segregate internal oauth server

pkg/authorization/registry/clusterrole/proxy.go

@@ -9,9 +9,9 @@ import (
 	restclient "k8s.io/client-go/rest"
 	rbacinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion"
 
-	authclient "github.com/openshift/origin/pkg/auth/client"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
 	"github.com/openshift/origin/pkg/authorization/registry/util"
+	authclient "github.com/openshift/origin/pkg/oauthserver/client"
 	utilregistry "github.com/openshift/origin/pkg/util/registry"
 )
 

pkg/authorization/registry/clusterrolebinding/proxy.go

@@ -9,9 +9,9 @@ import (
 	restclient "k8s.io/client-go/rest"
 	rbacinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion"
 
-	authclient "github.com/openshift/origin/pkg/auth/client"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
 	"github.com/openshift/origin/pkg/authorization/registry/util"
+	authclient "github.com/openshift/origin/pkg/oauthserver/client"
 	utilregistry "github.com/openshift/origin/pkg/util/registry"
 )
 

pkg/authorization/registry/role/proxy.go

@@ -10,9 +10,9 @@ import (
 	restclient "k8s.io/client-go/rest"
 	rbacinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion"
 
-	authclient "github.com/openshift/origin/pkg/auth/client"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
 	"github.com/openshift/origin/pkg/authorization/registry/util"
+	authclient "github.com/openshift/origin/pkg/oauthserver/client"
 	utilregistry "github.com/openshift/origin/pkg/util/registry"
 )
 

pkg/authorization/registry/rolebinding/proxy.go

@@ -10,9 +10,9 @@ import (
 	restclient "k8s.io/client-go/rest"
 	rbacinternalversion "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/rbac/internalversion"
 
-	authclient "github.com/openshift/origin/pkg/auth/client"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
 	"github.com/openshift/origin/pkg/authorization/registry/util"
+	authclient "github.com/openshift/origin/pkg/oauthserver/client"
 	utilregistry "github.com/openshift/origin/pkg/util/registry"
 )
 

pkg/build/admission/jenkinsbootstrapper/admission.go

@@ -17,12 +17,12 @@ import (
 	kadmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
 	"k8s.io/kubernetes/pkg/kubectl/resource"
 
-	authenticationclient "github.com/openshift/origin/pkg/auth/client"
 	buildapi "github.com/openshift/origin/pkg/build/apis/build"
 	jenkinscontroller "github.com/openshift/origin/pkg/build/controller/jenkins"
 	oadmission "github.com/openshift/origin/pkg/cmd/server/admission"
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/config/cmd"
+	authenticationclient "github.com/openshift/origin/pkg/oauthserver/client"
 	templateclient "github.com/openshift/origin/pkg/template/generated/internalclientset"
 )
 

pkg/build/admission/secretinjector/admission.go

@@ -12,9 +12,9 @@ import (
 	restclient "k8s.io/client-go/rest"
 	api "k8s.io/kubernetes/pkg/apis/core"
 
-	authclient "github.com/openshift/origin/pkg/auth/client"
 	buildapi "github.com/openshift/origin/pkg/build/apis/build"
 	oadmission "github.com/openshift/origin/pkg/cmd/server/admission"
+	authclient "github.com/openshift/origin/pkg/oauthserver/client"
 	"github.com/openshift/origin/pkg/util/urlpattern"
 )
 

pkg/cmd/server/api/validation/ldap.go

@@ -8,8 +8,8 @@ import (
 
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
-	"github.com/openshift/origin/pkg/auth/ldaputil"
 	"github.com/openshift/origin/pkg/cmd/server/api"
+	"github.com/openshift/origin/pkg/oauthserver/ldaputil"
 )
 
