Add glide.yaml and vendor deps

2016-12-03 22:43:32 -08:00 · 2016-12-03 22:43:32 -08:00 · 5b3d5e81bd
commit 5b3d5e81bd
parent db918f12ad
18880 changed files with 5166045 additions and 1 deletions
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/BUILD
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/BUILD
@ -0,0 +1,55 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "bootstrap.go",
+        "csr.go",
+        "discovery.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
+        "//cmd/kubeadm/app/util:go_default_library",
+        "//pkg/apis/certificates:go_default_library",
+        "//pkg/client/clientset_generated/release_1_5:go_default_library",
+        "//pkg/client/clientset_generated/release_1_5/typed/certificates/v1alpha1:go_default_library",
+        "//pkg/client/unversioned/clientcmd:go_default_library",
+        "//pkg/client/unversioned/clientcmd/api:go_default_library",
+        "//pkg/kubelet/util/csr:go_default_library",
+        "//pkg/types:go_default_library",
+        "//pkg/util/cert:go_default_library",
+        "//pkg/util/wait:go_default_library",
+        "//vendor:github.com/square/go-jose",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "bootstrap_test.go",
+        "csr_test.go",
+        "discovery_test.go",
+    ],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//cmd/kubeadm/app/apis/kubeadm:go_default_library",
+        "//pkg/apis/meta/v1:go_default_library",
+        "//pkg/client/clientset_generated/release_1_5:go_default_library",
+        "//pkg/client/clientset_generated/release_1_5/typed/certificates/v1alpha1:go_default_library",
+        "//pkg/client/restclient:go_default_library",
+        "//pkg/client/typed/discovery:go_default_library",
+        "//pkg/version:go_default_library",
+    ],
+)
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/bootstrap.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/bootstrap.go
@ -0,0 +1,148 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package node
+
+import (
+	"fmt"
+	"os"
+	"sync"
+	"time"
+
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	clientset "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_5"
+	certclient "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_5/typed/certificates/v1alpha1"
+	"k8s.io/kubernetes/pkg/client/unversioned/clientcmd"
+	"k8s.io/kubernetes/pkg/types"
+	"k8s.io/kubernetes/pkg/util/wait"
+)
+
+// ConnectionDetails represents a master API endpoint connection
+type ConnectionDetails struct {
+	CertClient *certclient.CertificatesV1alpha1Client
+	Endpoint   string
+	CACert     []byte
+	NodeName   types.NodeName
+}
+
+// retryTimeout between the subsequent attempts to connect
+// to an API endpoint
+const retryTimeout = 5
+
+// EstablishMasterConnection establishes a connection with exactly one of the provided API endpoints.
+// The function builds a client for every endpoint and concurrently keeps trying to connect to any one
+// of the provided endpoints. Blocks until at least one connection is established, then it stops the
+// connection attempts for other endpoints.
+func EstablishMasterConnection(s *kubeadmapi.NodeConfiguration, clusterInfo *kubeadmapi.ClusterInfo) (*ConnectionDetails, error) {
+	hostName, err := os.Hostname()
+	if err != nil {
+		return nil, fmt.Errorf("<node/bootstrap> failed to get node hostname [%v]", err)
+	}
+	// TODO(phase1+) https://github.com/kubernetes/kubernetes/issues/33641
+	nodeName := types.NodeName(hostName)
+
+	endpoints := clusterInfo.Endpoints
+	caCert := []byte(clusterInfo.CertificateAuthorities[0])
+
+	stopChan := make(chan struct{})
+	result := make(chan *ConnectionDetails)
+	var wg sync.WaitGroup
+	for _, endpoint := range endpoints {
+		clientSet, err := createClients(caCert, endpoint, s.Secrets.BearerToken, nodeName)
+		if err != nil {
+			fmt.Printf("<node/bootstrap> warning: %s. Skipping endpoint %s\n", err, endpoint)
+			continue
+		}
+		wg.Add(1)
+		go func(apiEndpoint string) {
+			defer wg.Done()
+			wait.Until(func() {
+				fmt.Printf("<node/bootstrap> trying to connect to endpoint %s\n", apiEndpoint)
+				err := checkAPIEndpoint(clientSet, apiEndpoint)
+				if err != nil {
+					fmt.Printf("<node/bootstrap> endpoint check failed [%v]\n", err)
+					return
+				}
+				fmt.Printf("<node/bootstrap> successfully established connection with endpoint %s\n", apiEndpoint)
