Use UUIDv4 not UUIDv1

UUIDv1 has several disadvantages:
 - it encodes the MAC address of the host, which is a potential privacy issue
 - it uses the clock of the host, which reveals time information
 - the clock is very coarse, hence the complex code handling duplicates

UUIDv4 is simply a 122 bit random number encoded into the UUID format, which
has no problems with duplicates or locking.

Use the google/uuid library, as newer versions of pborman/uuid just wrap the
Google upstream.

Note that technically a random UUID might fail, but Go ensures that this
should not take place, as it will block if entropy is not available.

Signed-off-by: Justin Cormack <[email protected]>

Author: justincormack

staging/src/k8s.io/apiextensions-apiserver/Godeps/Godeps.json

@@ -12,7 +12,7 @@ go_library(
     importpath = "k8s.io/apimachinery/pkg/util/uuid",
     deps = [
         "//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
-        "//vendor/github.com/pborman/uuid:go_default_library",
+        "//vendor/github.com/google/uuid:go_default_library",
     ],
 )
 

staging/src/k8s.io/apimachinery/Godeps/Godeps.json

@@ -17,27 +17,11 @@ limitations under the License.
 package uuid
 
 import (
-	"sync"
-
-	"github.com/pborman/uuid"
+	"github.com/google/uuid"
 
 	"k8s.io/apimachinery/pkg/types"
 )
 
-var uuidLock sync.Mutex
-var lastUUID uuid.UUID
-
 func NewUUID() types.UID {
-	uuidLock.Lock()
-	defer uuidLock.Unlock()
-	result := uuid.NewUUID()
-	// The UUID package is naive and can generate identical UUIDs if the
-	// time interval is quick enough.
-	// The UUID uses 100 ns increments so it's short enough to actively
-	// wait for a new value.
-	for uuid.Equal(lastUUID, result) == true {
-		result = uuid.NewUUID()
-	}
-	lastUUID = result
-	return types.UID(result.String())
+	return types.UID(uuid.New().String())
 }