Generate and format files

- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

plugin/pkg/admission/imagepolicy/admission.go

@@ -210,15 +210,15 @@ func (a *Plugin) admitPod(ctx context.Context, pod *api.Pod, attributes admissio
 // The config file is specified by --admission-control-config-file and has the
 // following format for a webhook:
 //
-//   {
-//     "imagePolicy": {
-//        "kubeConfigFile": "path/to/kubeconfig/for/backend",
-//        "allowTTL": 30,           # time in s to cache approval
-//        "denyTTL": 30,            # time in s to cache denial
-//        "retryBackoff": 500,      # time in ms to wait between retries
-//        "defaultAllow": true      # determines behavior if the webhook backend fails
-//     }
-//   }
+//	{
+//	  "imagePolicy": {
+//	     "kubeConfigFile": "path/to/kubeconfig/for/backend",
+//	     "allowTTL": 30,           # time in s to cache approval
+//	     "denyTTL": 30,            # time in s to cache denial
+//	     "retryBackoff": 500,      # time in ms to wait between retries
+//	     "defaultAllow": true      # determines behavior if the webhook backend fails
+//	  }
+//	}
 //
 // The config file may be json or yaml.
 //
@@ -227,19 +227,19 @@ func (a *Plugin) admitPod(ctx context.Context, pod *api.Pod, attributes admissio
 //
 // The kubeconfig's cluster field is used to refer to the remote service, user refers to the returned authorizer.
 //
-//     # clusters refers to the remote service.
-//     clusters:
-//     - name: name-of-remote-imagepolicy-service
-//       cluster:
-//         certificate-authority: /path/to/ca.pem      # CA for verifying the remote service.
-//         server: https://images.example.com/policy # URL of remote service to query. Must use 'https'.
+//	# clusters refers to the remote service.
+//	clusters:
+//	- name: name-of-remote-imagepolicy-service
+//	  cluster:
+//	    certificate-authority: /path/to/ca.pem      # CA for verifying the remote service.
+//	    server: https://images.example.com/policy # URL of remote service to query. Must use 'https'.
 //
-//     # users refers to the API server's webhook configuration.
-//     users:
-//     - name: name-of-api-server
-//       user:
-//         client-certificate: /path/to/cert.pem # cert for the webhook plugin to use
-//         client-key: /path/to/key.pem          # key matching the cert
+//	# users refers to the API server's webhook configuration.
+//	users:
+//	- name: name-of-api-server
+//	  user:
+//	    client-certificate: /path/to/cert.pem # cert for the webhook plugin to use
+//	    client-key: /path/to/key.pem          # key matching the cert
 //
 // For additional HTTP configuration, refer to the kubeconfig documentation
 // http://kubernetes.io/v1.1/docs/user-guide/kubeconfig-file.html.

plugin/pkg/admission/podnodeselector/admission.go

@@ -76,9 +76,10 @@ type pluginConfig struct {
 // If the file is not supplied, it defaults to ""
 // The format in a file:
 // podNodeSelectorPluginConfig:
-//  clusterDefaultNodeSelector: <node-selectors-labels>
-//  namespace1: <node-selectors-labels>
-//  namespace2: <node-selectors-labels>
+//
+//	clusterDefaultNodeSelector: <node-selectors-labels>
+//	namespace1: <node-selectors-labels>
+//	namespace2: <node-selectors-labels>
 func readConfig(config io.Reader) *pluginConfig {
 	defaultConfig := &pluginConfig{}
 	if config == nil || reflect.ValueOf(config).IsNil() {

plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go

@@ -56,8 +56,7 @@ type TokenAuthenticator struct {
 // tokenErrorf prints a error message for a secret that has matched a bearer
 // token but fails to meet some other criteria.
 //
-//    tokenErrorf(secret, "has invalid value for key %s", key)
-//
+//	tokenErrorf(secret, "has invalid value for key %s", key)
 func tokenErrorf(s *corev1.Secret, format string, i ...interface{}) {
 	format = fmt.Sprintf("Bootstrap secret %s/%s matching bearer token ", s.Namespace, s.Name) + format
 	klog.V(3).Infof(format, i...)
@@ -69,26 +68,25 @@ func tokenErrorf(s *corev1.Secret, format string, i ...interface{}) {
 //
 // All secrets must be of type "bootstrap.kubernetes.io/token". An example secret:
 //
-//     apiVersion: v1
-//     kind: Secret
-//     metadata:
-//       # Name MUST be of form "bootstrap-token-( token id )".
-//       name: bootstrap-token-( token id )
-//       namespace: kube-system
-//     # Only secrets of this type will be evaluated.
-//     type: bootstrap.kubernetes.io/token
-//     data:
-//       token-secret: ( private part of token )
-//       token-id: ( token id )
-//       # Required key usage.
-//       usage-bootstrap-authentication: true
-//       auth-extra-groups: "system:bootstrappers:custom-group1,system:bootstrappers:custom-group2"
-//       # May also contain an expiry.
+//	apiVersion: v1
+//	kind: Secret
+//	metadata:
+//	  # Name MUST be of form "bootstrap-token-( token id )".
+//	  name: bootstrap-token-( token id )
+//	  namespace: kube-system
+//	# Only secrets of this type will be evaluated.
+//	type: bootstrap.kubernetes.io/token
+//	data:
+//	  token-secret: ( private part of token )
+//	  token-id: ( token id )
+//	  # Required key usage.
+//	  usage-bootstrap-authentication: true
+//	  auth-extra-groups: "system:bootstrappers:custom-group1,system:bootstrappers:custom-group2"
+//	  # May also contain an expiry.
 //
 // Tokens are expected to be of the form:
 //
-//     ( token-id ).( token-secret )
-//
+//	( token-id ).( token-secret )
 func (t *TokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) {
 	tokenID, tokenSecret, err := bootstraptokenutil.ParseToken(token)
 	if err != nil {

plugin/pkg/auth/authorizer/node/graph.go

@@ -327,12 +327,12 @@ func (g *Graph) recomputeDestinationIndex_locked(n graph.Node) {
 // AddPod should only be called once spec.NodeName is populated.
 // It sets up edges for the following relationships (which are immutable for a pod once bound to a node):
 //
-//   pod -> node
+//	pod -> node
 //
-//   secret    -> pod
-//   configmap -> pod
-//   pvc       -> pod
-//   svcacct   -> pod
+//	secret    -> pod
+//	configmap -> pod
+//	pvc       -> pod
+//	svcacct   -> pod
 func (g *Graph) AddPod(pod *corev1.Pod) {
 	start := time.Now()
 	defer func() {
@@ -407,9 +407,9 @@ func (g *Graph) DeletePod(name, namespace string) {
 
 // AddPV sets up edges for the following relationships:
 //
-//   secret -> pv
+//	secret -> pv
 //
-//   pv -> pvc
+//	pv -> pvc
 func (g *Graph) AddPV(pv *corev1.PersistentVolume) {
 	start := time.Now()
 	defer func() {
@@ -448,7 +448,7 @@ func (g *Graph) DeletePV(name string) {
 
 // AddVolumeAttachment sets up edges for the following relationships:
 //
-//   volume attachment -> node
+//	volume attachment -> node
 func (g *Graph) AddVolumeAttachment(attachmentName, nodeName string) {
 	start := time.Now()
 	defer func() {

plugin/pkg/auth/authorizer/node/node_authorizer.go

@@ -38,17 +38,17 @@ import (
 )
 
 // NodeAuthorizer authorizes requests from kubelets, with the following logic:
-// 1. If a request is not from a node (NodeIdentity() returns isNode=false), reject
-// 2. If a specific node cannot be identified (NodeIdentity() returns nodeName=""), reject
-// 3. If a request is for a secret, configmap, persistent volume or persistent volume claim, reject unless the verb is get, and the requested object is related to the requesting node:
-//    node <- configmap
-//    node <- pod
-//    node <- pod <- secret
-//    node <- pod <- configmap
-//    node <- pod <- pvc
-//    node <- pod <- pvc <- pv
-//    node <- pod <- pvc <- pv <- secret
-// 4. For other resources, authorize all nodes uniformly using statically defined rules
+//  1. If a request is not from a node (NodeIdentity() returns isNode=false), reject
+//  2. If a specific node cannot be identified (NodeIdentity() returns nodeName=""), reject
+//  3. If a request is for a secret, configmap, persistent volume or persistent volume claim, reject unless the verb is get, and the requested object is related to the requesting node:
+//     node <- configmap
+//     node <- pod
+//     node <- pod <- secret
+//     node <- pod <- configmap
+//     node <- pod <- pvc
+//     node <- pod <- pvc <- pv
+//     node <- pod <- pvc <- pv <- secret
+//  4. For other resources, authorize all nodes uniformly using statically defined rules
 type NodeAuthorizer struct {
 	graph      *Graph
 	identifier nodeidentifier.NodeIdentifier