+				// connection established, stop all wait threads
+				close(stopChan)
+				result <- &ConnectionDetails{
+					CertClient: clientSet.CertificatesV1alpha1Client,
+					Endpoint:   apiEndpoint,
+					CACert:     caCert,
+					NodeName:   nodeName,
+				}
+			}, retryTimeout*time.Second, stopChan)
+		}(endpoint)
+	}
+
+	go func() {
+		wg.Wait()
+		// all wait.Until() calls have finished now
+		close(result)
+	}()
+
+	establishedConnection, ok := <-result
+	if !ok {
+		return nil, fmt.Errorf("<node/bootstrap> failed to create bootstrap clients " +
+			"for any of the provided API endpoints")
+	}
+	return establishedConnection, nil
+}
+
+// creates a set of clients for this endpoint
+func createClients(caCert []byte, endpoint, token string, nodeName types.NodeName) (*clientset.Clientset, error) {
+	bareClientConfig := kubeadmutil.CreateBasicClientConfig("kubernetes", endpoint, caCert)
+	bootstrapClientConfig, err := clientcmd.NewDefaultClientConfig(
+		*kubeadmutil.MakeClientConfigWithToken(
+			bareClientConfig, "kubernetes", fmt.Sprintf("kubelet-%s", nodeName), token,
+		),
+		&clientcmd.ConfigOverrides{},
+	).ClientConfig()
+	if err != nil {
+		return nil, fmt.Errorf("failed to create API client configuration [%v]", err)
+	}
+	clientSet, err := clientset.NewForConfig(bootstrapClientConfig)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create clients for the API endpoint %s [%v]", endpoint, err)
+	}
+	return clientSet, nil
+}
+
+// checks the connection requirements for a specific API endpoint
+func checkAPIEndpoint(clientSet *clientset.Clientset, endpoint string) error {
+	// check general connectivity
+	version, err := clientSet.DiscoveryClient.ServerVersion()
+	if err != nil {
+		return fmt.Errorf("failed to connect to %s [%v]", endpoint, err)
+	}
+	fmt.Printf("<node/bootstrap> detected server version %s\n", version.String())
+
+	// check certificates API
+	serverGroups, err := clientSet.DiscoveryClient.ServerGroups()
+	if err != nil {
+		return fmt.Errorf("certificate API check failed: failed to retrieve a list of supported API objects [%v]", err)
+	}
+	for _, group := range serverGroups.Groups {
+		if group.Name == certificates.GroupName {
+			return nil
+		}
+	}
+	return fmt.Errorf("certificate API check failed: API version %s does not support certificates API, use v1.4.0 or newer",
+		version.String())
+}
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/bootstrap_test.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/bootstrap_test.go
@ -0,0 +1,262 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package node
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
+	clientset "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_5"
+	"k8s.io/kubernetes/pkg/client/restclient"
+	"k8s.io/kubernetes/pkg/client/typed/discovery"
+	"k8s.io/kubernetes/pkg/version"
+)
+
+func TestEstablishMasterConnection(t *testing.T) {
+	expect := version.Info{
+		Major:     "foo",
+		Minor:     "bar",
+		GitCommit: "baz",
+	}
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		var obj interface{}
+		switch req.URL.Path {
+		case "/api":
+			obj = &metav1.APIVersions{
+				Versions: []string{
+					"v1.4",
+				},
+			}
+			output, err := json.Marshal(obj)
+			if err != nil {
+				t.Fatalf("unexpected encoding error: %v", err)
+				return
+			}
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusOK)
+			w.Write(output)
+		case "/apis":
+			obj = &metav1.APIGroupList{
+				Groups: []metav1.APIGroup{
+					{
+						Name: "certificates.k8s.io",
+						Versions: []metav1.GroupVersionForDiscovery{
+							{GroupVersion: "extensions/v1beta1"},
+						},
+					},
+				},
+			}
+			output, err := json.Marshal(obj)
+			if err != nil {
+				t.Fatalf("unexpected encoding error: %v", err)
+				return
+			}
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusOK)
+			w.Write(output)
+		default:
+			output, err := json.Marshal(expect)
+			if err != nil {
+				t.Errorf("unexpected encoding error: %v", err)
+				return
+			}
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusOK)
+			w.Write(output)
+		}
+	}))
+	defer srv.Close()
+
+	tests := []struct {
+		c      string
+		e      string
+		expect bool
+	}{
+		{
+			c:      "",
+			e:      "",
+			expect: false,
+		},
+		{
+			c:      "",
+			e:      srv.URL,
+			expect: true,
+		},
+		{
+			c:      "foo",
+			e:      srv.URL,
