vendor: bump k8s to v0.25.4

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2025-07-09 21:17:09 +08:00 · 2023-03-14 18:20:37 +01:00
parent 4a73abfd64
commit cfa6b4f7c8
889 changed files with 96934 additions and 11708 deletions
--- a/vendor/github.com/Azure/go-autorest/autorest/adal/README.md
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/README.md
@ -1,3 +1,5 @@
+# NOTE: This module will go out of support by March 31, 2023.  For authenticating with Azure AD, use module [azidentity](https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity) instead.  For help migrating from `adal` to `azidentiy` please consult the [migration guide](https://aka.ms/azsdk/go/identity/migration).  General information about the retirement of this and other legacy modules can be found [here](https://azure.microsoft.com/updates/support-for-azure-sdk-libraries-that-do-not-conform-to-our-current-azure-sdk-guidelines-will-be-retired-as-of-31-march-2023/).
+
 # Azure Active Directory authentication for Go

 This is a standalone package for authenticating with Azure Active
@ -18,7 +20,7 @@ go get -u github.com/Azure/go-autorest/autorest/adal

 ## Usage

-An Active Directory application is required in order to use this library. An application can be registered in the [Azure Portal](https://portal.azure.com/) by following these [guidelines](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-integrating-applications) or using the [Azure CLI](https://github.com/Azure/azure-cli).
+An Active Directory application is required in order to use this library. An application can be registered in the [Azure Portal](https://portal.azure.com/) by following these [guidelines](https://docs.microsoft.com/azure/active-directory/develop/active-directory-integrating-applications) or using the [Azure CLI](https://github.com/Azure/azure-cli).

 ### Register an Azure AD Application with secret

@ -88,7 +90,7 @@ An Active Directory application is required in order to use this library. An app
 ### Grant the necessary permissions

 Azure relies on a Role-Based Access Control (RBAC) model to manage the access to resources at a fine-grained
-level. There is a set of [pre-defined roles](https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-built-in-roles)
+level. There is a set of [pre-defined roles](https://docs.microsoft.com/azure/active-directory/role-based-access-built-in-roles)
 which can be assigned to a service principal of an Azure AD application depending of your needs.

 ```
@ -104,7 +106,7 @@ It is also possible to define custom role definitions.
 az role definition create --role-definition role-definition.json
 ```

-* Check [custom roles](https://docs.microsoft.com/en-us/azure/active-directory/role-based-access-control-custom-roles) for more details regarding the content of `role-definition.json` file.
+* Check [custom roles](https://docs.microsoft.com/azure/active-directory/role-based-access-control-custom-roles) for more details regarding the content of `role-definition.json` file.


 ### Acquire Access Token
--- a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go
@ -365,6 +365,25 @@ func (secret ServicePrincipalAuthorizationCodeSecret) MarshalJSON() ([]byte, err
 	})
 }

+// ServicePrincipalFederatedSecret implements ServicePrincipalSecret for Federated JWTs.
+type ServicePrincipalFederatedSecret struct {
+	jwt string
+}
+
+// SetAuthenticationValues is a method of the interface ServicePrincipalSecret.
+// It will populate the form submitted during OAuth Token Acquisition using a JWT signed by an OIDC issuer.
+func (secret *ServicePrincipalFederatedSecret) SetAuthenticationValues(spt *ServicePrincipalToken, v *url.Values) error {
+
+	v.Set("client_assertion", secret.jwt)
+	v.Set("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer")
+	return nil
+}
+
+// MarshalJSON implements the json.Marshaler interface.
+func (secret ServicePrincipalFederatedSecret) MarshalJSON() ([]byte, error) {
+	return nil, errors.New("marshalling ServicePrincipalFederatedSecret is not supported")
+}
+
 // ServicePrincipalToken encapsulates a Token created for a Service Principal.
 type ServicePrincipalToken struct {
 	inner             servicePrincipalToken
@ -419,6 +438,8 @@ func (spt *ServicePrincipalToken) UnmarshalJSON(data []byte) error {
 		spt.inner.Secret = &ServicePrincipalUsernamePasswordSecret{}
 	case "ServicePrincipalAuthorizationCodeSecret":
 		spt.inner.Secret = &ServicePrincipalAuthorizationCodeSecret{}
+	case "ServicePrincipalFederatedSecret":
+		return errors.New("unmarshalling ServicePrincipalFederatedSecret is not supported")
 	default:
 		return fmt.Errorf("unrecognized token type '%s'", secret["type"])
 	}
@ -665,6 +686,31 @@ func NewServicePrincipalTokenFromAuthorizationCode(oauthConfig OAuthConfig, clie
 	)
 }

