Add glide.yaml and vendor deps

vendor/k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/BUILD

@@ -0,0 +1,43 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "doc.go",
+        "strategy.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/apis/extensions:go_default_library",
+        "//pkg/apis/extensions/validation:go_default_library",
+        "//pkg/fields:go_default_library",
+        "//pkg/labels:go_default_library",
+        "//pkg/registry/generic:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/storage:go_default_library",
+        "//pkg/util/validation/field:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["strategy_test.go"],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/apis/extensions:go_default_library",
+        "//pkg/apis/meta/v1:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/doc.go

@@ -0,0 +1,17 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package networkpolicy // import "k8s.io/kubernetes/pkg/registry/extensions/networkpolicy"

vendor/k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/etcd/BUILD

@@ -0,0 +1,46 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["etcd.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/apis/extensions:go_default_library",
+        "//pkg/registry/cachesize:go_default_library",
+        "//pkg/registry/extensions/networkpolicy:go_default_library",
+        "//pkg/registry/generic:go_default_library",
+        "//pkg/registry/generic/registry:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/storage:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["etcd_test.go"],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/apis/extensions:go_default_library",
+        "//pkg/apis/meta/v1:go_default_library",
+        "//pkg/fields:go_default_library",
+        "//pkg/labels:go_default_library",
+        "//pkg/registry/generic:go_default_library",
+        "//pkg/registry/registrytest:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/storage/etcd/testing:go_default_library",
+        "//pkg/util/intstr:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/etcd/etcd.go

@@ -0,0 +1,87 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package etcd
+
+import (
+	"k8s.io/kubernetes/pkg/api"
+	extensionsapi "k8s.io/kubernetes/pkg/apis/extensions"
+	"k8s.io/kubernetes/pkg/registry/cachesize"
+	"k8s.io/kubernetes/pkg/registry/extensions/networkpolicy"
+	"k8s.io/kubernetes/pkg/registry/generic"
+	genericregistry "k8s.io/kubernetes/pkg/registry/generic/registry"
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/storage"
+)
+
+// rest implements a RESTStorage for network policies against etcd
+type REST struct {
+	*genericregistry.Store
+}
+
+// NewREST returns a RESTStorage object that will work against network policies.
+func NewREST(opts generic.RESTOptions) *REST {
+	prefix := "/" + opts.ResourcePrefix
+
+	newListFunc := func() runtime.Object { return &extensionsapi.NetworkPolicyList{} }
+	storageInterface, dFunc := opts.Decorator(
+		opts.StorageConfig,
+		cachesize.GetWatchCacheSizeByResource(cachesize.NetworkPolicys),
+		&extensionsapi.NetworkPolicy{},
+		prefix,
+		networkpolicy.Strategy,
+		newListFunc,
+		networkpolicy.GetAttrs,
+		storage.NoTriggerPublisher,
+	)
+
+	store := &genericregistry.Store{
+		NewFunc: func() runtime.Object { return &extensionsapi.NetworkPolicy{} },
+
+		// NewListFunc returns an object capable of storing results of an etcd list.
+		NewListFunc: newListFunc,
+		// Produces a NetworkPolicy that etcd understands, to the root of the resource
+		// by combining the namespace in the context with the given prefix
+		KeyRootFunc: func(ctx api.Context) string {
+			return genericregistry.NamespaceKeyRootFunc(ctx, prefix)
+		},
+		// Produces a NetworkPolicy that etcd understands, to the resource by combining
+		// the namespace in the context with the given prefix
+		KeyFunc: func(ctx api.Context, name string) (string, error) {
+			return genericregistry.NamespaceKeyFunc(ctx, prefix, name)
+		},
+		// Retrieve the name field of a network policy
+		ObjectNameFunc: func(obj runtime.Object) (string, error) {
+			return obj.(*extensionsapi.NetworkPolicy).Name, nil
+		},
+		// Used to match objects based on labels/fields for list and watch
+		PredicateFunc:           networkpolicy.MatchNetworkPolicy,
+		QualifiedResource:       extensionsapi.Resource("networkpolicies"),
+		EnableGarbageCollection: opts.EnableGarbageCollection,
+		DeleteCollectionWorkers: opts.DeleteCollectionWorkers,
+
+		// Used to validate controller creation
+		CreateStrategy: networkpolicy.Strategy,
+
+		// Used to validate controller updates
+		UpdateStrategy: networkpolicy.Strategy,
+		DeleteStrategy: networkpolicy.Strategy,
+
+		Storage:     storageInterface,
+		DestroyFunc: dFunc,
+	}
+	return &REST{store}
+}

