Add glide.yaml and vendor deps

vendor/k8s.io/kubernetes/pkg/apis/abac/BUILD

@@ -0,0 +1,26 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "register.go",
+        "types.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/meta/v1:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/runtime/schema:go_default_library",
+        "//pkg/runtime/serializer:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/apis/abac/OWNERS

@@ -0,0 +1,7 @@
+reviewers:
+- lavalamp
+- smarterclayton
+- deads2k
+- liggitt
+- mbohlool
+- david-mcmahon

vendor/k8s.io/kubernetes/pkg/apis/abac/latest/BUILD

@@ -0,0 +1,22 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["latest.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/abac:go_default_library",
+        "//pkg/apis/abac/v0:go_default_library",
+        "//pkg/apis/abac/v1beta1:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/apis/abac/latest/latest.go

@@ -0,0 +1,26 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package latest
+
+import (
+	_ "k8s.io/kubernetes/pkg/apis/abac"
+	_ "k8s.io/kubernetes/pkg/apis/abac/v0"
+	_ "k8s.io/kubernetes/pkg/apis/abac/v1beta1"
+)
+
+// TODO: this file is totally wrong, it should look like other latest files.
+// lavalamp is in the middle of fixing this code, so wait for the new way of doing things..

vendor/k8s.io/kubernetes/pkg/apis/abac/register.go

@@ -0,0 +1,54 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package abac
+
+import (
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/runtime/schema"
+	"k8s.io/kubernetes/pkg/runtime/serializer"
+)
+
+// Group is the API group for abac
+const GroupName = "abac.authorization.kubernetes.io"
+
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
+
+// Scheme is the default instance of runtime.Scheme to which types in the abac API group are registered.
+// TODO: remove this, abac should not have its own scheme.
+var Scheme = runtime.NewScheme()
+
+// Codecs provides access to encoding and decoding for the scheme
+var Codecs = serializer.NewCodecFactory(Scheme)
+
+func init() {
+	// TODO: delete this, abac should not have its own scheme.
+	addKnownTypes(Scheme)
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&Policy{},
+	)
+	return nil
+}
+
+func (obj *Policy) GetObjectKind() schema.ObjectKind { return &obj.TypeMeta }

vendor/k8s.io/kubernetes/pkg/apis/abac/types.go

@@ -0,0 +1,73 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:openapi-gen=true
+package abac
+
+import (
+	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
+)
+
+// Policy contains a single ABAC policy rule
+type Policy struct {
+	metav1.TypeMeta
+
+	// Spec describes the policy rule
+	Spec PolicySpec
+}
+
+// PolicySpec contains the attributes for a policy rule
+type PolicySpec struct {
+
+	// User is the username this rule applies to.
+	// Either user or group is required to match the request.
+	// "*" matches all users.
+	User string
+
+	// Group is the group this rule applies to.
+	// Either user or group is required to match the request.
+	// "*" matches all groups.
+	Group string
+
+	// Readonly matches readonly requests when true, and all requests when false
+	Readonly bool
+
+	// APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests.
+	// "*" matches all API groups
+	APIGroup string
+
+	// Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests.
+	// "*" matches all resources
+	Resource string
+
+	// Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests.
+	// "*" matches all namespaces (including unnamespaced requests)
+	Namespace string
+
+	// NonResourcePath matches non-resource request paths.
+	// "*" matches all paths
+	// "/foo/*" matches all subpaths of foo
+	NonResourcePath string
+
+	// TODO: "expires" string in RFC3339 format.
+
+	// TODO: want a way to allow some users to restart containers of a pod but
+	// not delete or modify it.
+
+	// TODO: want a way to allow a controller to create a pod based only on a
+	// certain podTemplates.
+
+}

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/BUILD

@@ -0,0 +1,38 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "conversion.go",
+        "register.go",
+        "types.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/abac:go_default_library",
+        "//pkg/apis/meta/v1:go_default_library",
+        "//pkg/conversion:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/runtime/schema:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_xtest",
+    srcs = ["conversion_test.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/abac:go_default_library",
+        "//pkg/apis/abac/v0:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/conversion.go

