diff --git a/.codecov.yml b/.codecov.yml index 0d91db029a28b..6700ed0f05e74 100644 --- a/.codecov.yml +++ b/.codecov.yml @@ -8,7 +8,6 @@ ignore: - "pkg/client/.*" - "vendor/.*" - "test/.*" -- "**/mocks/*" coverage: status: # we've found this not to be useful diff --git a/.github/dependabot.yml b/.github/dependabot.yml index e10453f61b17b..5540fb7fd93e6 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -17,11 +17,6 @@ updates: schedule: interval: "daily" - - package-ecosystem: "npm" - directory: "/ui-test/" - schedule: - interval: "daily" - - package-ecosystem: "docker" directory: "/" schedule: diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 2e876c1095f73..6d4302d2b540c 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -6,10 +6,9 @@ | codeql.yaml | CodeQL analysis | | image-reuse.yaml | Build, push, and Sign container images | | image.yaml | Build container image for PR's & publish for push events | -| init-release.yaml | Build manifests and version then create a PR for release branch| | pr-title-check.yaml| Lint PR for semantic information | +| init-release.yaml | Build manifests and version then create a PR for release branch| | release.yaml | Build images, cli-binaries, provenances, and post actions | -| scorecard.yaml | Generate scorecard for supply-chain security | | update-snyk.yaml | Scheduled snyk reports | # Reusable workflows diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml index 9a1a1d65ac574..84534d518f26b 100644 --- a/.github/workflows/ci-build.yaml +++ b/.github/workflows/ci-build.yaml @@ -13,7 +13,7 @@ on: env: # Golang version to use across CI steps - GOLANG_VERSION: '1.22' + GOLANG_VERSION: '1.21' concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -28,10 +28,9 @@ jobs: outputs: backend: ${{ steps.filter.outputs.backend_any_changed }} frontend: ${{ steps.filter.outputs.frontend_any_changed }} - docs: ${{ steps.filter.outputs.docs_any_changed }} steps: - uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - - uses: tj-actions/changed-files@cc733854b1f224978ef800d29e4709d5ee2883e4 # v44.5.5 + - uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # v42.0.2 id: filter with: # Any file which is not under docs/, ui/ or is not a markdown file is counted as a backend file @@ -44,8 +43,6 @@ jobs: frontend: - 'ui/**' - Dockerfile - docs: - - 'docs/**' check-go: name: Ensure Go modules synchronicity if: ${{ needs.changes.outputs.backend == 'true' }} @@ -56,7 +53,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Download all Go modules @@ -77,11 +74,11 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Restore go build cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -104,14 +101,14 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Run golangci-lint - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 + uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 with: - version: v1.58.2 - args: --verbose + version: v1.54.0 + args: --enable gofmt --timeout 10m --exclude SA5011 --verbose --max-issues-per-linter 0 --max-same-issues 0 test-go: name: Run unit tests for Go packages @@ -131,7 +128,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -151,7 +148,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -171,11 +168,16 @@ jobs: go mod download - name: Run all unit tests run: make test-local + - name: Generate code coverage artifacts + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: code-coverage + path: coverage.out - name: Generate test results artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: test-results - path: test-results + path: test-results/ test-go-race: name: Run unit tests with -race for Go packages @@ -195,7 +197,7 @@ jobs: - name: Create symlink in GOPATH run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Install required packages @@ -215,7 +217,7 @@ jobs: run: | echo "/usr/local/bin" >> $GITHUB_PATH - name: Restore go build cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -236,14 +238,14 @@ jobs: - name: Run all unit tests run: make test-race-local - name: Generate test results artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: name: race-results path: test-results/ codegen: name: Check changes to generated code - if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.docs == 'true'}} + if: ${{ needs.changes.outputs.backend == 'true' }} runs-on: ubuntu-22.04 needs: - changes @@ -251,7 +253,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: Create symlink in GOPATH @@ -294,8 +296,7 @@ jobs: build-ui: name: Build, test & lint UI code - # We run UI logic for backend changes so that we have a complete set of coverage documents to send to codecov. - if: ${{ needs.changes.outputs.backend == 'true' || needs.changes.outputs.frontend == 'true' }} + if: ${{ needs.changes.outputs.frontend == 'true' }} runs-on: ubuntu-22.04 needs: - changes @@ -303,12 +304,12 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup NodeJS - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 + uses: actions/setup-node@5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d # v3.8.1 with: node-version: '21.6.1' - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} @@ -336,7 +337,6 @@ jobs: - test-go - build-ui - changes - - test-e2e env: sonar_secret: ${{ secrets.SONAR_TOKEN }} steps: @@ -346,42 +346,57 @@ jobs: fetch-depth: 0 - name: Restore node dependency cache id: cache-dependencies - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ui/node_modules key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }} - name: Remove other node_modules directory run: | rm -rf ui/node_modules/argo-ui/node_modules - - name: Get e2e code coverage - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + - name: Create test-results directory + run: | + mkdir -p test-results + - name: Get code coverage artifact + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: - name: e2e-code-coverage - path: e2e-code-coverage - - name: Get unit test code coverage - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 + name: code-coverage + - name: Get test result artifact + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 with: name: test-results path: test-results - - name: combine-go-coverage - # We generate coverage reports for all Argo CD components, but only the applicationset-controller report - # contains coverage data. The other components currently don't shut down gracefully, so no coverage data is - # produced. Once those components are fixed, we can add references to their coverage output directories. - run: | - go tool covdata percent -i=test-results,e2e-code-coverage/applicationset-controller -o test-results/full-coverage.out - name: Upload code coverage information to codecov.io - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: - file: test-results/full-coverage.out - fail_ci_if_error: true - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} + file: coverage.out - name: Perform static code analysis using SonarCloud env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} - uses: SonarSource/sonarqube-scan-action@aecaf43ae57e412bd97d70ef9ce6076e672fe0a9 # v2.2 + SCANNER_VERSION: 4.2.0.1873 + SCANNER_PATH: /tmp/cache/scanner + OS: linux + run: | + # We do not use the provided action, because it does contain an old + # version of the scanner, and also takes time to build. + set -e + mkdir -p ${SCANNER_PATH} + export SONAR_USER_HOME=${SCANNER_PATH}/.sonar + if [[ ! -x "${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner" ]]; then + curl -Ol https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${SCANNER_VERSION}-${OS}.zip + unzip -qq -o sonar-scanner-cli-${SCANNER_VERSION}-${OS}.zip -d ${SCANNER_PATH} + fi + + chmod +x ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner + chmod +x ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/jre/bin/java + + # Explicitly set NODE_MODULES + export NODE_MODULES=${PWD}/ui/node_modules + export NODE_PATH=${PWD}/ui/node_modules + + ${SCANNER_PATH}/sonar-scanner-${SCANNER_VERSION}-${OS}/bin/sonar-scanner if: env.sonar_secret != '' + test-e2e: name: Run end-to-end tests if: ${{ needs.changes.outputs.backend == 'true' }} @@ -389,16 +404,7 @@ jobs: strategy: fail-fast: false matrix: - k3s: - - version: v1.30.2 - # We designate the latest version because we only collect code coverage for that version. - latest: true - - version: v1.29.6 - latest: false - - version: v1.28.11 - latest: false - - version: v1.27.15 - latest: false + k3s-version: [v1.29.1, v1.28.6, v1.27.10, v1.26.13, v1.25.16] needs: - build-go - changes @@ -419,7 +425,7 @@ jobs: - name: Checkout code uses: actions/checkout@8410ad0602e1e429cee44a835ae9f77f654a6694 # v4.0.0 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} - name: GH actions workaround - Kill XSP4 process @@ -427,7 +433,7 @@ jobs: sudo pkill mono || true - name: Install K3S env: - INSTALL_K3S_VERSION: ${{ matrix.k3s.version }}+k3s1 + INSTALL_K3S_VERSION: ${{ matrix.k3s-version }}+k3s1 run: | set -x curl -sfL https://get.k3s.io | sh - @@ -438,7 +444,7 @@ jobs: sudo chmod go-r $HOME/.kube/config kubectl version - name: Restore go build cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.cache/go-build key: ${{ runner.os }}-go-build-v1-${{ github.run_id }} @@ -466,7 +472,7 @@ jobs: run: | docker pull ghcr.io/dexidp/dex:v2.38.0 docker pull argoproj/argo-cd-ci-builder:v1.0.0 - docker pull redis:7.0.15-alpine + docker pull redis:7.0.14-alpine - name: Create target directory for binaries in the build-process run: | mkdir -p dist @@ -479,7 +485,7 @@ jobs: # port 8080 which is not visible in netstat -tulpen, but still there # with a HTTP listener. We have API server listening on port 8088 # instead. - make start-e2e-local COVERAGE_ENABLED=true 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-server.log & + make start-e2e-local 2>&1 | sed -r "s/[[:cntrl:]]\[[0-9]{1,3}m//g" > /tmp/e2e-server.log & count=1 until curl -f http://127.0.0.1:8088/healthz; do sleep 10; @@ -493,18 +499,10 @@ jobs: run: | set -x make test-e2e-local - goreman run stop-all || echo "goreman trouble" - sleep 30 - - name: Upload e2e coverage report - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: e2e-code-coverage - path: /tmp/coverage - if: ${{ matrix.k3s.latest }} - name: Upload e2e-server logs - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 with: - name: e2e-server-k8s${{ matrix.k3s.version }}.log + name: e2e-server-k8s${{ matrix.k3s-version }}.log path: /tmp/e2e-server.log if: ${{ failure() }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 7dcc9f6e24bca..5d745d222d2fb 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -33,13 +33,13 @@ jobs: # Use correct go version. https://github.com/github/codeql-action/issues/1842#issuecomment-1704398087 - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version-file: go.mod # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 + uses: github/codeql-action/init@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33 # Override language selection by uncommenting this and choosing your languages # with: # languages: go, javascript, csharp, python, cpp, java @@ -47,7 +47,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 + uses: github/codeql-action/autobuild@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33 # ℹ️ Command-line programs to run using the OS shell. # 📚 https://git.io/JvXDl @@ -61,4 +61,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 + uses: github/codeql-action/analyze@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33 diff --git a/.github/workflows/image-reuse.yaml b/.github/workflows/image-reuse.yaml index aa29d5b2863ff..5b5a12b346fa1 100644 --- a/.github/workflows/image-reuse.yaml +++ b/.github/workflows/image-reuse.yaml @@ -69,14 +69,14 @@ jobs: if: ${{ github.ref_type != 'tag'}} - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ inputs.go-version }} - name: Install cosign - uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0 + uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0 - - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + - uses: docker/setup-qemu-action@2b82ce82d56a2a04d2637cd93a637ae1b359c0a7 # v2.2.0 - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 - name: Setup tags for container image as a CSV type @@ -104,7 +104,7 @@ jobs: echo 'EOF' >> $GITHUB_ENV - name: Login to Quay.io - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: quay.io username: ${{ secrets.quay_username }} @@ -112,7 +112,7 @@ jobs: if: ${{ inputs.quay_image_name && inputs.push }} - name: Login to GitHub Container Registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ secrets.ghcr_username }} @@ -120,7 +120,7 @@ jobs: if: ${{ inputs.ghcr_image_name && inputs.push }} - name: Login to dockerhub Container Registry - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: username: ${{ secrets.docker_username }} password: ${{ secrets.docker_password }} @@ -134,7 +134,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91 with: large-packages: false docker-images: false @@ -143,7 +143,7 @@ jobs: - name: Build and push container image id: image - uses: docker/build-push-action@15560696de535e4014efeff63c48f16952e52dd1 #v6.2.0 + uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 #v5.3.0 with: context: . platforms: ${{ inputs.platforms }} diff --git a/.github/workflows/image.yaml b/.github/workflows/image.yaml index 3102e8361aa06..a7174e10de9db 100644 --- a/.github/workflows/image.yaml +++ b/.github/workflows/image.yaml @@ -52,7 +52,7 @@ jobs: uses: ./.github/workflows/image-reuse.yaml with: # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: ${{ needs.set-vars.outputs.platforms }} push: false @@ -68,7 +68,7 @@ jobs: quay_image_name: quay.io/argoproj/argocd:latest ghcr_image_name: ghcr.io/argoproj/argo-cd/argocd:${{ needs.set-vars.outputs.image-tag }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: ${{ needs.set-vars.outputs.platforms }} push: true secrets: @@ -86,7 +86,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) if: ${{ github.repository == 'argoproj/argo-cd' && github.event_name == 'push' }} # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 with: image: ghcr.io/argoproj/argo-cd/argocd digest: ${{ needs.build-and-publish.outputs.image-digest }} diff --git a/.github/workflows/init-release.yaml b/.github/workflows/init-release.yaml index bc318d4f4b7dc..0a0430f27f96b 100644 --- a/.github/workflows/init-release.yaml +++ b/.github/workflows/init-release.yaml @@ -64,7 +64,7 @@ jobs: git stash pop - name: Create pull request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: "Bump version to ${{ inputs.TARGET_VERSION }}" title: "Bump version to ${{ inputs.TARGET_VERSION }} on ${{ inputs.TARGET_BRANCH }} branch" diff --git a/.github/workflows/pr-title-check.yml b/.github/workflows/pr-title-check.yml index 61c38548cf6ba..020535d7b8afa 100644 --- a/.github/workflows/pr-title-check.yml +++ b/.github/workflows/pr-title-check.yml @@ -23,7 +23,7 @@ jobs: name: Validate PR Title runs-on: ubuntu-latest steps: - - uses: thehanimo/pr-title-checker@1d8cd483a2b73118406a187f54dca8a9415f1375 # v1.4.2 + - uses: thehanimo/pr-title-checker@0cf5902181e78341bb97bb06646396e5bd354b3f # v1.4.0 with: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} configuration_path: ".github/pr-title-checker-config.json" diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e87f0b286cdbf..d332c075d0bd0 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ on: permissions: {} env: - GOLANG_VERSION: '1.22' # Note: go-version must also be set in job argocd-image.with.go-version + GOLANG_VERSION: '1.21' # Note: go-version must also be set in job argocd-image.with.go-version jobs: argocd-image: @@ -23,7 +23,7 @@ jobs: with: quay_image_name: quay.io/argoproj/argocd:${{ github.ref_name }} # Note: cannot use env variables to set go-version (https://docs.github.com/en/actions/using-workflows/reusing-workflows#limitations) - go-version: 1.22 + go-version: 1.21 platforms: linux/amd64,linux/arm64,linux/s390x,linux/ppc64le push: true secrets: @@ -38,7 +38,7 @@ jobs: packages: write # for uploading attestations. (https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#known-issues) # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator if: github.repository == 'argoproj/argo-cd' - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_container_slsa3.yml@v1.10.0 with: image: quay.io/argoproj/argocd digest: ${{ needs.argocd-image.outputs.image-digest }} @@ -77,7 +77,7 @@ jobs: fi - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.0.0 with: go-version: ${{ env.GOLANG_VERSION }} @@ -88,7 +88,7 @@ jobs: echo "GIT_TREE_STATE=$(if [ -z "`git status --porcelain`" ]; then echo "clean" ; else echo "dirty"; fi)" >> $GITHUB_ENV - name: Free Disk Space (Ubuntu) - uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be + uses: jlumbroso/free-disk-space@4d9e71b726748f254fe64fa44d273194bd18ec91 with: large-packages: false docker-images: false @@ -96,7 +96,7 @@ jobs: tool-cache: false - name: Run GoReleaser - uses: goreleaser/goreleaser-action@286f3b13b1b49da4ac219696163fb8c1c93e1200 # v6.0.0 + uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0 id: run-goreleaser with: version: latest @@ -128,7 +128,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.goreleaser.outputs.hashes }}" provenance-name: "argocd-cli.intoto.jsonl" @@ -153,7 +153,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Setup Golang - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version: ${{ env.GOLANG_VERSION }} @@ -197,7 +197,7 @@ jobs: echo "hashes=$(sha256sum /tmp/sbom.tar.gz | base64 -w0)" >> "$GITHUB_OUTPUT" - name: Upload SBOM - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: @@ -212,7 +212,7 @@ jobs: contents: write # Needed for release uploads if: github.repository == 'argoproj/argo-cd' # Must be refernced by a tag. https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/container/README.md#referencing-the-slsa-generator - uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.10.0 with: base64-subjects: "${{ needs.generate-sbom.outputs.hashes }}" provenance-name: "argocd-sbom.intoto.jsonl" @@ -291,11 +291,11 @@ jobs: # Replace the 'project-release: vX.X.X-rcX' line in SECURITY-INSIGHTS.yml sed -i "s/project-release: v.*$/project-release: v${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml # Update the 'commit-hash: XXXXXXX' line in SECURITY-INSIGHTS.yml - sed -i "s/commit-hash: .*/commit-hash: ${{ env.COMMIT_HASH }}/" SECURITY-INSIGHTS.yml + sed -i "s/commit-hash: .*/commit-hash: ${{ env.NEW_VERSION }}/" SECURITY-INSIGHTS.yml if: ${{ env.UPDATE_VERSION == 'true' }} - name: Create PR to update VERSION on master branch - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@153407881ec5c347639a548ade7d8ad1d6740e38 # v5.0.2 with: commit-message: Bump version in master title: "chore: Bump version in master" diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml index 28621c86666c5..ec3151949541d 100644 --- a/.github/workflows/scorecard.yaml +++ b/.github/workflows/scorecard.yaml @@ -35,7 +35,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 with: results_file: results.sarif results_format: sarif @@ -54,7 +54,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif @@ -62,6 +62,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8fcfedf57053e09257688fce7a0beeb18b1b9ae3 # v2.17.2 + uses: github/codeql-action/upload-sarif@83a02f7883b12e0e4e1a146174f5e2292a01e601 # v2.16.4 with: sarif_file: results.sarif diff --git a/.gitignore b/.gitignore index cc5a439491dbb..ab17deb0db139 100644 --- a/.gitignore +++ b/.gitignore @@ -19,7 +19,6 @@ node_modules/ ./test/cmp/*.sock .envrc.remote .*.swp -rerunreport.txt # ignore built binaries cmd/argocd/argocd diff --git a/.gitpod.Dockerfile b/.gitpod.Dockerfile index 9411d958e71af..d105f49fde2b1 100644 --- a/.gitpod.Dockerfile +++ b/.gitpod.Dockerfile @@ -1,4 +1,4 @@ -FROM gitpod/workspace-full@sha256:fbff2dce4236535b96de0e94622bbe9a44fba954ca064862004c34e3e08904df +FROM gitpod/workspace-full@sha256:511cecde4dc129ca9eb4cc4c479d61f95e5485ebe320a07f5b902f11899956a3 USER root diff --git a/.golangci.yaml b/.golangci.yaml deleted file mode 100644 index 2351f11e0fecc..0000000000000 --- a/.golangci.yaml +++ /dev/null @@ -1,41 +0,0 @@ -issues: - exclude: - - SA1019 - - SA5011 - max-issues-per-linter: 0 - max-same-issues: 0 -linters: - enable: - - errcheck - - errorlint - - gocritic - - gofumpt - - goimports - - gosimple - - govet - - ineffassign - - misspell - - staticcheck - - testifylint - - unused - - whitespace -linters-settings: - gocritic: - disabled-checks: - - appendAssign - - assignOp # Keep it disabled for readability - - badCond - - commentFormatting - - exitAfterDefer - - ifElseChain - - mapKey - - singleCaseSwitch - - typeSwitchVar - goimports: - local-prefixes: github.com/argoproj/argo-cd/v2 - testifylint: - enable-all: true - disable: - - go-require -run: - timeout: 50m diff --git a/.goreleaser.yaml b/.goreleaser.yaml index ad23b852597fb..c156d37b19081 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -1,5 +1,3 @@ -version: 2 - project_name: argocd before: diff --git a/.mockery.yaml b/.mockery.yaml deleted file mode 100644 index c9d736b1a196d..0000000000000 --- a/.mockery.