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - shouldAdmit: true, - msg: "", - operation: v1.Update, - lister: &fakeGroupSnapshotLister{values: []*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - }}, - }, - { - name: "new group snapshot for group snapshot class with existing default group snapshot class same driver", - groupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{}, - Driver: "test.csi.io", - }, - oldGroupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{}, - shouldAdmit: true, - msg: "", - operation: v1.Create, - lister: &fakeGroupSnapshotLister{values: []*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - }}, - }, - { - name: "new group snapshot for group snapshot class with existing group snapshot default classes", - groupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldGroupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{}, - shouldAdmit: false, - msg: "default group snapshot class: driver-is-default already exists for driver: test.csi.io", - operation: v1.Create, - lister: &fakeGroupSnapshotLister{[]*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "driver-is-default", - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - }}, - }, - { - name: "update group snapshot class to new driver with existing default group snapshot classes", - groupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "driver.test.csi.io", - }, - oldGroupSnapClass: &volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - shouldAdmit: false, - msg: "default group snapshot class: driver-test-default already exists for driver: driver.test.csi.io", - operation: v1.Update, - lister: &fakeGroupSnapshotLister{values: []*volumegroupsnapshotv1alpha1.VolumeGroupSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "driver-is-default", - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "driver-test-default", - Annotations: map[string]string{ - utils.IsDefaultGroupSnapshotClassAnnotation: "true", - }, - }, - Driver: "driver.test.csi.io", - }, - }}, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - groupSnapContent := tc.groupSnapClass - raw, err := json.Marshal(groupSnapContent) - if err != nil { - t.Fatal(err) - } - oldGroupSnapClass := tc.oldGroupSnapClass - oldRaw, err := json.Marshal(oldGroupSnapClass) - if err != nil { - t.Fatal(err) - } - review := v1.AdmissionReview{ - Request: &v1.AdmissionRequest{ - Object: runtime.RawExtension{ - Raw: raw, - }, - OldObject: runtime.RawExtension{ - Raw: oldRaw, - }, - Resource: GroupSnapshotClassV1Apha1GVR, - Operation: tc.operation, - }, - } - sa := NewGroupSnapshotAdmitter(tc.lister) - response := sa.Admit(review) - - shouldAdmit := response.Allowed - msg := response.Result.Message - - expectedResponse := tc.shouldAdmit - expectedMsg := tc.msg - - if shouldAdmit != expectedResponse { - t.Errorf("expected \"%v\" to equal \"%v\"", shouldAdmit, expectedResponse) - } - if msg != expectedMsg { - t.Errorf("expected \"%v\" to equal \"%v\"", msg, expectedMsg) - } - }) - } -} diff --git a/pkg/validation-webhook/scheme.go b/pkg/validation-webhook/scheme.go deleted file mode 100644 index abff42d03..000000000 --- a/pkg/validation-webhook/scheme.go +++ /dev/null @@ -1,47 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - snapshot "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned/scheme" - admissionv1 "k8s.io/api/admission/v1" - admissionv1beta1 "k8s.io/api/admission/v1beta1" - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" - admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/serializer" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" -) - -var ( - scheme = runtime.NewScheme() - codecs = serializer.NewCodecFactory(scheme) -) - -func init() { - addToScheme(scheme) -} - -func addToScheme(scheme *runtime.Scheme) { - utilruntime.Must(corev1.AddToScheme(scheme)) - utilruntime.Must(admissionv1beta1.AddToScheme(scheme)) - utilruntime.Must(admissionregistrationv1beta1.AddToScheme(scheme)) - utilruntime.Must(admissionv1.AddToScheme(scheme)) - utilruntime.Must(admissionregistrationv1.AddToScheme(scheme)) - utilruntime.Must(snapshot.AddToScheme(scheme)) -} diff --git a/pkg/validation-webhook/snapshot.go b/pkg/validation-webhook/snapshot.go deleted file mode 100644 index 0a432bc9a..000000000 --- a/pkg/validation-webhook/snapshot.go +++ /dev/null @@ -1,131 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "fmt" - - volumesnapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1" - storagelisters "github.com/kubernetes-csi/external-snapshotter/client/v8/listers/volumesnapshot/v1" - "github.com/kubernetes-csi/external-snapshotter/v8/pkg/utils" - v1 "k8s.io/api/admission/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/klog/v2" -) - -var ( - // SnapshotContentV1GVR is GroupVersionResource for v1 VolumeSnapshotContents - SnapshotClassV1GVR = metav1.GroupVersionResource{Group: volumesnapshotv1.GroupName, Version: "v1", Resource: "volumesnapshotclasses"} -) - -type SnapshotAdmitter interface { - Admit(v1.AdmissionReview) *v1.AdmissionResponse -} - -type admitter struct { - lister storagelisters.VolumeSnapshotClassLister -} - -func NewSnapshotAdmitter(lister storagelisters.VolumeSnapshotClassLister) SnapshotAdmitter { - return &admitter{ - lister: lister, - } -} - -// Add a label {"added-label": "yes"} to the object -func (a admitter) Admit(ar v1.AdmissionReview) *v1.AdmissionResponse { - klog.V(2).Info("admitting volumesnapshotclasses") - - reviewResponse := &v1.AdmissionResponse{ - Allowed: true, - Result: &metav1.Status{}, - } - - // Admit requests other than Update and Create - if !(ar.Request.Operation == v1.Update || ar.Request.Operation == v1.Create) { - return reviewResponse - } - - raw := ar.Request.Object.Raw - oldRaw := ar.Request.OldObject.Raw - - deserializer := codecs.UniversalDeserializer() - switch ar.Request.Resource { - case SnapshotClassV1GVR: - snapClass := &volumesnapshotv1.VolumeSnapshotClass{} - if _, _, err := deserializer.Decode(raw, nil, snapClass); err != nil { - klog.Error(err) - return toV1AdmissionResponse(err) - } - oldSnapClass := &volumesnapshotv1.VolumeSnapshotClass{} - if _, _, err := deserializer.Decode(oldRaw, nil, oldSnapClass); err != nil { - klog.Error(err) - return toV1AdmissionResponse(err) - } - return decideSnapshotClassV1(snapClass, oldSnapClass, a.lister) - default: - err := fmt.Errorf("expect resource to be %s, but found %v", - SnapshotClassV1GVR, ar.Request.Resource) - klog.Error(err) - return toV1AdmissionResponse(err) - } -} - -func decideSnapshotClassV1(snapClass, oldSnapClass *volumesnapshotv1.VolumeSnapshotClass, lister storagelisters.VolumeSnapshotClassLister) *v1.AdmissionResponse { - reviewResponse := &v1.AdmissionResponse{ - Allowed: true, - Result: &metav1.Status{}, - } - - // Only Validate when a new snapClass is being set as a default. - if snapClass.Annotations[utils.IsDefaultSnapshotClassAnnotation] != "true" { - return reviewResponse - } - - // If Old snapshot class has this, then we can assume that it was validated if driver is the same. - if oldSnapClass.Annotations[utils.IsDefaultSnapshotClassAnnotation] == "true" && oldSnapClass.Driver == snapClass.Driver { - return reviewResponse - } - - ret, err := lister.List(labels.Everything()) - if err != nil { - reviewResponse.Allowed = false - reviewResponse.Result.Message = err.Error() - return reviewResponse - } - - for _, snapshotClass := range ret { - if snapshotClass.Annotations[utils.IsDefaultSnapshotClassAnnotation] != "true" { - continue - } - if snapshotClass.Driver == snapClass.Driver { - reviewResponse.Allowed = false - reviewResponse.Result.Message = fmt.Sprintf("default snapshot class: %v already exists for driver: %v", snapshotClass.Name, snapClass.Driver) - return reviewResponse - } - } - - return reviewResponse -} - -func strPtrDereference(s *string) string { - if s == nil { - return "" - } - return *s -} diff --git a/pkg/validation-webhook/snapshot_test.go b/pkg/validation-webhook/snapshot_test.go deleted file mode 100644 index 39e7f23d8..000000000 --- a/pkg/validation-webhook/snapshot_test.go +++ /dev/null @@ -1,315 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "encoding/json" - "testing" - - volumesnapshotv1 "github.com/kubernetes-csi/external-snapshotter/client/v8/apis/volumesnapshot/v1" - storagelisters "github.com/kubernetes-csi/external-snapshotter/client/v8/listers/volumesnapshot/v1" - "github.com/kubernetes-csi/external-snapshotter/v8/pkg/utils" - v1 "k8s.io/api/admission/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/labels" - "k8s.io/apimachinery/pkg/runtime" -) - -type fakeSnapshotLister struct { - values []*volumesnapshotv1.VolumeSnapshotClass -} - -func (f *fakeSnapshotLister) List(selector labels.Selector) (ret []*volumesnapshotv1.VolumeSnapshotClass, err error) { - return f.values, nil -} - -func (f *fakeSnapshotLister) Get(name string) (*volumesnapshotv1.VolumeSnapshotClass, error) { - for _, v := range f.values { - if v.Name == name { - return v, nil - } - } - return nil, nil -} - -func TestAdmitVolumeSnapshotClassV1(t *testing.T) { - testCases := []struct { - name string - volumeSnapshotClass *volumesnapshotv1.VolumeSnapshotClass - oldVolumeSnapshotClass *volumesnapshotv1.VolumeSnapshotClass - shouldAdmit bool - msg string - operation v1.Operation - lister storagelisters.VolumeSnapshotClassLister - }{ - { - name: "new default for class with no existing classes", - volumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldVolumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{}, - shouldAdmit: true, - msg: "", - operation: v1.Create, - lister: &fakeSnapshotLister{values: []*volumesnapshotv1.VolumeSnapshotClass{}}, - }, - { - name: "new default for class for with existing default class different drivers", - volumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldVolumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{}, - shouldAdmit: true, - msg: "", - operation: v1.Create, - lister: &fakeSnapshotLister{values: []*volumesnapshotv1.VolumeSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "existing.test.csi.io", - }, - }}, - }, - { - name: "new default for class with existing default class same driver", - volumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldVolumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{}, - shouldAdmit: false, - msg: "default snapshot class: driver-a already exists for driver: test.csi.io", - operation: v1.Create, - lister: &fakeSnapshotLister{values: []*volumesnapshotv1.VolumeSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "driver-a", - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - }}, - }, - { - name: "default for class with existing default class same driver update", - volumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldVolumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - shouldAdmit: true, - msg: "", - operation: v1.Update, - lister: &fakeSnapshotLister{values: []*volumesnapshotv1.VolumeSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - }}, - }, - { - name: "new snapshot for class with existing default class same driver", - volumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{}, - Driver: "test.csi.io", - }, - oldVolumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{}, - shouldAdmit: true, - msg: "", - operation: v1.Create, - lister: &fakeSnapshotLister{values: []*volumesnapshotv1.VolumeSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - }}, - }, - { - name: "new snapshot for class with existing default classes", - volumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - oldVolumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{}, - shouldAdmit: false, - msg: "default snapshot class: driver-is-default already exists for driver: test.csi.io", - operation: v1.Create, - lister: &fakeSnapshotLister{values: []*volumesnapshotv1.VolumeSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "driver-is-default", - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - }}, - }, - { - name: "update snapshot class to new driver with existing default classes", - volumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "driver.test.csi.io", - }, - oldVolumeSnapshotClass: &volumesnapshotv1.VolumeSnapshotClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - shouldAdmit: false, - msg: "default snapshot class: driver-test-default already exists for driver: driver.test.csi.io", - operation: v1.Update, - lister: &fakeSnapshotLister{values: []*volumesnapshotv1.VolumeSnapshotClass{ - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "driver-is-default", - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "test.csi.io", - }, - { - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Name: "driver-test-default", - Annotations: map[string]string{ - utils.IsDefaultSnapshotClassAnnotation: "true", - }, - }, - Driver: "driver.test.csi.io", - }, - }}, - }, - } - - for _, tc := range testCases { - t.Run(tc.name, func(t *testing.T) { - snapshotContent := tc.volumeSnapshotClass - raw, err := json.Marshal(snapshotContent) - if err != nil { - t.Fatal(err) - } - oldSnapshotClass := tc.oldVolumeSnapshotClass - oldRaw, err := json.Marshal(oldSnapshotClass) - if err != nil { - t.Fatal(err) - } - review := v1.AdmissionReview{ - Request: &v1.AdmissionRequest{ - Object: runtime.RawExtension{ - Raw: raw, - }, - OldObject: runtime.RawExtension{ - Raw: oldRaw, - }, - Resource: SnapshotClassV1GVR, - Operation: tc.operation, - }, - } - sa := NewSnapshotAdmitter(tc.lister) - response := sa.Admit(review) - - shouldAdmit := response.Allowed - msg := response.Result.Message - - expectedResponse := tc.shouldAdmit - expectedMsg := tc.msg - - if shouldAdmit != expectedResponse { - t.Errorf("expected \"%v\" to equal \"%v\"", shouldAdmit, expectedResponse) - } - if msg != expectedMsg { - t.Errorf("expected \"%v\" to equal \"%v\"", msg, expectedMsg) - } - }) - } -} diff --git a/pkg/validation-webhook/webhook.go b/pkg/validation-webhook/webhook.go deleted file mode 100644 index 190fbb6aa..000000000 --- a/pkg/validation-webhook/webhook.go +++ /dev/null @@ -1,297 +0,0 @@ -/* -Copyright 2020 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package webhook - -import ( - "context" - "crypto/tls" - "encoding/json" - "fmt" - "io" - "net/http" - "os" - - clientset "github.com/kubernetes-csi/external-snapshotter/client/v8/clientset/versioned" - groupsnapshotlisters "github.com/kubernetes-csi/external-snapshotter/client/v8/listers/volumegroupsnapshot/v1alpha1" - snapshotlisters "github.com/kubernetes-csi/external-snapshotter/client/v8/listers/volumesnapshot/v1" - "github.com/spf13/cobra" - - informers "github.com/kubernetes-csi/external-snapshotter/client/v8/informers/externalversions" - v1 "k8s.io/api/admission/v1" - "k8s.io/api/admission/v1beta1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/rest" - "k8s.io/client-go/tools/clientcmd" - "k8s.io/klog/v2" -) - -var ( - certFile string - keyFile string - kubeconfigFile string - port int - preventVolumeModeConversion bool - enableVolumeGroupSnapshotWebhook bool -) - -// CmdWebhook is used by Cobra. -var CmdWebhook = &cobra.Command{ - Use: "validation-webhook", - Short: "Starts a HTTPS server, uses ValidatingAdmissionWebhook to perform ratcheting validation on VolumeSnapshot and VolumeSnapshotContent", - Long: `Starts a HTTPS server, uses ValidatingAdmissionWebhook to perform ratcheting validation on VolumeSnapshot and VolumeSnapshotContent. -After deploying it to Kubernetes cluster, the Administrator needs to create a ValidatingWebhookConfiguration -in the Kubernetes cluster to register remote webhook admission controllers. Phase one of https://github.com/kubernetes/enhancements/blob/master/keps/sig-storage/177-volume-snapshot/tighten-validation-webhook-crd.md`, - Args: cobra.MaximumNArgs(0), - Run: main, -} - -func init() { - CmdWebhook.Flags().StringVar(&certFile, "tls-cert-file", "", - "File containing the x509 Certificate for HTTPS. (CA cert, if any, concatenated after server cert). Required.") - CmdWebhook.Flags().StringVar(&keyFile, "tls-private-key-file", "", - "File containing the x509 private key matching --tls-cert-file. Required.") - CmdWebhook.Flags().IntVar(&port, "port", 443, - "Secure port that the webhook listens on") - CmdWebhook.MarkFlagRequired("tls-cert-file") - CmdWebhook.MarkFlagRequired("tls-private-key-file") - // Add optional flag for kubeconfig - CmdWebhook.Flags().StringVar(&kubeconfigFile, "kubeconfig", "", "kubeconfig file to use for volumesnapshotclasses") - CmdWebhook.Flags().BoolVar(&preventVolumeModeConversion, "prevent-volume-mode-conversion", - true, "Prevents an unauthorised user from modifying the volume mode when creating a PVC from an existing VolumeSnapshot.") - CmdWebhook.Flags().BoolVar(&enableVolumeGroupSnapshotWebhook, "enable-volume-group-snapshot-webhook", - false, "Enables webhook for VolumeGroupSnapshotClass.") -} - -// admitv1beta1Func handles a v1beta1 admission -type admitv1beta1Func func(v1beta1.AdmissionReview) *v1beta1.AdmissionResponse - -// admitv1beta1Func handles a v1 admission -type admitv1Func func(v1.AdmissionReview) *v1.AdmissionResponse - -// admitHandler is a handler, for both validators and mutators, that supports multiple admission review versions -type admitHandler struct { - SnapshotAdmitter -} - -func newDelegateToV1AdmitHandler(sa SnapshotAdmitter) admitHandler { - return admitHandler{ - SnapshotAdmitter: sa, - } -} - -func delegateV1beta1AdmitToV1(f admitv1Func) admitv1beta1Func { - return func(review v1beta1.AdmissionReview) *v1beta1.AdmissionResponse { - in := v1.AdmissionReview{Request: convertAdmissionRequestToV1(review.Request)} - out := f(in) - return convertAdmissionResponseToV1beta1(out) - } -} - -// serve handles the http portion of a request prior to handing to an admit -// function -func serve(w http.ResponseWriter, r *http.Request, admit admitHandler) { - var body []byte - if r.Body == nil { - msg := "Expected request body to be non-empty" - klog.Error(msg) - http.Error(w, msg, http.StatusBadRequest) - } - - data, err := io.ReadAll(r.Body) - if err != nil { - msg := fmt.Sprintf("Request could not be decoded: %v", err) - klog.Error(msg) - http.Error(w, msg, http.StatusBadRequest) - } - body = data - - // verify the content type is accurate - contentType := r.Header.Get("Content-Type") - if contentType != "application/json" { - msg := fmt.Sprintf("contentType=%s, expect application/json", contentType) - klog.Errorf(msg) - http.Error(w, msg, http.StatusBadRequest) - return - } - - klog.V(2).Info(fmt.Sprintf("handling request: %s", body)) - - deserializer := codecs.UniversalDeserializer() - obj, gvk, err := deserializer.Decode(body, nil, nil) - if err != nil { - msg := fmt.Sprintf("Request could not be decoded: %v", err) - klog.Error(msg) - http.Error(w, msg, http.StatusBadRequest) - return - } - - var responseObj runtime.Object - switch *gvk { - case v1beta1.SchemeGroupVersion.WithKind("AdmissionReview"): - requestedAdmissionReview, ok := obj.(*v1beta1.AdmissionReview) - if !ok { - msg := fmt.Sprintf("Expected v1beta1.AdmissionReview but got: %T", obj) - klog.Errorf(msg) - http.Error(w, msg, http.StatusBadRequest) - return - } - responseAdmissionReview := &v1beta1.AdmissionReview{} - responseAdmissionReview.SetGroupVersionKind(*gvk) - responseAdmissionReview.Response = delegateV1beta1AdmitToV1(admit.Admit)(*requestedAdmissionReview) - responseAdmissionReview.Response.UID = requestedAdmissionReview.Request.UID - responseObj = responseAdmissionReview - case v1.SchemeGroupVersion.WithKind("AdmissionReview"): - requestedAdmissionReview, ok := obj.(*v1.AdmissionReview) - if !ok { - msg := fmt.Sprintf("Expected v1.AdmissionReview but got: %T", obj) - klog.Errorf(msg) - http.Error(w, msg, http.StatusBadRequest) - return - } - responseAdmissionReview := &v1.AdmissionReview{} - responseAdmissionReview.SetGroupVersionKind(*gvk) - responseAdmissionReview.Response = admit.Admit(*requestedAdmissionReview) - responseAdmissionReview.Response.UID = requestedAdmissionReview.Request.UID - responseObj = responseAdmissionReview - default: - msg := fmt.Sprintf("Unsupported group version kind: %v", gvk) - klog.Error(msg) - http.Error(w, msg, http.StatusBadRequest) - return - } - - klog.V(2).Info(fmt.Sprintf("sending response: %v", responseObj)) - respBytes, err := json.Marshal(responseObj) - if err != nil { - klog.Error(err) - http.Error(w, err.Error(), http.StatusInternalServerError) - return - } - w.Header().Set("Content-Type", "application/json") - if _, err := w.Write(respBytes); err != nil { - klog.Error(err) - } -} - -type serveSnapshotWebhook struct { - lister snapshotlisters.VolumeSnapshotClassLister -} - -func (s serveSnapshotWebhook) ServeHTTP(w http.ResponseWriter, r *http.Request) { - serve(w, r, newDelegateToV1AdmitHandler(NewSnapshotAdmitter(s.lister))) -} - -type serveGroupSnapshotWebhook struct { - lister groupsnapshotlisters.VolumeGroupSnapshotClassLister -} - -func (s serveGroupSnapshotWebhook) ServeHTTP(w http.ResponseWriter, r *http.Request) { - serve(w, r, newDelegateToV1AdmitHandler(NewGroupSnapshotAdmitter(s.lister))) -} - -func startServer( - ctx context.Context, - tlsConfig *tls.Config, - cw *CertWatcher, - vscLister snapshotlisters.VolumeSnapshotClassLister, - vgscLister groupsnapshotlisters.VolumeGroupSnapshotClassLister, -) error { - go func() { - klog.Info("Starting certificate watcher") - if err := cw.Start(ctx); err != nil { - klog.Errorf("certificate watcher error: %v", err) - } - }() - // Pipe through the informer at some point here. - snapshotWebhook := serveSnapshotWebhook{ - lister: vscLister, - } - - fmt.Println("Starting webhook server") - mux := http.NewServeMux() - mux.Handle("/volumesnapshot", snapshotWebhook) - - if enableVolumeGroupSnapshotWebhook { - groupSnapshotWebhook := serveGroupSnapshotWebhook{ - lister: vgscLister, - } - mux.Handle("/volumegroupsnapshot", groupSnapshotWebhook) - } - - mux.HandleFunc("/readyz", func(w http.ResponseWriter, req *http.Request) { w.Write([]byte("ok")) }) - srv := &http.Server{ - Handler: mux, - TLSConfig: tlsConfig, - } - - // listener is always closed by srv.Serve - listener, err := tls.Listen("tcp", fmt.Sprintf(":%d", port), tlsConfig) - if err != nil { - return err - } - - return srv.Serve(listener) -} - -func main(cmd *cobra.Command, args []string) { - // Create new cert watcher - ctx, cancel := context.WithCancel(cmd.Context()) - defer cancel() // stops certwatcher - cw, err := NewCertWatcher(certFile, keyFile) - if err != nil { - klog.Fatalf("failed to initialize new cert watcher: %v", err) - } - tlsConfig := &tls.Config{ - GetCertificate: cw.GetCertificate, - } - - // Create an indexer. - // Create the client config. Use kubeconfig if given, otherwise assume in-cluster. - config, err := buildConfig(kubeconfigFile) - if err != nil { - klog.Error(err.Error()) - os.Exit(1) - } - snapClient, err := clientset.NewForConfig(config) - if err != nil { - klog.Errorf("Error building snapshot clientset: %s", err.Error()) - os.Exit(1) - } - - factory := informers.NewSharedInformerFactory(snapClient, 0) - snapshotLister := factory.Snapshot().V1().VolumeSnapshotClasses().Lister() - var groupSnapshotLister groupsnapshotlisters.VolumeGroupSnapshotClassLister - if enableVolumeGroupSnapshotWebhook { - groupSnapshotLister = factory.Groupsnapshot().V1alpha1().VolumeGroupSnapshotClasses().Lister() - } - - // Start the informers - factory.Start(ctx.Done()) - // wait for the caches to sync - factory.WaitForCacheSync(ctx.Done()) - - if err := startServer(ctx, tlsConfig, cw, snapshotLister, groupSnapshotLister); err != nil { - klog.Fatalf("server stopped: %v", err) - } -} - -func buildConfig(kubeconfig string) (*rest.Config, error) { - if kubeconfig != "" { - return clientcmd.BuildConfigFromFlags("", kubeconfig) - } - return rest.InClusterConfig() -} diff --git a/pkg/validation-webhook/webhook_test.go b/pkg/validation-webhook/webhook_test.go deleted file mode 100644 index daba532c7..000000000 --- a/pkg/validation-webhook/webhook_test.go +++ /dev/null @@ -1,180 +0,0 @@ -package webhook - -import ( - "context" - "crypto/rand" - "crypto/rsa" - "crypto/tls" - "crypto/x509" - "crypto/x509/pkix" - "encoding/pem" - "fmt" - "math/big" - "net" - "os" - "testing" - "time" -) - -func TestWebhookCertReload(t *testing.T) { - // Initialize test space - tmpDir := os.TempDir() + "/webhook-cert-tests" - certFile = tmpDir + "/tls.crt" - keyFile = tmpDir + "/tls.key" - port = 30443 - err := os.Mkdir(tmpDir, 0o777) - if err != nil && err != os.ErrExist { - t.Errorf("unexpected error occurred while creating tmp dir: %v", err) - } - defer func() { - err := os.RemoveAll(tmpDir) - if err != nil { - t.Errorf("unexpected error occurred while deleting certs: %v", err) - } - }() - err = generateTestCertKeyPair(t, certFile, keyFile) - if err != nil { - t.Errorf("unexpected error occurred while generating test certs: %v", err) - } - - // Start test server - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - cw, err := NewCertWatcher(certFile, keyFile) - if err != nil { - t.Errorf("failed to initialize new cert watcher: %v", err) - } - tlsConfig := &tls.Config{ - GetCertificate: cw.GetCertificate, - } - go func() { - err := startServer(ctx, - tlsConfig, - cw, - &fakeSnapshotLister{}, - &fakeGroupSnapshotLister{}) - if err != nil { - panic(err) - } - }() - time.Sleep(250 * time.Millisecond) // Give some time for watcher to start - - // TC: Original cert should not change with no file changes - originalCert, err := tlsConfig.GetCertificate(nil) - if err != nil { - t.Errorf("unexpected error occurred while getting cert: %v", err) - } - originalCertStr := string(originalCert.Certificate[0]) - originalKey := originalCert.PrivateKey.(*rsa.PrivateKey) - - newCert, err := tlsConfig.GetCertificate(nil) // get certificate again - if err != nil { - t.Errorf("unexpected error occurred while getting newcert: %v", err) - } - if string(newCert.Certificate[0]) != originalCertStr { - t.Error("new cert was updated when it should not have been") - } - newKey := newCert.PrivateKey.(*rsa.PrivateKey) - if !newKey.Equal(originalKey) { - t.Error("new key was updated when it should not have been") - } - - // TC: Certificate should consistently change with a file change - for i := 0; i < 5; i++ { - // Generate new key/cert - err = generateTestCertKeyPair(t, certFile, keyFile) - if err != nil { - t.Errorf("unexpected error occurred while generating test certs: %v", err) - } - - // Wait for certwatcher to update - time.Sleep(250 * time.Millisecond) - newCert, err = tlsConfig.GetCertificate(nil) - if err != nil { - t.Errorf("unexpected error occurred while getting newcert: %v", err) - } - if string(newCert.Certificate[0]) == originalCertStr { - t.Errorf("new cert was not updated") - } - - newKey = newCert.PrivateKey.(*rsa.PrivateKey) - if newKey.Equal(originalKey) { - t.Error("new key was not updated") - } - - originalCertStr = string(newCert.Certificate[0]) - originalKey = newKey - } -} - -// generateTestCertKeyPair generates a new random test key/crt and writes it to tmpDir -// based on https://golang.org/src/crypto/tls/generate_cert.go -func generateTestCertKeyPair(t *testing.T, certPath, keyPath string) error { - notBefore := time.Now() - serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) - serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) - if err != nil { - return fmt.Errorf("Failed to generate serial number: %v", err) - } - - var priv interface{} - priv, err = rsa.GenerateKey(rand.Reader, 4096) - if err != nil { - return fmt.Errorf("Failed to generate key: %v", err) - } - keyUsage := x509.KeyUsageDigitalSignature - if _, isRSA := priv.(*rsa.PrivateKey); isRSA { - keyUsage |= x509.KeyUsageKeyEncipherment - } - randomOrganizationStr := time.Now().String() - template := x509.Certificate{ - SerialNumber: serialNumber, - Subject: pkix.Name{ - Organization: []string{randomOrganizationStr}, - }, - NotBefore: notBefore, - NotAfter: time.Now().Add(1 * time.Hour), - - KeyUsage: keyUsage, - ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, - BasicConstraintsValid: true, - IPAddresses: []net.IP{net.ParseIP("127.0.0.1")}, - DNSNames: []string{"127.0.0.1"}, - } - - rk := priv.(*rsa.PrivateKey) - derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &rk.PublicKey, priv) - if err != nil { - return fmt.Errorf("Failed to create certificate: %v", err) - } - - certOut, err := os.Create(certPath) - if err != nil { - return fmt.Errorf("Failed to open tls.crt for writing: %v", err) - } - if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}); err != nil { - return fmt.Errorf("Failed to write data to tls.crt: %v", err) - } - if err := certOut.Close(); err != nil { - return fmt.Errorf("Error closing tls.crt: %v", err) - } - fmt.Printf("wrote new cert: %s\n", certPath) - - keyOut, err := os.OpenFile(keyPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600) - if err != nil { - return fmt.Errorf("Failed to open tls.key for writing: %v", err) - } - privBytes, err := x509.MarshalPKCS8PrivateKey(priv) - if err != nil { - return fmt.Errorf("Unable to marshal private key: %v", err) - } - if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { - return fmt.Errorf("Failed to write data to tls.key: %v", err) - } - if err := keyOut.Close(); err != nil { - return fmt.Errorf("Error closing tls.key: %v", err) - } - fmt.Printf("wrote new key: %s\n", keyPath) - - return nil -} diff --git a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml b/vendor/github.com/fsnotify/fsnotify/.cirrus.yml deleted file mode 100644 index f4e7dbf37..000000000 --- a/vendor/github.com/fsnotify/fsnotify/.cirrus.yml +++ /dev/null @@ -1,14 +0,0 @@ -freebsd_task: - name: 'FreeBSD' - freebsd_instance: - image_family: freebsd-14-1 - install_script: - - pkg update -f - - pkg install -y go - test_script: - # run tests as user "cirrus" instead of root - - pw useradd cirrus -m - - chown -R cirrus:cirrus . - - FSNOTIFY_BUFFER=4096 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./... - - sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race ./... - - FSNOTIFY_DEBUG=1 sudo --preserve-env=FSNOTIFY_BUFFER -u cirrus go test -parallel 1 -race -v ./... diff --git a/vendor/github.com/fsnotify/fsnotify/.gitignore b/vendor/github.com/fsnotify/fsnotify/.gitignore deleted file mode 100644 index daea9dd6d..000000000 --- a/vendor/github.com/fsnotify/fsnotify/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -# go test -c output -*.test -*.test.exe - -# Output of go build ./cmd/fsnotify -/fsnotify -/fsnotify.exe - -/test/kqueue -/test/a.out diff --git a/vendor/github.com/fsnotify/fsnotify/.mailmap b/vendor/github.com/fsnotify/fsnotify/.mailmap deleted file mode 100644 index a04f2907f..000000000 --- a/vendor/github.com/fsnotify/fsnotify/.mailmap +++ /dev/null @@ -1,2 +0,0 @@ -Chris Howey -Nathan Youngman <4566+nathany@users.noreply.github.com> diff --git a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md b/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md deleted file mode 100644 index fa854785d..000000000 --- a/vendor/github.com/fsnotify/fsnotify/CHANGELOG.md +++ /dev/null @@ -1,569 +0,0 @@ -# Changelog - -1.8.0 2023-10-31 ----------------- - -### Additions - -- all: add `FSNOTIFY_DEBUG` to print debug logs to stderr ([#619]) - -### Changes and fixes - -- windows: fix behaviour of `WatchList()` to be consistent with other platforms ([#610]) - -- kqueue: ignore events with Ident=0 ([#590]) - -- kqueue: set O_CLOEXEC to prevent passing file descriptors to children ([#617]) - -- kqueue: emit events as "/path/dir/file" instead of "path/link/file" when watching a symlink ([#625]) - -- inotify: don't send event for IN_DELETE_SELF when also watching the parent ([#620]) - -- inotify: fix panic when calling Remove() in a goroutine ([#650]) - -- fen: allow watching subdirectories of watched directories ([#621]) - -[#590]: https://github.com/fsnotify/fsnotify/pull/590 -[#610]: https://github.com/fsnotify/fsnotify/pull/610 -[#617]: https://github.com/fsnotify/fsnotify/pull/617 -[#619]: https://github.com/fsnotify/fsnotify/pull/619 -[#620]: https://github.com/fsnotify/fsnotify/pull/620 -[#621]: https://github.com/fsnotify/fsnotify/pull/621 -[#625]: https://github.com/fsnotify/fsnotify/pull/625 -[#650]: https://github.com/fsnotify/fsnotify/pull/650 - -1.7.0 - 2023-10-22 ------------------- -This version of fsnotify needs Go 1.17. - -### Additions - -- illumos: add FEN backend to support illumos and Solaris. ([#371]) - -- all: add `NewBufferedWatcher()` to use a buffered channel, which can be useful - in cases where you can't control the kernel buffer and receive a large number - of events in bursts. ([#550], [#572]) - -- all: add `AddWith()`, which is identical to `Add()` but allows passing - options. ([#521]) - -- windows: allow setting the ReadDirectoryChangesW() buffer size with - `fsnotify.WithBufferSize()`; the default of 64K is the highest value that - works on all platforms and is enough for most purposes, but in some cases a - highest buffer is needed. ([#521]) - -### Changes and fixes - -- inotify: remove watcher if a watched path is renamed ([#518]) - - After a rename the reported name wasn't updated, or even an empty string. - Inotify doesn't provide any good facilities to update it, so just remove the - watcher. This is already how it worked on kqueue and FEN. - - On Windows this does work, and remains working. - -- windows: don't listen for file attribute changes ([#520]) - - File attribute changes are sent as `FILE_ACTION_MODIFIED` by the Windows API, - with no way to see if they're a file write or attribute change, so would show - up as a fsnotify.Write event. This is never useful, and could result in many - spurious Write events. - -- windows: return `ErrEventOverflow` if the buffer is full ([#525]) - - Before it would merely return "short read", making it hard to detect this - error. - -- kqueue: make sure events for all files are delivered properly when removing a - watched directory ([#526]) - - Previously they would get sent with `""` (empty string) or `"."