update dependencies

Signed-off-by: hongming <talonwan@yunify.com>
2020-12-22 16:48:26 +08:00
parent 4a11a50544
commit fe6c5de00f
2857 changed files with 252134 additions and 115656 deletions
--- a/vendor/istio.io/client-go/pkg/apis/security/v1beta1/doc.gen.go
+++ b/vendor/istio.io/client-go/pkg/apis/security/v1beta1/doc.gen.go
@@ -1,6 +0,0 @@
-// Code generated by kubetype-gen. DO NOT EDIT.
-
-// Package has auto-generated kube type wrappers for raw types.
-// +k8s:openapi-gen=true
-// +k8s:deepcopy-gen=package
-package v1beta1
--- a/vendor/istio.io/client-go/pkg/apis/security/v1beta1/doc.go
+++ b/vendor/istio.io/client-go/pkg/apis/security/v1beta1/doc.go
@@ -0,0 +1,21 @@
+// Copyright Istio Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Code generated by kubetype-gen. DO NOT EDIT.
+
+// Package has auto-generated kube type wrappers for raw types.
+// +k8s:openapi-gen=true
+// +k8s:deepcopy-gen=package
+// +groupName=security.istio.io
+package v1beta1
--- a/vendor/istio.io/client-go/pkg/apis/security/v1beta1/register.gen.go
+++ b/vendor/istio.io/client-go/pkg/apis/security/v1beta1/register.gen.go
@@ -1,3 +1,17 @@
+// Copyright Istio Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 // Code generated by kubetype-gen. DO NOT EDIT.

 package v1beta1
@@ -29,6 +43,10 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 	scheme.AddKnownTypes(SchemeGroupVersion,
 		&AuthorizationPolicy{},
 		&AuthorizationPolicyList{},
+		&PeerAuthentication{},
+		&PeerAuthenticationList{},
+		&RequestAuthentication{},
+		&RequestAuthenticationList{},
 	)
 	v1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil
--- a/vendor/istio.io/client-go/pkg/apis/security/v1beta1/types.gen.go
+++ b/vendor/istio.io/client-go/pkg/apis/security/v1beta1/types.gen.go
@@ -1,3 +1,17 @@
+// Copyright Istio Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 // Code generated by kubetype-gen. DO NOT EDIT.

 package v1beta1
@@ -7,7 +21,7 @@ import (
 	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )

-// please upgrade the proto package
+//
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

