From b61a8644e9796d3d48cd16f5c1d8c5e48b7d088f Mon Sep 17 00:00:00 2001
From: juanvallejo <jvallejo@redhat.com>
Date: Wed, 15 Aug 2018 17:49:34 -0400
Subject: [PATCH 1/2] switch to using jsonpatch and upstream patch cmd

---
 hack/lib/start.sh       | 28 ++++++++++++++--------------
 test/extended/gssapi.sh |  3 ++-
 test/extended/setup.sh  |  8 ++++----
 3 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/hack/lib/start.sh b/hack/lib/start.sh
index f5050bac54c4..8f739821d59b 100644
--- a/hack/lib/start.sh
+++ b/hack/lib/start.sh
@@ -160,25 +160,25 @@ readonly -f os::start::internal::configure_master
 function os::start::internal::patch_master_config() {
 	local sudo=${USE_SUDO:+sudo}
 
-	cp "${SERVER_CONFIG_DIR}/master/master-config.yaml" "${SERVER_CONFIG_DIR}/master/master-config.orig.yaml"
-	oc ex config patch "${SERVER_CONFIG_DIR}/master/master-config.orig.yaml" --patch="{\"etcdConfig\": {\"address\": \"${API_HOST}:${ETCD_PORT}\"}}" | \
-	oc ex config patch - --patch="{\"admissionConfig\": {\"pluginConfig\": {\"openshift.io/ImagePolicy\": {\"configuration\": {\"apiVersion\": \"v1\", \"executionRules\": [{\"matchImageAnnotations\": [{\"key\": \"images.openshift.io/deny-execution\", \"value\": \"true\"}], \"name\": \"execution-denied\", \"onResources\": [{\"resource\": \"pods\"}, {\"resource\": \"builds\"}], \"reject\": true, \"skipOnResolutionFailure\": true }], \"kind\": \"ImagePolicyConfig\" }, \"location\": \"\"}}}}" | \
-	oc ex config patch - --patch="{\"etcdConfig\": {\"servingInfo\": {\"bindAddress\": \"${API_HOST}:${ETCD_PORT}\"}}}" | \
-	oc ex config patch - --type json --patch="[{\"op\": \"replace\", \"path\": \"/etcdClientInfo/urls\", \"value\": [\"${API_SCHEME}://${API_HOST}:${ETCD_PORT}\"]}]" | \
-	oc ex config patch - --patch="{\"etcdConfig\": {\"peerAddress\": \"${API_HOST}:${ETCD_PEER_PORT}\"}}" | \
-	oc ex config patch - --patch="{\"etcdConfig\": {\"peerServingInfo\": {\"bindAddress\": \"${API_HOST}:${ETCD_PEER_PORT}\"}}}" | \
-	oc ex config patch - --patch="{\"auditConfig\": {\"enabled\": true}}" | \
-	oc ex config patch - --patch="{\"imagePolicyConfig\": {\"maxImagesBulkImportedPerRepository\": ${MAX_IMAGES_BULK_IMPORTED_PER_REPOSITORY:-5}}}" > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
-	if [[ -n "${ALLOWED_REGISTRIES-}" ]]; then
-		oc ex config patch "${SERVER_CONFIG_DIR}/master/master-config.yaml" --patch="{\"imagePolicyConfig\":{\"allowedRegistriesForImport\":${ALLOWED_REGISTRIES}}}" > "${SERVER_CONFIG_DIR}/master/master-config.yaml.patch"
-		mv -f "${SERVER_CONFIG_DIR}/master/master-config.yaml.patch" "${SERVER_CONFIG_DIR}/master/master-config.yaml"
-	fi
-
 	# Make oc use ${MASTER_CONFIG_DIR}/admin.kubeconfig, and ignore anything in the running user's $HOME dir
 	export ADMIN_KUBECONFIG="${MASTER_CONFIG_DIR}/admin.kubeconfig"
