Add glide.yaml and vendor deps

vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/BUILD

@@ -0,0 +1,48 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "doc.go",
+        "registry.go",
+        "strategy.go",
+    ],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/api/rest:go_default_library",
+        "//pkg/apis/certificates:go_default_library",
+        "//pkg/apis/certificates/validation:go_default_library",
+        "//pkg/fields:go_default_library",
+        "//pkg/labels:go_default_library",
+        "//pkg/registry/generic:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/storage:go_default_library",
+        "//pkg/util/validation/field:go_default_library",
+        "//pkg/watch:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["strategy_test.go"],
+    library = "go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/apis/certificates:go_default_library",
+        "//pkg/auth/user:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/util/diff:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/doc.go

@@ -0,0 +1,19 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package certificates provides Registry interface and its RESTStorage
+// implementation for storing CertificateSigningRequest objects.
+package certificates // import "k8s.io/kubernetes/pkg/registry/certificates/certificates"

vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/etcd/BUILD

@@ -0,0 +1,30 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["etcd.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api:go_default_library",
+        "//pkg/api/rest:go_default_library",
+        "//pkg/apis/certificates:go_default_library",
+        "//pkg/fields:go_default_library",
+        "//pkg/labels:go_default_library",
+        "//pkg/registry/cachesize:go_default_library",
+        "//pkg/registry/certificates/certificates:go_default_library",
+        "//pkg/registry/generic:go_default_library",
+        "//pkg/registry/generic/registry:go_default_library",
+        "//pkg/runtime:go_default_library",
+        "//pkg/storage:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/etcd/etcd.go

@@ -0,0 +1,119 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package etcd
+
+import (
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/api/rest"
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	"k8s.io/kubernetes/pkg/fields"
+	"k8s.io/kubernetes/pkg/labels"
+	"k8s.io/kubernetes/pkg/registry/cachesize"
+	csrregistry "k8s.io/kubernetes/pkg/registry/certificates/certificates"
+	"k8s.io/kubernetes/pkg/registry/generic"
+	genericregistry "k8s.io/kubernetes/pkg/registry/generic/registry"
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/storage"
+)
+
+// REST implements a RESTStorage for CertificateSigningRequest against etcd
+type REST struct {
+	*genericregistry.Store
+}
+
+// NewREST returns a registry which will store CertificateSigningRequest in the given helper
+func NewREST(opts generic.RESTOptions) (*REST, *StatusREST, *ApprovalREST) {
+	prefix := "/" + opts.ResourcePrefix
+
+	newListFunc := func() runtime.Object { return &certificates.CertificateSigningRequestList{} }
+	storageInterface, dFunc := opts.Decorator(
+		opts.StorageConfig,
+		cachesize.GetWatchCacheSizeByResource(cachesize.CertificateSigningRequests),
+		&certificates.CertificateSigningRequest{},
+		prefix,
+		csrregistry.Strategy,
+		newListFunc,
+		csrregistry.GetAttrs,
+		storage.NoTriggerPublisher,
+	)
+
+	store := &genericregistry.Store{
+		NewFunc:     func() runtime.Object { return &certificates.CertificateSigningRequest{} },
+		NewListFunc: newListFunc,
+		KeyRootFunc: func(ctx api.Context) string {
+			return prefix
+		},
+		KeyFunc: func(ctx api.Context, id string) (string, error) {
+			return genericregistry.NoNamespaceKeyFunc(ctx, prefix, id)
+		},
+		ObjectNameFunc: func(obj runtime.Object) (string, error) {
+			return obj.(*certificates.CertificateSigningRequest).Name, nil
+		},
+		PredicateFunc: func(label labels.Selector, field fields.Selector) storage.SelectionPredicate {
+			return csrregistry.Matcher(label, field)
+		},
+		QualifiedResource:       certificates.Resource("certificatesigningrequests"),
+		EnableGarbageCollection: opts.EnableGarbageCollection,
+		DeleteCollectionWorkers: opts.DeleteCollectionWorkers,
+
+		CreateStrategy: csrregistry.Strategy,
+		UpdateStrategy: csrregistry.Strategy,
+		DeleteStrategy: csrregistry.Strategy,
+
+		Storage:     storageInterface,
+		DestroyFunc: dFunc,
+	}
+
+	// Subresources use the same store and creation strategy, which only
+	// allows empty subs. Updates to an existing subresource are handled by
+	// dedicated strategies.
+	statusStore := *store
+	statusStore.UpdateStrategy = csrregistry.StatusStrategy
+
+	approvalStore := *store
+	approvalStore.UpdateStrategy = csrregistry.ApprovalStrategy
+
+	return &REST{store}, &StatusREST{store: &statusStore}, &ApprovalREST{store: &approvalStore}
+}
+
+// StatusREST implements the REST endpoint for changing the status of a CSR.
+type StatusREST struct {
+	store *genericregistry.Store
+}
+
+func (r *StatusREST) New() runtime.Object {
+	return &certificates.CertificateSigningRequest{}
+}
+
+// Update alters the status subset of an object.
+func (r *StatusREST) Update(ctx api.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
+	return r.store.Update(ctx, name, objInfo)
+}
+
+// ApprovalREST implements the REST endpoint for changing the approval state of a CSR.
+type ApprovalREST struct {
+	store *genericregistry.Store
+}
+
+func (r *ApprovalREST) New() runtime.Object {
+	return &certificates.CertificateSigningRequest{}
+}
+
+// Update alters the approval subset of an object.
+func (r *ApprovalREST) Update(ctx api.Context, name string, objInfo rest.UpdatedObjectInfo) (runtime.Object, bool, error) {
+	return r.store.Update(ctx, name, objInfo)
+}

vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/registry.go

@@ -0,0 +1,81 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certificates
+
+import (
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/api/rest"
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	"k8s.io/kubernetes/pkg/watch"
+)
+
+// Registry is an interface for things that know how to store CSRs.
+type Registry interface {
+	ListCSRs(ctx api.Context, options *api.ListOptions) (*certificates.CertificateSigningRequestList, error)
+	CreateCSR(ctx api.Context, csr *certificates.CertificateSigningRequest) error
+	UpdateCSR(ctx api.Context, csr *certificates.CertificateSigningRequest) error
+	GetCSR(ctx api.Context, csrID string) (*certificates.CertificateSigningRequest, error)
+	DeleteCSR(ctx api.Context, csrID string) error
+	WatchCSRs(ctx api.Context, options *api.ListOptions) (watch.Interface, error)
+}
+
+// storage puts strong typing around storage calls
+type storage struct {
+	rest.StandardStorage
+}
+
+// NewRegistry returns a new Registry interface for the given Storage. Any mismatched
+// types will panic.
+func NewRegistry(s rest.StandardStorage) Registry {
+	return &storage{s}
+}
+
+func (s *storage) ListCSRs(ctx api.Context, options *api.ListOptions) (*certificates.CertificateSigningRequestList, error) {
+	obj, err := s.List(ctx, options)
+	if err != nil {
+		return nil, err
+	}
+
+	return obj.(*certificates.CertificateSigningRequestList), nil
+}
+
+func (s *storage) CreateCSR(ctx api.Context, csr *certificates.CertificateSigningRequest) error {
+	_, err := s.Create(ctx, csr)
+	return err
+}
+
+func (s *storage) UpdateCSR(ctx api.Context, csr *certificates.CertificateSigningRequest) error {
+	_, _, err := s.Update(ctx, csr.Name, rest.DefaultUpdatedObjectInfo(csr, api.Scheme))
+	return err
+}
+
+func (s *storage) WatchCSRs(ctx api.Context, options *api.ListOptions) (watch.Interface, error) {
+	return s.Watch(ctx, options)
+}
+
+func (s *storage) GetCSR(ctx api.Context, name string) (*certificates.CertificateSigningRequest, error) {
+	obj, err := s.Get(ctx, name)
+	if err != nil {
+		return nil, err
+	}
+	return obj.(*certificates.CertificateSigningRequest), nil
+}
+
+func (s *storage) DeleteCSR(ctx api.Context, name string) error {
+	_, err := s.Delete(ctx, name, nil)
+	return err
+}

vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy.go

@@ -0,0 +1,192 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certificates
+
+import (
+	"fmt"
+
+	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	"k8s.io/kubernetes/pkg/apis/certificates/validation"
+	"k8s.io/kubernetes/pkg/fields"
+	"k8s.io/kubernetes/pkg/labels"
+	"k8s.io/kubernetes/pkg/registry/generic"
+	"k8s.io/kubernetes/pkg/runtime"
+	apistorage "k8s.io/kubernetes/pkg/storage"
+	"k8s.io/kubernetes/pkg/util/validation/field"
+)
+
+// csrStrategy implements behavior for CSRs
+type csrStrategy struct {
+	runtime.ObjectTyper
+	api.NameGenerator
+}
+
+// csrStrategy is the default logic that applies when creating and updating
+// CSR objects.
+var Strategy = csrStrategy{api.Scheme, api.SimpleNameGenerator}
+
+// NamespaceScoped is true for CSRs.
+func (csrStrategy) NamespaceScoped() bool {
+	return false
+}
+
+// AllowCreateOnUpdate is false for CSRs.
+func (csrStrategy) AllowCreateOnUpdate() bool {
+	return false
+}
+
+// PrepareForCreate clears fields that are not allowed to be set by end users
+// on creation.
+func (csrStrategy) PrepareForCreate(ctx api.Context, obj runtime.Object) {
+	csr := obj.(*certificates.CertificateSigningRequest)
+
+	// Clear any user-specified info
+	csr.Spec.Username = ""
+	csr.Spec.UID = ""
+	csr.Spec.Groups = nil
+	// Inject user.Info from request context
+	if user, ok := api.UserFrom(ctx); ok {
+		csr.Spec.Username = user.GetName()
+		csr.Spec.UID = user.GetUID()
+		csr.Spec.Groups = user.GetGroups()
+	}
+
+	// Be explicit that users cannot create pre-approved certificate requests.
+	csr.Status = certificates.CertificateSigningRequestStatus{}
+	csr.Status.Conditions = []certificates.CertificateSigningRequestCondition{}
+}
+
+// PrepareForUpdate clears fields that are not allowed to be set by end users
+// on update. Certificate requests are immutable after creation except via subresources.
+func (csrStrategy) PrepareForUpdate(ctx api.Context, obj, old runtime.Object) {
+	newCSR := obj.(*certificates.CertificateSigningRequest)
+	oldCSR := old.(*certificates.CertificateSigningRequest)
+
+	newCSR.Spec = oldCSR.Spec
+	newCSR.Status = oldCSR.Status
+}
+
+// Validate validates a new CSR. Validation must check for a correct signature.
+func (csrStrategy) Validate(ctx api.Context, obj runtime.Object) field.ErrorList {
+	csr := obj.(*certificates.CertificateSigningRequest)
+	return validation.ValidateCertificateSigningRequest(csr)
+}
+
+// Canonicalize normalizes the object after validation (which includes a signature check).
+func (csrStrategy) Canonicalize(obj runtime.Object) {}
+
+// ValidateUpdate is the default update validation for an end user.
+func (csrStrategy) ValidateUpdate(ctx api.Context, obj, old runtime.Object) field.ErrorList {
+	oldCSR := old.(*certificates.CertificateSigningRequest)
+	newCSR := obj.(*certificates.CertificateSigningRequest)
+	return validation.ValidateCertificateSigningRequestUpdate(newCSR, oldCSR)
+}
+
+// If AllowUnconditionalUpdate() is true and the object specified by
+// the user does not have a resource version, then generic Update()
+// populates it with the latest version. Else, it checks that the
+// version specified by the user matches the version of latest etcd
+// object.
+func (csrStrategy) AllowUnconditionalUpdate() bool {
+	return true
+}
+
+func (s csrStrategy) Export(ctx api.Context, obj runtime.Object, exact bool) error {
+	csr, ok := obj.(*certificates.CertificateSigningRequest)
+	if !ok {
+		// unexpected programmer error
+		return fmt.Errorf("unexpected object: %v", obj)
+	}
+	s.PrepareForCreate(ctx, obj)
+	if exact {
+		return nil
+	}
+	// CSRs allow direct subresource edits, we clear them without exact so the CSR value can be reused.
+	csr.Status = certificates.CertificateSigningRequestStatus{}
+	return nil
+}
+
+// Storage strategy for the Status subresource
+type csrStatusStrategy struct {
+	csrStrategy
+}
+
+var StatusStrategy = csrStatusStrategy{Strategy}
+
+func (csrStatusStrategy) PrepareForUpdate(ctx api.Context, obj, old runtime.Object) {
+	newCSR := obj.(*certificates.CertificateSigningRequest)
+	oldCSR := old.(*certificates.CertificateSigningRequest)
+
+	// Updating the Status should only update the Status and not the spec
+	// or approval conditions. The intent is to separate the concerns of
+	// approval and certificate issuance.
+	newCSR.Spec = oldCSR.Spec
+	newCSR.Status.Conditions = oldCSR.Status.Conditions
+}
+
+func (csrStatusStrategy) ValidateUpdate(ctx api.Context, obj, old runtime.Object) field.ErrorList {
+	return validation.ValidateCertificateSigningRequestUpdate(obj.(*certificates.CertificateSigningRequest), old.(*certificates.CertificateSigningRequest))
+}
+
+// Canonicalize normalizes the object after validation.
+func (csrStatusStrategy) Canonicalize(obj runtime.Object) {
+}
+
+// Storage strategy for the Approval subresource
+type csrApprovalStrategy struct {
+	csrStrategy
+}
+
+var ApprovalStrategy = csrApprovalStrategy{Strategy}
+
+func (csrApprovalStrategy) PrepareForUpdate(ctx api.Context, obj, old runtime.Object) {
+	newCSR := obj.(*certificates.CertificateSigningRequest)
+	oldCSR := old.(*certificates.CertificateSigningRequest)
+
+	// Updating the approval should only update the conditions.
+	newCSR.Spec = oldCSR.Spec
+	oldCSR.Status.Conditions = newCSR.Status.Conditions
+	newCSR.Status = oldCSR.Status
+}
+
+func (csrApprovalStrategy) ValidateUpdate(ctx api.Context, obj, old runtime.Object) field.ErrorList {
+	return validation.ValidateCertificateSigningRequestUpdate(obj.(*certificates.CertificateSigningRequest), old.(*certificates.CertificateSigningRequest))
+}
+
+// GetAttrs returns labels and fields of a given object for filtering purposes.
+func GetAttrs(obj runtime.Object) (labels.Set, fields.Set, error) {
+	sa, ok := obj.(*certificates.CertificateSigningRequest)
+	if !ok {
+		return nil, nil, fmt.Errorf("not a CertificateSigningRequest")
+	}
+	return labels.Set(sa.Labels), SelectableFields(sa), nil
+}
+
+// Matcher returns a generic matcher for a given label and field selector.
+func Matcher(label labels.Selector, field fields.Selector) apistorage.SelectionPredicate {
+	return apistorage.SelectionPredicate{
+		Label:    label,
+		Field:    field,
+		GetAttrs: GetAttrs,
+	}
+}
+
+// SelectableFields returns a field set that can be used for filter selection
+func SelectableFields(obj *certificates.CertificateSigningRequest) fields.Set {
+	return generic.ObjectMetaFieldsSet(&obj.ObjectMeta, false)
+}