` as the path - name. - -- kqueue: don't emit spurious Create events for symbolic links ([#524]) - - The link would get resolved but kqueue would "forget" it already saw the link - itself, resulting on a Create for every Write event for the directory. - -- all: return `ErrClosed` on `Add()` when the watcher is closed ([#516]) - -- other: add `Watcher.Errors` and `Watcher.Events` to the no-op `Watcher` in - `backend_other.go`, making it easier to use on unsupported platforms such as - WASM, AIX, etc. ([#528]) - -- other: use the `backend_other.go` no-op if the `appengine` build tag is set; - Google AppEngine forbids usage of the unsafe package so the inotify backend - won't compile there. - -[#371]: https://github.com/fsnotify/fsnotify/pull/371 -[#516]: https://github.com/fsnotify/fsnotify/pull/516 -[#518]: https://github.com/fsnotify/fsnotify/pull/518 -[#520]: https://github.com/fsnotify/fsnotify/pull/520 -[#521]: https://github.com/fsnotify/fsnotify/pull/521 -[#524]: https://github.com/fsnotify/fsnotify/pull/524 -[#525]: https://github.com/fsnotify/fsnotify/pull/525 -[#526]: https://github.com/fsnotify/fsnotify/pull/526 -[#528]: https://github.com/fsnotify/fsnotify/pull/528 -[#537]: https://github.com/fsnotify/fsnotify/pull/537 -[#550]: https://github.com/fsnotify/fsnotify/pull/550 -[#572]: https://github.com/fsnotify/fsnotify/pull/572 - -1.6.0 - 2022-10-13 ------------------- -This version of fsnotify needs Go 1.16 (this was already the case since 1.5.1, -but not documented). It also increases the minimum Linux version to 2.6.32. - -### Additions - -- all: add `Event.Has()` and `Op.Has()` ([#477]) - - This makes checking events a lot easier; for example: - - if event.Op&Write == Write && !(event.Op&Remove == Remove) { - } - - Becomes: - - if event.Has(Write) && !event.Has(Remove) { - } - -- all: add cmd/fsnotify ([#463]) - - A command-line utility for testing and some examples. - -### Changes and fixes - -- inotify: don't ignore events for files that don't exist ([#260], [#470]) - - Previously the inotify watcher would call `os.Lstat()` to check if a file - still exists before emitting events. - - This was inconsistent with other platforms and resulted in inconsistent event - reporting (e.g. when a file is quickly removed and re-created), and generally - a source of confusion. It was added in 2013 to fix a memory leak that no - longer exists. - -- all: return `ErrNonExistentWatch` when `Remove()` is called on a path that's - not watched ([#460]) - -- inotify: replace epoll() with non-blocking inotify ([#434]) - - Non-blocking inotify was not generally available at the time this library was - written in 2014, but now it is. As a result, the minimum Linux version is - bumped from 2.6.27 to 2.6.32. This hugely simplifies the code and is faster. - -- kqueue: don't check for events every 100ms ([#480]) - - The watcher would wake up every 100ms, even when there was nothing to do. Now - it waits until there is something to do. - -- macos: retry opening files on EINTR ([#475]) - -- kqueue: skip unreadable files ([#479]) - - kqueue requires a file descriptor for every file in a directory; this would - fail if a file was unreadable by the current user. Now these files are simply - skipped. - -- windows: fix renaming a watched directory if the parent is also watched ([#370]) - -- windows: increase buffer size from 4K to 64K ([#485]) - -- windows: close file handle on Remove() ([#288]) - -- kqueue: put pathname in the error if watching a file fails ([#471]) - -- inotify, windows: calling Close() more than once could race ([#465]) - -- kqueue: improve Close() performance ([#233]) - -- all: various documentation additions and clarifications. - -[#233]: https://github.com/fsnotify/fsnotify/pull/233 -[#260]: https://github.com/fsnotify/fsnotify/pull/260 -[#288]: https://github.com/fsnotify/fsnotify/pull/288 -[#370]: https://github.com/fsnotify/fsnotify/pull/370 -[#434]: https://github.com/fsnotify/fsnotify/pull/434 -[#460]: https://github.com/fsnotify/fsnotify/pull/460 -[#463]: https://github.com/fsnotify/fsnotify/pull/463 -[#465]: https://github.com/fsnotify/fsnotify/pull/465 -[#470]: https://github.com/fsnotify/fsnotify/pull/470 -[#471]: https://github.com/fsnotify/fsnotify/pull/471 -[#475]: https://github.com/fsnotify/fsnotify/pull/475 -[#477]: https://github.com/fsnotify/fsnotify/pull/477 -[#479]: https://github.com/fsnotify/fsnotify/pull/479 -[#480]: https://github.com/fsnotify/fsnotify/pull/480 -[#485]: https://github.com/fsnotify/fsnotify/pull/485 - -## [1.5.4] - 2022-04-25 - -* Windows: add missing defer to `Watcher.WatchList` [#447](https://github.com/fsnotify/fsnotify/pull/447) -* go.mod: use latest x/sys [#444](https://github.com/fsnotify/fsnotify/pull/444) -* Fix compilation for OpenBSD [#443](https://github.com/fsnotify/fsnotify/pull/443) - -## [1.5.3] - 2022-04-22 - -* This version is retracted. An incorrect branch is published accidentally [#445](https://github.com/fsnotify/fsnotify/issues/445) - -## [1.5.2] - 2022-04-21 - -* Add a feature to return the directories and files that are being monitored [#374](https://github.com/fsnotify/fsnotify/pull/374) -* Fix potential crash on windows if `raw.FileNameLength` exceeds `syscall.MAX_PATH` [#361](https://github.com/fsnotify/fsnotify/pull/361) -* Allow build on unsupported GOOS [#424](https://github.com/fsnotify/fsnotify/pull/424) -* Don't set `poller.fd` twice in `newFdPoller` [#406](https://github.com/fsnotify/fsnotify/pull/406) -* fix go vet warnings: call to `(*T).Fatalf` from a non-test goroutine [#416](https://github.com/fsnotify/fsnotify/pull/416) - -## [1.5.1] - 2021-08-24 - -* Revert Add AddRaw to not follow symlinks [#394](https://github.com/fsnotify/fsnotify/pull/394) - -## [1.5.0] - 2021-08-20 - -* Go: Increase minimum required version to Go 1.12 [#381](https://github.com/fsnotify/fsnotify/pull/381) -* Feature: Add AddRaw method which does not follow symlinks when adding a watch [#289](https://github.com/fsnotify/fsnotify/pull/298) -* Windows: Follow symlinks by default like on all other systems [#289](https://github.com/fsnotify/fsnotify/pull/289) -* CI: Use GitHub Actions for CI and cover go 1.12-1.17 - [#378](https://github.com/fsnotify/fsnotify/pull/378) - [#381](https://github.com/fsnotify/fsnotify/pull/381) - [#385](https://github.com/fsnotify/fsnotify/pull/385) -* Go 1.14+: Fix unsafe pointer conversion [#325](https://github.com/fsnotify/fsnotify/pull/325) - -## [1.4.9] - 2020-03-11 - -* Move example usage to the readme #329. This may resolve #328. - -## [1.4.8] - 2020-03-10 - -* CI: test more go versions (@nathany 1d13583d846ea9d66dcabbfefbfb9d8e6fb05216) -* Tests: Queued inotify events could have been read by the test before max_queued_events was hit (@matthias-stone #265) -* Tests: t.Fatalf -> t.Errorf in go routines (@gdey #266) -* CI: Less verbosity (@nathany #267) -* Tests: Darwin: Exchangedata is deprecated on 10.13 (@nathany #267) -* Tests: Check if channels are closed in the example (@alexeykazakov #244) -* CI: Only run golint on latest version of go and fix issues (@cpuguy83 #284) -* CI: Add windows to travis matrix (@cpuguy83 #284) -* Docs: Remover appveyor badge (@nathany 11844c0959f6fff69ba325d097fce35bd85a8e93) -* Linux: create epoll and pipe fds with close-on-exec (@JohannesEbke #219) -* Linux: open files with close-on-exec (@linxiulei #273) -* Docs: Plan to support fanotify (@nathany ab058b44498e8b7566a799372a39d150d9ea0119 ) -* Project: Add go.mod (@nathany #309) -* Project: Revise editor config (@nathany #309) -* Project: Update copyright for 2019 (@nathany #309) -* CI: Drop go1.8 from CI matrix (@nathany #309) -* Docs: Updating the FAQ section for supportability with NFS & FUSE filesystems (@Pratik32 4bf2d1fec78374803a39307bfb8d340688f4f28e ) - -## [1.4.7] - 2018-01-09 - -* BSD/macOS: Fix possible deadlock on closing the watcher on kqueue (thanks @nhooyr and @glycerine) -* Tests: Fix missing verb on format string (thanks @rchiossi) -* Linux: Fix deadlock in Remove (thanks @aarondl) -* Linux: Watch.Add improvements (avoid race, fix consistency, reduce garbage) (thanks @twpayne) -* Docs: Moved FAQ into the README (thanks @vahe) -* Linux: Properly handle inotify's IN_Q_OVERFLOW event (thanks @zeldovich) -* Docs: replace references to OS X with macOS - -## [1.4.2] - 2016-10-10 - -* Linux: use InotifyInit1 with IN_CLOEXEC to stop leaking a file descriptor to a child process when using fork/exec [#178](https://github.com/fsnotify/fsnotify/pull/178) (thanks @pattyshack) - -## [1.4.1] - 2016-10-04 - -* Fix flaky inotify stress test on Linux [#177](https://github.com/fsnotify/fsnotify/pull/177) (thanks @pattyshack) - -## [1.4.0] - 2016-10-01 - -* add a String() method to Event.Op [#165](https://github.com/fsnotify/fsnotify/pull/165) (thanks @oozie) - -## [1.3.1] - 2016-06-28 - -* Windows: fix for double backslash when watching the root of a drive [#151](https://github.com/fsnotify/fsnotify/issues/151) (thanks @brunoqc) - -## [1.3.0] - 2016-04-19 - -* Support linux/arm64 by [patching](https://go-review.googlesource.com/#/c/21971/) x/sys/unix and switching to to it from syscall (thanks @suihkulokki) [#135](https://github.com/fsnotify/fsnotify/pull/135) - -## [1.2.10] - 2016-03-02 - -* Fix golint errors in windows.go [#121](https://github.com/fsnotify/fsnotify/pull/121) (thanks @tiffanyfj) - -## [1.2.9] - 2016-01-13 - -kqueue: Fix logic for CREATE after REMOVE [#111](https://github.com/fsnotify/fsnotify/pull/111) (thanks @bep) - -## [1.2.8] - 2015-12-17 - -* kqueue: fix race condition in Close [#105](https://github.com/fsnotify/fsnotify/pull/105) (thanks @djui for reporting the issue and @ppknap for writing a failing test) -* inotify: fix race in test -* enable race detection for continuous integration (Linux, Mac, Windows) - -## [1.2.5] - 2015-10-17 - -* inotify: use epoll_create1 for arm64 support (requires Linux 2.6.27 or later) [#100](https://github.com/fsnotify/fsnotify/pull/100) (thanks @suihkulokki) -* inotify: fix path leaks [#73](https://github.com/fsnotify/fsnotify/pull/73) (thanks @chamaken) -* kqueue: watch for rename events on subdirectories [#83](https://github.com/fsnotify/fsnotify/pull/83) (thanks @guotie) -* kqueue: avoid infinite loops from symlinks cycles [#101](https://github.com/fsnotify/fsnotify/pull/101) (thanks @illicitonion) - -## [1.2.1] - 2015-10-14 - -* kqueue: don't watch named pipes [#98](https://github.com/fsnotify/fsnotify/pull/98) (thanks @evanphx) - -## [1.2.0] - 2015-02-08 - -* inotify: use epoll to wake up readEvents [#66](https://github.com/fsnotify/fsnotify/pull/66) (thanks @PieterD) -* inotify: closing watcher should now always shut down goroutine [#63](https://github.com/fsnotify/fsnotify/pull/63) (thanks @PieterD) -* kqueue: close kqueue after removing watches, fixes [#59](https://github.com/fsnotify/fsnotify/issues/59) - -## [1.1.1] - 2015-02-05 - -* inotify: Retry read on EINTR [#61](https://github.com/fsnotify/fsnotify/issues/61) (thanks @PieterD) - -## [1.1.0] - 2014-12-12 - -* kqueue: rework internals [#43](https://github.com/fsnotify/fsnotify/pull/43) - * add low-level functions - * only need to store flags on directories - * less mutexes [#13](https://github.com/fsnotify/fsnotify/issues/13) - * done can be an unbuffered channel - * remove calls to os.NewSyscallError -* More efficient string concatenation for Event.String() [#52](https://github.com/fsnotify/fsnotify/pull/52) (thanks @mdlayher) -* kqueue: fix regression in rework causing subdirectories to be watched [#48](https://github.com/fsnotify/fsnotify/issues/48) -* kqueue: cleanup internal watch before sending remove event [#51](https://github.com/fsnotify/fsnotify/issues/51) - -## [1.0.4] - 2014-09-07 - -* kqueue: add dragonfly to the build tags. -* Rename source code files, rearrange code so exported APIs are at the top. -* Add done channel to example code. [#37](https://github.com/fsnotify/fsnotify/pull/37) (thanks @chenyukang) - -## [1.0.3] - 2014-08-19 - -* [Fix] Windows MOVED_TO now translates to Create like on BSD and Linux. [#36](https://github.com/fsnotify/fsnotify/issues/36) - -## [1.0.2] - 2014-08-17 - -* [Fix] Missing create events on macOS. [#14](https://github.com/fsnotify/fsnotify/issues/14) (thanks @zhsso) -* [Fix] Make ./path and path equivalent. (thanks @zhsso) - -## [1.0.0] - 2014-08-15 - -* [API] Remove AddWatch on Windows, use Add. -* Improve documentation for exported identifiers. [#30](https://github.com/fsnotify/fsnotify/issues/30) -* Minor updates based on feedback from golint. - -## dev / 2014-07-09 - -* Moved to [github.com/fsnotify/fsnotify](https://github.com/fsnotify/fsnotify). -* Use os.NewSyscallError instead of returning errno (thanks @hariharan-uno) - -## dev / 2014-07-04 - -* kqueue: fix incorrect mutex used in Close() -* Update example to demonstrate usage of Op. - -## dev / 2014-06-28 - -* [API] Don't set the Write Op for attribute notifications [#4](https://github.com/fsnotify/fsnotify/issues/4) -* Fix for String() method on Event (thanks Alex Brainman) -* Don't build on Plan 9 or Solaris (thanks @4ad) - -## dev / 2014-06-21 - -* Events channel of type Event rather than *Event. -* [internal] use syscall constants directly for inotify and kqueue. -* [internal] kqueue: rename events to kevents and fileEvent to event. - -## dev / 2014-06-19 - -* Go 1.3+ required on Windows (uses syscall.ERROR_MORE_DATA internally). -* [internal] remove cookie from Event struct (unused). -* [internal] Event struct has the same definition across every OS. -* [internal] remove internal watch and removeWatch methods. - -## dev / 2014-06-12 - -* [API] Renamed Watch() to Add() and RemoveWatch() to Remove(). -* [API] Pluralized channel names: Events and Errors. -* [API] Renamed FileEvent struct to Event. -* [API] Op constants replace methods like IsCreate(). - -## dev / 2014-06-12 - -* Fix data race on kevent buffer (thanks @tilaks) [#98](https://github.com/howeyc/fsnotify/pull/98) - -## dev / 2014-05-23 - -* [API] Remove current implementation of WatchFlags. - * current implementation doesn't take advantage of OS for efficiency - * provides little benefit over filtering events as they are received, but has extra bookkeeping and mutexes - * no tests for the current implementation - * not fully implemented on Windows [#93](https://github.com/howeyc/fsnotify/issues/93#issuecomment-39285195) - -## [0.9.3] - 2014-12-31 - -* kqueue: cleanup internal watch before sending remove event [#51](https://github.com/fsnotify/fsnotify/issues/51) - -## [0.9.2] - 2014-08-17 - -* [Backport] Fix missing create events on macOS. [#14](https://github.com/fsnotify/fsnotify/issues/14) (thanks @zhsso) - -## [0.9.1] - 2014-06-12 - -* Fix data race on kevent buffer (thanks @tilaks) [#98](https://github.com/howeyc/fsnotify/pull/98) - -## [0.9.0] - 2014-01-17 - -* IsAttrib() for events that only concern a file's metadata [#79][] (thanks @abustany) -* [Fix] kqueue: fix deadlock [#77][] (thanks @cespare) -* [NOTICE] Development has moved to `code.google.com/p/go.exp/fsnotify` in preparation for inclusion in the Go standard library. - -## [0.8.12] - 2013-11-13 - -* [API] Remove FD_SET and friends from Linux adapter - -## [0.8.11] - 2013-11-02 - -* [Doc] Add Changelog [#72][] (thanks @nathany) -* [Doc] Spotlight and double modify events on macOS [#62][] (reported by @paulhammond) - -## [0.8.10] - 2013-10-19 - -* [Fix] kqueue: remove file watches when parent directory is removed [#71][] (reported by @mdwhatcott) -* [Fix] kqueue: race between Close and readEvents [#70][] (reported by @bernerdschaefer) -* [Doc] specify OS-specific limits in README (thanks @debrando) - -## [0.8.9] - 2013-09-08 - -* [Doc] Contributing (thanks @nathany) -* [Doc] update package path in example code [#63][] (thanks @paulhammond) -* [Doc] GoCI badge in README (Linux only) [#60][] -* [Doc] Cross-platform testing with Vagrant [#59][] (thanks @nathany) - -## [0.8.8] - 2013-06-17 - -* [Fix] Windows: handle `ERROR_MORE_DATA` on Windows [#49][] (thanks @jbowtie) - -## [0.8.7] - 2013-06-03 - -* [API] Make syscall flags internal -* [Fix] inotify: ignore event changes -* [Fix] race in symlink test [#45][] (reported by @srid) -* [Fix] tests on Windows -* lower case error messages - -## [0.8.6] - 2013-05-23 - -* kqueue: Use EVT_ONLY flag on Darwin -* [Doc] Update README with full example - -## [0.8.5] - 2013-05-09 - -* [Fix] inotify: allow monitoring of "broken" symlinks (thanks @tsg) - -## [0.8.4] - 2013-04-07 - -* [Fix] kqueue: watch all file events [#40][] (thanks @ChrisBuchholz) - -## [0.8.3] - 2013-03-13 - -* [Fix] inoitfy/kqueue memory leak [#36][] (reported by @nbkolchin) -* [Fix] kqueue: use fsnFlags for watching a directory [#33][] (reported by @nbkolchin) - -## [0.8.2] - 2013-02-07 - -* [Doc] add Authors -* [Fix] fix data races for map access [#29][] (thanks @fsouza) - -## [0.8.1] - 2013-01-09 - -* [Fix] Windows path separators -* [Doc] BSD License - -## [0.8.0] - 2012-11-09 - -* kqueue: directory watching improvements (thanks @vmirage) -* inotify: add `IN_MOVED_TO` [#25][] (requested by @cpisto) -* [Fix] kqueue: deleting watched directory [#24][] (reported by @jakerr) - -## [0.7.4] - 2012-10-09 - -* [Fix] inotify: fixes from https://codereview.appspot.com/5418045/ (ugorji) -* [Fix] kqueue: preserve watch flags when watching for delete [#21][] (reported by @robfig) -* [Fix] kqueue: watch the directory even if it isn't a new watch (thanks @robfig) -* [Fix] kqueue: modify after recreation of file - -## [0.7.3] - 2012-09-27 - -* [Fix] kqueue: watch with an existing folder inside the watched folder (thanks @vmirage) -* [Fix] kqueue: no longer get duplicate CREATE events - -## [0.7.2] - 2012-09-01 - -* kqueue: events for created directories - -## [0.7.1] - 2012-07-14 - -* [Fix] for renaming files - -## [0.7.0] - 2012-07-02 - -* [Feature] FSNotify flags -* [Fix] inotify: Added file name back to event path - -## [0.6.0] - 2012-06-06 - -* kqueue: watch files after directory created (thanks @tmc) - -## [0.5.1] - 2012-05-22 - -* [Fix] inotify: remove all watches before Close() - -## [0.5.0] - 2012-05-03 - -* [API] kqueue: return errors during watch instead of sending over channel -* kqueue: match symlink behavior on Linux -* inotify: add `DELETE_SELF` (requested by @taralx) -* [Fix] kqueue: handle EINTR (reported by @robfig) -* [Doc] Godoc example [#1][] (thanks @davecheney) - -## [0.4.0] - 2012-03-30 - -* Go 1 released: build with go tool -* [Feature] Windows support using winfsnotify -* Windows does not have attribute change notifications -* Roll attribute notifications into IsModify - -## [0.3.0] - 2012-02-19 - -* kqueue: add files when watch directory - -## [0.2.0] - 2011-12-30 - -* update to latest Go weekly code - -## [0.1.0] - 2011-10-19 - -* kqueue: add watch on file creation to match inotify -* kqueue: create file event -* inotify: ignore `IN_IGNORED` events -* event String() -* linux: common FileEvent functions -* initial commit - -[#79]: https://github.com/howeyc/fsnotify/pull/79 -[#77]: https://github.com/howeyc/fsnotify/pull/77 -[#72]: https://github.com/howeyc/fsnotify/issues/72 -[#71]: https://github.com/howeyc/fsnotify/issues/71 -[#70]: https://github.com/howeyc/fsnotify/issues/70 -[#63]: https://github.com/howeyc/fsnotify/issues/63 -[#62]: https://github.com/howeyc/fsnotify/issues/62 -[#60]: https://github.com/howeyc/fsnotify/issues/60 -[#59]: https://github.com/howeyc/fsnotify/issues/59 -[#49]: https://github.com/howeyc/fsnotify/issues/49 -[#45]: https://github.com/howeyc/fsnotify/issues/45 -[#40]: https://github.com/howeyc/fsnotify/issues/40 -[#36]: https://github.com/howeyc/fsnotify/issues/36 -[#33]: https://github.com/howeyc/fsnotify/issues/33 -[#29]: https://github.com/howeyc/fsnotify/issues/29 -[#25]: https://github.com/howeyc/fsnotify/issues/25 -[#24]: https://github.com/howeyc/fsnotify/issues/24 -[#21]: https://github.com/howeyc/fsnotify/issues/21 diff --git a/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md b/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md deleted file mode 100644 index e4ac2a2ff..000000000 --- a/vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md +++ /dev/null @@ -1,144 +0,0 @@ -Thank you for your interest in contributing to fsnotify! We try to review and -merge PRs in a reasonable timeframe, but please be aware that: - -- To avoid "wasted" work, please discuss changes on the issue tracker first. You - can just send PRs, but they may end up being rejected for one reason or the - other. - -- fsnotify is a cross-platform library, and changes must work reasonably well on - all supported platforms. - -- Changes will need to be compatible; old code should still compile, and the - runtime behaviour can't change in ways that are likely to lead to problems for - users. - -Testing -------- -Just `go test ./...` runs all the tests; the CI runs this on all supported -platforms. Testing different platforms locally can be done with something like -[goon] or [Vagrant], but this isn't super-easy to set up at the moment. - -Use the `-short` flag to make the "stress test" run faster. - -Writing new tests ------------------ -Scripts in the testdata directory allow creating test cases in a "shell-like" -syntax. The basic format is: - - script - - Output: - desired output - -For example: - - # Create a new empty file with some data. - watch / - echo data >/file - - Output: - create /file - write /file - -Just create a new file to add a new test; select which tests to run with -`-run TestScript/[path]`. - -script ------- -The script is a "shell-like" script: - - cmd arg arg - -Comments are supported with `#`: - - # Comment - cmd arg arg # Comment - -All operations are done in a temp directory; a path like "/foo" is rewritten to -"/tmp/TestFoo/foo". - -Arguments can be quoted with `"` or `'`; there are no escapes and they're -functionally identical right now, but this may change in the future, so best to -assume shell-like rules. - - touch "/file with spaces" - -End-of-line escapes with `\` are not supported. - -### Supported commands - - watch path [ops] # Watch the path, reporting events for it. Nothing is - # watched by default. Optionally a list of ops can be - # given, as with AddWith(path, WithOps(...)). - unwatch path # Stop watching the path. - watchlist n # Assert watchlist length. - - stop # Stop running the script; for debugging. - debug [yes/no] # Enable/disable FSNOTIFY_DEBUG (tests are run in - parallel by default, so -parallel=1 is probably a good - idea). - - touch path - mkdir [-p] dir - ln -s target link # Only ln -s supported. - mkfifo path - mknod dev path - mv src dst - rm [-r] path - chmod mode path # Octal only - sleep time-in-ms - - cat path # Read path (does nothing with the data; just reads it). - echo str >>path # Append "str" to "path". - echo str >path # Truncate "path" and write "str". - - require reason # Skip the test if "reason" is true; "skip" and - skip reason # "require" behave identical; it supports both for - # readability. Possible reasons are: - # - # always Always skip this test. - # symlink Symlinks are supported (requires admin - # permissions on Windows). - # mkfifo Platform doesn't support FIFO named sockets. - # mknod Platform doesn't support device nodes. - - -output ------- -After `Output:` the desired output is given; this is indented by convention, but -that's not required. - -The format of that is: - - # Comment - event path # Comment - - system: - event path - system2: - event path - -Every event is one line, and any whitespace between the event and path are -ignored. The path can optionally be surrounded in ". Anything after a "#" is -ignored. - -Platform-specific tests can be added after GOOS; for example: - - watch / - touch /file - - Output: - # Tested if nothing else matches - create /file - - # Windows-specific test. - windows: - write /file - -You can specify multiple platforms with a comma (e.g. "windows, linux:"). -"kqueue" is a shortcut for all kqueue systems (BSD, macOS). - - -[goon]: https://github.com/arp242/goon -[Vagrant]: https://www.vagrantup.com/ -[integration_test.go]: /integration_test.go diff --git a/vendor/github.com/fsnotify/fsnotify/LICENSE b/vendor/github.com/fsnotify/fsnotify/LICENSE deleted file mode 100644 index fb03ade75..000000000 --- a/vendor/github.com/fsnotify/fsnotify/LICENSE +++ /dev/null @@ -1,25 +0,0 @@ -Copyright © 2012 The Go Authors. All rights reserved. -Copyright © fsnotify Authors. All rights reserved. - -Redistribution and use in source and binary forms, with or without modification, -are permitted provided that the following conditions are met: - -* Redistributions of source code must retain the above copyright notice, this - list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above copyright notice, this - list of conditions and the following disclaimer in the documentation and/or - other materials provided with the distribution. -* Neither the name of Google Inc. nor the names of its contributors may be used - to endorse or promote products derived from this software without specific - prior written permission. - -THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR -ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/vendor/github.com/fsnotify/fsnotify/README.md b/vendor/github.com/fsnotify/fsnotify/README.md deleted file mode 100644 index e480733d1..000000000 --- a/vendor/github.com/fsnotify/fsnotify/README.md +++ /dev/null @@ -1,184 +0,0 @@ -fsnotify is a Go library to provide cross-platform filesystem notifications on -Windows, Linux, macOS, BSD, and illumos. - -Go 1.17 or newer is required; the full documentation is at -https://pkg.go.dev/github.com/fsnotify/fsnotify - ---- - -Platform support: - -| Backend | OS | Status | -| :-------------------- | :--------- | :------------------------------------------------------------------------ | -| inotify | Linux | Supported | -| kqueue | BSD, macOS | Supported | -| ReadDirectoryChangesW | Windows | Supported | -| FEN | illumos | Supported | -| fanotify | Linux 5.9+ | [Not yet](https://github.com/fsnotify/fsnotify/issues/114) | -| AHAFS | AIX | [aix branch]; experimental due to lack of maintainer and test environment | -| FSEvents | macOS | [Needs support in x/sys/unix][fsevents] | -| USN Journals | Windows | [Needs support in x/sys/windows][usn] | -| Polling | *All* | [Not yet](https://github.com/fsnotify/fsnotify/issues/9) | - -Linux and illumos should include Android and Solaris, but these are currently -untested. - -[fsevents]: https://github.com/fsnotify/fsnotify/issues/11#issuecomment-1279133120 -[usn]: https://github.com/fsnotify/fsnotify/issues/53#issuecomment-1279829847 -[aix branch]: https://github.com/fsnotify/fsnotify/issues/353#issuecomment-1284590129 - -Usage ------ -A basic example: - -```go -package main - -import ( - "log" - - "github.com/fsnotify/fsnotify" -) - -func main() { - // Create new watcher. - watcher, err := fsnotify.NewWatcher() - if err != nil { - log.Fatal(err) - } - defer watcher.Close() - - // Start listening for events. - go func() { - for { - select { - case event, ok := <-watcher.Events: - if !ok { - return - } - log.Println("event:", event) - if event.Has(fsnotify.Write) { - log.Println("modified file:", event.Name) - } - case err, ok := <-watcher.Errors: - if !ok { - return - } - log.Println("error:", err) - } - } - }() - - // Add a path. - err = watcher.Add("/tmp") - if err != nil { - log.Fatal(err) - } - - // Block main goroutine forever. - <-make(chan struct{}) -} -``` - -Some more examples can be found in [cmd/fsnotify](cmd/fsnotify), which can be -run with: - - % go run ./cmd/fsnotify - -Further detailed documentation can be found in godoc: -https://pkg.go.dev/github.com/fsnotify/fsnotify - -FAQ ---- -### Will a file still be watched when it's moved to another directory? -No, not unless you are watching the location it was moved to. - -### Are subdirectories watched? -No, you must add watches for any directory you want to watch (a recursive -watcher is on the roadmap: [#18]). - -[#18]: https://github.com/fsnotify/fsnotify/issues/18 - -### Do I have to watch the Error and Event channels in a goroutine? -Yes. You can read both channels in the same goroutine using `select` (you don't -need a separate goroutine for both channels; see the example). - -### Why don't notifications work with NFS, SMB, FUSE, /proc, or /sys? -fsnotify requires support from underlying OS to work. The current NFS and SMB -protocols does not provide network level support for file notifications, and -neither do the /proc and /sys virtual filesystems. - -This could be fixed with a polling watcher ([#9]), but it's not yet implemented. - -[#9]: https://github.com/fsnotify/fsnotify/issues/9 - -### Why do I get many Chmod events? -Some programs may generate a lot of attribute changes; for example Spotlight on -macOS, anti-virus programs, backup applications, and some others are known to do -this. As a rule, it's typically best to ignore Chmod events. They're often not -useful, and tend to cause problems. - -Spotlight indexing on macOS can result in multiple events (see [#15]). A -temporary workaround is to add your folder(s) to the *Spotlight Privacy -settings* until we have a native FSEvents implementation (see [#11]). - -[#11]: https://github.com/fsnotify/fsnotify/issues/11 -[#15]: https://github.com/fsnotify/fsnotify/issues/15 - -### Watching a file doesn't work well -Watching individual files (rather than directories) is generally not recommended -as many programs (especially editors) update files atomically: it will write to -a temporary file which is then moved to to destination, overwriting the original -(or some variant thereof). The watcher on the original file is now lost, as that -no longer exists. - -The upshot of this is that a power failure or crash won't leave a half-written -file. - -Watch the parent directory and use `Event.Name` to filter out files you're not -interested in. There is an example of this in `cmd/fsnotify/file.go`. - -Platform-specific notes ------------------------ -### Linux -When a file is removed a REMOVE event won't be emitted until all file -descriptors are closed; it will emit a CHMOD instead: - - fp := os.Open("file") - os.Remove("file") // CHMOD - fp.Close() // REMOVE - -This is the event that inotify sends, so not much can be changed about this. - -The `fs.inotify.max_user_watches` sysctl variable specifies the upper limit for -the number of watches per user, and `fs.inotify.max_user_instances` specifies -the maximum number of inotify instances per user. Every Watcher you create is an -"instance", and every path you add is a "watch". - -These are also exposed in `/proc` as `/proc/sys/fs/inotify/max_user_watches` and -`/proc/sys/fs/inotify/max_user_instances` - -To increase them you can use `sysctl` or write the value to proc file: - - # The default values on Linux 5.18 - sysctl fs.inotify.max_user_watches=124983 - sysctl fs.inotify.max_user_instances=128 - -To make the changes persist on reboot edit `/etc/sysctl.conf` or -`/usr/lib/sysctl.d/50-default.conf` (details differ per Linux distro; check your -distro's documentation): - - fs.inotify.max_user_watches=124983 - fs.inotify.max_user_instances=128 - -Reaching the limit will result in a "no space left on device" or "too many open -files" error. - -### kqueue (macOS, all BSD systems) -kqueue requires opening a file descriptor for every file that's being watched; -so if you're watching a directory with five files then that's six file -descriptors. You will run in to your system's "max open files" limit faster on -these platforms. - -The sysctl variables `kern.maxfiles` and `kern.maxfilesperproc` can be used to -control the maximum number of open files. diff --git a/vendor/github.com/fsnotify/fsnotify/backend_fen.go b/vendor/github.com/fsnotify/fsnotify/backend_fen.go deleted file mode 100644 index c349c326c..000000000 --- a/vendor/github.com/fsnotify/fsnotify/backend_fen.go +++ /dev/null @@ -1,484 +0,0 @@ -//go:build solaris - -// FEN backend for illumos (supported) and Solaris (untested, but should work). -// -// See port_create(3c) etc. for docs. https://www.illumos.org/man/3C/port_create - -package fsnotify - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "sync" - "time" - - "github.com/fsnotify/fsnotify/internal" - "golang.org/x/sys/unix" -) - -type fen struct { - Events chan Event - Errors chan error - - mu sync.Mutex - port *unix.EventPort - done chan struct{} // Channel for sending a "quit message" to the reader goroutine - dirs