 func ValidateLDAPSyncConfig(config *api.LDAPSyncConfig) ValidationResults {

pkg/cmd/server/api/validation/oauth.go

@@ -10,14 +10,14 @@ import (
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 
-	"github.com/openshift/origin/pkg/auth/authenticator/redirector"
-	"github.com/openshift/origin/pkg/auth/server/errorpage"
-	"github.com/openshift/origin/pkg/auth/server/login"
-	"github.com/openshift/origin/pkg/auth/server/selectprovider"
-	"github.com/openshift/origin/pkg/auth/userregistry/identitymapper"
 	"github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/cmd/server/api/latest"
 	oauthvalidation "github.com/openshift/origin/pkg/oauth/apis/oauth/validation"
+	"github.com/openshift/origin/pkg/oauthserver/authenticator/redirector"
+	"github.com/openshift/origin/pkg/oauthserver/server/errorpage"
+	"github.com/openshift/origin/pkg/oauthserver/server/login"
+	"github.com/openshift/origin/pkg/oauthserver/server/selectprovider"
+	"github.com/openshift/origin/pkg/oauthserver/userregistry/identitymapper"
 	"github.com/openshift/origin/pkg/user/apis/user/validation"
 )
 

pkg/cmd/server/handlers/impersonation_scopes.go

@@ -5,8 +5,8 @@ import (
 
 	authenticationv1 "k8s.io/api/authentication/v1"
 
-	authenticationapi "github.com/openshift/origin/pkg/auth/api"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
+	authenticationapi "github.com/openshift/origin/pkg/oauthserver/api"
 )
 
 // TranslateLegacyScopeImpersonation is a filter that will translates user scope impersonation for openshift into the equivalent kube headers.

pkg/cmd/server/origin/authenticator.go

@@ -21,15 +21,15 @@ import (
 	sacontroller "k8s.io/kubernetes/pkg/controller/serviceaccount"
 	"k8s.io/kubernetes/pkg/serviceaccount"
 
-	openshiftauthenticator "github.com/openshift/origin/pkg/auth/authenticator"
-	"github.com/openshift/origin/pkg/auth/authenticator/request/paramtoken"
-	authnregistry "github.com/openshift/origin/pkg/auth/oauth/registry"
-	"github.com/openshift/origin/pkg/auth/userregistry/identitymapper"
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/cmd/server/bootstrappolicy"
 	oauthvalidation "github.com/openshift/origin/pkg/oauth/apis/oauth/validation"
 	oauthclient "github.com/openshift/origin/pkg/oauth/generated/internalclientset/typed/oauth/internalversion"
 	oauthclientlister "github.com/openshift/origin/pkg/oauth/generated/listers/oauth/internalversion"
+	openshiftauthenticator "github.com/openshift/origin/pkg/oauthserver/authenticator"
+	"github.com/openshift/origin/pkg/oauthserver/authenticator/request/paramtoken"
+	authnregistry "github.com/openshift/origin/pkg/oauthserver/oauth/registry"
+	"github.com/openshift/origin/pkg/oauthserver/userregistry/identitymapper"
 	usercache "github.com/openshift/origin/pkg/user/cache"
 	userclient "github.com/openshift/origin/pkg/user/generated/internalclientset"
 	usertypedclient "github.com/openshift/origin/pkg/user/generated/internalclientset/typed/user/internalversion"

pkg/cmd/server/origin/oauth_apiserver_adapter.go

@@ -9,18 +9,18 @@ import (
 
 	configapi "github.com/openshift/origin/pkg/cmd/server/api"
 	"github.com/openshift/origin/pkg/cmd/server/crypto"
-	oauthapiserver "github.com/openshift/origin/pkg/oauth/apiserver"
+	"github.com/openshift/origin/pkg/oauthserver/oauthserver"
 	routeclient "github.com/openshift/origin/pkg/route/generated/internalclientset"
 )
 
 // TODO this is taking a very large config for a small piece of it.  The information must be broken up at some point so that
 // we can run this in a pod.  This is an indication of leaky abstraction because it spent too much time in openshift start
-func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthapiserver.OAuthServerConfig, error) {
+func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthserver.OAuthServerConfig, error) {
 	options := masterConfig.Options
 	servingConfig := options.ServingInfo
 	oauthConfig := masterConfig.Options.OAuthConfig
 