+			expect: true,
+		},
+	}
+	for _, rt := range tests {
+		s := &kubeadmapi.NodeConfiguration{}
+		c := &kubeadmapi.ClusterInfo{Endpoints: []string{rt.e}, CertificateAuthorities: []string{rt.c}}
+		_, actual := EstablishMasterConnection(s, c)
+		if (actual == nil) != rt.expect {
+			t.Errorf(
+				"failed EstablishMasterConnection:\n\texpected: %t\n\t  actual: %t",
+				rt.expect,
+				(actual == nil),
+			)
+		}
+	}
+}
+
+func TestCreateClients(t *testing.T) {
+	tests := []struct {
+		e      string
+		expect bool
+	}{
+		{
+			e:      "",
+			expect: false,
+		},
+		{
+			e:      "foo",
+			expect: true,
+		},
+	}
+	for _, rt := range tests {
+		_, actual := createClients(nil, rt.e, "", "")
+		if (actual == nil) != rt.expect {
+			t.Errorf(
+				"failed createClients:\n\texpected: %t\n\t  actual: %t",
+				rt.expect,
+				(actual == nil),
+			)
+		}
+	}
+}
+
+func TestCheckAPIEndpoint(t *testing.T) {
+	expect := version.Info{
+		Major:     "foo",
+		Minor:     "bar",
+		GitCommit: "baz",
+	}
+	tests := []struct {
+		s      *httptest.Server
+		expect bool
+	}{
+		{
+			s:      httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {})),
+			expect: false,
+		},
+		{
+			s: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+				var obj interface{}
+				switch req.URL.Path {
+				case "/api":
+					obj = &metav1.APIVersions{
+						Versions: []string{
+							"v1.4",
+						},
+					}
+					output, err := json.Marshal(obj)
+					if err != nil {
+						t.Fatalf("unexpected encoding error: %v", err)
+						return
+					}
+					w.Header().Set("Content-Type", "application/json")
+					w.WriteHeader(http.StatusOK)
+					w.Write(output)
+				default:
+					output, err := json.Marshal(expect)
+					if err != nil {
+						t.Errorf("unexpected encoding error: %v", err)
+						return
+					}
+					w.Header().Set("Content-Type", "application/json")
+					w.WriteHeader(http.StatusOK)
+					w.Write(output)
+				}
+			})),
+			expect: false,
+		},
+		{
+			s: httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+				var obj interface{}
+				switch req.URL.Path {
+				case "/api":
+					obj = &metav1.APIVersions{
+						Versions: []string{
+							"v1.4",
+						},
+					}
+					output, err := json.Marshal(obj)
+					if err != nil {
+						t.Fatalf("unexpected encoding error: %v", err)
+						return
+					}
+					w.Header().Set("Content-Type", "application/json")
+					w.WriteHeader(http.StatusOK)
+					w.Write(output)
+				case "/apis":
+					obj = &metav1.APIGroupList{
+						Groups: []metav1.APIGroup{
+							{
+								Name: "certificates.k8s.io",
+								Versions: []metav1.GroupVersionForDiscovery{
+									{GroupVersion: "extensions/v1beta1"},
+								},
+							},
+						},
+					}
+					output, err := json.Marshal(obj)
+					if err != nil {
+						t.Fatalf("unexpected encoding error: %v", err)
+						return
+					}
+					w.Header().Set("Content-Type", "application/json")
+					w.WriteHeader(http.StatusOK)
+					w.Write(output)
+				default:
+					output, err := json.Marshal(expect)
+					if err != nil {
+						t.Errorf("unexpected encoding error: %v", err)
+						return
+					}
+					w.Header().Set("Content-Type", "application/json")
+					w.WriteHeader(http.StatusOK)
+					w.Write(output)
+				}
+			})),
+			expect: true,
+		},
+	}
+	for _, rt := range tests {
+		defer rt.s.Close()
+		rc := &restclient.Config{Host: rt.s.URL}
+		c, err := discovery.NewDiscoveryClientForConfig(rc)
+		if err != nil {
+			t.Fatalf("encountered an error while trying to get New Discovery Client: %v", err)
+		}
+		cs := &clientset.Clientset{DiscoveryClient: c}
+		actual := checkAPIEndpoint(cs, "")
+		if (actual == nil) != rt.expect {
+			t.Errorf(
+				"failed runChecks:\n\texpected: %t\n\t  actual: %t",
+				rt.expect,
+				(actual == nil),
+			)
+		}
+	}
+}
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/csr.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/csr.go
@ -0,0 +1,57 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package node
+
+import (
+	"fmt"
+
+	kubeadmutil "k8s.io/kubernetes/cmd/kubeadm/app/util"
+	clientcmdapi "k8s.io/kubernetes/pkg/client/unversioned/clientcmd/api"
+	"k8s.io/kubernetes/pkg/kubelet/util/csr"
+	certutil "k8s.io/kubernetes/pkg/util/cert"
+)
+
+// PerformTLSBootstrap executes a certificate signing request with the
+// provided connection details.