+// NewServicePrincipalTokenFromFederatedToken creates a ServicePrincipalToken from the supplied federated OIDC JWT.
+func NewServicePrincipalTokenFromFederatedToken(oauthConfig OAuthConfig, clientID string, jwt string, resource string, callbacks ...TokenRefreshCallback) (*ServicePrincipalToken, error) {
+	if err := validateOAuthConfig(oauthConfig); err != nil {
+		return nil, err
+	}
+	if err := validateStringParam(clientID, "clientID"); err != nil {
+		return nil, err
+	}
+	if err := validateStringParam(resource, "resource"); err != nil {
+		return nil, err
+	}
+	if jwt == "" {
+		return nil, fmt.Errorf("parameter 'jwt' cannot be empty")
+	}
+	return NewServicePrincipalTokenWithSecret(
+		oauthConfig,
+		clientID,
+		resource,
+		&ServicePrincipalFederatedSecret{
+			jwt: jwt,
+		},
+		callbacks...,
+	)
+}
+
 type msiType int

 const (
@ -1058,8 +1104,8 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource

 		// AAD returns expires_in as a string, ADFS returns it as an int
 		ExpiresIn json.Number `json:"expires_in"`
-		// expires_on can be in two formats, a UTC time stamp or the number of seconds.
-		ExpiresOn string      `json:"expires_on"`
+		// expires_on can be in three formats, a UTC time stamp, or the number of seconds as a string *or* int.
+		ExpiresOn interface{} `json:"expires_on"`
 		NotBefore json.Number `json:"not_before"`

 		Resource string `json:"resource"`
@ -1072,7 +1118,7 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource
 	}
 	expiresOn := json.Number("")
 	// ADFS doesn't include the expires_on field
-	if token.ExpiresOn != "" {
+	if token.ExpiresOn != nil {
 		if expiresOn, err = parseExpiresOn(token.ExpiresOn); err != nil {
 			return newTokenRefreshError(fmt.Sprintf("adal: failed to parse expires_on: %v value '%s'", err, token.ExpiresOn), resp)
 		}
@ -1089,18 +1135,27 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource
 }

 // converts expires_on to the number of seconds
-func parseExpiresOn(s string) (json.Number, error) {
-	// convert the expiration date to the number of seconds from now
-	timeToDuration := func(t time.Time) json.Number {
-		dur := t.Sub(time.Now().UTC())
-		return json.Number(strconv.FormatInt(int64(dur.Round(time.Second).Seconds()), 10))
+func parseExpiresOn(s interface{}) (json.Number, error) {
+	// the JSON unmarshaler treats JSON numbers unmarshaled into an interface{} as float64
+	asFloat64, ok := s.(float64)
+	if ok {
+		// this is the number of seconds as int case
+		return json.Number(strconv.FormatInt(int64(asFloat64), 10)), nil
 	}
-	if _, err := strconv.ParseInt(s, 10, 64); err == nil {
+	asStr, ok := s.(string)
+	if !ok {
+		return "", fmt.Errorf("unexpected expires_on type %T", s)
+	}
+	// convert the expiration date to the number of seconds from the unix epoch
+	timeToDuration := func(t time.Time) json.Number {
+		return json.Number(strconv.FormatInt(t.UTC().Unix(), 10))
+	}
+	if _, err := json.Number(asStr).Int64(); err == nil {
 		// this is the number of seconds case, no conversion required
-		return json.Number(s), nil
-	} else if eo, err := time.Parse(expiresOnDateFormatPM, s); err == nil {
+		return json.Number(asStr), nil
+	} else if eo, err := time.Parse(expiresOnDateFormatPM, asStr); err == nil {
 		return timeToDuration(eo), nil
-	} else if eo, err := time.Parse(expiresOnDateFormat, s); err == nil {
+	} else if eo, err := time.Parse(expiresOnDateFormat, asStr); err == nil {
 		return timeToDuration(eo), nil
 	} else {
 		// unknown format
@ -1317,12 +1372,25 @@ func NewMultiTenantServicePrincipalTokenFromCertificate(multiTenantCfg MultiTena

