Work on #61: Add support for ICMP

+ Update dependencies
2020-12-25 00:07:18 -05:00
parent c86173d46f
commit 83a5813daf
1004 changed files with 182274 additions and 64323 deletions
--- a/vendor/k8s.io/client-go/tools/clientcmd/client_config.go
+++ b/vendor/k8s.io/client-go/tools/clientcmd/client_config.go
@ -20,16 +20,18 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"net/http"
 	"net/url"
 	"os"
 	"strings"
-
-	"github.com/imdario/mergo"
-	"k8s.io/klog"
+	"unicode"

 	restclient "k8s.io/client-go/rest"
 	clientauth "k8s.io/client-go/tools/auth"
 	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+	"k8s.io/klog/v2"
+
+	"github.com/imdario/mergo"
 )

 var (
@ -150,8 +152,15 @@ func (config *DirectClientConfig) ClientConfig() (*restclient.Config, error) {

 	clientConfig := &restclient.Config{}
 	clientConfig.Host = configClusterInfo.Server
+	if configClusterInfo.ProxyURL != "" {
+		u, err := parseProxyURL(configClusterInfo.ProxyURL)
+		if err != nil {
+			return nil, err
+		}
+		clientConfig.Proxy = http.ProxyURL(u)
+	}

-	if len(config.overrides.Timeout) > 0 {
+	if config.overrides != nil && len(config.overrides.Timeout) > 0 {
 		timeout, err := ParseTimeout(config.overrides.Timeout)
 		if err != nil {
 			return nil, err
@ -210,6 +219,7 @@ func getServerIdentificationPartialConfig(configAuthInfo clientcmdapi.AuthInfo,
 	configClientConfig.CAFile = configClusterInfo.CertificateAuthority
 	configClientConfig.CAData = configClusterInfo.CertificateAuthorityData
 	configClientConfig.Insecure = configClusterInfo.InsecureSkipTLSVerify
+	configClientConfig.ServerName = configClusterInfo.TLSServerName
 	mergo.MergeWithOverwrite(mergedConfig, configClientConfig)

 	return mergedConfig, nil
@ -260,6 +270,7 @@ func (config *DirectClientConfig) getUserIdentificationPartialConfig(configAuthI
 	}
 	if configAuthInfo.Exec != nil {
 		mergedConfig.ExecProvider = configAuthInfo.Exec
+		mergedConfig.ExecProvider.InstallHint = cleanANSIEscapeCodes(mergedConfig.ExecProvider.InstallHint)
 	}

 	// if there still isn't enough information to authenticate the user, try prompting
@ -297,16 +308,6 @@ func makeUserIdentificationConfig(info clientauth.Info) *restclient.Config {
 	return config
 }

-// makeUserIdentificationFieldsConfig returns a client.Config capable of being merged using mergo for only server identification information
-func makeServerIdentificationConfig(info clientauth.Info) restclient.Config {
-	config := restclient.Config{}
-	config.CAFile = info.CAFile
-	if info.Insecure != nil {
-		config.Insecure = *info.Insecure
-	}
-	return config
-}
-
 func canIdentifyUser(config restclient.Config) bool {
 	return len(config.Username) > 0 ||
 		(len(config.CertFile) > 0 || len(config.CertData) > 0) ||
@ -315,6 +316,41 @@ func canIdentifyUser(config restclient.Config) bool {
 		config.ExecProvider != nil
 }

+// cleanANSIEscapeCodes takes an arbitrary string and ensures that there are no
+// ANSI escape sequences that could put the terminal in a weird state (e.g.,
+// "\e[1m" bolds text)
+func cleanANSIEscapeCodes(s string) string {
+	// spaceControlCharacters includes tab, new line, vertical tab, new page, and
+	// carriage return. These are in the unicode.Cc category, but that category also
+	// contains ESC (U+001B) which we don't want.
+	spaceControlCharacters := unicode.RangeTable{
+		R16: []unicode.Range16{
+			{Lo: 0x0009, Hi: 0x000D, Stride: 1},
+		},
+	}
+
+	// Why not make this deny-only (instead of allow-only)? Because unicode.C
+	// contains newline and tab characters that we want.
+	allowedRanges := []*unicode.RangeTable{
+		unicode.L,
+		unicode.M,
+		unicode.N,
+		unicode.P,
+		unicode.S,
+		unicode.Z,
+		&spaceControlCharacters,
+	}
+	builder := strings.Builder{}
+	for _, roon := range s {
+		if unicode.IsOneOf(allowedRanges, roon) {
+			builder.WriteRune(roon) // returns nil error, per go doc
+		} else {
+			fmt.Fprintf(&builder, "%U", roon)
+		}
+	}
+	return builder.String()
+}
+
 // Namespace implements ClientConfig
 func (config *DirectClientConfig) Namespace() (string, bool, error) {
 	if config.overrides != nil && config.overrides.Context.Namespace != "" {
@ -382,7 +418,7 @@ func (config *DirectClientConfig) ConfirmUsable() error {
 // getContextName returns the default, or user-set context name, and a boolean that indicates
 // whether the default context name has been overwritten by a user-set flag, or left as its default value
 func (config *DirectClientConfig) getContextName() (string, bool) {
-	if len(config.overrides.CurrentContext) != 0 {
+	if config.overrides != nil && len(config.overrides.CurrentContext) != 0 {
 		return config.overrides.CurrentContext, true
 	}
 	if len(config.contextName) != 0 {
@ -396,7 +432,7 @@ func (config *DirectClientConfig) getContextName() (string, bool) {
 // and a boolean indicating  whether the default authInfo name is overwritten by a user-set flag, or
 // left as its default value
 func (config *DirectClientConfig) getAuthInfoName() (string, bool) {
-	if len(config.overrides.Context.AuthInfo) != 0 {
+	if config.overrides != nil && len(config.overrides.Context.AuthInfo) != 0 {
 		return config.overrides.Context.AuthInfo, true
 	}
 	context, _ := config.getContext()
@ -407,7 +443,7 @@ func (config *DirectClientConfig) getAuthInfoName() (string, bool) {
 // indicating whether the default clusterName has been overwritten by a user-set flag, or left as
 // its default value
 func (config *DirectClientConfig) getClusterName() (string, bool) {
-	if len(config.overrides.Context.Cluster) != 0 {
+	if config.overrides != nil && len(config.overrides.Context.Cluster) != 0 {
 		return config.overrides.Context.Cluster, true
 	}
 	context, _ := config.getContext()
@ -425,7 +461,9 @@ func (config *DirectClientConfig) getContext() (clientcmdapi.Context, error) {
 	} else if required {
 		return clientcmdapi.Context{}, fmt.Errorf("context %q does not exist", contextName)
 	}
-	mergo.MergeWithOverwrite(mergedContext, config.overrides.Context)
+	if config.overrides != nil {
+		mergo.MergeWithOverwrite(mergedContext, config.overrides.Context)
+	}