map[string]Op // Explicitly watched directories - watches map[string]Op // Explicitly watched non-directories -} - -func newBackend(ev chan Event, errs chan error) (backend, error) { - return newBufferedBackend(0, ev, errs) -} - -func newBufferedBackend(sz uint, ev chan Event, errs chan error) (backend, error) { - w := &fen{ - Events: ev, - Errors: errs, - dirs: make(map[string]Op), - watches: make(map[string]Op), - done: make(chan struct{}), - } - - var err error - w.port, err = unix.NewEventPort() - if err != nil { - return nil, fmt.Errorf("fsnotify.NewWatcher: %w", err) - } - - go w.readEvents() - return w, nil -} - -// sendEvent attempts to send an event to the user, returning true if the event -// was put in the channel successfully and false if the watcher has been closed. -func (w *fen) sendEvent(name string, op Op) (sent bool) { - select { - case <-w.done: - return false - case w.Events <- Event{Name: name, Op: op}: - return true - } -} - -// sendError attempts to send an error to the user, returning true if the error -// was put in the channel successfully and false if the watcher has been closed. -func (w *fen) sendError(err error) (sent bool) { - if err == nil { - return true - } - select { - case <-w.done: - return false - case w.Errors <- err: - return true - } -} - -func (w *fen) isClosed() bool { - select { - case <-w.done: - return true - default: - return false - } -} - -func (w *fen) Close() error { - // Take the lock used by associateFile to prevent lingering events from - // being processed after the close - w.mu.Lock() - defer w.mu.Unlock() - if w.isClosed() { - return nil - } - close(w.done) - return w.port.Close() -} - -func (w *fen) Add(name string) error { return w.AddWith(name) } - -func (w *fen) AddWith(name string, opts ...addOpt) error { - if w.isClosed() { - return ErrClosed - } - if debug { - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s AddWith(%q)\n", - time.Now().Format("15:04:05.000000000"), name) - } - - with := getOptions(opts...) - if !w.xSupports(with.op) { - return fmt.Errorf("%w: %s", xErrUnsupported, with.op) - } - - // Currently we resolve symlinks that were explicitly requested to be - // watched. Otherwise we would use LStat here. - stat, err := os.Stat(name) - if err != nil { - return err - } - - // Associate all files in the directory. - if stat.IsDir() { - err := w.handleDirectory(name, stat, true, w.associateFile) - if err != nil { - return err - } - - w.mu.Lock() - w.dirs[name] = with.op - w.mu.Unlock() - return nil - } - - err = w.associateFile(name, stat, true) - if err != nil { - return err - } - - w.mu.Lock() - w.watches[name] = with.op - w.mu.Unlock() - return nil -} - -func (w *fen) Remove(name string) error { - if w.isClosed() { - return nil - } - if !w.port.PathIsWatched(name) { - return fmt.Errorf("%w: %s", ErrNonExistentWatch, name) - } - if debug { - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s Remove(%q)\n", - time.Now().Format("15:04:05.000000000"), name) - } - - // The user has expressed an intent. Immediately remove this name from - // whichever watch list it might be in. If it's not in there the delete - // doesn't cause harm. - w.mu.Lock() - delete(w.watches, name) - delete(w.dirs, name) - w.mu.Unlock() - - stat, err := os.Stat(name) - if err != nil { - return err - } - - // Remove associations for every file in the directory. - if stat.IsDir() { - err := w.handleDirectory(name, stat, false, w.dissociateFile) - if err != nil { - return err - } - return nil - } - - err = w.port.DissociatePath(name) - if err != nil { - return err - } - - return nil -} - -// readEvents contains the main loop that runs in a goroutine watching for events. -func (w *fen) readEvents() { - // If this function returns, the watcher has been closed and we can close - // these channels - defer func() { - close(w.Errors) - close(w.Events) - }() - - pevents := make([]unix.PortEvent, 8) - for { - count, err := w.port.Get(pevents, 1, nil) - if err != nil && err != unix.ETIME { - // Interrupted system call (count should be 0) ignore and continue - if errors.Is(err, unix.EINTR) && count == 0 { - continue - } - // Get failed because we called w.Close() - if errors.Is(err, unix.EBADF) && w.isClosed() { - return - } - // There was an error not caused by calling w.Close() - if !w.sendError(err) { - return - } - } - - p := pevents[:count] - for _, pevent := range p { - if pevent.Source != unix.PORT_SOURCE_FILE { - // Event from unexpected source received; should never happen. - if !w.sendError(errors.New("Event from unexpected source received")) { - return - } - continue - } - - if debug { - internal.Debug(pevent.Path, pevent.Events) - } - - err = w.handleEvent(&pevent) - if !w.sendError(err) { - return - } - } - } -} - -func (w *fen) handleDirectory(path string, stat os.FileInfo, follow bool, handler func(string, os.FileInfo, bool) error) error { - files, err := os.ReadDir(path) - if err != nil { - return err - } - - // Handle all children of the directory. - for _, entry := range files { - finfo, err := entry.Info() - if err != nil { - return err - } - err = handler(filepath.Join(path, finfo.Name()), finfo, false) - if err != nil { - return err - } - } - - // And finally handle the directory itself. - return handler(path, stat, follow) -} - -// handleEvent might need to emit more than one fsnotify event if the events -// bitmap matches more than one event type (e.g. the file was both modified and -// had the attributes changed between when the association was created and the -// when event was returned) -func (w *fen) handleEvent(event *unix.PortEvent) error { - var ( - events = event.Events - path = event.Path - fmode = event.Cookie.(os.FileMode) - reRegister = true - ) - - w.mu.Lock() - _, watchedDir := w.dirs[path] - _, watchedPath := w.watches[path] - w.mu.Unlock() - isWatched := watchedDir || watchedPath - - if events&unix.FILE_DELETE != 0 { - if !w.sendEvent(path, Remove) { - return nil - } - reRegister = false - } - if events&unix.FILE_RENAME_FROM != 0 { - if !w.sendEvent(path, Rename) { - return nil - } - // Don't keep watching the new file name - reRegister = false - } - if events&unix.FILE_RENAME_TO != 0 { - // We don't report a Rename event for this case, because Rename events - // are interpreted as referring to the _old_ name of the file, and in - // this case the event would refer to the new name of the file. This - // type of rename event is not supported by fsnotify. - - // inotify reports a Remove event in this case, so we simulate this - // here. - if !w.sendEvent(path, Remove) { - return nil - } - // Don't keep watching the file that was removed - reRegister = false - } - - // The file is gone, nothing left to do. - if !reRegister { - if watchedDir { - w.mu.Lock() - delete(w.dirs, path) - w.mu.Unlock() - } - if watchedPath { - w.mu.Lock() - delete(w.watches, path) - w.mu.Unlock() - } - return nil - } - - // If we didn't get a deletion the file still exists and we're going to have - // to watch it again. Let's Stat it now so that we can compare permissions - // and have what we need to continue watching the file - - stat, err := os.Lstat(path) - if err != nil { - // This is unexpected, but we should still emit an event. This happens - // most often on "rm -r" of a subdirectory inside a watched directory We - // get a modify event of something happening inside, but by the time we - // get here, the sudirectory is already gone. Clearly we were watching - // this path but now it is gone. Let's tell the user that it was - // removed. - if !w.sendEvent(path, Remove) { - return nil - } - // Suppress extra write events on removed directories; they are not - // informative and can be confusing. - return nil - } - - // resolve symlinks that were explicitly watched as we would have at Add() - // time. this helps suppress spurious Chmod events on watched symlinks - if isWatched { - stat, err = os.Stat(path) - if err != nil { - // The symlink still exists, but the target is gone. Report the - // Remove similar to above. - if !w.sendEvent(path, Remove) { - return nil - } - // Don't return the error - } - } - - if events&unix.FILE_MODIFIED != 0 { - if fmode.IsDir() && watchedDir { - if err := w.updateDirectory(path); err != nil { - return err - } - } else { - if !w.sendEvent(path, Write) { - return nil - } - } - } - if events&unix.FILE_ATTRIB != 0 && stat != nil { - // Only send Chmod if perms changed - if stat.Mode().Perm() != fmode.Perm() { - if !w.sendEvent(path, Chmod) { - return nil - } - } - } - - if stat != nil { - // If we get here, it means we've hit an event above that requires us to - // continue watching the file or directory - return w.associateFile(path, stat, isWatched) - } - return nil -} - -func (w *fen) updateDirectory(path string) error { - // The directory was modified, so we must find unwatched entities and watch - // them. If something was removed from the directory, nothing will happen, - // as everything else should still be watched. - files, err := os.ReadDir(path) - if err != nil { - return err - } - - for _, entry := range files { - path := filepath.Join(path, entry.Name()) - if w.port.PathIsWatched(path) { - continue - } - - finfo, err := entry.Info() - if err != nil { - return err - } - err = w.associateFile(path, finfo, false) - if !w.sendError(err) { - return nil - } - if !w.sendEvent(path, Create) { - return nil - } - } - return nil -} - -func (w *fen) associateFile(path string, stat os.FileInfo, follow bool) error { - if w.isClosed() { - return ErrClosed - } - // This is primarily protecting the call to AssociatePath but it is - // important and intentional that the call to PathIsWatched is also - // protected by this mutex. Without this mutex, AssociatePath has been seen - // to error out that the path is already associated. - w.mu.Lock() - defer w.mu.Unlock() - - if w.port.PathIsWatched(path) { - // Remove the old association in favor of this one If we get ENOENT, - // then while the x/sys/unix wrapper still thought that this path was - // associated, the underlying event port did not. This call will have - // cleared up that discrepancy. The most likely cause is that the event - // has fired but we haven't processed it yet. - err := w.port.DissociatePath(path) - if err != nil && !errors.Is(err, unix.ENOENT) { - return err - } - } - - var events int - if !follow { - // Watch symlinks themselves rather than their targets unless this entry - // is explicitly watched. - events |= unix.FILE_NOFOLLOW - } - if true { // TODO: implement withOps() - events |= unix.FILE_MODIFIED - } - if true { - events |= unix.FILE_ATTRIB - } - return w.port.AssociatePath(path, stat, events, stat.Mode()) -} - -func (w *fen) dissociateFile(path string, stat os.FileInfo, unused bool) error { - if !w.port.PathIsWatched(path) { - return nil - } - return w.port.DissociatePath(path) -} - -func (w *fen) WatchList() []string { - if w.isClosed() { - return nil - } - - w.mu.Lock() - defer w.mu.Unlock() - - entries := make([]string, 0, len(w.watches)+len(w.dirs)) - for pathname := range w.dirs { - entries = append(entries, pathname) - } - for pathname := range w.watches { - entries = append(entries, pathname) - } - - return entries -} - -func (w *fen) xSupports(op Op) bool { - if op.Has(xUnportableOpen) || op.Has(xUnportableRead) || - op.Has(xUnportableCloseWrite) || op.Has(xUnportableCloseRead) { - return false - } - return true -} diff --git a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go b/vendor/github.com/fsnotify/fsnotify/backend_inotify.go deleted file mode 100644 index 36c311694..000000000 --- a/vendor/github.com/fsnotify/fsnotify/backend_inotify.go +++ /dev/null @@ -1,658 +0,0 @@ -//go:build linux && !appengine - -package fsnotify - -import ( - "errors" - "fmt" - "io" - "io/fs" - "os" - "path/filepath" - "strings" - "sync" - "time" - "unsafe" - - "github.com/fsnotify/fsnotify/internal" - "golang.org/x/sys/unix" -) - -type inotify struct { - Events chan Event - Errors chan error - - // Store fd here as os.File.Read() will no longer return on close after - // calling Fd(). See: https://github.com/golang/go/issues/26439 - fd int - inotifyFile *os.File - watches *watches - done chan struct{} // Channel for sending a "quit message" to the reader goroutine - doneMu sync.Mutex - doneResp chan struct{} // Channel to respond to Close - - // Store rename cookies in an array, with the index wrapping to 0. Almost - // all of the time what we get is a MOVED_FROM to set the cookie and the - // next event inotify sends will be MOVED_TO to read it. However, this is - // not guaranteed – as described in inotify(7) – and we may get other events - // between the two MOVED_* events (including other MOVED_* ones). - // - // A second issue is that moving a file outside the watched directory will - // trigger a MOVED_FROM to set the cookie, but we never see the MOVED_TO to - // read and delete it. So just storing it in a map would slowly leak memory. - // - // Doing it like this gives us a simple fast LRU-cache that won't allocate. - // Ten items should be more than enough for our purpose, and a loop over - // such a short array is faster than a map access anyway (not that it hugely - // matters since we're talking about hundreds of ns at the most, but still). - cookies [10]koekje - cookieIndex uint8 - cookiesMu sync.Mutex -} - -type ( - watches struct { - mu sync.RWMutex - wd map[uint32]*watch // wd → watch - path map[string]uint32 // pathname → wd - } - watch struct { - wd uint32 // Watch descriptor (as returned by the inotify_add_watch() syscall) - flags uint32 // inotify flags of this watch (see inotify(7) for the list of valid flags) - path string // Watch path. - recurse bool // Recursion with ./...? - } - koekje struct { - cookie uint32 - path string - } -) - -func newWatches() *watches { - return &watches{ - wd: make(map[uint32]*watch), - path: make(map[string]uint32), - } -} - -func (w *watches) len() int { - w.mu.RLock() - defer w.mu.RUnlock() - return len(w.wd) -} - -func (w *watches) add(ww *watch) { - w.mu.Lock() - defer w.mu.Unlock() - w.wd[ww.wd] = ww - w.path[ww.path] = ww.wd -} - -func (w *watches) remove(wd uint32) { - w.mu.Lock() - defer w.mu.Unlock() - watch := w.wd[wd] // Could have had Remove() called. See #616. - if watch == nil { - return - } - delete(w.path, watch.path) - delete(w.wd, wd) -} - -func (w *watches) removePath(path string) ([]uint32, error) { - w.mu.Lock() - defer w.mu.Unlock() - - path, recurse := recursivePath(path) - wd, ok := w.path[path] - if !ok { - return nil, fmt.Errorf("%w: %s", ErrNonExistentWatch, path) - } - - watch := w.wd[wd] - if recurse && !watch.recurse { - return nil, fmt.Errorf("can't use /... with non-recursive watch %q", path) - } - - delete(w.path, path) - delete(w.wd, wd) - if !watch.recurse { - return []uint32{wd}, nil - } - - wds := make([]uint32, 0, 8) - wds = append(wds, wd) - for p, rwd := range w.path { - if filepath.HasPrefix(p, path) { - delete(w.path, p) - delete(w.wd, rwd) - wds = append(wds, rwd) - } - } - return wds, nil -} - -func (w *watches) byPath(path string) *watch { - w.mu.RLock() - defer w.mu.RUnlock() - return w.wd[w.path[path]] -} - -func (w *watches) byWd(wd uint32) *watch { - w.mu.RLock() - defer w.mu.RUnlock() - return w.wd[wd] -} - -func (w *watches) updatePath(path string, f func(*watch) (*watch, error)) error { - w.mu.Lock() - defer w.mu.Unlock() - - var existing *watch - wd, ok := w.path[path] - if ok { - existing = w.wd[wd] - } - - upd, err := f(existing) - if err != nil { - return err - } - if upd != nil { - w.wd[upd.wd] = upd - w.path[upd.path] = upd.wd - - if upd.wd != wd { - delete(w.wd, wd) - } - } - - return nil -} - -func newBackend(ev chan Event, errs chan error) (backend, error) { - return newBufferedBackend(0, ev, errs) -} - -func newBufferedBackend(sz uint, ev chan Event, errs chan error) (backend, error) { - // Need to set nonblocking mode for SetDeadline to work, otherwise blocking - // I/O operations won't terminate on close. - fd, errno := unix.InotifyInit1(unix.IN_CLOEXEC | unix.IN_NONBLOCK) - if fd == -1 { - return nil, errno - } - - w := &inotify{ - Events: ev, - Errors: errs, - fd: fd, - inotifyFile: os.NewFile(uintptr(fd), ""), - watches: newWatches(), - done: make(chan struct{}), - doneResp: make(chan struct{}), - } - - go w.readEvents() - return w, nil -} - -// Returns true if the event was sent, or false if watcher is closed. -func (w *inotify) sendEvent(e Event) bool { - select { - case <-w.done: - return false - case w.Events <- e: - return true - } -} - -// Returns true if the error was sent, or false if watcher is closed. -func (w *inotify) sendError(err error) bool { - if err == nil { - return true - } - select { - case <-w.done: - return false - case w.Errors <- err: - return true - } -} - -func (w *inotify) isClosed() bool { - select { - case <-w.done: - return true - default: - return false - } -} - -func (w *inotify) Close() error { - w.doneMu.Lock() - if w.isClosed() { - w.doneMu.Unlock() - return nil - } - close(w.done) - w.doneMu.Unlock() - - // Causes any blocking reads to return with an error, provided the file - // still supports deadline operations. - err := w.inotifyFile.Close() - if err != nil { - return err - } - - // Wait for goroutine to close - <-w.doneResp - - return nil -} - -func (w *inotify) Add(name string) error { return w.AddWith(name) } - -func (w *inotify) AddWith(path string, opts ...addOpt) error { - if w.isClosed() { - return ErrClosed - } - if debug { - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s AddWith(%q)\n", - time.Now().Format("15:04:05.000000000"), path) - } - - with := getOptions(opts...) - if !w.xSupports(with.op) { - return fmt.Errorf("%w: %s", xErrUnsupported, with.op) - } - - path, recurse := recursivePath(path) - if recurse { - return filepath.WalkDir(path, func(root string, d fs.DirEntry, err error) error { - if err != nil { - return err - } - if !d.IsDir() { - if root == path { - return fmt.Errorf("fsnotify: not a directory: %q", path) - } - return nil - } - - // Send a Create event when adding new directory from a recursive - // watch; this is for "mkdir -p one/two/three". Usually all those - // directories will be created before we can set up watchers on the - // subdirectories, so only "one" would be sent as a Create event and - // not "one/two" and "one/two/three" (inotifywait -r has the same - // problem). - if with.sendCreate && root != path { - w.sendEvent(Event{Name: root, Op: Create}) - } - - return w.add(root, with, true) - }) - } - - return w.add(path, with, false) -} - -func (w *inotify) add(path string, with withOpts, recurse bool) error { - var flags uint32 - if with.noFollow { - flags |= unix.IN_DONT_FOLLOW - } - if with.op.Has(Create) { - flags |= unix.IN_CREATE - } - if with.op.Has(Write) { - flags |= unix.IN_MODIFY - } - if with.op.Has(Remove) { - flags |= unix.IN_DELETE | unix.IN_DELETE_SELF - } - if with.op.Has(Rename) { - flags |= unix.IN_MOVED_TO | unix.IN_MOVED_FROM | unix.IN_MOVE_SELF - } - if with.op.Has(Chmod) { - flags |= unix.IN_ATTRIB - } - if with.op.Has(xUnportableOpen) { - flags |= unix.IN_OPEN - } - if with.op.Has(xUnportableRead) { - flags |= unix.IN_ACCESS - } - if with.op.Has(xUnportableCloseWrite) { - flags |= unix.IN_CLOSE_WRITE - } - if with.op.Has(xUnportableCloseRead) { - flags |= unix.IN_CLOSE_NOWRITE - } - return w.register(path, flags, recurse) -} - -func (w *inotify) register(path string, flags uint32, recurse bool) error { - return w.watches.updatePath(path, func(existing *watch) (*watch, error) { - if existing != nil { - flags |= existing.flags | unix.IN_MASK_ADD - } - - wd, err := unix.InotifyAddWatch(w.fd, path, flags) - if wd == -1 { - return nil, err - } - - if existing == nil { - return &watch{ - wd: uint32(wd), - path: path, - flags: flags, - recurse: recurse, - }, nil - } - - existing.wd = uint32(wd) - existing.flags = flags - return existing, nil - }) -} - -func (w *inotify) Remove(name string) error { - if w.isClosed() { - return nil - } - if debug { - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s Remove(%q)\n", - time.Now().Format("15:04:05.000000000"), name) - } - return w.remove(filepath.Clean(name)) -} - -func (w *inotify) remove(name string) error { - wds, err := w.watches.removePath(name) - if err != nil { - return err - } - - for _, wd := range wds { - _, err := unix.InotifyRmWatch(w.fd, wd) - if err != nil { - // TODO: Perhaps it's not helpful to return an error here in every - // case; the only two possible errors are: - // - // EBADF, which happens when w.fd is not a valid file descriptor of - // any kind. - // - // EINVAL, which is when fd is not an inotify descriptor or wd is - // not a valid watch descriptor. Watch descriptors are invalidated - // when they are removed explicitly or implicitly; explicitly by - // inotify_rm_watch, implicitly when the file they are watching is - // deleted. - return err - } - } - return nil -} - -func (w *inotify) WatchList() []string { - if w.isClosed() { - return nil - } - - entries := make([]string, 0, w.watches.len()) - w.watches.mu.RLock() - for pathname := range w.watches.path { - entries = append(entries, pathname) - } - w.watches.mu.RUnlock() - - return entries -} - -// readEvents reads from the inotify file descriptor, converts the -// received events into Event objects and sends them via the Events channel -func (w *inotify) readEvents() { - defer func() { - close(w.doneResp) - close(w.Errors) - close(w.Events) - }() - - var ( - buf [unix.SizeofInotifyEvent * 4096]byte // Buffer for a maximum of 4096 raw events - errno error // Syscall errno - ) - for { - // See if we have been closed. - if w.isClosed() { - return - } - - n, err := w.inotifyFile.Read(buf[:]) - switch { - case errors.Unwrap(err) == os.ErrClosed: - return - case err != nil: - if !w.sendError(err) { - return - } - continue - } - - if n < unix.SizeofInotifyEvent { - var err error - if n == 0 { - err = io.EOF // If EOF is received. This should really never happen. - } else if n < 0 { - err = errno // If an error occurred while reading. - } else { - err = errors.New("notify: short read in readEvents()") // Read was too short. - } - if !w.sendError(err) { - return - } - continue - } - - // We don't know how many events we just read into the buffer - // While the offset points to at least one whole event... - var offset uint32 - for offset <= uint32(n-unix.SizeofInotifyEvent) { - var ( - // Point "raw" to the event in the buffer - raw = (*unix.InotifyEvent)(unsafe.Pointer(&buf[offset])) - mask = uint32(raw.Mask) - nameLen = uint32(raw.Len) - // Move to the next event in the buffer - next = func() { offset += unix.SizeofInotifyEvent + nameLen } - ) - - if mask&unix.IN_Q_OVERFLOW != 0 { - if !w.sendError(ErrEventOverflow) { - return - } - } - - /// If the event happened to the watched directory or the watched - /// file, the kernel doesn't append the filename to the event, but - /// we would like to always fill the the "Name" field with a valid - /// filename. We retrieve the path of the watch from the "paths" - /// map. - watch := w.watches.byWd(uint32(raw.Wd)) - /// Can be nil if Remove() was called in another goroutine for this - /// path inbetween reading the events from the kernel and reading - /// the internal state. Not much we can do about it, so just skip. - /// See #616. - if watch == nil { - next() - continue - } - - name := watch.path - if nameLen > 0 { - /// Point "bytes" at the first byte of the filename - bytes := (*[unix.PathMax]byte)(unsafe.Pointer(&buf[offset+unix.SizeofInotifyEvent]))[:nameLen:nameLen] - /// The filename is padded with NULL bytes. TrimRight() gets rid of those. - name += "/" + strings.TrimRight(string(bytes[0:nameLen]), "\000") - } - - if debug { - internal.Debug(name, raw.Mask, raw.Cookie) - } - - if mask&unix.IN_IGNORED != 0 { //&& event.Op != 0 - next() - continue - } - - // inotify will automatically remove the watch on deletes; just need - // to clean our state here. - if mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF { - w.watches.remove(watch.wd) - } - - // We can't really update the state when a watched path is moved; - // only IN_MOVE_SELF is sent and not IN_MOVED_{FROM,TO}. So remove - // the watch. - if mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF { - if watch.recurse { - next() // Do nothing - continue - } - - err := w.remove(watch.path) - if err != nil && !errors.Is(err, ErrNonExistentWatch) { - if !w.sendError(err) { - return - } - } - } - - /// Skip if we're watching both this path and the parent; the parent - /// will already send a delete so no need to do it twice. - if mask&unix.IN_DELETE_SELF != 0 { - if _, ok := w.watches.path[filepath.Dir(watch.path)]; ok { - next() - continue - } - } - - ev := w.newEvent(name, mask, raw.Cookie) - // Need to update watch path for recurse. - if watch.recurse { - isDir := mask&unix.IN_ISDIR == unix.IN_ISDIR - /// New directory created: set up watch on it. - if isDir && ev.Has(Create) { - err := w.register(ev.Name, watch.flags, true) - if !w.sendError(err) { - return - } - - // This was a directory rename, so we need to update all - // the children. - // - // TODO: this is of course pretty slow; we should use a - // better data structure for storing all of this, e.g. store - // children in the watch. I have some code for this in my - // kqueue refactor we can use in the future. For now I'm - // okay with this as it's not publicly available. - // Correctness first, performance second. - if ev.renamedFrom != "" { - w.watches.mu.Lock() - for k, ww := range w.watches.wd { - if k == watch.wd || ww.path == ev.Name { - continue - } - if strings.HasPrefix(ww.path, ev.renamedFrom) { - ww.path = strings.Replace(ww.path, ev.renamedFrom, ev.Name, 1) - w.watches.wd[k] = ww - } - } - w.watches.mu.Unlock() - } - } - } - - /// Send the events that are not ignored on the events channel - if !w.sendEvent(ev) { - return - } - next() - } - } -} - -func (w *inotify) isRecursive(path string) bool { - ww := w.watches.byPath(path) - if ww == nil { // path could be a file, so also check the Dir. - ww = w.watches.byPath(filepath.Dir(path)) - } - return ww != nil && ww.recurse -} - -func (w *inotify) newEvent(name string, mask, cookie uint32) Event { - e := Event{Name: name} - if mask&unix.IN_CREATE == unix.IN_CREATE || mask&unix.IN_MOVED_TO == unix.IN_MOVED_TO { - e.Op |= Create - } - if mask&unix.IN_DELETE_SELF == unix.IN_DELETE_SELF || mask&unix.IN_DELETE == unix.IN_DELETE { - e.Op |= Remove - } - if mask&unix.IN_MODIFY == unix.IN_MODIFY { - e.Op |= Write - } - if mask&unix.IN_OPEN == unix.IN_OPEN { - e.Op |= xUnportableOpen - } - if mask&unix.IN_ACCESS == unix.IN_ACCESS { - e.Op |= xUnportableRead - } - if mask&unix.IN_CLOSE_WRITE == unix.IN_CLOSE_WRITE { - e.Op |= xUnportableCloseWrite - } - if mask&unix.IN_CLOSE_NOWRITE == unix.IN_CLOSE_NOWRITE { - e.Op |= xUnportableCloseRead - } - if mask&unix.IN_MOVE_SELF == unix.IN_MOVE_SELF || mask&unix.IN_MOVED_FROM == unix.IN_MOVED_FROM { - e.Op |= Rename - } - if mask&unix.IN_ATTRIB == unix.IN_ATTRIB { - e.Op |= Chmod - } - - if cookie != 0 { - if mask&unix.IN_MOVED_FROM == unix.IN_MOVED_FROM { - w.cookiesMu.Lock() - w.cookies[w.cookieIndex] = koekje{cookie: cookie, path: e.Name} - w.cookieIndex++ - if w.cookieIndex > 9 { - w.cookieIndex = 0 - } - w.cookiesMu.Unlock() - } else if mask&unix.IN_MOVED_TO == unix.IN_MOVED_TO { - w.cookiesMu.Lock() - var prev string - for _, c := range w.cookies { - if c.cookie == cookie { - prev = c.path - break - } - } - w.cookiesMu.Unlock() - e.renamedFrom = prev - } - } - return e -} - -func (w *inotify) xSupports(op Op) bool { - return true // Supports everything. -} - -func (w *inotify) state() { - w.watches.mu.Lock() - defer w.watches.mu.Unlock() - for wd, ww := range w.watches.wd { - fmt.Fprintf(os.Stderr, "%4d: recurse=%t %q\n", wd, ww.recurse, ww.path) - } -} diff --git a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go b/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go deleted file mode 100644 index d8de5ab76..000000000 --- a/vendor/github.com/fsnotify/fsnotify/backend_kqueue.go +++ /dev/null @@ -1,733 +0,0 @@ -//go:build freebsd || openbsd || netbsd || dragonfly || darwin - -package fsnotify - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "runtime" - "sync" - "time" - - "github.com/fsnotify/fsnotify/internal" - "golang.org/x/sys/unix" -) - -type kqueue struct { - Events chan Event - Errors chan error - - kq int // File descriptor (as returned by the kqueue() syscall). - closepipe [2]int // Pipe used for closing kq. - watches *watches - done chan struct{} - doneMu sync.Mutex -} - -type ( - watches struct { - mu sync.RWMutex - wd map[int]watch // wd → watch - path map[string]int // pathname → wd - byDir map[string]map[int]struct{} // dirname(path) → wd - seen map[string]struct{} // Keep track of if we know this file exists. - byUser map[string]struct{} // Watches added with Watcher.Add() - } - watch struct { - wd int - name string - linkName string // In case of links; name is the target, and this is the link. - isDir bool - dirFlags uint32 - } -) - -func newWatches() *watches { - return &watches{ - wd: make(map[int]watch), - path: make(map[string]int), - byDir: make(map[string]map[int]struct{}), - seen: make(map[string]struct{}), - byUser: make(map[string]struct{}), - } -} - -func (w *watches) listPaths(userOnly bool) []string { - w.mu.RLock() - defer w.mu.RUnlock() - - if userOnly { - l := make([]string, 0, len(w.byUser)) - for p := range w.byUser { - l = append(l, p) - } - return l - } - - l := make([]string, 0, len(w.path)) - for p := range w.path { - l = append(l, p) - } - return l -} - -func (w *watches) watchesInDir(path string) []string { - w.mu.RLock() - defer w.mu.RUnlock() - - l := make([]string, 0, 4) - for fd := range w.byDir[path] { - info := w.wd[fd] - if _, ok := w.byUser[info.name]; !ok { - l = append(l, info.name) - } - } - return l -} - -// Mark path as added by the user. -func (w *watches) addUserWatch(path string) { - w.mu.Lock() - defer w.mu.Unlock() - w.byUser[path] = struct{}{} -} - -func (w *watches) addLink(path string, fd int) { - w.mu.Lock() - defer w.mu.Unlock() - - w.path[path] = fd - w.seen[path] = struct{}{} -} - -func (w *watches) add(path, linkPath string, fd int, isDir bool) { - w.mu.Lock() - defer w.mu.Unlock() - - w.path[path] = fd - w.wd[fd] = watch{wd: fd, name: path, linkName: linkPath, isDir: isDir} - - parent := filepath.Dir(path) - byDir, ok := w.byDir[parent] - if !ok { - byDir = make(map[int]struct{}, 1) - w.byDir[parent] = byDir - } - byDir[fd] = struct{}{} -} - -func (w *watches) byWd(fd int) (watch, bool) { - w.mu.RLock() - defer w.mu.RUnlock() - info, ok := w.wd[fd] - return info, ok -} - -func (w *watches) byPath(path string) (watch, bool) { - w.mu.RLock() - defer w.mu.RUnlock() - info, ok := w.wd[w.path[path]] - return info, ok -} - -func (w *watches) updateDirFlags(path string, flags uint32) { - w.mu.Lock() - defer w.mu.Unlock() - - fd := w.path[path] - info := w.wd[fd] - info.dirFlags = flags - w.wd[fd] = info -} - -func (w *watches) remove(fd int, path string) bool { - w.mu.Lock() - defer w.mu.Unlock() - - isDir := w.wd[fd].isDir - delete(w.path, path) - delete(w.byUser, path) - - parent := filepath.Dir(path) - delete(w.byDir[parent], fd) - - if len(w.byDir[parent]) == 0 { - delete(w.byDir, parent) - } - - delete(w.wd, fd) - delete(w.seen, path) - return isDir -} - -func (w *watches) markSeen(path string, exists bool) { - w.mu.Lock() - defer w.mu.Unlock() - if exists { - w.seen[path] = struct{}{} - } else { - delete(w.seen, path) - } -} - -func (w *watches) seenBefore(path string) bool { - w.mu.RLock() - defer w.mu.RUnlock() - _, ok := w.seen[path] - return ok -} - -func newBackend(ev chan Event, errs chan error) (backend, error) { - return newBufferedBackend(0, ev, errs) -} - -func newBufferedBackend(sz uint, ev chan Event, errs chan error) (backend, error) { - kq, closepipe, err := newKqueue() - if err != nil { - return nil, err - } - - w := &kqueue{ - Events: ev, - Errors: errs, - kq: kq, - closepipe: closepipe, - done: make(chan struct{}), - watches: newWatches(), - } - - go w.readEvents() - return w, nil -} - -// newKqueue creates a new kernel event queue and returns a descriptor. -// -// This registers a new event on closepipe, which will trigger an event when -// it's closed. This way we can use kevent() without timeout/polling; without -// the closepipe, it would block forever and we wouldn't be able to stop it at -// all. -func newKqueue() (kq int, closepipe [2]int, err error) { - kq, err = unix.Kqueue() - if kq == -1 { - return kq, closepipe, err - } - - // Register the close pipe. - err = unix.Pipe(closepipe[:]) - if err != nil { - unix.Close(kq) - return kq, closepipe, err - } - unix.CloseOnExec(closepipe[0]) - unix.CloseOnExec(closepipe[1]) - - // Register changes to listen on the closepipe. - changes := make([]unix.Kevent_t, 1) - // SetKevent converts int to the platform-specific types. - unix.SetKevent(&changes[0], closepipe[0], unix.EVFILT_READ, - unix.EV_ADD|unix.EV_ENABLE|unix.EV_ONESHOT) - - ok, err := unix.Kevent(kq, changes, nil, nil) - if ok == -1 { - unix.Close(kq) - unix.Close(closepipe[0]) - unix.Close(closepipe[1]) - return kq, closepipe, err - } - return kq, closepipe, nil -} - -// Returns true if the event was sent, or false if watcher is closed. -func (w *kqueue) sendEvent(e Event) bool { - select { - case <-w.done: - return false - case w.Events <- e: - return true - } -} - -// Returns true if the error was sent, or false if watcher is closed. -func (w *kqueue) sendError(err error) bool { - if err == nil { - return true - } - select { - case <-w.done: - return false - case w.Errors <- err: - return true - } -} - -func (w *kqueue) isClosed() bool { - select { - case <-w.done: - return true - default: - return false - } -} - -func (w *kqueue) Close() error { - w.doneMu.Lock() - if w.isClosed() { - w.doneMu.Unlock() - return nil - } - close(w.done) - w.doneMu.Unlock() - - pathsToRemove := w.watches.listPaths(false) - for _, name := range pathsToRemove { - w.Remove(name) - } - - // Send "quit" message to the reader goroutine. - unix.Close(w.closepipe[1]) - return nil -} - -func (w *kqueue) Add(name string) error { return w.AddWith(name) } - -func (w *kqueue) AddWith(name string, opts ...addOpt) error { - if debug { - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s AddWith(%q)\n", - time.Now().Format("15:04:05.000000000"), name) - } - - with := getOptions(opts...) - if !w.xSupports(with.op) { - return fmt.Errorf("%w: %s", xErrUnsupported, with.op) - } - - _, err := w.addWatch(name, noteAllEvents) - if err != nil { - return err - } - w.watches.addUserWatch(name) - return nil -} - -func (w *kqueue) Remove(name string) error { - if debug { - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s Remove(%q)\n", - time.Now().Format("15:04:05.000000000"), name) - } - return w.remove(name, true) -} - -func (w *kqueue) remove(name string, unwatchFiles bool) error { - if w.isClosed() { - return nil - } - - name = filepath.Clean(name) - info, ok := w.watches.byPath(name) - if !ok { - return fmt.Errorf("%w: %s", ErrNonExistentWatch, name) - } - - err := w.register([]int{info.wd}, unix.EV_DELETE, 0) - if err != nil { - return err - } - - unix.Close(info.wd) - - isDir := w.watches.remove(info.wd, name) - - // Find all watched paths that are in this directory that are not external. - if unwatchFiles && isDir { - pathsToRemove := w.watches.watchesInDir(name) - for _, name := range pathsToRemove { - // Since these are internal, not much sense in propagating error to - // the user, as that will just confuse them with an error about a - // path they did not explicitly watch themselves. - w.Remove(name) - } - } - return nil -} - -func (w *kqueue) WatchList() []string { - if w.isClosed() { - return nil - } - return w.watches.listPaths(true) -} - -// Watch all events (except NOTE_EXTEND, NOTE_LINK, NOTE_REVOKE) -const noteAllEvents = unix.NOTE_DELETE | unix.NOTE_WRITE | unix.NOTE_ATTRIB | unix.NOTE_RENAME - -// addWatch adds name to the watched file set; the flags are interpreted as -// described in kevent(2). -// -// Returns the real path to the file which was added, with symlinks resolved. -func (w *kqueue) addWatch(name string, flags uint32) (string, error) { - if w.isClosed() { - return "", ErrClosed - } - - name = filepath.Clean(name) - - info, alreadyWatching := w.watches.byPath(name) - if !alreadyWatching { - fi, err := os.Lstat(name) - if err != nil { - return "", err - } - - // Don't watch sockets or named pipes. - if (fi.Mode()&os.ModeSocket == os.ModeSocket) || (fi.Mode()&os.ModeNamedPipe == os.ModeNamedPipe) { - return "", nil - } - - // Follow symlinks. - if fi.Mode()&os.ModeSymlink == os.ModeSymlink { - link, err := os.Readlink(name) - if err != nil { - // Return nil because Linux can add unresolvable symlinks to the - // watch list without problems, so maintain consistency with - // that. There will be no file events for broken symlinks. - // TODO: more specific check; returns os.PathError; ENOENT? - return "", nil - } - - _, alreadyWatching = w.watches.byPath(link) - if alreadyWatching { - // Add to watches so we don't get spurious Create events later - // on when we diff the directories. - w.watches.addLink(name, 0) - return link, nil - } - - info.linkName = name - name = link - fi, err = os.Lstat(name) - if err != nil { - return "", nil - } - } - - // Retry on EINTR; open() can return EINTR in practice on macOS. - // See #354, and Go issues 11180 and 39237. - for { - info.wd, err = unix.Open(name, openMode, 0) - if err == nil { - break - } - if errors.Is(err, unix.EINTR) { - continue - } - - return "", err - } - - info.isDir = fi.IsDir() - } - - err := w.register([]int{info.wd}, unix.EV_ADD|unix.EV_CLEAR|unix.EV_ENABLE, flags) - if err != nil { - unix.Close(info.wd) - return "", err - } - - if !alreadyWatching { - w.watches.add(name, info.linkName, info.wd, info.isDir) - } - - // Watch the directory if it has not been watched before, or if it was - // watched before, but perhaps only a NOTE_DELETE (watchDirectoryFiles) - if info.isDir { - watchDir := (flags&unix.NOTE_WRITE) == unix.NOTE_WRITE && - (!alreadyWatching || (info.dirFlags&unix.NOTE_WRITE) != unix.NOTE_WRITE) - w.watches.updateDirFlags(name, flags) - - if watchDir { - if err := w.watchDirectoryFiles(name); err != nil { - return "", err - } - } - } - return name, nil -} - -// readEvents reads from kqueue and converts the received kevents into -// Event values that it sends down the Events channel. -func (w *kqueue) readEvents() { - defer func() { - close(w.Events) - close(w.Errors) - _ = unix.Close(w.kq) - unix.Close(w.closepipe[0]) - }() - - eventBuffer := make([]unix.Kevent_t, 10) - for { - kevents, err := w.read(eventBuffer) - // EINTR is okay, the syscall was interrupted before timeout expired. - if err != nil && err != unix.EINTR { - if !w.sendError(fmt.Errorf("fsnotify.readEvents: %w", err)) { - return - } - } - - for _, kevent := range kevents { - var ( - wd = int(kevent.Ident) - mask = uint32(kevent.Fflags) - ) - - // Shut down the loop when the pipe is closed, but only after all - // other events have been processed. - if wd == w.closepipe[0] { - return - } - - path, ok := w.watches.byWd(wd) - if debug { - internal.Debug(path.name, &kevent) - } - - // On macOS it seems that sometimes an event with Ident=0 is - // delivered, and no other flags/information beyond that, even - // though we never saw such a file descriptor. For example in - // TestWatchSymlink/277 (usually at the end, but sometimes sooner): - // - // fmt.Printf("READ: %2d %#v\n", kevent.Ident, kevent) - // unix.Kevent_t{Ident:0x2a, Filter:-4, Flags:0x25, Fflags:0x2, Data:0, Udata:(*uint8)(nil)} - // unix.Kevent_t{Ident:0x0, Filter:-4, Flags:0x25, Fflags:0x2, Data:0, Udata:(*uint8)(nil)} - // - // The first is a normal event, the second with Ident 0. No error - // flag, no data, no ... nothing. - // - // I read a bit through bsd/kern_event.c from the xnu source, but I - // don't really see an obvious location where this is triggered – - // this doesn't seem intentional, but idk... - // - // Technically fd 0 is a valid descriptor, so only skip it if - // there's no path, and if we're on macOS. - if !ok && kevent.Ident == 0 && runtime.GOOS == "darwin" { - continue - } - - event := w.newEvent(path.name, path.linkName, mask) - - if event.Has(Rename) || event.Has(Remove) { - w.remove(event.Name, false) - w.watches.markSeen(event.Name, false) - } - - if path.isDir && event.Has(Write) && !event.Has(Remove) { - w.dirChange(event.Name) - } else if !w.sendEvent(event) { - return - } - - if event.Has(Remove) { - // Look for a file that may have overwritten this; for example, - // mv f1 f2 will delete f2, then create f2. - if path.isDir { - fileDir := filepath.Clean(event.Name) - _, found := w.watches.byPath(fileDir) - if found { - // TODO: this branch is never triggered in any test. - // Added in d6220df (2012). - // isDir check added in 8611c35 (2016): https://github.com/fsnotify/fsnotify/pull/111 - // - // I don't really get how this can be triggered either. - // And it wasn't triggered in the patch that added it, - // either. - // - // Original also had a comment: - // make sure the directory exists before we watch for - // changes. When we do a recursive watch and perform - // rm -rf, the parent directory might have gone - // missing, ignore the missing directory and let the - // upcoming delete event remove the watch from the - // parent directory. - err := w.dirChange(fileDir) - if !w.sendError(err) { - return - } - } - } else { - path := filepath.Clean(event.Name) - if fi, err := os.Lstat(path); err == nil { - err := w.sendCreateIfNew(path, fi) - if !w.sendError(err) { - return - } - } - } - } - } - } -} - -// newEvent returns an platform-independent Event based on kqueue Fflags. -func (w *kqueue) newEvent(name, linkName string, mask uint32) Event { - e := Event{Name: name} - if linkName != "" { - // If the user watched "/path/link" then emit events as "/path/link" - // rather than "/path/target". - e.Name = linkName - } - - if mask&unix.NOTE_DELETE == unix.NOTE_DELETE { - e.Op |= Remove - } - if mask&unix.NOTE_WRITE == unix.NOTE_WRITE { - e.Op |= Write - } - if mask&unix.NOTE_RENAME == unix.NOTE_RENAME { - e.Op |= Rename - } - if mask&unix.NOTE_ATTRIB == unix.NOTE_ATTRIB { - e.Op |= Chmod - } - // No point sending a write and delete event at the same time: if it's gone, - // then it's gone. - if e.Op.Has(Write) && e.Op.Has(Remove) { - e.Op &^= Write - } - return e -} - -// watchDirectoryFiles to mimic inotify when adding a watch on a directory -func (w *kqueue) watchDirectoryFiles(dirPath string) error { - files, err := os.ReadDir(dirPath) - if err != nil { - return err - } - - for _, f := range files { - path := filepath.Join(dirPath, f.Name()) - - fi, err := f.Info() - if err != nil { - return fmt.Errorf("%q: %w", path, err) - } - - cleanPath, err := w.internalWatch(path, fi) - if err != nil { - // No permission to read the file; that's not a problem: just skip. - // But do add it to w.fileExists to prevent it from being picked up - // as a "new" file later (it still shows up in the directory - // listing). - switch { - case errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM): - cleanPath = filepath.Clean(path) - default: - return fmt.Errorf("%q: %w", path, err) - } - } - - w.watches.markSeen(cleanPath, true) - } - - return nil -} - -// Search the directory for new files and send an event for them. -// -// This functionality is to have the BSD watcher match the inotify, which sends -// a create event for files created in a watched directory. -func (w *kqueue) dirChange(dir string) error { - files, err := os.ReadDir(dir) - if err != nil { - // Directory no longer exists: we can ignore this safely. kqueue will - // still give us the correct events. - if errors.Is(err, os.ErrNotExist) { - return nil - } - return fmt.Errorf("fsnotify.dirChange: %w", err) - } - - for _, f := range files { - fi, err := f.Info() - if err != nil { - return fmt.Errorf("fsnotify.dirChange: %w", err) - } - - err = w.sendCreateIfNew(filepath.Join(dir, fi.Name()), fi) - if err != nil { - // Don't need to send an error if this file isn't readable. - if errors.Is(err, unix.EACCES) || errors.Is(err, unix.EPERM) { - return nil - } - return fmt.Errorf("fsnotify.dirChange: %w", err) - } - } - return nil -} - -// Send a create event if the file isn't already being tracked, and start -// watching this file. -func (w *kqueue) sendCreateIfNew(path string, fi os.FileInfo) error { - if !w.watches.seenBefore(path) { - if !w.sendEvent(Event{Name: path, Op: Create}) { - return nil - } - } - - // Like watchDirectoryFiles, but without doing another ReadDir. - path, err := w.internalWatch(path, fi) - if err != nil { - return err - } - w.watches.markSeen(path, true) - return nil -} - -func (w *kqueue) internalWatch(name string, fi os.FileInfo) (string, error) { - if fi.IsDir() { - // mimic Linux providing delete events for subdirectories, but preserve - // the flags used if currently watching subdirectory - info, _ := w.watches.byPath(name) - return w.addWatch(name, info.dirFlags|unix.NOTE_DELETE|unix.NOTE_RENAME) - } - - // watch file to mimic Linux inotify - return w.addWatch(name, noteAllEvents) -} - -// Register events with the queue. -func (w *kqueue) register(fds []int, flags int, fflags uint32) error { - changes := make([]unix.Kevent_t, len(fds)) - for i, fd := range fds { - // SetKevent converts int to the platform-specific types. - unix.SetKevent(&changes[i], fd, unix.EVFILT_VNODE, flags) - changes[i].Fflags = fflags - } - - // Register the events. - success, err := unix.Kevent(w.kq, changes, nil, nil) - if success == -1 { - return err - } - return nil -} - -// read retrieves pending events, or waits until an event occurs. -func (w *kqueue) read(events []unix.Kevent_t) ([]unix.Kevent_t, error) { - n, err := unix.Kevent(w.kq, nil, events, nil) - if err != nil { - return nil, err - } - return events[0:n], nil -} - -func (w *kqueue) xSupports(op Op) bool { - if runtime.GOOS == "freebsd" { - //return true // Supports everything. - } - if op.Has(xUnportableOpen) || op.Has(xUnportableRead) || - op.Has(xUnportableCloseWrite) || op.Has(xUnportableCloseRead) { - return false - } - return true -} diff --git a/vendor/github.com/fsnotify/fsnotify/backend_other.go b/vendor/github.com/fsnotify/fsnotify/backend_other.go deleted file mode 100644 index 5eb5dbc66..000000000 --- a/vendor/github.com/fsnotify/fsnotify/backend_other.go +++ /dev/null @@ -1,23 +0,0 @@ -//go:build appengine || (!darwin && !dragonfly && !freebsd && !openbsd && !linux && !netbsd && !solaris && !windows) - -package fsnotify - -import "errors" - -type other struct { - Events chan Event - Errors chan error -} - -func newBackend(ev chan Event, errs chan error) (backend, error) { - return nil, errors.New("fsnotify not supported on the current platform") -} -func newBufferedBackend(sz uint, ev chan Event, errs chan error) (backend, error) { - return newBackend(ev, errs) -} -func (w *other) Close() error { return nil } -func (w *other) WatchList() []string { return nil } -func (w *other) Add(name string) error { return nil } -func (w *other) AddWith(name string, opts ...addOpt) error { return nil } -func (w *other) Remove(name string) error { return nil } -func (w *other) xSupports(op Op) bool { return false } diff --git a/vendor/github.com/fsnotify/fsnotify/backend_windows.go b/vendor/github.com/fsnotify/fsnotify/backend_windows.go deleted file mode 100644 index c54a63083..000000000 --- a/vendor/github.com/fsnotify/fsnotify/backend_windows.go +++ /dev/null @@ -1,682 +0,0 @@ -//go:build windows - -// Windows backend based on ReadDirectoryChangesW() -// -// https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-readdirectorychangesw - -package fsnotify - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "reflect" - "runtime" - "strings" - "sync" - "time" - "unsafe" - - "github.com/fsnotify/fsnotify/internal" - "golang.org/x/sys/windows" -) - -type readDirChangesW struct { - Events chan Event - Errors chan error - - port windows.Handle // Handle to completion port - input chan *input // Inputs to the reader are sent on this channel - quit chan chan<- error - - mu sync.Mutex // Protects access to watches, closed - watches watchMap // Map of watches (key: i-number) - closed bool // Set to true when Close() is first called -} - -func newBackend(ev chan Event, errs chan error) (backend, error) { - return newBufferedBackend(50, ev, errs) -} - -func newBufferedBackend(sz uint, ev chan Event, errs chan error) (backend, error) { - port, err := windows.CreateIoCompletionPort(windows.InvalidHandle, 0, 0, 0) - if err != nil { - return nil, os.NewSyscallError("CreateIoCompletionPort", err) - } - w := &readDirChangesW{ - Events: ev, - Errors: errs, - port: port, - watches: make(watchMap), - input: make(chan *input, 1), - quit: make(chan chan<- error, 1), - } - go w.readEvents() - return w, nil -} - -func (w *readDirChangesW) isClosed() bool { - w.mu.Lock() - defer w.mu.Unlock() - return w.closed -} - -func (w *readDirChangesW) sendEvent(name, renamedFrom string, mask uint64) bool { - if mask == 0 { - return false - } - - event := w.newEvent(name, uint32(mask)) - event.renamedFrom = renamedFrom - select { - case ch := <-w.quit: - w.quit <- ch - case w.Events <- event: - } - return true -} - -// Returns true if the error was sent, or false if watcher is closed. -func (w *readDirChangesW) sendError(err error) bool { - if err == nil { - return true - } - select { - case w.Errors <- err: - return true - case <-w.quit: - return false - } -} - -func (w *readDirChangesW) Close() error { - if w.isClosed() { - return nil - } - - w.mu.Lock() - w.closed = true - w.mu.Unlock() - - // Send "quit" message to the reader goroutine - ch := make(chan error) - w.quit <- ch - if err := w.wakeupReader(); err != nil { - return err - } - return <-ch -} - -func (w *readDirChangesW) Add(name string) error { return w.AddWith(name) } - -func (w *readDirChangesW) AddWith(name string, opts ...addOpt) error { - if w.isClosed() { - return ErrClosed - } - if debug { - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s AddWith(%q)\n", - time.Now().Format("15:04:05.000000000"), filepath.ToSlash(name)) - } - - with := getOptions(opts...) - if !w.xSupports(with.op) { - return fmt.Errorf("%w: %s", xErrUnsupported, with.op) - } - if with.bufsize < 4096 { - return fmt.Errorf("fsnotify.WithBufferSize: buffer size cannot be smaller than 4096 bytes") - } - - in := &input{ - op: opAddWatch, - path: filepath.Clean(name), - flags: sysFSALLEVENTS, - reply: make(chan error), - bufsize: with.bufsize, - } - w.input <- in - if err := w.wakeupReader(); err != nil { - return err - } - return <-in.reply -} - -func (w *readDirChangesW) Remove(name string) error { - if w.isClosed() { - return nil - } - if debug { - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s Remove(%q)\n", - time.Now().Format("15:04:05.000000000"), filepath.ToSlash(name)) - } - - in := &input{ - op: opRemoveWatch, - path: filepath.Clean(name), - reply: make(chan error), - } - w.input <- in - if err := w.wakeupReader(); err != nil { - return err - } - return <-in.reply -} - -func (w *readDirChangesW) WatchList() []string { - if w.isClosed() { - return nil - } - - w.mu.Lock() - defer w.mu.Unlock() - - entries := make([]string, 0, len(w.watches)) - for _, entry := range w.watches { - for _, watchEntry := range entry { - for name := range watchEntry.names { - entries = append(entries, filepath.Join(watchEntry.path, name)) - } - // the directory itself is being watched - if watchEntry.mask != 0 { - entries = append(entries, watchEntry.path) - } - } - } - - return entries -} - -// These options are from the old golang.org/x/exp/winfsnotify, where you could -// add various options to the watch. This has long since been removed. -// -// The "sys" in the name is misleading as they're not part of any "system". -// -// This should all be removed at some point, and just use windows.FILE_NOTIFY_* -const ( - sysFSALLEVENTS = 0xfff - sysFSCREATE = 0x100 - sysFSDELETE = 0x200 - sysFSDELETESELF = 0x400 - sysFSMODIFY = 0x2 - sysFSMOVE = 0xc0 - sysFSMOVEDFROM = 0x40 - sysFSMOVEDTO = 0x80 - sysFSMOVESELF = 0x800 - sysFSIGNORED = 0x8000 -) - -func (w *readDirChangesW) newEvent(name string, mask uint32) Event { - e := Event{Name: name} - if mask&sysFSCREATE == sysFSCREATE || mask&sysFSMOVEDTO == sysFSMOVEDTO { - e.Op |= Create - } - if mask&sysFSDELETE == sysFSDELETE || mask&sysFSDELETESELF == sysFSDELETESELF { - e.Op |= Remove - } - if mask&sysFSMODIFY == sysFSMODIFY { - e.Op |= Write - } - if mask&sysFSMOVE == sysFSMOVE || mask&sysFSMOVESELF == sysFSMOVESELF || mask&sysFSMOVEDFROM == sysFSMOVEDFROM { - e.Op |= Rename - } - return e -} - -const ( - opAddWatch = iota - opRemoveWatch -) - -const ( - provisional uint64 = 1 << (32 + iota) -) - -type input struct { - op int - path string - flags uint32 - bufsize int - reply chan error -} - -type inode struct { - handle windows.Handle - volume uint32 - index uint64 -} - -type watch struct { - ov windows.Overlapped - ino *inode // i-number - recurse bool // Recursive watch? - path string // Directory path - mask uint64 // Directory itself is being watched with these notify flags - names map[string]uint64 // Map of names being watched and their notify flags - rename string // Remembers the old name while renaming a file - buf []byte // buffer, allocated later -} - -type ( - indexMap map[uint64]*watch - watchMap map[uint32]indexMap -) - -func (w *readDirChangesW) wakeupReader() error { - err := windows.PostQueuedCompletionStatus(w.port, 0, 0, nil) - if err != nil { - return os.NewSyscallError("PostQueuedCompletionStatus", err) - } - return nil -} - -func (w *readDirChangesW) getDir(pathname string) (dir string, err error) { - attr, err := windows.GetFileAttributes(windows.StringToUTF16Ptr(pathname)) - if err != nil { - return "", os.NewSyscallError("GetFileAttributes", err) - } - if attr&windows.FILE_ATTRIBUTE_DIRECTORY != 0 { - dir = pathname - } else { - dir, _ = filepath.Split(pathname) - dir = filepath.Clean(dir) - } - return -} - -func (w *readDirChangesW) getIno(path string) (ino *inode, err error) { - h, err := windows.CreateFile(windows.StringToUTF16Ptr(path), - windows.FILE_LIST_DIRECTORY, - windows.FILE_SHARE_READ|windows.FILE_SHARE_WRITE|windows.FILE_SHARE_DELETE, - nil, windows.OPEN_EXISTING, - windows.FILE_FLAG_BACKUP_SEMANTICS|windows.FILE_FLAG_OVERLAPPED, 0) - if err != nil { - return nil, os.NewSyscallError("CreateFile", err) - } - - var fi windows.ByHandleFileInformation - err = windows.GetFileInformationByHandle(h, &fi) - if err != nil { - windows.CloseHandle(h) - return nil, os.NewSyscallError("GetFileInformationByHandle", err) - } - ino = &inode{ - handle: h, - volume: fi.VolumeSerialNumber, - index: uint64(fi.FileIndexHigh)<<32 | uint64(fi.FileIndexLow), - } - return ino, nil -} - -// Must run within the I/O thread. -func (m watchMap) get(ino *inode) *watch { - if i := m[ino.volume]; i != nil { - return i[ino.index] - } - return nil -} - -// Must run within the I/O thread. -func (m watchMap) set(ino *inode, watch *watch) { - i := m[ino.volume] - if i == nil { - i = make(indexMap) - m[ino.volume] = i - } - i[ino.index] = watch -} - -// Must run within the I/O thread. -func (w *readDirChangesW) addWatch(pathname string, flags uint64, bufsize int) error { - pathname, recurse := recursivePath(pathname) - - dir, err := w.getDir(pathname) - if err != nil { - return err - } - - ino, err := w.getIno(dir) - if err != nil { - return err - } - w.mu.Lock() - watchEntry := w.watches.get(ino) - w.mu.Unlock() - if watchEntry == nil { - _, err := windows.CreateIoCompletionPort(ino.handle, w.port, 0, 0) - if err != nil { - windows.CloseHandle(ino.handle) - return os.NewSyscallError("CreateIoCompletionPort", err) - } - watchEntry = &watch{ - ino: ino, - path: dir, - names: make(map[string]uint64), - recurse: recurse, - buf: make([]byte, bufsize), - } - w.mu.Lock() - w.watches.set(ino, watchEntry) - w.mu.Unlock() - flags |= provisional - } else { - windows.CloseHandle(ino.handle) - } - if pathname == dir { - watchEntry.mask |= flags - } else { - watchEntry.names[filepath.Base(pathname)] |= flags - } - - err = w.startRead(watchEntry) - if err != nil { - return err - } - - if pathname == dir { - watchEntry.mask &= ^provisional - } else { - watchEntry.names[filepath.Base(pathname)] &= ^provisional - } - return nil -} - -// Must run within the I/O thread. -func (w *readDirChangesW) remWatch(pathname string) error { - pathname, recurse := recursivePath(pathname) - - dir, err := w.getDir(pathname) - if err != nil { - return err - } - ino, err := w.getIno(dir) - if err != nil { - return err - } - - w.mu.Lock() - watch := w.watches.get(ino) - w.mu.Unlock() - - if recurse && !watch.recurse { - return fmt.Errorf("can't use \\... with non-recursive watch %q", pathname) - } - - err = windows.CloseHandle(ino.handle) - if err != nil { - w.sendError(os.NewSyscallError("CloseHandle", err)) - } - if watch == nil { - return fmt.Errorf("%w: %s", ErrNonExistentWatch, pathname) - } - if pathname == dir { - w.sendEvent(watch.path, "", watch.mask&sysFSIGNORED) - watch.mask = 0 - } else { - name := filepath.Base(pathname) - w.sendEvent(filepath.Join(watch.path, name), "", watch.names[name]&sysFSIGNORED) - delete(watch.names, name) - } - - return w.startRead(watch) -} - -// Must run within the I/O thread. -func (w *readDirChangesW) deleteWatch(watch *watch) { - for name, mask := range watch.names { - if mask&provisional == 0 { - w.sendEvent(filepath.Join(watch.path, name), "", mask&sysFSIGNORED) - } - delete(watch.names, name) - } - if watch.mask != 0 { - if watch.mask&provisional == 0 { - w.sendEvent(watch.path, "", watch.mask&sysFSIGNORED) - } - watch.mask = 0 - } -} - -// Must run within the I/O thread. -func (w *readDirChangesW) startRead(watch *watch) error { - err := windows.CancelIo(watch.ino.handle) - if err != nil { - w.sendError(os.NewSyscallError("CancelIo", err)) - w.deleteWatch(watch) - } - mask := w.toWindowsFlags(watch.mask) - for _, m := range watch.names { - mask |= w.toWindowsFlags(m) - } - if mask == 0 { - err := windows.CloseHandle(watch.ino.handle) - if err != nil { - w.sendError(os.NewSyscallError("CloseHandle", err)) - } - w.mu.Lock() - delete(w.watches[watch.ino.volume], watch.ino.index) - w.mu.Unlock() - return nil - } - - // We need to pass the array, rather than the slice. - hdr := (*reflect.SliceHeader)(unsafe.Pointer(&watch.buf)) - rdErr := windows.ReadDirectoryChanges(watch.ino.handle, - (*byte)(unsafe.Pointer(hdr.Data)), uint32(hdr.Len), - watch.recurse, mask, nil, &watch.ov, 0) - if rdErr != nil { - err := os.NewSyscallError("ReadDirectoryChanges", rdErr) - if rdErr == windows.ERROR_ACCESS_DENIED && watch.mask&provisional == 0 { - // Watched directory was probably removed - w.sendEvent(watch.path, "", watch.mask&sysFSDELETESELF) - err = nil - } - w.deleteWatch(watch) - w.startRead(watch) - return err - } - return nil -} - -// readEvents reads from the I/O completion port, converts the -// received events into Event objects and sends them via the Events channel. -// Entry point to the I/O thread. -func (w *readDirChangesW) readEvents() { - var ( - n uint32 - key uintptr - ov *windows.Overlapped - ) - runtime.LockOSThread() - - for { - // This error is handled after the watch == nil check below. - qErr := windows.GetQueuedCompletionStatus(w.port, &n, &key, &ov, windows.INFINITE) - - watch := (*watch)(unsafe.Pointer(ov)) - if watch == nil { - select { - case ch := <-w.quit: - w.mu.Lock() - var indexes []indexMap - for _, index := range w.watches { - indexes = append(indexes, index) - } - w.mu.Unlock() - for _, index := range indexes { - for _, watch := range index { - w.deleteWatch(watch) - w.startRead(watch) - } - } - - err := windows.CloseHandle(w.port) - if err != nil { - err = os.NewSyscallError("CloseHandle", err) - } - close(w.Events) - close(w.Errors) - ch <- err - return - case in := <-w.input: - switch in.op { - case opAddWatch: - in.reply <- w.addWatch(in.path, uint64(in.flags), in.bufsize) - case opRemoveWatch: - in.reply <- w.remWatch(in.path) - } - default: - } - continue - } - - switch qErr { - case nil: - // No error - case windows.ERROR_MORE_DATA: - if watch == nil { - w.sendError(errors.New("ERROR_MORE_DATA has unexpectedly null lpOverlapped buffer")) - } else { - // The i/o succeeded but the buffer is full. - // In theory we should be building up a full packet. - // In practice we can get away with just carrying on. - n = uint32(unsafe.Sizeof(watch.buf)) - } - case windows.ERROR_ACCESS_DENIED: - // Watched directory was probably removed - w.sendEvent(watch.path, "", watch.mask&sysFSDELETESELF) - w.deleteWatch(watch) - w.startRead(watch) - continue - case windows.ERROR_OPERATION_ABORTED: - // CancelIo was called on this handle - continue - default: - w.sendError(os.NewSyscallError("GetQueuedCompletionPort", qErr)) - continue - } - - var offset uint32 - for { - if n == 0 { - w.sendError(ErrEventOverflow) - break - } - - // Point "raw" to the event in the buffer - raw := (*windows.FileNotifyInformation)(unsafe.Pointer(&watch.buf[offset])) - - // Create a buf that is the size of the path name - size := int(raw.FileNameLength / 2) - var buf []uint16 - // TODO: Use unsafe.Slice in Go 1.17; https://stackoverflow.com/questions/51187973 - sh := (*reflect.SliceHeader)(unsafe.Pointer(&buf)) - sh.Data = uintptr(unsafe.Pointer(&raw.FileName)) - sh.Len = size - sh.Cap = size - name := windows.UTF16ToString(buf) - fullname := filepath.Join(watch.path, name) - - if debug { - internal.Debug(fullname, raw.Action) - } - - var mask uint64 - switch raw.Action { - case windows.FILE_ACTION_REMOVED: - mask = sysFSDELETESELF - case windows.FILE_ACTION_MODIFIED: - mask = sysFSMODIFY - case windows.FILE_ACTION_RENAMED_OLD_NAME: - watch.rename = name - case windows.FILE_ACTION_RENAMED_NEW_NAME: - // Update saved path of all sub-watches. - old := filepath.Join(watch.path, watch.rename) - w.mu.Lock() - for _, watchMap := range w.watches { - for _, ww := range watchMap { - if strings.HasPrefix(ww.path, old) { - ww.path = filepath.Join(fullname, strings.TrimPrefix(ww.path, old)) - } - } - } - w.mu.Unlock() - - if watch.names[watch.rename] != 0 { - watch.names[name] |= watch.names[watch.rename] - delete(watch.names, watch.rename) - mask = sysFSMOVESELF - } - } - - if raw.Action != windows.FILE_ACTION_RENAMED_NEW_NAME { - w.sendEvent(fullname, "", watch.names[name]&mask) - } - if raw.Action == windows.FILE_ACTION_REMOVED { - w.sendEvent(fullname, "", watch.names[name]&sysFSIGNORED) - delete(watch.names, name) - } - - if watch.rename != "" && raw.Action == windows.FILE_ACTION_RENAMED_NEW_NAME { - w.sendEvent(fullname, filepath.Join(watch.path, watch.rename), watch.mask&w.toFSnotifyFlags(raw.Action)) - } else { - w.sendEvent(fullname, "", watch.mask&w.toFSnotifyFlags(raw.Action)) - } - - if raw.Action == windows.FILE_ACTION_RENAMED_NEW_NAME { - w.sendEvent(filepath.Join(watch.path, watch.rename), "", watch.names[name]&mask) - } - - // Move to the next event in the buffer - if raw.NextEntryOffset == 0 { - break - } - offset += raw.NextEntryOffset - - // Error! - if offset >= n { - //lint:ignore ST1005 Windows should be capitalized - w.sendError(errors.New("Windows system assumed buffer larger than it is, events have likely been missed")) - break - } - } - - if err := w.startRead(watch); err != nil { - w.sendError(err) - } - } -} - -func (w *readDirChangesW) toWindowsFlags(mask uint64) uint32 { - var m uint32 - if mask&sysFSMODIFY != 0 { - m |= windows.FILE_NOTIFY_CHANGE_LAST_WRITE - } - if mask&(sysFSMOVE|sysFSCREATE|sysFSDELETE) != 0 { - m |= windows.FILE_NOTIFY_CHANGE_FILE_NAME | windows.FILE_NOTIFY_CHANGE_DIR_NAME - } - return m -} - -func (w *readDirChangesW) toFSnotifyFlags(action uint32) uint64 { - switch action { - case windows.FILE_ACTION_ADDED: - return sysFSCREATE - case windows.FILE_ACTION_REMOVED: - return sysFSDELETE - case windows.FILE_ACTION_MODIFIED: - return sysFSMODIFY - case windows.FILE_ACTION_RENAMED_OLD_NAME: - return sysFSMOVEDFROM - case windows.FILE_ACTION_RENAMED_NEW_NAME: - return sysFSMOVEDTO - } - return 0 -} - -func (w *readDirChangesW) xSupports(op Op) bool { - if op.Has(xUnportableOpen) || op.Has(xUnportableRead) || - op.Has(xUnportableCloseWrite) || op.Has(xUnportableCloseRead) { - return false - } - return true -} diff --git a/vendor/github.com/fsnotify/fsnotify/fsnotify.go b/vendor/github.com/fsnotify/fsnotify/fsnotify.go deleted file mode 100644 index 0760efe91..000000000 --- a/vendor/github.com/fsnotify/fsnotify/fsnotify.go +++ /dev/null @@ -1,494 +0,0 @@ -// Package fsnotify provides a cross-platform interface for file system -// notifications. -// -// Currently supported systems: -// -// - Linux via inotify -// - BSD, macOS via kqueue -// - Windows via ReadDirectoryChangesW -// - illumos via FEN -// -// # FSNOTIFY_DEBUG -// -// Set the FSNOTIFY_DEBUG environment variable to "1" to print debug messages to -// stderr. This can be useful to track down some problems, especially in cases -// where fsnotify is used as an indirect dependency. -// -// Every event will be printed as soon as there's something useful to print, -// with as little processing from fsnotify. -// -// Example output: -// -// FSNOTIFY_DEBUG: 11:34:23.633087586 256:IN_CREATE → "/tmp/file-1" -// FSNOTIFY_DEBUG: 11:34:23.633202319 4:IN_ATTRIB → "/tmp/file-1" -// FSNOTIFY_DEBUG: 11:34:28.989728764 512:IN_DELETE → "/tmp/file-1" -package fsnotify - -import ( - "errors" - "fmt" - "os" - "path/filepath" - "strings" -) - -// Watcher watches a set of paths, delivering events on a channel. -// -// A watcher should not be copied (e.g. pass it by pointer, rather than by -// value). -// -// # Linux notes -// -// When a file is removed a Remove event won't be emitted until all file -// descriptors are closed, and deletes will always emit a Chmod. For example: -// -// fp := os.Open("file") -// os.Remove("file") // Triggers Chmod -// fp.Close() // Triggers Remove -// -// This is the event that inotify sends, so not much can be changed about this. -// -// The fs.inotify.max_user_watches sysctl variable specifies the upper limit -// for the number of watches per user, and fs.inotify.max_user_instances -// specifies the maximum number of inotify instances per user. Every Watcher