diff --git a/go.mod b/go.mod index 0275e9aac..ca758ae00 100644 --- a/go.mod +++ b/go.mod @@ -11,6 +11,7 @@ require ( github.com/google/uuid v1.1.1 github.com/jteeuwen/go-bindata v3.0.8-0.20151023091102-a0ff2567cfb7+incompatible github.com/openshift/api v0.0.0-20201120165435-072a4cd8ca42 + github.com/openshift/apiserver-library-go v0.0.0-20201204115753-d48a1b462aa6 github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab github.com/openshift/client-go v0.0.0-20201120192246-6aaf557bace9 github.com/openshift/library-go v0.0.0-20201102091359-c4fa0f5b3a08 @@ -25,7 +26,6 @@ require ( k8s.io/client-go v0.19.2 k8s.io/code-generator v0.19.2 k8s.io/component-base v0.19.2 - k8s.io/klog/v2 v2.3.0 k8s.io/kube-aggregator v0.19.2 k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6 k8s.io/kubernetes v1.19.2 diff --git a/go.sum b/go.sum index c4efcffb9..998d9af0c 100644 --- a/go.sum +++ b/go.sum @@ -466,16 +466,20 @@ github.com/opencontainers/selinux v1.5.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwy github.com/openshift/api v0.0.0-20201019163320-c6a5ec25f267/go.mod h1:RDvBcRQMGLa3aNuDuejVBbTEQj/2i14NXdpOLqbNBvM= github.com/openshift/api v0.0.0-20201120165435-072a4cd8ca42 h1:meFswbseUxIkrfb2+g91gHbPwh+16Kj/8E1AiR1jv6A= github.com/openshift/api v0.0.0-20201120165435-072a4cd8ca42/go.mod h1:RDvBcRQMGLa3aNuDuejVBbTEQj/2i14NXdpOLqbNBvM= +github.com/openshift/apiserver-library-go v0.0.0-20201204115753-d48a1b462aa6 h1:FmkTaJKn0c6gKq8Ryn3KYjQG9lCHKfprC0bq+1fln/g= +github.com/openshift/apiserver-library-go v0.0.0-20201204115753-d48a1b462aa6/go.mod h1:fGp6VNAiZ3Uzcyxgj5CahXv/+BrxyaAhXXRWWffgxwc= github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab h1:lBrojddP6C9C2p67EMs2vcdpC8eF+H0DDom+fgI2IF0= github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20201020074620-f8fd44879f7c h1:NB9g4Y/aegId7fyNqYyGxEfyNOytYFT5dxWJtfOJFQs= github.com/openshift/client-go v0.0.0-20201020074620-f8fd44879f7c/go.mod h1:yZ3u8vgWC19I9gbDMRk8//9JwG/0Sth6v7C+m6R8HXs= +github.com/openshift/client-go v0.0.0-20201020082437-7737f16e53fc/go.mod h1:yZ3u8vgWC19I9gbDMRk8//9JwG/0Sth6v7C+m6R8HXs= github.com/openshift/client-go v0.0.0-20201120192246-6aaf557bace9 h1:jqa3ZnPt/jDKvKrkgNJfyDBChB8Qw3A2aXUSIzrgCXk= github.com/openshift/client-go v0.0.0-20201120192246-6aaf557bace9/go.mod h1:Zwzg4+Ye3sD5Df2SMB/XVU42TenqXLBF8T7F/wi7lGo= github.com/openshift/kubernetes-apiserver v0.0.0-20201118100029-304f639eba13 h1:vl8/Ex1dQNoWOc+YrHTeBfuD1Ap1sBGkmSIDu8mDXxA= github.com/openshift/kubernetes-apiserver v0.0.0-20201118100029-304f639eba13/go.mod h1:FreAq0bJ2vtZFj9Ago/X0oNGC51GfubKK/ViOKfVAOA= github.com/openshift/kubernetes-client-go v0.0.0-20201104094117-806c7d66cfea h1:MY3sLcj2kfsjN36hEs0736bcyNFdUAOQLHXNL9u3+bc= github.com/openshift/kubernetes-client-go v0.0.0-20201104094117-806c7d66cfea/go.mod h1:S5wPhCqyDNAlzM9CnEdgTGV4OqhsW3jGO1UM1epwfJA= +github.com/openshift/library-go v0.0.0-20201020083322-646ad9742a1e/go.mod h1:qbwvTwCy4btqEcqU3oI59CopNgcRgZUPXG4Y2jc+B4E= github.com/openshift/library-go v0.0.0-20201102091359-c4fa0f5b3a08 h1:Z+8t3ooTH2T+J/GoCZbgaOk5WqNZgPuHlUAKMfG1FEk= github.com/openshift/library-go v0.0.0-20201102091359-c4fa0f5b3a08/go.mod h1:1xYaYQcQsn+AyCRsvOU+Qn5z6GGiCmcblXkT/RZLVfo= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= @@ -607,6 +611,8 @@ go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= +go.uber.org/multierr v1.1.1-0.20180122172545-ddea229ff1df h1:ijDSp1iOMDAWixcZLxdmOBE0N7YTvtV4s2HWE3U1CoQ= +go.uber.org/multierr v1.1.1-0.20180122172545-ddea229ff1df/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= diff --git a/pkg/oauth/apis/oauth/validation/validation.go b/pkg/oauth/apis/oauth/validation/validation.go index 8e7a0d799..019cbabd3 100644 --- a/pkg/oauth/apis/oauth/validation/validation.go +++ b/pkg/oauth/apis/oauth/validation/validation.go @@ -13,10 +13,10 @@ import ( "k8s.io/apiserver/pkg/authentication/serviceaccount" routev1 "github.com/openshift/api/route/v1" + "github.com/openshift/apiserver-library-go/pkg/apivalidation" bootstrap "github.com/openshift/library-go/pkg/authentication/bootstrapauthenticator" scopemetadata "github.com/openshift/library-go/pkg/authorization/scopemetadata" oauthapi "github.com/openshift/oauth-apiserver/pkg/oauth/apis/oauth" - uservalidation "github.com/openshift/oauth-apiserver/pkg/user/apis/user/validation" ) const ( @@ -342,7 +342,7 @@ func ValidateUserNameField(value string, fldPath *field.Path) field.ErrorList { if value == bootstrap.BootstrapUser { return field.ErrorList{} } - if reasons := uservalidation.ValidateUserName(value, false); len(reasons) != 0 { + if reasons := apivalidation.ValidateUserName(value, false); len(reasons) != 0 { return field.ErrorList{field.Invalid(fldPath, value, strings.Join(reasons, ", "))} } return field.ErrorList{} diff --git a/pkg/user/apis/user/validation/validation.go b/pkg/user/apis/user/validation/validation.go index 226608673..8f6cab8c5 100644 --- a/pkg/user/apis/user/validation/validation.go +++ b/pkg/user/apis/user/validation/validation.go @@ -8,23 +8,10 @@ import ( "k8s.io/apimachinery/pkg/api/validation/path" "k8s.io/apimachinery/pkg/util/validation/field" + "github.com/openshift/apiserver-library-go/pkg/apivalidation" userapi "github.com/openshift/oauth-apiserver/pkg/user/apis/user" ) -func ValidateUserName(name string, _ bool) []string { - if reasons := path.ValidatePathSegmentName(name, false); len(reasons) != 0 { - return reasons - } - - if strings.Contains(name, ":") { - return []string{`may not contain ":"`} - } - if name == "~" { - return []string{`may not equal "~"`} - } - return nil -} - func ValidateIdentityName(name string, _ bool) []string { if reasons := path.ValidatePathSegmentName(name, false); len(reasons) != 0 { return reasons @@ -43,20 +30,6 @@ func ValidateIdentityName(name string, _ bool) []string { return nil } -func ValidateGroupName(name string, _ bool) []string { - if reasons := path.ValidatePathSegmentName(name, false); len(reasons) != 0 { - return reasons - } - - if strings.Contains(name, ":") { - return []string{`may not contain ":"`} - } - if name == "~" { - return []string{`may not equal "~"`} - } - return nil -} - // if you change this, update the peer in oauth admission validation. also, don't change this. func ValidateIdentityProviderName(name string) []string { if reasons := path.ValidatePathSegmentName(name, false); len(reasons) != 0 { @@ -71,11 +44,11 @@ func ValidateIdentityProviderName(name string) []string { func ValidateIdentityProviderUserName(name string) []string { // Any provider user name must be a valid user name - return ValidateUserName(name, false) + return apivalidation.ValidateUserName(name, false) } func ValidateGroup(group *userapi.Group) field.ErrorList { - allErrs := kvalidation.ValidateObjectMeta(&group.ObjectMeta, false, ValidateGroupName, field.NewPath("metadata")) + allErrs := kvalidation.ValidateObjectMeta(&group.ObjectMeta, false, apivalidation.ValidateGroupName, field.NewPath("metadata")) userPath := field.NewPath("user") for index, user := range group.Users { @@ -84,7 +57,7 @@ func ValidateGroup(group *userapi.Group) field.ErrorList { allErrs = append(allErrs, field.Invalid(idxPath, user, "may not be empty")) continue } - if reasons := ValidateUserName(user, false); len(reasons) != 0 { + if reasons := apivalidation.ValidateUserName(user, false); len(reasons) != 0 { allErrs = append(allErrs, field.Invalid(idxPath, user, strings.Join(reasons, ", "))) } } @@ -99,7 +72,7 @@ func ValidateGroupUpdate(group *userapi.Group, old *userapi.Group) field.ErrorLi } func ValidateUser(user *userapi.User) field.ErrorList { - allErrs := kvalidation.ValidateObjectMeta(&user.ObjectMeta, false, ValidateUserName, field.NewPath("metadata")) + allErrs := kvalidation.ValidateObjectMeta(&user.ObjectMeta, false, apivalidation.ValidateUserName, field.NewPath("metadata")) identitiesPath := field.NewPath("identities") for index, identity := range user.Identities { idxPath := identitiesPath.Index(index) @@ -145,7 +118,7 @@ func ValidateIdentity(identity *userapi.Identity) field.ErrorList { } userPath := field.NewPath("user") - if reasons := ValidateUserName(identity.User.Name, false); len(reasons) != 0 { + if reasons := apivalidation.ValidateUserName(identity.User.Name, false); len(reasons) != 0 { allErrs = append(allErrs, field.Invalid(userPath.Child("name"), identity.User.Name, strings.Join(reasons, ", "))) } if len(identity.User.Name) == 0 && len(identity.User.UID) != 0 { @@ -184,7 +157,7 @@ func ValidateUserIdentityMapping(mapping *userapi.UserIdentityMapping) field.Err if len(mapping.User.Name) == 0 { allErrs = append(allErrs, field.Required(field.NewPath("user", "name"), "")) - } else if reasons := ValidateUserName(mapping.User.Name, false); len(reasons) != 0 { + } else if reasons := apivalidation.ValidateUserName(mapping.User.Name, false); len(reasons) != 0 { allErrs = append(allErrs, field.Invalid(field.NewPath("user", "name"), mapping.User.Name, strings.Join(reasons, ", "))) } diff --git a/pkg/user/apiserver/registry/user/etcd/etcd.go b/pkg/user/apiserver/registry/user/etcd/etcd.go index 7f5e89273..cea3c7957 100644 --- a/pkg/user/apiserver/registry/user/etcd/etcd.go +++ b/pkg/user/apiserver/registry/user/etcd/etcd.go @@ -17,10 +17,10 @@ import ( "k8s.io/apiserver/pkg/registry/rest" usergroup "github.com/openshift/api/user" + "github.com/openshift/apiserver-library-go/pkg/apivalidation" "github.com/openshift/oauth-apiserver/pkg/printers" "github.com/openshift/oauth-apiserver/pkg/printerstorage" userapi "github.com/openshift/oauth-apiserver/pkg/user/apis/user" - "github.com/openshift/oauth-apiserver/pkg/user/apis/user/validation" "github.com/openshift/oauth-apiserver/pkg/user/apiserver/registry/user" userprinters "github.com/openshift/oauth-apiserver/pkg/user/printers/internalversion" ) @@ -68,7 +68,7 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) // build a virtual user object using the context data virtualUser := &userapi.User{ObjectMeta: metav1.ObjectMeta{Name: name, UID: types.UID(user.GetUID())}, Groups: contextGroups} - if reasons := validation.ValidateUserName(name, false); len(reasons) != 0 { + if reasons := apivalidation.ValidateUserName(name, false); len(reasons) != 0 { // The user the authentication layer has identified cannot be a valid persisted user // Return an API representation of the virtual user return virtualUser, nil @@ -101,7 +101,7 @@ func (r *REST) Get(ctx context.Context, name string, options *metav1.GetOptions) // do not bother looking up users that cannot be persisted // make sure we return a status error otherwise the API server will complain - if reasons := validation.ValidateUserName(name, false); len(reasons) != 