vendor/k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/etcd/etcd_test.go

@@ -0,0 +1,180 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package etcd
+
+import (
+	"testing"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/apis/extensions"
+	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
+	"k8s.io/kubernetes/pkg/fields"
+	"k8s.io/kubernetes/pkg/labels"
+	"k8s.io/kubernetes/pkg/registry/generic"
+	"k8s.io/kubernetes/pkg/registry/registrytest"
+	"k8s.io/kubernetes/pkg/runtime"
+	etcdtesting "k8s.io/kubernetes/pkg/storage/etcd/testing"
+	"k8s.io/kubernetes/pkg/util/intstr"
+)
+
+func newStorage(t *testing.T) (*REST, *etcdtesting.EtcdTestServer) {
+	etcdStorage, server := registrytest.NewEtcdStorage(t, "extensions")
+	restOptions := generic.RESTOptions{StorageConfig: etcdStorage, Decorator: generic.UndecoratedStorage, DeleteCollectionWorkers: 1}
+	return NewREST(restOptions), server
+}
+
+// createNetworkPolicy is a helper function that returns a NetworkPolicy with the updated resource version.
+func createNetworkPolicy(storage *REST, np extensions.NetworkPolicy, t *testing.T) (extensions.NetworkPolicy, error) {
+	ctx := api.WithNamespace(api.NewContext(), np.Namespace)
+	obj, err := storage.Create(ctx, &np)
+	if err != nil {
+		t.Errorf("Failed to create NetworkPolicy, %v", err)
+	}
+	newNP := obj.(*extensions.NetworkPolicy)
+	return *newNP, nil
+}
+
+func validNewNetworkPolicy() *extensions.NetworkPolicy {
+	port := intstr.FromInt(80)
+	return &extensions.NetworkPolicy{
+		ObjectMeta: api.ObjectMeta{
+			Name:      "foo",
+			Namespace: api.NamespaceDefault,
+			Labels:    map[string]string{"a": "b"},
+		},
+		Spec: extensions.NetworkPolicySpec{
+			PodSelector: metav1.LabelSelector{MatchLabels: map[string]string{"a": "b"}},
+			Ingress: []extensions.NetworkPolicyIngressRule{
+				{
+					From: []extensions.NetworkPolicyPeer{
+						{
+							PodSelector: &metav1.LabelSelector{MatchLabels: map[string]string{"c": "d"}},
+						},
+					},
+					Ports: []extensions.NetworkPolicyPort{
+						{
+							Port: &port,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+var validNetworkPolicy = *validNewNetworkPolicy()
+
+func TestCreate(t *testing.T) {
+	storage, server := newStorage(t)
+	defer server.Terminate(t)
+	defer storage.Store.DestroyFunc()
+	test := registrytest.New(t, storage.Store)
+	np := validNewNetworkPolicy()
+	np.ObjectMeta = api.ObjectMeta{}
+
+	invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
+	test.TestCreate(
+		// valid
+		np,
+		// invalid (invalid selector)
+		&extensions.NetworkPolicy{
+			Spec: extensions.NetworkPolicySpec{
+				PodSelector: metav1.LabelSelector{MatchLabels: invalidSelector},
+				Ingress:     []extensions.NetworkPolicyIngressRule{},
+			},
+		},
+	)
+}
+
+func TestUpdate(t *testing.T) {
+	storage, server := newStorage(t)
+	defer server.Terminate(t)
+	defer storage.Store.DestroyFunc()
+	test := registrytest.New(t, storage.Store)
+	test.TestUpdate(
+		// valid
+		validNewNetworkPolicy(),
+		// valid updateFunc
+		func(obj runtime.Object) runtime.Object {
+			object := obj.(*extensions.NetworkPolicy)
+			return object
+		},
+		// invalid updateFunc
+		func(obj runtime.Object) runtime.Object {
+			object := obj.(*extensions.NetworkPolicy)
+			object.Name = ""
+			return object
+		},
+		func(obj runtime.Object) runtime.Object {
+			object := obj.(*extensions.NetworkPolicy)
+			object.Spec.PodSelector = metav1.LabelSelector{MatchLabels: map[string]string{}}
+			return object
+		},
+	)
+}
+
+func TestDelete(t *testing.T) {
+	storage, server := newStorage(t)
+	defer server.Terminate(t)
+	defer storage.Store.DestroyFunc()
+	test := registrytest.New(t, storage.Store)
+	test.TestDelete(validNewNetworkPolicy())
+}
+
+func TestGet(t *testing.T) {
+	storage, server := newStorage(t)
+	defer server.Terminate(t)
+	defer storage.Store.DestroyFunc()
+	test := registrytest.New(t, storage.Store)
+	test.TestGet(validNewNetworkPolicy())
+}
+
+func TestList(t *testing.T) {
+	storage, server := newStorage(t)
+	defer server.Terminate(t)
+	defer storage.Store.DestroyFunc()
+	test := registrytest.New(t, storage.Store)
+	test.TestList(validNewNetworkPolicy())
+}
+
+func TestWatch(t *testing.T) {
+	storage, server := newStorage(t)
+	defer server.Terminate(t)
+	defer storage.Store.DestroyFunc()
+	test := registrytest.New(t, storage.Store)
+	test.TestWatch(
+		validNewNetworkPolicy(),
+		// matching labels
+		[]labels.Set{
+			{"a": "b"},
+		},
+		// not matching labels
+		[]labels.Set{
+			{"a": "c"},
+			{"foo": "bar"},
+		},
+		// matching fields
+		[]fields.Set{
+			{"metadata.name": "foo"},
+		},
+		// not matchin fields
+		[]fields.Set{
+			{"metadata.name": "bar"},
+			{"name": "foo"},
+		},
+	)
+}