you -// create is an "instance", and every path you add is a "watch". -// -// These are also exposed in /proc as /proc/sys/fs/inotify/max_user_watches and -// /proc/sys/fs/inotify/max_user_instances -// -// To increase them you can use sysctl or write the value to the /proc file: -// -// # Default values on Linux 5.18 -// sysctl fs.inotify.max_user_watches=124983 -// sysctl fs.inotify.max_user_instances=128 -// -// To make the changes persist on reboot edit /etc/sysctl.conf or -// /usr/lib/sysctl.d/50-default.conf (details differ per Linux distro; check -// your distro's documentation): -// -// fs.inotify.max_user_watches=124983 -// fs.inotify.max_user_instances=128 -// -// Reaching the limit will result in a "no space left on device" or "too many open -// files" error. -// -// # kqueue notes (macOS, BSD) -// -// kqueue requires opening a file descriptor for every file that's being watched; -// so if you're watching a directory with five files then that's six file -// descriptors. You will run in to your system's "max open files" limit faster on -// these platforms. -// -// The sysctl variables kern.maxfiles and kern.maxfilesperproc can be used to -// control the maximum number of open files, as well as /etc/login.conf on BSD -// systems. -// -// # Windows notes -// -// Paths can be added as "C:\\path\\to\\dir", but forward slashes -// ("C:/path/to/dir") will also work. -// -// When a watched directory is removed it will always send an event for the -// directory itself, but may not send events for all files in that directory. -// Sometimes it will send events for all files, sometimes it will send no -// events, and often only for some files. -// -// The default ReadDirectoryChangesW() buffer size is 64K, which is the largest -// value that is guaranteed to work with SMB filesystems. If you have many -// events in quick succession this may not be enough, and you will have to use -// [WithBufferSize] to increase the value. -type Watcher struct { - b backend - - // Events sends the filesystem change events. - // - // fsnotify can send the following events; a "path" here can refer to a - // file, directory, symbolic link, or special file like a FIFO. - // - // fsnotify.Create A new path was created; this may be followed by one - // or more Write events if data also gets written to a - // file. - // - // fsnotify.Remove A path was removed. - // - // fsnotify.Rename A path was renamed. A rename is always sent with the - // old path as Event.Name, and a Create event will be - // sent with the new name. Renames are only sent for - // paths that are currently watched; e.g. moving an - // unmonitored file into a monitored directory will - // show up as just a Create. Similarly, renaming a file - // to outside a monitored directory will show up as - // only a Rename. - // - // fsnotify.Write A file or named pipe was written to. A Truncate will - // also trigger a Write. A single "write action" - // initiated by the user may show up as one or multiple - // writes, depending on when the system syncs things to - // disk. For example when compiling a large Go program - // you may get hundreds of Write events, and you may - // want to wait until you've stopped receiving them - // (see the dedup example in cmd/fsnotify). - // - // Some systems may send Write event for directories - // when the directory content changes. - // - // fsnotify.Chmod Attributes were changed. On Linux this is also sent - // when a file is removed (or more accurately, when a - // link to an inode is removed). On kqueue it's sent - // when a file is truncated. On Windows it's never - // sent. - Events chan Event - - // Errors sends any errors. - Errors chan error -} - -// Event represents a file system notification. -type Event struct { - // Path to the file or directory. - // - // Paths are relative to the input; for example with Add("dir") the Name - // will be set to "dir/file" if you create that file, but if you use - // Add("/path/to/dir") it will be "/path/to/dir/file". - Name string - - // File operation that triggered the event. - // - // This is a bitmask and some systems may send multiple operations at once. - // Use the Event.Has() method instead of comparing with ==. - Op Op - - // Create events will have this set to the old path if it's a rename. This - // only works when both the source and destination are watched. It's not - // reliable when watching individual files, only directories. - // - // For example "mv /tmp/file /tmp/rename" will emit: - // - // Event{Op: Rename, Name: "/tmp/file"} - // Event{Op: Create, Name: "/tmp/rename", RenamedFrom: "/tmp/file"} - renamedFrom string -} - -// Op describes a set of file operations. -type Op uint32 - -// The operations fsnotify can trigger; see the documentation on [Watcher] for a -// full description, and check them with [Event.Has]. -const ( - // A new pathname was created. - Create Op = 1 << iota - - // The pathname was written to; this does *not* mean the write has finished, - // and a write can be followed by more writes. - Write - - // The path was removed; any watches on it will be removed. Some "remove" - // operations may trigger a Rename if the file is actually moved (for - // example "remove to trash" is often a rename). - Remove - - // The path was renamed to something else; any watches on it will be - // removed. - Rename - - // File attributes were changed. - // - // It's generally not recommended to take action on this event, as it may - // get triggered very frequently by some software. For example, Spotlight - // indexing on macOS, anti-virus software, backup software, etc. - Chmod - - // File descriptor was opened. - // - // Only works on Linux and FreeBSD. - xUnportableOpen - - // File was read from. - // - // Only works on Linux and FreeBSD. - xUnportableRead - - // File opened for writing was closed. - // - // Only works on Linux and FreeBSD. - // - // The advantage of using this over Write is that it's more reliable than - // waiting for Write events to stop. It's also faster (if you're not - // listening to Write events): copying a file of a few GB can easily - // generate tens of thousands of Write events in a short span of time. - xUnportableCloseWrite - - // File opened for reading was closed. - // - // Only works on Linux and FreeBSD. - xUnportableCloseRead -) - -var ( - // ErrNonExistentWatch is used when Remove() is called on a path that's not - // added. - ErrNonExistentWatch = errors.New("fsnotify: can't remove non-existent watch") - - // ErrClosed is used when trying to operate on a closed Watcher. - ErrClosed = errors.New("fsnotify: watcher already closed") - - // ErrEventOverflow is reported from the Errors channel when there are too - // many events: - // - // - inotify: inotify returns IN_Q_OVERFLOW – because there are too - // many queued events (the fs.inotify.max_queued_events - // sysctl can be used to increase this). - // - windows: The buffer size is too small; WithBufferSize() can be used to increase it. - // - kqueue, fen: Not used. - ErrEventOverflow = errors.New("fsnotify: queue or buffer overflow") - - // ErrUnsupported is returned by AddWith() when WithOps() specified an - // Unportable event that's not supported on this platform. - xErrUnsupported = errors.New("fsnotify: not supported with this backend") -) - -// NewWatcher creates a new Watcher. -func NewWatcher() (*Watcher, error) { - ev, errs := make(chan Event), make(chan error) - b, err := newBackend(ev, errs) - if err != nil { - return nil, err - } - return &Watcher{b: b, Events: ev, Errors: errs}, nil -} - -// NewBufferedWatcher creates a new Watcher with a buffered Watcher.Events -// channel. -// -// The main use case for this is situations with a very large number of events -// where the kernel buffer size can't be increased (e.g. due to lack of -// permissions). An unbuffered Watcher will perform better for almost all use -// cases, and whenever possible you will be better off increasing the kernel -// buffers instead of adding a large userspace buffer. -func NewBufferedWatcher(sz uint) (*Watcher, error) { - ev, errs := make(chan Event), make(chan error) - b, err := newBufferedBackend(sz, ev, errs) - if err != nil { - return nil, err - } - return &Watcher{b: b, Events: ev, Errors: errs}, nil -} - -// Add starts monitoring the path for changes. -// -// A path can only be watched once; watching it more than once is a no-op and will -// not return an error. Paths that do not yet exist on the filesystem cannot be -// watched. -// -// A watch will be automatically removed if the watched path is deleted or -// renamed. The exception is the Windows backend, which doesn't remove the -// watcher on renames. -// -// Notifications on network filesystems (NFS, SMB, FUSE, etc.) or special -// filesystems (/proc, /sys, etc.) generally don't work. -// -// Returns [ErrClosed] if [Watcher.Close] was called. -// -// See [Watcher.AddWith] for a version that allows adding options. -// -// # Watching directories -// -// All files in a directory are monitored, including new files that are created -// after the watcher is started. Subdirectories are not watched (i.e. it's -// non-recursive). -// -// # Watching files -// -// Watching individual files (rather than directories) is generally not -// recommended as many programs (especially editors) update files atomically: it -// will write to a temporary file which is then moved to destination, -// overwriting the original (or some variant thereof). The watcher on the -// original file is now lost, as that no longer exists. -// -// The upshot of this is that a power failure or crash won't leave a -// half-written file. -// -// Watch the parent directory and use Event.Name to filter out files you're not -// interested in. There is an example of this in cmd/fsnotify/file.go. -func (w *Watcher) Add(path string) error { return w.b.Add(path) } - -// AddWith is like [Watcher.Add], but allows adding options. When using Add() -// the defaults described below are used. -// -// Possible options are: -// -// - [WithBufferSize] sets the buffer size for the Windows backend; no-op on -// other platforms. The default is 64K (65536 bytes). -func (w *Watcher) AddWith(path string, opts ...addOpt) error { return w.b.AddWith(path, opts...) } - -// Remove stops monitoring the path for changes. -// -// Directories are always removed non-recursively. For example, if you added -// /tmp/dir and /tmp/dir/subdir then you will need to remove both. -// -// Removing a path that has not yet been added returns [ErrNonExistentWatch]. -// -// Returns nil if [Watcher.Close] was called. -func (w *Watcher) Remove(path string) error { return w.b.Remove(path) } - -// Close removes all watches and closes the Events channel. -func (w *Watcher) Close() error { return w.b.Close() } - -// WatchList returns all paths explicitly added with [Watcher.Add] (and are not -// yet removed). -// -// Returns nil if [Watcher.Close] was called. -func (w *Watcher) WatchList() []string { return w.b.WatchList() } - -// Supports reports if all the listed operations are supported by this platform. -// -// Create, Write, Remove, Rename, and Chmod are always supported. It can only -// return false for an Op starting with Unportable. -func (w *Watcher) xSupports(op Op) bool { return w.b.xSupports(op) } - -func (o Op) String() string { - var b strings.Builder - if o.Has(Create) { - b.WriteString("|CREATE") - } - if o.Has(Remove) { - b.WriteString("|REMOVE") - } - if o.Has(Write) { - b.WriteString("|WRITE") - } - if o.Has(xUnportableOpen) { - b.WriteString("|OPEN") - } - if o.Has(xUnportableRead) { - b.WriteString("|READ") - } - if o.Has(xUnportableCloseWrite) { - b.WriteString("|CLOSE_WRITE") - } - if o.Has(xUnportableCloseRead) { - b.WriteString("|CLOSE_READ") - } - if o.Has(Rename) { - b.WriteString("|RENAME") - } - if o.Has(Chmod) { - b.WriteString("|CHMOD") - } - if b.Len() == 0 { - return "[no events]" - } - return b.String()[1:] -} - -// Has reports if this operation has the given operation. -func (o Op) Has(h Op) bool { return o&h != 0 } - -// Has reports if this event has the given operation. -func (e Event) Has(op Op) bool { return e.Op.Has(op) } - -// String returns a string representation of the event with their path. -func (e Event) String() string { - if e.renamedFrom != "" { - return fmt.Sprintf("%-13s %q ← %q", e.Op.String(), e.Name, e.renamedFrom) - } - return fmt.Sprintf("%-13s %q", e.Op.String(), e.Name) -} - -type ( - backend interface { - Add(string) error - AddWith(string, ...addOpt) error - Remove(string) error - WatchList() []string - Close() error - xSupports(Op) bool - } - addOpt func(opt *withOpts) - withOpts struct { - bufsize int - op Op - noFollow bool - sendCreate bool - } -) - -var debug = func() bool { - // Check for exactly "1" (rather than mere existence) so we can add - // options/flags in the future. I don't know if we ever want that, but it's - // nice to leave the option open. - return os.Getenv("FSNOTIFY_DEBUG") == "1" -}() - -var defaultOpts = withOpts{ - bufsize: 65536, // 64K - op: Create | Write | Remove | Rename | Chmod, -} - -func getOptions(opts ...addOpt) withOpts { - with := defaultOpts - for _, o := range opts { - if o != nil { - o(&with) - } - } - return with -} - -// WithBufferSize sets the [ReadDirectoryChangesW] buffer size. -// -// This only has effect on Windows systems, and is a no-op for other backends. -// -// The default value is 64K (65536 bytes) which is the highest value that works -// on all filesystems and should be enough for most applications, but if you -// have a large burst of events it may not be enough. You can increase it if -// you're hitting "queue or buffer overflow" errors ([ErrEventOverflow]). -// -// [ReadDirectoryChangesW]: https://learn.microsoft.com/en-gb/windows/win32/api/winbase/nf-winbase-readdirectorychangesw -func WithBufferSize(bytes int) addOpt { - return func(opt *withOpts) { opt.bufsize = bytes } -} - -// WithOps sets which operations to listen for. The default is [Create], -// [Write], [Remove], [Rename], and [Chmod]. -// -// Excluding operations you're not interested in can save quite a bit of CPU -// time; in some use cases there may be hundreds of thousands of useless Write -// or Chmod operations per second. -// -// This can also be used to add unportable operations not supported by all -// platforms; unportable operations all start with "Unportable": -// [UnportableOpen], [UnportableRead], [UnportableCloseWrite], and -// [UnportableCloseRead]. -// -// AddWith returns an error when using an unportable operation that's not -// supported. Use [Watcher.Support] to check for support. -func withOps(op Op) addOpt { - return func(opt *withOpts) { opt.op = op } -} - -// WithNoFollow disables following symlinks, so the symlinks themselves are -// watched. -func withNoFollow() addOpt { - return func(opt *withOpts) { opt.noFollow = true } -} - -// "Internal" option for recursive watches on inotify. -func withCreate() addOpt { - return func(opt *withOpts) { opt.sendCreate = true } -} - -var enableRecurse = false - -// Check if this path is recursive (ends with "/..." or "\..."), and return the -// path with the /... stripped. -func recursivePath(path string) (string, bool) { - path = filepath.Clean(path) - if !enableRecurse { // Only enabled in tests for now. - return path, false - } - if filepath.Base(path) == "..." { - return filepath.Dir(path), true - } - return path, false -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/darwin.go b/vendor/github.com/fsnotify/fsnotify/internal/darwin.go deleted file mode 100644 index b0eab1009..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/darwin.go +++ /dev/null @@ -1,39 +0,0 @@ -//go:build darwin - -package internal - -import ( - "syscall" - - "golang.org/x/sys/unix" -) - -var ( - SyscallEACCES = syscall.EACCES - UnixEACCES = unix.EACCES -) - -var maxfiles uint64 - -// Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ -func SetRlimit() { - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = l.Cur - - if n, err := syscall.SysctlUint32("kern.maxfiles"); err == nil && uint64(n) < maxfiles { - maxfiles = uint64(n) - } - - if n, err := syscall.SysctlUint32("kern.maxfilesperproc"); err == nil && uint64(n) < maxfiles { - maxfiles = uint64(n) - } -} - -func Maxfiles() uint64 { return maxfiles } -func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } -func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, dev) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go deleted file mode 100644 index 928319fb0..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go +++ /dev/null @@ -1,57 +0,0 @@ -package internal - -import "golang.org/x/sys/unix" - -var names = []struct { - n string - m uint32 -}{ - {"NOTE_ABSOLUTE", unix.NOTE_ABSOLUTE}, - {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_BACKGROUND", unix.NOTE_BACKGROUND}, - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_CRITICAL", unix.NOTE_CRITICAL}, - {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, - {"NOTE_EXITSTATUS", unix.NOTE_EXITSTATUS}, - {"NOTE_EXIT_CSERROR", unix.NOTE_EXIT_CSERROR}, - {"NOTE_EXIT_DECRYPTFAIL", unix.NOTE_EXIT_DECRYPTFAIL}, - {"NOTE_EXIT_DETAIL", unix.NOTE_EXIT_DETAIL}, - {"NOTE_EXIT_DETAIL_MASK", unix.NOTE_EXIT_DETAIL_MASK}, - {"NOTE_EXIT_MEMORY", unix.NOTE_EXIT_MEMORY}, - {"NOTE_EXIT_REPARENTED", unix.NOTE_EXIT_REPARENTED}, - {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FORK", unix.NOTE_FORK}, - {"NOTE_FUNLOCK", unix.NOTE_FUNLOCK}, - {"NOTE_LEEWAY", unix.NOTE_LEEWAY}, - {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_MACHTIME", unix.NOTE_MACHTIME}, - {"NOTE_MACH_CONTINUOUS_TIME", unix.NOTE_MACH_CONTINUOUS_TIME}, - {"NOTE_NONE", unix.NOTE_NONE}, - {"NOTE_NSECONDS", unix.NOTE_NSECONDS}, - {"NOTE_OOB", unix.NOTE_OOB}, - //{"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, -0x100000 (?!) - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_REAP", unix.NOTE_REAP}, - {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_SECONDS", unix.NOTE_SECONDS}, - {"NOTE_SIGNAL", unix.NOTE_SIGNAL}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, - {"NOTE_USECONDS", unix.NOTE_USECONDS}, - {"NOTE_VM_ERROR", unix.NOTE_VM_ERROR}, - {"NOTE_VM_PRESSURE", unix.NOTE_VM_PRESSURE}, - {"NOTE_VM_PRESSURE_SUDDEN_TERMINATE", unix.NOTE_VM_PRESSURE_SUDDEN_TERMINATE}, - {"NOTE_VM_PRESSURE_TERMINATE", unix.NOTE_VM_PRESSURE_TERMINATE}, - {"NOTE_WRITE", unix.NOTE_WRITE}, -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go deleted file mode 100644 index 3186b0c34..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go +++ /dev/null @@ -1,33 +0,0 @@ -package internal - -import "golang.org/x/sys/unix" - -var names = []struct { - n string - m uint32 -}{ - {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, - {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FORK", unix.NOTE_FORK}, - {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_OOB", unix.NOTE_OOB}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, - {"NOTE_WRITE", unix.NOTE_WRITE}, -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go deleted file mode 100644 index f69fdb930..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go +++ /dev/null @@ -1,42 +0,0 @@ -package internal - -import "golang.org/x/sys/unix" - -var names = []struct { - n string - m uint32 -}{ - {"NOTE_ABSTIME", unix.NOTE_ABSTIME}, - {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_CLOSE", unix.NOTE_CLOSE}, - {"NOTE_CLOSE_WRITE", unix.NOTE_CLOSE_WRITE}, - {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, - {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FFAND", unix.NOTE_FFAND}, - {"NOTE_FFCOPY", unix.NOTE_FFCOPY}, - {"NOTE_FFCTRLMASK", unix.NOTE_FFCTRLMASK}, - {"NOTE_FFLAGSMASK", unix.NOTE_FFLAGSMASK}, - {"NOTE_FFNOP", unix.NOTE_FFNOP}, - {"NOTE_FFOR", unix.NOTE_FFOR}, - {"NOTE_FILE_POLL", unix.NOTE_FILE_POLL}, - {"NOTE_FORK", unix.NOTE_FORK}, - {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_MSECONDS", unix.NOTE_MSECONDS}, - {"NOTE_NSECONDS", unix.NOTE_NSECONDS}, - {"NOTE_OPEN", unix.NOTE_OPEN}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_READ", unix.NOTE_READ}, - {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_SECONDS", unix.NOTE_SECONDS}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRIGGER", unix.NOTE_TRIGGER}, - {"NOTE_USECONDS", unix.NOTE_USECONDS}, - {"NOTE_WRITE", unix.NOTE_WRITE}, -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go deleted file mode 100644 index 607e683bd..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go +++ /dev/null @@ -1,32 +0,0 @@ -//go:build freebsd || openbsd || netbsd || dragonfly || darwin - -package internal - -import ( - "fmt" - "os" - "strings" - "time" - - "golang.org/x/sys/unix" -) - -func Debug(name string, kevent *unix.Kevent_t) { - mask := uint32(kevent.Fflags) - - var ( - l []string - unknown = mask - ) - for _, n := range names { - if mask&n.m == n.m { - l = append(l, n.n) - unknown ^= n.m - } - } - if unknown > 0 { - l = append(l, fmt.Sprintf("0x%x", unknown)) - } - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s %10d:%-60s → %q\n", - time.Now().Format("15:04:05.000000000"), mask, strings.Join(l, " | "), name) -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_linux.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_linux.go deleted file mode 100644 index 35c734be4..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_linux.go +++ /dev/null @@ -1,56 +0,0 @@ -package internal - -import ( - "fmt" - "os" - "strings" - "time" - - "golang.org/x/sys/unix" -) - -func Debug(name string, mask, cookie uint32) { - names := []struct { - n string - m uint32 - }{ - {"IN_ACCESS", unix.IN_ACCESS}, - {"IN_ATTRIB", unix.IN_ATTRIB}, - {"IN_CLOSE", unix.IN_CLOSE}, - {"IN_CLOSE_NOWRITE", unix.IN_CLOSE_NOWRITE}, - {"IN_CLOSE_WRITE", unix.IN_CLOSE_WRITE}, - {"IN_CREATE", unix.IN_CREATE}, - {"IN_DELETE", unix.IN_DELETE}, - {"IN_DELETE_SELF", unix.IN_DELETE_SELF}, - {"IN_IGNORED", unix.IN_IGNORED}, - {"IN_ISDIR", unix.IN_ISDIR}, - {"IN_MODIFY", unix.IN_MODIFY}, - {"IN_MOVE", unix.IN_MOVE}, - {"IN_MOVED_FROM", unix.IN_MOVED_FROM}, - {"IN_MOVED_TO", unix.IN_MOVED_TO}, - {"IN_MOVE_SELF", unix.IN_MOVE_SELF}, - {"IN_OPEN", unix.IN_OPEN}, - {"IN_Q_OVERFLOW", unix.IN_Q_OVERFLOW}, - {"IN_UNMOUNT", unix.IN_UNMOUNT}, - } - - var ( - l []string - unknown = mask - ) - for _, n := range names { - if mask&n.m == n.m { - l = append(l, n.n) - unknown ^= n.m - } - } - if unknown > 0 { - l = append(l, fmt.Sprintf("0x%x", unknown)) - } - var c string - if cookie > 0 { - c = fmt.Sprintf("(cookie: %d) ", cookie) - } - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s %-30s → %s%q\n", - time.Now().Format("15:04:05.000000000"), strings.Join(l, "|"), c, name) -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go deleted file mode 100644 index e5b3b6f69..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go +++ /dev/null @@ -1,25 +0,0 @@ -package internal - -import "golang.org/x/sys/unix" - -var names = []struct { - n string - m uint32 -}{ - {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, - {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FORK", unix.NOTE_FORK}, - {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_WRITE", unix.NOTE_WRITE}, -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go deleted file mode 100644 index 1dd455bc5..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go +++ /dev/null @@ -1,28 +0,0 @@ -package internal - -import "golang.org/x/sys/unix" - -var names = []struct { - n string - m uint32 -}{ - {"NOTE_ATTRIB", unix.NOTE_ATTRIB}, - // {"NOTE_CHANGE", unix.NOTE_CHANGE}, // Not on 386? - {"NOTE_CHILD", unix.NOTE_CHILD}, - {"NOTE_DELETE", unix.NOTE_DELETE}, - {"NOTE_EOF", unix.NOTE_EOF}, - {"NOTE_EXEC", unix.NOTE_EXEC}, - {"NOTE_EXIT", unix.NOTE_EXIT}, - {"NOTE_EXTEND", unix.NOTE_EXTEND}, - {"NOTE_FORK", unix.NOTE_FORK}, - {"NOTE_LINK", unix.NOTE_LINK}, - {"NOTE_LOWAT", unix.NOTE_LOWAT}, - {"NOTE_PCTRLMASK", unix.NOTE_PCTRLMASK}, - {"NOTE_PDATAMASK", unix.NOTE_PDATAMASK}, - {"NOTE_RENAME", unix.NOTE_RENAME}, - {"NOTE_REVOKE", unix.NOTE_REVOKE}, - {"NOTE_TRACK", unix.NOTE_TRACK}, - {"NOTE_TRACKERR", unix.NOTE_TRACKERR}, - {"NOTE_TRUNCATE", unix.NOTE_TRUNCATE}, - {"NOTE_WRITE", unix.NOTE_WRITE}, -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_solaris.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_solaris.go deleted file mode 100644 index f1b2e73bd..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_solaris.go +++ /dev/null @@ -1,45 +0,0 @@ -package internal - -import ( - "fmt" - "os" - "strings" - "time" - - "golang.org/x/sys/unix" -) - -func Debug(name string, mask int32) { - names := []struct { - n string - m int32 - }{ - {"FILE_ACCESS", unix.FILE_ACCESS}, - {"FILE_MODIFIED", unix.FILE_MODIFIED}, - {"FILE_ATTRIB", unix.FILE_ATTRIB}, - {"FILE_TRUNC", unix.FILE_TRUNC}, - {"FILE_NOFOLLOW", unix.FILE_NOFOLLOW}, - {"FILE_DELETE", unix.FILE_DELETE}, - {"FILE_RENAME_TO", unix.FILE_RENAME_TO}, - {"FILE_RENAME_FROM", unix.FILE_RENAME_FROM}, - {"UNMOUNTED", unix.UNMOUNTED}, - {"MOUNTEDOVER", unix.MOUNTEDOVER}, - {"FILE_EXCEPTION", unix.FILE_EXCEPTION}, - } - - var ( - l []string - unknown = mask - ) - for _, n := range names { - if mask&n.m == n.m { - l = append(l, n.n) - unknown ^= n.m - } - } - if unknown > 0 { - l = append(l, fmt.Sprintf("0x%x", unknown)) - } - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s %10d:%-30s → %q\n", - time.Now().Format("15:04:05.000000000"), mask, strings.Join(l, " | "), name) -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/debug_windows.go b/vendor/github.com/fsnotify/fsnotify/internal/debug_windows.go deleted file mode 100644 index 52bf4ce53..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/debug_windows.go +++ /dev/null @@ -1,40 +0,0 @@ -package internal - -import ( - "fmt" - "os" - "path/filepath" - "strings" - "time" - - "golang.org/x/sys/windows" -) - -func Debug(name string, mask uint32) { - names := []struct { - n string - m uint32 - }{ - {"FILE_ACTION_ADDED", windows.FILE_ACTION_ADDED}, - {"FILE_ACTION_REMOVED", windows.FILE_ACTION_REMOVED}, - {"FILE_ACTION_MODIFIED", windows.FILE_ACTION_MODIFIED}, - {"FILE_ACTION_RENAMED_OLD_NAME", windows.FILE_ACTION_RENAMED_OLD_NAME}, - {"FILE_ACTION_RENAMED_NEW_NAME", windows.FILE_ACTION_RENAMED_NEW_NAME}, - } - - var ( - l []string - unknown = mask - ) - for _, n := range names { - if mask&n.m == n.m { - l = append(l, n.n) - unknown ^= n.m - } - } - if unknown > 0 { - l = append(l, fmt.Sprintf("0x%x", unknown)) - } - fmt.Fprintf(os.Stderr, "FSNOTIFY_DEBUG: %s %-65s → %q\n", - time.Now().Format("15:04:05.000000000"), strings.Join(l, " | "), filepath.ToSlash(name)) -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go b/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go deleted file mode 100644 index 547df1df8..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/freebsd.go +++ /dev/null @@ -1,31 +0,0 @@ -//go:build freebsd - -package internal - -import ( - "syscall" - - "golang.org/x/sys/unix" -) - -var ( - SyscallEACCES = syscall.EACCES - UnixEACCES = unix.EACCES -) - -var maxfiles uint64 - -func SetRlimit() { - // Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = uint64(l.Cur) -} - -func Maxfiles() uint64 { return maxfiles } -func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } -func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, uint64(dev)) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/internal.go b/vendor/github.com/fsnotify/fsnotify/internal/internal.go deleted file mode 100644 index 7daa45e19..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/internal.go +++ /dev/null @@ -1,2 +0,0 @@ -// Package internal contains some helpers. -package internal diff --git a/vendor/github.com/fsnotify/fsnotify/internal/unix.go b/vendor/github.com/fsnotify/fsnotify/internal/unix.go deleted file mode 100644 index 30976ce97..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/unix.go +++ /dev/null @@ -1,31 +0,0 @@ -//go:build !windows && !darwin && !freebsd - -package internal - -import ( - "syscall" - - "golang.org/x/sys/unix" -) - -var ( - SyscallEACCES = syscall.EACCES - UnixEACCES = unix.EACCES -) - -var maxfiles uint64 - -func SetRlimit() { - // Go 1.19 will do this automatically: https://go-review.googlesource.com/c/go/+/393354/ - var l syscall.Rlimit - err := syscall.Getrlimit(syscall.RLIMIT_NOFILE, &l) - if err == nil && l.Cur != l.Max { - l.Cur = l.Max - syscall.Setrlimit(syscall.RLIMIT_NOFILE, &l) - } - maxfiles = uint64(l.Cur) -} - -func Maxfiles() uint64 { return maxfiles } -func Mkfifo(path string, mode uint32) error { return unix.Mkfifo(path, mode) } -func Mknod(path string, mode uint32, dev int) error { return unix.Mknod(path, mode, dev) } diff --git a/vendor/github.com/fsnotify/fsnotify/internal/unix2.go b/vendor/github.com/fsnotify/fsnotify/internal/unix2.go deleted file mode 100644 index 37dfeddc2..