gomod: change projectcalico/calico to kubesphere/calico (#5557)

* chore(calico): update calico to 3.25.0

* chore(calico): replace projectcalico/calico to kubesphere/calico

Signed-off-by: root <renyunkang@kubesphere.io>

---------

Signed-off-by: root <renyunkang@kubesphere.io>

vendor/github.com/projectcalico/calico/kube-controllers/pkg/converter/converter.go

@@ -0,0 +1,28 @@
+// Copyright (c) 2017 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package converter
+
+// Converter Responsible for conversion of given kubernetes object to equivalent calico object
+type Converter interface {
+	// Converts kubernetes object to calico representation of it.
+	Convert(k8sObj interface{}) (interface{}, error)
+
+	// Returns appropriate key for the object
+	GetKey(obj interface{}) string
+
+	// DeleteArgsFromKey returns name and namespace of the object to pass to Delete
+	// for the given key as generated by GetKey.
+	DeleteArgsFromKey(key string) (string, string)
+}

vendor/github.com/projectcalico/calico/kube-controllers/pkg/converter/namespace_converter.go

@@ -0,0 +1,73 @@
+// Copyright (c) 2017-2021 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package converter
+
+import (
+	"fmt"
+
+	api "github.com/projectcalico/api/pkg/apis/projectcalico/v3"
+
+	"github.com/projectcalico/calico/libcalico-go/lib/backend/k8s/conversion"
+
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/tools/cache"
+)
+
+type namespaceConverter struct {
+}
+
+// NewNamespaceConverter Constructor for namespaceConverter
+func NewNamespaceConverter() Converter {
+	return &namespaceConverter{}
+}
+func (nc *namespaceConverter) Convert(k8sObj interface{}) (interface{}, error) {
+	c := conversion.NewConverter()
+	namespace, ok := k8sObj.(*v1.Namespace)
+	if !ok {
+		tombstone, ok := k8sObj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			return nil, fmt.Errorf("couldn't get object from tombstone %+v", k8sObj)
+		}
+		namespace, ok = tombstone.Obj.(*v1.Namespace)
+		if !ok {
+			return nil, fmt.Errorf("tombstone contained object that is not a Namespace %+v", k8sObj)
+		}
+	}
+	kvp, err := c.NamespaceToProfile(namespace)
+	if err != nil {
+		return nil, err
+	}
+	profile := kvp.Value.(*api.Profile)
+
+	// Isolate the metadata fields that we care about. ResourceVersion, CreationTimeStamp, etc are
+	// not relevant so we ignore them. This prevents unnecessary updates.
+	profile.ObjectMeta = metav1.ObjectMeta{Name: profile.Name}
+
+	return *profile, nil
+}
+
+// GetKey returns name of the Profile as its key.  For Profiles
+// backed by Kubernetes namespaces and managed by this controller, the name
+// is of format `kns.name`.
+func (nc *namespaceConverter) GetKey(obj interface{}) string {
+	profile := obj.(api.Profile)
+	return profile.Name
+}
+
+func (p *namespaceConverter) DeleteArgsFromKey(key string) (string, string) {
+	// Not namespaced, so just return the key, which is the profile name.
+	return "", key
+}

vendor/github.com/projectcalico/calico/kube-controllers/pkg/converter/networkpolicy_converter.go