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# global config -filename: "{{.InterfaceName}}.go" -dir: "{{.InterfaceDir}}/mocks" -outpkg: "mocks" -mockname: "{{.InterfaceName}}" -with-expecter: false -# individual interface config -packages: - github.com/argoproj/argo-cd/v2/applicationset/generators: - interfaces: - Generator: - github.com/argoproj/argo-cd/v2/applicationset/services: - interfaces: - Repos: - github.com/microsoft/azure-devops-go-api/azuredevops/git: - config: - dir: "applicationset/services/scm_provider/azure_devops/git/mocks" - interfaces: - Client: - github.com/argoproj/argo-cd/v2/applicationset/utils: - interfaces: - Renderer: - github.com/argoproj/argo-cd/v2/controller/cache: - interfaces: - LiveStateCache: - github.com/argoproj/argo-cd/v2/reposerver/apiclient: - interfaces: - RepoServerServiceClient: - github.com/argoproj/argo-cd/v2/util/db: - interfaces: - ArgoDB: - github.com/argoproj/argo-cd/v2/util/git: - interfaces: - Client: - github.com/argoproj/argo-cd/v2/util/helm: - interfaces: - Client: - github.com/argoproj/argo-cd/v2/util/notification/argocd: - interfaces: - Service: - # These mocks are not currently used, but they are part of the public API of this package. - github.com/argoproj/argo-cd/v2/pkg/apiclient/session: - interfaces: - SessionServiceServer: - SessionServiceClient: - github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster: - interfaces: - ClusterServiceServer: \ No newline at end of file diff --git a/.readthedocs.yaml b/.readthedocs.yml similarity index 100% rename from .readthedocs.yaml rename to .readthedocs.yml diff --git a/CODEOWNERS b/CODEOWNERS index 20ff6cd449af7..83bb38871d96d 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -8,7 +8,5 @@ /mkdocs.yml @argoproj/argocd-approvers @argoproj/argocd-approvers-docs # CI -/.codecov.yml @argoproj/argocd-approvers @argoproj/argocd-approvers-ci -/.github/** @argoproj/argocd-approvers @argoproj/argocd-approvers-ci -/.goreleaser.yaml @argoproj/argocd-approvers @argoproj/argocd-approvers-ci -/sonar-project.properties @argoproj/argocd-approvers @argoproj/argocd-approvers-ci +/.github/** @argoproj/argocd-approvers @argoproj/argocd-approvers-ci +/.goreleaser.yaml @argoproj/argocd-approvers @argoproj/argocd-approvers-ci diff --git a/Dockerfile b/Dockerfile index 5cf5c4c766bcc..37e473a82c972 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,10 +1,10 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04@sha256:0bced47fffa3361afa981854fcabcd4577cd43cebbb808cea2b1f33a3dd7f508 #################################################################################################### # Builder image # Initial stage which pulls prepares build dependencies and CLI tooling we need for our final image # Also used as the image in CI jobs so needs all dependencies #################################################################################################### -FROM docker.io/library/golang:1.22.4@sha256:a66eda637829ce891e9cf61ff1ee0edf544e1f6c5b0e666c7310dce231a66f28 AS builder +FROM docker.io/library/golang:1.21.10@sha256:16438a8e66c0c984f732e815ee5b7d715b8e33e81bac6d6a3750b1067744e7ca AS builder RUN echo 'deb http://archive.debian.org/debian buster-backports main' >> /etc/apt/sources.list @@ -83,7 +83,7 @@ WORKDIR /home/argocd #################################################################################################### # Argo CD UI stage #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/node:22.3.0@sha256:5e4044ff6001d06e7748e35bfa4f80c73cf5f5a7360a1b782995e038a01b0585 AS argocd-ui +FROM --platform=$BUILDPLATFORM docker.io/library/node:21.6.2@sha256:65998e325b06014d4f1417a8a6afb1540d1ac66521cca76f2221a6953947f9ee AS argocd-ui WORKDIR /src COPY ["ui/package.json", "ui/yarn.lock", "./"] @@ -101,7 +101,7 @@ RUN HOST_ARCH=$TARGETARCH NODE_ENV='production' NODE_ONLINE_ENV='online' NODE_OP #################################################################################################### # Argo CD Build stage which performs the actual build of Argo CD binaries #################################################################################################### -FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22.4@sha256:a66eda637829ce891e9cf61ff1ee0edf544e1f6c5b0e666c7310dce231a66f28 AS argocd-build +FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.21.10@sha256:16438a8e66c0c984f732e815ee5b7d715b8e33e81bac6d6a3750b1067744e7ca AS argocd-build WORKDIR /go/src/github.com/argoproj/argo-cd diff --git a/Makefile b/Makefile index 2c7b4e542f5c9..96275f9bff76e 100644 --- a/Makefile +++ b/Makefile @@ -153,13 +153,6 @@ DEV_IMAGE?=false ARGOCD_GPG_ENABLED?=true ARGOCD_E2E_APISERVER_PORT?=8080 -ifeq (${COVERAGE_ENABLED}, true) -# We use this in the cli-local target to enable code coverage for e2e tests. -COVERAGE_FLAG=-cover -else -COVERAGE_FLAG= -endif - override LDFLAGS += \ -X ${PACKAGE}.version=${VERSION} \ -X ${PACKAGE}.buildDate=${BUILD_DATE} \ @@ -192,14 +185,10 @@ endif .PHONY: all all: cli image -.PHONY: mockgen -mockgen: - ./hack/generate-mock.sh - .PHONY: gogen gogen: export GO111MODULE=off - go generate ./... + go generate ./util/argo/... .PHONY: protogen protogen: mod-vendor-local protogen-fast @@ -235,11 +224,11 @@ clidocsgen: .PHONY: codegen-local -codegen-local: mod-vendor-local mockgen gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog +codegen-local: mod-vendor-local gogen protogen clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog rm -rf vendor/ .PHONY: codegen-local-fast -codegen-local-fast: mockgen gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog +codegen-local-fast: gogen protogen-fast clientgen openapigen clidocsgen manifests-local notification-docs notification-catalog .PHONY: codegen codegen: test-tools-image @@ -251,7 +240,7 @@ cli: test-tools-image .PHONY: cli-local cli-local: clean-debug - CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build $(COVERAGE_FLAG) -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd + CGO_ENABLED=${CGO_FLAG} GODEBUG="tarinsecurepath=0,zipinsecurepath=0" go build -v -ldflags '${LDFLAGS}' -o ${DIST_DIR}/${CLI_NAME} ./cmd .PHONY: gen-resources-cli-local gen-resources-cli-local: clean-debug @@ -368,7 +357,7 @@ lint-local: golangci-lint --version # NOTE: If you get a "Killed" OOM message, try reducing the value of GOGC # See https://github.com/golangci/golangci-lint#memory-usage-of-golangci-lint - GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --fix --verbose + GOGC=$(ARGOCD_LINT_GOGC) GOMAXPROCS=2 golangci-lint run --enable gofmt --fix --verbose --timeout 3000s --max-issues-per-linter 0 --max-same-issues 0 .PHONY: lint-ui lint-ui: test-tools-image @@ -402,9 +391,9 @@ test: test-tools-image .PHONY: test-local test-local: if test "$(TEST_MODULE)" = ""; then \ - DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -args -test.gocoverdir="$(PWD)/test-results"; \ + DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -coverprofile=coverage.out; \ else \ - DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -args -test.gocoverdir="$(PWD)/test-results" "$(TEST_MODULE)"; \ + DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -coverprofile=coverage.out "$(TEST_MODULE)"; \ fi .PHONY: test-race @@ -416,9 +405,9 @@ test-race: test-tools-image .PHONY: test-race-local test-race-local: if test "$(TEST_MODULE)" = ""; then \ - DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -race -args -test.gocoverdir="$(PWD)/test-results"; \ + DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES=`go list ./... | grep -v 'test/e2e'` ./hack/test.sh -race -coverprofile=coverage.out; \ else \ - DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -race -args -test.gocoverdir="$(PWD)/test-results"; \ + DIST_DIR=${DIST_DIR} RERUN_FAILS=0 PACKAGES="$(TEST_MODULE)" ./hack/test.sh -race -coverprofile=coverage.out; \ fi # Run the E2E test suite. E2E test servers (see start-e2e target) must be @@ -432,7 +421,7 @@ test-e2e: test-e2e-local: cli-local # NO_PROXY ensures all tests don't go out through a proxy if one is configured on the test system export GO111MODULE=off - DIST_DIR=${DIST_DIR} RERUN_FAILS=5 PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v -args -test.gocoverdir="$(PWD)/test-results" + DIST_DIR=${DIST_DIR} RERUN_FAILS=5 PACKAGES="./test/e2e" ARGOCD_E2E_RECORD=${ARGOCD_E2E_RECORD} ARGOCD_GPG_ENABLED=true NO_PROXY=* ./hack/test.sh -timeout $(ARGOCD_E2E_TEST_TIMEOUT) -v # Spawns a shell in the test server container for debugging purposes debug-test-server: test-tools-image @@ -463,12 +452,6 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local mkdir -p /tmp/argo-e2e/app/config/gpg/keys && chmod 0700 /tmp/argo-e2e/app/config/gpg/keys mkdir -p /tmp/argo-e2e/app/config/gpg/source && chmod 0700 /tmp/argo-e2e/app/config/gpg/source mkdir -p /tmp/argo-e2e/app/config/plugin && chmod 0700 /tmp/argo-e2e/app/config/plugin - # create folders to hold go coverage results for each component - mkdir -p /tmp/coverage/app-controller - mkdir -p /tmp/coverage/api-server - mkdir -p /tmp/coverage/repo-server - mkdir -p /tmp/coverage/applicationset-controller - mkdir -p /tmp/coverage/notification # set paths for locally managed ssh known hosts and tls certs data ARGOCD_SSH_DATA_PATH=/tmp/argo-e2e/app/config/ssh \ ARGOCD_TLS_DATA_PATH=/tmp/argo-e2e/app/config/tls \ @@ -486,7 +469,6 @@ start-e2e-local: mod-vendor-local dep-ui-local cli-local ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS=http://127.0.0.1:8341,http://127.0.0.1:8342,http://127.0.0.1:8343,http://127.0.0.1:8344 \ ARGOCD_E2E_TEST=true \ goreman -f $(ARGOCD_PROCFILE) start ${ARGOCD_START} - ls -lrt /tmp/coverage # Cleans VSCode debug.test files from sub-dirs to prevent them from being included in by golang embed .PHONY: clean-debug @@ -512,7 +494,6 @@ start-local: mod-vendor-local dep-ui-local cli-local mkdir -p /tmp/argocd-local mkdir -p /tmp/argocd-local/gpg/keys && chmod 0700 /tmp/argocd-local/gpg/keys mkdir -p /tmp/argocd-local/gpg/source - REDIS_PASSWORD=$(shell kubectl get secret argocd-redis -o jsonpath='{.data.auth}' | base64 -d) \ ARGOCD_ZJWT_FEATURE_FLAG=always \ ARGOCD_IN_CI=false \ ARGOCD_GPG_ENABLED=$(ARGOCD_GPG_ENABLED) \ diff --git a/OWNERS b/OWNERS index ca6588fd3d6c8..56e037e282a0a 100644 --- a/OWNERS +++ b/OWNERS @@ -1,6 +1,5 @@ owners: - alexmt -- crenshaw-dev - jessesuen approvers: diff --git a/Procfile b/Procfile index 25f9c7206eef6..4862b0230062f 100644 --- a/Procfile +++ b/Procfile @@ -1,12 +1,13 @@ -controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/app-controller} HOSTNAME=testappcontroller-1 FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}" -api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/api-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}" +controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "HOSTNAME=testappcontroller-1 FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-application-controller $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --server-side-diff-enabled=${ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF:-'false'}" +api-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-server $COMMAND --loglevel debug --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --disable-auth=${ARGOCD_E2E_DISABLE_AUTH:-'true'} --insecure --dex-server http://localhost:${ARGOCD_E2E_DEX_PORT:-5556} --repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081} --port ${ARGOCD_E2E_APISERVER_PORT:-8080} --otlp-address=${ARGOCD_OTLP_ADDRESS} --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''}" dex: sh -c "ARGOCD_BINARY_NAME=argocd-dex go run github.com/argoproj/argo-cd/v2/cmd gendexcfg -o `pwd`/dist/dex.yaml && (test -f dist/dex.yaml || { echo 'Failed to generate dex configuration'; exit 1; }) && docker run --rm -p ${ARGOCD_E2E_DEX_PORT:-5556}:${ARGOCD_E2E_DEX_PORT:-5556} -v `pwd`/dist/dex.yaml:/dex.yaml ghcr.io/dexidp/dex:$(grep "image: ghcr.io/dexidp/dex" manifests/base/dex/argocd-dex-server-deployment.yaml | cut -d':' -f3) dex serve /dex.yaml" redis: bash -c "if [ \"$ARGOCD_REDIS_LOCAL\" = 'true' ]; then redis-server --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; else docker run --rm --name argocd-redis -i -p ${ARGOCD_E2E_REDIS_PORT:-6379}:${ARGOCD_E2E_REDIS_PORT:-6379} docker.io/library/redis:$(grep "image: redis" manifests/base/redis/argocd-redis-deployment.yaml | cut -d':' -f3) --save '' --appendonly no --port ${ARGOCD_E2E_REDIS_PORT:-6379}; fi" -repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/repo-server} FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}" +repo-server: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_GNUPGHOME=${ARGOCD_GNUPGHOME:-/tmp/argocd-local/gpg/keys} ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} ARGOCD_GPG_DATA_PATH=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-repo-server ARGOCD_GPG_ENABLED=${ARGOCD_GPG_ENABLED:-false} $COMMAND --loglevel debug --port ${ARGOCD_E2E_REPOSERVER_PORT:-8081} --redis localhost:${ARGOCD_E2E_REDIS_PORT:-6379} --otlp-address=${ARGOCD_OTLP_ADDRESS}" cmp-server: [ "$ARGOCD_E2E_TEST" = 'true' ] && exit 0 || [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=1 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_BINARY_NAME=argocd-cmp-server ARGOCD_PLUGINSOCKFILEPATH=${ARGOCD_PLUGINSOCKFILEPATH:-./test/cmp} $COMMAND --config-dir-path ./test/cmp --loglevel debug --otlp-address=${ARGOCD_OTLP_ADDRESS}" ui: sh -c 'cd ui && ${ARGOCD_E2E_YARN_CMD:-yarn} start' git-server: test/fixture/testrepos/start-git.sh helm-registry: test/fixture/testrepos/start-helm-registry.sh dev-mounter: [[ "$ARGOCD_E2E_TEST" != "true" ]] && go run hack/dev-mounter/main.go --configmap argocd-ssh-known-hosts-cm=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} --configmap argocd-tls-certs-cm=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} --configmap argocd-gpg-keys-cm=${ARGOCD_GPG_DATA_PATH:-/tmp/argocd-local/gpg/source} -applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/applicationset-controller} FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}" -notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "GOCOVERDIR=${ARGOCD_COVERAGE_DIR:-/tmp/coverage/notification} FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --self-service-notification-enabled=${ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED:-'false'}" \ No newline at end of file +applicationset-controller: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_SSH_DATA_PATH=${ARGOCD_SSH_DATA_PATH:-/tmp/argocd-local/ssh} ARGOCD_BINARY_NAME=argocd-applicationset-controller $COMMAND --loglevel debug --metrics-addr localhost:12345 --probe-addr localhost:12346 --argocd-repo-server localhost:${ARGOCD_E2E_REPOSERVER_PORT:-8081}" +notification: [ "$BIN_MODE" = 'true' ] && COMMAND=./dist/argocd || COMMAND='go run ./cmd/main.go' && sh -c "FORCE_LOG_COLORS=4 ARGOCD_FAKE_IN_CLUSTER=true ARGOCD_TLS_DATA_PATH=${ARGOCD_TLS_DATA_PATH:-/tmp/argocd-local/tls} ARGOCD_BINARY_NAME=argocd-notifications $COMMAND --loglevel debug --application-namespaces=${ARGOCD_APPLICATION_NAMESPACES:-''} --self-service-notification-enabled=${ARGOCD_NOTIFICATION_CONTROLLER_SELF_SERVICE_NOTIFICATION_ENABLED:-'false'}" + diff --git a/README.md b/README.md index 397c51161e0b4..707848191c830 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ [![Integration tests](https://github.com/argoproj/argo-cd/workflows/Integration%20tests/badge.svg?branch=master)](https://github.com/argoproj/argo-cd/actions?query=workflow%3A%22Integration+tests%22) [![codecov](https://codecov.io/gh/argoproj/argo-cd/branch/master/graph/badge.svg)](https://codecov.io/gh/argoproj/argo-cd) [![CII Best Practices](https://bestpractices.coreinfrastructure.org/projects/4486/badge)](https://bestpractices.coreinfrastructure.org/projects/4486) -[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://scorecard.dev/viewer/?uri=github.com/argoproj/argo-cd) +[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd/badge)](https://api.securityscorecards.dev/projects/github.com/argoproj/argo-cd) [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd.svg?type=shield)](https://app.fossa.com/projects/git%2Bgithub.com%2Fargoproj%2Fargo-cd?ref=badge_shield) **Social:** diff --git a/SECURITY-INSIGHTS.yml b/SECURITY-INSIGHTS.yml index 42db7962eb995..8ac4bc36b04ae 100644 --- a/SECURITY-INSIGHTS.yml +++ b/SECURITY-INSIGHTS.yml @@ -3,9 +3,9 @@ header: expiration-date: '2024-10-31T00:00:00.000Z' # One year from initial release. last-updated: '2023-10-27' last-reviewed: '2023-10-27' - commit-hash: fe606708859574b9b6102a505e260fac5d3fb14e + commit-hash: b71277c6beb949d0199d647a582bc25822b88838 project-url: https://github.com/argoproj/argo-cd - project-release: v2.13.0 + project-release: v2.9.0-rc3 changelog: https://github.com/argoproj/argo-cd/releases license: https://github.com/argoproj/argo-cd/blob/master/LICENSE project-lifecycle: diff --git a/USERS.md b/USERS.md index c8630b70141b5..9d409af2e8114 100644 --- a/USERS.md +++ b/USERS.md @@ -18,11 +18,9 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Albert Heijn](https://ah.nl/) 1. [Alibaba Group](https://www.alibabagroup.com/) 1. [Allianz Direct](https://www.allianzdirect.de/) -1. [AlphaSense](https://www.alpha-sense.com/) 1. [Amadeus IT Group](https://amadeus.com/) 1. [Ambassador Labs](https://www.getambassador.io/) 1. [Ancestry](https://www.ancestry.com/) -1. [Andgo Systems](https://www.andgosystems.com/) 1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/) 1. [Ant Group](https://www.antgroup.com/) 1. [AppDirect](https://www.appdirect.com) @@ -37,16 +35,13 @@ Currently, the following organizations are **officially** using Argo CD: 1. [BCDevExchange DevOps Platform](https://bcdevexchange.org/DevOpsPlatform) 1. [Beat](https://thebeat.co/en/) 1. [Beez Innovation Labs](https://www.beezlabs.com/) -1. [Bedag Informatik AG](https://www.bedag.ch/) 1. [Beleza Na Web](https://www.belezanaweb.com.br/) 1. [BigPanda](https://bigpanda.io) 1. [BioBox Analytics](https://biobox.io) 1. [BMW Group](https://www.bmwgroup.com/) 1. [Boozt](https://www.booztgroup.com/) 1. [Boticario](https://www.boticario.com.br/) -1. [Broker Consulting, a.s.](https://www.bcas.cz/en/) 1. [Bulder Bank](https://bulderbank.no) -1. [Cabify](https://cabify.com/en) 1. [CAM](https://cam-inc.co.jp) 1. [Camptocamp](https://camptocamp.com) 1. [Candis](https://www.candis.io) @@ -63,15 +58,12 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Cisco ET&I](https://eti.cisco.com/) 1. [Cloud Posse](https://www.cloudposse.com/) 1. [Cloud Scale](https://cloudscaleinc.com/) -1. [CloudScript](https://www.cloudscript.com.br/) -1. [CloudGeometry](https://www.cloudgeometry.io/) 1. [Cloudmate](https://cloudmt.co.kr/) 1. [Cloudogu](https://cloudogu.com/) 1. [Cobalt](https://www.cobalt.io/) 1. [Codefresh](https://www.codefresh.io/) 1. [Codility](https://www.codility.com/) 1. [Commonbond](https://commonbond.co/) -1. [Contlo](https://contlo.com/) 1. [Coralogix](https://coralogix.com/) 1. [Crédit Agricole CIB](https://www.ca-cib.com) 1. [CROZ d.o.o.](https://croz.net/) @@ -114,7 +106,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Garner](https://www.garnercorp.com) 1. [Generali Deutschland AG](https://www.generali.de/) 1. [Gepardec](https://gepardec.com/) -1. [Getir](https://getir.com) 1. [GetYourGuide](https://www.getyourguide.com/) 1. [Gitpod](https://www.gitpod.io) 1. [Gllue](https://gllue.com) @@ -131,7 +122,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Groww](https://groww.in) 1. [Grupo MasMovil](https://grupomasmovil.com/en/) 1. [Handelsbanken](https://www.handelsbanken.se) -1. [Hazelcast](https://hazelcast.com/) 1. [Healy](https://www.healyworld.net) 1. [Helio](https://helio.exchange) 1. [Hetki](https://hetki.ai) @@ -142,7 +132,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [IABAI](https://www.iab.ai) 1. [IBM](https://www.ibm.com/) 1. [Ibotta](https://home.ibotta.com) -1. [IFS](https://www.ifs.com) 1. [IITS-Consulting](https://iits-consulting.de) 1. [IllumiDesk](https://www.illumidesk.com) 1. [imaware](https://imaware.health) @@ -159,7 +148,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Karrot](https://www.daangn.com/) 1. [KarrotPay](https://www.daangnpay.com/) 1. [Kasa](https://kasa.co.kr/) -1. [Kave Home](https://kavehome.com) 1. [Keeeb](https://www.keeeb.com/) 1. [KelkooGroup](https://www.kelkoogroup.com) 1. [Keptn](https://keptn.sh) @@ -171,7 +159,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [KubeSphere](https://github.com/kubesphere) 1. [Kurly](https://www.kurly.com/) 1. [Kvist](https://kvistsolutions.com) -1. [Kyriba](https://www.kyriba.com/) 1. [LexisNexis](https://www.lexisnexis.com/) 1. [Lian Chu Securities](https://lczq.com) 1. [Liatrio](https://www.liatrio.com) @@ -192,7 +179,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Meilleurs Agents](https://www.meilleursagents.com/) 1. [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/) 1. [Mercedes-Benz.io](https://www.mercedes-benz.io/) -1. [Metacore Games](https://metacoregames.com/) 1. [Metanet](http://www.metanet.co.kr/en/) 1. [MindSpore](https://mindspore.cn) 1. [Mirantis](https://mirantis.com/) @@ -213,7 +199,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Objective](https://www.objective.com.br/) 1. [OCCMundial](https://occ.com.mx) 1. [Octadesk](https://octadesk.com) -1. [Octopus Deploy](https://octopus.com) 1. [Olfeo](https://www.olfeo.com/) 1. [omegaUp](https://omegaUp.com) 1. [Omni](https://omni.se/) @@ -240,9 +225,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Percona](https://percona.com/) 1. [PGS](https://www.pgs.com) 1. [Pigment](https://www.gopigment.com/) -1. [Pipedrive](https://www.pipedrive.com/) 1. [Pipefy](https://www.pipefy.com/) -1. [Pipekit](https://pipekit.io/) 1. [Pismo](https://pismo.io/) 1. [PITS Globale Datenrettungsdienste](https://www.pitsdatenrettung.de/) 1. [Platform9 Systems](https://platform9.com/) @@ -261,6 +244,7 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Quipper](https://www.quipper.com/) 1. [RapidAPI](https://www.rapidapi.com/) 