 // AuthorizationPolicy enables access control on workloads.
@@ -22,6 +36,7 @@ import (
 //  name: deny-all
 //  namespace: foo
 // spec:
+//   {}
 // ```
 //
 // The following authorization policy allows all requests to workloads in namespace
@@ -38,6 +53,18 @@ import (
 //  - {}
 // ```
 //
+// <!-- crd generation tags
+// +cue-gen:AuthorizationPolicy:groupName:security.istio.io
+// +cue-gen:AuthorizationPolicy:version:v1beta1
+// +cue-gen:AuthorizationPolicy:storageVersion
+// +cue-gen:AuthorizationPolicy:annotations:helm.sh/resource-policy=keep
+// +cue-gen:AuthorizationPolicy:labels:app=istio-pilot,chart=istio,istio=security,heritage=Tiller,release=istio
+// +cue-gen:AuthorizationPolicy:subresource:status
+// +cue-gen:AuthorizationPolicy:scope:Namespaced
+// +cue-gen:AuthorizationPolicy:resource:categories=istio-io,security-istio-io,plural=authorizationpolicies
+// +cue-gen:AuthorizationPolicy:preserveUnknownFields:false
+// -->
+//
 // <!-- go code generation tags
 // +kubetype-gen
 // +kubetype-gen:groupVersion=security.istio.io/v1beta1
@@ -63,3 +90,264 @@ type AuthorizationPolicyList struct {
 	v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
 	Items       []AuthorizationPolicy `json:"items" protobuf:"bytes,2,rep,name=items"`
 }
+
+//
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// PeerAuthentication defines how traffic will be tunneled (or not) to the sidecar.
+//
+// Examples:
+//
+// Policy to allow mTLS traffic for all workloads under namespace `foo`:
+// ```yaml
+// apiVersion: security.istio.io/v1beta1
+// kind: PeerAuthentication
+// metadata:
+//   name: default
+//   namespace: foo
+// spec:
+//   mtls:
+//     mode: STRICT
+// ```
+// For mesh level, put the policy in root-namespace according to your Istio installation.
+//
+// Policies to allow both mTLS & plaintext traffic for all workloads under namespace `foo`, but
+// require mTLS for workload `finance`.
+// ```yaml
+// apiVersion: security.istio.io/v1beta1
+// kind: PeerAuthentication
+// metadata:
+//   name: default
+//   namespace: foo
+// spec:
+//   mtls:
+//     mode: PERMISSIVE
+// ---
+// apiVersion: security.istio.io/v1beta1
+// kind: PeerAuthentication
+// metadata:
+//   name: default
+//   namespace: foo
+// spec:
+//   selector:
+//     matchLabels:
+//       app: finance
+//   mtls:
+//     mode: STRICT
+// ```
+// Policy to allow mTLS strict for all workloads, but leave port 8080 to
+// plaintext:
+// ```yaml
+// apiVersion: security.istio.io/v1beta1
+// kind: PeerAuthentication
+// metadata:
+//   name: default
+//   namespace: foo
+// spec:
+//   selector:
+//     matchLabels:
+//       app: finance
+//   mtls:
+//     mode: STRICT
+//   portLevelMtls:
+//     8080:
+//       mode: DISABLE
+// ```
+// Policy to inherite mTLS mode from namespace (or mesh) settings, and overwrite
+// settings for port 8080
+// ```yaml
+// apiVersion: security.istio.io/v1beta1
+// kind: PeerAuthentication
+// metadata:
+//   name: default
+//   namespace: foo
+// spec:
+//   selector:
+//     matchLabels:
+//       app: finance
+//   mtls:
+//     mode: UNSET
+//   portLevelMtls:
+//     8080:
+//       mode: DISABLE
+// ```
+//
+// <!-- crd generation tags
+// +cue-gen:PeerAuthentication:groupName:security.istio.io
+// +cue-gen:PeerAuthentication:version:v1beta1
+// +cue-gen:PeerAuthentication:storageVersion
+// +cue-gen:PeerAuthentication:annotations:helm.sh/resource-policy=keep
+// +cue-gen:PeerAuthentication:labels:app=istio-pilot,chart=istio,istio=security,heritage=Tiller,release=istio
+// +cue-gen:PeerAuthentication:subresource:status
+// +cue-gen:PeerAuthentication:scope:Namespaced
+// +cue-gen:PeerAuthentication:resource:categories=istio-io,security-istio-io,shortNames=pa
+// +cue-gen:PeerAuthentication:preserveUnknownFields:false
+// -->
+//
+// <!-- go code generation tags
+// +kubetype-gen
+// +kubetype-gen:groupVersion=security.istio.io/v1beta1
+// +genclient
+// +k8s:deepcopy-gen=true
+// -->
+type PeerAuthentication struct {
+	v1.TypeMeta `json:",inline"`
+	// +optional
+	v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
+	// Spec defines the implementation of this definition.
+	// +optional
+	Spec securityv1beta1.PeerAuthentication `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// PeerAuthenticationList is a collection of PeerAuthentications.
+type PeerAuthenticationList struct {
+	v1.TypeMeta `json:",inline"`
+	// +optional
+	v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	Items       []PeerAuthentication `json:"items" protobuf:"bytes,2,rep,name=items"`
+}
+
+// please upgrade the proto package
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// RequestAuthentication defines what request authentication methods are supported by a workload.
+// If will reject a request if the request contains invalid authentication information, based on the
+// configured authentication rules. A request that does not contain any authentication credentials
+// will be accepted but will not have any authenticated identity. To restrict access to authenticated
+// requests only, this should be accompanied by an authorization rule.
+// Examples:
+//
+// - Require JWT for all request for workloads that have label `app:httpbin`
+//
+// ```yaml
+// apiVersion: security.istio.io/v1beta1
+// kind: RequestAuthentication
+// metadata:
+//   name: httpbin
+//   namespace: foo
+// spec:
+//   selector:
+//     matchLabels:
+//       app: httpbin
+//   jwtRules:
+//   - issuer: "issuer-foo"
+//     jwksUri: https://example.com/.well-known/jwks.json
+// ---
+// apiVersion: security.istio.io/v1beta1
+// kind: AuthorizationPolicy
+// metadata:
+//   name: httpbin
+//   namespace: foo
+// spec:
+//   selector:
+//     matchLabels:
+//       app: httpbin
+//   rules:
+//   - from:
+//     - source:
+//         requestPrincipals: ["*"]
+// ```
+//
+// - The next example shows how to set a different JWT requirement for a different `host`. The `RequestAuthentication`
+// declares it can accpet JWTs issuer by either `issuer-foo` or `issuer-bar` (the public key set is implicitly
+// set from the OpenID Connect spec).
+//
+// ```yaml
+// apiVersion: security.istio.io/v1beta1
+// kind: RequestAuthentication
+// metadata:
+//   name: httpbin
+//   namespace: foo
+// spec:
+//   selector:
+//     matchLabels:
+//       app: httpbin
+//   jwtRules:
+//   - issuer: "issuer-foo"
+//   - issuer: "issuer-bar"
+// ---
+// apiVersion: security.istio.io/v1beta1
+// kind: AuthorizationPolicy
+// metadata:
+//   name: httpbin
+//   namespace: foo
+// spec:
+//   selector:
+//     matchLabels:
+//       app: httpbin
+//  rules:
+//  - from:
+//    - source:
+//        requestPrincipals: ["issuer-foo/*"]
+//    to:
+//      hosts: ["example.com"]
+//  - from:
+//    - source:
+//        requestPrincipals: ["issuer-bar/*"]
+//    to:
+//      hosts: ["another-host.com"]
+// ```
+//
+// - You can fine tune the authorization policy to set different requirement per path. For example,
+// to require JWT on all paths, except /healthz, the same `RequestAuthentication` can be used, but the
+// authorization policy could be:
+//
+// ```yaml
+// apiVersion: security.istio.io/v1beta1
+// kind: AuthorizationPolicy
+// metadata:
+//   name: httpbin
+//   namespace: foo
+// spec:
+//   selector:
+//     matchLabels:
+//       app: httpbin
+//  rules:
+//  - from:
+//    - source:
+//        requestPrincipals: ["*"]
+//  - to:
+//    - operation:
+//        paths: ["/healthz]
+// ```
+//
+// <!-- crd generation tags
+// +cue-gen:RequestAuthentication:groupName:security.istio.io
+// +cue-gen:RequestAuthentication:version:v1beta1
+// +cue-gen:RequestAuthentication:storageVersion
+// +cue-gen:RequestAuthentication:annotations:helm.sh/resource-policy=keep
+// +cue-gen:RequestAuthentication:labels:app=istio-pilot,chart=istio,istio=security,heritage=Tiller,release=istio
+// +cue-gen:RequestAuthentication:subresource:status
+// +cue-gen:RequestAuthentication:scope:Namespaced
+// +cue-gen:RequestAuthentication:resource:categories=istio-io,security-istio-io,shortNames=ra
+// +cue-gen:RequestAuthentication:preserveUnknownFields:false
+// -->
+//
+// <!-- go code generation tags
+// +kubetype-gen
+// +kubetype-gen:groupVersion=security.istio.io/v1beta1
+// +genclient
+// +k8s:deepcopy-gen=true
+// -->
+type RequestAuthentication struct {
+	v1.TypeMeta `json:",inline"`
+	// +optional
+	v1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+
+	// Spec defines the implementation of this definition.
+	// +optional
+	Spec securityv1beta1.RequestAuthentication `json:"spec,omitempty" protobuf:"bytes,2,opt,name=spec"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// RequestAuthenticationList is a collection of RequestAuthentications.
+type RequestAuthenticationList struct {
+	v1.TypeMeta `json:",inline"`
+	// +optional
+	v1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`
+	Items       []RequestAuthentication `json:"items" protobuf:"bytes,2,rep,name=items"`
+}
--- a/vendor/istio.io/client-go/pkg/apis/security/v1beta1/zz_generated.deepcopy.gen.go
+++ b/vendor/istio.io/client-go/pkg/apis/security/v1beta1/zz_generated.deepcopy.gen.go
@@ -1,5 +1,19 @@
 // +build !ignore_autogenerated