@@ -0,0 +1,82 @@
+// Copyright (c) 2017-2021 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package converter
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	api "github.com/projectcalico/api/pkg/apis/projectcalico/v3"
+
+	"github.com/projectcalico/calico/libcalico-go/lib/backend/k8s/conversion"
+	cerrors "github.com/projectcalico/calico/libcalico-go/lib/errors"
+
+	networkingv1 "k8s.io/api/networking/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/tools/cache"
+)
+
+type policyConverter struct {
+}
+
+// NewPolicyConverter Constructor for policyConverter
+func NewPolicyConverter() Converter {
+	return &policyConverter{}
+}
+
+// Convert takes a Kubernetes NetworkPolicy and returns a Calico api.NetworkPolicy representation.
+func (p *policyConverter) Convert(k8sObj interface{}) (interface{}, error) {
+	np, ok := k8sObj.(*networkingv1.NetworkPolicy)
+
+	if !ok {
+		tombstone, ok := k8sObj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			return nil, fmt.Errorf("couldn't get object from tombstone %+v", k8sObj)
+		}
+		np, ok = tombstone.Obj.(*networkingv1.NetworkPolicy)
+		if !ok {
+			return nil, fmt.Errorf("tombstone contained object that is not a NetworkPolicy %+v", k8sObj)
+		}
+	}
+
+	c := conversion.NewConverter()
+	kvp, err := c.K8sNetworkPolicyToCalico(np)
+	// Silently ignore rule conversion errors. We don't expect any conversion errors
+	// since the data given to us here is validated by the Kubernetes API. The conversion
+	// code ignores any rules that it cannot parse, and we will pass the valid ones to Felix.
+	var e *cerrors.ErrorPolicyConversion
+	if err != nil && !errors.As(err, &e) {
+		return nil, err
+	}
+	cnp := kvp.Value.(*api.NetworkPolicy)
+
+	// Isolate the metadata fields that we care about. ResourceVersion, CreationTimeStamp, etc are
+	// not relevant so we ignore them. This prevents unnecessary updates.
+	cnp.ObjectMeta = metav1.ObjectMeta{Name: cnp.Name, Namespace: cnp.Namespace}
+
+	return *cnp, err
+}
+
+// GetKey returns the 'namespace/name' for the given Calico NetworkPolicy as its key.
+func (p *policyConverter) GetKey(obj interface{}) string {
+	policy := obj.(api.NetworkPolicy)
+	return fmt.Sprintf("%s/%s", policy.Namespace, policy.Name)
+}
+
+func (p *policyConverter) DeleteArgsFromKey(key string) (string, string) {
+	splits := strings.SplitN(key, "/", 2)
+	return splits[0], splits[1]
+}

vendor/github.com/projectcalico/calico/kube-controllers/pkg/converter/pod_converter.go

@@ -0,0 +1,146 @@
+// Copyright (c) 2017-2020 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package converter
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/projectcalico/calico/libcalico-go/lib/backend/model"
+
+	log "github.com/sirupsen/logrus"
+
+	api "github.com/projectcalico/calico/libcalico-go/lib/apis/v3"
+	"github.com/projectcalico/calico/libcalico-go/lib/backend/k8s/conversion"
+
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/cache"
+)
+
+// WorkloadEndpointData is an internal struct used to store the various bits
+// of information that the policy controller cares about on a workload endpoint.
+type WorkloadEndpointData struct {
+	PodName        string
+	Namespace      string
+	Labels         map[string]string
+	ServiceAccount string
+}
+
+type PodConverter interface {
+	Convert(k8sObj interface{}) ([]WorkloadEndpointData, error)
+	GetKey(obj WorkloadEndpointData) string
+	DeleteArgsFromKey(key string) (string, string)
+}
+
+type podConverter struct{}
+
+// BuildWorkloadEndpointData generates the correct WorkloadEndpointData for the given
+// list of WorkloadEndpoints, extracting fields that the policy controller is responsible
+// for syncing.
+func BuildWorkloadEndpointData(weps ...api.WorkloadEndpoint) []WorkloadEndpointData {
+	var retWEPs []WorkloadEndpointData
+	for _, wep := range weps {
+		retWEPs = append(retWEPs, WorkloadEndpointData{
+			PodName:        wep.Spec.Pod,
+			Namespace:      wep.Namespace,
+			Labels:         wep.Labels,
+			ServiceAccount: wep.Spec.ServiceAccountName,
+		})
+	}
+
+	return retWEPs
+}
+
+// MergeWorkloadEndpointData applies the given WorkloadEndpointData to the provided
+// WorkloadEndpoint, updating relevant fields with new values.
+func MergeWorkloadEndpointData(wep *api.WorkloadEndpoint, upd WorkloadEndpointData) {
+	if wep.Spec.Pod != upd.PodName || wep.Namespace != upd.Namespace {
+		log.Fatalf("Bad attempt to merge data for %s/%s into wep %s/%s", upd.PodName, upd.Namespace, wep.Name, wep.Namespace)
+	}
+	wep.Labels = upd.Labels
+	wep.Spec.ServiceAccountName = upd.ServiceAccount
+}
+
+// NewPodConverter Constructor for podConverter
+func NewPodConverter() PodConverter {
+	return &podConverter{}
+}
+
+func (p *podConverter) Convert(k8sObj interface{}) ([]WorkloadEndpointData, error) {
+	// Convert Pod into a workload endpoint.
+	c := conversion.NewConverter()
+	pod, err := ExtractPodFromUpdate(k8sObj)
+	if err != nil {
+		return nil, err
+	}
+
+	// The conversion logic always requires a node, but we don't always have one. We don't actually
+	// care about the value used for the node in this controller, so just dummy it out if it doesn't exist.
+	if pod.Spec.NodeName == "" {
+		pod.Spec.NodeName = "unknown.node"
+	}
+
+	kvps, err := c.PodToWorkloadEndpoints(pod)
+	if err != nil {
+		return nil, err
+	}
+
+	// Build and return a WorkloadEndpointData struct using the data.
+	return BuildWorkloadEndpointData(kvpsToWEPs(kvps)...), nil
+}
+
+func kvpsToWEPs(kvps []*model.KVPair) []api.WorkloadEndpoint {
+	var weps []api.WorkloadEndpoint
+	for _, kvp := range kvps {
+		wep := kvp.Value.(*api.WorkloadEndpoint)
+		if wep != nil {
+			weps = append(weps, *wep)
+		}
+	}
+
+	return weps
+}
+
+// GetKey takes a WorkloadEndpointData and returns the key which
+// identifies it - namespace/name
+func (p *podConverter) GetKey(obj WorkloadEndpointData) string {
+	return fmt.Sprintf("%s/%s", obj.Namespace, obj.PodName)
+}
+
+func (p *podConverter) DeleteArgsFromKey(key string) (string, string) {
+	// We don't have enough information to generate the delete args from the key that's used
+	// for Pods / WorkloadEndpoints, so just panic. This should never be called but is necessary
+	// to satisfy the interface.
+	log.Panicf("DeleteArgsFromKey call for WorkloadEndpoints is not allowed")
+	return "", ""
+}
+
+// ExtractPodFromUpdate takes an update as received from the informer and returns the pod object, if present.
+// some updates (particularly deletes) can include tombstone placeholders rather than an exact pod object. This
+// function should be called in order to safely handles those cases.
+func ExtractPodFromUpdate(obj interface{}) (*v1.Pod, error) {
+	pod, ok := obj.(*v1.Pod)
+	if !ok {
+		tombstone, ok := obj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			return nil, errors.New("couldn't get object from tombstone")
+		}
+		pod, ok = tombstone.Obj.(*v1.Pod)
+		if !ok {
+			return nil, errors.New("tombstone contained object that is not a Pod")
+		}
+	}
+	return pod, nil
+}