1. [rebuy](https://www.rebuy.de/) +1. [Recreation.gov](https://www.recreation.gov/) 1. [Red Hat](https://www.redhat.com/) 1. [Redpill Linpro](https://www.redpill-linpro.com/) 1. [Reenigne Cloud](https://reenigne.ca) @@ -271,7 +255,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Riskified](https://www.riskified.com/) 1. [Robotinfra](https://www.robotinfra.com) 1. [Rocket.Chat](https://rocket.chat) -1. [Rogo](https://rogodata.com) 1. [Rubin Observatory](https://www.lsst.org) 1. [Saildrone](https://www.saildrone.com/) 1. [Salad Technologies](https://salad.com/) @@ -307,7 +290,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Swisscom](https://www.swisscom.ch) 1. [Swissquote](https://github.com/swissquote) 1. [Syncier](https://syncier.com/) -1. [Syself](https://syself.com) 1. [TableCheck](https://tablecheck.com/) 1. [Tailor Brands](https://www.tailorbrands.com) 1. [Tamkeen Technologies](https://tamkeentech.sa/) @@ -337,7 +319,6 @@ Currently, the following organizations are **officially** using Argo CD: 1. [Urbantz](https://urbantz.com/) 1. [Vectra](https://www.vectra.ai) 1. [Veepee](https://www.veepee.com) -1. [Verkada](https://www.verkada.com) 1. [Viaduct](https://www.viaduct.ai/) 1. [VietMoney](https://vietmoney.vn/) 1. [Vinted](https://vinted.com/) diff --git a/VERSION b/VERSION index fb2c0766b7cc2..497a78c513501 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.13.0 +2.11.5 diff --git a/applicationset/controllers/applicationset_controller.go b/applicationset/controllers/applicationset_controller.go index f13e9272bde8f..3bd648df7eec6 100644 --- a/applicationset/controllers/applicationset_controller.go +++ b/applicationset/controllers/applicationset_controller.go @@ -17,7 +17,6 @@ package controllers import ( "context" "fmt" - "reflect" "strings" "time" @@ -42,10 +41,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/event" "sigs.k8s.io/controller-runtime/pkg/handler" "sigs.k8s.io/controller-runtime/pkg/predicate" + "sigs.k8s.io/controller-runtime/pkg/source" - "github.com/argoproj/argo-cd/v2/applicationset/controllers/template" "github.com/argoproj/argo-cd/v2/applicationset/generators" - "github.com/argoproj/argo-cd/v2/applicationset/status" "github.com/argoproj/argo-cd/v2/applicationset/utils" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/db" @@ -67,10 +65,12 @@ const ( ReconcileRequeueOnValidationError = time.Minute * 3 ) -var defaultPreservedAnnotations = []string{ - NotifiedAnnotationKey, - argov1alpha1.AnnotationKeyRefresh, -} +var ( + defaultPreservedAnnotations = []string{ + NotifiedAnnotationKey, + argov1alpha1.AnnotationKeyRefresh, + } +) // ApplicationSetReconciler reconciles a ApplicationSet object type ApplicationSetReconciler struct { @@ -111,19 +111,15 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // Do not attempt to further reconcile the ApplicationSet if it is being deleted. if applicationSetInfo.ObjectMeta.DeletionTimestamp != nil { - appsetName := applicationSetInfo.ObjectMeta.Name - logCtx.Debugf("DeletionTimestamp is set on %s", appsetName) deleteAllowed := utils.DefaultPolicy(applicationSetInfo.Spec.SyncPolicy, r.Policy, r.EnablePolicyOverride).AllowDelete() if !deleteAllowed { - logCtx.Debugf("ApplicationSet policy does not allow to delete") if err := r.removeOwnerReferencesOnDeleteAppSet(ctx, applicationSetInfo); err != nil { return ctrl.Result{}, err } - logCtx.Debugf("ownerReferences referring %s is deleted from generated applications", appsetName) - } - controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName) - if err := r.Update(ctx, &applicationSetInfo); err != nil { - return ctrl.Result{}, err + controllerutil.RemoveFinalizer(&applicationSetInfo, argov1alpha1.ResourcesFinalizerName) + if err := r.Update(ctx, &applicationSetInfo); err != nil { + return ctrl.Result{}, err + } } return ctrl.Result{}, nil } @@ -131,7 +127,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // Log a warning if there are unrecognized generators _ = utils.CheckInvalidGenerators(&applicationSetInfo) // desiredApplications is the main list of all expected Applications from all generators in this appset. - desiredApplications, applicationSetReason, err := template.GenerateApplications(logCtx, applicationSetInfo, r.Generators, r.Renderer, r.Client) + desiredApplications, applicationSetReason, err := r.generateApplications(logCtx, applicationSetInfo) if err != nil { _ = r.setApplicationSetStatusCondition(ctx, &applicationSetInfo, @@ -170,16 +166,6 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque return ctrl.Result{RequeueAfter: ReconcileRequeueOnValidationError}, nil } - currentApplications, err := r.getCurrentApplications(ctx, applicationSetInfo) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) - } - - err = r.updateResourcesStatus(ctx, logCtx, &applicationSetInfo, currentApplications) - if err != nil { - return ctrl.Result{}, fmt.Errorf("failed to get update resources status for application set: %w", err) - } - // appMap is a name->app collection of Applications in this ApplicationSet. appMap := map[string]argov1alpha1.Application{} // appSyncMap tracks which apps will be synced during this reconciliation. @@ -196,11 +182,16 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque } } else if applicationSetInfo.Spec.Strategy != nil { // appset uses progressive sync - for _, app := range currentApplications { + applications, err := r.getCurrentApplications(ctx, applicationSetInfo) + if err != nil { + return ctrl.Result{}, fmt.Errorf("failed to get current applications for application set: %w", err) + } + + for _, app := range applications { appMap[app.Name] = app } - appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, currentApplications, desiredApplications, appMap) + appSyncMap, err = r.performProgressiveSyncs(ctx, logCtx, applicationSetInfo, applications, desiredApplications, appMap) if err != nil { return ctrl.Result{}, fmt.Errorf("failed to perform progressive sync reconciliation for application set: %w", err) } @@ -239,6 +230,7 @@ func (r *ApplicationSetReconciler) Reconcile(ctx context.Context, req ctrl.Reque // trigger appropriate application syncs if RollingSync strategy is enabled if progressiveSyncsStrategyEnabled(&applicationSetInfo, "RollingSync") { validApps, err = r.syncValidApplications(logCtx, &applicationSetInfo, appSyncMap, appMap, validApps) + if err != nil { _ = r.setApplicationSetStatusCondition(ctx, &applicationSetInfo, @@ -429,7 +421,7 @@ func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context. if client.IgnoreNotFound(err) != nil { return nil } - return fmt.Errorf("error fetching updated application set: %w", err) + return fmt.Errorf("error fetching updated application set: %v", err) } applicationSet.Status.SetConditions( @@ -439,7 +431,7 @@ func (r *ApplicationSetReconciler) setApplicationSetStatusCondition(ctx context. // Update the newly fetched object with new set of conditions err := r.Client.Status().Update(ctx, applicationSet) if err != nil && !apierr.IsNotFound(err) { - return fmt.Errorf("unable to set application set condition: %w", err) + return fmt.Errorf("unable to set application set condition: %v", err) } } @@ -452,6 +444,7 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con errorsByIndex := map[int]error{} namesSet := map[string]bool{} for i, app := range desiredApplications { + if !namesSet[app.Name] { namesSet[app.Name] = true } else { @@ -471,6 +464,7 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con errorsByIndex[i] = fmt.Errorf("application destination spec is invalid: %s", err.Error()) continue } + } return errorsByIndex, nil @@ -479,6 +473,7 @@ func (r *ApplicationSetReconciler) validateGeneratedApplications(ctx context.Con func (r *ApplicationSetReconciler) getMinRequeueAfter(applicationSetInfo *argov1alpha1.ApplicationSet) time.Duration { var res time.Duration for _, requestedGenerator := range applicationSetInfo.Spec.Generators { + relevantGenerators := generators.GetRelevantGenerators(&requestedGenerator, r.Generators) for _, g := range relevantGenerators { @@ -495,6 +490,91 @@ func (r *ApplicationSetReconciler) getMinRequeueAfter(applicationSetInfo *argov1 return res } +func getTempApplication(applicationSetTemplate argov1alpha1.ApplicationSetTemplate) *argov1alpha1.Application { + var tmplApplication argov1alpha1.Application + tmplApplication.Annotations = applicationSetTemplate.Annotations + tmplApplication.Labels = applicationSetTemplate.Labels + tmplApplication.Namespace = applicationSetTemplate.Namespace + tmplApplication.Name = applicationSetTemplate.Name + tmplApplication.Spec = applicationSetTemplate.Spec + tmplApplication.Finalizers = applicationSetTemplate.Finalizers + + return &tmplApplication +} + +func (r *ApplicationSetReconciler) generateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) { + var res []argov1alpha1.Application + + var firstError error + var applicationSetReason argov1alpha1.ApplicationSetReasonType + + for _, requestedGenerator := range applicationSetInfo.Spec.Generators { + t, err := generators.Transform(requestedGenerator, r.Generators, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]interface{}{}) + if err != nil { + logCtx.WithError(err).WithField("generator", requestedGenerator). + Error("error generating application from params") + if firstError == nil { + firstError = err + applicationSetReason = argov1alpha1.ApplicationSetReasonApplicationParamsGenerationError + } + continue + } + + for _, a := range t { + tmplApplication := getTempApplication(a.Template) + + for _, p := range a.Params { + app, err := r.Renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) + + if err != nil { + logCtx.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). + Error("error generating application from params") + + if firstError == nil { + firstError = err + applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError + } + continue + } + + if applicationSetInfo.Spec.TemplatePatch != nil { + patchedApplication, err := r.applyTemplatePatch(app, applicationSetInfo, p) + + if err != nil { + log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). + Error("error generating application from params") + + if firstError == nil { + firstError = err + applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError + } + continue + } + + app = patchedApplication + } + + res = append(res, *app) + } + } + + logCtx.WithField("generator", requestedGenerator).Infof("generated %d applications", len(res)) + logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res) + } + + return res, applicationSetReason, firstError +} + +func (r *ApplicationSetReconciler) applyTemplatePatch(app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]interface{}) (*argov1alpha1.Application, error) { + replacedTemplate, err := r.Renderer.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) + + if err != nil { + return nil, fmt.Errorf("error replacing values in templatePatch: %w", err) + } + + return applyTemplatePatch(app, replacedTemplate) +} + func ignoreNotAllowedNamespaces(namespaces []string) predicate.Predicate { return predicate.Funcs{ CreateFunc: func(e event.CreateEvent) bool { @@ -532,7 +612,7 @@ func (r *ApplicationSetReconciler) SetupWithManager(mgr ctrl.Manager, enableProg Owns(&argov1alpha1.Application{}, builder.WithPredicates(ownsHandler)). WithEventFilter(ignoreNotAllowedNamespaces(r.ApplicationSetNamespaces)). Watches( - &corev1.Secret{}, + &source.Kind{Type: &corev1.Secret{}}, &clusterSecretEventHandler{ Client: mgr.GetClient(), Log: log.WithField("type", "createSecretEventHandler"), @@ -565,9 +645,14 @@ func (r *ApplicationSetReconciler) updateCache(ctx context.Context, obj client.O // - For existing application, it will call update // The function also adds owner reference to all applications, and uses it to delete them. func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context, logCtx *log.Entry, applicationSet argov1alpha1.ApplicationSet, desiredApplications []argov1alpha1.Application) error { + var firstError error // Creates or updates the application in appList for _, generatedApp := range desiredApplications { + // The app's namespace must be the same as the AppSet's namespace to preserve the appsets-in-any-namespace + // security boundary. + generatedApp.Namespace = applicationSet.Namespace + appLog := logCtx.WithFields(log.Fields{"app": generatedApp.QualifiedName()}) // Normalize to avoid fighting with the application controller. @@ -650,6 +735,7 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context, return controllerutil.SetControllerReference(&applicationSet, found, r.Scheme) }) + if err != nil { appLog.WithError(err).WithField("action", action).Errorf("failed to %s Application", action) if firstError == nil { @@ -675,6 +761,7 @@ func (r *ApplicationSetReconciler) createOrUpdateInCluster(ctx context.Context, // createInCluster will filter from the desiredApplications only the application that needs to be created // Then it will call createOrUpdateInCluster to do the actual create func (r *ApplicationSetReconciler) createInCluster(ctx context.Context, logCtx *log.Entry, applicationSet argov1alpha1.ApplicationSet, desiredApplications []argov1alpha1.Application) error { + var createApps []argov1alpha1.Application current, err := r.getCurrentApplications(ctx, applicationSet) if err != nil { @@ -702,6 +789,7 @@ func (r *ApplicationSetReconciler) createInCluster(ctx context.Context, logCtx * func (r *ApplicationSetReconciler) getCurrentApplications(ctx context.Context, applicationSet argov1alpha1.ApplicationSet) ([]argov1alpha1.Application, error) { var current argov1alpha1.ApplicationList err := r.Client.List(ctx, ¤t, client.MatchingFields{".metadata.controller": applicationSet.Name}, client.InNamespace(applicationSet.Namespace)) + if err != nil { return nil, fmt.Errorf("error retrieving applications: %w", err) } @@ -739,6 +827,7 @@ func (r *ApplicationSetReconciler) deleteInCluster(ctx context.Context, logCtx * _, exists := m[app.Name] if !exists { + // Removes the Argo CD resources finalizer if the application contains an invalid target (eg missing cluster) err := r.removeFinalizerOnInvalidDestination(ctx, applicationSet, &app, clusterList, logCtx) if err != nil { @@ -766,6 +855,7 @@ func (r *ApplicationSetReconciler) deleteInCluster(ctx context.Context, logCtx * // removeFinalizerOnInvalidDestination removes the Argo CD resources finalizer if the application contains an invalid target (eg missing cluster) func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx context.Context, applicationSet argov1alpha1.ApplicationSet, app *argov1alpha1.Application, clusterList *argov1alpha1.ClusterList, appLog *log.Entry) error { + // Only check if the finalizers need to be removed IF there are finalizers to remove if len(app.Finalizers) == 0 { return nil @@ -778,10 +868,12 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte appLog.Warnf("The destination cluster for %s couldn't be found: %v", app.Name, err) validDestination = false } else { + // Detect if the destination's server field does not match an existing cluster matchingCluster := false for _, cluster := range clusterList.Items { + // Server fields must match. Note that ValidateDestination ensures that the server field is set, if applicable. if app.Spec.Destination.Server != cluster.Server { continue @@ -805,6 +897,7 @@ func (r *ApplicationSetReconciler) removeFinalizerOnInvalidDestination(ctx conte // If the destination is invalid (for example the cluster is no longer defined), then remove // the application finalizers to avoid triggering Argo CD bug #5817 if !validDestination { + // Filter out the Argo CD finalizer from the finalizer list var newFinalizers []string for _, existingFinalizer := range app.Finalizers { @@ -854,6 +947,7 @@ func (r *ApplicationSetReconciler) removeOwnerReferencesOnDeleteAppSet(ctx conte } func (r *ApplicationSetReconciler) performProgressiveSyncs(ctx context.Context, logCtx *log.Entry, appset argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, desiredApplications []argov1alpha1.Application, appMap map[string]argov1alpha1.Application) (map[string]bool, error) { + appDependencyList, appStepMap, err := r.buildAppDependencyList(logCtx, appset, desiredApplications) if err != nil { return nil, fmt.Errorf("failed to build app dependency list: %w", err) @@ -891,6 +985,7 @@ func (r *ApplicationSetReconciler) performProgressiveSyncs(ctx context.Context, // this list tracks which Applications belong to each RollingUpdate step func (r *ApplicationSetReconciler) buildAppDependencyList(logCtx *log.Entry, applicationSet argov1alpha1.ApplicationSet, applications []argov1alpha1.Application) ([][]string, map[string]int, error) { + if applicationSet.Spec.Strategy == nil || applicationSet.Spec.Strategy.Type == "" || applicationSet.Spec.Strategy.Type == "AllAtOnce" { return [][]string{}, map[string]int{}, nil } @@ -910,9 +1005,11 @@ func (r *ApplicationSetReconciler) buildAppDependencyList(logCtx *log.Entry, app // use applicationLabelSelectors to filter generated Applications into steps and status by name for _, app := range applications { for i, step := range steps { + selected := true // default to true, assuming the current Application is a match for the given step matchExpression for _, matchExpression := range step.MatchExpressions { + if val, ok := app.Labels[matchExpression.Key]; ok { valueMatched := labelMatchedExpression(logCtx, val, matchExpression) @@ -976,6 +1073,7 @@ func (r *ApplicationSetReconciler) buildAppSyncMap(ctx context.Context, applicat // detect if we need to halt before progressing to the next step for _, appName := range appDependencyList[i] { + idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, appName) if idx == -1 { // no Application status found, likely because the Application is being newly created @@ -986,6 +1084,7 @@ func (r *ApplicationSetReconciler) buildAppSyncMap(ctx context.Context, applicat appStatus := applicationSet.Status.ApplicationStatus[idx] if app, ok := appMap[appName]; ok { + syncEnabled = appSyncEnabledForNextStep(&applicationSet, app, appStatus) if !syncEnabled { break @@ -1002,6 +1101,7 @@ func (r *ApplicationSetReconciler) buildAppSyncMap(ctx context.Context, applicat } func appSyncEnabledForNextStep(appset *argov1alpha1.ApplicationSet, app argov1alpha1.Application, appStatus argov1alpha1.ApplicationSetApplicationStatus) bool { + if progressiveSyncsStrategyEnabled(appset, "RollingSync") { // we still need to complete the current step if the Application is not yet Healthy or there are still pending Application changes return isApplicationHealthy(app) && appStatus.Status == "Healthy" @@ -1044,10 +1144,12 @@ func statusStrings(app argov1alpha1.Application) (string, string, string) { // check the status of each Application's status and promote Applications to the next status if needed func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applications []argov1alpha1.Application, appStepMap map[string]int) ([]argov1alpha1.ApplicationSetApplicationStatus, error) { + now := metav1.Now() appStatuses := make([]argov1alpha1.ApplicationSetApplicationStatus, 0, len(applications)) for _, app := range applications { + healthStatusString, syncStatusString, operationPhaseString := statusStrings(app) idx := findApplicationStatusIndex(applicationSet.Status.ApplicationStatus, app.Name) @@ -1062,7 +1164,6 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con Message: "No Application status found, defaulting status to Waiting.", Status: "Waiting", Step: fmt.Sprint(appStepMap[app.Name] + 1), - TargetRevisions: app.Status.GetRevisions(), } } else { // we have an existing AppStatus @@ -1080,25 +1181,20 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatus(ctx con currentAppStatus.Status = "Waiting" currentAppStatus.Message = "Application has pending changes, setting status to Waiting." currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1) - currentAppStatus.TargetRevisions = app.Status.GetRevisions() } if currentAppStatus.Status == "Pending" { - if operationPhaseString == "Succeeded" { - revisions := []string{} - if len(app.Status.OperationState.SyncResult.Revisions) > 0 { - revisions = app.Status.OperationState.SyncResult.Revisions - } else if app.Status.OperationState.SyncResult.Revision != "" { - revisions = append(revisions, app.Status.OperationState.SyncResult.Revision) - } - - if reflect.DeepEqual(currentAppStatus.TargetRevisions, revisions) { - logCtx.Infof("Application %v has completed a sync successfully, updating its ApplicationSet status to Progressing", app.Name) - currentAppStatus.LastTransitionTime = &now - currentAppStatus.Status = "Progressing" - currentAppStatus.Message = "Application resource completed a sync successfully, updating status from Pending to Progressing." - currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1) + // check for successful syncs started less than 10s before the Application transitioned to Pending + // this covers race conditions where syncs initiated by RollingSync miraculously have a sync time before the transition to Pending state occurred (could be a few seconds) + if operationPhaseString == "Succeeded" && app.Status.OperationState.StartedAt.Add(time.Duration(10)*time.Second).After(currentAppStatus.LastTransitionTime.Time) { + if !app.Status.OperationState.StartedAt.After(currentAppStatus.LastTransitionTime.Time) { + logCtx.Warnf("Application %v was synced less than 10s prior to entering Pending status, we'll assume the AppSet controller triggered this sync and update