Merge pull request #59793 from nikhita/staging-repos-boilerplate

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. staging: add boilerplate header Follow up of https://github.com/kubernetes/kubernetes/pull/57656. Adds boilerplate in the relevant staging repos so that they don't need to depend on code-generator's boilerplate. **Release note**: ```release-note NONE ``` /cc sttts fisherxu Kubernetes-commit: 1a1643bb5df07d94330e1b16d182cee660533f91
2026-05-01 00:00:03 +08:00 · 2018-02-22 20:38:30 -08:00
parent 0236239fbb 16c374870f
commit 8a511b140e
50 changed files with 8340 additions and 2218 deletions
@@ -198,6 +198,8 @@ func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource
 		// Group=policy, Version=v1beta1
 	case policy_v1beta1.SchemeGroupVersion.WithResource("poddisruptionbudgets"):
 		return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1beta1().PodDisruptionBudgets().Informer()}, nil
+	case policy_v1beta1.SchemeGroupVersion.WithResource("podsecuritypolicies"):
+		return &genericInformer{resource: resource.GroupResource(), informer: f.Policy().V1beta1().PodSecurityPolicies().Informer()}, nil

 		// Group=rbac.authorization.k8s.io, Version=v1
 	case rbac_v1.SchemeGroupVersion.WithResource("clusterroles"):
@@ -10,6 +10,7 @@ go_library(
    srcs = [
        "interface.go",
        "poddisruptionbudget.go",
+        "podsecuritypolicy.go",
    ],
    importpath = "k8s.io/client-go/informers/policy/v1beta1",
    deps = [
@@ -26,6 +26,8 @@ import (
 type Interface interface {
 	// PodDisruptionBudgets returns a PodDisruptionBudgetInformer.
 	PodDisruptionBudgets() PodDisruptionBudgetInformer
+	// PodSecurityPolicies returns a PodSecurityPolicyInformer.
+	PodSecurityPolicies() PodSecurityPolicyInformer
 }

 type version struct {
@@ -43,3 +45,8 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
 func (v *version) PodDisruptionBudgets() PodDisruptionBudgetInformer {
 	return &podDisruptionBudgetInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions}
 }
+
+// PodSecurityPolicies returns a PodSecurityPolicyInformer.
+func (v *version) PodSecurityPolicies() PodSecurityPolicyInformer {
+	return &podSecurityPolicyInformer{factory: v.factory, tweakListOptions: v.tweakListOptions}
+}
@@ -0,0 +1,88 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file was automatically generated by informer-gen
+
+package v1beta1
+
+import (
+	time "time"
+
+	policy_v1beta1 "k8s.io/api/policy/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	runtime "k8s.io/apimachinery/pkg/runtime"
+	watch "k8s.io/apimachinery/pkg/watch"
+	internalinterfaces "k8s.io/client-go/informers/internalinterfaces"
+	kubernetes "k8s.io/client-go/kubernetes"
+	v1beta1 "k8s.io/client-go/listers/policy/v1beta1"
+	cache "k8s.io/client-go/tools/cache"
+)
+
+// PodSecurityPolicyInformer provides access to a shared informer and lister for
+// PodSecurityPolicies.
+type PodSecurityPolicyInformer interface {
+	Informer() cache.SharedIndexInformer
+	Lister() v1beta1.PodSecurityPolicyLister
+}
+
+type podSecurityPolicyInformer struct {
+	factory          internalinterfaces.SharedInformerFactory
+	tweakListOptions internalinterfaces.TweakListOptionsFunc
+}
+
+// NewPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer {
+	return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, indexers, nil)
+}
+
+// NewFilteredPodSecurityPolicyInformer constructs a new informer for PodSecurityPolicy type.
+// Always prefer using an informer factory to get a shared informer instead of getting an independent
+// one. This reduces memory footprint and number of connections to the server.
+func NewFilteredPodSecurityPolicyInformer(client kubernetes.Interface, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer {
+	return cache.NewSharedIndexInformer(
+		&cache.ListWatch{
+			ListFunc: func(options v1.ListOptions) (runtime.Object, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.PolicyV1beta1().PodSecurityPolicies().List(options)
+			},
+			WatchFunc: func(options v1.ListOptions) (watch.Interface, error) {
+				if tweakListOptions != nil {
+					tweakListOptions(&options)
+				}
+				return client.PolicyV1beta1().PodSecurityPolicies().Watch(options)
+			},
+		},
+		&policy_v1beta1.PodSecurityPolicy{},
+		resyncPeriod,
+		indexers,
+	)
+}
+
+func (f *podSecurityPolicyInformer) defaultInformer(client kubernetes.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer {
+	return NewFilteredPodSecurityPolicyInformer(client, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions)
+}
+
+func (f *podSecurityPolicyInformer) Informer() cache.SharedIndexInformer {
+	return f.factory.InformerFor(&policy_v1beta1.PodSecurityPolicy{}, f.defaultInformer)
+}
+
+func (f *podSecurityPolicyInformer) Lister() v1beta1.PodSecurityPolicyLister {
+	return v1beta1.NewPodSecurityPolicyLister(f.Informer().GetIndexer())
+}
@@ -32,9 +32,11 @@ go_library(
        "service.go",
        "service_expansion.go",
        "serviceaccount.go",
+        "serviceaccount_expansion.go",
    ],
    importpath = "k8s.io/client-go/kubernetes/typed/core/v1",
    deps = [
+        "//vendor/k8s.io/api/authentication/v1:go_default_library",
        "//vendor/k8s.io/api/core/v1:go_default_library",
        "//vendor/k8s.io/api/extensions/v1beta1:go_default_library",
        "//vendor/k8s.io/api/policy/v1beta1:go_default_library",
@@ -35,5 +35,3 @@ type ReplicationControllerExpansion interface{}
 type ResourceQuotaExpansion interface{}