-	oauthServerConfig, err := oauthapiserver.NewOAuthServerConfig(*oauthConfig, &masterConfig.PrivilegedLoopbackClientConfig)
+	oauthServerConfig, err := oauthserver.NewOAuthServerConfig(*oauthConfig, &masterConfig.PrivilegedLoopbackClientConfig)
 	if err != nil {
 		return nil, err
 	}

pkg/oauth/util/discovery.go

@@ -4,7 +4,7 @@ import (
 	"github.com/RangelReale/osin"
 	"github.com/openshift/origin/pkg/authorization/authorizer/scope"
 	"github.com/openshift/origin/pkg/oauth/apis/oauth/validation"
-	"github.com/openshift/origin/pkg/oauth/server/osinserver"
+	"github.com/openshift/origin/pkg/oauthserver/osinserver"
 )
 
 // OauthAuthorizationServerMetadata holds OAuth 2.0 Authorization Server Metadata used for discovery

pkg/oauth/util/url.go

@@ -4,8 +4,8 @@ import (
 	"path"
 	"strings"
 
-	"github.com/openshift/origin/pkg/auth/server/tokenrequest"
-	"github.com/openshift/origin/pkg/oauth/server/osinserver"
+	"github.com/openshift/origin/pkg/oauthserver/osinserver"
+	"github.com/openshift/origin/pkg/oauthserver/server/tokenrequest"
 )
 
 const OpenShiftOAuthAPIPrefix = "/oauth"

pkg/auth/authenticator/challenger/passwordchallenger/password_auth_handler.go → pkg/oauthserver/authenticator/challenger/passwordchallenger/password_auth_handler.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net/http"
 
-	oauthhandlers "github.com/openshift/origin/pkg/auth/oauth/handlers"
+	oauthhandlers "github.com/openshift/origin/pkg/oauthserver/oauth/handlers"
 )
 
 type basicPasswordAuthHandler struct {

pkg/auth/authenticator/challenger/placeholderchallenger/placeholder_challenger.go → pkg/oauthserver/authenticator/challenger/placeholderchallenger/placeholder_challenger.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"net/http"
 
-	oauthhandlers "github.com/openshift/origin/pkg/auth/oauth/handlers"
+	oauthhandlers "github.com/openshift/origin/pkg/oauthserver/oauth/handlers"
 )
 
 type placeholderChallenger struct {

pkg/auth/authenticator/interfaces.go → pkg/oauthserver/authenticator/interfaces.go

@@ -3,8 +3,8 @@ package authenticator
 import (
 	"k8s.io/apiserver/pkg/authentication/user"
 
-	"github.com/openshift/origin/pkg/auth/api"
 	"github.com/openshift/origin/pkg/oauth/apis/oauth"
+	"github.com/openshift/origin/pkg/oauthserver/api"
 	userapi "github.com/openshift/origin/pkg/user/apis/user"
 )
 

pkg/auth/authenticator/password/allowanypassword/anyauthpassword.go → pkg/oauthserver/authenticator/password/allowanypassword/anyauthpassword.go

@@ -8,7 +8,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 
-	authapi "github.com/openshift/origin/pkg/auth/api"
+	authapi "github.com/openshift/origin/pkg/oauthserver/api"
 )
 
 // alwaysAcceptPasswordAuthenticator approves any login attempt with non-blank username and password

pkg/auth/authenticator/password/allowanypassword/anyauthpassword_test.go → pkg/oauthserver/authenticator/password/allowanypassword/anyauthpassword_test.go

@@ -3,7 +3,7 @@ package allowanypassword
 import (
 	"testing"
 
-	"github.com/openshift/origin/pkg/auth/api"
+	"github.com/openshift/origin/pkg/oauthserver/api"
 	"k8s.io/apiserver/pkg/authentication/user"
 )
 

pkg/auth/authenticator/password/basicauthpassword/basicauthpassword.go → pkg/oauthserver/authenticator/password/basicauthpassword/basicauthpassword.go

@@ -13,7 +13,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 
-	authapi "github.com/openshift/origin/pkg/auth/api"
+	authapi "github.com/openshift/origin/pkg/oauthserver/api"
 )
 
 // Authenticator uses basic auth to make a request to a JSON-returning URL.

pkg/auth/authenticator/password/htpasswd/htpasswd.go → pkg/oauthserver/authenticator/password/htpasswd/htpasswd.go