its status to Progressing", app.Name) } + logCtx.Infof("Application %v has completed a sync successfully, updating its ApplicationSet status to Progressing", app.Name) + currentAppStatus.LastTransitionTime = &now + currentAppStatus.Status = "Progressing" + currentAppStatus.Message = "Application resource completed a sync successfully, updating status from Pending to Progressing." + currentAppStatus.Step = fmt.Sprint(appStepMap[currentAppStatus.Application] + 1) } else if operationPhaseString == "Running" || healthStatusString == "Progressing" { logCtx.Infof("Application %v has entered Progressing status, updating its ApplicationSet status to Progressing", app.Name) currentAppStatus.LastTransitionTime = &now @@ -1167,6 +1263,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress } for _, appStatus := range applicationSet.Status.ApplicationStatus { + maxUpdateAllowed := true maxUpdate := &intstr.IntOrString{} if progressiveSyncsStrategyEnabled(applicationSet, "RollingSync") { @@ -1189,6 +1286,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress maxUpdateAllowed = false logCtx.Infof("Application %v is not allowed to update yet, %v/%v Applications already updating in step %v in AppSet %v", appStatus.Application, updateCountMap[appStepMap[appStatus.Application]], maxUpdateVal, appStepMap[appStatus.Application]+1, applicationSet.Name) } + } if appStatus.Status == "Waiting" && appSyncMap[appStatus.Application] && maxUpdateAllowed { @@ -1214,6 +1312,7 @@ func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusProgress } func (r *ApplicationSetReconciler) updateApplicationSetApplicationStatusConditions(ctx context.Context, applicationSet *argov1alpha1.ApplicationSet) ([]argov1alpha1.ApplicationSetCondition, error) { + appSetProgressing := false for _, appStatus := range applicationSet.Status.ApplicationStatus { if appStatus.Status != "Healthy" { @@ -1264,34 +1363,7 @@ func findApplicationStatusIndex(appStatuses []argov1alpha1.ApplicationSetApplica return -1 } -func (r *ApplicationSetReconciler) updateResourcesStatus(ctx context.Context, logCtx *log.Entry, appset *argov1alpha1.ApplicationSet, apps []argov1alpha1.Application) error { - statusMap := status.GetResourceStatusMap(appset) - statusMap = status.BuildResourceStatus(statusMap, apps) - - statuses := []argov1alpha1.ResourceStatus{} - for _, status := range statusMap { - statuses = append(statuses, status) - } - appset.Status.Resources = statuses - - namespacedName := types.NamespacedName{Namespace: appset.Namespace, Name: appset.Name} - err := r.Client.Status().Update(ctx, appset) - if err != nil { - logCtx.Errorf("unable to set application set status: %v", err) - return fmt.Errorf("unable to set application set status: %w", err) - } - - if err := r.Get(ctx, namespacedName, appset); err != nil { - if client.IgnoreNotFound(err) != nil { - return nil - } - return fmt.Errorf("error fetching updated application set: %w", err) - } - - return nil -} - -// setApplicationSetApplicationStatus updates the ApplicationSet's status field +// setApplicationSetApplicationStatus updates the ApplicatonSet's status field // with any new/changed Application statuses. func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Context, logCtx *log.Entry, applicationSet *argov1alpha1.ApplicationSet, applicationStatuses []argov1alpha1.ApplicationSetApplicationStatus) error { needToUpdateStatus := false @@ -1326,15 +1398,16 @@ func (r *ApplicationSetReconciler) setAppSetApplicationStatus(ctx context.Contex // Update the newly fetched object with new set of ApplicationStatus err := r.Client.Status().Update(ctx, applicationSet) if err != nil { + logCtx.Errorf("unable to set application set status: %v", err) - return fmt.Errorf("unable to set application set status: %w", err) + return fmt.Errorf("unable to set application set status: %v", err) } if err := r.Get(ctx, namespacedName, applicationSet); err != nil { if client.IgnoreNotFound(err) != nil { return nil } - return fmt.Errorf("error fetching updated application set: %w", err) + return fmt.Errorf("error fetching updated application set: %v", err) } } @@ -1371,6 +1444,7 @@ func (r *ApplicationSetReconciler) syncValidApplications(logCtx *log.Entry, appl // used by the RollingSync Progressive Sync strategy to trigger a sync of a particular Application resource func syncApplication(application argov1alpha1.Application, prune bool) (argov1alpha1.Application, error) { + operation := argov1alpha1.Operation{ InitiatedBy: argov1alpha1.OperationInitiator{ Username: "applicationset-controller", @@ -1468,11 +1542,12 @@ func shouldRequeueApplicationSet(appOld *argov1alpha1.Application, appNew *argov // the applicationset controller owns the application spec, labels, annotations, and finalizers on the applications // reflect.DeepEqual considers nil slices/maps not equal to empty slices/maps // https://pkg.go.dev/reflect#DeepEqual - // ApplicationDestination has an unexported field so we can just use the == for comparison + // ApplicationDestination has an unexported field so we can just use the == for comparsion if !cmp.Equal(appOld.Spec, appNew.Spec, cmpopts.EquateEmpty(), cmpopts.EquateComparable(argov1alpha1.ApplicationDestination{})) || !cmp.Equal(appOld.ObjectMeta.GetAnnotations(), appNew.ObjectMeta.GetAnnotations(), cmpopts.EquateEmpty()) || !cmp.Equal(appOld.ObjectMeta.GetLabels(), appNew.ObjectMeta.GetLabels(), cmpopts.EquateEmpty()) || !cmp.Equal(appOld.ObjectMeta.GetFinalizers(), appNew.ObjectMeta.GetFinalizers(), cmpopts.EquateEmpty()) { + return true } diff --git a/applicationset/controllers/applicationset_controller_test.go b/applicationset/controllers/applicationset_controller_test.go index 51699a5976a34..7afea05cd52eb 100644 --- a/applicationset/controllers/applicationset_controller_test.go +++ b/applicationset/controllers/applicationset_controller_test.go @@ -12,7 +12,6 @@ import ( log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -24,7 +23,6 @@ import ( "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/cache" - crtcache "sigs.k8s.io/controller-runtime/pkg/cache" crtclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -34,11 +32,11 @@ import ( "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/argoproj/argo-cd/v2/applicationset/generators" - "github.com/argoproj/argo-cd/v2/applicationset/generators/mocks" "github.com/argoproj/argo-cd/v2/applicationset/utils" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" + "github.com/argoproj/argo-cd/v2/util/collections" dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/argoproj/argo-cd/v2/pkg/apis/application" @@ -68,17 +66,309 @@ type fakeCache struct { cache.Cache } -func (f *fakeCache) GetInformer(ctx context.Context, obj crtclient.Object, opt ...crtcache.InformerGetOption) (cache.Informer, error) { +func (f *fakeCache) GetInformer(ctx context.Context, obj crtclient.Object) (cache.Informer, error) { return &fakeInformer{}, nil } +type generatorMock struct { + mock.Mock +} + +func (g *generatorMock) GetTemplate(appSetGenerator *v1alpha1.ApplicationSetGenerator) *v1alpha1.ApplicationSetTemplate { + args := g.Called(appSetGenerator) + + return args.Get(0).(*v1alpha1.ApplicationSetTemplate) +} + +func (g *generatorMock) GenerateParams(appSetGenerator *v1alpha1.ApplicationSetGenerator, _ *v1alpha1.ApplicationSet) ([]map[string]interface{}, error) { + args := g.Called(appSetGenerator) + + return args.Get(0).([]map[string]interface{}), args.Error(1) +} + +func (g *generatorMock) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { + args := g.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions) + + return args.Get(0).(string), args.Error(1) +} + +type rendererMock struct { + mock.Mock +} + +func (g *generatorMock) GetRequeueAfter(appSetGenerator *v1alpha1.ApplicationSetGenerator) time.Duration { + args := g.Called(appSetGenerator) + + return args.Get(0).(time.Duration) +} + +func (r *rendererMock) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*v1alpha1.Application, error) { + args := r.Called(tmpl, params, useGoTemplate, goTemplateOptions) + + if args.Error(1) != nil { + return nil, args.Error(1) + } + + return args.Get(0).(*v1alpha1.Application), args.Error(1) + +} + +func (r *rendererMock) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { + args := r.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions) + + return args.Get(0).(string), args.Error(1) +} + +func TestExtractApplications(t *testing.T) { + scheme := runtime.NewScheme() + err := v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + + err = v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + + for _, c := range []struct { + name string + params []map[string]interface{} + template v1alpha1.ApplicationSetTemplate + generateParamsError error + rendererError error + expectErr bool + expectedReason v1alpha1.ApplicationSetReasonType + }{ + { + name: "Generate two applications", + params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}}, + template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "name", + Namespace: "namespace", + Labels: map[string]string{"label_name": "label_value"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + expectedReason: "", + }, + { + name: "Handles error from the generator", + generateParamsError: fmt.Errorf("error"), + expectErr: true, + expectedReason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, + }, + { + name: "Handles error from the render", + params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}}, + template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "name", + Namespace: "namespace", + Labels: map[string]string{"label_name": "label_value"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + rendererError: fmt.Errorf("error"), + expectErr: true, + expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError, + }, + } { + cc := c + app := v1alpha1.Application{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + }, + } + + t.Run(cc.name, func(t *testing.T) { + + appSet := &v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + } + + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(appSet).Build() + + generatorMock := generatorMock{} + generator := v1alpha1.ApplicationSetGenerator{ + List: &v1alpha1.ListGenerator{}, + } + + generatorMock.On("GenerateParams", &generator). + Return(cc.params, cc.generateParamsError) + + generatorMock.On("GetTemplate", &generator). + Return(&v1alpha1.ApplicationSetTemplate{}) + + rendererMock := rendererMock{} + + var expectedApps []v1alpha1.Application + + if cc.generateParamsError == nil { + for _, p := range cc.params { + + if cc.rendererError != nil { + rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)). + Return(nil, cc.rendererError) + } else { + rendererMock.On("RenderTemplateParams", getTempApplication(cc.template), p, false, []string(nil)). + Return(&app, nil) + expectedApps = append(expectedApps, app) + } + } + } + + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Recorder: record.NewFakeRecorder(1), + Generators: map[string]generators.Generator{ + "List": &generatorMock, + }, + Renderer: &rendererMock, + KubeClientset: kubefake.NewSimpleClientset(), + Cache: &fakeCache{}, + } + + got, reason, err := r.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{generator}, + Template: cc.template, + }, + }) + + if cc.expectErr { + assert.Error(t, err) + } else { + assert.NoError(t, err) + } + assert.Equal(t, expectedApps, got) + assert.Equal(t, cc.expectedReason, reason) + generatorMock.AssertNumberOfCalls(t, "GenerateParams", 1) + + if cc.generateParamsError == nil { + rendererMock.AssertNumberOfCalls(t, "RenderTemplateParams", len(cc.params)) + } + + }) + } + +} + +func TestMergeTemplateApplications(t *testing.T) { + scheme := runtime.NewScheme() + _ = v1alpha1.AddToScheme(scheme) + _ = v1alpha1.AddToScheme(scheme) + + client := fake.NewClientBuilder().WithScheme(scheme).Build() + + for _, c := range []struct { + name string + params []map[string]interface{} + template v1alpha1.ApplicationSetTemplate + overrideTemplate v1alpha1.ApplicationSetTemplate + expectedMerged v1alpha1.ApplicationSetTemplate + expectedApps []v1alpha1.Application + }{ + { + name: "Generate app", + params: []map[string]interface{}{{"name": "app1"}}, + template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "name", + Namespace: "namespace", + Labels: map[string]string{"label_name": "label_value"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + overrideTemplate: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "test", + Labels: map[string]string{"foo": "bar"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + expectedMerged: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "test", + Namespace: "namespace", + Labels: map[string]string{"label_name": "label_value", "foo": "bar"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + expectedApps: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "test", + Labels: map[string]string{"foo": "bar"}, + }, + Spec: v1alpha1.ApplicationSpec{}, + }, + }, + }, + } { + cc := c + + t.Run(cc.name, func(t *testing.T) { + + generatorMock := generatorMock{} + generator := v1alpha1.ApplicationSetGenerator{ + List: &v1alpha1.ListGenerator{}, + } + + generatorMock.On("GenerateParams", &generator). + Return(cc.params, nil) + + generatorMock.On("GetTemplate", &generator). + Return(&cc.overrideTemplate) + + rendererMock := rendererMock{} + + rendererMock.On("RenderTemplateParams", getTempApplication(cc.expectedMerged), cc.params[0], false, []string(nil)). + Return(&cc.expectedApps[0], nil) + + r := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Recorder: record.NewFakeRecorder(1), + Generators: map[string]generators.Generator{ + "List": &generatorMock, + }, + Renderer: &rendererMock, + KubeClientset: kubefake.NewSimpleClientset(), + } + + got, _, _ := r.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ + ObjectMeta: metav1.ObjectMeta{ + Name: "name", + Namespace: "namespace", + }, + Spec: v1alpha1.ApplicationSetSpec{ + Generators: []v1alpha1.ApplicationSetGenerator{generator}, + Template: cc.template, + }, + }, + ) + + assert.Equal(t, cc.expectedApps, got) + }) + } + +} + func TestCreateOrUpdateInCluster(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, c := range []struct { // name is human-readable test name @@ -104,10 +394,8 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, - Spec: v1alpha1.ApplicationSpec{Project: "default"}, }, }, expected: []v1alpha1.Application{ @@ -159,8 +447,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -218,8 +505,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app2", - Namespace: "namespace", + Name: "app2", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -278,7 +564,6 @@ func TestCreateOrUpdateInCluster(t *testing.T) { { ObjectMeta: metav1.ObjectMeta{ Name: "app1", - Namespace: "namespace", Labels: map[string]string{"label-key": "label-value"}, Annotations: map[string]string{"annot-key": "annot-value"}, }, @@ -342,8 +627,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -409,8 +693,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -483,7 +766,6 @@ func TestCreateOrUpdateInCluster(t *testing.T) { { ObjectMeta: metav1.ObjectMeta{ Name: "app1", - Namespace: "namespace", Labels: map[string]string{"label-key": "label-value"}, Annotations: map[string]string{"annot-key": "annot-value"}, }, @@ -561,8 +843,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -589,8 +870,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, - }, - { + }, { name: "Ensure that configured preserved annotations are preserved from an existing app", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -631,8 +911,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -658,8 +937,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, - }, - { + }, { name: "Ensure that the app spec is normalized before applying", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -682,8 +960,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -714,8 +991,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, - }, - { + }, { // For this use case: https://github.com/argoproj/argo-cd/issues/9101#issuecomment-1191138278 name: "Ensure that ignored targetRevision difference doesn't cause an update, even if another field changes", appSet: v1alpha1.ApplicationSet{ @@ -761,8 +1037,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -807,8 +1082,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, - }, - { + }, { // For this use case: https://github.com/argoproj/argo-cd/pull/14743#issuecomment-1761954799 name: "ignore parameters added to a multi-source app in the cluster", appSet: v1alpha1.ApplicationSet{ @@ -865,8 +1139,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -910,8 +1183,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, - }, - { + }, { name: "Demonstrate limitation of MergePatch", // Maybe we can fix this in Argo CD 3.0: https://github.com/argoproj/argo-cd/issues/15975 appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -967,8 +1239,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1010,8 +1281,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, }, - }, - { + }, { name: "Ensure that argocd post-delete finalizers are preserved from an existing app", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -1049,8 +1319,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { desiredApps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1079,12 +1348,14 @@ func TestCreateOrUpdateInCluster(t *testing.T) { }, }, } { + t.Run(c.name, func(t *testing.T) { + initObjs := []crtclient.Object{&c.appSet} for _, a := range c.existingApps { err = controllerutil.SetControllerReference(&c.appSet, &a, scheme) - require.NoError(t, err) + assert.Nil(t, err) initObjs = append(initObjs, &a) } @@ -1098,7 +1369,7 @@ func TestCreateOrUpdateInCluster(t *testing.T) { } err = r.createOrUpdateInCluster(context.TODO(), log.NewEntry(log.StandardLogger()), c.appSet, c.desiredApps) - require.NoError(t, err) + assert.NoError(t, err) for _, obj := range c.expected { got := &v1alpha1.Application{} @@ -1115,12 +1386,13 @@ func TestCreateOrUpdateInCluster(t *testing.T) { } func TestRemoveFinalizerOnInvalidDestination_FinalizerTypes(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, c := range []struct { // name is human-readable test name @@ -1150,6 +1422,7 @@ func TestRemoveFinalizerOnInvalidDestination_FinalizerTypes(t *testing.T) { }, } { t.Run(c.name, func(t *testing.T) { + appSet := v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -1207,22 +1480,22 @@ func TestRemoveFinalizerOnInvalidDestination_FinalizerTypes(t *testing.T) { KubeClientset: kubeclientset, Cache: &fakeCache{}, } - // settingsMgr := settings.NewSettingsManager(context.TODO(), kubeclientset, "namespace") - // argoDB := db.NewDB("namespace", settingsMgr, r.KubeClientset) - // clusterList, err := argoDB.ListClusters(context.Background()) + //settingsMgr := settings.NewSettingsManager(context.TODO(), kubeclientset, "namespace") + //argoDB := db.NewDB("namespace", settingsMgr, r.KubeClientset) + //clusterList, err := argoDB.ListClusters(context.Background()) clusterList, err := utils.ListClusters(context.Background(), kubeclientset, "namespace") - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") appLog := log.WithFields(log.Fields{"app": app.Name, "appSet": ""}) appInputParam := app.DeepCopy() err = r.removeFinalizerOnInvalidDestination(context.Background(), appSet, appInputParam, clusterList, appLog) - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") retrievedApp := v1alpha1.Application{} err = client.Get(context.Background(), crtclient.ObjectKeyFromObject(&app), &retrievedApp) - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") // App on the cluster should have the expected finalizers assert.ElementsMatch(t, c.expectedFinalizers, retrievedApp.Finalizers) @@ -1232,17 +1505,19 @@ func TestRemoveFinalizerOnInvalidDestination_FinalizerTypes(t *testing.T) { bytes, _ := json.MarshalIndent(retrievedApp, "", " ") t.Log("Contents of app after call:", string(bytes)) + }) } } func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, c := range []struct { // name is human-readable test name @@ -1308,7 +1583,9 @@ func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { expectFinalizerRemoved: false, }, } { + t.Run(c.name, func(t *testing.T) { + appSet := v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -1369,25 +1646,26 @@ func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { // argoDB := db.NewDB("argocd", settingsMgr, r.KubeClientset) // clusterList, err := argoDB.ListClusters(context.Background()) clusterList, err := utils.ListClusters(context.Background(), kubeclientset, "namespace") - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") appLog := log.WithFields(log.Fields{"app": app.Name, "appSet": ""}) appInputParam := app.DeepCopy() err = r.removeFinalizerOnInvalidDestination(context.Background(), appSet, appInputParam, clusterList, appLog) - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") retrievedApp := v1alpha1.Application{} err = client.Get(context.Background(), crtclient.ObjectKeyFromObject(&app), &retrievedApp) - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") finalizerRemoved := len(retrievedApp.Finalizers) == 0 - assert.Equal(t, c.expectFinalizerRemoved, finalizerRemoved) + assert.True(t, c.expectFinalizerRemoved == finalizerRemoved) bytes, _ := json.MarshalIndent(retrievedApp, "", " ") t.Log("Contents of app after call:", string(bytes)) + }) } } @@ -1395,10 +1673,10 @@ func TestRemoveFinalizerOnInvalidDestination_DestinationTypes(t *testing.T) { func TestRemoveOwnerReferencesOnDeleteAppSet(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, c := range []struct { // name is human-readable test name @@ -1440,7 +1718,7 @@ func TestRemoveOwnerReferencesOnDeleteAppSet(t *testing.T) { } err := controllerutil.SetControllerReference(&appSet, &app, scheme) - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") initObjs := []crtclient.Object{&app, &appSet} @@ -1455,11 +1733,11 @@ func TestRemoveOwnerReferencesOnDeleteAppSet(t *testing.T) { } err = r.removeOwnerReferencesOnDeleteAppSet(context.Background(), appSet) - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") retrievedApp := v1alpha1.Application{} err = client.Get(context.Background(), crtclient.ObjectKeyFromObject(&app), &retrievedApp) - require.NoError(t, err, "Unexpected error") + assert.NoError(t, err, "Unexpected error") ownerReferencesRemoved := len(retrievedApp.OwnerReferences) == 0 assert.True(t, ownerReferencesRemoved) @@ -1468,12 +1746,13 @@ func TestRemoveOwnerReferencesOnDeleteAppSet(t *testing.T) { } func TestCreateApplications(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) testCases := []struct { name string @@ -1494,8 +1773,7 @@ func TestCreateApplications(t *testing.T) { apps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, }, }, @@ -1550,8 +1828,7 @@ func TestCreateApplications(t *testing.T) { apps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - Namespace: "namespace", + Name: "app1", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1609,8 +1886,7 @@ func TestCreateApplications(t *testing.T) { apps: []v1alpha1.Application{ { ObjectMeta: metav1.ObjectMeta{ - Name: "app2", - Namespace: "namespace", + Name: "app2", }, Spec: v1alpha1.ApplicationSpec{ Project: "project", @@ -1641,7 +1917,7 @@ func TestCreateApplications(t *testing.T) { initObjs := []crtclient.Object{&c.appSet} for _, a := range c.existsApps { err = controllerutil.SetControllerReference(&c.appSet, &a, scheme) - require.NoError(t, err) + assert.Nil(t, err) initObjs = append(initObjs, &a) } @@ -1655,7 +1931,7 @@ func TestCreateApplications(t *testing.T) { } err = r.createInCluster(context.TODO(), log.NewEntry(log.StandardLogger()), c.appSet, c.apps) - require.NoError(t, err) + assert.Nil(t, err) for _, obj := range c.expected { got := &v1alpha1.Application{} @@ -1665,7 +1941,7 @@ func TestCreateApplications(t *testing.T) { }, got) err = controllerutil.SetControllerReference(&c.appSet, &obj, r.Scheme) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, obj, *got) } @@ -1674,11 +1950,12 @@ func TestCreateApplications(t *testing.T) { } func TestDeleteInCluster(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, c := range []struct { // appSet is the application set on which the delete function is called @@ -1784,7 +2061,7 @@ func TestDeleteInCluster(t *testing.T) { for _, a := range c.existingApps { temp := a err = controllerutil.SetControllerReference(&c.appSet, &temp, scheme) - require.NoError(t, err) + assert.Nil(t, err) initObjs = append(initObjs, &temp) } @@ -1798,7 +2075,7 @@ func TestDeleteInCluster(t *testing.T) { } err = r.deleteInCluster(context.TODO(), log.NewEntry(log.StandardLogger()), c.appSet, c.desiredApps) - require.NoError(t, err) + assert.Nil(t, err) // For each of the expected objects, verify they exist on the cluster for _, obj := range c.expected { @@ -1809,7 +2086,7 @@ func TestDeleteInCluster(t *testing.T) { }, got) err = controllerutil.SetControllerReference(&c.appSet, &obj, r.Scheme) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, obj, *got) } @@ -1830,9 +2107,9 @@ func TestDeleteInCluster(t *testing.T) { func TestGetMinRequeueAfter(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) client := fake.NewClientBuilder().WithScheme(scheme).Build() @@ -1842,15 +2119,15 @@ func TestGetMinRequeueAfter(t *testing.T) { Clusters: &v1alpha1.ClusterGenerator{}, } - generatorMock0 := mocks.Generator{} + generatorMock0 := generatorMock{} generatorMock0.On("GetRequeueAfter", &generator). Return(generators.NoRequeueAfter) - generatorMock1 := mocks.Generator{} + generatorMock1 := generatorMock{} generatorMock1.On("GetRequeueAfter", &generator). Return(time.Duration(1) * time.Second) - generatorMock10 := mocks.Generator{} + generatorMock10 := generatorMock{} generatorMock10.On("GetRequeueAfter", &generator). Return(time.Duration(10) * time.Second) @@ -1876,12 +2153,13 @@ func TestGetMinRequeueAfter(t *testing.T) { } func TestValidateGeneratedApplications(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) client := fake.NewClientBuilder().WithScheme(scheme).Build() @@ -2035,7 +2313,9 @@ func TestValidateGeneratedApplications(t *testing.T) { validationErrors: map[int]error{0: fmt.Errorf("application destination spec is invalid: unable to find destination server: there are no clusters with this name: nonexistent-cluster")}, }, } { + t.Run(cc.name, func(t *testing.T) { + secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "my-secret", @@ -2086,7 +2366,7 @@ func TestValidateGeneratedApplications(t *testing.T) { } if len(errorMessages) == 0 { - assert.Empty(t, cc.expectedErrors, "Expected errors but none were seen") + assert.Equal(t, len(cc.expectedErrors), 0, "Expected errors but none were seen") } else { // An error was returned: it should be expected matched := false @@ -2113,11 +2393,12 @@ func TestValidateGeneratedApplications(t *testing.T) { } func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) project := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "good-project", Namespace: "argocd"}, @@ -2158,7 +2439,7 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&project} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} badCluster := v1alpha1.Cluster{Server: "https://bad-cluster", Name: "bad-cluster"} argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) @@ -2192,27 +2473,27 @@ func TestReconcilerValidationProjectErrorBehaviour(t *testing.T) { // Verify that on validation error, no error is returned, but the object is requeued res, err := r.Reconcile(context.Background(), req) - require.NoError(t, err) - assert.Equal(t, ReconcileRequeueOnValidationError, res.RequeueAfter) + assert.Nil(t, err) + assert.True(t, res.RequeueAfter == ReconcileRequeueOnValidationError) var app v1alpha1.Application // make sure good app got created err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "good-project"}, &app) - require.NoError(t, err) - assert.Equal(t, "good-project", app.Name) + assert.NoError(t, err) + assert.Equal(t, app.Name, "good-project") // make sure bad app was not created err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "bad-project"}, &app) - require.Error(t, err) + assert.Error(t, err) } func TestSetApplicationSetStatusCondition(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) appSet := v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -2259,17 +2540,18 @@ func TestSetApplicationSetStatusCondition(t *testing.T) { } err = r.setApplicationSetStatusCondition(context.TODO(), &appSet, appCondition, true) - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, appSet.Status.Conditions, 3) } func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alpha1.ApplicationsSyncPolicy, recordBuffer int, allowPolicyOverride bool) v1alpha1.Application { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) defaultProject := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, @@ -2311,7 +2593,7 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&defaultProject} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ @@ -2344,20 +2626,20 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp // Verify that on validation error, no error is returned, but the object is requeued resCreate, err := r.Reconcile(context.Background(), req) - require.NoError(t, err) - assert.Equal(t, time.Duration(0), resCreate.RequeueAfter) + assert.Nil(t, err) + assert.True(t, resCreate.RequeueAfter == 0) var app v1alpha1.Application // make sure good app got created err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "good-cluster"}, &app) - require.NoError(t, err) - assert.Equal(t, "good-cluster", app.Name) + assert.Nil(t, err) + assert.Equal(t, app.Name, "good-cluster") // Update resource var retrievedApplicationSet v1alpha1.ApplicationSet err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "name"}, &retrievedApplicationSet) - require.NoError(t, err) + assert.Nil(t, err) retrievedApplicationSet.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} retrievedApplicationSet.Spec.Template.Labels = map[string]string{"label-key": "label-value"} @@ -2367,20 +2649,21 @@ func applicationsUpdateSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp } err = r.Client.Update(context.TODO(), &retrievedApplicationSet) - require.NoError(t, err) + assert.Nil(t, err) resUpdate, err := r.Reconcile(context.Background(), req) - require.NoError(t, err) + assert.Nil(t, err) err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "good-cluster"}, &app) - require.NoError(t, err) - assert.Equal(t, time.Duration(0), resUpdate.RequeueAfter) - assert.Equal(t, "good-cluster", app.Name) + assert.Nil(t, err) + assert.True(t, resUpdate.RequeueAfter == 0) + assert.Equal(t, app.Name, "good-cluster") return app } func TestUpdateNotPerformedWithSyncPolicyCreateOnly(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateOnly app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 1, true) @@ -2390,6 +2673,7 @@ func TestUpdateNotPerformedWithSyncPolicyCreateOnly(t *testing.T) { } func TestUpdateNotPerformedWithSyncPolicyCreateDelete(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateDelete app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 1, true) @@ -2399,6 +2683,7 @@ func TestUpdateNotPerformedWithSyncPolicyCreateDelete(t *testing.T) { } func TestUpdatePerformedWithSyncPolicyCreateUpdate(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateUpdate app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 2, true) @@ -2409,6 +2694,7 @@ func TestUpdatePerformedWithSyncPolicyCreateUpdate(t *testing.T) { } func TestUpdatePerformedWithSyncPolicySync(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicySync app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 2, true) @@ -2419,6 +2705,7 @@ func TestUpdatePerformedWithSyncPolicySync(t *testing.T) { } func TestUpdatePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateOnly app := applicationsUpdateSyncPolicyTest(t, applicationsSyncPolicy, 2, false) @@ -2429,11 +2716,12 @@ func TestUpdatePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *t } func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alpha1.ApplicationsSyncPolicy, recordBuffer int, allowPolicyOverride bool) v1alpha1.ApplicationList { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) defaultProject := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, @@ -2475,7 +2763,7 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{&defaultProject} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() goodCluster := v1alpha1.Cluster{Server: "https://good-cluster", Name: "good-cluster"} argoDBMock.On("GetCluster", mock.Anything, "https://good-cluster").Return(&goodCluster, nil) argoDBMock.On("ListClusters", mock.Anything).Return(&v1alpha1.ClusterList{Items: []v1alpha1.Cluster{ @@ -2508,20 +2796,20 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp // Verify that on validation error, no error is returned, but the object is requeued resCreate, err := r.Reconcile(context.Background(), req) - require.NoError(t, err) - assert.Equal(t, time.Duration(0), resCreate.RequeueAfter) + assert.Nil(t, err) + assert.True(t, resCreate.RequeueAfter == 0) var app v1alpha1.Application // make sure good app got created err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "good-cluster"}, &app) - require.NoError(t, err) - assert.Equal(t, "good-cluster", app.Name) + assert.Nil(t, err) + assert.Equal(t, app.Name, "good-cluster") // Update resource var retrievedApplicationSet v1alpha1.ApplicationSet err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "name"}, &retrievedApplicationSet) - require.NoError(t, err) + assert.Nil(t, err) retrievedApplicationSet.Spec.Generators = []v1alpha1.ApplicationSetGenerator{ { List: &v1alpha1.ListGenerator{ @@ -2531,21 +2819,22 @@ func applicationsDeleteSyncPolicyTest(t *testing.T, applicationsSyncPolicy v1alp } err = r.Client.Update(context.TODO(), &retrievedApplicationSet) - require.NoError(t, err) + assert.Nil(t, err) resUpdate, err := r.Reconcile(context.Background(), req) - require.NoError(t, err) + assert.Nil(t, err) var apps v1alpha1.ApplicationList err = r.Client.List(context.TODO(), &apps) - require.NoError(t, err) - assert.Equal(t, time.Duration(0), resUpdate.RequeueAfter) + assert.Nil(t, err) + assert.True(t, resUpdate.RequeueAfter == 0) return apps } func TestDeleteNotPerformedWithSyncPolicyCreateOnly(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateOnly apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 1, true) @@ -2554,6 +2843,7 @@ func TestDeleteNotPerformedWithSyncPolicyCreateOnly(t *testing.T) { } func TestDeleteNotPerformedWithSyncPolicyCreateUpdate(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateUpdate apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 2, true) @@ -2562,45 +2852,162 @@ func TestDeleteNotPerformedWithSyncPolicyCreateUpdate(t *testing.T) { } func TestDeletePerformedWithSyncPolicyCreateDelete(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateDelete apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, true) - assert.Empty(t, apps.Items) + assert.Equal(t, 0, len(apps.Items)) } func TestDeletePerformedWithSyncPolicySync(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicySync apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, true) - assert.Empty(t, apps.Items) + assert.Equal(t, 0, len(apps.Items)) } func TestDeletePerformedWithSyncPolicyCreateOnlyAndAllowPolicyOverrideFalse(t *testing.T) { + applicationsSyncPolicy := v1alpha1.ApplicationsSyncPolicyCreateOnly apps := applicationsDeleteSyncPolicyTest(t, applicationsSyncPolicy, 3, false) - assert.Empty(t, apps.Items) + assert.Equal(t, 0, len(apps.Items)) } -func TestPolicies(t *testing.T) { +// Test app generation from a go template application set using a pull request generator +func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) { scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + client := fake.NewClientBuilder().WithScheme(scheme).Build() - defaultProject := v1alpha1.AppProject{ - ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, - Spec: v1alpha1.AppProjectSpec{SourceRepos: []string{"*"}, Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "https://kubernetes.default.svc"}}}, - } - myCluster := v1alpha1.Cluster{ - Server: "https://kubernetes.default.svc", - Name: "my-cluster", - } + for _, cases := range []struct { + name string + params []map[string]interface{} + template v1alpha1.ApplicationSetTemplate + expectedApp []v1alpha1.Application + }{ + { + name: "Generate an application from a go template application set manifest using a pull request generator", + params: []map[string]interface{}{{ + "number": "1", + "branch": "branch1", + "branch_slug": "branchSlug1", + "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", + "head_short_sha": "089d92cb", + "branch_slugify_default": "feat/a_really+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", + "branch_slugify_smarttruncate_disabled": "feat/areallylongpullrequestnametotestargoslugificationandbranchnameshorteningfeature", + "branch_slugify_smarttruncate_enabled": "feat/testwithsmarttruncateenabledramdomlonglistofcharacters", + "labels": []string{"label1"}}, + }, + template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ + Name: "AppSet-{{.branch}}-{{.number}}", + Labels: map[string]string{ + "app1": "{{index .labels 0}}", + "branch-test1": "AppSet-{{.branch_slugify_default | slugify }}", + "branch-test2": "AppSet-{{.branch_slugify_smarttruncate_disabled | slugify 49 false }}", + "branch-test3": "AppSet-{{.branch_slugify_smarttruncate_enabled | slugify 50 true }}", + }, + }, + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{ + RepoURL: "https://testurl/testRepo", + TargetRevision: "{{.head_short_sha}}", + }, + Destination: v1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "AppSet-{{.branch_slug}}-{{.head_sha}}", + }, + }, + }, + expectedApp: []v1alpha1.Application{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "AppSet-branch1-1", + Labels: map[string]string{ + "app1": "label1", + "branch-test1": "AppSet-feat-a-really-long-pull-request-name-to-test-argo", + "branch-test2": "AppSet-feat-areallylongpullrequestnametotestargoslugific", + "branch-test3": "AppSet-feat", + }, + }, + Spec: v1alpha1.ApplicationSpec{ + Source: &v1alpha1.ApplicationSource{ + RepoURL: "https://testurl/testRepo", + TargetRevision: "089d92cb", + }, + Destination: v1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "AppSet-branchSlug1-089d92cbf9ff857a39e6feccd32798ca700fb958", + }, + }, + }, + }, + }, + } { + + t.Run(cases.name, func(t *testing.T) { + + generatorMock := generatorMock{} + generator := v1alpha1.ApplicationSetGenerator{ + PullRequest: &v1alpha1.PullRequestGenerator{}, + } + + generatorMock.On("GenerateParams", &generator). + Return(cases.params, nil) + + generatorMock.On("GetTemplate", &generator). + Return(&cases.template, nil) + + appSetReconciler := ApplicationSetReconciler{ + Client: client, + Scheme: scheme, + Recorder: record.NewFakeRecorder(1), + Cache: &fakeCache{}, + Generators: map[string]generators.Generator{ + "PullRequest": &generatorMock, + }, + Renderer: &utils.Render{}, + KubeClientset: kubefake.NewSimpleClientset(), + } + + gotApp, _, _ := appSetReconciler.generateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Generators: []v1alpha1.ApplicationSetGenerator{{ + PullRequest: &v1alpha1.PullRequestGenerator{}, + }}, + Template: cases.template, + }, + }, + ) + assert.EqualValues(t, cases.expectedApp[0].ObjectMeta.Name, gotApp[0].ObjectMeta.Name) + assert.EqualValues(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision) + assert.EqualValues(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace) + assert.True(t, collections.StringMapsEqual(cases.expectedApp[0].ObjectMeta.Labels, gotApp[0].ObjectMeta.Labels)) + }) + } +} + +func TestPolicies(t *testing.T) { + scheme := runtime.NewScheme() + err := v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + + err = v1alpha1.AddToScheme(scheme) + assert.Nil(t, err) + + defaultProject := v1alpha1.AppProject{ + ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: "argocd"}, + Spec: v1alpha1.AppProjectSpec{SourceRepos: []string{"*"}, Destinations: []v1alpha1.ApplicationDestination{{Namespace: "*", Server: "https://kubernetes.default.svc"}}}, + } + myCluster := v1alpha1.Cluster{ + Server: "https://kubernetes.default.svc", + Name: "my-cluster", + } kubeclientset := kubefake.NewSimpleClientset() argoDBMock := dbmocks.ArgoDB{} @@ -2677,7 +3084,7 @@ func TestPolicies(t *testing.T) { }, } - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithStatusSubresource(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appSet).WithIndex(&v1alpha1.Application{}, ".metadata.controller", appControllerIndexer).Build() r := ApplicationSetReconciler{ Client: client, @@ -2704,49 +3111,49 @@ func TestPolicies(t *testing.T) { // Check if Application is created res, err := r.Reconcile(context.Background(), req) - require.NoError(t, err) - assert.Equal(t, time.Duration(0), res.RequeueAfter) + assert.Nil(t, err) + assert.True(t, res.RequeueAfter == 0) var app v1alpha1.Application err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "my-app"}, &app) - require.NoError(t, err) - assert.Equal(t, "value", app.Annotations["key"]) + assert.NoError(t, err) + assert.Equal(t, app.Annotations["key"], "value") // Check if Application is updated app.Annotations["key"] = "edited" err = r.Client.Update(context.TODO(), &app) - require.NoError(t, err) + assert.NoError(t, err) res, err = r.Reconcile(context.Background(), req) - require.NoError(t, err) - assert.Equal(t, time.Duration(0), res.RequeueAfter) + assert.Nil(t, err) + assert.True(t, res.RequeueAfter == 0) err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "my-app"}, &app) - require.NoError(t, err) + assert.NoError(t, err) if c.allowedUpdate { - assert.Equal(t, "value", app.Annotations["key"]) + assert.Equal(t, app.Annotations["key"], "value") } else { - assert.Equal(t, "edited", app.Annotations["key"]) + assert.Equal(t, app.Annotations["key"], "edited") } // Check if Application is deleted err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "name"}, &appSet) - require.NoError(t, err) + assert.NoError(t, err) appSet.Spec.Generators[0] = v1alpha1.ApplicationSetGenerator{ List: &v1alpha1.ListGenerator{ Elements: []apiextensionsv1.JSON{}, }, } err = r.Client.Update(context.TODO(), &appSet) - require.NoError(t, err) + assert.NoError(t, err) res, err = r.Reconcile(context.Background(), req) - require.NoError(t, err) - assert.Equal(t, time.Duration(0), res.RequeueAfter) + assert.Nil(t, err) + assert.True(t, res.RequeueAfter == 0) err = r.Client.Get(context.TODO(), crtclient.ObjectKey{Namespace: "argocd", Name: "my-app"}, &app) - require.NoError(t, err) + assert.NoError(t, err) if c.allowedDelete { assert.NotNil(t, app.DeletionTimestamp) } else { @@ -2759,9 +3166,9 @@ func TestPolicies(t *testing.T) { func TestSetApplicationSetApplicationStatus(t *testing.T) { scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) argoDBMock := dbmocks.ArgoDB{} @@ -2837,8 +3244,10 