Merge pull request #61800 from rithujohn191/remove-gopass

Automatic merge from submit-queue (batch tested with PRs 61818, 61800). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Replace gopass.GetPasswdMasked() by terminal.ReadPassword() **What this PR does / why we need it**: Replace `gopass.GetPasswdMasked()` used for reading passwords from the terminal with [`terminal.ReadPassword()`](https://godoc.org/golang.org/x/crypto/ssh/terminal#ReadPassword). This removes the `gopass` import. **Special notes for your reviewer**: Ran the following commands to update `godep` files: ``` ./hack/godep-restore.sh -v ./hack/godep-save.sh ./hack/update-staging-godeps.sh ./hack/update-bazel.sh ``` /sig auth /kind enhancement /assign @ericchiang ```release-note NONE ``` Kubernetes-commit: a5133305a9f347c79c20c5785d41cc9400be895e
2026-04-12 00:00:26 +08:00 · 2018-04-03 03:28:03 -07:00
parent fac24b192a ee0bf66a6b
commit 96b07c14ac
42 changed files with 687 additions and 1288 deletions
@@ -33,6 +33,7 @@ import "k8s.io/apimachinery/pkg/util/intstr/generated.proto";
 option go_package = "v1beta1";

 // AllowedFlexVolume represents a single Flexvolume that is allowed to be used.
+// Deprecated: use AllowedFlexVolume from policy API Group instead.
 message AllowedFlexVolume {
  // driver is the name of the Flexvolume driver.
  optional string driver = 1;
@@ -40,6 +41,7 @@ message AllowedFlexVolume {

 // AllowedHostPath defines the host volume conditions that will be enabled by a policy
 // for pods to use. It requires the path prefix to be defined.
+// Deprecated: use AllowedHostPath from policy API Group instead.
 message AllowedHostPath {
  // pathPrefix is the path prefix that the host volume must match.
  // It does not support `*`.
@@ -409,6 +411,7 @@ message DeploymentStrategy {
 }

 // FSGroupStrategyOptions defines the strategy type and options used to create the strategy.
+// Deprecated: use FSGroupStrategyOptions from policy API Group instead.
 message FSGroupStrategyOptions {
  // rule is the strategy that will dictate what FSGroup is used in the SecurityContext.
  // +optional
@@ -450,6 +453,7 @@ message HTTPIngressRuleValue {

 // HostPortRange defines a range of host ports that will be enabled by a policy
 // for pods to use.  It requires both the start and end to be defined.
+// Deprecated: use HostPortRange from policy API Group instead.
 message HostPortRange {
  // min is the start of the range, inclusive.
  optional int32 min = 1;
@@ -459,6 +463,7 @@ message HostPortRange {
 }

 // IDRange provides a min/max of an allowed range of IDs.
+// Deprecated: use IDRange from policy API Group instead.
 message IDRange {
  // min is the start of the range, inclusive.
  optional int64 min = 1;
@@ -678,20 +683,26 @@ message NetworkPolicyList {

 // DEPRECATED 1.9 - This group version of NetworkPolicyPeer is deprecated by networking/v1/NetworkPolicyPeer.
 message NetworkPolicyPeer {
-  // This is a label selector which selects Pods in this namespace.
-  // This field follows standard label selector semantics.
-  // If present but empty, this selector selects all pods in this namespace.
+  // This is a label selector which selects Pods. This field follows standard label
+  // selector semantics; if present but empty, it selects all pods.
+  // 
+  // If NamespaceSelector is also set, then the NetworkPolicyPeer as a whole selects
+  // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
+  // Otherwise it selects the Pods matching PodSelector in the policy's own Namespace.
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector podSelector = 1;

-  // Selects Namespaces using cluster scoped-labels.  This
-  // matches all pods in all namespaces selected by this label selector.
-  // This field follows standard label selector semantics.
-  // If present but empty, this selector selects all namespaces.
+  // Selects Namespaces using cluster-scoped labels. This field follows standard label
+  // selector semantics; if present but empty, it selects all namespaces.
+  // 
+  // If PodSelector is also set, then the NetworkPolicyPeer as a whole selects
+  // the Pods matching PodSelector in the Namespaces selected by NamespaceSelector.
+  // Otherwise it selects all Pods in the Namespaces selected by NamespaceSelector.
  // +optional
  optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector namespaceSelector = 2;

-  // IPBlock defines policy on a particular IPBlock
+  // IPBlock defines policy on a particular IPBlock. If this field is set then
+  // neither of the other fields can be.
  // +optional
  optional IPBlock ipBlock = 3;
 }
@@ -757,6 +768,7 @@ message NetworkPolicySpec {

 // PodSecurityPolicy governs the ability to make requests that affect the Security Context
 // that will be applied to a pod and container.
+// Deprecated: use PodSecurityPolicy from policy API Group instead.
 message PodSecurityPolicy {
  // Standard object's metadata.
  // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
@@ -769,6 +781,7 @@ message PodSecurityPolicy {
 }

 // PodSecurityPolicyList is a list of PodSecurityPolicy objects.
+// Deprecated: use PodSecurityPolicyList from policy API Group instead.
 message PodSecurityPolicyList {
  // Standard list metadata.
  // More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
@@ -780,6 +793,7 @@ message PodSecurityPolicyList {
 }

 // PodSecurityPolicySpec defines the policy enforced.
+// Deprecated: use PodSecurityPolicySpec from policy API Group instead.
 message PodSecurityPolicySpec {
  // privileged determines if a pod can request to be run as privileged.
  // +optional
@@ -1043,6 +1057,7 @@ message RollingUpdateDeployment {
 }

 // RunAsUserStrategyOptions defines the strategy type and any options used to create the strategy.
+// Deprecated: use RunAsUserStrategyOptions from policy API Group instead.
 message RunAsUserStrategyOptions {
  // rule is the strategy that will dictate the allowable RunAsUser values that may be set.
  optional string rule = 1;
@@ -1054,6 +1069,7 @@ message RunAsUserStrategyOptions {
 }

 // SELinuxStrategyOptions defines the strategy type and any options used to create the strategy.
+// Deprecated: use SELinuxStrategyOptions from policy API Group instead.
 message SELinuxStrategyOptions {
  // rule is the strategy that will dictate the allowable labels that may be set.
  optional string rule = 1;
@@ -1106,6 +1122,7 @@ message ScaleStatus {
 }

 // SupplementalGroupsStrategyOptions defines the strategy type and options used to create the strategy.
+// Deprecated: use SupplementalGroupsStrategyOptions from policy API Group instead.
 message SupplementalGroupsStrategyOptions {
  // rule is the strategy that will dictate what supplemental groups is used in the SecurityContext.
  // +optional