Remove imports of k8s.io/client-go/pkg/api

pkg/apis/authentication/v1/types.go

@@ -22,6 +22,21 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
+const (
+	// ImpersonateUserHeader is used to impersonate a particular user during an API server request
+	ImpersonateUserHeader = "Impersonate-User"
+
+	// ImpersonateGroupHeader is used to impersonate a particular group during an API server request.
+	// It can be repeated multiplied times for multiple groups.
+	ImpersonateGroupHeader = "Impersonate-Group"
+
+	// ImpersonateUserExtraHeaderPrefix is a prefix for any header used to impersonate an entry in the
+	// extra map[string][]string for user.Info.  The key will be every after the prefix.
+	// It can be repeated multiplied times for multiple map keys and the same key can be repeated multiple
+	// times to have multiple elements in the slice under a single key
+	ImpersonateUserExtraHeaderPrefix = "Impersonate-Extra-"
+)
+
 // +genclient=true
 // +nonNamespaced=true
 // +noMethods=true

staging/copy.sh

@@ -195,6 +195,7 @@ function mvfolder {
 }
 
 mvfolder "pkg/client/clientset_generated/${CLIENTSET}" kubernetes
+rm -f "${CLIENT_REPO_TEMP}/kubernetes/import_known_versions.go"
 mvfolder "pkg/client/informers/informers_generated/externalversions" informers
 mvfolder "pkg/client/listers" listers
 if [ "$(find "${CLIENT_REPO_TEMP}"/pkg/client -type f -name "*.go")" ]; then

staging/src/k8s.io/apiserver/pkg/endpoints/filters/BUILD

@@ -54,7 +54,8 @@ go_library(
         "//vendor/k8s.io/apiserver/pkg/endpoints/handlers/responsewriters:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/server/httplog:go_default_library",
-        "//vendor/k8s.io/client-go/pkg/api:go_default_library",
+        "//vendor/k8s.io/client-go/pkg/api/v1:go_default_library",
         "//vendor/k8s.io/client-go/pkg/apis/authentication:go_default_library",
+        "//vendor/k8s.io/client-go/pkg/apis/authentication/v1:go_default_library",
     ],
 )

staging/src/k8s.io/apiserver/pkg/endpoints/filters/impersonation.go

@@ -30,8 +30,8 @@ import (
 	"k8s.io/apiserver/pkg/endpoints/handlers/responsewriters"
 	"k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/apiserver/pkg/server/httplog"
-	"k8s.io/client-go/pkg/api"
-	authenticationapi "k8s.io/client-go/pkg/apis/authentication"
+	"k8s.io/client-go/pkg/api/v1"
+	authenticationv1 "k8s.io/client-go/pkg/apis/authentication/v1"
 )
 
 // WithImpersonation is a filter that will inspect and check requests that attempt to change the user.Info for their requests
@@ -61,7 +61,7 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques
 
 		// if groups are not specified, then we need to look them up differently depending on the type of user
 		// if they are specified, then they are the authority (including the inclusion of system:authenticated/system:unauthenticated groups)
-		groupsSpecified := len(req.Header[authenticationapi.ImpersonateGroupHeader]) > 0
+		groupsSpecified := len(req.Header[authenticationv1.ImpersonateGroupHeader]) > 0
 
 		// make sure we're allowed to impersonate each thing we're requesting.  While we're iterating through, start building username
 		// and group information
@@ -79,23 +79,23 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques
 			}
 
 			switch impersonationRequest.GetObjectKind().GroupVersionKind().GroupKind() {
-			case api.Kind("ServiceAccount"):
+			case v1.SchemeGroupVersion.WithKind("ServiceAccount").GroupKind():
 				actingAsAttributes.Resource = "serviceaccounts"
 				username = serviceaccount.MakeUsername(impersonationRequest.Namespace, impersonationRequest.Name)
 				if !groupsSpecified {
 					// if groups aren't specified for a service account, we know the groups because its a fixed mapping.  Add them
 					groups = serviceaccount.MakeGroupNames(impersonationRequest.Namespace, impersonationRequest.Name)
 				}
 
-			case api.Kind("User"):
+			case v1.SchemeGroupVersion.WithKind("User").GroupKind():
 				actingAsAttributes.Resource = "users"
 				username = impersonationRequest.Name
 
-			case api.Kind("Group"):
+			case v1.SchemeGroupVersion.WithKind("Group").GroupKind():
 				actingAsAttributes.Resource = "groups"
 				groups = append(groups, impersonationRequest.Name)
 
-			case authenticationapi.Kind("UserExtra"):
+			case authenticationv1.SchemeGroupVersion.WithKind("UserExtra").GroupKind():
 				extraKey := impersonationRequest.FieldPath
 				extraValue := impersonationRequest.Name
 				actingAsAttributes.Resource = "userextras"
@@ -143,10 +143,10 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques
 		httplog.LogOf(req, w).Addf("%v is acting as %v", oldUser, newUser)
 