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { expectedAppStatuses: nil, }, } { + t.Run(cc.name, func(t *testing.T) { - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() + + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() r := ApplicationSetReconciler{ Client: client, @@ -2855,7 +3264,7 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { } err = r.setAppSetApplicationStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.appStatuses) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, cc.expectedAppStatuses, cc.appSet.Status.ApplicationStatus) }) @@ -2863,12 +3272,13 @@ func TestSetApplicationSetApplicationStatus(t *testing.T) { } func TestBuildAppDependencyList(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) client := fake.NewClientBuilder().WithScheme(scheme).Build() @@ -3598,7 +4008,9 @@ func TestBuildAppDependencyList(t *testing.T) { }, }, } { + t.Run(cc.name, func(t *testing.T) { + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} @@ -3615,7 +4027,7 @@ func TestBuildAppDependencyList(t *testing.T) { } appDependencyList, appStepMap, err := r.buildAppDependencyList(log.NewEntry(log.StandardLogger()), cc.appSet, cc.apps) - require.NoError(t, err, "expected no errors, but errors occurred") + assert.Equal(t, err, nil, "expected no errors, but errors occured") assert.Equal(t, cc.expectedList, appDependencyList, "expected appDependencyList did not match actual") assert.Equal(t, cc.expectedStepMap, appStepMap, "expected appStepMap did not match actual") }) @@ -3623,12 +4035,13 @@ func TestBuildAppDependencyList(t *testing.T) { } func TestBuildAppSyncMap(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) client := fake.NewClientBuilder().WithScheme(scheme).Build() @@ -4189,7 +4602,9 @@ func TestBuildAppSyncMap(t *testing.T) { }, }, } { + t.Run(cc.name, func(t *testing.T) { + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} @@ -4206,19 +4621,20 @@ func TestBuildAppSyncMap(t *testing.T) { } appSyncMap, err := r.buildAppSyncMap(context.TODO(), cc.appSet, cc.appDependencyList, cc.appMap) - require.NoError(t, err, "expected no errors, but errors occurred") + assert.Equal(t, err, nil, "expected no errors, but errors occured") assert.Equal(t, cc.expectedMap, appSyncMap, "expected appSyncMap did not match actual") }) } } func TestUpdateApplicationSetApplicationStatus(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, cc := range []struct { name string @@ -4278,11 +4694,10 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "app1", - Message: "Application resource is already Healthy, updating status from Waiting to Healthy.", - Status: "Healthy", - Step: "1", - TargetRevisions: []string{}, + Application: "app1", + Message: "Application resource is already Healthy, updating status from Waiting to Healthy.", + Status: "Healthy", + Step: "1", }, }, }, @@ -4321,11 +4736,10 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "app1", - Message: "Application resource is already Healthy, updating status from Waiting to Healthy.", - Status: "Healthy", - Step: "1", - TargetRevisions: []string{}, + Application: "app1", + Message: "Application resource is already Healthy, updating status from Waiting to Healthy.", + Status: "Healthy", + Step: "1", }, }, }, @@ -4345,18 +4759,10 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { Status: v1alpha1.ApplicationSetStatus{ ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "app1", - Message: "", - Status: "Healthy", - Step: "1", - TargetRevisions: []string{"Previous"}, - }, - { - Application: "app2-multisource", - Message: "", - Status: "Healthy", - Step: "1", - TargetRevisions: []string{"Previous", "OtherPrevious"}, + Application: "app1", + Message: "", + Status: "Healthy", + Step: "1", }, }, }, @@ -4368,37 +4774,17 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, Status: v1alpha1.ApplicationStatus{ Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeOutOfSync, - Revision: "Next", - }, - }, - }, - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app2-multisource", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeOutOfSync, - Revisions: []string{"Next", "OtherNext"}, + Status: v1alpha1.SyncStatusCodeOutOfSync, }, }, }, }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "app1", - Message: "Application has pending changes, setting status to Waiting.", - Status: "Waiting", - Step: "1", - TargetRevisions: []string{"Next"}, - }, - { - Application: "app2-multisource", - Message: "Application has pending changes, setting status to Waiting.", - Status: "Waiting", - Step: "1", - TargetRevisions: []string{"Next", "OtherNext"}, + Application: "app1", + Message: "Application has pending changes, setting status to Waiting.", + Status: "Waiting", + Step: "1", }, }, }, @@ -4625,13 +5011,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, OperationState: &v1alpha1.OperationState{ Phase: common.OperationSucceeded, - SyncResult: &v1alpha1.SyncOperationResult{ - Revision: "Previous", - }, }, Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeOutOfSync, - Revision: "Next", + Status: v1alpha1.SyncStatusCodeOutOfSync, }, }, }, @@ -4642,16 +5024,15 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "app1", - Message: "No Application status found, defaulting status to Waiting.", - Status: "Waiting", - Step: "2", - TargetRevisions: []string{"Next"}, + Application: "app1", + Message: "No Application status found, defaulting status to Waiting.", + Status: "Waiting", + Step: "2", }, }, }, { - name: "progresses a pending application with a successful sync triggered by controller to progressing", + name: "progresses a pending application with a successful sync to progressing", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -4670,10 +5051,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { LastTransitionTime: &metav1.Time{ Time: time.Now().Add(time.Duration(-1) * time.Minute), }, - Message: "", - Status: "Pending", - Step: "1", - TargetRevisions: []string{"Next"}, + Message: "", + Status: "Pending", + Step: "1", }, }, }, @@ -4692,35 +5072,24 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { StartedAt: metav1.Time{ Time: time.Now(), }, - Operation: v1alpha1.Operation{ - InitiatedBy: v1alpha1.OperationInitiator{ - Username: "applicationset-controller", - Automated: true, - }, - }, - SyncResult: &v1alpha1.SyncOperationResult{ - Revision: "Next", - }, }, Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - Revision: "Next", + Status: v1alpha1.SyncStatusCodeSynced, }, }, }, }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "app1", - Message: "Application resource completed a sync successfully, updating status from Pending to Progressing.", - Status: "Progressing", - Step: "1", - TargetRevisions: []string{"Next"}, + Application: "app1", + Message: "Application resource completed a sync successfully, updating status from Pending to Progressing.", + Status: "Progressing", + Step: "1", }, }, }, { - name: "progresses a pending application with a successful sync trigger by applicationset-controller <1s ago to progressing", + name: "progresses a pending application with a successful sync <1s ago to progressing", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -4739,10 +5108,9 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { LastTransitionTime: &metav1.Time{ Time: time.Now(), }, - Message: "", - Status: "Pending", - Step: "1", - TargetRevisions: []string{"Next"}, + Message: "", + Status: "Pending", + Step: "1", }, }, }, @@ -4761,35 +5129,24 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { StartedAt: metav1.Time{ Time: time.Now().Add(time.Duration(-1) * time.Second), }, - Operation: v1alpha1.Operation{ - InitiatedBy: v1alpha1.OperationInitiator{ - Username: "applicationset-controller", - Automated: true, - }, - }, - SyncResult: &v1alpha1.SyncOperationResult{ - Revision: "Next", - }, }, Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - Revision: "Next", + Status: v1alpha1.SyncStatusCodeSynced, }, }, }, }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "app1", - Message: "Application resource completed a sync successfully, updating status from Pending to Progressing.", - Status: "Progressing", - Step: "1", - TargetRevisions: []string{"Next"}, + Application: "app1", + Message: "Application resource completed a sync successfully, updating status from Pending to Progressing.", + Status: "Progressing", + Step: "1", }, }, }, { - name: "does not progresses a pending application with a successful sync triggered by controller with invalid revision to progressing", + name: "does not progresses a pending application with an old successful sync to progressing", appSet: v1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "name", @@ -4806,12 +5163,11 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { { Application: "app1", LastTransitionTime: &metav1.Time{ - Time: time.Now().Add(time.Duration(-1) * time.Minute), + Time: time.Now(), }, - Message: "", - Status: "Pending", - Step: "1", - TargetRevisions: []string{"Next"}, + Message: "Application moved to Pending status, watching for the Application resource to start Progressing.", + Status: "Pending", + Step: "1", }, }, }, @@ -4828,16 +5184,7 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { OperationState: &v1alpha1.OperationState{ Phase: common.OperationSucceeded, StartedAt: metav1.Time{ - Time: time.Now(), - }, - Operation: v1alpha1.Operation{ - InitiatedBy: v1alpha1.OperationInitiator{ - Username: "applicationset-controller", - Automated: true, - }, - }, - SyncResult: &v1alpha1.SyncOperationResult{ - Revision: "Previous", + Time: time.Now().Add(time.Duration(-11) * time.Second), }, }, Sync: v1alpha1.SyncStatus{ @@ -4848,11 +5195,10 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, expectedAppStatus: []v1alpha1.ApplicationSetApplicationStatus{ { - Application: "app1", - Message: "", - Status: "Pending", - Step: "1", - TargetRevisions: []string{"Next"}, + Application: "app1", + Message: "Application moved to Pending status, watching for the Application resource to start Progressing.", + Status: "Pending", + Step: "1", }, }, }, @@ -4914,12 +5260,14 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { }, }, } { + t.Run(cc.name, func(t *testing.T) { + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() r := ApplicationSetReconciler{ Client: client, @@ -4939,19 +5287,20 @@ func TestUpdateApplicationSetApplicationStatus(t *testing.T) { appStatuses[i].LastTransitionTime = nil } - require.NoError(t, err, "expected no errors, but errors occurred") + assert.Equal(t, err, nil, "expected no errors, but errors occured") assert.Equal(t, cc.expectedAppStatus, appStatuses, "expected appStatuses did not match actual") }) } } func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { + scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, cc := range []struct { name string @@ -5665,12 +6014,14 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { }, }, } { + t.Run(cc.name, func(t *testing.T) { + kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) argoDBMock := dbmocks.ArgoDB{} argoObjs := []runtime.Object{} - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).WithStatusSubresource(&cc.appSet).Build() + client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&cc.appSet).Build() r := ApplicationSetReconciler{ Client: client, @@ -5690,222 +6041,12 @@ func TestUpdateApplicationSetApplicationStatusProgress(t *testing.T) { appStatuses[i].LastTransitionTime = nil } - require.NoError(t, err, "expected no errors, but errors occurred") + assert.Equal(t, err, nil, "expected no errors, but errors occured") assert.Equal(t, cc.expectedAppStatus, appStatuses, "expected appStatuses did not match actual") }) } } -func TestUpdateResourceStatus(t *testing.T) { - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - - for _, cc := range []struct { - name string - appSet v1alpha1.ApplicationSet - apps []v1alpha1.Application - expectedResources []v1alpha1.ResourceStatus - }{ - { - name: "handles an empty application list", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{}, - }, - }, - apps: []v1alpha1.Application{}, - expectedResources: nil, - }, - { - name: "adds status if no existing statuses", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - ApplicationStatus: []v1alpha1.ApplicationSetApplicationStatus{}, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "handles an applicationset with existing and up-to-date status", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "updates an applicationset with existing and out of date status", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeOutOfSync, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusProgressing, - Message: "Progressing", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "app1", - }, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeSynced, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - expectedResources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - { - name: "deletes an applicationset status if the application no longer exists", - appSet: v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "argocd", - }, - Status: v1alpha1.ApplicationSetStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Name: "app1", - Status: v1alpha1.SyncStatusCodeSynced, - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "OK", - }, - }, - }, - }, - }, - apps: []v1alpha1.Application{}, - expectedResources: nil, - }, - } { - t.Run(cc.name, func(t *testing.T) { - kubeclientset := kubefake.NewSimpleClientset([]runtime.Object{}...) - argoDBMock := dbmocks.ArgoDB{} - argoObjs := []runtime.Object{} - - client := fake.NewClientBuilder().WithScheme(scheme).WithStatusSubresource(&cc.appSet).WithObjects(&cc.appSet).Build() - - r := ApplicationSetReconciler{ - Client: client, - Scheme: scheme, - Recorder: record.NewFakeRecorder(1), - Cache: &fakeCache{}, - Generators: map[string]generators.Generator{}, - ArgoDB: &argoDBMock, - ArgoAppClientset: appclientset.NewSimpleClientset(argoObjs...), - KubeClientset: kubeclientset, - } - - err := r.updateResourcesStatus(context.TODO(), log.NewEntry(log.StandardLogger()), &cc.appSet, cc.apps) - - require.NoError(t, err, "expected no errors, but errors occurred") - assert.Equal(t, cc.expectedResources, cc.appSet.Status.Resources, "expected resources did not match actual") - }) - } -} - func TestOwnsHandler(t *testing.T) { // progressive syncs do not affect create, delete, or generic ownsHandler := getOwnsHandlerPredicates(true) @@ -5939,64 +6080,60 @@ func TestOwnsHandler(t *testing.T) { ResourceVersion: "bar", }}, }}, want: false}, - {name: "ApplicationHealthStatusDiff", args: args{ - e: event.UpdateEvent{ - ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ - Health: v1alpha1.HealthStatus{ - Status: "Unknown", - }, - }}, - ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ - Health: v1alpha1.HealthStatus{ - Status: "Healthy", - }, - }}, - }, + {name: "ApplicationHealthStatusDiff", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ + Health: v1alpha1.HealthStatus{ + Status: "Unknown", + }, + }}, + ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ + Health: v1alpha1.HealthStatus{ + Status: "Healthy", + }, + }}, + }, enableProgressiveSyncs: true, }, want: true}, - {name: "ApplicationSyncStatusDiff", args: args{ - e: event.UpdateEvent{ - ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: "OutOfSync", - }, - }}, - ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{ - Status: "Synced", - }, - }}, - }, + {name: "ApplicationSyncStatusDiff", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ + Sync: v1alpha1.SyncStatus{ + Status: "OutOfSync", + }, + }}, + ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ + Sync: v1alpha1.SyncStatus{ + Status: "Synced", + }, + }}, + }, enableProgressiveSyncs: true, }, want: true}, - {name: "ApplicationOperationStateDiff", args: args{ - e: event.UpdateEvent{ - ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ - OperationState: &v1alpha1.OperationState{ - Phase: "foo", - }, - }}, - ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ - OperationState: &v1alpha1.OperationState{ - Phase: "bar", - }, - }}, - }, + {name: "ApplicationOperationStateDiff", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ + OperationState: &v1alpha1.OperationState{ + Phase: "foo", + }, + }}, + ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ + OperationState: &v1alpha1.OperationState{ + Phase: "bar", + }, + }}, + }, enableProgressiveSyncs: true, }, want: true}, - {name: "ApplicationOperationStartedAtDiff", args: args{ - e: event.UpdateEvent{ - ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ - OperationState: &v1alpha1.OperationState{ - StartedAt: now, - }, - }}, - ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ - OperationState: &v1alpha1.OperationState{ - StartedAt: metav1.NewTime(now.Add(time.Minute * 1)), - }, - }}, - }, + {name: "ApplicationOperationStartedAtDiff", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ + OperationState: &v1alpha1.OperationState{ + StartedAt: now, + }, + }}, + ObjectNew: &v1alpha1.Application{Status: v1alpha1.ApplicationStatus{ + OperationState: &v1alpha1.OperationState{ + StartedAt: metav1.NewTime(now.Add(time.Minute * 1)), + }, + }}, + }, enableProgressiveSyncs: true, }, want: true}, {name: "SameApplicationGeneration", args: args{e: event.UpdateEvent{ @@ -6035,50 +6172,48 @@ func TestOwnsHandler(t *testing.T) { ObjectOld: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Finalizers: []string{}}}, ObjectNew: &v1alpha1.Application{ObjectMeta: metav1.ObjectMeta{Finalizers: nil}}, }}, want: false}, - {name: "ApplicationDestinationSame", args: args{ - e: event.UpdateEvent{ - ObjectOld: &v1alpha1.Application{ - Spec: v1alpha1.ApplicationSpec{ - Destination: v1alpha1.ApplicationDestination{ - Server: "server", - Namespace: "ns", - Name: "name", - }, + {name: "ApplicationDestinationSame", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Destination: v1alpha1.ApplicationDestination{ + Server: "server", + Namespace: "ns", + Name: "name", }, }, - ObjectNew: &v1alpha1.Application{ - Spec: v1alpha1.ApplicationSpec{ - Destination: v1alpha1.ApplicationDestination{ - Server: "server", - Namespace: "ns", - Name: "name", - }, + }, + ObjectNew: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Destination: v1alpha1.ApplicationDestination{ + Server: "server", + Namespace: "ns", + Name: "name", }, }, }, + }, enableProgressiveSyncs: true, }, want: false}, - {name: "ApplicationDestinationDiff", args: args{ - e: event.UpdateEvent{ - ObjectOld: &v1alpha1.Application{ - Spec: v1alpha1.ApplicationSpec{ - Destination: v1alpha1.ApplicationDestination{ - Server: "server", - Namespace: "ns", - Name: "name", - }, + {name: "ApplicationDestinationDiff", args: args{e: event.UpdateEvent{ + ObjectOld: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Destination: v1alpha1.ApplicationDestination{ + Server: "server", + Namespace: "ns", + Name: "name", }, }, - ObjectNew: &v1alpha1.Application{ - Spec: v1alpha1.ApplicationSpec{ - Destination: v1alpha1.ApplicationDestination{ - Server: "notSameServer", - Namespace: "ns", - Name: "name", - }, + }, + ObjectNew: &v1alpha1.Application{ + Spec: v1alpha1.ApplicationSpec{ + Destination: v1alpha1.ApplicationDestination{ + Server: "notSameServer", + Namespace: "ns", + Name: "name", }, }, }, + }, enableProgressiveSyncs: true, }, want: true}, {name: "NotAnAppOld", args: args{e: event.UpdateEvent{ diff --git a/applicationset/controllers/clustereventhandler.go b/applicationset/controllers/clustereventhandler.go index 04ee140d2cde7..951da0cb6bc44 100644 --- a/applicationset/controllers/clustereventhandler.go +++ b/applicationset/controllers/clustereventhandler.go @@ -19,25 +19,25 @@ import ( // clusterSecretEventHandler is used when watching Secrets to check if they are ArgoCD Cluster Secrets, and if so // requeue any related ApplicationSets. type clusterSecretEventHandler struct { - // handler.EnqueueRequestForOwner + //handler.EnqueueRequestForOwner Log log.FieldLogger Client client.Client } -func (h *clusterSecretEventHandler) Create(ctx context.Context, e event.CreateEvent, q workqueue.RateLimitingInterface) { - h.queueRelatedAppGenerators(ctx, q, e.Object) +func (h *clusterSecretEventHandler) Create(e event.CreateEvent, q workqueue.RateLimitingInterface) { + h.queueRelatedAppGenerators(q, e.Object) } -func (h *clusterSecretEventHandler) Update(ctx context.Context, e event.UpdateEvent, q workqueue.RateLimitingInterface) { - h.queueRelatedAppGenerators(ctx, q, e.ObjectNew) +func (h *clusterSecretEventHandler) Update(e event.UpdateEvent, q workqueue.RateLimitingInterface) { + h.queueRelatedAppGenerators(q, e.ObjectNew) } -func (h *clusterSecretEventHandler) Delete(ctx context.Context, e event.DeleteEvent, q workqueue.RateLimitingInterface) { - h.queueRelatedAppGenerators(ctx, q, e.Object) +func (h *clusterSecretEventHandler) Delete(e event.DeleteEvent, q workqueue.RateLimitingInterface) { + h.queueRelatedAppGenerators(q, e.Object) } -func (h *clusterSecretEventHandler) Generic(ctx context.Context, e event.GenericEvent, q workqueue.RateLimitingInterface) { - h.queueRelatedAppGenerators(ctx, q, e.Object) +func (h *clusterSecretEventHandler) Generic(e event.GenericEvent, q workqueue.RateLimitingInterface) { + h.queueRelatedAppGenerators(q, e.Object) } // addRateLimitingInterface defines the Add method of workqueue.RateLimitingInterface, allow us to easily mock @@ -46,7 +46,7 @@ type addRateLimitingInterface interface { Add(item interface{}) } -func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Context, q