vendor/k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/strategy.go

@@ -0,0 +1,116 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package networkpolicy
+
+import (
+	"fmt"
+	"reflect"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/apis/extensions"
+	"k8s.io/kubernetes/pkg/apis/extensions/validation"
+	"k8s.io/kubernetes/pkg/fields"
+	"k8s.io/kubernetes/pkg/labels"
+	"k8s.io/kubernetes/pkg/registry/generic"
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/storage"
+	"k8s.io/kubernetes/pkg/util/validation/field"
+)
+
+// networkPolicyStrategy implements verification logic for NetworkPolicys.
+type networkPolicyStrategy struct {
+	runtime.ObjectTyper
+	api.NameGenerator
+}
+
+// Strategy is the default logic that applies when creating and updating NetworkPolicy objects.
+var Strategy = networkPolicyStrategy{api.Scheme, api.SimpleNameGenerator}
+
+// NamespaceScoped returns true because all NetworkPolicys need to be within a namespace.
+func (networkPolicyStrategy) NamespaceScoped() bool {
+	return true
+}
+
+// PrepareForCreate clears the status of an NetworkPolicy before creation.
+func (networkPolicyStrategy) PrepareForCreate(ctx api.Context, obj runtime.Object) {
+	networkPolicy := obj.(*extensions.NetworkPolicy)
+	networkPolicy.Generation = 1
+}
+
+// PrepareForUpdate clears fields that are not allowed to be set by end users on update.
+func (networkPolicyStrategy) PrepareForUpdate(ctx api.Context, obj, old runtime.Object) {
+	newNetworkPolicy := obj.(*extensions.NetworkPolicy)
+	oldNetworkPolicy := old.(*extensions.NetworkPolicy)
+
+	// Any changes to the spec increment the generation number, any changes to the
+	// status should reflect the generation number of the corresponding object.
+	// See api.ObjectMeta description for more information on Generation.
+	if !reflect.DeepEqual(oldNetworkPolicy.Spec, newNetworkPolicy.Spec) {
+		newNetworkPolicy.Generation = oldNetworkPolicy.Generation + 1
+	}
+}
+
+// Validate validates a new NetworkPolicy.
+func (networkPolicyStrategy) Validate(ctx api.Context, obj runtime.Object) field.ErrorList {
+	networkPolicy := obj.(*extensions.NetworkPolicy)
+	return validation.ValidateNetworkPolicy(networkPolicy)
+}
+
+// Canonicalize normalizes the object after validation.
+func (networkPolicyStrategy) Canonicalize(obj runtime.Object) {
+}
+
+// AllowCreateOnUpdate is false for NetworkPolicy; this means you may not create one with a PUT request.
+func (networkPolicyStrategy) AllowCreateOnUpdate() bool {
+	return false
+}
+
+// ValidateUpdate is the default update validation for an end user.
+func (networkPolicyStrategy) ValidateUpdate(ctx api.Context, obj, old runtime.Object) field.ErrorList {
+	validationErrorList := validation.ValidateNetworkPolicy(obj.(*extensions.NetworkPolicy))