 		// clear all the impersonation headers from the request
-		req.Header.Del(authenticationapi.ImpersonateUserHeader)
-		req.Header.Del(authenticationapi.ImpersonateGroupHeader)
+		req.Header.Del(authenticationv1.ImpersonateUserHeader)
+		req.Header.Del(authenticationv1.ImpersonateGroupHeader)
 		for headerName := range req.Header {
-			if strings.HasPrefix(headerName, authenticationapi.ImpersonateUserExtraHeaderPrefix) {
+			if strings.HasPrefix(headerName, authenticationv1.ImpersonateUserExtraHeaderPrefix) {
 				req.Header.Del(headerName)
 			}
 		}
@@ -158,42 +158,42 @@ func WithImpersonation(handler http.Handler, requestContextMapper request.Reques
 // buildImpersonationRequests returns a list of objectreferences that represent the different things we're requesting to impersonate.
 // Also includes a map[string][]string representing user.Info.Extra
 // Each request must be authorized against the current user before switching contexts.
-func buildImpersonationRequests(headers http.Header) ([]api.ObjectReference, error) {
-	impersonationRequests := []api.ObjectReference{}
+func buildImpersonationRequests(headers http.Header) ([]v1.ObjectReference, error) {
+	impersonationRequests := []v1.ObjectReference{}
 
-	requestedUser := headers.Get(authenticationapi.ImpersonateUserHeader)
+	requestedUser := headers.Get(authenticationv1.ImpersonateUserHeader)
 	hasUser := len(requestedUser) > 0
 	if hasUser {
 		if namespace, name, err := serviceaccount.SplitUsername(requestedUser); err == nil {
-			impersonationRequests = append(impersonationRequests, api.ObjectReference{Kind: "ServiceAccount", Namespace: namespace, Name: name})
+			impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "ServiceAccount", Namespace: namespace, Name: name})
 		} else {
-			impersonationRequests = append(impersonationRequests, api.ObjectReference{Kind: "User", Name: requestedUser})
+			impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "User", Name: requestedUser})
 		}
 	}
 
 	hasGroups := false
-	for _, group := range headers[authenticationapi.ImpersonateGroupHeader] {
+	for _, group := range headers[authenticationv1.ImpersonateGroupHeader] {
 		hasGroups = true
-		impersonationRequests = append(impersonationRequests, api.ObjectReference{Kind: "Group", Name: group})
+		impersonationRequests = append(impersonationRequests, v1.ObjectReference{Kind: "Group", Name: group})
 	}
 
 	hasUserExtra := false
 	for headerName, values := range headers {
-		if !strings.HasPrefix(headerName, authenticationapi.ImpersonateUserExtraHeaderPrefix) {
+		if !strings.HasPrefix(headerName, authenticationv1.ImpersonateUserExtraHeaderPrefix) {
 			continue
 		}
 
 		hasUserExtra = true
-		extraKey := strings.ToLower(headerName[len(authenticationapi.ImpersonateUserExtraHeaderPrefix):])
+		extraKey := strings.ToLower(headerName[len(authenticationv1.ImpersonateUserExtraHeaderPrefix):])
 
 		// make a separate request for each extra value they're trying to set
 		for _, value := range values {
 			impersonationRequests = append(impersonationRequests,
-				api.ObjectReference{
+				v1.ObjectReference{
 					Kind: "UserExtra",
 					// we only parse out a group above, but the parsing will fail if there isn't SOME version
 					// using the internal version will help us fail if anyone starts using it
-					APIVersion: authenticationapi.SchemeGroupVersion.String(),
+					APIVersion: authenticationv1.SchemeGroupVersion.String(),
 					Name:       value,
 					// ObjectReference doesn't have a subresource field.  FieldPath is close and available, so we'll use that
 					// TODO fight the good fight for ObjectReference to refer to resources and subresources

staging/src/k8s.io/apiserver/pkg/registry/generic/rest/BUILD

@@ -28,7 +28,7 @@ go_test(
         "//vendor/k8s.io/apiserver/pkg/features:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/util/proxy:go_default_library",
-        "//vendor/k8s.io/client-go/pkg/api:go_default_library",
+        "//vendor/k8s.io/client-go/pkg/api/v1:go_default_library",
     ],
 )
 

staging/src/k8s.io/apiserver/pkg/registry/generic/rest/response_checker_test.go

@@ -26,11 +26,11 @@ import (
 	"testing"
 