 	return *mergedContext, nil
 }
@ -441,7 +479,9 @@ func (config *DirectClientConfig) getAuthInfo() (clientcmdapi.AuthInfo, error) {
 	} else if required {
 		return clientcmdapi.AuthInfo{}, fmt.Errorf("auth info %q does not exist", authInfoName)
 	}
-	mergo.MergeWithOverwrite(mergedAuthInfo, config.overrides.AuthInfo)
+	if config.overrides != nil {
+		mergo.MergeWithOverwrite(mergedAuthInfo, config.overrides.AuthInfo)
+	}

 	return *mergedAuthInfo, nil
 }
@ -452,20 +492,37 @@ func (config *DirectClientConfig) getCluster() (clientcmdapi.Cluster, error) {
 	clusterInfoName, required := config.getClusterName()

 	mergedClusterInfo := clientcmdapi.NewCluster()
-	mergo.MergeWithOverwrite(mergedClusterInfo, config.overrides.ClusterDefaults)
+	if config.overrides != nil {
+		mergo.MergeWithOverwrite(mergedClusterInfo, config.overrides.ClusterDefaults)
+	}
 	if configClusterInfo, exists := clusterInfos[clusterInfoName]; exists {
 		mergo.MergeWithOverwrite(mergedClusterInfo, configClusterInfo)
 	} else if required {
 		return clientcmdapi.Cluster{}, fmt.Errorf("cluster %q does not exist", clusterInfoName)
 	}
-	mergo.MergeWithOverwrite(mergedClusterInfo, config.overrides.ClusterInfo)
-	// An override of --insecure-skip-tls-verify=true and no accompanying CA/CA data should clear already-set CA/CA data
-	// otherwise, a kubeconfig containing a CA reference would return an error that "CA and insecure-skip-tls-verify couldn't both be set"
-	caLen := len(config.overrides.ClusterInfo.CertificateAuthority)
-	caDataLen := len(config.overrides.ClusterInfo.CertificateAuthorityData)
-	if config.overrides.ClusterInfo.InsecureSkipTLSVerify && caLen == 0 && caDataLen == 0 {
-		mergedClusterInfo.CertificateAuthority = ""
-		mergedClusterInfo.CertificateAuthorityData = nil
+	if config.overrides != nil {
+		mergo.MergeWithOverwrite(mergedClusterInfo, config.overrides.ClusterInfo)
+	}
+
+	// * An override of --insecure-skip-tls-verify=true and no accompanying CA/CA data should clear already-set CA/CA data
+	// otherwise, a kubeconfig containing a CA reference would return an error that "CA and insecure-skip-tls-verify couldn't both be set".
+	// * An override of --certificate-authority should also override TLS skip settings and CA data, otherwise existing CA data will take precedence.
+	if config.overrides != nil {
+		caLen := len(config.overrides.ClusterInfo.CertificateAuthority)
+		caDataLen := len(config.overrides.ClusterInfo.CertificateAuthorityData)
+		if config.overrides.ClusterInfo.InsecureSkipTLSVerify || caLen > 0 || caDataLen > 0 {
+			mergedClusterInfo.InsecureSkipTLSVerify = config.overrides.ClusterInfo.InsecureSkipTLSVerify
+			mergedClusterInfo.CertificateAuthority = config.overrides.ClusterInfo.CertificateAuthority
+			mergedClusterInfo.CertificateAuthorityData = config.overrides.ClusterInfo.CertificateAuthorityData
+		}
+
+		// if the --tls-server-name has been set in overrides, use that value.
+		// if the --server has been set in overrides, then use the value of --tls-server-name specified on the CLI too.  This gives the property
+		// that setting a --server will effectively clear the KUBECONFIG value of tls-server-name if it is specified on the command line which is
+		// usually correct.
+		if config.overrides.ClusterInfo.TLSServerName != "" || config.overrides.ClusterInfo.Server != "" {
+			mergedClusterInfo.TLSServerName = config.overrides.ClusterInfo.TLSServerName
+		}
 	}

 	return *mergedClusterInfo, nil