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/unix2.go +++ /dev/null @@ -1,7 +0,0 @@ -//go:build !windows - -package internal - -func HasPrivilegesForSymlink() bool { - return true -} diff --git a/vendor/github.com/fsnotify/fsnotify/internal/windows.go b/vendor/github.com/fsnotify/fsnotify/internal/windows.go deleted file mode 100644 index a72c64954..000000000 --- a/vendor/github.com/fsnotify/fsnotify/internal/windows.go +++ /dev/null @@ -1,41 +0,0 @@ -//go:build windows - -package internal - -import ( - "errors" - - "golang.org/x/sys/windows" -) - -// Just a dummy. -var ( - SyscallEACCES = errors.New("dummy") - UnixEACCES = errors.New("dummy") -) - -func SetRlimit() {} -func Maxfiles() uint64 { return 1<<64 - 1 } -func Mkfifo(path string, mode uint32) error { return errors.New("no FIFOs on Windows") } -func Mknod(path string, mode uint32, dev int) error { return errors.New("no device nodes on Windows") } - -func HasPrivilegesForSymlink() bool { - var sid *windows.SID - err := windows.AllocateAndInitializeSid( - &windows.SECURITY_NT_AUTHORITY, - 2, - windows.SECURITY_BUILTIN_DOMAIN_RID, - windows.DOMAIN_ALIAS_RID_ADMINS, - 0, 0, 0, 0, 0, 0, - &sid) - if err != nil { - return false - } - defer windows.FreeSid(sid) - token := windows.Token(0) - member, err := token.IsMember(sid) - if err != nil { - return false - } - return member || token.IsElevated() -} diff --git a/vendor/github.com/fsnotify/fsnotify/system_bsd.go b/vendor/github.com/fsnotify/fsnotify/system_bsd.go deleted file mode 100644 index f65e8fe3e..000000000 --- a/vendor/github.com/fsnotify/fsnotify/system_bsd.go +++ /dev/null @@ -1,7 +0,0 @@ -//go:build freebsd || openbsd || netbsd || dragonfly - -package fsnotify - -import "golang.org/x/sys/unix" - -const openMode = unix.O_NONBLOCK | unix.O_RDONLY | unix.O_CLOEXEC diff --git a/vendor/github.com/fsnotify/fsnotify/system_darwin.go b/vendor/github.com/fsnotify/fsnotify/system_darwin.go deleted file mode 100644 index a29fc7aab..000000000 --- a/vendor/github.com/fsnotify/fsnotify/system_darwin.go +++ /dev/null @@ -1,8 +0,0 @@ -//go:build darwin - -package fsnotify - -import "golang.org/x/sys/unix" - -// note: this constant is not defined on BSD -const openMode = unix.O_EVTONLY | unix.O_CLOEXEC diff --git a/vendor/k8s.io/api/admission/v1/doc.go b/vendor/k8s.io/api/admission/v1/doc.go deleted file mode 100644 index e7df9f629..000000000 --- a/vendor/k8s.io/api/admission/v1/doc.go +++ /dev/null @@ -1,23 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:protobuf-gen=package -// +k8s:openapi-gen=false -// +k8s:prerelease-lifecycle-gen=true -// +groupName=admission.k8s.io - -package v1 // import "k8s.io/api/admission/v1" diff --git a/vendor/k8s.io/api/admission/v1/generated.pb.go b/vendor/k8s.io/api/admission/v1/generated.pb.go deleted file mode 100644 index f5c417919..000000000 --- a/vendor/k8s.io/api/admission/v1/generated.pb.go +++ /dev/null @@ -1,1782 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: k8s.io/api/admission/v1/generated.proto - -package v1 - -import ( - fmt "fmt" - - io "io" - - proto "github.com/gogo/protobuf/proto" - github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - math "math" - math_bits "math/bits" - reflect "reflect" - strings "strings" - - k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package - -func (m *AdmissionRequest) Reset() { *m = AdmissionRequest{} } -func (*AdmissionRequest) ProtoMessage() {} -func (*AdmissionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_7b47d27831186ccf, []int{0} -} -func (m *AdmissionRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdmissionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdmissionRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdmissionRequest.Merge(m, src) -} -func (m *AdmissionRequest) XXX_Size() int { - return m.Size() -} -func (m *AdmissionRequest) XXX_DiscardUnknown() { - xxx_messageInfo_AdmissionRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_AdmissionRequest proto.InternalMessageInfo - -func (m *AdmissionResponse) Reset() { *m = AdmissionResponse{} } -func (*AdmissionResponse) ProtoMessage() {} -func (*AdmissionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_7b47d27831186ccf, []int{1} -} -func (m *AdmissionResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdmissionResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdmissionResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdmissionResponse.Merge(m, src) -} -func (m *AdmissionResponse) XXX_Size() int { - return m.Size() -} -func (m *AdmissionResponse) XXX_DiscardUnknown() { - xxx_messageInfo_AdmissionResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_AdmissionResponse proto.InternalMessageInfo - -func (m *AdmissionReview) Reset() { *m = AdmissionReview{} } -func (*AdmissionReview) ProtoMessage() {} -func (*AdmissionReview) Descriptor() ([]byte, []int) { - return fileDescriptor_7b47d27831186ccf, []int{2} -} -func (m *AdmissionReview) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdmissionReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdmissionReview) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdmissionReview.Merge(m, src) -} -func (m *AdmissionReview) XXX_Size() int { - return m.Size() -} -func (m *AdmissionReview) XXX_DiscardUnknown() { - xxx_messageInfo_AdmissionReview.DiscardUnknown(m) -} - -var xxx_messageInfo_AdmissionReview proto.InternalMessageInfo - -func init() { - proto.RegisterType((*AdmissionRequest)(nil), "k8s.io.api.admission.v1.AdmissionRequest") - proto.RegisterType((*AdmissionResponse)(nil), "k8s.io.api.admission.v1.AdmissionResponse") - proto.RegisterMapType((map[string]string)(nil), "k8s.io.api.admission.v1.AdmissionResponse.AuditAnnotationsEntry") - proto.RegisterType((*AdmissionReview)(nil), "k8s.io.api.admission.v1.AdmissionReview") -} - -func init() { - proto.RegisterFile("k8s.io/api/admission/v1/generated.proto", fileDescriptor_7b47d27831186ccf) -} - -var fileDescriptor_7b47d27831186ccf = []byte{ - // 907 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0x4f, 0x6f, 0x1b, 0x45, - 0x14, 0xf7, 0xd6, 0x8e, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0xba, 0xf2, 0x61, 0x6d, 0x72, 0x00, - 0x17, 0xb5, 0xbb, 0x24, 0x82, 0x2a, 0xaa, 0x40, 0x22, 0x4b, 0x2a, 0x14, 0x90, 0x9a, 0x68, 0xda, - 0x40, 0xc5, 0x01, 0x69, 0x62, 0x4f, 0xed, 0xc1, 0xf6, 0xcc, 0xb2, 0x33, 0xeb, 0xe0, 0x1b, 0x27, - 0xce, 0x7c, 0x03, 0x8e, 0x7c, 0x06, 0xbe, 0x41, 0x8e, 0x3d, 0xf6, 0x64, 0x11, 0xf3, 0x2d, 0x72, - 0x42, 0x33, 0x3b, 0xfb, 0xa7, 0x89, 0x2d, 0x42, 0xc3, 0x29, 0xfb, 0xfe, 0xfc, 0x7e, 0xef, 0xe5, - 0xf7, 0xf6, 0xbd, 0x35, 0xf8, 0x70, 0xbc, 0x2b, 0x3c, 0xca, 0x7d, 0x1c, 0x52, 0x1f, 0x0f, 0xa6, - 0x54, 0x08, 0xca, 0x99, 0x3f, 0xdb, 0xf6, 0x87, 0x84, 0x91, 0x08, 0x4b, 0x32, 0xf0, 0xc2, 0x88, - 0x4b, 0x0e, 0xef, 0x25, 0x89, 0x1e, 0x0e, 0xa9, 0x97, 0x25, 0x7a, 0xb3, 0xed, 0xf6, 0xc3, 0x21, - 0x95, 0xa3, 0xf8, 0xc4, 0xeb, 0xf3, 0xa9, 0x3f, 0xe4, 0x43, 0xee, 0xeb, 0xfc, 0x93, 0xf8, 0xa5, - 0xb6, 0xb4, 0xa1, 0x9f, 0x12, 0x9e, 0xf6, 0x83, 0x62, 0xc1, 0x58, 0x8e, 0x08, 0x93, 0xb4, 0x8f, - 0xe5, 0xea, 0xaa, 0xed, 0x4f, 0xf2, 0xec, 0x29, 0xee, 0x8f, 0x28, 0x23, 0xd1, 0xdc, 0x0f, 0xc7, - 0x43, 0xe5, 0x10, 0xfe, 0x94, 0x48, 0xbc, 0x0a, 0xe5, 0xaf, 0x43, 0x45, 0x31, 0x93, 0x74, 0x4a, - 0xae, 0x00, 0x1e, 0xfd, 0x1b, 0x40, 0xf4, 0x47, 0x64, 0x8a, 0x2f, 0xe3, 0xb6, 0x7e, 0xb7, 0x41, - 0x6b, 0x2f, 0x15, 0x03, 0x91, 0x9f, 0x62, 0x22, 0x24, 0x0c, 0x40, 0x39, 0xa6, 0x03, 0xc7, 0xea, - 0x5a, 0x3d, 0x3b, 0xf8, 0xf8, 0x6c, 0xd1, 0x29, 0x2d, 0x17, 0x9d, 0xf2, 0xf1, 0xc1, 0xfe, 0xc5, - 0xa2, 0xf3, 0xfe, 0xba, 0x42, 0x72, 0x1e, 0x12, 0xe1, 0x1d, 0x1f, 0xec, 0x23, 0x05, 0x86, 0x2f, - 0x40, 0x65, 0x4c, 0xd9, 0xc0, 0xb9, 0xd5, 0xb5, 0x7a, 0x8d, 0x9d, 0x47, 0x5e, 0x2e, 0x7e, 0x06, - 0xf3, 0xc2, 0xf1, 0x50, 0x39, 0x84, 0xa7, 0x64, 0xf0, 0x66, 0xdb, 0xde, 0x57, 0x11, 0x8f, 0xc3, - 0x6f, 0x49, 0xa4, 0x9a, 0xf9, 0x86, 0xb2, 0x41, 0xb0, 0x69, 0x8a, 0x57, 0x94, 0x85, 0x34, 0x23, - 0x1c, 0x81, 0x7a, 0x44, 0x04, 0x8f, 0xa3, 0x3e, 0x71, 0xca, 0x9a, 0xfd, 0xf1, 0x7f, 0x67, 0x47, - 0x86, 0x21, 0x68, 0x99, 0x0a, 0xf5, 0xd4, 0x83, 0x32, 0x76, 0xf8, 0x29, 0x68, 0x88, 0xf8, 0x24, - 0x0d, 0x38, 0x15, 0xad, 0xc7, 0x5d, 0x03, 0x68, 0x3c, 0xcb, 0x43, 0xa8, 0x98, 0x07, 0x29, 0x68, - 0x44, 0x89, 0x92, 0xaa, 0x6b, 0xe7, 0x9d, 0x1b, 0x29, 0xd0, 0x54, 0xa5, 0x50, 0x4e, 0x87, 0x8a, - 0xdc, 0x70, 0x0e, 0x9a, 0xc6, 0xcc, 0xba, 0xbc, 0x7d, 0x63, 0x49, 0xee, 0x2e, 0x17, 0x9d, 0x26, - 0x7a, 0x93, 0x16, 0x5d, 0xae, 0x03, 0xbf, 0x06, 0xd0, 0xb8, 0x0a, 0x42, 0x38, 0x4d, 0xad, 0x51, - 0xdb, 0x68, 0x04, 0xd1, 0x95, 0x0c, 0xb4, 0x02, 0x05, 0xbb, 0xa0, 0xc2, 0xf0, 0x94, 0x38, 0x1b, - 0x1a, 0x9d, 0x0d, 0xfd, 0x29, 0x9e, 0x12, 0xa4, 0x23, 0xd0, 0x07, 0xb6, 0xfa, 0x2b, 0x42, 0xdc, - 0x27, 0x4e, 0x55, 0xa7, 0xdd, 0x31, 0x69, 0xf6, 0xd3, 0x34, 0x80, 0xf2, 0x1c, 0xf8, 0x19, 0xb0, - 0x79, 0xa8, 0x5e, 0x75, 0xca, 0x99, 0x53, 0xd3, 0x00, 0x37, 0x05, 0x1c, 0xa6, 0x81, 0x8b, 0xa2, - 0x81, 0x72, 0x00, 0x7c, 0x0e, 0xea, 0xb1, 0x20, 0xd1, 0x01, 0x7b, 0xc9, 0x9d, 0xba, 0x16, 0xf4, - 0x03, 0xaf, 0x78, 0x3e, 0xde, 0x58, 0x7b, 0x25, 0xe4, 0xb1, 0xc9, 0xce, 0xdf, 0xa7, 0xd4, 0x83, - 0x32, 0x26, 0x78, 0x0c, 0xaa, 0xfc, 0xe4, 0x47, 0xd2, 0x97, 0x8e, 0xad, 0x39, 0x1f, 0xae, 0x1d, - 0x92, 0xd9, 0x5a, 0x0f, 0xe1, 0xd3, 0x27, 0x3f, 0x4b, 0xc2, 0xd4, 0x7c, 0x82, 0xdb, 0x86, 0xba, - 0x7a, 0xa8, 0x49, 0x90, 0x21, 0x83, 0x3f, 0x00, 0x9b, 0x4f, 0x06, 0x89, 0xd3, 0x01, 0x6f, 0xc3, - 0x9c, 0x49, 0x79, 0x98, 0xf2, 0xa0, 0x9c, 0x12, 0x6e, 0x81, 0xea, 0x20, 0x9a, 0xa3, 0x98, 0x39, - 0x8d, 0xae, 0xd5, 0xab, 0x07, 0x40, 0xf5, 0xb0, 0xaf, 0x3d, 0xc8, 0x44, 0xe0, 0x0b, 0x50, 0xe3, - 0xa1, 0x12, 0x43, 0x38, 0x9b, 0x6f, 0xd3, 0x41, 0xd3, 0x74, 0x50, 0x3b, 0x4c, 0x58, 0x50, 0x4a, - 0xb7, 0xf5, 0x47, 0x05, 0xdc, 0x29, 0x5c, 0x28, 0x11, 0x72, 0x26, 0xc8, 0xff, 0x72, 0xa2, 0xee, - 0x83, 0x1a, 0x9e, 0x4c, 0xf8, 0x29, 0x49, 0xae, 0x54, 0x3d, 0x6f, 0x62, 0x2f, 0x71, 0xa3, 0x34, - 0x0e, 0x8f, 0x40, 0x55, 0x48, 0x2c, 0x63, 0x61, 0x2e, 0xce, 0x83, 0xeb, 0xad, 0xd7, 0x33, 0x8d, - 0x49, 0x04, 0x43, 0x44, 0xc4, 0x13, 0x89, 0x0c, 0x0f, 0xec, 0x80, 0x8d, 0x10, 0xcb, 0xfe, 0x48, - 0x5f, 0x95, 0xcd, 0xc0, 0x5e, 0x2e, 0x3a, 0x1b, 0x47, 0xca, 0x81, 0x12, 0x3f, 0xdc, 0x05, 0xb6, - 0x7e, 0x78, 0x3e, 0x0f, 0xd3, 0xc5, 0x68, 0xab, 0x11, 0x1d, 0xa5, 0xce, 0x8b, 0xa2, 0x81, 0xf2, - 0x64, 0xf8, 0xab, 0x05, 0x5a, 0x38, 0x1e, 0x50, 0xb9, 0xc7, 0x18, 0x97, 0x38, 0x99, 0x4a, 0xb5, - 0x5b, 0xee, 0x35, 0x76, 0xbe, 0xf0, 0xd6, 0x7c, 0x04, 0xbd, 0x2b, 0x12, 0x7b, 0x7b, 0x97, 0x28, - 0x9e, 0x30, 0x19, 0xcd, 0x03, 0xc7, 0x68, 0xd4, 0xba, 0x1c, 0x46, 0x57, 0x6a, 0xc2, 0x1e, 0xa8, - 0x9f, 0xe2, 0x88, 0x51, 0x36, 0x14, 0x4e, 0xad, 0x5b, 0x56, 0xab, 0xad, 0x36, 0xe3, 0x3b, 0xe3, - 0x43, 0x59, 0xb4, 0xfd, 0x25, 0x78, 0x6f, 0x65, 0x39, 0xd8, 0x02, 0xe5, 0x31, 0x99, 0x27, 0x73, - 0x46, 0xea, 0x11, 0xbe, 0x0b, 0x36, 0x66, 0x78, 0x12, 0x13, 0x3d, 0x33, 0x1b, 0x25, 0xc6, 0xe3, - 0x5b, 0xbb, 0xd6, 0xd6, 0x9f, 0x16, 0x68, 0x16, 0xfe, 0x8d, 0x19, 0x25, 0xa7, 0xf0, 0x08, 0xd4, - 0xcc, 0xbd, 0xd1, 0x1c, 0x8d, 0x9d, 0xfb, 0xd7, 0x51, 0x40, 0x03, 0x82, 0x86, 0x7a, 0x15, 0xd2, - 0x3b, 0x98, 0xd2, 0xa8, 0xd3, 0x10, 0x19, 0x89, 0xcc, 0xc7, 0xed, 0xa3, 0xeb, 0x8b, 0x9a, 0x08, - 0x90, 0x5a, 0x28, 0x63, 0x0a, 0x3e, 0x3f, 0x3b, 0x77, 0x4b, 0xaf, 0xce, 0xdd, 0xd2, 0xeb, 0x73, - 0xb7, 0xf4, 0xcb, 0xd2, 0xb5, 0xce, 0x96, 0xae, 0xf5, 0x6a, 0xe9, 0x5a, 0xaf, 0x97, 0xae, 0xf5, - 0xd7, 0xd2, 0xb5, 0x7e, 0xfb, 0xdb, 0x2d, 0x7d, 0x7f, 0x6f, 0xcd, 0x6f, 0x9d, 0x7f, 0x02, 0x00, - 0x00, 0xff, 0xff, 0x5c, 0x49, 0x23, 0x22, 0x05, 0x09, 0x00, 0x00, -} - -func (m *AdmissionRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdmissionRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdmissionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - i -= len(m.RequestSubResource) - copy(dAtA[i:], m.RequestSubResource) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.RequestSubResource))) - i-- - dAtA[i] = 0x7a - if m.RequestResource != nil { - { - size, err := m.RequestResource.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x72 - } - if m.RequestKind != nil { - { - size, err := m.RequestKind.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x6a - } - { - size, err := m.Options.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x62 - if m.DryRun != nil { - i-- - if *m.DryRun { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x58 - } - { - size, err := m.OldObject.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - { - size, err := m.Object.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x4a - { - size, err := m.UserInfo.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - i -= len(m.Operation) - copy(dAtA[i:], m.Operation) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Operation))) - i-- - dAtA[i] = 0x3a - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0x32 - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x2a - i -= len(m.SubResource) - copy(dAtA[i:], m.SubResource) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.SubResource))) - i-- - dAtA[i] = 0x22 - { - size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - { - size, err := m.Kind.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - i -= len(m.UID) - copy(dAtA[i:], m.UID) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *AdmissionResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdmissionResponse) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdmissionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Warnings) > 0 { - for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Warnings[iNdEx]) - copy(dAtA[i:], m.Warnings[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warnings[iNdEx]))) - i-- - dAtA[i] = 0x3a - } - } - if len(m.AuditAnnotations) > 0 { - keysForAuditAnnotations := make([]string, 0, len(m.AuditAnnotations)) - for k := range m.AuditAnnotations { - keysForAuditAnnotations = append(keysForAuditAnnotations, string(k)) - } - github_com_gogo_protobuf_sortkeys.Strings(keysForAuditAnnotations) - for iNdEx := len(keysForAuditAnnotations) - 1; iNdEx >= 0; iNdEx-- { - v := m.AuditAnnotations[string(keysForAuditAnnotations[iNdEx])] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintGenerated(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(keysForAuditAnnotations[iNdEx]) - copy(dAtA[i:], keysForAuditAnnotations[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(keysForAuditAnnotations[iNdEx]))) - i-- - dAtA[i] = 0xa - i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x32 - } - } - if m.PatchType != nil { - i -= len(*m.PatchType) - copy(dAtA[i:], *m.PatchType) - i = encodeVarintGenerated(dAtA, i, uint64(len(*m.PatchType))) - i-- - dAtA[i] = 0x2a - } - if m.Patch != nil { - i -= len(m.Patch) - copy(dAtA[i:], m.Patch) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Patch))) - i-- - dAtA[i] = 0x22 - } - if m.Result != nil { - { - size, err := m.Result.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - i-- - if m.Allowed { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - i -= len(m.UID) - copy(dAtA[i:], m.UID) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *AdmissionReview) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdmissionReview) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdmissionReview) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.Response != nil { - { - size, err := m.Response.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - if m.Request != nil { - { - size, err := m.Request.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { - offset -= sovGenerated(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *AdmissionRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.UID) - n += 1 + l + sovGenerated(uint64(l)) - l = m.Kind.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.Resource.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.SubResource) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Name) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Namespace) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Operation) - n += 1 + l + sovGenerated(uint64(l)) - l = m.UserInfo.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.Object.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.OldObject.Size() - n += 1 + l + sovGenerated(uint64(l)) - if m.DryRun != nil { - n += 2 - } - l = m.Options.Size() - n += 1 + l + sovGenerated(uint64(l)) - if m.RequestKind != nil { - l = m.RequestKind.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.RequestResource != nil { - l = m.RequestResource.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - l = len(m.RequestSubResource) - n += 1 + l + sovGenerated(uint64(l)) - return n -} - -func (m *AdmissionResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.UID) - n += 1 + l + sovGenerated(uint64(l)) - n += 2 - if m.Result != nil { - l = m.Result.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.Patch != nil { - l = len(m.Patch) - n += 1 + l + sovGenerated(uint64(l)) - } - if m.PatchType != nil { - l = len(*m.PatchType) - n += 1 + l + sovGenerated(uint64(l)) - } - if len(m.AuditAnnotations) > 0 { - for k, v := range m.AuditAnnotations { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) - n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) - } - } - if len(m.Warnings) > 0 { - for _, s := range m.Warnings { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - -func (m *AdmissionReview) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Request != nil { - l = m.Request.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.Response != nil { - l = m.Response.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - return n -} - -func sovGenerated(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozGenerated(x uint64) (n int) { - return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (this *AdmissionRequest) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&AdmissionRequest{`, - `UID:` + fmt.Sprintf("%v", this.UID) + `,`, - `Kind:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Kind), "GroupVersionKind", "v1.GroupVersionKind", 1), `&`, ``, 1) + `,`, - `Resource:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Resource), "GroupVersionResource", "v1.GroupVersionResource", 1), `&`, ``, 1) + `,`, - `SubResource:` + fmt.Sprintf("%v", this.SubResource) + `,`, - `Name:` + fmt.Sprintf("%v", this.Name) + `,`, - `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, - `Operation:` + fmt.Sprintf("%v", this.Operation) + `,`, - `UserInfo:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.UserInfo), "UserInfo", "v11.UserInfo", 1), `&`, ``, 1) + `,`, - `Object:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Object), "RawExtension", "runtime.RawExtension", 1), `&`, ``, 1) + `,`, - `OldObject:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.OldObject), "RawExtension", "runtime.RawExtension", 1), `&`, ``, 1) + `,`, - `DryRun:` + valueToStringGenerated(this.DryRun) + `,`, - `Options:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Options), "RawExtension", "runtime.RawExtension", 1), `&`, ``, 1) + `,`, - `RequestKind:` + strings.Replace(fmt.Sprintf("%v", this.RequestKind), "GroupVersionKind", "v1.GroupVersionKind", 1) + `,`, - `RequestResource:` + strings.Replace(fmt.Sprintf("%v", this.RequestResource), "GroupVersionResource", "v1.GroupVersionResource", 1) + `,`, - `RequestSubResource:` + fmt.Sprintf("%v", this.RequestSubResource) + `,`, - `}`, - }, "") - return s -} -func (this *AdmissionResponse) String() string { - if this == nil { - return "nil" - } - keysForAuditAnnotations := make([]string, 0, len(this.AuditAnnotations)) - for k := range this.AuditAnnotations { - keysForAuditAnnotations = append(keysForAuditAnnotations, k) - } - github_com_gogo_protobuf_sortkeys.Strings(keysForAuditAnnotations) - mapStringForAuditAnnotations := "map[string]string{" - for _, k := range keysForAuditAnnotations { - mapStringForAuditAnnotations += fmt.Sprintf("%v: %v,", k, this.AuditAnnotations[k]) - } - mapStringForAuditAnnotations += "}" - s := strings.Join([]string{`&AdmissionResponse{`, - `UID:` + fmt.Sprintf("%v", this.UID) + `,`, - `Allowed:` + fmt.Sprintf("%v", this.Allowed) + `,`, - `Result:` + strings.Replace(fmt.Sprintf("%v", this.Result), "Status", "v1.Status", 1) + `,`, - `Patch:` + valueToStringGenerated(this.Patch) + `,`, - `PatchType:` + valueToStringGenerated(this.PatchType) + `,`, - `AuditAnnotations:` + mapStringForAuditAnnotations + `,`, - `Warnings:` + fmt.Sprintf("%v", this.Warnings) + `,`, - `}`, - }, "") - return s -} -func (this *AdmissionReview) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&AdmissionReview{`, - `Request:` + strings.Replace(this.Request.String(), "AdmissionRequest", "AdmissionRequest", 1) + `,`, - `Response:` + strings.Replace(this.Response.String(), "AdmissionResponse", "AdmissionResponse", 1) + `,`, - `}`, - }, "") - return s -} -func valueToStringGenerated(v interface{}) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" - } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("*%v", pv) -} -func (m *AdmissionRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdmissionRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdmissionRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Kind.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Resource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SubResource", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SubResource = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Operation", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Operation = Operation(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserInfo", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.UserInfo.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Object", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Object.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field OldObject", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.OldObject.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DryRun", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - b := bool(v != 0) - m.DryRun = &b - case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Options.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestKind", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.RequestKind == nil { - m.RequestKind = &v1.GroupVersionKind{} - } - if err := m.RequestKind.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 14: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestResource", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.RequestResource == nil { - m.RequestResource = &v1.GroupVersionResource{} - } - if err := m.RequestResource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestSubResource", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RequestSubResource = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AdmissionResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdmissionResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdmissionResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Allowed", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Allowed = bool(v != 0) - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Result", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Result == nil { - m.Result = &v1.Status{} - } - if err := m.Result.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Patch", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Patch = append(m.Patch[:0], dAtA[iNdEx:postIndex]...) - if m.Patch == nil { - m.Patch = []byte{} - } - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PatchType", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - s := PatchType(dAtA[iNdEx:postIndex]) - m.PatchType = &s - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AuditAnnotations", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.AuditAnnotations == nil { - m.AuditAnnotations = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthGenerated - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthGenerated - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthGenerated - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthGenerated - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.AuditAnnotations[mapkey] = mapvalue - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Warnings", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Warnings = append(m.Warnings, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AdmissionReview) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdmissionReview: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdmissionReview: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Request", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Request == nil { - m.Request = &AdmissionRequest{} - } - if err := m.Request.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Response", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Response == nil { - m.Response = &AdmissionResponse{} - } - if err := m.Response.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipGenerated(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthGenerated - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupGenerated - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") -) diff --git a/vendor/k8s.io/api/admission/v1/generated.proto b/vendor/k8s.io/api/admission/v1/generated.proto deleted file mode 100644 index 9648aa58f..000000000 --- a/vendor/k8s.io/api/admission/v1/generated.proto +++ /dev/null @@ -1,167 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - - -// This file was autogenerated by go-to-protobuf. Do not edit it manually! - -syntax = "proto2"; - -package k8s.io.api.admission.v1; - -import "k8s.io/api/authentication/v1/generated.proto"; -import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; -import "k8s.io/apimachinery/pkg/runtime/generated.proto"; -import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; - -// Package-wide variables from generator "generated". -option go_package = "k8s.io/api/admission/v1"; - -// AdmissionRequest describes the admission.Attributes for the admission request. -message AdmissionRequest { - // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are - // otherwise identical (parallel requests, requests when earlier requests did not modify etc) - // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - optional string uid = 1; - - // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) - optional .k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind kind = 2; - - // Resource is the fully-qualified resource being requested (for example, v1.pods) - optional .k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionResource resource = 3; - - // SubResource is the subresource being requested, if any (for example, "status" or "scale") - // +optional - optional string subResource = 4; - - // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). - // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), - // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type for more details. - // +optional - optional .k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind requestKind = 13; - - // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). - // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), - // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - optional .k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionResource requestResource = 14; - - // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") - // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - optional string requestSubResource = 15; - - // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and - // rely on the server to generate the name. If that is the case, this field will contain an empty string. - // +optional - optional string name = 5; - - // Namespace is the namespace associated with the request (if any). - // +optional - optional string namespace = 6; - - // Operation is the operation being performed. This may be different than the operation - // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. - optional string operation = 7; - - // UserInfo is information about the requesting user - optional .k8s.io.api.authentication.v1.UserInfo userInfo = 8; - - // Object is the object from the incoming request. - // +optional - optional .k8s.io.apimachinery.pkg.runtime.RawExtension object = 9; - - // OldObject is the existing object. Only populated for DELETE and UPDATE requests. - // +optional - optional .k8s.io.apimachinery.pkg.runtime.RawExtension oldObject = 10; - - // DryRun indicates that modifications will definitely not be persisted for this request. - // Defaults to false. - // +optional - optional bool dryRun = 11; - - // Options is the operation option structure of the operation being performed. - // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be - // different than the options the caller provided. e.g. for a patch request the performed - // Operation might be a CREATE, in which case the Options will a - // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. - // +optional - optional .k8s.io.apimachinery.pkg.runtime.RawExtension options = 12; -} - -// AdmissionResponse describes an admission response. -message AdmissionResponse { - // UID is an identifier for the individual request/response. - // This must be copied over from the corresponding AdmissionRequest. - optional string uid = 1; - - // Allowed indicates whether or not the admission request was permitted. - optional bool allowed = 2; - - // Result contains extra details into why an admission request was denied. - // This field IS NOT consulted in any way if "Allowed" is "true". - // +optional - optional .k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 3; - - // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. - // +optional - optional bytes patch = 4; - - // The type of Patch. Currently we only allow "JSONPatch". - // +optional - optional string patchType = 5; - - // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). - // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with - // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by - // the admission webhook to add additional context to the audit log for this request. - // +optional - map auditAnnotations = 6; - - // warnings is a list of warning messages to return to the requesting API client. - // Warning messages describe a problem the client making the API request should correct or be aware of. - // Limit warnings to 120 characters if possible. - // Warnings over 256 characters and large numbers of warnings may be truncated. - // +optional - repeated string warnings = 7; -} - -// AdmissionReview describes an admission review request/response. -message AdmissionReview { - // Request describes the attributes for the admission request. - // +optional - optional AdmissionRequest request = 1; - - // Response describes the attributes for the admission response. - // +optional - optional AdmissionResponse response = 2; -} - diff --git a/vendor/k8s.io/api/admission/v1/register.go b/vendor/k8s.io/api/admission/v1/register.go deleted file mode 100644 index 79000535c..000000000 --- a/vendor/k8s.io/api/admission/v1/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name for this API. -const GroupName = "admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. -// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - localSchemeBuilder = &SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme. - AddToScheme = localSchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &AdmissionReview{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/vendor/k8s.io/api/admission/v1/types.go b/vendor/k8s.io/api/admission/v1/types.go deleted file mode 100644 index 2def92da5..000000000 --- a/vendor/k8s.io/api/admission/v1/types.go +++ /dev/null @@ -1,170 +0,0 @@ -/* -Copyright 2019 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -import ( - authenticationv1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +k8s:prerelease-lifecycle-gen:introduced=1.19 - -// AdmissionReview describes an admission review request/response. -type AdmissionReview struct { - metav1.TypeMeta `json:",inline"` - // Request describes the attributes for the admission request. - // +optional - Request *AdmissionRequest `json:"request,omitempty" protobuf:"bytes,1,opt,name=request"` - // Response describes the attributes for the admission response. - // +optional - Response *AdmissionResponse `json:"response,omitempty" protobuf:"bytes,2,opt,name=response"` -} - -// AdmissionRequest describes the admission.Attributes for the admission request. -type AdmissionRequest struct { - // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are - // otherwise identical (parallel requests, requests when earlier requests did not modify etc) - // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - UID types.UID `json:"uid" protobuf:"bytes,1,opt,name=uid"` - // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) - Kind metav1.GroupVersionKind `json:"kind" protobuf:"bytes,2,opt,name=kind"` - // Resource is the fully-qualified resource being requested (for example, v1.pods) - Resource metav1.GroupVersionResource `json:"resource" protobuf:"bytes,3,opt,name=resource"` - // SubResource is the subresource being requested, if any (for example, "status" or "scale") - // +optional - SubResource string `json:"subResource,omitempty" protobuf:"bytes,4,opt,name=subResource"` - - // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). - // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), - // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type for more details. - // +optional - RequestKind *metav1.GroupVersionKind `json:"requestKind,omitempty" protobuf:"bytes,13,opt,name=requestKind"` - // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). - // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), - // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - RequestResource *metav1.GroupVersionResource `json:"requestResource,omitempty" protobuf:"bytes,14,opt,name=requestResource"` - // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") - // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - RequestSubResource string `json:"requestSubResource,omitempty" protobuf:"bytes,15,opt,name=requestSubResource"` - - // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and - // rely on the server to generate the name. If that is the case, this field will contain an empty string. - // +optional - Name string `json:"name,omitempty" protobuf:"bytes,5,opt,name=name"` - // Namespace is the namespace associated with the request (if any). - // +optional - Namespace string `json:"namespace,omitempty" protobuf:"bytes,6,opt,name=namespace"` - // Operation is the operation being performed. This may be different than the operation - // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. - Operation Operation `json:"operation" protobuf:"bytes,7,opt,name=operation"` - // UserInfo is information about the requesting user - UserInfo authenticationv1.UserInfo `json:"userInfo" protobuf:"bytes,8,opt,name=userInfo"` - // Object is the object from the incoming request. - // +optional - Object runtime.RawExtension `json:"object,omitempty" protobuf:"bytes,9,opt,name=object"` - // OldObject is the existing object. Only populated for DELETE and UPDATE requests. - // +optional - OldObject runtime.RawExtension `json:"oldObject,omitempty" protobuf:"bytes,10,opt,name=oldObject"` - // DryRun indicates that modifications will definitely not be persisted for this request. - // Defaults to false. - // +optional - DryRun *bool `json:"dryRun,omitempty" protobuf:"varint,11,opt,name=dryRun"` - // Options is the operation option structure of the operation being performed. - // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be - // different than the options the caller provided. e.g. for a patch request the performed - // Operation might be a CREATE, in which case the Options will a - // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. - // +optional - Options runtime.RawExtension `json:"options,omitempty" protobuf:"bytes,12,opt,name=options"` -} - -// AdmissionResponse describes an admission response. -type AdmissionResponse struct { - // UID is an identifier for the individual request/response. - // This must be copied over from the corresponding AdmissionRequest. - UID types.UID `json:"uid" protobuf:"bytes,1,opt,name=uid"` - - // Allowed indicates whether or not the admission request was permitted. - Allowed bool `json:"allowed" protobuf:"varint,2,opt,name=allowed"` - - // Result contains extra details into why an admission request was denied. - // This field IS NOT consulted in any way if "Allowed" is "true". - // +optional - Result *metav1.Status `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` - - // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. - // +optional - Patch []byte `json:"patch,omitempty" protobuf:"bytes,4,opt,name=patch"` - - // The type of Patch. Currently we only allow "JSONPatch". - // +optional - PatchType *PatchType `json:"patchType,omitempty" protobuf:"bytes,5,opt,name=patchType"` - - // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). - // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with - // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by - // the admission webhook to add additional context to the audit log for this request. - // +optional - AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"` - - // warnings is a list of warning messages to return to the requesting API client. - // Warning messages describe a problem the client making the API request should correct or be aware of. - // Limit warnings to 120 characters if possible. - // Warnings over 256 characters and large numbers of warnings may be truncated. - // +optional - Warnings []string `json:"warnings,omitempty" protobuf:"bytes,7,rep,name=warnings"` -} - -// PatchType is the type of patch being used to represent the mutated object -type PatchType string - -// PatchType constants. -const ( - PatchTypeJSONPatch PatchType = "JSONPatch" -) - -// Operation is the type of resource operation being checked for admission control -type Operation string - -// Operation constants -const ( - Create Operation = "CREATE" - Update Operation = "UPDATE" - Delete Operation = "DELETE" - Connect Operation = "CONNECT" -) diff --git a/vendor/k8s.io/api/admission/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/admission/v1/types_swagger_doc_generated.go deleted file mode 100644 index 1395a7e10..000000000 --- a/vendor/k8s.io/api/admission/v1/types_swagger_doc_generated.