This change makes it so that errors during watch decoding panic the
server if it is in a test environment. This allows us to catch coder
errors related to storing incompatible types at the same location in
etcd.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: a13f026fd012859f04467e6007e2cafe4a788927
All registry.Store objects already set a non-nil DeleteStrategy.
This change ensures that all future objects do so as well.
Signed-off-by: Monis Khan <mkhan@redhat.com>
Kubernetes-commit: 08fcd79e1f4b9d3efe0a20ea4ce4fdf5ffea0531
Subresources are very often completely different code paths and errors
generated on those code paths are important to distinguish.
Kubernetes-commit: ad431c454c1306fdcc2134a3626444984d350f46
The underlying storage has always returned the old object on watch
delete events when filtering. The cache watcher does not, which means a
downsteam caller gets different behavior.
This fixes the cache watcher to be consistent with our long term
behavior for watch. It may result in a behavior change (the filter
becomes more precise) but this was a regression in behavior.
Kubernetes-commit: e9e69356e4907fa4d0f45ea7e7768357ba71aba9
Tweak the ValueTransformer interface slightly to support additional
context information (to allow authenticated data to be generated by the
store and passed to the transformer). Add a prefix transformer that
looks for known matching prefixes and uses them. Add an AES GCM
transformer that performs AEAD on the values coming in and out of the
store.
Kubernetes-commit: f418468c87d3071c5d9ed14ce850996c77251080
ApplyTo adds the admission chain to the server configuration the method lazily initializes a generic plugin
that is appended to the list of pluginInitializers.
apiserver.Config will hold an instance of SharedInformerFactory to ensure we only have once instance.
The field will be initialized in apisever.SecureServingOptions
Kubernetes-commit: 8cea69aa9812d6627ebdfa4f8b9c1d7624a8f3f5
change import of client-go/api/helper to kubernetes/api/helper
remove unnecessary use of client-go/api.registry
change use of client-go/pkg/util to kubernetes/pkg/util
remove dependency on client-go/pkg/apis/extensions
remove unnecessary invocation of k8s.io/client-go/extension/intsall
change use of k8s.io/client-go/pkg/apis/authentication to v1
Kubernetes-commit: c354076aa41e3cf417b291d5f0eff2b70395ac30
Simple XSS scans might fetch /<script>alert('vulnerable')</script>, and
fail when the response body includes the script tag verbatim, despite
the headers directing the browser to interpret the response as text.
This isn't a real vulnerability, but it's easier to fix this here than
it is to fix the scanners.
Kubernetes-commit: dd4bb1213d8447632fa651195980cbfae2546fb3
deads2k