+func PerformTLSBootstrap(connection *ConnectionDetails) (*clientcmdapi.Config, error) {
+	csrClient := connection.CertClient.CertificateSigningRequests()
+
+	fmt.Println("<node/csr> created API client to obtain unique certificate for this node, generating keys and certificate signing request")
+
+	key, err := certutil.MakeEllipticPrivateKeyPEM()
+	if err != nil {
+		return nil, fmt.Errorf("<node/csr> failed to generating private key [%v]", err)
+	}
+	cert, err := csr.RequestNodeCertificate(csrClient, key, connection.NodeName)
+	if err != nil {
+		return nil, fmt.Errorf("<node/csr> failed to request signed certificate from the API server [%v]", err)
+	}
+	fmtCert, err := certutil.FormatBytesCert(cert)
+	if err != nil {
+		return nil, fmt.Errorf("<node/csr> failed to format certificate [%v]", err)
+	}
+	fmt.Printf("<node/csr> received signed certificate from the API server:\n%s\n", fmtCert)
+	fmt.Println("<node/csr> generating kubelet configuration")
+
+	bareClientConfig := kubeadmutil.CreateBasicClientConfig("kubernetes", connection.Endpoint, connection.CACert)
+	finalConfig := kubeadmutil.MakeClientConfigWithCerts(
+		bareClientConfig, "kubernetes", fmt.Sprintf("kubelet-%s", connection.NodeName),
+		key, cert,
+	)
+
+	return finalConfig, nil
+}
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/csr_test.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/csr_test.go
@ -0,0 +1,79 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package node
+
+import (
+	"encoding/json"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	certclient "k8s.io/kubernetes/pkg/client/clientset_generated/release_1_5/typed/certificates/v1alpha1"
+	restclient "k8s.io/kubernetes/pkg/client/restclient"
+)
+
+func TestPerformTLSBootstrap(t *testing.T) {
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		switch req.URL.Path {
+		default:
+			output, err := json.Marshal(nil)
+			if err != nil {
+				t.Errorf("unexpected encoding error: %v", err)
+				return
+			}
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusOK)
+			w.Write(output)
+		}
+	}))
+	defer srv.Close()
+
+	tests := []struct {
+		h      string
+		expect bool
+	}{
+		{
+			h:      "",
+			expect: false,
+		},
+		{
+			h:      "localhost",
+			expect: false,
+		},
+		{
+			h:      srv.URL,
+			expect: false,
+		},
+	}
+	for _, rt := range tests {
+		cd := &ConnectionDetails{}
+		r := &restclient.Config{Host: rt.h}
+		tmpConfig, err := certclient.NewForConfig(r)
+		if err != nil {
+			t.Fatalf("encountered an error while trying to get New Cert Client: %v", err)
+		}
+		cd.CertClient = tmpConfig
+		_, actual := PerformTLSBootstrap(cd)
+		if (actual == nil) != rt.expect {
+			t.Errorf(
+				"failed createClients:\n\texpected: %t\n\t  actual: %t",
+				rt.expect,
+				(actual == nil),
+			)
+		}
+	}
+}
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/discovery.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/discovery.go
@ -0,0 +1,85 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package node
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io"
+	"net/http"
+	"time"
+
+	jose "github.com/square/go-jose"
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+	"k8s.io/kubernetes/pkg/util/wait"
+)
+
+// the amount of time to wait between each request to the discovery API
+const discoveryRetryTimeout = 5 * time.Second
+
+func RetrieveTrustedClusterInfo(s *kubeadmapi.NodeConfiguration) (*kubeadmapi.ClusterInfo, error) {
+	host, port := s.MasterAddresses[0], s.DiscoveryPort
+	requestURL := fmt.Sprintf("http://%s:%d/cluster-info/v1/?token-id=%s", host, port, s.Secrets.TokenID)
+	req, err := http.NewRequest("GET", requestURL, nil)
+	if err != nil {
+		return nil, fmt.Errorf("<node/discovery> failed to consturct an HTTP request [%v]", err)
+	}
+
+	fmt.Printf("<node/discovery> created cluster info discovery client, requesting info from %q\n", requestURL)
+
+	var res *http.Response