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1 - -// This file contains a collection of methods that can be used from go-restful to -// generate Swagger API documentation for its models. Please read this PR for more -// information on the implementation: https://github.com/emicklei/go-restful/pull/215 -// -// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if -// they are on one line! For multiple line or blocks that you want to ignore use ---. -// Any context after a --- is ignored. -// -// Those methods can be generated by using hack/update-codegen.sh - -// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT. -var map_AdmissionRequest = map[string]string{ - "": "AdmissionRequest describes the admission.Attributes for the admission request.", - "uid": "UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify etc) The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.", - "kind": "Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)", - "resource": "Resource is the fully-qualified resource being requested (for example, v1.pods)", - "subResource": "SubResource is the subresource being requested, if any (for example, \"status\" or \"scale\")", - "requestKind": "RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in \"kind\", an equivalent match and conversion was performed.\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `kind: {group:\"apps\", version:\"v1\", kind:\"Deployment\"}` (matching the rule the webhook registered for), and `requestKind: {group:\"apps\", version:\"v1beta1\", kind:\"Deployment\"}` (indicating the kind of the original API request).\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type for more details.", - "requestResource": "RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in \"resource\", an equivalent match and conversion was performed.\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `resource: {group:\"apps\", version:\"v1\", resource:\"deployments\"}` (matching the resource the webhook registered for), and `requestResource: {group:\"apps\", version:\"v1beta1\", resource:\"deployments\"}` (indicating the resource of the original API request).\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type.", - "requestSubResource": "RequestSubResource is the name of the subresource of the original API request, if any (for example, \"status\" or \"scale\") If this is specified and differs from the value in \"subResource\", an equivalent match and conversion was performed. See documentation for the \"matchPolicy\" field in the webhook configuration type.", - "name": "Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and rely on the server to generate the name. If that is the case, this field will contain an empty string.", - "namespace": "Namespace is the namespace associated with the request (if any).", - "operation": "Operation is the operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation.", - "userInfo": "UserInfo is information about the requesting user", - "object": "Object is the object from the incoming request.", - "oldObject": "OldObject is the existing object. Only populated for DELETE and UPDATE requests.", - "dryRun": "DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false.", - "options": "Options is the operation option structure of the operation being performed. e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be different than the options the caller provided. e.g. for a patch request the performed Operation might be a CREATE, in which case the Options will a `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.", -} - -func (AdmissionRequest) SwaggerDoc() map[string]string { - return map_AdmissionRequest -} - -var map_AdmissionResponse = map[string]string{ - "": "AdmissionResponse describes an admission response.", - "uid": "UID is an identifier for the individual request/response. This must be copied over from the corresponding AdmissionRequest.", - "allowed": "Allowed indicates whether or not the admission request was permitted.", - "status": "Result contains extra details into why an admission request was denied. This field IS NOT consulted in any way if \"Allowed\" is \"true\".", - "patch": "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.", - "patchType": "The type of Patch. Currently we only allow \"JSONPatch\".", - "auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.", - "warnings": "warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.", -} - -func (AdmissionResponse) SwaggerDoc() map[string]string { - return map_AdmissionResponse -} - -var map_AdmissionReview = map[string]string{ - "": "AdmissionReview describes an admission review request/response.", - "request": "Request describes the attributes for the admission request.", - "response": "Response describes the attributes for the admission response.", -} - -func (AdmissionReview) SwaggerDoc() map[string]string { - return map_AdmissionReview -} - -// AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/k8s.io/api/admission/v1/zz_generated.deepcopy.go b/vendor/k8s.io/api/admission/v1/zz_generated.deepcopy.go deleted file mode 100644 index d35688285..000000000 --- a/vendor/k8s.io/api/admission/v1/zz_generated.deepcopy.go +++ /dev/null @@ -1,142 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionRequest) DeepCopyInto(out *AdmissionRequest) { - *out = *in - out.Kind = in.Kind - out.Resource = in.Resource - if in.RequestKind != nil { - in, out := &in.RequestKind, &out.RequestKind - *out = new(metav1.GroupVersionKind) - **out = **in - } - if in.RequestResource != nil { - in, out := &in.RequestResource, &out.RequestResource - *out = new(metav1.GroupVersionResource) - **out = **in - } - in.UserInfo.DeepCopyInto(&out.UserInfo) - in.Object.DeepCopyInto(&out.Object) - in.OldObject.DeepCopyInto(&out.OldObject) - if in.DryRun != nil { - in, out := &in.DryRun, &out.DryRun - *out = new(bool) - **out = **in - } - in.Options.DeepCopyInto(&out.Options) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionRequest. -func (in *AdmissionRequest) DeepCopy() *AdmissionRequest { - if in == nil { - return nil - } - out := new(AdmissionRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) { - *out = *in - if in.Result != nil { - in, out := &in.Result, &out.Result - *out = new(metav1.Status) - (*in).DeepCopyInto(*out) - } - if in.Patch != nil { - in, out := &in.Patch, &out.Patch - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.PatchType != nil { - in, out := &in.PatchType, &out.PatchType - *out = new(PatchType) - **out = **in - } - if in.AuditAnnotations != nil { - in, out := &in.AuditAnnotations, &out.AuditAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Warnings != nil { - in, out := &in.Warnings, &out.Warnings - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionResponse. -func (in *AdmissionResponse) DeepCopy() *AdmissionResponse { - if in == nil { - return nil - } - out := new(AdmissionResponse) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionReview) DeepCopyInto(out *AdmissionReview) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(AdmissionRequest) - (*in).DeepCopyInto(*out) - } - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(AdmissionResponse) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReview. -func (in *AdmissionReview) DeepCopy() *AdmissionReview { - if in == nil { - return nil - } - out := new(AdmissionReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdmissionReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/vendor/k8s.io/api/admission/v1/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/api/admission/v1/zz_generated.prerelease-lifecycle.go deleted file mode 100644 index ac81d993c..000000000 --- a/vendor/k8s.io/api/admission/v1/zz_generated.prerelease-lifecycle.go +++ /dev/null @@ -1,28 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by prerelease-lifecycle-gen. DO NOT EDIT. - -package v1 - -// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. -// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. -func (in *AdmissionReview) APILifecycleIntroduced() (major, minor int) { - return 1, 19 -} diff --git a/vendor/k8s.io/api/admission/v1beta1/doc.go b/vendor/k8s.io/api/admission/v1beta1/doc.go deleted file mode 100644 index a5669022a..000000000 --- a/vendor/k8s.io/api/admission/v1beta1/doc.go +++ /dev/null @@ -1,24 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// +k8s:deepcopy-gen=package -// +k8s:protobuf-gen=package -// +k8s:openapi-gen=false -// +k8s:prerelease-lifecycle-gen=true - -// +groupName=admission.k8s.io - -package v1beta1 // import "k8s.io/api/admission/v1beta1" diff --git a/vendor/k8s.io/api/admission/v1beta1/generated.pb.go b/vendor/k8s.io/api/admission/v1beta1/generated.pb.go deleted file mode 100644 index 22147cbe9..000000000 --- a/vendor/k8s.io/api/admission/v1beta1/generated.pb.go +++ /dev/null @@ -1,1782 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: k8s.io/api/admission/v1beta1/generated.proto - -package v1beta1 - -import ( - fmt "fmt" - - io "io" - - proto "github.com/gogo/protobuf/proto" - github_com_gogo_protobuf_sortkeys "github.com/gogo/protobuf/sortkeys" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - math "math" - math_bits "math/bits" - reflect "reflect" - strings "strings" - - k8s_io_apimachinery_pkg_types "k8s.io/apimachinery/pkg/types" -) - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package - -func (m *AdmissionRequest) Reset() { *m = AdmissionRequest{} } -func (*AdmissionRequest) ProtoMessage() {} -func (*AdmissionRequest) Descriptor() ([]byte, []int) { - return fileDescriptor_d8f147b43c61e73e, []int{0} -} -func (m *AdmissionRequest) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdmissionRequest) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdmissionRequest) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdmissionRequest.Merge(m, src) -} -func (m *AdmissionRequest) XXX_Size() int { - return m.Size() -} -func (m *AdmissionRequest) XXX_DiscardUnknown() { - xxx_messageInfo_AdmissionRequest.DiscardUnknown(m) -} - -var xxx_messageInfo_AdmissionRequest proto.InternalMessageInfo - -func (m *AdmissionResponse) Reset() { *m = AdmissionResponse{} } -func (*AdmissionResponse) ProtoMessage() {} -func (*AdmissionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_d8f147b43c61e73e, []int{1} -} -func (m *AdmissionResponse) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdmissionResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdmissionResponse) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdmissionResponse.Merge(m, src) -} -func (m *AdmissionResponse) XXX_Size() int { - return m.Size() -} -func (m *AdmissionResponse) XXX_DiscardUnknown() { - xxx_messageInfo_AdmissionResponse.DiscardUnknown(m) -} - -var xxx_messageInfo_AdmissionResponse proto.InternalMessageInfo - -func (m *AdmissionReview) Reset() { *m = AdmissionReview{} } -func (*AdmissionReview) ProtoMessage() {} -func (*AdmissionReview) Descriptor() ([]byte, []int) { - return fileDescriptor_d8f147b43c61e73e, []int{2} -} -func (m *AdmissionReview) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *AdmissionReview) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *AdmissionReview) XXX_Merge(src proto.Message) { - xxx_messageInfo_AdmissionReview.Merge(m, src) -} -func (m *AdmissionReview) XXX_Size() int { - return m.Size() -} -func (m *AdmissionReview) XXX_DiscardUnknown() { - xxx_messageInfo_AdmissionReview.DiscardUnknown(m) -} - -var xxx_messageInfo_AdmissionReview proto.InternalMessageInfo - -func init() { - proto.RegisterType((*AdmissionRequest)(nil), "k8s.io.api.admission.v1beta1.AdmissionRequest") - proto.RegisterType((*AdmissionResponse)(nil), "k8s.io.api.admission.v1beta1.AdmissionResponse") - proto.RegisterMapType((map[string]string)(nil), "k8s.io.api.admission.v1beta1.AdmissionResponse.AuditAnnotationsEntry") - proto.RegisterType((*AdmissionReview)(nil), "k8s.io.api.admission.v1beta1.AdmissionReview") -} - -func init() { - proto.RegisterFile("k8s.io/api/admission/v1beta1/generated.proto", fileDescriptor_d8f147b43c61e73e) -} - -var fileDescriptor_d8f147b43c61e73e = []byte{ - // 911 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0x4f, 0x6f, 0x1b, 0x45, - 0x14, 0xf7, 0xd6, 0x8e, 0xed, 0x1d, 0x87, 0xda, 0x9d, 0x82, 0xb4, 0xb2, 0xaa, 0xb5, 0xc9, 0x01, - 0x19, 0xa9, 0x9d, 0x25, 0x11, 0x54, 0x51, 0xc5, 0x25, 0x4b, 0x22, 0x14, 0x90, 0x9a, 0x68, 0x5a, - 0x43, 0xe1, 0x80, 0x34, 0xb6, 0xa7, 0xf6, 0x60, 0x7b, 0x66, 0xd9, 0x99, 0x4d, 0xf0, 0x8d, 0x3b, - 0x17, 0xbe, 0x01, 0x5f, 0x80, 0x6f, 0xc1, 0x25, 0xc7, 0x1e, 0x7b, 0xb2, 0x88, 0xf9, 0x16, 0x39, - 0xa1, 0x99, 0x9d, 0xf5, 0x3a, 0x4e, 0x52, 0xfa, 0xef, 0x94, 0x7d, 0x7f, 0x7e, 0xbf, 0xf7, 0xf2, - 0x7b, 0xfb, 0xde, 0x1a, 0xdc, 0x1f, 0xef, 0x4a, 0xc4, 0x44, 0x40, 0x22, 0x16, 0x90, 0xc1, 0x94, - 0x49, 0xc9, 0x04, 0x0f, 0x4e, 0xb6, 0x7b, 0x54, 0x91, 0xed, 0x60, 0x48, 0x39, 0x8d, 0x89, 0xa2, - 0x03, 0x14, 0xc5, 0x42, 0x09, 0x78, 0x2f, 0xcd, 0x46, 0x24, 0x62, 0x68, 0x99, 0x8d, 0x6c, 0x76, - 0xf3, 0xc1, 0x90, 0xa9, 0x51, 0xd2, 0x43, 0x7d, 0x31, 0x0d, 0x86, 0x62, 0x28, 0x02, 0x03, 0xea, - 0x25, 0xcf, 0x8d, 0x65, 0x0c, 0xf3, 0x94, 0x92, 0x35, 0x2f, 0x95, 0x4e, 0xd4, 0x88, 0x72, 0xc5, - 0xfa, 0x44, 0xa5, 0xf5, 0xd7, 0x4b, 0x37, 0x3f, 0xcf, 0xb3, 0xa7, 0xa4, 0x3f, 0x62, 0x9c, 0xc6, - 0xb3, 0x20, 0x1a, 0x0f, 0xb5, 0x43, 0x06, 0x53, 0xaa, 0xc8, 0x75, 0xa8, 0xe0, 0x26, 0x54, 0x9c, - 0x70, 0xc5, 0xa6, 0xf4, 0x0a, 0xe0, 0xe1, 0xff, 0x01, 0x64, 0x7f, 0x44, 0xa7, 0x64, 0x1d, 0xb7, - 0xf5, 0xa7, 0x0b, 0x1a, 0x7b, 0x99, 0x22, 0x98, 0xfe, 0x92, 0x50, 0xa9, 0x60, 0x08, 0x8a, 0x09, - 0x1b, 0x78, 0x4e, 0xdb, 0xe9, 0xb8, 0xe1, 0x67, 0x67, 0xf3, 0x56, 0x61, 0x31, 0x6f, 0x15, 0xbb, - 0x87, 0xfb, 0x17, 0xf3, 0xd6, 0xc7, 0x37, 0x15, 0x52, 0xb3, 0x88, 0x4a, 0xd4, 0x3d, 0xdc, 0xc7, - 0x1a, 0x0c, 0x9f, 0x81, 0xd2, 0x98, 0xf1, 0x81, 0x77, 0xab, 0xed, 0x74, 0x6a, 0x3b, 0x0f, 0x51, - 0x3e, 0x81, 0x25, 0x0c, 0x45, 0xe3, 0xa1, 0x76, 0x48, 0xa4, 0x65, 0x40, 0x27, 0xdb, 0xe8, 0xeb, - 0x58, 0x24, 0xd1, 0x77, 0x34, 0xd6, 0xcd, 0x7c, 0xcb, 0xf8, 0x20, 0xdc, 0xb4, 0xc5, 0x4b, 0xda, - 0xc2, 0x86, 0x11, 0x8e, 0x40, 0x35, 0xa6, 0x52, 0x24, 0x71, 0x9f, 0x7a, 0x45, 0xc3, 0xfe, 0xe8, - 0xcd, 0xd9, 0xb1, 0x65, 0x08, 0x1b, 0xb6, 0x42, 0x35, 0xf3, 0xe0, 0x25, 0x3b, 0xfc, 0x02, 0xd4, - 0x64, 0xd2, 0xcb, 0x02, 0x5e, 0xc9, 0xe8, 0x71, 0xd7, 0x02, 0x6a, 0x4f, 0xf2, 0x10, 0x5e, 0xcd, - 0x83, 0x0c, 0xd4, 0xe2, 0x54, 0x49, 0xdd, 0xb5, 0xf7, 0xc1, 0x3b, 0x29, 0x50, 0xd7, 0xa5, 0x70, - 0x4e, 0x87, 0x57, 0xb9, 0xe1, 0x0c, 0xd4, 0xad, 0xb9, 0xec, 0xf2, 0xf6, 0x3b, 0x4b, 0x72, 0x77, - 0x31, 0x6f, 0xd5, 0xf1, 0x65, 0x5a, 0xbc, 0x5e, 0x07, 0x7e, 0x03, 0xa0, 0x75, 0xad, 0x08, 0xe1, - 0xd5, 0x8d, 0x46, 0x4d, 0xab, 0x11, 0xc4, 0x57, 0x32, 0xf0, 0x35, 0x28, 0xd8, 0x06, 0x25, 0x4e, - 0xa6, 0xd4, 0xdb, 0x30, 0xe8, 0xe5, 0xd0, 0x1f, 0x93, 0x29, 0xc5, 0x26, 0x02, 0x03, 0xe0, 0xea, - 0xbf, 0x32, 0x22, 0x7d, 0xea, 0x95, 0x4d, 0xda, 0x1d, 0x9b, 0xe6, 0x3e, 0xce, 0x02, 0x38, 0xcf, - 0x81, 0x5f, 0x02, 0x57, 0x44, 0xfa, 0x55, 0x67, 0x82, 0x7b, 0x15, 0x03, 0xf0, 0x33, 0xc0, 0x51, - 0x16, 0xb8, 0x58, 0x35, 0x70, 0x0e, 0x80, 0x4f, 0x41, 0x35, 0x91, 0x34, 0x3e, 0xe4, 0xcf, 0x85, - 0x57, 0x35, 0x82, 0x7e, 0x82, 0x56, 0x6f, 0xc8, 0xa5, 0xb5, 0xd7, 0x42, 0x76, 0x6d, 0x76, 0xfe, - 0x3e, 0x65, 0x1e, 0xbc, 0x64, 0x82, 0x5d, 0x50, 0x16, 0xbd, 0x9f, 0x69, 0x5f, 0x79, 0xae, 0xe1, - 0x7c, 0x70, 0xe3, 0x90, 0xec, 0xd6, 0x22, 0x4c, 0x4e, 0x0f, 0x7e, 0x55, 0x94, 0xeb, 0xf9, 0x84, - 0xb7, 0x2d, 0x75, 0xf9, 0xc8, 0x90, 0x60, 0x4b, 0x06, 0x7f, 0x02, 0xae, 0x98, 0x0c, 0x52, 0xa7, - 0x07, 0xde, 0x86, 0x79, 0x29, 0xe5, 0x51, 0xc6, 0x83, 0x73, 0x4a, 0xb8, 0x05, 0xca, 0x83, 0x78, - 0x86, 0x13, 0xee, 0xd5, 0xda, 0x4e, 0xa7, 0x1a, 0x02, 0xdd, 0xc3, 0xbe, 0xf1, 0x60, 0x1b, 0x81, - 0xcf, 0x40, 0x45, 0x44, 0x5a, 0x0c, 0xe9, 0x6d, 0xbe, 0x4d, 0x07, 0x75, 0xdb, 0x41, 0xe5, 0x28, - 0x65, 0xc1, 0x19, 0xdd, 0xd6, 0x5f, 0x25, 0x70, 0x67, 0xe5, 0x42, 0xc9, 0x48, 0x70, 0x49, 0xdf, - 0xcb, 0x89, 0xfa, 0x14, 0x54, 0xc8, 0x64, 0x22, 0x4e, 0x69, 0x7a, 0xa5, 0xaa, 0x79, 0x13, 0x7b, - 0xa9, 0x1b, 0x67, 0x71, 0x78, 0x0c, 0xca, 0x52, 0x11, 0x95, 0x48, 0x7b, 0x71, 0xee, 0xbf, 0xde, - 0x7a, 0x3d, 0x31, 0x98, 0x54, 0x30, 0x4c, 0x65, 0x32, 0x51, 0xd8, 0xf2, 0xc0, 0x16, 0xd8, 0x88, - 0x88, 0xea, 0x8f, 0xcc, 0x55, 0xd9, 0x0c, 0xdd, 0xc5, 0xbc, 0xb5, 0x71, 0xac, 0x1d, 0x38, 0xf5, - 0xc3, 0x5d, 0xe0, 0x9a, 0x87, 0xa7, 0xb3, 0x28, 0x5b, 0x8c, 0xa6, 0x1e, 0xd1, 0x71, 0xe6, 0xbc, - 0x58, 0x35, 0x70, 0x9e, 0x0c, 0x7f, 0x77, 0x40, 0x83, 0x24, 0x03, 0xa6, 0xf6, 0x38, 0x17, 0x8a, - 0xa4, 0x53, 0x29, 0xb7, 0x8b, 0x9d, 0xda, 0xce, 0x01, 0x7a, 0xd5, 0x97, 0x10, 0x5d, 0xd1, 0x19, - 0xed, 0xad, 0xf1, 0x1c, 0x70, 0x15, 0xcf, 0x42, 0xcf, 0x0a, 0xd5, 0x58, 0x0f, 0xe3, 0x2b, 0x85, - 0x61, 0x07, 0x54, 0x4f, 0x49, 0xcc, 0x19, 0x1f, 0x4a, 0xaf, 0xd2, 0x2e, 0xea, 0xfd, 0xd6, 0xeb, - 0xf1, 0xbd, 0xf5, 0xe1, 0x65, 0xb4, 0xf9, 0x15, 0xf8, 0xe8, 0xda, 0x72, 0xb0, 0x01, 0x8a, 0x63, - 0x3a, 0x4b, 0x87, 0x8d, 0xf5, 0x23, 0xfc, 0x10, 0x6c, 0x9c, 0x90, 0x49, 0x42, 0xcd, 0xe0, 0x5c, - 0x9c, 0x1a, 0x8f, 0x6e, 0xed, 0x3a, 0x5b, 0x7f, 0x3b, 0xa0, 0xbe, 0xf2, 0x6f, 0x9c, 0x30, 0x7a, - 0x0a, 0xbb, 0xa0, 0x62, 0x8f, 0x8e, 0xe1, 0xa8, 0xed, 0xa0, 0xd7, 0x96, 0xc1, 0xa0, 0xc2, 0x9a, - 0x7e, 0x29, 0xb2, 0x8b, 0x98, 0x71, 0xc1, 0x1f, 0xcc, 0x87, 0xc8, 0xe8, 0x64, 0x3f, 0x73, 0xc1, - 0x1b, 0xca, 0x9b, 0x4a, 0x91, 0x59, 0x78, 0x49, 0x17, 0x86, 0x67, 0xe7, 0x7e, 0xe1, 0xc5, 0xb9, - 0x5f, 0x78, 0x79, 0xee, 0x17, 0x7e, 0x5b, 0xf8, 0xce, 0xd9, 0xc2, 0x77, 0x5e, 0x2c, 0x7c, 0xe7, - 0xe5, 0xc2, 0x77, 0xfe, 0x59, 0xf8, 0xce, 0x1f, 0xff, 0xfa, 0x85, 0x1f, 0xef, 0xbd, 0xea, 0x47, - 0xd0, 0x7f, 0x01, 0x00, 0x00, 0xff, 0xff, 0x90, 0x6e, 0x31, 0x41, 0x23, 0x09, 0x00, 0x00, -} - -func (m *AdmissionRequest) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdmissionRequest) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdmissionRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - i -= len(m.RequestSubResource) - copy(dAtA[i:], m.RequestSubResource) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.RequestSubResource))) - i-- - dAtA[i] = 0x7a - if m.RequestResource != nil { - { - size, err := m.RequestResource.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x72 - } - if m.RequestKind != nil { - { - size, err := m.RequestKind.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x6a - } - { - size, err := m.Options.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x62 - if m.DryRun != nil { - i-- - if *m.DryRun { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x58 - } - { - size, err := m.OldObject.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x52 - { - size, err := m.Object.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x4a - { - size, err := m.UserInfo.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - i -= len(m.Operation) - copy(dAtA[i:], m.Operation) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Operation))) - i-- - dAtA[i] = 0x3a - i -= len(m.Namespace) - copy(dAtA[i:], m.Namespace) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Namespace))) - i-- - dAtA[i] = 0x32 - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0x2a - i -= len(m.SubResource) - copy(dAtA[i:], m.SubResource) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.SubResource))) - i-- - dAtA[i] = 0x22 - { - size, err := m.Resource.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - { - size, err := m.Kind.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - i -= len(m.UID) - copy(dAtA[i:], m.UID) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *AdmissionResponse) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdmissionResponse) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdmissionResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Warnings) > 0 { - for iNdEx := len(m.Warnings) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Warnings[iNdEx]) - copy(dAtA[i:], m.Warnings[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Warnings[iNdEx]))) - i-- - dAtA[i] = 0x3a - } - } - if len(m.AuditAnnotations) > 0 { - keysForAuditAnnotations := make([]string, 0, len(m.AuditAnnotations)) - for k := range m.AuditAnnotations { - keysForAuditAnnotations = append(keysForAuditAnnotations, string(k)) - } - github_com_gogo_protobuf_sortkeys.Strings(keysForAuditAnnotations) - for iNdEx := len(keysForAuditAnnotations) - 1; iNdEx >= 0; iNdEx-- { - v := m.AuditAnnotations[string(keysForAuditAnnotations[iNdEx])] - baseI := i - i -= len(v) - copy(dAtA[i:], v) - i = encodeVarintGenerated(dAtA, i, uint64(len(v))) - i-- - dAtA[i] = 0x12 - i -= len(keysForAuditAnnotations[iNdEx]) - copy(dAtA[i:], keysForAuditAnnotations[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(keysForAuditAnnotations[iNdEx]))) - i-- - dAtA[i] = 0xa - i = encodeVarintGenerated(dAtA, i, uint64(baseI-i)) - i-- - dAtA[i] = 0x32 - } - } - if m.PatchType != nil { - i -= len(*m.PatchType) - copy(dAtA[i:], *m.PatchType) - i = encodeVarintGenerated(dAtA, i, uint64(len(*m.PatchType))) - i-- - dAtA[i] = 0x2a - } - if m.Patch != nil { - i -= len(m.Patch) - copy(dAtA[i:], m.Patch) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.Patch))) - i-- - dAtA[i] = 0x22 - } - if m.Result != nil { - { - size, err := m.Result.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - i-- - if m.Allowed { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x10 - i -= len(m.UID) - copy(dAtA[i:], m.UID) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.UID))) - i-- - dAtA[i] = 0xa - return len(dAtA) - i, nil -} - -func (m *AdmissionReview) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *AdmissionReview) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *AdmissionReview) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.Response != nil { - { - size, err := m.Response.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x12 - } - if m.Request != nil { - { - size, err := m.Request.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - -func encodeVarintGenerated(dAtA []byte, offset int, v uint64) int { - offset -= sovGenerated(v) - base := offset - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return base -} -func (m *AdmissionRequest) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.UID) - n += 1 + l + sovGenerated(uint64(l)) - l = m.Kind.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.Resource.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.SubResource) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Name) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Namespace) - n += 1 + l + sovGenerated(uint64(l)) - l = len(m.Operation) - n += 1 + l + sovGenerated(uint64(l)) - l = m.UserInfo.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.Object.Size() - n += 1 + l + sovGenerated(uint64(l)) - l = m.OldObject.Size() - n += 1 + l + sovGenerated(uint64(l)) - if m.DryRun != nil { - n += 2 - } - l = m.Options.Size() - n += 1 + l + sovGenerated(uint64(l)) - if m.RequestKind != nil { - l = m.RequestKind.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.RequestResource != nil { - l = m.RequestResource.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - l = len(m.RequestSubResource) - n += 1 + l + sovGenerated(uint64(l)) - return n -} - -func (m *AdmissionResponse) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.UID) - n += 1 + l + sovGenerated(uint64(l)) - n += 2 - if m.Result != nil { - l = m.Result.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.Patch != nil { - l = len(m.Patch) - n += 1 + l + sovGenerated(uint64(l)) - } - if m.PatchType != nil { - l = len(*m.PatchType) - n += 1 + l + sovGenerated(uint64(l)) - } - if len(m.AuditAnnotations) > 0 { - for k, v := range m.AuditAnnotations { - _ = k - _ = v - mapEntrySize := 1 + len(k) + sovGenerated(uint64(len(k))) + 1 + len(v) + sovGenerated(uint64(len(v))) - n += mapEntrySize + 1 + sovGenerated(uint64(mapEntrySize)) - } - } - if len(m.Warnings) > 0 { - for _, s := range m.Warnings { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - -func (m *AdmissionReview) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Request != nil { - l = m.Request.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - if m.Response != nil { - l = m.Response.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - return n -} - -func sovGenerated(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozGenerated(x uint64) (n int) { - return sovGenerated(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (this *AdmissionRequest) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&AdmissionRequest{`, - `UID:` + fmt.Sprintf("%v", this.UID) + `,`, - `Kind:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Kind), "GroupVersionKind", "v1.GroupVersionKind", 1), `&`, ``, 1) + `,`, - `Resource:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Resource), "GroupVersionResource", "v1.GroupVersionResource", 1), `&`, ``, 1) + `,`, - `SubResource:` + fmt.Sprintf("%v", this.SubResource) + `,`, - `Name:` + fmt.Sprintf("%v", this.Name) + `,`, - `Namespace:` + fmt.Sprintf("%v", this.Namespace) + `,`, - `Operation:` + fmt.Sprintf("%v", this.Operation) + `,`, - `UserInfo:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.UserInfo), "UserInfo", "v11.UserInfo", 1), `&`, ``, 1) + `,`, - `Object:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Object), "RawExtension", "runtime.RawExtension", 1), `&`, ``, 1) + `,`, - `OldObject:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.OldObject), "RawExtension", "runtime.RawExtension", 1), `&`, ``, 1) + `,`, - `DryRun:` + valueToStringGenerated(this.DryRun) + `,`, - `Options:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Options), "RawExtension", "runtime.RawExtension", 1), `&`, ``, 1) + `,`, - `RequestKind:` + strings.Replace(fmt.Sprintf("%v", this.RequestKind), "GroupVersionKind", "v1.GroupVersionKind", 1) + `,`, - `RequestResource:` + strings.Replace(fmt.Sprintf("%v", this.RequestResource), "GroupVersionResource", "v1.GroupVersionResource", 1) + `,`, - `RequestSubResource:` + fmt.Sprintf("%v", this.RequestSubResource) + `,`, - `}`, - }, "") - return s -} -func (this *AdmissionResponse) String() string { - if this == nil { - return "nil" - } - keysForAuditAnnotations := make([]string, 0, len(this.AuditAnnotations)) - for k := range this.AuditAnnotations { - keysForAuditAnnotations = append(keysForAuditAnnotations, k) - } - github_com_gogo_protobuf_sortkeys.Strings(keysForAuditAnnotations) - mapStringForAuditAnnotations := "map[string]string{" - for _, k := range keysForAuditAnnotations { - mapStringForAuditAnnotations += fmt.Sprintf("%v: %v,", k, this.AuditAnnotations[k]) - } - mapStringForAuditAnnotations += "}" - s := strings.Join([]string{`&AdmissionResponse{`, - `UID:` + fmt.Sprintf("%v", this.UID) + `,`, - `Allowed:` + fmt.Sprintf("%v", this.Allowed) + `,`, - `Result:` + strings.Replace(fmt.Sprintf("%v", this.Result), "Status", "v1.Status", 1) + `,`, - `Patch:` + valueToStringGenerated(this.Patch) + `,`, - `PatchType:` + valueToStringGenerated(this.PatchType) + `,`, - `AuditAnnotations:` + mapStringForAuditAnnotations + `,`, - `Warnings:` + fmt.Sprintf("%v", this.Warnings) + `,`, - `}`, - }, "") - return s -} -func (this *AdmissionReview) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&AdmissionReview{`, - `Request:` + strings.Replace(this.Request.String(), "AdmissionRequest", "AdmissionRequest", 1) + `,`, - `Response:` + strings.Replace(this.Response.String(), "AdmissionResponse", "AdmissionResponse", 1) + `,`, - `}`, - }, "") - return s -} -func valueToStringGenerated(v interface{}) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" - } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("*%v", pv) -} -func (m *AdmissionRequest) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdmissionRequest: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdmissionRequest: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Kind", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Kind.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resource", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Resource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SubResource", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SubResource = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Namespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Namespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Operation", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Operation = Operation(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 8: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserInfo", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.UserInfo.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 9: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Object", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Object.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field OldObject", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.OldObject.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 11: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DryRun", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - b := bool(v != 0) - m.DryRun = &b - case 12: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Options", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if err := m.Options.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 13: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestKind", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.RequestKind == nil { - m.RequestKind = &v1.GroupVersionKind{} - } - if err := m.RequestKind.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 14: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestResource", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.RequestResource == nil { - m.RequestResource = &v1.GroupVersionResource{} - } - if err := m.RequestResource.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 15: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field RequestSubResource", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.RequestSubResource = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AdmissionResponse) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdmissionResponse: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdmissionResponse: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UID", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UID = k8s_io_apimachinery_pkg_types.UID(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Allowed", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.Allowed = bool(v != 0) - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Result", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Result == nil { - m.Result = &v1.Status{} - } - if err := m.Result.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Patch", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Patch = append(m.Patch[:0], dAtA[iNdEx:postIndex]...) - if m.Patch == nil { - m.Patch = []byte{} - } - iNdEx = postIndex - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PatchType", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - s := PatchType(dAtA[iNdEx:postIndex]) - m.PatchType = &s - iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AuditAnnotations", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.AuditAnnotations == nil { - m.AuditAnnotations = make(map[string]string) - } - var mapkey string - var mapvalue string - for iNdEx < postIndex { - entryPreIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - if fieldNum == 1 { - var stringLenmapkey uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapkey |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapkey := int(stringLenmapkey) - if intStringLenmapkey < 0 { - return ErrInvalidLengthGenerated - } - postStringIndexmapkey := iNdEx + intStringLenmapkey - if postStringIndexmapkey < 0 { - return ErrInvalidLengthGenerated - } - if postStringIndexmapkey > l { - return io.ErrUnexpectedEOF - } - mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) - iNdEx = postStringIndexmapkey - } else if fieldNum == 2 { - var stringLenmapvalue uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLenmapvalue |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLenmapvalue := int(stringLenmapvalue) - if intStringLenmapvalue < 0 { - return ErrInvalidLengthGenerated - } - postStringIndexmapvalue := iNdEx + intStringLenmapvalue - if postStringIndexmapvalue < 0 { - return ErrInvalidLengthGenerated - } - if postStringIndexmapvalue > l { - return io.ErrUnexpectedEOF - } - mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) - iNdEx = postStringIndexmapvalue - } else { - iNdEx = entryPreIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > postIndex { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - m.AuditAnnotations[mapkey] = mapvalue - iNdEx = postIndex - case 7: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Warnings", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Warnings = append(m.Warnings, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *AdmissionReview) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: AdmissionReview: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: AdmissionReview: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Request", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Request == nil { - m.Request = &AdmissionRequest{} - } - if err := m.Request.