 type SecretExpansion interface{}
-
-type ServiceAccountExpansion interface{}
@@ -0,0 +1,41 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	authenticationv1 "k8s.io/api/authentication/v1"
+)
+
+// The ServiceAccountExpansion interface allows manually adding extra methods
+// to the ServiceAccountInterface.
+type ServiceAccountExpansion interface {
+	CreateToken(name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error)
+}
+
+// CreateToken creates a new token for a serviceaccount.
+func (c *serviceAccounts) CreateToken(name string, tr *authenticationv1.TokenRequest) (*authenticationv1.TokenRequest, error) {
+	result := &authenticationv1.TokenRequest{}
+	err := c.client.Post().
+		Namespace(c.ns).
+		Resource("serviceaccounts").
+		SubResource("token").
+		Name(name).
+		Body(tr).
+		Do().
+		Into(result)
+	return result, err
+}
@@ -13,6 +13,7 @@ go_library(
        "eviction_expansion.go",
        "generated_expansion.go",
        "poddisruptionbudget.go",
+        "podsecuritypolicy.go",
        "policy_client.go",
    ],
    importpath = "k8s.io/client-go/kubernetes/typed/policy/v1beta1",
@@ -17,3 +17,5 @@ limitations under the License.
 package v1beta1

 type PodDisruptionBudgetExpansion interface{}
+
+type PodSecurityPolicyExpansion interface{}
@@ -0,0 +1,145 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	v1beta1 "k8s.io/api/policy/v1beta1"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	types "k8s.io/apimachinery/pkg/types"
+	watch "k8s.io/apimachinery/pkg/watch"
+	scheme "k8s.io/client-go/kubernetes/scheme"
+	rest "k8s.io/client-go/rest"
+)
+
+// PodSecurityPoliciesGetter has a method to return a PodSecurityPolicyInterface.
+// A group's client should implement this interface.
+type PodSecurityPoliciesGetter interface {
+	PodSecurityPolicies() PodSecurityPolicyInterface
+}
+
+// PodSecurityPolicyInterface has methods to work with PodSecurityPolicy resources.
+type PodSecurityPolicyInterface interface {
+	Create(*v1beta1.PodSecurityPolicy) (*v1beta1.PodSecurityPolicy, error)
+	Update(*v1beta1.PodSecurityPolicy) (*v1beta1.PodSecurityPolicy, error)
+	Delete(name string, options *v1.DeleteOptions) error
+	DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error
+	Get(name string, options v1.GetOptions) (*v1beta1.PodSecurityPolicy, error)
+	List(opts v1.ListOptions) (*v1beta1.PodSecurityPolicyList, error)
+	Watch(opts v1.ListOptions) (watch.Interface, error)
+	Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1beta1.PodSecurityPolicy, err error)
+	PodSecurityPolicyExpansion
+}
+
+// podSecurityPolicies implements PodSecurityPolicyInterface
+type podSecurityPolicies struct {
+	client rest.Interface
+}
+
+// newPodSecurityPolicies returns a PodSecurityPolicies
+func newPodSecurityPolicies(c *PolicyV1beta1Client) *podSecurityPolicies {
+	return &podSecurityPolicies{
+		client: c.RESTClient(),
+	}
+}
+
+// Get takes name of the podSecurityPolicy, and returns the corresponding podSecurityPolicy object, and an error if there is any.
+func (c *podSecurityPolicies) Get(name string, options v1.GetOptions) (result *v1beta1.PodSecurityPolicy, err error) {
+	result = &v1beta1.PodSecurityPolicy{}
+	err = c.client.Get().