+	wait.PollInfinite(discoveryRetryTimeout, func() (bool, error) {
+		res, err = http.DefaultClient.Do(req)
+		if err != nil {
+			fmt.Printf("<node/discovery> failed to request cluster info, will try again: [%s]\n", err)
+			return false, nil
+		}
+		return true, nil
+	})
+
+	buf := new(bytes.Buffer)
+	io.Copy(buf, res.Body)
+	res.Body.Close()
+
+	object, err := jose.ParseSigned(buf.String())
+	if err != nil {
+		return nil, fmt.Errorf("<node/discovery> failed to parse response as JWS object [%v]", err)
+	}
+
+	fmt.Println("<node/discovery> cluster info object received, verifying signature using given token")
+
+	output, err := object.Verify(s.Secrets.Token)
+	if err != nil {
+		return nil, fmt.Errorf("<node/discovery> failed to verify JWS signature of received cluster info object [%v]", err)
+	}
+
+	clusterInfo := kubeadmapi.ClusterInfo{}
+
+	if err := json.Unmarshal(output, &clusterInfo); err != nil {
+		return nil, fmt.Errorf("<node/discovery> failed to decode received cluster info object [%v]", err)
+	}
+
+	if len(clusterInfo.CertificateAuthorities) == 0 || len(clusterInfo.Endpoints) == 0 {
+		return nil, fmt.Errorf("<node/discovery> cluster info object is invalid - no endpoint(s) and/or root CA certificate(s) found")
+	}
+
+	// TODO(phase1+) print summary info about the CA certificate, along with the the checksum signature
+	// we also need an ability for the user to configure the client to validate received CA cert against a checksum
+	fmt.Printf("<node/discovery> cluster info signature and contents are valid, will use API endpoints %v\n", clusterInfo.Endpoints)
+	return &clusterInfo, nil
+}
--- a/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/discovery_test.go
+++ b/vendor/k8s.io/kubernetes/cmd/kubeadm/app/node/discovery_test.go
@ -0,0 +1,99 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package node
+
+import (
+	"encoding/json"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"strconv"
+	"testing"
+
+	kubeadmapi "k8s.io/kubernetes/cmd/kubeadm/app/apis/kubeadm"
+)
+
+type rawJsonWebSignatureFake struct {
+	Payload    string `json:"payload,omitempty"`
+	Signatures string `json:"signatures,omitempty"`
+	Protected  string `json:"protected,omitempty"`
+	Header     string `json:"header,omitempty"`
+	Signature  string `json:"signature,omitempty"`
+}
+
+func TestRetrieveTrustedClusterInfo(t *testing.T) {
+	j := rawJsonWebSignatureFake{}
+	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		switch req.URL.Path {
+		default:
+			output, err := json.Marshal(j)
+			if err != nil {
+				t.Errorf("unexpected encoding error: %v", err)
+				return
+			}
+			w.Header().Set("Content-Type", "application/json")
+			w.WriteHeader(http.StatusOK)
+			w.Write(output)
+		}
+	}))
+	defer srv.Close()
+
+	pURL, err := url.Parse(srv.URL)
+	if err != nil {
+		t.Fatalf("encountered an error while trying to parse httptest server url: %v", err)
+	}
+	host, port, err := net.SplitHostPort(pURL.Host)
+	if err != nil {
+		t.Fatalf("encountered an error while trying to split host and port info from httptest server: %v", err)
+	}
+	iPort, err := strconv.Atoi(port)
+	if err != nil {
+		t.Fatalf("encountered an error while trying to convert string to int (httptest server port): %v", err)
+	}
+	tests := []struct {
+		h       string
+		p       int32
+		payload string
+		expect  bool
+	}{
+		{
+			h:       host,
+			p:       int32(iPort),
+			payload: "",
+			expect:  false,
+		},
+		{
+			h:       host,
+			p:       int32(iPort),
+			payload: "foo",
+			expect:  false,
+		},
+	}
+	for _, rt := range tests {
+		j.Payload = rt.payload
+		nc := &kubeadmapi.NodeConfiguration{MasterAddresses: []string{host}, DiscoveryPort: int32(iPort)}
+		_, actual := RetrieveTrustedClusterInfo(nc)
+		if (actual == nil) != rt.expect {
+			t.Errorf(
+				"failed createClients:\n\texpected: %t\n\t  actual: %t",
+				rt.expect,
+				(actual == nil),
+			)
+		}
+	}
+}