@@ -14,7 +14,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 
-	authapi "github.com/openshift/origin/pkg/auth/api"
+	authapi "github.com/openshift/origin/pkg/oauthserver/api"
 )
 
 // Authenticator watches a file generated by htpasswd to validate usernames and passwords

pkg/auth/authenticator/password/keystonepassword/keystonepassword.go → pkg/oauthserver/authenticator/password/keystonepassword/keystonepassword.go

@@ -13,7 +13,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 
-	authapi "github.com/openshift/origin/pkg/auth/api"
+	authapi "github.com/openshift/origin/pkg/oauthserver/api"
 )
 
 // keystonePasswordAuthenticator uses OpenStack keystone to authenticate a user by password

pkg/auth/authenticator/password/keystonepassword/keystonepassword_test.go → pkg/oauthserver/authenticator/password/keystonepassword/keystonepassword_test.go

@@ -7,7 +7,7 @@ import (
 	"net/http"
 	"testing"
 
-	"github.com/openshift/origin/pkg/auth/api"
+	"github.com/openshift/origin/pkg/oauthserver/api"
 	th "github.com/rackspace/gophercloud/testhelper"
 	"k8s.io/apiserver/pkg/authentication/user"
 )

pkg/auth/authenticator/password/ldappassword/ldap.go → pkg/oauthserver/authenticator/password/ldappassword/ldap.go

@@ -12,9 +12,9 @@ import (
 	"github.com/golang/glog"
 	"gopkg.in/ldap.v2"
 
-	authapi "github.com/openshift/origin/pkg/auth/api"
-	"github.com/openshift/origin/pkg/auth/ldaputil"
-	"github.com/openshift/origin/pkg/auth/ldaputil/ldapclient"
+	authapi "github.com/openshift/origin/pkg/oauthserver/api"
+	"github.com/openshift/origin/pkg/oauthserver/ldaputil"
+	"github.com/openshift/origin/pkg/oauthserver/ldaputil/ldapclient"
 )
 
 // Options contains configuration for an Authenticator instance

pkg/auth/authenticator/redirector/redirector.go → pkg/oauthserver/authenticator/redirector/redirector.go

@@ -5,7 +5,7 @@ import (
 	"net/url"
 	"strings"
 
-	oauthhandlers "github.com/openshift/origin/pkg/auth/oauth/handlers"
+	oauthhandlers "github.com/openshift/origin/pkg/oauthserver/oauth/handlers"
 )
 
 const (

pkg/auth/authenticator/request/basicauthrequest/basicauth.go → pkg/oauthserver/authenticator/request/basicauthrequest/basicauth.go

@@ -11,7 +11,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/authenticator"
 	"k8s.io/apiserver/pkg/authentication/user"
 
-	"github.com/openshift/origin/pkg/auth/prometheus"
+	"github.com/openshift/origin/pkg/oauthserver/prometheus"
 )
 
 type basicAuthRequestHandler struct {

pkg/auth/authenticator/request/headerrequest/requestheader.go → pkg/oauthserver/authenticator/request/headerrequest/requestheader.go

@@ -6,7 +6,7 @@ import (
 
 	"github.com/golang/glog"
 
-	authapi "github.com/openshift/origin/pkg/auth/api"
+	authapi "github.com/openshift/origin/pkg/oauthserver/api"
 	"k8s.io/apiserver/pkg/authentication/user"
 )
 

pkg/auth/authenticator/request/headerrequest/requestheader_test.go → pkg/oauthserver/authenticator/request/headerrequest/requestheader_test.go

@@ -5,7 +5,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/openshift/origin/pkg/auth/api"
+	"github.com/openshift/origin/pkg/oauthserver/api"
 	"k8s.io/apiserver/pkg/authentication/user"
 )
 

pkg/auth/client/impersonate.go → pkg/oauthserver/client/impersonate.go

@@ -11,8 +11,8 @@ import (
 	"k8s.io/client-go/util/flowcontrol"
 	kclientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
 