 // MSIAvailable returns true if the MSI endpoint is available for authentication.
 func MSIAvailable(ctx context.Context, s Sender) bool {
+	msiType, _, err := getMSIType()
+
+	if err != nil {
+		return false
+	}
+
+	if msiType != msiTypeIMDS {
+		return true
+	}
+
 	if s == nil {
 		s = sender()
 	}
+
 	resp, err := getMSIEndpoint(ctx, s)
+
 	if err == nil {
 		resp.Body.Close()
 	}
+
 	return err == nil
 }
--- a/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go
@ -34,8 +34,10 @@ const (
 var environments = map[string]Environment{
 	"AZURECHINACLOUD":        ChinaCloud,
 	"AZUREGERMANCLOUD":       GermanCloud,
+	"AZURECLOUD":             PublicCloud,
 	"AZUREPUBLICCLOUD":       PublicCloud,
-	"AZUREUSGOVERNMENTCLOUD": USGovernmentCloud,
+	"AZUREUSGOVERNMENT":      USGovernmentCloud,
+	"AZUREUSGOVERNMENTCLOUD": USGovernmentCloud, //TODO: deprecate
 }

 // ResourceIdentifier contains a set of Azure resource IDs.
@ -51,6 +53,8 @@ type ResourceIdentifier struct {
 	ServiceBus          string `json:"serviceBus"`
 	SQLDatabase         string `json:"sqlDatabase"`
 	CosmosDB            string `json:"cosmosDB"`
+	ManagedHSM          string `json:"managedHSM"`
+	MicrosoftGraph      string `json:"microsoftGraph"`
 }

 // Environment represents a set of endpoints for each of Azure's Clouds.
@ -63,9 +67,11 @@ type Environment struct {
 	ActiveDirectoryEndpoint      string             `json:"activeDirectoryEndpoint"`
 	GalleryEndpoint              string             `json:"galleryEndpoint"`
 	KeyVaultEndpoint             string             `json:"keyVaultEndpoint"`
+	ManagedHSMEndpoint           string             `json:"managedHSMEndpoint"`
 	GraphEndpoint                string             `json:"graphEndpoint"`
 	ServiceBusEndpoint           string             `json:"serviceBusEndpoint"`
 	BatchManagementEndpoint      string             `json:"batchManagementEndpoint"`
+	MicrosoftGraphEndpoint       string             `json:"microsoftGraphEndpoint"`
 	StorageEndpointSuffix        string             `json:"storageEndpointSuffix"`
 	CosmosDBDNSSuffix            string             `json:"cosmosDBDNSSuffix"`
 	MariaDBDNSSuffix             string             `json:"mariaDBDNSSuffix"`
@ -74,6 +80,7 @@ type Environment struct {
 	SQLDatabaseDNSSuffix         string             `json:"sqlDatabaseDNSSuffix"`
 	TrafficManagerDNSSuffix      string             `json:"trafficManagerDNSSuffix"`
 	KeyVaultDNSSuffix            string             `json:"keyVaultDNSSuffix"`
+	ManagedHSMDNSSuffix          string             `json:"managedHSMDNSSuffix"`
 	ServiceBusEndpointSuffix     string             `json:"serviceBusEndpointSuffix"`
 	ServiceManagementVMDNSSuffix string             `json:"serviceManagementVMDNSSuffix"`
 	ResourceManagerVMDNSSuffix   string             `json:"resourceManagerVMDNSSuffix"`
@ -81,6 +88,7 @@ type Environment struct {
 	TokenAudience                string             `json:"tokenAudience"`
 	APIManagementHostNameSuffix  string             `json:"apiManagementHostNameSuffix"`
 	SynapseEndpointSuffix        string             `json:"synapseEndpointSuffix"`
+	DatalakeSuffix               string             `json:"datalakeSuffix"`
 	ResourceIdentifiers          ResourceIdentifier `json:"resourceIdentifiers"`
 }