+// Copyright Istio Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
 // Code generated by deepcopy-gen. DO NOT EDIT.

 package v1beta1
@@ -67,3 +81,123 @@ func (in *AuthorizationPolicyList) DeepCopyObject() runtime.Object {
 	}
 	return nil
 }
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PeerAuthentication) DeepCopyInto(out *PeerAuthentication) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication.
+func (in *PeerAuthentication) DeepCopy() *PeerAuthentication {
+	if in == nil {
+		return nil
+	}
+	out := new(PeerAuthentication)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PeerAuthentication) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *PeerAuthenticationList) DeepCopyInto(out *PeerAuthenticationList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]PeerAuthentication, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthenticationList.
+func (in *PeerAuthenticationList) DeepCopy() *PeerAuthenticationList {
+	if in == nil {
+		return nil
+	}
+	out := new(PeerAuthenticationList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *PeerAuthenticationList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RequestAuthentication) DeepCopyInto(out *RequestAuthentication) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ObjectMeta.DeepCopyInto(&out.ObjectMeta)
+	in.Spec.DeepCopyInto(&out.Spec)
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestAuthentication.
+func (in *RequestAuthentication) DeepCopy() *RequestAuthentication {
+	if in == nil {
+		return nil
+	}
+	out := new(RequestAuthentication)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *RequestAuthentication) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}
+
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *RequestAuthenticationList) DeepCopyInto(out *RequestAuthenticationList) {
+	*out = *in
+	out.TypeMeta = in.TypeMeta
+	in.ListMeta.DeepCopyInto(&out.ListMeta)
+	if in.Items != nil {
+		in, out := &in.Items, &out.Items
+		*out = make([]RequestAuthentication, len(*in))
+		for i := range *in {
+			(*in)[i].DeepCopyInto(&(*out)[i])
+		}
+	}
+	return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestAuthenticationList.
+func (in *RequestAuthenticationList) DeepCopy() *RequestAuthenticationList {
+	if in == nil {
+		return nil
+	}
+	out := new(RequestAuthenticationList)
+	in.DeepCopyInto(out)
+	return out
+}
+
+// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
+func (in *RequestAuthenticationList) DeepCopyObject() runtime.Object {
+	if c := in.DeepCopy(); c != nil {
+		return c
+	}
+	return nil
+}