 	CLUSTER_ADMIN_CONTEXT=$(oc config view --config="${ADMIN_KUBECONFIG}" --flatten -o template --template='{{index . "current-context"}}'); export CLUSTER_ADMIN_CONTEXT
 	${sudo} chmod -R a+rwX "${ADMIN_KUBECONFIG}"
 	os::log::debug "To debug: export KUBECONFIG=$ADMIN_KUBECONFIG"
+
+	cp "${SERVER_CONFIG_DIR}/master/master-config.yaml" "${SERVER_CONFIG_DIR}/master/master-config.orig.yaml"
+	oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f "${SERVER_CONFIG_DIR}/master/master-config.orig.yaml" --patch="[{\"op\": "replace", \"path\": \"/etcdConfig/address\", \"value\": \"${API_HOST}:${ETCD_PORT}\"}]" | \
+	oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f - --patch="[{\"op\": \"add\", \"path\": \"/admissionConfig/pluginConfig\", \"value\": {\"openshift.io/ImagePolicy\": {\"configuration\": {\"apiVersion\": \"v1\", \"executionRules\": [{\"matchImageAnnotations\": [{\"key\": \"images.openshift.io/deny-execution\", \"value\": \"true\"}], \"name\": \"execution-denied\", \"onResources\": [{\"resource\": \"pods\"}, {\"resource\": \"builds\"}], \"reject\": true, \"skipOnResolutionFailure\": true }], \"kind\": \"ImagePolicyConfig\" }, \"location\": \"\"}}}]" | \
+	oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f - --patch="[{\"op\": \"replace\", \"path\": \"/etcdConfig/servingInfo/bindAddress\", \"value\": \"${API_HOST}:${ETCD_PORT}\"}]" | \
+	oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f - --patch="[{\"op\": \"replace\", \"path\": \"/etcdClientInfo/urls\", \"value\": [\"${API_SCHEME}://${API_HOST}:${ETCD_PORT}\"]}]" | \
+	oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f - --patch="[{\"op\": \"replace\", \"path\": \"/etcdConfig/peerAddress\", \"value\": \"${API_HOST}:${ETCD_PEER_PORT}\"}]" | \
+	oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f - --patch="[{\"op\": \"replace\", \"path\": \"/etcdConfig/peerServingInfo/bindAddress\", \"value\": \"${API_HOST}:${ETCD_PEER_PORT}\"}]" | \
+	oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f - --patch="[{\"op\": \"replace\", \"path\": \"/auditConfig/enabled\", \"value\": true}]" | \
+	oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f - --patch="[{\"op\": \"replace\", \"path\": \"/imagePolicyConfig/maxImagesBulkImportedPerRepository\", \"value\": ${MAX_IMAGES_BULK_IMPORTED_PER_REPOSITORY:-5}}]" > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
+	if [[ -n "${ALLOWED_REGISTRIES-}" ]]; then
+	    oc patch --config="${ADMIN_KUBECONFIG}" --local --type=json -o yaml -f "${SERVER_CONFIG_DIR}/master/master-config.yaml" --patch="[{\"op\": \"add\", \"path\": \"/imagePolicyConfig/allowedRegistriesForImport\", \"value\": ${ALLOWED_REGISTRIES}}]" > "${SERVER_CONFIG_DIR}/master/master-config.yaml.patch"
+		mv -f "${SERVER_CONFIG_DIR}/master/master-config.yaml.patch" "${SERVER_CONFIG_DIR}/master/master-config.yaml"
+	fi
 }
 readonly -f os::start::internal::patch_master_config
 
