git subrepo clone (merge) https://github.com/kubernetes-incubator/metrics-server.git metrics-server
subrepo:
subdir: "metrics-server"
merged: "92d8412"
upstream:
origin: "https://github.com/kubernetes-incubator/metrics-server.git"
branch: "master"
commit: "92d8412"
git-subrepo:
version: "0.4.0"
origin: "???"
commit: "???"
diff --git a/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/authenticated_group_adder.go b/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/authenticated_group_adder.go
new file mode 100644
index 0000000..9f0453b
--- /dev/null
+++ b/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/authenticated_group_adder.go
@@ -0,0 +1,60 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package group
+
+import (
+ "net/http"
+
+ "k8s.io/apiserver/pkg/authentication/authenticator"
+ "k8s.io/apiserver/pkg/authentication/user"
+)
+
+// AuthenticatedGroupAdder adds system:authenticated group when appropriate
+type AuthenticatedGroupAdder struct {
+ // Authenticator is delegated to make the authentication decision
+ Authenticator authenticator.Request
+}
+
+// NewAuthenticatedGroupAdder wraps a request authenticator, and adds the system:authenticated group when appropriate.
+// Authentication must succeed, the user must not be system:anonymous, the groups system:authenticated or system:unauthenticated must
+// not be present
+func NewAuthenticatedGroupAdder(auth authenticator.Request) authenticator.Request {
+ return &AuthenticatedGroupAdder{auth}
+}
+
+func (g *AuthenticatedGroupAdder) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
+ u, ok, err := g.Authenticator.AuthenticateRequest(req)
+ if err != nil || !ok {
+ return nil, ok, err
+ }
+
+ if u.GetName() == user.Anonymous {
+ return u, true, nil
+ }
+ for _, group := range u.GetGroups() {
+ if group == user.AllAuthenticated || group == user.AllUnauthenticated {
+ return u, true, nil
+ }
+ }
+
+ return &user.DefaultInfo{
+ Name: u.GetName(),
+ UID: u.GetUID(),
+ Groups: append(u.GetGroups(), user.AllAuthenticated),
+ Extra: u.GetExtra(),
+ }, true, nil
+}
diff --git a/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/group_adder.go b/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/group_adder.go
new file mode 100644
index 0000000..1f71429
--- /dev/null
+++ b/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/group_adder.go
@@ -0,0 +1,50 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package group
+
+import (
+ "net/http"
+
+ "k8s.io/apiserver/pkg/authentication/authenticator"
+ "k8s.io/apiserver/pkg/authentication/user"
+)
+
+// GroupAdder adds groups to an authenticated user.Info
+type GroupAdder struct {
+ // Authenticator is delegated to make the authentication decision
+ Authenticator authenticator.Request
+ // Groups are additional groups to add to the user.Info from a successful authentication
+ Groups []string
+}
+
+// NewGroupAdder wraps a request authenticator, and adds the specified groups to the returned user when authentication succeeds
+func NewGroupAdder(auth authenticator.Request, groups []string) authenticator.Request {
+ return &GroupAdder{auth, groups}
+}
+
+func (g *GroupAdder) AuthenticateRequest(req *http.Request) (user.Info, bool, error) {
+ u, ok, err := g.Authenticator.AuthenticateRequest(req)
+ if err != nil || !ok {
+ return nil, ok, err
+ }
+ return &user.DefaultInfo{
+ Name: u.GetName(),
+ UID: u.GetUID(),
+ Groups: append(u.GetGroups(), g.Groups...),
+ Extra: u.GetExtra(),
+ }, true, nil
+}
diff --git a/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder.go b/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder.go
new file mode 100644
index 0000000..4f60d52
--- /dev/null
+++ b/metrics-server/vendor/k8s.io/apiserver/pkg/authentication/group/token_group_adder.go
@@ -0,0 +1,48 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package group
+
+import (
+ "k8s.io/apiserver/pkg/authentication/authenticator"
+ "k8s.io/apiserver/pkg/authentication/user"
+)
+
+// TokenGroupAdder adds groups to an authenticated user.Info
+type TokenGroupAdder struct {
+ // Authenticator is delegated to make the authentication decision
+ Authenticator authenticator.Token
+ // Groups are additional groups to add to the user.Info from a successful authentication
+ Groups []string
+}
+
+// NewTokenGroupAdder wraps a token authenticator, and adds the specified groups to the returned user when authentication succeeds
+func NewTokenGroupAdder(auth authenticator.Token, groups []string) authenticator.Token {
+ return &TokenGroupAdder{auth, groups}
+}
+
+func (g *TokenGroupAdder) AuthenticateToken(token string) (user.Info, bool, error) {
+ u, ok, err := g.Authenticator.AuthenticateToken(token)
+ if err != nil || !ok {
+ return nil, ok, err
+ }
+ return &user.DefaultInfo{
+ Name: u.GetName(),
+ UID: u.GetUID(),
+ Groups: append(u.GetGroups(), g.Groups...),
+ Extra: u.GetExtra(),
+ }, true, nil
+}