-	authenticationapi "github.com/openshift/origin/pkg/auth/api"
 	authorizationapi "github.com/openshift/origin/pkg/authorization/apis/authorization"
+	authenticationapi "github.com/openshift/origin/pkg/oauthserver/api"
 )
 
 type impersonatingRoundTripper struct {

pkg/auth/doc.go → pkg/oauthserver/doc.go

@@ -1,2 +1,2 @@
 // Package auth provides mechanisms for providing authorization and authentication to OpenShift
-package auth
+package oauthserver

pkg/auth/handlers/authrequest.go → pkg/oauthserver/handlers/authrequest.go

@@ -4,7 +4,7 @@ import (
 	"net/http"
 
 	"github.com/golang/glog"
-	"github.com/openshift/origin/pkg/auth/authenticator"
+	"github.com/openshift/origin/pkg/oauthserver/authenticator"
 )
 
 type RequestContext interface {

pkg/auth/ldaputil/client.go → pkg/oauthserver/ldaputil/client.go

@@ -7,7 +7,7 @@ import (
 
 	"k8s.io/client-go/util/cert"
 
-	"github.com/openshift/origin/pkg/auth/ldaputil/ldapclient"
+	"github.com/openshift/origin/pkg/oauthserver/ldaputil/ldapclient"
 	"gopkg.in/ldap.v2"
 )
 

pkg/auth/ldaputil/identityfactory.go → pkg/oauthserver/ldaputil/identityfactory.go

@@ -8,8 +8,8 @@ import (
 
 	"k8s.io/apimachinery/pkg/util/sets"
 
-	authapi "github.com/openshift/origin/pkg/auth/api"
 	serverapi "github.com/openshift/origin/pkg/cmd/server/api"
+	authapi "github.com/openshift/origin/pkg/oauthserver/api"
 )
 
 // LDAPUserIdentityFactory creates Identites for LDAP user entries.

pkg/auth/ldaputil/query.go → pkg/oauthserver/ldaputil/query.go

@@ -7,8 +7,8 @@ import (
 	"github.com/golang/glog"
 	"gopkg.in/ldap.v2"
 
-	"github.com/openshift/origin/pkg/auth/ldaputil/ldapclient"
 	"github.com/openshift/origin/pkg/cmd/server/api"
+	"github.com/openshift/origin/pkg/oauthserver/ldaputil/ldapclient"
 )
 
 // NewLDAPQuery converts a user-provided LDAPQuery into a version we can use

pkg/auth/ldaputil/query_test.go → pkg/oauthserver/ldaputil/query_test.go

@@ -6,7 +6,7 @@ import (
 	"reflect"
 	"testing"
 
-	"github.com/openshift/origin/pkg/auth/ldaputil/testclient"
+	"github.com/openshift/origin/pkg/oauthserver/ldaputil/testclient"
 	"gopkg.in/ldap.v2"
 )
 

pkg/auth/ldaputil/testclient/testclientconfig.go → pkg/oauthserver/ldaputil/testclient/testclientconfig.go

@@ -1,7 +1,7 @@
 package testclient
 
 import (
-	"github.com/openshift/origin/pkg/auth/ldaputil/ldapclient"
+	"github.com/openshift/origin/pkg/oauthserver/ldaputil/ldapclient"
 	"gopkg.in/ldap.v2"
 )
 

pkg/auth/oauth/external/github/github.go → pkg/oauthserver/oauth/external/github/github.go

@@ -12,8 +12,8 @@ import (
 	"github.com/RangelReale/osincli"
 	"github.com/golang/glog"
 
-	authapi "github.com/openshift/origin/pkg/auth/api"
-	"github.com/openshift/origin/pkg/auth/oauth/external"
+	authapi "github.com/openshift/origin/pkg/oauthserver/api"
+	"github.com/openshift/origin/pkg/oauthserver/oauth/external"
 	"github.com/openshift/origin/pkg/util/http/links"
 )
 

pkg/auth/oauth/external/github/github_test.go → pkg/oauthserver/oauth/external/github/github_test.go

@@ -3,7 +3,7 @@ package github
 import (
 	"testing"
 
-	"github.com/openshift/origin/pkg/auth/oauth/external"
+	"github.com/openshift/origin/pkg/oauthserver/oauth/external"
 )
 
 func TestGitHub(t *testing.T) {