Updates Kubernetes dependencies to v1.18.0

Signed-off-by: JoshVanL <[email protected]>

Author: JoshVanL

cmd/app/options/oidc.go

@@ -10,7 +10,6 @@ import (
 )
 
 type OIDCAuthenticationOptions struct {
-	APIAudiences   []string
 	CAFile         string
 	ClientID       string
 	IssuerURL      string
@@ -35,11 +34,6 @@ func (o *OIDCAuthenticationOptions) Validate() error {
 }
 
 func (o *OIDCAuthenticationOptions) AddFlags(fs *pflag.FlagSet) *OIDCAuthenticationOptions {
-	fs.StringSliceVar(&o.APIAudiences, "api-audiences", o.APIAudiences, ""+
-		"Identifiers of the API. This can be used as an additional list of "+
-		"identifiers that exist in the target audiences of requests when "+
-		"authenticating with OIDC.")
-
 	fs.StringVar(&o.IssuerURL, "oidc-issuer-url", o.IssuerURL, ""+
 		"The URL of the OpenID issuer, only HTTPS scheme will be accepted.")
 

cmd/app/run.go

@@ -91,7 +91,7 @@ func buildRunCommand(stopCh <-chan struct{}, opts *options.Options) *cobra.Comma
 			}
 
 			// Create a fake JWT to set up readiness probe
-			fakeJWT, err := util.FakeJWT(opts.OIDCAuthentication.IssuerURL, opts.OIDCAuthentication.APIAudiences)
+			fakeJWT, err := util.FakeJWT(opts.OIDCAuthentication.IssuerURL)
 			if err != nil {
 				return err
 			}

go.mod

@@ -5,20 +5,20 @@ go 1.13
 require (
 	github.com/golang/mock v1.2.0
 	github.com/heptiolabs/healthcheck v0.0.0-20180807145615-6ff867650f40
-	github.com/onsi/ginkgo v1.10.1
+	github.com/onsi/ginkgo v1.11.0
 	github.com/onsi/gomega v1.7.0
 	github.com/sebest/xff v0.0.0-20160910043805-6c115e0ffa35
 	github.com/sirupsen/logrus v1.4.2
 	github.com/spf13/cobra v0.0.5
 	github.com/spf13/pflag v1.0.5
 	gopkg.in/DATA-DOG/go-sqlmock.v1 v1.3.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.3.1
-	k8s.io/api v0.17.0
-	k8s.io/apimachinery v0.17.0
-	k8s.io/apiserver v0.17.0
-	k8s.io/cli-runtime v0.17.0
-	k8s.io/client-go v0.17.0
-	k8s.io/component-base v0.17.0
+	k8s.io/api v0.18.0
+	k8s.io/apimachinery v0.18.0
+	k8s.io/apiserver v0.18.0
+	k8s.io/cli-runtime v0.18.0
+	k8s.io/client-go v0.18.0
+	k8s.io/component-base v0.18.0
 	k8s.io/klog v1.0.0
 	sigs.k8s.io/kind v0.7.0
 )

go.sum

@@ -38,7 +38,7 @@ func TestRun(t *testing.T) {
 		t.FailNow()
 	}
 
-	fakeJWT, err := util.FakeJWT("issuer", nil)
+	fakeJWT, err := util.FakeJWT("issuer")
 	if err != nil {
 		t.Error(err.Error())
 		t.FailNow()

pkg/probe/probe_test.go

@@ -80,7 +80,6 @@ func New(restConfig *rest.Config,
 
 	// generate tokenAuther from oidc config
 	tokenAuther, err := oidc.New(oidc.Options{
-		APIAudiences:         oidcOptions.APIAudiences,
 		CAFile:               oidcOptions.CAFile,
 		ClientID:             oidcOptions.ClientID,
 		GroupsClaim:          oidcOptions.GroupsClaim,

pkg/proxy/proxy.go

@@ -5,6 +5,7 @@ import (
 	"context"
 
 	authv1 "k8s.io/api/authentication/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	clientauthv1 "k8s.io/client-go/kubernetes/typed/authentication/v1"
 )
 
@@ -22,7 +23,7 @@ func New() *FakeReviewer {
 	}
 }
 
-func (f *FakeReviewer) Create(req *authv1.TokenReview) (*authv1.TokenReview, error) {
+func (f *FakeReviewer) Create(ctx context.Context, req *authv1.TokenReview, co metav1.CreateOptions) (*authv1.TokenReview, error) {
 	return f.CreateFn(req)
 }
 

pkg/proxy/tokenreview/fake/tokenreview.go

@@ -2,11 +2,14 @@
 package tokenreview
 
 import (
+	"context"
 	"errors"
 	"fmt"
 	"net/http"
+	"time"
 
 	authv1 "k8s.io/api/authentication/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/kubernetes"
 	clientauthv1 "k8s.io/client-go/kubernetes/typed/authentication/v1"
 	"k8s.io/client-go/rest"
@@ -39,7 +42,10 @@ func (t *TokenReview) Review(req *http.Request) (bool, error) {
 
 	review := t.buildReview(token)
 
-	resp, err := t.reviewRequester.Create(review)
+	ctx, cancel := context.WithTimeout(req.Context(), time.Second*10)
+	defer cancel()
+
+	resp, err := t.reviewRequester.Create(ctx, review, metav1.CreateOptions{})
 	if err != nil {
 		return false, err
 	}

pkg/proxy/tokenreview/tokenreview.go

@@ -2,6 +2,7 @@
 package util
 
 import (
+	"context"
 	"fmt"
 	"time"
 
@@ -15,7 +16,7 @@ func WaitForPodReady(kubeclient *kubernetes.Clientset,
 	i := 0
 
 	for {
-		pod, err := kubeclient.CoreV1().Pods(namespace).Get(name, metav1.GetOptions{})
+		pod, err := kubeclient.CoreV1().Pods(namespace).Get(context.Background(), name, metav1.GetOptions{})
 		if err != nil {
 			return err
 		}

pkg/util/pods.go

@@ -39,7 +39,7 @@ func ParseTokenFromRequest(req *http.Request) (string, bool) {
 // fakeJWT generates a valid JWT using the passed input parameters which is
 // signed by a generated key. This is useful for checking the status of a
 // signer.
-func FakeJWT(issuerURL string, apiAudiences []string) (string, error) {
+func FakeJWT(issuerURL string) (string, error) {
 	key := []byte("secret")
 
 	sig, err := jose.NewSigner(
@@ -53,7 +53,7 @@ func FakeJWT(issuerURL string, apiAudiences []string) (string, error) {
 		Subject:   "fake",
 		Issuer:    issuerURL,
 		NotBefore: jwt.NewNumericDate(time.Date(2016, 1, 1, 0, 0, 0, 0, time.UTC)),
-		Audience:  jwt.Audience(apiAudiences),
+		Audience:  jwt.Audience(nil),
 	}
 
 	return jwt.Signed(sig).Claims(cl).CompactSerialize()