+	updateErrorList := validation.ValidateNetworkPolicyUpdate(obj.(*extensions.NetworkPolicy), old.(*extensions.NetworkPolicy))
+	return append(validationErrorList, updateErrorList...)
+}
+
+// AllowUnconditionalUpdate is the default update policy for NetworkPolicy objects.
+func (networkPolicyStrategy) AllowUnconditionalUpdate() bool {
+	return true
+}
+
+// NetworkPolicyToSelectableFields returns a field set that represents the object.
+func NetworkPolicyToSelectableFields(networkPolicy *extensions.NetworkPolicy) fields.Set {
+	return generic.ObjectMetaFieldsSet(&networkPolicy.ObjectMeta, true)
+}
+
+// GetAttrs returns labels and fields of a given object for filtering purposes.
+func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) {
+	networkPolicy, ok := obj.(*extensions.NetworkPolicy)
+	if !ok {
+		return nil, nil, fmt.Errorf("given object is not a NetworkPolicy.")
+	}
+	return labels.Set(networkPolicy.ObjectMeta.Labels), NetworkPolicyToSelectableFields(networkPolicy), nil
+}
+
+// MatchNetworkPolicy is the filter used by the generic etcd backend to watch events
+// from etcd to clients of the apiserver only interested in specific labels/fields.
+func MatchNetworkPolicy(label labels.Selector, field fields.Selector) storage.SelectionPredicate {
+	return storage.SelectionPredicate{
+		Label:    label,
+		Field:    field,
+		GetAttrs: GetAttrs,
+	}
+}

vendor/k8s.io/kubernetes/pkg/registry/extensions/networkpolicy/strategy_test.go

@@ -0,0 +1,62 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package networkpolicy
+
+import (
+	"testing"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/apis/extensions"
+	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
+)
+
+func TestNetworkPolicyStrategy(t *testing.T) {
+	ctx := api.NewDefaultContext()
+	if !Strategy.NamespaceScoped() {
+		t.Errorf("NetworkPolicy must be namespace scoped")
+	}
+	if Strategy.AllowCreateOnUpdate() {
+		t.Errorf("NetworkPolicy should not allow create on update")
+	}
+
+	validMatchLabels := map[string]string{"a": "b"}
+	np := &extensions.NetworkPolicy{
+		ObjectMeta: api.ObjectMeta{Name: "abc", Namespace: api.NamespaceDefault},
+		Spec: extensions.NetworkPolicySpec{
+			PodSelector: metav1.LabelSelector{MatchLabels: validMatchLabels},
+			Ingress:     []extensions.NetworkPolicyIngressRule{},
+		},
+	}
+
+	Strategy.PrepareForCreate(ctx, np)
+	errs := Strategy.Validate(ctx, np)
+	if len(errs) != 0 {
+		t.Errorf("Unexpected error validating %v", errs)
+	}
+
+	invalidNp := &extensions.NetworkPolicy{
+		ObjectMeta: api.ObjectMeta{Name: "bar", ResourceVersion: "4"},
+	}
+	Strategy.PrepareForUpdate(ctx, invalidNp, np)
+	errs = Strategy.ValidateUpdate(ctx, invalidNp, np)
+	if len(errs) == 0 {
+		t.Errorf("Expected a validation error")
+	}
+	if invalidNp.ResourceVersion != "4" {
+		t.Errorf("Incoming resource version on update should not be mutated")
+	}
+}