 	"k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/client-go/pkg/api"
+	"k8s.io/client-go/pkg/api/v1"
 )
 
 func TestGenericHttpResponseChecker(t *testing.T) {
-	responseChecker := NewGenericHttpResponseChecker(api.Resource("pods"), "foo")
+	responseChecker := NewGenericHttpResponseChecker(v1.Resource("pods"), "foo")
 	tests := []struct {
 		resp        *http.Response
 		expectError bool
@@ -79,7 +79,7 @@ func TestGenericHttpResponseChecker(t *testing.T) {
 }
 
 func TestGenericHttpResponseCheckerLimitReader(t *testing.T) {
-	responseChecker := NewGenericHttpResponseChecker(api.Resource("pods"), "foo")
+	responseChecker := NewGenericHttpResponseChecker(v1.Resource("pods"), "foo")
 	excessedString := strings.Repeat("a", (maxReadLength + 10000))
 	resp := &http.Response{
 		Body:       ioutil.NopCloser(bytes.NewBufferString(excessedString)),

staging/src/k8s.io/apiserver/pkg/storage/BUILD

@@ -30,7 +30,8 @@ go_test(
         "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/watch:go_default_library",
-        "//vendor/k8s.io/client-go/pkg/api:go_default_library",
+        "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library",
+        "//vendor/k8s.io/client-go/pkg/api/v1:go_default_library",
         "//vendor/k8s.io/client-go/tools/cache:go_default_library",
         "//vendor/k8s.io/client-go/util/clock:go_default_library",
     ],

staging/src/k8s.io/apiserver/pkg/storage/cacher_whitebox_test.go

@@ -24,7 +24,8 @@ import (
 	"k8s.io/apimachinery/pkg/fields"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/util/wait"
-	"k8s.io/client-go/pkg/api"
+	"k8s.io/client-go/kubernetes/scheme"
+	"k8s.io/client-go/pkg/api/v1"
 )
 
 // verifies the cacheWatcher.process goroutine is properly cleaned up even if
@@ -39,12 +40,12 @@ func TestCacheWatcherCleanupNotBlockedByResult(t *testing.T) {
 		count++
 	}
 	initEvents := []*watchCacheEvent{
-		{Object: &api.Pod{}},
-		{Object: &api.Pod{}},
+		{Object: &v1.Pod{}},
+		{Object: &v1.Pod{}},
 	}
 	// set the size of the buffer of w.result to 0, so that the writes to
 	// w.result is blocked.
-	w := newCacheWatcher(api.Scheme, 0, 0, initEvents, filter, forget)
+	w := newCacheWatcher(scheme.Scheme, 0, 0, initEvents, filter, forget)
 	w.Stop()
 	if err := wait.PollImmediate(1*time.Second, 5*time.Second, func() (bool, error) {
 		lock.RLock()

staging/src/k8s.io/apiserver/pkg/storage/watch_cache_test.go

@@ -30,13 +30,13 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/wait"
 	"k8s.io/apimachinery/pkg/watch"
-	"k8s.io/client-go/pkg/api"
+	"k8s.io/client-go/pkg/api/v1"
 	"k8s.io/client-go/tools/cache"
 	"k8s.io/client-go/util/clock"
 )
 
-func makeTestPod(name string, resourceVersion uint64) *api.Pod {
-	return &api.Pod{
+func makeTestPod(name string, resourceVersion uint64) *v1.Pod {
+	return &v1.Pod{
 		ObjectMeta: metav1.ObjectMeta{
 			Namespace:       "ns",
 			Name:            name,
@@ -99,7 +99,7 @@ func TestWatchCacheBasic(t *testing.T) {
 	{
 		podNames := sets.String{}
 		for _, item := range store.List() {
-			podNames.Insert(item.(*storeElement).Object.(*api.Pod).ObjectMeta.Name)
+			podNames.Insert(item.(*storeElement).Object.(*v1.Pod).ObjectMeta.Name)
 		}
 		if !podNames.HasAll("pod1", "pod2", "pod3") {
 			t.Errorf("missing pods, found %v", podNames)
@@ -117,7 +117,7 @@ func TestWatchCacheBasic(t *testing.T) {
 	{
 		podNames := sets.String{}
 		for _, item := range store.List() {
-			podNames.Insert(item.(*storeElement).Object.(*api.Pod).ObjectMeta.Name)
+			podNames.Insert(item.(*storeElement).Object.(*v1.Pod).ObjectMeta.Name)
 		}
 		if !podNames.HasAll("pod4", "pod5") {
 			t.Errorf("missing pods, found %v", podNames)
@@ -349,10 +349,10 @@ func TestReflectorForWatchCache(t *testing.T) {
 			return fw, nil
 		},
 		ListFunc: func(options metav1.ListOptions) (runtime.Object, error) {
-			return &api.PodList{ListMeta: metav1.ListMeta{ResourceVersion: "10"}}, nil
+			return &v1.PodList{ListMeta: metav1.ListMeta{ResourceVersion: "10"}}, nil
 		},
 	}
-	r := cache.NewReflector(lw, &api.Pod{}, store, 0)
+	r := cache.NewReflector(lw, &v1.Pod{}, store, 0)
 	r.ListAndWatch(wait.NeverStop)
 