diff --git a/test/extended/gssapi.sh b/test/extended/gssapi.sh
index 944981dc360c..4ebdf670c071 100755
--- a/test/extended/gssapi.sh
+++ b/test/extended/gssapi.sh
@@ -44,8 +44,9 @@ realm="${host^^}"
 backend='https://openshift.default.svc.cluster.local:443'
 
 oauth_patch="$(sed "s/HOST_NAME/${host}/" "${test_data_location}/config/oauth_config.json")"
+final_oauth_patch="{"$(echo ${oauth_patch} | tail -n +3 | head -n -2 | sed s/\\n//g)"}"
 cp "${SERVER_CONFIG_DIR}/master/master-config.yaml" "${SERVER_CONFIG_DIR}/master/master-config.tmp.yaml"
-oc ex config patch "${SERVER_CONFIG_DIR}/master/master-config.tmp.yaml" --patch="${oauth_patch}" > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
+oc patch -f "${SERVER_CONFIG_DIR}/master/master-config.tmp.yaml" --local --type=json -o yaml --patch="[{\"op\": \"replace\", \"path\": \"/oauthConfig/identityProviders\", \"value\": ${final_oauth_patch}}]" > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
 os::start::server
 
 export KUBECONFIG="${ADMIN_KUBECONFIG}"
diff --git a/test/extended/setup.sh b/test/extended/setup.sh
index 85ab25b98cce..df793d212b44 100644
--- a/test/extended/setup.sh
+++ b/test/extended/setup.sh
@@ -113,24 +113,24 @@ function os::test::extended::setup () {
 	# put change there - only want this for extended tests
 	os::log::info "Turn on audit logging"
 	cp "${SERVER_CONFIG_DIR}/master/master-config.yaml" "${SERVER_CONFIG_DIR}/master/master-config.orig2.yaml"
-	oc ex config patch "${SERVER_CONFIG_DIR}/master/master-config.orig2.yaml" --patch="{\"auditConfig\": {\"enabled\": true, \"auditFilePath\": \"${LOG_DIR}/audit.log\"}}"  > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
+    oc patch --local --type=json -o yaml -f "${SERVER_CONFIG_DIR}/master/master-config.orig2.yaml" --patch="[{\"op\": \"replace\", \"path\": \"/auditConfig/enabled\", \"value\": true}, {\"op\": \"replace\", \"path\": \"/auditConfig/auditFilePath\", \"value\": \"${LOG_DIR}/audit.log\"}]" > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
 
 	cp "${SERVER_CONFIG_DIR}/master/master-config.yaml" "${SERVER_CONFIG_DIR}/master/master-config.orig2.yaml"
-	oc ex config patch "${SERVER_CONFIG_DIR}/master/master-config.orig2.yaml" --patch="{\"templateServiceBrokerConfig\": {\"templateNamespaces\": [\"openshift\"]}}"  > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
+    oc patch --local --type=json -o yaml -f "${SERVER_CONFIG_DIR}/master/master-config.orig2.yaml" --patch="[{\"op\": \"add\", \"path\": \"/templateServiceBrokerConfig\", \"value\": {\"templaceNamespaces\": [\"openshift\"]}}]" > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
 
 	# If the XFS volume dir mount point exists enable local storage quota in node-config.yaml so these tests can pass:
 	if [[ -n "${LOCAL_STORAGE_QUOTA}" ]]; then
 		# The ec2 images usually have ~5Gi of space defined for the xfs vol for the registry; want to give /registry a good chunk of that
 		# to store the images created when the extended tests run
 		cp "${NODE_CONFIG_DIR}/node-config.yaml" "${NODE_CONFIG_DIR}/node-config.orig2.yaml"
-		oc ex config patch "${NODE_CONFIG_DIR}/node-config.orig2.yaml" --patch='{"volumeConfig":{"localQuota":{"perFSGroup":"4480Mi"}}}' > "${NODE_CONFIG_DIR}/node-config.yaml"
+        oc patch --local --type=json -o yaml -f "${NODE_CONFIG_DIR}/node-config.orig2.yaml" --patch="[{\"op\": \"add\", \"path\": \"/volumeConfig/localQuota\", \"value\": {\"perFSGroup\": \"4480Mi\"}}]" > "${NODE_CONFIG_DIR}/node-config.yaml"
 	fi
 	os::log::info "Using VOLUME_DIR=${VOLUME_DIR}"
 
 	# This is a bit hacky, but set the pod gc threshold appropriately for the garbage_collector test
 	# and enable-hostpath-provisioner for StatefulSet tests
 	cp "${SERVER_CONFIG_DIR}/master/master-config.yaml" "${SERVER_CONFIG_DIR}/master/master-config.orig3.yaml"
-	oc ex config patch "${SERVER_CONFIG_DIR}/master/master-config.orig3.yaml" --patch='{"kubernetesMasterConfig":{"controllerArguments":{"terminated-pod-gc-threshold":["100"], "enable-hostpath-provisioner":["true"]}}}' > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
+    oc patch --local --type=json -o yaml -f "${SERVER_CONFIG_DIR}/master/master-config.orig3.yaml" --patch="[{\"op\": \"add\", \"path\": \"/kubernetesMasterConfig/controllerArguments\", \"value\": {\"terminated-pod-gc-threshold\":[\"100\"], \"enable-hostpath-provisioner\":[\"true\"]}}]" > "${SERVER_CONFIG_DIR}/master/master-config.yaml"
 
 	os::start::server "${API_SERVER_VERSION:-}" "${CONTROLLER_VERSION:-}" "${SKIP_NODE:-}"
 