@ -95,9 +103,11 @@ var (
 		ActiveDirectoryEndpoint:      "https://login.microsoftonline.com/",
 		GalleryEndpoint:              "https://gallery.azure.com/",
 		KeyVaultEndpoint:             "https://vault.azure.net/",
+		ManagedHSMEndpoint:           "https://managedhsm.azure.net/",
 		GraphEndpoint:                "https://graph.windows.net/",
 		ServiceBusEndpoint:           "https://servicebus.windows.net/",
 		BatchManagementEndpoint:      "https://batch.core.windows.net/",
+		MicrosoftGraphEndpoint:       "https://graph.microsoft.com/",
 		StorageEndpointSuffix:        "core.windows.net",
 		CosmosDBDNSSuffix:            "documents.azure.com",
 		MariaDBDNSSuffix:             "mariadb.database.azure.com",
@ -106,6 +116,7 @@ var (
 		SQLDatabaseDNSSuffix:         "database.windows.net",
 		TrafficManagerDNSSuffix:      "trafficmanager.net",
 		KeyVaultDNSSuffix:            "vault.azure.net",
+		ManagedHSMDNSSuffix:          "managedhsm.azure.net",
 		ServiceBusEndpointSuffix:     "servicebus.windows.net",
 		ServiceManagementVMDNSSuffix: "cloudapp.net",
 		ResourceManagerVMDNSSuffix:   "cloudapp.azure.com",
@ -113,6 +124,7 @@ var (
 		TokenAudience:                "https://management.azure.com/",
 		APIManagementHostNameSuffix:  "azure-api.net",
 		SynapseEndpointSuffix:        "dev.azuresynapse.net",
+		DatalakeSuffix:               "azuredatalakestore.net",
 		ResourceIdentifiers: ResourceIdentifier{
 			Graph:               "https://graph.windows.net/",
 			KeyVault:            "https://vault.azure.net",
@ -125,6 +137,8 @@ var (
 			ServiceBus:          "https://servicebus.azure.net/",
 			SQLDatabase:         "https://database.windows.net/",
 			CosmosDB:            "https://cosmos.azure.com",
+			ManagedHSM:          "https://managedhsm.azure.net",
+			MicrosoftGraph:      "https://graph.microsoft.com/",
 		},
 	}

