Cluster Autoscaler 1.3: cherry-picks of #1641, #1703 and #1708

cluster-autoscaler/_override/github.com/Azure/go-autorest/autorest/BUILD

@@ -0,0 +1,48 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "authorization.go",
+        "autorest.go",
+        "client.go",
+        "error.go",
+        "preparer.go",
+        "responder.go",
+        "retriablerequest.go",
+        "retriablerequest_1.7.go",
+        "retriablerequest_1.8.go",
+        "sender.go",
+        "utility.go",
+        "version.go",
+    ],
+    importmap = "k8s.io/kubernetes/vendor/github.com/Azure/go-autorest/autorest",
+    importpath = "github.com/Azure/go-autorest/autorest",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//vendor/github.com/Azure/go-autorest/autorest/adal:go_default_library",
+        "//vendor/github.com/Azure/go-autorest/logger:go_default_library",
+        "//vendor/github.com/Azure/go-autorest/version:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [
+        ":package-srcs",
+        "//vendor/github.com/Azure/go-autorest/autorest/adal:all-srcs",
+        "//vendor/github.com/Azure/go-autorest/autorest/azure:all-srcs",
+        "//vendor/github.com/Azure/go-autorest/autorest/date:all-srcs",
+        "//vendor/github.com/Azure/go-autorest/autorest/to:all-srcs",
+        "//vendor/github.com/Azure/go-autorest/autorest/validation:all-srcs",
+    ],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)

cluster-autoscaler/_override/github.com/Azure/go-autorest/autorest/adal/BUILD

@@ -0,0 +1,34 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "config.go",
+        "devicetoken.go",
+        "persist.go",
+        "sender.go",
+        "token.go",
+    ],
+    importmap = "k8s.io/kubernetes/vendor/github.com/Azure/go-autorest/autorest/adal",
+    importpath = "github.com/Azure/go-autorest/autorest/adal",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//vendor/github.com/Azure/go-autorest/autorest/date:go_default_library",
+        "//vendor/github.com/Azure/go-autorest/version:go_default_library",
+        "//vendor/github.com/dgrijalva/jwt-go:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)

cluster-autoscaler/_override/github.com/Azure/go-autorest/autorest/adal/config.go

@@ -19,10 +19,6 @@ import (
 	"net/url"
 )
 
-const (
-	activeDirectoryAPIVersion = "1.0"
-)
-
 // OAuthConfig represents the endpoints needed
 // in OAuth operations
 type OAuthConfig struct {
@@ -46,11 +42,25 @@ func validateStringParam(param, name string) error {
 
 // NewOAuthConfig returns an OAuthConfig with tenant specific urls
 func NewOAuthConfig(activeDirectoryEndpoint, tenantID string) (*OAuthConfig, error) {
+	apiVer := "1.0"
+	return NewOAuthConfigWithAPIVersion(activeDirectoryEndpoint, tenantID, &apiVer)
+}
+
+// NewOAuthConfigWithAPIVersion returns an OAuthConfig with tenant specific urls.
+// If apiVersion is not nil the "api-version" query parameter will be appended to the endpoint URLs with the specified value.
+func NewOAuthConfigWithAPIVersion(activeDirectoryEndpoint, tenantID string, apiVersion *string) (*OAuthConfig, error) {
 	if err := validateStringParam(activeDirectoryEndpoint, "activeDirectoryEndpoint"); err != nil {
 		return nil, err
 	}
+	api := ""
 	// it's legal for tenantID to be empty so don't validate it
-	const activeDirectoryEndpointTemplate = "%s/oauth2/%s?api-version=%s"
+	if apiVersion != nil {
+		if err := validateStringParam(*apiVersion, "apiVersion"); err != nil {
+			return nil, err
+		}
+		api = fmt.Sprintf("?api-version=%s", *apiVersion)
+	}
+	const activeDirectoryEndpointTemplate = "%s/oauth2/%s%s"
 	u, err := url.Parse(activeDirectoryEndpoint)
 	if err != nil {
 		return nil, err
@@ -59,15 +69,15 @@ func NewOAuthConfig(activeDirectoryEndpoint, tenantID string) (*OAuthConfig, err
 	if err != nil {
 		return nil, err
 	}
-	authorizeURL, err := u.Parse(fmt.Sprintf(activeDirectoryEndpointTemplate, tenantID, "authorize", activeDirectoryAPIVersion))
+	authorizeURL, err := u.Parse(fmt.Sprintf(activeDirectoryEndpointTemplate, tenantID, "authorize", api))
 	if err != nil {
 		return nil, err
 	}
-	tokenURL, err := u.Parse(fmt.Sprintf(activeDirectoryEndpointTemplate, tenantID, "token", activeDirectoryAPIVersion))
+	tokenURL, err := u.Parse(fmt.Sprintf(activeDirectoryEndpointTemplate, tenantID, "token", api))
 	if err != nil {
 		return nil, err
 	}
-	deviceCodeURL, err := u.Parse(fmt.Sprintf(activeDirectoryEndpointTemplate, tenantID, "devicecode", activeDirectoryAPIVersion))
+	deviceCodeURL, err := u.Parse(fmt.Sprintf(activeDirectoryEndpointTemplate, tenantID, "devicecode", api))
 	if err != nil {
 		return nil, err
 	}

cluster-autoscaler/_override/github.com/Azure/go-autorest/autorest/adal/sender.go