@@ -0,0 +1,59 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v0
+
+import (
+	api "k8s.io/kubernetes/pkg/apis/abac"
+	"k8s.io/kubernetes/pkg/conversion"
+	"k8s.io/kubernetes/pkg/runtime"
+)
+
+func addConversionFuncs(scheme *runtime.Scheme) error {
+	return scheme.AddConversionFuncs(
+		func(in *Policy, out *api.Policy, s conversion.Scope) error {
+			// Begin by copying all fields
+			out.Spec.User = in.User
+			out.Spec.Group = in.Group
+			out.Spec.Namespace = in.Namespace
+			out.Spec.Resource = in.Resource
+			out.Spec.Readonly = in.Readonly
+
+			// In v0, unspecified user and group matches all subjects
+			if len(in.User) == 0 && len(in.Group) == 0 {
+				out.Spec.User = "*"
+			}
+
+			// In v0, leaving namespace empty matches all namespaces
+			if len(in.Namespace) == 0 {
+				out.Spec.Namespace = "*"
+			}
+			// In v0, leaving resource empty matches all resources
+			if len(in.Resource) == 0 {
+				out.Spec.Resource = "*"
+			}
+			// Any rule in v0 should match all API groups
+			out.Spec.APIGroup = "*"
+
+			// In v0, leaving namespace and resource blank allows non-resource paths
+			if len(in.Namespace) == 0 && len(in.Resource) == 0 {
+				out.Spec.NonResourcePath = "*"
+			}
+
+			return nil
+		},
+	)
+}

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/conversion_test.go

@@ -0,0 +1,77 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v0_test
+
+import (
+	"reflect"
+	"testing"
+
+	api "k8s.io/kubernetes/pkg/apis/abac"
+	"k8s.io/kubernetes/pkg/apis/abac/v0"
+)
+
+func TestConversion(t *testing.T) {
+	testcases := map[string]struct {
+		old      *v0.Policy
+		expected *api.Policy
+	}{
+		// a completely empty policy rule allows everything to all users
+		"empty": {
+			old:      &v0.Policy{},
+			expected: &api.Policy{Spec: api.PolicySpec{User: "*", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying a user is preserved
+		"user": {
+			old:      &v0.Policy{User: "bob"},
+			expected: &api.Policy{Spec: api.PolicySpec{User: "bob", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying a group is preserved (and no longer matches all users)
+		"group": {
+			old:      &v0.Policy{Group: "mygroup"},
+			expected: &api.Policy{Spec: api.PolicySpec{Group: "mygroup", Readonly: false, NonResourcePath: "*", Namespace: "*", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying a namespace removes the * match on non-resource path
+		"namespace": {
+			old:      &v0.Policy{Namespace: "myns"},
+			expected: &api.Policy{Spec: api.PolicySpec{User: "*", Readonly: false, NonResourcePath: "", Namespace: "myns", Resource: "*", APIGroup: "*"}},
+		},
+
+		// specifying a resource removes the * match on non-resource path
+		"resource": {
+			old:      &v0.Policy{Resource: "myresource"},
+			expected: &api.Policy{Spec: api.PolicySpec{User: "*", Readonly: false, NonResourcePath: "", Namespace: "*", Resource: "myresource", APIGroup: "*"}},
+		},
+
+		// specifying a namespace+resource removes the * match on non-resource path
+		"namespace+resource": {
+			old:      &v0.Policy{Namespace: "myns", Resource: "myresource"},
+			expected: &api.Policy{Spec: api.PolicySpec{User: "*", Readonly: false, NonResourcePath: "", Namespace: "myns", Resource: "myresource", APIGroup: "*"}},
+		},
+	}
+	for k, tc := range testcases {
+		internal := &api.Policy{}
+		if err := api.Scheme.Convert(tc.old, internal, nil); err != nil {
+			t.Errorf("%s: unexpected error: %v", k, err)
+		}
+		if !reflect.DeepEqual(internal, tc.expected) {
+			t.Errorf("%s: expected\n\t%#v, got \n\t%#v", k, tc.expected, internal)
+		}
+	}
+}