+		Resource("podsecuritypolicies").
+		Name(name).
+		VersionedParams(&options, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// List takes label and field selectors, and returns the list of PodSecurityPolicies that match those selectors.
+func (c *podSecurityPolicies) List(opts v1.ListOptions) (result *v1beta1.PodSecurityPolicyList, err error) {
+	result = &v1beta1.PodSecurityPolicyList{}
+	err = c.client.Get().
+		Resource("podsecuritypolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Do().
+		Into(result)
+	return
+}
+
+// Watch returns a watch.Interface that watches the requested podSecurityPolicies.
+func (c *podSecurityPolicies) Watch(opts v1.ListOptions) (watch.Interface, error) {
+	opts.Watch = true
+	return c.client.Get().
+		Resource("podsecuritypolicies").
+		VersionedParams(&opts, scheme.ParameterCodec).
+		Watch()
+}
+
+// Create takes the representation of a podSecurityPolicy and creates it.  Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
+func (c *podSecurityPolicies) Create(podSecurityPolicy *v1beta1.PodSecurityPolicy) (result *v1beta1.PodSecurityPolicy, err error) {
+	result = &v1beta1.PodSecurityPolicy{}
+	err = c.client.Post().
+		Resource("podsecuritypolicies").
+		Body(podSecurityPolicy).
+		Do().
+		Into(result)
+	return
+}
+
+// Update takes the representation of a podSecurityPolicy and updates it. Returns the server's representation of the podSecurityPolicy, and an error, if there is any.
+func (c *podSecurityPolicies) Update(podSecurityPolicy *v1beta1.PodSecurityPolicy) (result *v1beta1.PodSecurityPolicy, err error) {
+	result = &v1beta1.PodSecurityPolicy{}
+	err = c.client.Put().
+		Resource("podsecuritypolicies").
+		Name(podSecurityPolicy.Name).
+		Body(podSecurityPolicy).
+		Do().
+		Into(result)
+	return
+}
+
+// Delete takes name of the podSecurityPolicy and deletes it. Returns an error if one occurs.
+func (c *podSecurityPolicies) Delete(name string, options *v1.DeleteOptions) error {
+	return c.client.Delete().
+		Resource("podsecuritypolicies").
+		Name(name).
+		Body(options).
+		Do().
+		Error()
+}
+
+// DeleteCollection deletes a collection of objects.
+func (c *podSecurityPolicies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error {
+	return c.client.Delete().
+		Resource("podsecuritypolicies").
+		VersionedParams(&listOptions, scheme.ParameterCodec).
+		Body(options).
+		Do().
+		Error()
+}
+
+// Patch applies the patch and returns the patched podSecurityPolicy.
+func (c *podSecurityPolicies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1beta1.PodSecurityPolicy, err error) {
+	result = &v1beta1.PodSecurityPolicy{}
+	err = c.client.Patch(pt).
+		Resource("podsecuritypolicies").
+		SubResource(subresources...).
+		Name(name).
+		Body(data).
+		Do().
+		Into(result)
+	return
+}
@@ -27,6 +27,7 @@ type PolicyV1beta1Interface interface {
 	RESTClient() rest.Interface
 	EvictionsGetter
 	PodDisruptionBudgetsGetter
+	PodSecurityPoliciesGetter
 }

 // PolicyV1beta1Client is used to interact with features provided by the policy group.
@@ -42,6 +43,10 @@ func (c *PolicyV1beta1Client) PodDisruptionBudgets(namespace string) PodDisrupti
 	return newPodDisruptionBudgets(c, namespace)
 }