@@ -38,7 +38,7 @@ func (sf SenderFunc) Do(r *http.Request) (*http.Response, error) {
 	return sf(r)
 }
 
-// SendDecorator takes and possibility decorates, by wrapping, a Sender. Decorators may affect the
+// SendDecorator takes and possibly decorates, by wrapping, a Sender. Decorators may affect the
 // http.Request and pass it along or, first, pass the http.Request along then react to the
 // http.Response result.
 type SendDecorator func(Sender) Sender

cluster-autoscaler/_override/github.com/Azure/go-autorest/autorest/adal/token.go

@@ -29,12 +29,12 @@ import (
 	"net"
 	"net/http"
 	"net/url"
-	"strconv"
 	"strings"
 	"sync"
 	"time"
 
 	"github.com/Azure/go-autorest/autorest/date"
+	"github.com/Azure/go-autorest/version"
 	"github.com/dgrijalva/jwt-go"
 )
 
@@ -96,31 +96,40 @@ type RefresherWithContext interface {
 type TokenRefreshCallback func(Token) error
 
 // Token encapsulates the access token used to authorize Azure requests.
+// https://docs.microsoft.com/en-us/azure/active-directory/develop/v1-oauth2-client-creds-grant-flow#service-to-service-access-token-response
 type Token struct {
 	AccessToken  string `json:"access_token"`
 	RefreshToken string `json:"refresh_token"`
 
-	ExpiresIn string `json:"expires_in"`
-	ExpiresOn string `json:"expires_on"`
-	NotBefore string `json:"not_before"`
+	ExpiresIn json.Number `json:"expires_in"`
+	ExpiresOn json.Number `json:"expires_on"`
+	NotBefore json.Number `json:"not_before"`
 
 	Resource string `json:"resource"`
 	Type     string `json:"token_type"`
 }
 
+func newToken() Token {
+	return Token{
+		ExpiresIn: "0",
+		ExpiresOn: "0",
+		NotBefore: "0",
+	}
+}
+
 // IsZero returns true if the token object is zero-initialized.
 func (t Token) IsZero() bool {
 	return t == Token{}
 }
 
 // Expires returns the time.Time when the Token expires.
 func (t Token) Expires() time.Time {
-	s, err := strconv.Atoi(t.ExpiresOn)
+	s, err := t.ExpiresOn.Float64()
 	if err != nil {
 		s = -3600
 	}
 
-	expiration := date.NewUnixTimeFromSeconds(float64(s))
+	expiration := date.NewUnixTimeFromSeconds(s)
 
 	return time.Time(expiration).UTC()
 }
@@ -217,6 +226,8 @@ func (secret *ServicePrincipalCertificateSecret) SignJwt(spt *ServicePrincipalTo
 
 	token := jwt.New(jwt.SigningMethodRS256)
 	token.Header["x5t"] = thumbprint
+	x5c := []string{base64.StdEncoding.EncodeToString(secret.Certificate.Raw)}
+	token.Header["x5c"] = x5c
 	token.Claims = jwt.MapClaims{
 		"aud": spt.inner.OauthConfig.TokenEndpoint.String(),
 		"iss": spt.inner.ClientID,
@@ -413,6 +424,7 @@ func NewServicePrincipalTokenWithSecret(oauthConfig OAuthConfig, id string, reso
 	}
 	spt := &ServicePrincipalToken{
 		inner: servicePrincipalToken{
+			Token:         newToken(),
 			OauthConfig:   oauthConfig,
 			Secret:        secret,
 			ClientID:      id,
@@ -652,6 +664,7 @@ func newServicePrincipalTokenFromMSI(msiEndpoint, resource string, userAssignedI
 
 	spt := &ServicePrincipalToken{
 		inner: servicePrincipalToken{
+			Token: newToken(),
 			OauthConfig: OAuthConfig{
 				TokenEndpoint: *msiEndpointURL,
 			},
@@ -778,6 +791,7 @@ func (spt *ServicePrincipalToken) refreshInternal(ctx context.Context, resource
 	if err != nil {
 		return fmt.Errorf("adal: Failed to build the refresh request. Error = '%v'", err)
 	}
+	req.Header.Add("User-Agent", version.UserAgent())
 	req = req.WithContext(ctx)
 	if !isIMDS(spt.inner.OauthConfig.TokenEndpoint) {
 		v := url.Values{}

cluster-autoscaler/_override/github.com/Azure/go-autorest/autorest/azure/BUILD

@@ -0,0 +1,30 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "async.go",
+        "azure.go",
+        "environments.go",
+        "metadata_environment.go",
+        "rp.go",
+    ],
+    importmap = "k8s.io/kubernetes/vendor/github.com/Azure/go-autorest/autorest/azure",
+    importpath = "github.com/Azure/go-autorest/autorest/azure",
+    visibility = ["//visibility:public"],
+    deps = ["//vendor/github.com/Azure/go-autorest/autorest:go_default_library"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)