 	{

staging/src/k8s.io/apiserver/pkg/util/webhook/BUILD

@@ -34,8 +34,9 @@ go_test(
     tags = ["automanaged"],
     deps = [
         "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
-        "//vendor/k8s.io/client-go/pkg/api:go_default_library",
+        "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library",
         "//vendor/k8s.io/client-go/rest:go_default_library",
         "//vendor/k8s.io/client-go/tools/clientcmd/api/v1:go_default_library",
     ],

staging/src/k8s.io/apiserver/pkg/util/webhook/webhook_test.go

@@ -32,8 +32,9 @@ import (
 	"time"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/apimachinery/registered"
 	"k8s.io/apimachinery/pkg/runtime/schema"
-	"k8s.io/client-go/pkg/api"
+	"k8s.io/client-go/kubernetes/scheme"
 	"k8s.io/client-go/rest"
 	"k8s.io/client-go/tools/clientcmd/api/v1"
 )
@@ -73,7 +74,8 @@ var (
 func TestDisabledGroupVersion(t *testing.T) {
 	gv := schema.GroupVersion{Group: "webhook.util.k8s.io", Version: "v1"}
 	gvs := []schema.GroupVersion{gv}
-	_, err := NewGenericWebhook(api.Registry, api.Codecs, "/some/path", gvs, retryBackoff)
+	registry := registered.NewOrDie(gv.String())
+	_, err := NewGenericWebhook(registry, scheme.Codecs, "/some/path", gvs, retryBackoff)
 
 	if err == nil {
 		t.Errorf("expected an error")
@@ -270,7 +272,7 @@ func TestKubeConfigFile(t *testing.T) {
 			if err == nil {
 				defer os.Remove(kubeConfigFile)
 
-				_, err = NewGenericWebhook(api.Registry, api.Codecs, kubeConfigFile, groupVersions, retryBackoff)
+				_, err = NewGenericWebhook(registered.NewOrDie(""), scheme.Codecs, kubeConfigFile, groupVersions, retryBackoff)
 			}
 
 			return err
@@ -293,7 +295,7 @@ func TestKubeConfigFile(t *testing.T) {
 // TestMissingKubeConfigFile ensures that a kube config path to a missing file is handled properly
 func TestMissingKubeConfigFile(t *testing.T) {
 	kubeConfigPath := "/some/missing/path"
-	_, err := NewGenericWebhook(api.Registry, api.Codecs, kubeConfigPath, groupVersions, retryBackoff)
+	_, err := NewGenericWebhook(registered.NewOrDie(""), scheme.Codecs, kubeConfigPath, groupVersions, retryBackoff)
 
 	if err == nil {
 		t.Errorf("creating the webhook should had failed")
@@ -405,7 +407,7 @@ func TestTLSConfig(t *testing.T) {
 
 			defer os.Remove(configFile)
 
-			wh, err := NewGenericWebhook(api.Registry, api.Codecs, configFile, groupVersions, retryBackoff)
+			wh, err := NewGenericWebhook(registered.NewOrDie(""), scheme.Codecs, configFile, groupVersions, retryBackoff)
 
 			if err == nil {
 				err = wh.RestClient.Get().Do().Error()
@@ -497,7 +499,7 @@ func TestWithExponentialBackoff(t *testing.T) {
 
 	defer os.Remove(configFile)
 
-	wh, err := NewGenericWebhook(api.Registry, api.Codecs, configFile, groupVersions, retryBackoff)
+	wh, err := NewGenericWebhook(registered.NewOrDie(""), scheme.Codecs, configFile, groupVersions, retryBackoff)
 
 	if err != nil {
 		t.Fatalf("failed to create the webhook: %v", err)

staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/BUILD

@@ -29,14 +29,14 @@ go_library(
     srcs = ["webhook.go"],
     tags = ["automanaged"],
     deps = [
+        "//vendor/k8s.io/apimachinery/pkg/apimachinery/registered:go_default_library",
         "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/authentication/authenticator:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/util/cache:go_default_library",
         "//vendor/k8s.io/apiserver/pkg/util/webhook:go_default_library",
+        "//vendor/k8s.io/client-go/kubernetes/scheme:go_default_library",
         "//vendor/k8s.io/client-go/kubernetes/typed/authentication/v1beta1:go_default_library",
-        "//vendor/k8s.io/client-go/pkg/api:go_default_library",
-        "//vendor/k8s.io/client-go/pkg/apis/authentication/install:go_default_library",
         "//vendor/k8s.io/client-go/pkg/apis/authentication/v1beta1:go_default_library",
     ],
 )