@ -138,9 +152,11 @@ var (
 		ActiveDirectoryEndpoint:      "https://login.microsoftonline.us/",
 		GalleryEndpoint:              "https://gallery.usgovcloudapi.net/",
 		KeyVaultEndpoint:             "https://vault.usgovcloudapi.net/",
+		ManagedHSMEndpoint:           NotAvailable,
 		GraphEndpoint:                "https://graph.windows.net/",
 		ServiceBusEndpoint:           "https://servicebus.usgovcloudapi.net/",
 		BatchManagementEndpoint:      "https://batch.core.usgovcloudapi.net/",
+		MicrosoftGraphEndpoint:       "https://graph.microsoft.us/",
 		StorageEndpointSuffix:        "core.usgovcloudapi.net",
 		CosmosDBDNSSuffix:            "documents.azure.us",
 		MariaDBDNSSuffix:             "mariadb.database.usgovcloudapi.net",
@ -149,13 +165,15 @@ var (
 		SQLDatabaseDNSSuffix:         "database.usgovcloudapi.net",
 		TrafficManagerDNSSuffix:      "usgovtrafficmanager.net",
 		KeyVaultDNSSuffix:            "vault.usgovcloudapi.net",
+		ManagedHSMDNSSuffix:          NotAvailable,
 		ServiceBusEndpointSuffix:     "servicebus.usgovcloudapi.net",
 		ServiceManagementVMDNSSuffix: "usgovcloudapp.net",
 		ResourceManagerVMDNSSuffix:   "cloudapp.usgovcloudapi.net",
 		ContainerRegistryDNSSuffix:   "azurecr.us",
 		TokenAudience:                "https://management.usgovcloudapi.net/",
 		APIManagementHostNameSuffix:  "azure-api.us",
-		SynapseEndpointSuffix:        NotAvailable,
+		SynapseEndpointSuffix:        "dev.azuresynapse.usgovcloudapi.net",
+		DatalakeSuffix:               NotAvailable,
 		ResourceIdentifiers: ResourceIdentifier{
 			Graph:               "https://graph.windows.net/",
 			KeyVault:            "https://vault.usgovcloudapi.net",
@ -164,10 +182,12 @@ var (
 			OperationalInsights: "https://api.loganalytics.us",
 			OSSRDBMS:            "https://ossrdbms-aad.database.usgovcloudapi.net",
 			Storage:             "https://storage.azure.com/",
-			Synapse:             NotAvailable,
+			Synapse:             "https://dev.azuresynapse.usgovcloudapi.net",
 			ServiceBus:          "https://servicebus.azure.net/",
 			SQLDatabase:         "https://database.usgovcloudapi.net/",
 			CosmosDB:            "https://cosmos.azure.com",
+			ManagedHSM:          NotAvailable,
+			MicrosoftGraph:      "https://graph.microsoft.us/",
 		},
 	}

@ -181,9 +201,11 @@ var (
 		ActiveDirectoryEndpoint:      "https://login.chinacloudapi.cn/",
 		GalleryEndpoint:              "https://gallery.chinacloudapi.cn/",
 		KeyVaultEndpoint:             "https://vault.azure.cn/",
+		ManagedHSMEndpoint:           NotAvailable,
 		GraphEndpoint:                "https://graph.chinacloudapi.cn/",
 		ServiceBusEndpoint:           "https://servicebus.chinacloudapi.cn/",
 		BatchManagementEndpoint:      "https://batch.chinacloudapi.cn/",
+		MicrosoftGraphEndpoint:       "https://microsoftgraph.chinacloudapi.cn/",
 		StorageEndpointSuffix:        "core.chinacloudapi.cn",
 		CosmosDBDNSSuffix:            "documents.azure.cn",
 		MariaDBDNSSuffix:             "mariadb.database.chinacloudapi.cn",
@ -192,6 +214,7 @@ var (
 		SQLDatabaseDNSSuffix:         "database.chinacloudapi.cn",
 		TrafficManagerDNSSuffix:      "trafficmanager.cn",
 		KeyVaultDNSSuffix:            "vault.azure.cn",
+		ManagedHSMDNSSuffix:          NotAvailable,
 		ServiceBusEndpointSuffix:     "servicebus.chinacloudapi.cn",
 		ServiceManagementVMDNSSuffix: "chinacloudapp.cn",
 		ResourceManagerVMDNSSuffix:   "cloudapp.chinacloudapi.cn",
@ -199,6 +222,7 @@ var (
 		TokenAudience:                "https://management.chinacloudapi.cn/",
 		APIManagementHostNameSuffix:  "azure-api.cn",
 		SynapseEndpointSuffix:        "dev.azuresynapse.azure.cn",
+		DatalakeSuffix:               NotAvailable,
 		ResourceIdentifiers: ResourceIdentifier{
 			Graph:               "https://graph.chinacloudapi.cn/",
 			KeyVault:            "https://vault.azure.cn",
@ -211,6 +235,8 @@ var (
 			ServiceBus:          "https://servicebus.azure.net/",
 			SQLDatabase:         "https://database.chinacloudapi.cn/",
 			CosmosDB:            "https://cosmos.azure.com",
+			ManagedHSM:          NotAvailable,
+			MicrosoftGraph:      "https://microsoftgraph.chinacloudapi.cn",
 		},
 	}