From 8676b3a963c139274fc8f5dbd06e50c563dfbd26 Mon Sep 17 00:00:00 2001
From: juanvallejo <jvallejo@redhat.com>
Date: Tue, 21 Aug 2018 11:07:40 -0400
Subject: [PATCH 2/2] UPSTREAM: 67399: update patch to work with --local and
 avoid extra requests

---
 .../kubernetes/pkg/kubectl/cmd/patch.go       | 45 +++++++------------
 1 file changed, 15 insertions(+), 30 deletions(-)

diff --git a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/patch.go b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/patch.go
index 551af2de4c41..6f45d1462de5 100644
--- a/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/patch.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubectl/cmd/patch.go
@@ -190,14 +190,16 @@ func (o *PatchOptions) RunPatch() error {
 		return fmt.Errorf("unable to parse %q: %v", o.Patch, err)
 	}
 
-	r := o.builder.
+	b := o.builder.
 		Unstructured().
 		ContinueOnError().
 		NamespaceParam(o.namespace).DefaultNamespace().
 		FilenameParam(o.enforceNamespace, &o.FilenameOptions).
+		LocalParam(o.Local).
 		ResourceTypeOrNameArgs(false, o.args...).
-		Flatten().
-		Do()
+		Flatten()
+
+	r := b.Do()
 	err = r.Err()
 	if err != nil {
 		return err
@@ -208,14 +210,15 @@ func (o *PatchOptions) RunPatch() error {
 		if err != nil {
 			return err
 		}
+		count++
 		name, namespace := info.Name, info.Namespace
-		mapping := info.ResourceMapping()
-		client, err := o.unstructuredClientForMapping(mapping)
-		if err != nil {
-			return err
-		}
-
 		if !o.Local && !o.dryRun {
+			mapping := info.ResourceMapping()
+			client, err := o.unstructuredClientForMapping(mapping)
+			if err != nil {
+				return err
+			}
+
 			helper := resource.NewHelper(client, mapping)
 			patchedObj, err := helper.Patch(namespace, name, patchType, patchBytes)
 			if err != nil {
@@ -234,28 +237,20 @@ func (o *PatchOptions) RunPatch() error {
 					patchedObj = recordedObj
 				}
 			}
-			count++
-
-			// After computing whether we changed data, refresh the resource info with the resulting object
-			if err := info.Refresh(patchedObj, true); err != nil {
-				return err
-			}
 
 			printer, err := o.ToPrinter(patchOperation(didPatch))
 			if err != nil {
 				return err
 			}
-			return printer.PrintObj(info.Object, o.Out)
+			return printer.PrintObj(patchedObj, o.Out)
 		}
 
-		count++
-
 		originalObjJS, err := runtime.Encode(unstructured.UnstructuredJSONScheme, info.Object)
 		if err != nil {
 			return err
 		}
 
-		originalPatchedObjJS, err := getPatchedJSON(patchType, originalObjJS, patchBytes, mapping.GroupVersionKind, scheme.Scheme)
+		originalPatchedObjJS, err := getPatchedJSON(patchType, originalObjJS, patchBytes, info.Object.GetObjectKind().GroupVersionKind(), scheme.Scheme)
 		if err != nil {
 			return err
 		}
@@ -267,21 +262,11 @@ func (o *PatchOptions) RunPatch() error {
 
 		didPatch := !reflect.DeepEqual(info.Object, targetObj)
 
-		// TODO: if we ever want to go generic, this allows a clean -o yaml without trying to print columns or anything
-		// rawExtension := &runtime.Unknown{
-		//	Raw: originalPatchedObjJS,
-		// }
-		if didPatch {
-			if err := info.Refresh(targetObj, true); err != nil {
-				return err
-			}
-		}
-
 		printer, err := o.ToPrinter(patchOperation(didPatch))
 		if err != nil {
 			return err
 		}
-		return printer.PrintObj(info.Object, o.Out)
+		return printer.PrintObj(targetObj, o.Out)
 	})
 	if err != nil {
 		return err