vendor/github.com/projectcalico/calico/kube-controllers/pkg/converter/serviceaccount_converter.go

@@ -0,0 +1,74 @@
+// Copyright (c) 2018-2020 Tigera, Inc. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package converter
+
+import (
+	"fmt"
+
+	api "github.com/projectcalico/api/pkg/apis/projectcalico/v3"
+
+	"github.com/projectcalico/calico/libcalico-go/lib/backend/k8s/conversion"
+
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/tools/cache"
+)
+
+type serviceAccountConverter struct {
+}
+
+// NewServiceaccountConverter Constructor to convert ServiceAccount to Profile
+func NewServiceAccountConverter() Converter {
+	return &serviceAccountConverter{}
+}
+
+func (nc *serviceAccountConverter) Convert(k8sObj interface{}) (interface{}, error) {
+	c := conversion.NewConverter()
+	serviceAccount, ok := k8sObj.(*v1.ServiceAccount)
+	if !ok {
+		tombstone, ok := k8sObj.(cache.DeletedFinalStateUnknown)
+		if !ok {
+			return nil, fmt.Errorf("couldn't get object from tombstone %+v", k8sObj)
+		}
+		serviceAccount, ok = tombstone.Obj.(*v1.ServiceAccount)
+		if !ok {
+			return nil, fmt.Errorf("tombstone contained object that is not a Serviceaccount %+v", k8sObj)
+		}
+	}
+	kvp, err := c.ServiceAccountToProfile(serviceAccount)
+	if err != nil {
+		return nil, err
+	}
+	profile := kvp.Value.(*api.Profile)
+
+	// Isolate the metadata fields that we care about. ResourceVersion, CreationTimeStamp, etc are
+	// not relevant so we ignore them. This prevents unnecessary updates.
+	profile.ObjectMeta = metav1.ObjectMeta{Name: profile.Name}
+
+	return *profile, nil
+}
+
+// GetKey returns name of the Profile as its key.  For Profiles
+// backed by Kubernetes serviceaccounts and managed by this controller, the name
+// is of format `ksa.namespace.name`.
+func (nc *serviceAccountConverter) GetKey(obj interface{}) string {
+	profile := obj.(api.Profile)
+	return profile.Name
+}
+
+func (nc *serviceAccountConverter) DeleteArgsFromKey(key string) (string, string) {
+	// Not serviceaccount, so just return the key, which is the profile name.
+	return "", key
+}