vendor/k8s.io/kubernetes/pkg/registry/certificates/certificates/strategy_test.go

@@ -0,0 +1,121 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package certificates
+
+import (
+	"reflect"
+	"testing"
+
+	"k8s.io/kubernetes/pkg/api"
+	certapi "k8s.io/kubernetes/pkg/apis/certificates"
+	"k8s.io/kubernetes/pkg/auth/user"
+	"k8s.io/kubernetes/pkg/runtime"
+	"k8s.io/kubernetes/pkg/util/diff"
+)
+
+func TestStrategyCreate(t *testing.T) {
+	tests := map[string]struct {
+		ctx         api.Context
+		obj         runtime.Object
+		expectedObj runtime.Object
+	}{
+		"no user in context, no user in obj": {
+			ctx: api.NewContext(),
+			obj: &certapi.CertificateSigningRequest{},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			},
+		},
+		"user in context, no user in obj": {
+			ctx: api.WithUser(
+				api.NewContext(),
+				&user.DefaultInfo{
+					Name:   "bob",
+					UID:    "123",
+					Groups: []string{"group1"},
+					Extra:  map[string][]string{"foo": {"bar"}},
+				},
+			),
+			obj: &certapi.CertificateSigningRequest{},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Spec: certapi.CertificateSigningRequestSpec{
+					Username: "bob",
+					UID:      "123",
+					Groups:   []string{"group1"},
+				},
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			},
+		},
+		"no user in context, user in obj": {
+			ctx: api.NewContext(),
+			obj: &certapi.CertificateSigningRequest{
+				Spec: certapi.CertificateSigningRequestSpec{
+					Username: "bob",
+					UID:      "123",
+					Groups:   []string{"group1"},
+				},
+			},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			},
+		},
+		"user in context, user in obj": {
+			ctx: api.WithUser(
+				api.NewContext(),
+				&user.DefaultInfo{
+					Name: "alice",
+					UID:  "234",
+				},
+			),
+			obj: &certapi.CertificateSigningRequest{
+				Spec: certapi.CertificateSigningRequestSpec{
+					Username: "bob",
+					UID:      "123",
+					Groups:   []string{"group1"},
+				},
+			},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Spec: certapi.CertificateSigningRequestSpec{
+					Username: "alice",
+					UID:      "234",
+					Groups:   nil,
+				},
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			},
+		},
+		"pre-approved status": {
+			ctx: api.NewContext(),
+			obj: &certapi.CertificateSigningRequest{
+				Status: certapi.CertificateSigningRequestStatus{
+					Conditions: []certapi.CertificateSigningRequestCondition{
+						{Type: certapi.CertificateApproved},
+					},
+				},
+			},
+			expectedObj: &certapi.CertificateSigningRequest{
+				Status: certapi.CertificateSigningRequestStatus{Conditions: []certapi.CertificateSigningRequestCondition{}},
+			}},
+	}
+
+	for k, tc := range tests {
+		obj := tc.obj
+		Strategy.PrepareForCreate(tc.ctx, obj)
+		if !reflect.DeepEqual(obj, tc.expectedObj) {
+			t.Errorf("%s: object diff: %s", k, diff.ObjectDiff(obj, tc.expectedObj))
+		}
+	}
+}

vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/BUILD

@@ -0,0 +1,25 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_binary",
+    "go_library",
+    "go_test",
+    "cgo_library",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["storage_certificates.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/api/rest:go_default_library",
+        "//pkg/apis/certificates:go_default_library",
+        "//pkg/apis/certificates/v1alpha1:go_default_library",
+        "//pkg/genericapiserver:go_default_library",
+        "//pkg/registry:go_default_library",
+        "//pkg/registry/certificates/certificates/etcd:go_default_library",
+    ],
+)

vendor/k8s.io/kubernetes/pkg/registry/certificates/rest/storage_certificates.go

@@ -0,0 +1,56 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rest
+
+import (
+	"k8s.io/kubernetes/pkg/api/rest"
+	"k8s.io/kubernetes/pkg/apis/certificates"
+	certificatesapiv1alpha1 "k8s.io/kubernetes/pkg/apis/certificates/v1alpha1"
+	"k8s.io/kubernetes/pkg/genericapiserver"
+	"k8s.io/kubernetes/pkg/registry"
+	certificateetcd "k8s.io/kubernetes/pkg/registry/certificates/certificates/etcd"
+)
+
+type RESTStorageProvider struct{}
+
+func (p RESTStorageProvider) NewRESTStorage(apiResourceConfigSource genericapiserver.APIResourceConfigSource, restOptionsGetter registry.RESTOptionsGetter) (genericapiserver.APIGroupInfo, bool) {
+	apiGroupInfo := genericapiserver.NewDefaultAPIGroupInfo(certificates.GroupName)
+
+	if apiResourceConfigSource.AnyResourcesForVersionEnabled(certificatesapiv1alpha1.SchemeGroupVersion) {
+		apiGroupInfo.VersionedResourcesStorageMap[certificatesapiv1alpha1.SchemeGroupVersion.Version] = p.v1alpha1Storage(apiResourceConfigSource, restOptionsGetter)
+		apiGroupInfo.GroupMeta.GroupVersion = certificatesapiv1alpha1.SchemeGroupVersion
+	}
+
+	return apiGroupInfo, true
+}
+
+func (p RESTStorageProvider) v1alpha1Storage(apiResourceConfigSource genericapiserver.APIResourceConfigSource, restOptionsGetter registry.RESTOptionsGetter) map[string]rest.Storage {
+	version := certificatesapiv1alpha1.SchemeGroupVersion
+
+	storage := map[string]rest.Storage{}
+	if apiResourceConfigSource.ResourceEnabled(version.WithResource("certificatesigningrequests")) {
+		csrStorage, csrStatusStorage, csrApprovalStorage := certificateetcd.NewREST(restOptionsGetter(certificates.Resource("certificatesigningrequests")))
+		storage["certificatesigningrequests"] = csrStorage
+		storage["certificatesigningrequests/status"] = csrStatusStorage
+		storage["certificatesigningrequests/approval"] = csrApprovalStorage
+	}
+	return storage
+}
+
+func (p RESTStorageProvider) GroupName() string {
+	return certificates.GroupName
+}