+func (c *PolicyV1beta1Client) PodSecurityPolicies() PodSecurityPolicyInterface {
+	return newPodSecurityPolicies(c)
+}
+
 // NewForConfig creates a new PolicyV1beta1Client for the given config.
 func NewForConfig(c *rest.Config) (*PolicyV1beta1Client, error) {
 	config := *c
@@ -12,6 +12,7 @@ go_library(
        "expansion_generated.go",
        "poddisruptionbudget.go",
        "poddisruptionbudget_expansion.go",
+        "podsecuritypolicy.go",
    ],
    importpath = "k8s.io/client-go/listers/policy/v1beta1",
    deps = [
@@ -25,3 +25,7 @@ type EvictionListerExpansion interface{}
 // EvictionNamespaceListerExpansion allows custom methods to be added to
 // EvictionNamespaceLister.
 type EvictionNamespaceListerExpansion interface{}
+
+// PodSecurityPolicyListerExpansion allows custom methods to be added to
+// PodSecurityPolicyLister.
+type PodSecurityPolicyListerExpansion interface{}
@@ -0,0 +1,65 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file was automatically generated by lister-gen
+
+package v1beta1
+
+import (
+	v1beta1 "k8s.io/api/policy/v1beta1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/labels"
+	"k8s.io/client-go/tools/cache"
+)
+
+// PodSecurityPolicyLister helps list PodSecurityPolicies.
+type PodSecurityPolicyLister interface {
+	// List lists all PodSecurityPolicies in the indexer.
+	List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error)
+	// Get retrieves the PodSecurityPolicy from the index for a given name.
+	Get(name string) (*v1beta1.PodSecurityPolicy, error)
+	PodSecurityPolicyListerExpansion
+}
+
+// podSecurityPolicyLister implements the PodSecurityPolicyLister interface.
+type podSecurityPolicyLister struct {
+	indexer cache.Indexer
+}
+
+// NewPodSecurityPolicyLister returns a new PodSecurityPolicyLister.
+func NewPodSecurityPolicyLister(indexer cache.Indexer) PodSecurityPolicyLister {
+	return &podSecurityPolicyLister{indexer: indexer}
+}
+
+// List lists all PodSecurityPolicies in the indexer.
+func (s *podSecurityPolicyLister) List(selector labels.Selector) (ret []*v1beta1.PodSecurityPolicy, err error) {
+	err = cache.ListAll(s.indexer, selector, func(m interface{}) {
+		ret = append(ret, m.(*v1beta1.PodSecurityPolicy))
+	})
+	return ret, err
+}
+
+// Get retrieves the PodSecurityPolicy from the index for a given name.
+func (s *podSecurityPolicyLister) Get(name string) (*v1beta1.PodSecurityPolicy, error) {
+	obj, exists, err := s.indexer.GetByKey(name)
+	if err != nil {
+		return nil, err
+	}
+	if !exists {
+		return nil, errors.NewNotFound(v1beta1.Resource("podsecuritypolicy"), name)
+	}
+	return obj.(*v1beta1.PodSecurityPolicy), nil
+}
@@ -138,23 +138,50 @@ func MakeEllipticPrivateKeyPEM() ([]byte, error) {
 // Host may be an IP or a DNS name
 // You may also specify additional subject alt names (either ip or dns names) for the certificate
 func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error) {
+	caKey, err := rsa.GenerateKey(cryptorand.Reader, 2048)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	caTemplate := x509.Certificate{
+		SerialNumber: big.NewInt(1),
+		Subject: pkix.Name{
+			CommonName: fmt.Sprintf("%s-ca@%d", host, time.Now().Unix()),
+		},
+		NotBefore: time.Now(),
+		NotAfter:  time.Now().Add(time.Hour * 24 * 365),
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		BasicConstraintsValid: true,
+		IsCA: true,
+	}
+
+	caDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &caTemplate, &caTemplate, &caKey.PublicKey, caKey)
+	if err != nil {
+		return nil, nil, err
+	}
+
+	caCertificate, err := x509.ParseCertificate(caDERBytes)
+	if err != nil {
+		return nil, nil, err
+	}
+
 	priv, err := rsa.GenerateKey(cryptorand.Reader, 2048)
 	if err != nil {
 		return nil, nil, err
 	}

 	template := x509.Certificate{
-		SerialNumber: big.NewInt(1),
+		SerialNumber: big.NewInt(2),
 		Subject: pkix.Name{
 			CommonName: fmt.Sprintf("%s@%d", host, time.Now().Unix()),
 		},
 		NotBefore: time.Now(),
 		NotAfter:  time.Now().Add(time.Hour * 24 * 365),

-		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
+		KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
 		ExtKeyUsage:           []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
 		BasicConstraintsValid: true,
-		IsCA: true,
 	}

 	if ip := net.ParseIP(host); ip != nil {
@@ -166,16 +193,19 @@ func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS
 	template.IPAddresses = append(template.IPAddresses, alternateIPs...)
 	template.DNSNames = append(template.DNSNames, alternateDNS...)

-	derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, &template, &priv.PublicKey, priv)
+	derBytes, err := x509.CreateCertificate(cryptorand.Reader, &template, caCertificate, &priv.PublicKey, caKey)
 	if err != nil {
 		return nil, nil, err
 	}

-	// Generate cert
+	// Generate cert, followed by ca
 	certBuffer := bytes.Buffer{}
 	if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: derBytes}); err != nil {
 		return nil, nil, err
 	}
+	if err := pem.Encode(&certBuffer, &pem.Block{Type: CertificateBlockType, Bytes: caDERBytes}); err != nil {
+		return nil, nil, err
+	}

 	// Generate key
 	keyBuffer := bytes.Buffer{}