@ -224,9 +250,11 @@ var (
 		ActiveDirectoryEndpoint:      "https://login.microsoftonline.de/",
 		GalleryEndpoint:              "https://gallery.cloudapi.de/",
 		KeyVaultEndpoint:             "https://vault.microsoftazure.de/",
+		ManagedHSMEndpoint:           NotAvailable,
 		GraphEndpoint:                "https://graph.cloudapi.de/",
 		ServiceBusEndpoint:           "https://servicebus.cloudapi.de/",
 		BatchManagementEndpoint:      "https://batch.cloudapi.de/",
+		MicrosoftGraphEndpoint:       NotAvailable,
 		StorageEndpointSuffix:        "core.cloudapi.de",
 		CosmosDBDNSSuffix:            "documents.microsoftazure.de",
 		MariaDBDNSSuffix:             "mariadb.database.cloudapi.de",
@ -235,6 +263,7 @@ var (
 		SQLDatabaseDNSSuffix:         "database.cloudapi.de",
 		TrafficManagerDNSSuffix:      "azuretrafficmanager.de",
 		KeyVaultDNSSuffix:            "vault.microsoftazure.de",
+		ManagedHSMDNSSuffix:          NotAvailable,
 		ServiceBusEndpointSuffix:     "servicebus.cloudapi.de",
 		ServiceManagementVMDNSSuffix: "azurecloudapp.de",
 		ResourceManagerVMDNSSuffix:   "cloudapp.microsoftazure.de",
@ -242,6 +271,7 @@ var (
 		TokenAudience:                "https://management.microsoftazure.de/",
 		APIManagementHostNameSuffix:  NotAvailable,
 		SynapseEndpointSuffix:        NotAvailable,
+		DatalakeSuffix:               NotAvailable,
 		ResourceIdentifiers: ResourceIdentifier{
 			Graph:               "https://graph.cloudapi.de/",
 			KeyVault:            "https://vault.microsoftazure.de",
@ -254,6 +284,8 @@ var (
 			ServiceBus:          "https://servicebus.azure.net/",
 			SQLDatabase:         "https://database.cloudapi.de/",
 			CosmosDB:            "https://cosmos.azure.com",
+			ManagedHSM:          NotAvailable,
+			MicrosoftGraph:      NotAvailable,
 		},
 	}
 )
--- a/vendor/github.com/Azure/go-autorest/autorest/azure/rp.go
+++ b/vendor/github.com/Azure/go-autorest/autorest/azure/rp.go
@ -64,7 +64,7 @@ func DoRetryWithRegistration(client autorest.Client) autorest.SendDecorator {
 				if re.ServiceError != nil && re.ServiceError.Code == "MissingSubscriptionRegistration" {
 					regErr := register(client, r, re)
 					if regErr != nil {
-						return resp, fmt.Errorf("failed auto registering Resource Provider: %s. Original error: %s", regErr, err)
+						return resp, fmt.Errorf("failed auto registering Resource Provider: %s. Original error: %w", regErr, err)
 					}
 				}
 			}