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Response", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - if m.Response == nil { - m.Response = &AdmissionResponse{} - } - if err := m.Response.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipGenerated(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - depth := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - case 1: - iNdEx += 8 - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowGenerated - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if length < 0 { - return 0, ErrInvalidLengthGenerated - } - iNdEx += length - case 3: - depth++ - case 4: - if depth == 0 { - return 0, ErrUnexpectedEndOfGroupGenerated - } - depth-- - case 5: - iNdEx += 4 - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - if iNdEx < 0 { - return 0, ErrInvalidLengthGenerated - } - if depth == 0 { - return iNdEx, nil - } - } - return 0, io.ErrUnexpectedEOF -} - -var ( - ErrInvalidLengthGenerated = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowGenerated = fmt.Errorf("proto: integer overflow") - ErrUnexpectedEndOfGroupGenerated = fmt.Errorf("proto: unexpected end of group") -) diff --git a/vendor/k8s.io/api/admission/v1beta1/generated.proto b/vendor/k8s.io/api/admission/v1beta1/generated.proto deleted file mode 100644 index d27c05b72..000000000 --- a/vendor/k8s.io/api/admission/v1beta1/generated.proto +++ /dev/null @@ -1,167 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - - -// This file was autogenerated by go-to-protobuf. Do not edit it manually! - -syntax = "proto2"; - -package k8s.io.api.admission.v1beta1; - -import "k8s.io/api/authentication/v1/generated.proto"; -import "k8s.io/apimachinery/pkg/apis/meta/v1/generated.proto"; -import "k8s.io/apimachinery/pkg/runtime/generated.proto"; -import "k8s.io/apimachinery/pkg/runtime/schema/generated.proto"; - -// Package-wide variables from generator "generated". -option go_package = "k8s.io/api/admission/v1beta1"; - -// AdmissionRequest describes the admission.Attributes for the admission request. -message AdmissionRequest { - // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are - // otherwise identical (parallel requests, requests when earlier requests did not modify etc) - // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - optional string uid = 1; - - // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) - optional .k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind kind = 2; - - // Resource is the fully-qualified resource being requested (for example, v1.pods) - optional .k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionResource resource = 3; - - // SubResource is the subresource being requested, if any (for example, "status" or "scale") - // +optional - optional string subResource = 4; - - // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). - // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), - // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type for more details. - // +optional - optional .k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionKind requestKind = 13; - - // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). - // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), - // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - optional .k8s.io.apimachinery.pkg.apis.meta.v1.GroupVersionResource requestResource = 14; - - // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") - // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - optional string requestSubResource = 15; - - // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and - // rely on the server to generate the name. If that is the case, this field will contain an empty string. - // +optional - optional string name = 5; - - // Namespace is the namespace associated with the request (if any). - // +optional - optional string namespace = 6; - - // Operation is the operation being performed. This may be different than the operation - // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. - optional string operation = 7; - - // UserInfo is information about the requesting user - optional .k8s.io.api.authentication.v1.UserInfo userInfo = 8; - - // Object is the object from the incoming request. - // +optional - optional .k8s.io.apimachinery.pkg.runtime.RawExtension object = 9; - - // OldObject is the existing object. Only populated for DELETE and UPDATE requests. - // +optional - optional .k8s.io.apimachinery.pkg.runtime.RawExtension oldObject = 10; - - // DryRun indicates that modifications will definitely not be persisted for this request. - // Defaults to false. - // +optional - optional bool dryRun = 11; - - // Options is the operation option structure of the operation being performed. - // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be - // different than the options the caller provided. e.g. for a patch request the performed - // Operation might be a CREATE, in which case the Options will a - // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. - // +optional - optional .k8s.io.apimachinery.pkg.runtime.RawExtension options = 12; -} - -// AdmissionResponse describes an admission response. -message AdmissionResponse { - // UID is an identifier for the individual request/response. - // This should be copied over from the corresponding AdmissionRequest. - optional string uid = 1; - - // Allowed indicates whether or not the admission request was permitted. - optional bool allowed = 2; - - // Result contains extra details into why an admission request was denied. - // This field IS NOT consulted in any way if "Allowed" is "true". - // +optional - optional .k8s.io.apimachinery.pkg.apis.meta.v1.Status status = 3; - - // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. - // +optional - optional bytes patch = 4; - - // The type of Patch. Currently we only allow "JSONPatch". - // +optional - optional string patchType = 5; - - // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). - // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with - // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by - // the admission webhook to add additional context to the audit log for this request. - // +optional - map auditAnnotations = 6; - - // warnings is a list of warning messages to return to the requesting API client. - // Warning messages describe a problem the client making the API request should correct or be aware of. - // Limit warnings to 120 characters if possible. - // Warnings over 256 characters and large numbers of warnings may be truncated. - // +optional - repeated string warnings = 7; -} - -// AdmissionReview describes an admission review request/response. -message AdmissionReview { - // Request describes the attributes for the admission request. - // +optional - optional AdmissionRequest request = 1; - - // Response describes the attributes for the admission response. - // +optional - optional AdmissionResponse response = 2; -} - diff --git a/vendor/k8s.io/api/admission/v1beta1/register.go b/vendor/k8s.io/api/admission/v1beta1/register.go deleted file mode 100644 index 1c53e755d..000000000 --- a/vendor/k8s.io/api/admission/v1beta1/register.go +++ /dev/null @@ -1,53 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" -) - -// GroupName is the group name for this API. -const GroupName = "admission.k8s.io" - -// SchemeGroupVersion is group version used to register these objects -var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} - -// Resource takes an unqualified resource and returns a Group qualified GroupResource -func Resource(resource string) schema.GroupResource { - return SchemeGroupVersion.WithResource(resource).GroupResource() -} - -// TODO: move SchemeBuilder with zz_generated.deepcopy.go to k8s.io/api. -// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes. -var ( - // SchemeBuilder points to a list of functions added to Scheme. - SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) - localSchemeBuilder = &SchemeBuilder - // AddToScheme is a common registration function for mapping packaged scoped group & version keys to a scheme. - AddToScheme = localSchemeBuilder.AddToScheme -) - -// Adds the list of known types to the given scheme. -func addKnownTypes(scheme *runtime.Scheme) error { - scheme.AddKnownTypes(SchemeGroupVersion, - &AdmissionReview{}, - ) - metav1.AddToGroupVersion(scheme, SchemeGroupVersion) - return nil -} diff --git a/vendor/k8s.io/api/admission/v1beta1/types.go b/vendor/k8s.io/api/admission/v1beta1/types.go deleted file mode 100644 index 00c619d99..000000000 --- a/vendor/k8s.io/api/admission/v1beta1/types.go +++ /dev/null @@ -1,174 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -import ( - authenticationv1 "k8s.io/api/authentication/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" -) - -// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// +k8s:prerelease-lifecycle-gen:introduced=1.9 -// +k8s:prerelease-lifecycle-gen:deprecated=1.19 -// This API is never server served. It is used for outbound requests from apiservers. This will ensure it never gets served accidentally -// and having the generator against this group will protect future APIs which may be served. -// +k8s:prerelease-lifecycle-gen:replacement=admission.k8s.io,v1,AdmissionReview - -// AdmissionReview describes an admission review request/response. -type AdmissionReview struct { - metav1.TypeMeta `json:",inline"` - // Request describes the attributes for the admission request. - // +optional - Request *AdmissionRequest `json:"request,omitempty" protobuf:"bytes,1,opt,name=request"` - // Response describes the attributes for the admission response. - // +optional - Response *AdmissionResponse `json:"response,omitempty" protobuf:"bytes,2,opt,name=response"` -} - -// AdmissionRequest describes the admission.Attributes for the admission request. -type AdmissionRequest struct { - // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are - // otherwise identical (parallel requests, requests when earlier requests did not modify etc) - // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. - // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. - UID types.UID `json:"uid" protobuf:"bytes,1,opt,name=uid"` - // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale) - Kind metav1.GroupVersionKind `json:"kind" protobuf:"bytes,2,opt,name=kind"` - // Resource is the fully-qualified resource being requested (for example, v1.pods) - Resource metav1.GroupVersionResource `json:"resource" protobuf:"bytes,3,opt,name=resource"` - // SubResource is the subresource being requested, if any (for example, "status" or "scale") - // +optional - SubResource string `json:"subResource,omitempty" protobuf:"bytes,4,opt,name=subResource"` - - // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). - // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for), - // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type for more details. - // +optional - RequestKind *metav1.GroupVersionKind `json:"requestKind,omitempty" protobuf:"bytes,13,opt,name=requestKind"` - // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). - // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed. - // - // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of - // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`, - // an API request to apps/v1beta1 deployments would be converted and sent to the webhook - // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for), - // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request). - // - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - RequestResource *metav1.GroupVersionResource `json:"requestResource,omitempty" protobuf:"bytes,14,opt,name=requestResource"` - // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale") - // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed. - // See documentation for the "matchPolicy" field in the webhook configuration type. - // +optional - RequestSubResource string `json:"requestSubResource,omitempty" protobuf:"bytes,15,opt,name=requestSubResource"` - - // Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and - // rely on the server to generate the name. If that is the case, this field will contain an empty string. - // +optional - Name string `json:"name,omitempty" protobuf:"bytes,5,opt,name=name"` - // Namespace is the namespace associated with the request (if any). - // +optional - Namespace string `json:"namespace,omitempty" protobuf:"bytes,6,opt,name=namespace"` - // Operation is the operation being performed. This may be different than the operation - // requested. e.g. a patch can result in either a CREATE or UPDATE Operation. - Operation Operation `json:"operation" protobuf:"bytes,7,opt,name=operation"` - // UserInfo is information about the requesting user - UserInfo authenticationv1.UserInfo `json:"userInfo" protobuf:"bytes,8,opt,name=userInfo"` - // Object is the object from the incoming request. - // +optional - Object runtime.RawExtension `json:"object,omitempty" protobuf:"bytes,9,opt,name=object"` - // OldObject is the existing object. Only populated for DELETE and UPDATE requests. - // +optional - OldObject runtime.RawExtension `json:"oldObject,omitempty" protobuf:"bytes,10,opt,name=oldObject"` - // DryRun indicates that modifications will definitely not be persisted for this request. - // Defaults to false. - // +optional - DryRun *bool `json:"dryRun,omitempty" protobuf:"varint,11,opt,name=dryRun"` - // Options is the operation option structure of the operation being performed. - // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be - // different than the options the caller provided. e.g. for a patch request the performed - // Operation might be a CREATE, in which case the Options will a - // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`. - // +optional - Options runtime.RawExtension `json:"options,omitempty" protobuf:"bytes,12,opt,name=options"` -} - -// AdmissionResponse describes an admission response. -type AdmissionResponse struct { - // UID is an identifier for the individual request/response. - // This should be copied over from the corresponding AdmissionRequest. - UID types.UID `json:"uid" protobuf:"bytes,1,opt,name=uid"` - - // Allowed indicates whether or not the admission request was permitted. - Allowed bool `json:"allowed" protobuf:"varint,2,opt,name=allowed"` - - // Result contains extra details into why an admission request was denied. - // This field IS NOT consulted in any way if "Allowed" is "true". - // +optional - Result *metav1.Status `json:"status,omitempty" protobuf:"bytes,3,opt,name=status"` - - // The patch body. Currently we only support "JSONPatch" which implements RFC 6902. - // +optional - Patch []byte `json:"patch,omitempty" protobuf:"bytes,4,opt,name=patch"` - - // The type of Patch. Currently we only allow "JSONPatch". - // +optional - PatchType *PatchType `json:"patchType,omitempty" protobuf:"bytes,5,opt,name=patchType"` - - // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). - // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with - // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by - // the admission webhook to add additional context to the audit log for this request. - // +optional - AuditAnnotations map[string]string `json:"auditAnnotations,omitempty" protobuf:"bytes,6,opt,name=auditAnnotations"` - - // warnings is a list of warning messages to return to the requesting API client. - // Warning messages describe a problem the client making the API request should correct or be aware of. - // Limit warnings to 120 characters if possible. - // Warnings over 256 characters and large numbers of warnings may be truncated. - // +optional - Warnings []string `json:"warnings,omitempty" protobuf:"bytes,7,rep,name=warnings"` -} - -// PatchType is the type of patch being used to represent the mutated object -type PatchType string - -// PatchType constants. -const ( - PatchTypeJSONPatch PatchType = "JSONPatch" -) - -// Operation is the type of resource operation being checked for admission control -type Operation string - -// Operation constants -const ( - Create Operation = "CREATE" - Update Operation = "UPDATE" - Delete Operation = "DELETE" - Connect Operation = "CONNECT" -) diff --git a/vendor/k8s.io/api/admission/v1beta1/types_swagger_doc_generated.go b/vendor/k8s.io/api/admission/v1beta1/types_swagger_doc_generated.go deleted file mode 100644 index 82598ed57..000000000 --- a/vendor/k8s.io/api/admission/v1beta1/types_swagger_doc_generated.go +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1beta1 - -// This file contains a collection of methods that can be used from go-restful to -// generate Swagger API documentation for its models. Please read this PR for more -// information on the implementation: https://github.com/emicklei/go-restful/pull/215 -// -// TODOs are ignored from the parser (e.g. TODO(andronat):... || TODO:...) if and only if -// they are on one line! For multiple line or blocks that you want to ignore use ---. -// Any context after a --- is ignored. -// -// Those methods can be generated by using hack/update-codegen.sh - -// AUTO-GENERATED FUNCTIONS START HERE. DO NOT EDIT. -var map_AdmissionRequest = map[string]string{ - "": "AdmissionRequest describes the admission.Attributes for the admission request.", - "uid": "UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are otherwise identical (parallel requests, requests when earlier requests did not modify etc) The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.", - "kind": "Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)", - "resource": "Resource is the fully-qualified resource being requested (for example, v1.pods)", - "subResource": "SubResource is the subresource being requested, if any (for example, \"status\" or \"scale\")", - "requestKind": "RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale). If this is specified and differs from the value in \"kind\", an equivalent match and conversion was performed.\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `kind: {group:\"apps\", version:\"v1\", kind:\"Deployment\"}` (matching the rule the webhook registered for), and `requestKind: {group:\"apps\", version:\"v1beta1\", kind:\"Deployment\"}` (indicating the kind of the original API request).\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type for more details.", - "requestResource": "RequestResource is the fully-qualified resource of the original API request (for example, v1.pods). If this is specified and differs from the value in \"resource\", an equivalent match and conversion was performed.\n\nFor example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of `apiGroups:[\"apps\"], apiVersions:[\"v1\"], resources: [\"deployments\"]` and `matchPolicy: Equivalent`, an API request to apps/v1beta1 deployments would be converted and sent to the webhook with `resource: {group:\"apps\", version:\"v1\", resource:\"deployments\"}` (matching the resource the webhook registered for), and `requestResource: {group:\"apps\", version:\"v1beta1\", resource:\"deployments\"}` (indicating the resource of the original API request).\n\nSee documentation for the \"matchPolicy\" field in the webhook configuration type.", - "requestSubResource": "RequestSubResource is the name of the subresource of the original API request, if any (for example, \"status\" or \"scale\") If this is specified and differs from the value in \"subResource\", an equivalent match and conversion was performed. See documentation for the \"matchPolicy\" field in the webhook configuration type.", - "name": "Name is the name of the object as presented in the request. On a CREATE operation, the client may omit name and rely on the server to generate the name. If that is the case, this field will contain an empty string.", - "namespace": "Namespace is the namespace associated with the request (if any).", - "operation": "Operation is the operation being performed. This may be different than the operation requested. e.g. a patch can result in either a CREATE or UPDATE Operation.", - "userInfo": "UserInfo is information about the requesting user", - "object": "Object is the object from the incoming request.", - "oldObject": "OldObject is the existing object. Only populated for DELETE and UPDATE requests.", - "dryRun": "DryRun indicates that modifications will definitely not be persisted for this request. Defaults to false.", - "options": "Options is the operation option structure of the operation being performed. e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be different than the options the caller provided. e.g. for a patch request the performed Operation might be a CREATE, in which case the Options will a `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.", -} - -func (AdmissionRequest) SwaggerDoc() map[string]string { - return map_AdmissionRequest -} - -var map_AdmissionResponse = map[string]string{ - "": "AdmissionResponse describes an admission response.", - "uid": "UID is an identifier for the individual request/response. This should be copied over from the corresponding AdmissionRequest.", - "allowed": "Allowed indicates whether or not the admission request was permitted.", - "status": "Result contains extra details into why an admission request was denied. This field IS NOT consulted in any way if \"Allowed\" is \"true\".", - "patch": "The patch body. Currently we only support \"JSONPatch\" which implements RFC 6902.", - "patchType": "The type of Patch. Currently we only allow \"JSONPatch\".", - "auditAnnotations": "AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted). MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by the admission webhook to add additional context to the audit log for this request.", - "warnings": "warnings is a list of warning messages to return to the requesting API client. Warning messages describe a problem the client making the API request should correct or be aware of. Limit warnings to 120 characters if possible. Warnings over 256 characters and large numbers of warnings may be truncated.", -} - -func (AdmissionResponse) SwaggerDoc() map[string]string { - return map_AdmissionResponse -} - -var map_AdmissionReview = map[string]string{ - "": "AdmissionReview describes an admission review request/response.", - "request": "Request describes the attributes for the admission request.", - "response": "Response describes the attributes for the admission response.", -} - -func (AdmissionReview) SwaggerDoc() map[string]string { - return map_AdmissionReview -} - -// AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/k8s.io/api/admission/v1beta1/zz_generated.deepcopy.go b/vendor/k8s.io/api/admission/v1beta1/zz_generated.deepcopy.go deleted file mode 100644 index 8234b322f..000000000 --- a/vendor/k8s.io/api/admission/v1beta1/zz_generated.deepcopy.go +++ /dev/null @@ -1,142 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by deepcopy-gen. DO NOT EDIT. - -package v1beta1 - -import ( - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - runtime "k8s.io/apimachinery/pkg/runtime" -) - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionRequest) DeepCopyInto(out *AdmissionRequest) { - *out = *in - out.Kind = in.Kind - out.Resource = in.Resource - if in.RequestKind != nil { - in, out := &in.RequestKind, &out.RequestKind - *out = new(v1.GroupVersionKind) - **out = **in - } - if in.RequestResource != nil { - in, out := &in.RequestResource, &out.RequestResource - *out = new(v1.GroupVersionResource) - **out = **in - } - in.UserInfo.DeepCopyInto(&out.UserInfo) - in.Object.DeepCopyInto(&out.Object) - in.OldObject.DeepCopyInto(&out.OldObject) - if in.DryRun != nil { - in, out := &in.DryRun, &out.DryRun - *out = new(bool) - **out = **in - } - in.Options.DeepCopyInto(&out.Options) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionRequest. -func (in *AdmissionRequest) DeepCopy() *AdmissionRequest { - if in == nil { - return nil - } - out := new(AdmissionRequest) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionResponse) DeepCopyInto(out *AdmissionResponse) { - *out = *in - if in.Result != nil { - in, out := &in.Result, &out.Result - *out = new(v1.Status) - (*in).DeepCopyInto(*out) - } - if in.Patch != nil { - in, out := &in.Patch, &out.Patch - *out = make([]byte, len(*in)) - copy(*out, *in) - } - if in.PatchType != nil { - in, out := &in.PatchType, &out.PatchType - *out = new(PatchType) - **out = **in - } - if in.AuditAnnotations != nil { - in, out := &in.AuditAnnotations, &out.AuditAnnotations - *out = make(map[string]string, len(*in)) - for key, val := range *in { - (*out)[key] = val - } - } - if in.Warnings != nil { - in, out := &in.Warnings, &out.Warnings - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionResponse. -func (in *AdmissionResponse) DeepCopy() *AdmissionResponse { - if in == nil { - return nil - } - out := new(AdmissionResponse) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *AdmissionReview) DeepCopyInto(out *AdmissionReview) { - *out = *in - out.TypeMeta = in.TypeMeta - if in.Request != nil { - in, out := &in.Request, &out.Request - *out = new(AdmissionRequest) - (*in).DeepCopyInto(*out) - } - if in.Response != nil { - in, out := &in.Response, &out.Response - *out = new(AdmissionResponse) - (*in).DeepCopyInto(*out) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AdmissionReview. -func (in *AdmissionReview) DeepCopy() *AdmissionReview { - if in == nil { - return nil - } - out := new(AdmissionReview) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *AdmissionReview) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} diff --git a/vendor/k8s.io/api/admission/v1beta1/zz_generated.prerelease-lifecycle.go b/vendor/k8s.io/api/admission/v1beta1/zz_generated.prerelease-lifecycle.go deleted file mode 100644 index f96e8a443..000000000 --- a/vendor/k8s.io/api/admission/v1beta1/zz_generated.prerelease-lifecycle.go +++ /dev/null @@ -1,50 +0,0 @@ -//go:build !ignore_autogenerated -// +build !ignore_autogenerated - -/* -Copyright The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Code generated by prerelease-lifecycle-gen. DO NOT EDIT. - -package v1beta1 - -import ( - schema "k8s.io/apimachinery/pkg/runtime/schema" -) - -// APILifecycleIntroduced is an autogenerated function, returning the release in which the API struct was introduced as int versions of major and minor for comparison. -// It is controlled by "k8s:prerelease-lifecycle-gen:introduced" tags in types.go. -func (in *AdmissionReview) APILifecycleIntroduced() (major, minor int) { - return 1, 9 -} - -// APILifecycleDeprecated is an autogenerated function, returning the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. -// It is controlled by "k8s:prerelease-lifecycle-gen:deprecated" tags in types.go or "k8s:prerelease-lifecycle-gen:introduced" plus three minor. -func (in *AdmissionReview) APILifecycleDeprecated() (major, minor int) { - return 1, 19 -} - -// APILifecycleReplacement is an autogenerated function, returning the group, version, and kind that should be used instead of this deprecated type. -// It is controlled by "k8s:prerelease-lifecycle-gen:replacement=,," tags in types.go. -func (in *AdmissionReview) APILifecycleReplacement() schema.GroupVersionKind { - return schema.GroupVersionKind{Group: "admission.k8s.io", Version: "v1", Kind: "AdmissionReview"} -} - -// APILifecycleRemoved is an autogenerated function, returning the release in which the API is no longer served as int versions of major and minor for comparison. -// It is controlled by "k8s:prerelease-lifecycle-gen:removed" tags in types.go or "k8s:prerelease-lifecycle-gen:deprecated" plus three minor. -func (in *AdmissionReview) APILifecycleRemoved() (major, minor int) { - return 1, 22 -} diff --git a/vendor/k8s.io/apimachinery/pkg/api/apitesting/fuzzer/fuzzer.go b/vendor/k8s.io/apimachinery/pkg/api/apitesting/fuzzer/fuzzer.go deleted file mode 100644 index f528e9f92..000000000 --- a/vendor/k8s.io/apimachinery/pkg/api/apitesting/fuzzer/fuzzer.go +++ /dev/null @@ -1,52 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fuzzer - -import ( - "math/rand" - - "github.com/google/gofuzz" - - runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer" -) - -// FuzzerFuncs returns a list of func(*SomeType, c fuzz.Continue) functions. -type FuzzerFuncs func(codecs runtimeserializer.CodecFactory) []interface{} - -// FuzzerFor can randomly populate api objects that are destined for version. -func FuzzerFor(funcs FuzzerFuncs, src rand.Source, codecs runtimeserializer.CodecFactory) *fuzz.Fuzzer { - f := fuzz.New().NilChance(.5).NumElements(0, 1) - if src != nil { - f.RandSource(src) - } - f.Funcs(funcs(codecs)...) - return f -} - -// MergeFuzzerFuncs will merge the given funcLists, overriding early funcs with later ones if there first -// argument has the same type. -func MergeFuzzerFuncs(funcs ...FuzzerFuncs) FuzzerFuncs { - return FuzzerFuncs(func(codecs runtimeserializer.CodecFactory) []interface{} { - result := []interface{}{} - for _, f := range funcs { - if f != nil { - result = append(result, f(codecs)...) - } - } - return result - }) -} diff --git a/vendor/k8s.io/apimachinery/pkg/api/apitesting/fuzzer/valuefuzz.go b/vendor/k8s.io/apimachinery/pkg/api/apitesting/fuzzer/valuefuzz.go deleted file mode 100644 index facff57bb..000000000 --- a/vendor/k8s.io/apimachinery/pkg/api/apitesting/fuzzer/valuefuzz.go +++ /dev/null @@ -1,86 +0,0 @@ -/* -Copyright 2017 The Kubernetes Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package fuzzer - -import ( - "reflect" -) - -// ValueFuzz recursively changes all basic type values in an object. Any kind of references will not -// be touch, i.e. the addresses of slices, maps, pointers will stay unchanged. -func ValueFuzz(obj interface{}) { - valueFuzz(reflect.ValueOf(obj)) -} - -func valueFuzz(obj reflect.Value) { - switch obj.Kind() { - case reflect.Array: - for i := 0; i < obj.Len(); i++ { - valueFuzz(obj.Index(i)) - } - case reflect.Slice: - if obj.IsNil() { - // TODO: set non-nil value - } else { - for i := 0; i < obj.Len(); i++ { - valueFuzz(obj.Index(i)) - } - } - case reflect.Interface, reflect.Pointer: - if obj.IsNil() { - // TODO: set non-nil value - } else { - valueFuzz(obj.Elem()) - } - case reflect.Struct: - for i, n := 0, obj.NumField(); i < n; i++ { - valueFuzz(obj.Field(i)) - } - case reflect.Map: - if obj.IsNil() { - // TODO: set non-nil value - } else { - for _, k := range obj.MapKeys() { - // map values are not addressable. We need a copy. - v := obj.MapIndex(k) - copy := reflect.New(v.Type()) - copy.Elem().Set(v) - valueFuzz(copy.Elem()) - obj.SetMapIndex(k, copy.Elem()) - } - // TODO: set some new value - } - case reflect.Func: // ignore, we don't have function types in our API - default: - if !obj.CanSet() { - return - } - switch obj.Kind() { - case reflect.String: - obj.SetString(obj.String() + "x") - case reflect.Bool: - obj.SetBool(!obj.Bool()) - case reflect.Float32, reflect.Float64: - obj.SetFloat(obj.Float()*2.0 + 1.0) - case reflect.Int8, reflect.Int16, reflect.Int32, reflect.Int64, reflect.Int: - obj.SetInt(obj.Int() + 1) - case reflect.Uint8, reflect.Uint16, reflect.Uint32, reflect.Uint64, reflect.Uint: - obj.SetUint(obj.Uint() + 1) - default: - } - } -} diff --git a/vendor/modules.txt b/vendor/modules.txt index e18713ed8..17a278da0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -20,10 +20,6 @@ github.com/emicklei/go-restful/v3/log # github.com/evanphx/json-patch v5.9.0+incompatible ## explicit github.com/evanphx/json-patch -# github.com/fsnotify/fsnotify v1.8.0 -## explicit; go 1.17 -github.com/fsnotify/fsnotify -github.com/fsnotify/fsnotify/internal # github.com/fxamacker/cbor/v2 v2.7.0 ## explicit; go 1.17 github.com/fxamacker/cbor/v2 @@ -354,8 +350,6 @@ gopkg.in/yaml.v2 gopkg.in/yaml.v3 # k8s.io/api v0.31.0 => k8s.io/api v0.31.0 ## explicit; go 1.22.0 -k8s.io/api/admission/v1 -k8s.io/api/admission/v1beta1 k8s.io/api/admissionregistration/v1 k8s.io/api/admissionregistration/v1alpha1 k8s.io/api/admissionregistration/v1beta1 @@ -414,7 +408,6 @@ k8s.io/api/storage/v1beta1 k8s.io/api/storagemigration/v1alpha1 # k8s.io/apimachinery v0.31.0 => k8s.io/apimachinery v0.31.0 ## explicit; go 1.22.0 -k8s.io/apimachinery/pkg/api/apitesting/fuzzer k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors k8s.io/apimachinery/pkg/api/meta