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/register.go

@@ -0,0 +1,54 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v0
+
+import (
+	api "k8s.io/kubernetes/pkg/apis/abac"
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/runtime/schema"
+)
+
+const GroupName = "abac.authorization.kubernetes.io"
+
+// GroupVersion is the API group and version for abac v0
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v0"}
+
+func init() {
+	// TODO: Delete this init function, abac should not have its own scheme.
+	if err := addKnownTypes(api.Scheme); err != nil {
+		// Programmer error.
+		panic(err)
+	}
+	if err := addConversionFuncs(api.Scheme); err != nil {
+		// Programmer error.
+		panic(err)
+	}
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes, addConversionFuncs)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&Policy{},
+	)
+	return nil
+}
+
+func (obj *Policy) GetObjectKind() schema.ObjectKind { return &obj.TypeMeta }

vendor/k8s.io/kubernetes/pkg/apis/abac/v0/types.go

@@ -0,0 +1,53 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:openapi-gen=true
+package v0
+
+import (
+	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
+)
+
+// Policy contains a single ABAC policy rule
+type Policy struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// User is the username this rule applies to.
+	// Either user or group is required to match the request.
+	// "*" matches all users.
+	// +optional
+	User string `json:"user,omitempty"`
+
+	// Group is the group this rule applies to.
+	// Either user or group is required to match the request.
+	// "*" matches all groups.
+	// +optional
+	Group string `json:"group,omitempty"`
+
+	// Readonly matches readonly requests when true, and all requests when false
+	// +optional
+	Readonly bool `json:"readonly,omitempty"`
+
+	// Resource is the name of a resource
+	// "*" matches all resources
+	// +optional
+	Resource string `json:"resource,omitempty"`
+
+	// Namespace is the name of a namespace
+	// "*" matches all namespaces (including unnamespaced requests)
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+}

vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/BUILD

@@ -0,0 +1,26 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "register.go",
+        "types.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/apis/abac:go_default_library",
+        "//pkg/apis/meta/v1:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/runtime/schema:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/register.go

@@ -0,0 +1,50 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	api "k8s.io/kubernetes/pkg/apis/abac"
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/runtime/schema"
+)
+
+const GroupName = "abac.authorization.kubernetes.io"
+
+// SchemeGroupVersion is the API group and version for abac v1beta1
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"}
+
+func init() {
+	// TODO: delete this, abac should not have its own scheme.
+	if err := addKnownTypes(api.Scheme); err != nil {
+		// Programmer error.
+		panic(err)
+	}
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&Policy{},
+	)
+	return nil
+}
+
+func (obj *Policy) GetObjectKind() schema.ObjectKind { return &obj.TypeMeta }

vendor/k8s.io/kubernetes/pkg/apis/abac/v1beta1/types.go

@@ -0,0 +1,70 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:openapi-gen=true
+package v1beta1
+
+import (
+	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
+)
+
+// Policy contains a single ABAC policy rule
+type Policy struct {
+	metav1.TypeMeta `json:",inline"`
+
+	// Spec describes the policy rule
+	Spec PolicySpec `json:"spec"`
+}
+
+// PolicySpec contains the attributes for a policy rule
+type PolicySpec struct {
+	// User is the username this rule applies to.
+	// Either user or group is required to match the request.
+	// "*" matches all users.
+	// +optional
+	User string `json:"user,omitempty"`
+
+	// Group is the group this rule applies to.
+	// Either user or group is required to match the request.
+	// "*" matches all groups.
+	// +optional
+	Group string `json:"group,omitempty"`
+
+	// Readonly matches readonly requests when true, and all requests when false
+	// +optional
+	Readonly bool `json:"readonly,omitempty"`
+
+	// APIGroup is the name of an API group. APIGroup, Resource, and Namespace are required to match resource requests.
+	// "*" matches all API groups
+	// +optional
+	APIGroup string `json:"apiGroup,omitempty"`
+
+	// Resource is the name of a resource. APIGroup, Resource, and Namespace are required to match resource requests.
+	// "*" matches all resources
+	// +optional
+	Resource string `json:"resource,omitempty"`
+
+	// Namespace is the name of a namespace. APIGroup, Resource, and Namespace are required to match resource requests.
+	// "*" matches all namespaces (including unnamespaced requests)
+	// +optional
+	Namespace string `json:"namespace,omitempty"`
+
+	// NonResourcePath matches non-resource request paths.
+	// "*" matches all paths
+	// "/foo/*" matches all subpaths of foo
+	// +optional
+	NonResourcePath string `json:"nonResourcePath,omitempty"`
+}