0 { + if reasons := apivalidation.ValidateUserName(name, false); len(reasons) != 0 { err := field.Invalid(field.NewPath("metadata", "name"), name, strings.Join(reasons, ", ")) return nil, kerrs.NewInvalid(usergroup.Kind("User"), name, field.ErrorList{err}) } diff --git a/vendor/github.com/openshift/apiserver-library-go/LICENSE b/vendor/github.com/openshift/apiserver-library-go/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/vendor/github.com/openshift/apiserver-library-go/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/openshift/apiserver-library-go/pkg/apivalidation/uservalidation.go b/vendor/github.com/openshift/apiserver-library-go/pkg/apivalidation/uservalidation.go new file mode 100644 index 000000000..7cc75e20b --- /dev/null +++ b/vendor/github.com/openshift/apiserver-library-go/pkg/apivalidation/uservalidation.go @@ -0,0 +1,35 @@ +package apivalidation + +import ( + "strings" + + "k8s.io/apimachinery/pkg/api/validation/path" +) + +func ValidateUserName(name string, _ bool) []string { + if reasons := path.ValidatePathSegmentName(name, false); len(reasons) != 0 { + return reasons + } + + if strings.Contains(name, ":") { + return []string{`may not contain ":"`} + } + if name == "~" { + return []string{`may not equal "~"`} + } + return nil +} + +func ValidateGroupName(name string, _ bool) []string { + if reasons := path.ValidatePathSegmentName(name, false); len(reasons) != 0 { + return reasons + } + + if strings.Contains(name, ":") { + return []string{`may not contain ":"`} + } + if name == "~" { + return []string{`may not equal "~"`} + } + return nil +} diff --git a/vendor/go.uber.org/multierr/.travis.yml b/vendor/go.uber.org/multierr/.travis.yml index 5ffa8fed4..fc3936bef 100644 --- a/vendor/go.uber.org/multierr/.travis.yml +++ b/vendor/go.uber.org/multierr/.travis.yml @@ -9,7 +9,7 @@ env: go: - 1.7 - 1.8 - - tip + - 1.9 cache: directories: diff --git a/vendor/go.uber.org/multierr/error.go b/vendor/go.uber.org/multierr/error.go index de6ce4736..150fd95d9 100644 --- a/vendor/go.uber.org/multierr/error.go +++ b/vendor/go.uber.org/multierr/error.go @@ -33,7 +33,7 @@ // If only two errors are being combined, the Append function may be used // instead. // -// err = multierr.Combine(reader.Close(), writer.Close()) +// err = multierr.Append(reader.Close(), writer.Close()) // // This makes it possible to record resource cleanup failures from deferred // blocks with the help of named return values. diff --git a/vendor/modules.txt b/vendor/modules.txt index 161e36746..c032ece8d 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -155,6 +155,9 @@ github.com/openshift/api/project/v1 github.com/openshift/api/route/v1 github.com/openshift/api/user github.com/openshift/api/user/v1 +# github.com/openshift/apiserver-library-go v0.0.0-20201204115753-d48a1b462aa6 +## explicit +github.com/openshift/apiserver-library-go/pkg/apivalidation # github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab ## explicit github.com/openshift/build-machinery-go @@ -322,7 +325,7 @@ go.mongodb.org/mongo-driver/bson/primitive go.mongodb.org/mongo-driver/x/bsonx/bsoncore # go.uber.org/atomic v1.4.0 go.uber.org/atomic -# go.uber.org/multierr v1.1.0 +# go.uber.org/multierr v1.1.1-0.20180122172545-ddea229ff1df go.uber.org/multierr # go.uber.org/zap v1.10.0 go.uber.org/zap @@ -987,7 +990,6 @@ k8s.io/gengo/namer k8s.io/gengo/parser k8s.io/gengo/types # k8s.io/klog/v2 v2.3.0 -## explicit k8s.io/klog/v2 # k8s.io/kube-aggregator v0.19.2 => k8s.io/kube-aggregator v0.19.2 ## explicit