addRateLimitingInterface, object client.Object) { +func (h *clusterSecretEventHandler) queueRelatedAppGenerators(q addRateLimitingInterface, object client.Object) { // Check for label, lookup all ApplicationSets that might match the cluster, queue them all if object.GetLabels()[generators.ArgoCDSecretTypeLabel] != generators.ArgoCDSecretTypeCluster { return @@ -58,7 +58,7 @@ func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Contex }).Info("processing event for cluster secret") appSetList := &argoprojiov1alpha1.ApplicationSetList{} - err := h.Client.List(ctx, appSetList) + err := h.Client.List(context.Background(), appSetList) if err != nil { h.Log.WithError(err).Error("unable to list ApplicationSets") return @@ -66,6 +66,7 @@ func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Contex h.Log.WithField("count", len(appSetList.Items)).Info("listed ApplicationSets") for _, appSet := range appSetList.Items { + foundClusterGenerator := false for _, generator := range appSet.Spec.Generators { if generator.Clusters != nil { @@ -108,6 +109,7 @@ func (h *clusterSecretEventHandler) queueRelatedAppGenerators(ctx context.Contex } } if foundClusterGenerator { + // TODO: only queue the AppGenerator if the labels match this cluster req := ctrl.Request{NamespacedName: types.NamespacedName{Namespace: appSet.Namespace, Name: appSet.Name}} q.Add(req) diff --git a/applicationset/controllers/clustereventhandler_test.go b/applicationset/controllers/clustereventhandler_test.go index 15ce757954db2..7e850fc44c66d 100644 --- a/applicationset/controllers/clustereventhandler_test.go +++ b/applicationset/controllers/clustereventhandler_test.go @@ -1,12 +1,10 @@ package controllers import ( - "context" "testing" log "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -21,12 +19,13 @@ import ( ) func TestClusterEventHandler(t *testing.T) { + scheme := runtime.NewScheme() err := argov1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = argov1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) tests := []struct { name string @@ -535,7 +534,9 @@ func TestClusterEventHandler(t *testing.T) { } for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + appSetList := argov1alpha1.ApplicationSetList{ Items: test.items, } @@ -549,12 +550,14 @@ func TestClusterEventHandler(t *testing.T) { mockAddRateLimitingInterface := mockAddRateLimitingInterface{} - handler.queueRelatedAppGenerators(context.Background(), &mockAddRateLimitingInterface, &test.secret) + handler.queueRelatedAppGenerators(&mockAddRateLimitingInterface, &test.secret) assert.False(t, mockAddRateLimitingInterface.errorOccurred) assert.ElementsMatch(t, mockAddRateLimitingInterface.addedItems, test.expectedRequests) + }) } + } // Add checks the type, and adds it to the internal list of received additions @@ -578,7 +581,7 @@ func TestNestedGeneratorHasClusterGenerator_NestedClusterGenerator(t *testing.T) hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested) - require.NoError(t, err) + assert.Nil(t, err) assert.True(t, hasClusterGenerator) } @@ -605,7 +608,7 @@ func TestNestedGeneratorHasClusterGenerator_NestedMergeGenerator(t *testing.T) { hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested) - require.NoError(t, err) + assert.Nil(t, err) assert.True(t, hasClusterGenerator) } @@ -632,6 +635,6 @@ func TestNestedGeneratorHasClusterGenerator_NestedMergeGeneratorWithInvalidJSON( hasClusterGenerator, err := nestedGeneratorHasClusterGenerator(nested) - require.Error(t, err) + assert.NotNil(t, err) assert.False(t, hasClusterGenerator) } diff --git a/applicationset/controllers/requeue_after_test.go b/applicationset/controllers/requeue_after_test.go index 360861ff3ad5c..6db6145af5348 100644 --- a/applicationset/controllers/requeue_after_test.go +++ b/applicationset/controllers/requeue_after_test.go @@ -6,7 +6,6 @@ import ( "time" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" @@ -26,7 +25,7 @@ func TestRequeueAfter(t *testing.T) { ctx := context.Background() scheme := runtime.NewScheme() err := argov1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) gvrToListKind := map[schema.GroupVersionResource]string{{ Group: "mallard.io", Version: "v1", @@ -56,14 +55,14 @@ func TestRequeueAfter(t *testing.T) { }, } fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, duckType) - scmConfig := generators.NewSCMConfig("", []string{""}, true, nil) + terminalGenerators := map[string]generators.Generator{ "List": generators.NewListGenerator(), "Clusters": generators.NewClusterGenerator(k8sClient, ctx, appClientset, "argocd"), "Git": generators.NewGitGenerator(mockServer), - "SCMProvider": generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), scmConfig), + "SCMProvider": generators.NewSCMProviderGenerator(fake.NewClientBuilder().WithObjects(&corev1.Secret{}).Build(), generators.SCMAuthProviders{}, "", []string{""}, true), "ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, fakeDynClient, appClientset, "argocd"), - "PullRequest": generators.NewPullRequestGenerator(k8sClient, scmConfig), + "PullRequest": generators.NewPullRequestGenerator(k8sClient, generators.SCMAuthProviders{}, "", []string{""}, true), } nestedGenerators := map[string]generators.Generator{ diff --git a/applicationset/controllers/template/template.go b/applicationset/controllers/template/template.go deleted file mode 100644 index bb4bc155d4e59..0000000000000 --- a/applicationset/controllers/template/template.go +++ /dev/null @@ -1,99 +0,0 @@ -package template - -import ( - "fmt" - - "sigs.k8s.io/controller-runtime/pkg/client" - - log "github.com/sirupsen/logrus" - - "github.com/argoproj/argo-cd/v2/applicationset/generators" - "github.com/argoproj/argo-cd/v2/applicationset/utils" - - argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" -) - -func GenerateApplications(logCtx *log.Entry, applicationSetInfo argov1alpha1.ApplicationSet, g map[string]generators.Generator, renderer utils.Renderer, client client.Client) ([]argov1alpha1.Application, argov1alpha1.ApplicationSetReasonType, error) { - var res []argov1alpha1.Application - - var firstError error - var applicationSetReason argov1alpha1.ApplicationSetReasonType - - for _, requestedGenerator := range applicationSetInfo.Spec.Generators { - t, err := generators.Transform(requestedGenerator, g, applicationSetInfo.Spec.Template, &applicationSetInfo, map[string]interface{}{}, client) - if err != nil { - logCtx.WithError(err).WithField("generator", requestedGenerator). - Error("error generating application from params") - if firstError == nil { - firstError = err - applicationSetReason = argov1alpha1.ApplicationSetReasonApplicationParamsGenerationError - } - continue - } - - for _, a := range t { - tmplApplication := GetTempApplication(a.Template) - - for _, p := range a.Params { - app, err := renderer.RenderTemplateParams(tmplApplication, applicationSetInfo.Spec.SyncPolicy, p, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) - if err != nil { - logCtx.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). - Error("error generating application from params") - - if firstError == nil { - firstError = err - applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError - } - continue - } - - if applicationSetInfo.Spec.TemplatePatch != nil { - patchedApplication, err := renderTemplatePatch(renderer, app, applicationSetInfo, p) - if err != nil { - log.WithError(err).WithField("params", a.Params).WithField("generator", requestedGenerator). - Error("error generating application from params") - - if firstError == nil { - firstError = err - applicationSetReason = argov1alpha1.ApplicationSetReasonRenderTemplateParamsError - } - continue - } - - app = patchedApplication - } - - // The app's namespace must be the same as the AppSet's namespace to preserve the appsets-in-any-namespace - // security boundary. - app.Namespace = applicationSetInfo.Namespace - res = append(res, *app) - } - } - - logCtx.WithField("generator", requestedGenerator).Infof("generated %d applications", len(res)) - logCtx.WithField("generator", requestedGenerator).Debugf("apps from generator: %+v", res) - } - - return res, applicationSetReason, firstError -} - -func renderTemplatePatch(r utils.Renderer, app *argov1alpha1.Application, applicationSetInfo argov1alpha1.ApplicationSet, params map[string]interface{}) (*argov1alpha1.Application, error) { - replacedTemplate, err := r.Replace(*applicationSetInfo.Spec.TemplatePatch, params, applicationSetInfo.Spec.GoTemplate, applicationSetInfo.Spec.GoTemplateOptions) - if err != nil { - return nil, fmt.Errorf("error replacing values in templatePatch: %w", err) - } - - return applyTemplatePatch(app, replacedTemplate) -} - -func GetTempApplication(applicationSetTemplate argov1alpha1.ApplicationSetTemplate) *argov1alpha1.Application { - var tmplApplication argov1alpha1.Application - tmplApplication.Annotations = applicationSetTemplate.Annotations - tmplApplication.Labels = applicationSetTemplate.Labels - tmplApplication.Namespace = applicationSetTemplate.Namespace - tmplApplication.Name = applicationSetTemplate.Name - tmplApplication.Spec = applicationSetTemplate.Spec - tmplApplication.Finalizers = applicationSetTemplate.Finalizers - - return &tmplApplication -} diff --git a/applicationset/controllers/template/template_test.go b/applicationset/controllers/template/template_test.go deleted file mode 100644 index 4c45c5f7618f9..0000000000000 --- a/applicationset/controllers/template/template_test.go +++ /dev/null @@ -1,349 +0,0 @@ -package template - -import ( - "fmt" - "testing" - - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - - log "github.com/sirupsen/logrus" - "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - - "github.com/argoproj/argo-cd/v2/applicationset/generators" - genmock "github.com/argoproj/argo-cd/v2/applicationset/generators/mocks" - "github.com/argoproj/argo-cd/v2/applicationset/utils" - rendmock "github.com/argoproj/argo-cd/v2/applicationset/utils/mocks" - "github.com/argoproj/argo-cd/v2/pkg/apis/application" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/v2/util/collections" -) - -func TestGenerateApplications(t *testing.T) { - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - - err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - - for _, c := range []struct { - name string - params []map[string]interface{} - template v1alpha1.ApplicationSetTemplate - generateParamsError error - rendererError error - expectErr bool - expectedReason v1alpha1.ApplicationSetReasonType - }{ - { - name: "Generate two applications", - params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}}, - template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "name", - Namespace: "namespace", - Labels: map[string]string{"label_name": "label_value"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - expectedReason: "", - }, - { - name: "Handles error from the generator", - generateParamsError: fmt.Errorf("error"), - expectErr: true, - expectedReason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - { - name: "Handles error from the render", - params: []map[string]interface{}{{"name": "app1"}, {"name": "app2"}}, - template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "name", - Namespace: "namespace", - Labels: map[string]string{"label_name": "label_value"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - rendererError: fmt.Errorf("error"), - expectErr: true, - expectedReason: v1alpha1.ApplicationSetReasonRenderTemplateParamsError, - }, - } { - cc := c - app := v1alpha1.Application{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "namespace", - }, - TypeMeta: metav1.TypeMeta{ - Kind: application.ApplicationKind, - APIVersion: "argoproj.io/v1alpha1", - }, - } - - t.Run(cc.name, func(t *testing.T) { - generatorMock := genmock.Generator{} - generator := v1alpha1.ApplicationSetGenerator{ - List: &v1alpha1.ListGenerator{}, - } - - generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything). - Return(cc.params, cc.generateParamsError) - - generatorMock.On("GetTemplate", &generator). - Return(&v1alpha1.ApplicationSetTemplate{}) - - rendererMock := rendmock.Renderer{} - - var expectedApps []v1alpha1.Application - - if cc.generateParamsError == nil { - for _, p := range cc.params { - if cc.rendererError != nil { - rendererMock.On("RenderTemplateParams", GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)). - Return(nil, cc.rendererError) - } else { - rendererMock.On("RenderTemplateParams", GetTempApplication(cc.template), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), p, false, []string(nil)). - Return(&app, nil) - expectedApps = append(expectedApps, app) - } - } - } - - generators := map[string]generators.Generator{ - "List": &generatorMock, - } - renderer := &rendererMock - - got, reason, err := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "namespace", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{generator}, - Template: cc.template, - }, - }, - generators, - renderer, - nil, - ) - - if cc.expectErr { - require.Error(t, err) - } else { - require.NoError(t, err) - } - assert.Equal(t, expectedApps, got) - assert.Equal(t, cc.expectedReason, reason) - generatorMock.AssertNumberOfCalls(t, "GenerateParams", 1) - - if cc.generateParamsError == nil { - rendererMock.AssertNumberOfCalls(t, "RenderTemplateParams", len(cc.params)) - } - }) - } -} - -func TestMergeTemplateApplications(t *testing.T) { - for _, c := range []struct { - name string - params []map[string]interface{} - template v1alpha1.ApplicationSetTemplate - overrideTemplate v1alpha1.ApplicationSetTemplate - expectedMerged v1alpha1.ApplicationSetTemplate - expectedApps []v1alpha1.Application - }{ - { - name: "Generate app", - params: []map[string]interface{}{{"name": "app1"}}, - template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "name", - Namespace: "namespace", - Labels: map[string]string{"label_name": "label_value"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - overrideTemplate: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "test", - Labels: map[string]string{"foo": "bar"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - expectedMerged: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "test", - Namespace: "namespace", - Labels: map[string]string{"label_name": "label_value", "foo": "bar"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - expectedApps: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "test", - Labels: map[string]string{"foo": "bar"}, - }, - Spec: v1alpha1.ApplicationSpec{}, - }, - }, - }, - } { - cc := c - - t.Run(cc.name, func(t *testing.T) { - generatorMock := genmock.Generator{} - generator := v1alpha1.ApplicationSetGenerator{ - List: &v1alpha1.ListGenerator{}, - } - - generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything). - Return(cc.params, nil) - - generatorMock.On("GetTemplate", &generator). - Return(&cc.overrideTemplate) - - rendererMock := rendmock.Renderer{} - - rendererMock.On("RenderTemplateParams", GetTempApplication(cc.expectedMerged), mock.AnythingOfType("*v1alpha1.ApplicationSetSyncPolicy"), cc.params[0], false, []string(nil)). - Return(&cc.expectedApps[0], nil) - - generators := map[string]generators.Generator{ - "List": &generatorMock, - } - renderer := &rendererMock - - got, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "name", - Namespace: "namespace", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Generators: []v1alpha1.ApplicationSetGenerator{generator}, - Template: cc.template, - }, - }, - generators, - renderer, - nil, - ) - - assert.Equal(t, cc.expectedApps, got) - }) - } -} - -// Test app generation from a go template application set using a pull request generator -func TestGenerateAppsUsingPullRequestGenerator(t *testing.T) { - for _, cases := range []struct { - name string - params []map[string]interface{} - template v1alpha1.ApplicationSetTemplate - expectedApp []v1alpha1.Application - }{ - { - name: "Generate an application from a go template application set manifest using a pull request generator", - params: []map[string]interface{}{ - { - "number": "1", - "branch": "branch1", - "branch_slug": "branchSlug1", - "head_sha": "089d92cbf9ff857a39e6feccd32798ca700fb958", - "head_short_sha": "089d92cb", - "branch_slugify_default": "feat/a_really+long_pull_request_name_to_test_argo_slugification_and_branch_name_shortening_feature", - "branch_slugify_smarttruncate_disabled": "feat/areallylongpullrequestnametotestargoslugificationandbranchnameshorteningfeature", - "branch_slugify_smarttruncate_enabled": "feat/testwithsmarttruncateenabledramdomlonglistofcharacters", - "labels": []string{"label1"}, - }, - }, - template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ - Name: "AppSet-{{.branch}}-{{.number}}", - Labels: map[string]string{ - "app1": "{{index .labels 0}}", - "branch-test1": "AppSet-{{.branch_slugify_default | slugify }}", - "branch-test2": "AppSet-{{.branch_slugify_smarttruncate_disabled | slugify 49 false }}", - "branch-test3": "AppSet-{{.branch_slugify_smarttruncate_enabled | slugify 50 true }}", - }, - }, - Spec: v1alpha1.ApplicationSpec{ - Source: &v1alpha1.ApplicationSource{ - RepoURL: "https://testurl/testRepo", - TargetRevision: "{{.head_short_sha}}", - }, - Destination: v1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "AppSet-{{.branch_slug}}-{{.head_sha}}", - }, - }, - }, - expectedApp: []v1alpha1.Application{ - { - ObjectMeta: metav1.ObjectMeta{ - Name: "AppSet-branch1-1", - Labels: map[string]string{ - "app1": "label1", - "branch-test1": "AppSet-feat-a-really-long-pull-request-name-to-test-argo", - "branch-test2": "AppSet-feat-areallylongpullrequestnametotestargoslugific", - "branch-test3": "AppSet-feat", - }, - }, - Spec: v1alpha1.ApplicationSpec{ - Source: &v1alpha1.ApplicationSource{ - RepoURL: "https://testurl/testRepo", - TargetRevision: "089d92cb", - }, - Destination: v1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "AppSet-branchSlug1-089d92cbf9ff857a39e6feccd32798ca700fb958", - }, - }, - }, - }, - }, - } { - t.Run(cases.name, func(t *testing.T) { - generatorMock := genmock.Generator{} - generator := v1alpha1.ApplicationSetGenerator{ - PullRequest: &v1alpha1.PullRequestGenerator{}, - } - - generatorMock.On("GenerateParams", &generator, mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything). - Return(cases.params, nil) - - generatorMock.On("GetTemplate", &generator). - Return(&cases.template, nil) - - generators := map[string]generators.Generator{ - "PullRequest": &generatorMock, - } - renderer := &utils.Render{} - - gotApp, _, _ := GenerateApplications(log.NewEntry(log.StandardLogger()), v1alpha1.ApplicationSet{ - Spec: v1alpha1.ApplicationSetSpec{ - GoTemplate: true, - Generators: []v1alpha1.ApplicationSetGenerator{{ - PullRequest: &v1alpha1.PullRequestGenerator{}, - }}, - Template: cases.template, - }, - }, - generators, - renderer, - nil, - ) - assert.EqualValues(t, cases.expectedApp[0].ObjectMeta.Name, gotApp[0].ObjectMeta.Name) - assert.EqualValues(t, cases.expectedApp[0].Spec.Source.TargetRevision, gotApp[0].Spec.Source.TargetRevision) - assert.EqualValues(t, cases.expectedApp[0].Spec.Destination.Namespace, gotApp[0].Spec.Destination.Namespace) - assert.True(t, collections.StringMapsEqual(cases.expectedApp[0].ObjectMeta.Labels, gotApp[0].ObjectMeta.Labels)) - }) - } -} diff --git a/applicationset/controllers/template/patch.go b/applicationset/controllers/templatePatch.go similarity index 98% rename from applicationset/controllers/template/patch.go rename to applicationset/controllers/templatePatch.go index b9d1166f1f237..f8efd9f376996 100644 --- a/applicationset/controllers/template/patch.go +++ b/applicationset/controllers/templatePatch.go @@ -1,4 +1,4 @@ -package template +package controllers import ( "encoding/json" @@ -11,12 +11,14 @@ import ( ) func applyTemplatePatch(app *appv1.Application, templatePatch string) (*appv1.Application, error) { + appString, err := json.Marshal(app) if err != nil { return nil, fmt.Errorf("error while marhsalling Application %w", err) } convertedTemplatePatch, err := utils.ConvertYAMLToJSON(templatePatch) + if err != nil { return nil, fmt.Errorf("error while converting template to json %q: %w", convertedTemplatePatch, err) } @@ -26,6 +28,7 @@ func applyTemplatePatch(app *appv1.Application, templatePatch string) (*appv1.Ap } data, err := strategicpatch.StrategicMergePatch(appString, []byte(convertedTemplatePatch), appv1.Application{}) + if err != nil { return nil, fmt.Errorf("error while applying templatePatch template to json %q: %w", convertedTemplatePatch, err) } diff --git a/applicationset/controllers/template/patch_test.go b/applicationset/controllers/templatePatch_test.go similarity index 99% rename from applicationset/controllers/template/patch_test.go rename to applicationset/controllers/templatePatch_test.go index 456fe445994c8..c1a794077c8ee 100644 --- a/applicationset/controllers/template/patch_test.go +++ b/applicationset/controllers/templatePatch_test.go @@ -1,4 +1,4 @@ -package template +package controllers import ( "testing" diff --git a/applicationset/generators/cluster.go b/applicationset/generators/cluster.go index 87cf807df06e1..d8647d78d3a5c 100644 --- a/applicationset/generators/cluster.go +++ b/applicationset/generators/cluster.go @@ -38,6 +38,7 @@ type ClusterGenerator struct { var render = &utils.Render{} func NewClusterGenerator(c client.Client, ctx context.Context, clientset kubernetes.Interface, namespace string) Generator { + settingsManager := settings.NewSettingsManager(ctx, clientset, namespace) g := &ClusterGenerator{ @@ -60,7 +61,8 @@ func (g *ClusterGenerator) GetTemplate(appSetGenerator *argoappsetv1alpha1.Appli return &appSetGenerator.Clusters.Template } -func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator, appSet *argoappsetv1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) { +func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.ApplicationSetGenerator, appSet *argoappsetv1alpha1.ApplicationSet) ([]map[string]interface{}, error) { + if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError } @@ -93,10 +95,12 @@ func (g *ClusterGenerator) GenerateParams(appSetGenerator *argoappsetv1alpha1.Ap secretsFound := []corev1.Secret{} for _, cluster := range clustersFromArgoCD.Items { + // If there is a secret for this cluster, then it's a non-local cluster, so it will be // handled by the next step. if secretForCluster, exists := clusterSecrets[cluster.Name]; exists { secretsFound = append(secretsFound, secretForCluster) + } else if !ignoreLocalClusters { // If there is no secret for the cluster, it's the local cluster, so handle it here. params := map[string]interface{}{} @@ -181,4 +185,5 @@ func (g *ClusterGenerator) getSecretsByClusterName(appSetGenerator *argoappsetv1 } return res, nil + } diff --git a/applicationset/generators/cluster_test.go b/applicationset/generators/cluster_test.go index a943dc98cdf2b..0abc9399149d2 100644 --- a/applicationset/generators/cluster_test.go +++ b/applicationset/generators/cluster_test.go @@ -17,7 +17,6 @@ import ( argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) type possiblyErroringFakeCtrlRuntimeClient struct { @@ -105,15 +104,11 @@ func TestGenerateParams(t *testing.T) { "aaa": "{{ server }}", "no-op": "{{ this-does-not-exist }}", }, expected: []map[string]interface{}{ - { - "values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "production", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "production", "values.aaa": "https://production-01.example.com", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar", - "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", - }, + {"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "production", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "production", "values.aaa": "https://production-01.example.com", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production"}, - { - "values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "staging", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "staging", "values.aaa": "https://staging-01.example.com", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo", - "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", - }, + {"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "staging", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "staging", "values.aaa": "https://staging-01.example.com", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging"}, {"values.lol1": "lol", "values.lol2": "{{values.lol1}}{{values.lol1}}", "values.lol3": "{{values.lol2}}{{values.lol2}}{{values.lol2}}", "values.foo": "bar", "values.bar": "{{ metadata.annotations.foo.argoproj.io }}", "values.no-op": "{{ this-does-not-exist }}", "values.bat": "{{ metadata.labels.environment }}", "values.aaa": "https://kubernetes.default.svc", "nameNormalized": "in-cluster", "name": "in-cluster", "server": "https://kubernetes.default.svc"}, }, @@ -129,15 +124,11 @@ func TestGenerateParams(t *testing.T) { }, values: nil, expected: []map[string]interface{}{ - { - "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar", - "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", - }, + {"name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production"}, - { - "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo", - "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", - }, + {"name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging"}, }, clientError: false, expectedError: nil, @@ -153,10 +144,8 @@ func TestGenerateParams(t *testing.T) { "foo": "bar", }, expected: []map[string]interface{}{ - { - "values.foo": "bar", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar", - "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", - }, + {"values.foo": "bar", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production"}, }, clientError: false, expectedError: nil, @@ -179,14 +168,10 @@ func TestGenerateParams(t *testing.T) { "foo": "bar", }, expected: []map[string]interface{}{ - { - "values.foo": "bar", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo", - "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", - }, - { - "values.foo": "bar", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar", - "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production", - }, + {"values.foo": "bar", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging"}, + {"values.foo": "bar", "name": "production_01/west", "nameNormalized": "production-01-west", "server": "https://production-01.example.com", "metadata.labels.environment": "production", "metadata.labels.org": "bar", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "production"}, }, clientError: false, expectedError: nil, @@ -212,10 +197,8 @@ func TestGenerateParams(t *testing.T) { "name": "baz", }, expected: []map[string]interface{}{ - { - "values.name": "baz", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo", - "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging", - }, + {"values.name": "baz", "name": "staging-01", "nameNormalized": "staging-01", "server": "https://staging-01.example.com", "metadata.labels.environment": "staging", "metadata.labels.org": "foo", + "metadata.labels.argocd.argoproj.io/secret-type": "cluster", "metadata.annotations.foo.argoproj.io": "staging"}, }, clientError: false, expectedError: nil, @@ -237,7 +220,9 @@ func TestGenerateParams(t *testing.T) { } for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + appClientset := kubefake.NewSimpleClientset(runtimeClusters...) fakeClient := fake.NewClientBuilder().WithObjects(clusters...).Build() @@ -246,7 +231,7 @@ func TestGenerateParams(t *testing.T) { testCase.clientError, } - clusterGenerator := NewClusterGenerator(cl, context.Background(), appClientset, "namespace") + var clusterGenerator = NewClusterGenerator(cl, context.Background(), appClientset, "namespace") applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -260,14 +245,15 @@ func TestGenerateParams(t *testing.T) { Selector: testCase.selector, Values: testCase.values, }, - }, &applicationSetInfo, nil) + }, &applicationSetInfo) if testCase.expectedError != nil { - require.EqualError(t, err, testCase.expectedError.Error()) + assert.EqualError(t, err, testCase.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, got) } + }) } } @@ -608,7 +594,9 @@ func TestGenerateParamsGoTemplate(t *testing.T) { } for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + appClientset := kubefake.NewSimpleClientset(runtimeClusters...) fakeClient := fake.NewClientBuilder().WithObjects(clusters...).Build() @@ -617,7 +605,7 @@ func TestGenerateParamsGoTemplate(t *testing.T) { testCase.clientError, } - clusterGenerator := NewClusterGenerator(cl, context.Background(), appClientset, "namespace") + var clusterGenerator = NewClusterGenerator(cl, context.Background(), appClientset, "namespace") applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -633,14 +621,15 @@ func TestGenerateParamsGoTemplate(t *testing.T) { Selector: testCase.selector, Values: testCase.values, }, - }, &applicationSetInfo, nil) + }, &applicationSetInfo) if testCase.expectedError != nil { - require.EqualError(t, err, testCase.expectedError.Error()) + assert.EqualError(t, err, testCase.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, got) } + }) } } diff --git a/applicationset/generators/duck_type.go b/applicationset/generators/duck_type.go index 7e0dfb3570d8c..f98afd0e01381 100644 --- a/applicationset/generators/duck_type.go +++ b/applicationset/generators/duck_type.go @@ -7,7 +7,6 @@ import ( "time" log "github.com/sirupsen/logrus" - "sigs.k8s.io/controller-runtime/pkg/client" "github.com/argoproj/argo-cd/v2/util/settings" @@ -33,6 +32,7 @@ type DuckTypeGenerator struct { } func NewDuckTypeGenerator(ctx context.Context, dynClient dynamic.Interface, clientset kubernetes.Interface, namespace string) Generator { + settingsManager := settings.NewSettingsManager(ctx, clientset, namespace) g := &DuckTypeGenerator{ @@ -46,6 +46,7 @@ func NewDuckTypeGenerator(ctx context.Context, dynClient dynamic.Interface, clie } func (g *DuckTypeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration { + // Return a requeue default of 3 minutes, if no override is specified. if appSetGenerator.ClusterDecisionResource.RequeueAfterSeconds != nil { @@ -59,7 +60,8 @@ func (g *DuckTypeGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.Appl return &appSetGenerator.ClusterDecisionResource.Template } -func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) { +func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { + if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError } @@ -81,6 +83,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A // Read the configMapRef cm, err := g.clientset.CoreV1().ConfigMaps(g.namespace).Get(g.ctx, appSetGenerator.ClusterDecisionResource.ConfigMapRef, metav1.GetOptions{}) + if err != nil { return nil, fmt.Errorf("error reading configMapRef: %w", err) } @@ -101,6 +104,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A if (resourceName == "" && labelSelector.MatchLabels == nil && labelSelector.MatchExpressions == nil) || (resourceName != "" && (labelSelector.MatchExpressions != nil || labelSelector.MatchLabels != nil)) { + log.Warningf("You must choose either resourceName=%v, labelSelector.matchLabels=%v or labelSelect.matchExpressions=%v", resourceName, labelSelector.MatchLabels, labelSelector.MatchExpressions) return nil, fmt.Errorf("There is a problem with the definition of the ClusterDecisionResource generator") } @@ -118,11 +122,12 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A log.WithField("listOptions.LabelSelector", listOptions.LabelSelector).Info("selection type") } else { listOptions.FieldSelector = fields.OneTermEqualSelector("metadata.name", resourceName).String() - // metav1.Convert_fields_Selector_To_string(fields.).Sprintf("metadata.name=%s", resourceName) + //metav1.Convert_fields_Selector_To_string(fields.).Sprintf("metadata.name=%s", resourceName) log.WithField("listOptions.FieldSelector", listOptions.FieldSelector).Info("selection type") } duckResources, err := g.dynClient.Resource(duckGVR).Namespace(g.namespace).List(g.ctx, listOptions) + if err != nil { log.WithField("GVK", duckGVR).Warning("resources were not found") return nil, err @@ -144,6 +149,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A if matchKey == "" { log.WithField("matchKey", matchKey).Warning("matchKey not found in " + cm.Name) return nil, nil + } res := []map[string]interface{}{} @@ -161,6 +167,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A log.WithField("duckResourceStatus", duckResource.Object["status"]).Debug("found resource") clusterDecisions = append(clusterDecisions, duckResource.Object["status"].(map[string]interface{})[statusListKey].([]interface{})...) + } log.Infof("Number of decisions found: %v", len(clusterDecisions)) @@ -169,6 +176,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A if len(clusterDecisions) > 0 { for _, cluster := range clusterDecisions { + // generated instance of cluster params params := map[string]interface{}{} @@ -186,6 +194,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A for _, argoCluster := range argoClusters { if argoCluster.Name == strMatchValue { + log.WithField(matchKey, argoCluster.Name).Info("matched cluster in ArgoCD") params["name"] = argoCluster.Name params["server"] = argoCluster.Server @@ -193,6 +202,7 @@ func (g *DuckTypeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.A found = true break // Stop looking } + } if !found { diff --git a/applicationset/generators/duck_type_test.go b/applicationset/generators/duck_type_test.go index d2cfdbc59d6bc..788457b27559c 100644 --- a/applicationset/generators/duck_type_test.go +++ b/applicationset/generators/duck_type_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -19,11 +18,9 @@ import ( argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) -const ( - resourceApiVersion = "mallard.io/v1" - resourceKind = "ducks" - resourceName = "quak" -) +const resourceApiVersion = "mallard.io/v1" +const resourceKind = "ducks" +const resourceName = "quak" func TestGenerateParamsForDuckType(t *testing.T) { clusters := []client.Object{ @@ -282,7 +279,9 @@ func TestGenerateParamsForDuckType(t *testing.T) { } for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + appClientset := kubefake.NewSimpleClientset(append(runtimeClusters, configMap)...) gvrToListKind := map[schema.GroupVersionResource]string{{ @@ -293,7 +292,7 @@ func TestGenerateParamsForDuckType(t *testing.T) { fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, testCase.resource) - duckTypeGenerator := NewDuckTypeGenerator(context.Background(), fakeDynClient, appClientset, "namespace") + var duckTypeGenerator = NewDuckTypeGenerator(context.Background(), fakeDynClient, appClientset, "namespace") applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -309,12 +308,12 @@ func TestGenerateParamsForDuckType(t *testing.T) { LabelSelector: testCase.labelSelector, Values: testCase.values, }, - }, &applicationSetInfo, nil) + }, &applicationSetInfo) if testCase.expectedError != nil { - require.EqualError(t, err, testCase.expectedError.Error()) + assert.EqualError(t, err, testCase.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, got) } }) @@ -578,7 +577,9 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) { } for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + appClientset := kubefake.NewSimpleClientset(append(runtimeClusters, configMap)...) gvrToListKind := map[schema.GroupVersionResource]string{{ @@ -589,7 +590,7 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) { fakeDynClient := dynfake.NewSimpleDynamicClientWithCustomListKinds(runtime.NewScheme(), gvrToListKind, testCase.resource) - duckTypeGenerator := NewDuckTypeGenerator(context.Background(), fakeDynClient, appClientset, "namespace") + var duckTypeGenerator = NewDuckTypeGenerator(context.Background(), fakeDynClient, appClientset, "namespace") applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -607,12 +608,12 @@ func TestGenerateParamsForDuckTypeGoTemplate(t *testing.T) { LabelSelector: testCase.labelSelector, Values: testCase.values, }, - }, &applicationSetInfo, nil) + }, &applicationSetInfo) if testCase.expectedError != nil { - require.EqualError(t, err, testCase.expectedError.Error()) + assert.EqualError(t, err, testCase.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, got) } }) diff --git a/applicationset/generators/generator_spec_processor.go b/applicationset/generators/generator_spec_processor.go index 25e6b138da749..494b2e8d9a37d 100644 --- a/applicationset/generators/generator_spec_processor.go +++ b/applicationset/generators/generator_spec_processor.go @@ -5,7 +5,6 @@ import ( "reflect" "github.com/jeremywohl/flatten" - "sigs.k8s.io/controller-runtime/pkg/client" "github.com/argoproj/argo-cd/v2/applicationset/utils" @@ -27,7 +26,7 @@ type TransformResult struct { } // Transform a spec generator to list of paramSets and a template -func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, allGenerators map[string]Generator, baseTemplate argoprojiov1alpha1.ApplicationSetTemplate, appSet *argoprojiov1alpha1.ApplicationSet, genParams map[string]interface{}, client client.Client) ([]TransformResult, error) { +func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, allGenerators map[string]Generator, baseTemplate argoprojiov1alpha1.ApplicationSetTemplate, appSet *argoprojiov1alpha1.ApplicationSet, genParams map[string]interface{}) ([]TransformResult, error) { // This is a custom version of the `LabelSelectorAsSelector` that is in k8s.io/apimachinery. This has been copied // verbatim from that package, with the difference that we do not have any restrictions on label values. This is done // so that, among other things, we can match on cluster urls. @@ -65,7 +64,7 @@ func Transform(requestedGenerator argoprojiov1alpha1.ApplicationSetGenerator, al continue } } - params, err = g.GenerateParams(interpolatedGenerator, appSet, client) + params, err = g.GenerateParams(interpolatedGenerator, appSet) if err != nil { log.WithError(err).WithField("generator", g). Error("error generating params") diff --git a/applicationset/generators/generator_spec_processor_test.go b/applicationset/generators/generator_spec_processor_test.go index dfa89782f9a1f..b5838e7af7cbe 100644 --- a/applicationset/generators/generator_spec_processor_test.go +++ b/applicationset/generators/generator_spec_processor_test.go @@ -65,8 +65,8 @@ func TestMatchValues(t *testing.T) { for _, testCase := range testCases { t.Run(testCase.name, func(t *testing.T) { - listGenerator := NewListGenerator() - data := map[string]Generator{ + var listGenerator = NewListGenerator() + var data = map[string]Generator{ "List": listGenerator, } @@ -84,13 +84,12 @@ func TestMatchValues(t *testing.T) { List: &argov1alpha1.ListGenerator{ Elements: testCase.elements, Template: emptyTemplate(), - }, - }, + }}, data, emptyTemplate(), - &applicationSetInfo, nil, nil) + &applicationSetInfo, nil) - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, results[0].Params) }) } @@ -149,8 +148,8 @@ func TestMatchValuesGoTemplate(t *testing.T) { for _, testCase := range testCases { t.Run(testCase.name, func(t *testing.T) { - listGenerator := NewListGenerator() - data := map[string]Generator{ + var listGenerator = NewListGenerator() + var data = map[string]Generator{ "List": listGenerator, } @@ -168,13 +167,12 @@ func TestMatchValuesGoTemplate(t *testing.T) { List: &argov1alpha1.ListGenerator{ Elements: testCase.elements, Template: emptyTemplate(), - }, - }, + }}, data, emptyTemplate(), - &applicationSetInfo, nil, nil) + &applicationSetInfo, nil) - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, results[0].Params) }) } @@ -238,13 +236,12 @@ func TestTransForm(t *testing.T) { Selector: metav1.LabelSelector{}, Template: argov1alpha1.ApplicationSetTemplate{}, Values: nil, - }, - }, + }}, testGenerators, emptyTemplate(), - &applicationSetInfo, nil, nil) + &applicationSetInfo, nil) - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, results[0].Params) }) } @@ -346,11 +343,12 @@ func getMockClusterGenerator() Generator { func getMockGitGenerator() Generator { argoCDServiceMock := mocks.Repos{} argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything).Return([]string{"app1", "app2", "app_3", "p1/app4"}, nil) - gitGenerator := NewGitGenerator(&argoCDServiceMock) + var gitGenerator = NewGitGenerator(&argoCDServiceMock) return gitGenerator } func TestGetRelevantGenerators(t *testing.T) { + testGenerators := map[string]Generator{ "Clusters": getMockClusterGenerator(), "Git": getMockGitGenerator(), @@ -363,8 +361,7 @@ func TestGetRelevantGenerators(t *testing.T) { requestedGenerator := &argov1alpha1.ApplicationSetGenerator{ List: &argov1alpha1.ListGenerator{ Elements: []apiextensionsv1.JSON{{Raw: []byte(`{"cluster": "cluster","url": "url","values":{"foo":"bar"}}`)}}, - }, - } + }} relevantGenerators := GetRelevantGenerators(requestedGenerator, testGenerators) assert.Len(t, relevantGenerators, 1) @@ -407,8 +404,7 @@ func TestInterpolateGenerator(t *testing.T) { "path-basename": "{{path.basename}}", "path-zero": "{{path[0]}}", "path-full": "{{path}}", - }, - }, + }}, }, } gitGeneratorParams := map[string]interface{}{ @@ -462,8 +458,7 @@ func TestInterpolateGenerator_go(t *testing.T) { "path-zero": "{{index .path.segments 0}}", "path-full": "{{.path.path}}", "kubernetes.io/environment": `{{default "foo" .my_label}}`, - }, - }, + }}, }, } gitGeneratorParams := map[string]interface{}{ @@ -555,7 +550,7 @@ func TestInterpolateGeneratorError(t *testing.T) { t.Run(tt.name, func(t *testing.T) { got, err := InterpolateGenerator(tt.args.requestedGenerator, tt.args.params, tt.args.useGoTemplate, tt.args.goTemplateOptions) if tt.expectedErrStr != "" { - require.EqualError(t, err, tt.expectedErrStr) + assert.EqualError(t, err, tt.expectedErrStr) } else { require.NoError(t, err) } diff --git a/applicationset/generators/git.go b/applicationset/generators/git.go index a5fb2576f8f6a..57fe2835b8df0 100644 --- a/applicationset/generators/git.go +++ b/applicationset/generators/git.go @@ -11,14 +11,11 @@ import ( "github.com/jeremywohl/flatten" log "github.com/sirupsen/logrus" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/applicationset/services" "github.com/argoproj/argo-cd/v2/applicationset/utils" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - "github.com/argoproj/argo-cd/v2/util/gpg" ) var _ Generator = (*GitGenerator)(nil) @@ -39,6 +36,7 @@ func (g *GitGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.Applicati } func (g *GitGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration { + // Return a requeue default of 3 minutes, if no default is specified. if appSetGenerator.Git.RequeueAfterSeconds != nil { @@ -48,7 +46,8 @@ func (g *GitGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Appli return DefaultRequeueAfterSeconds } -func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) { +func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { + if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError } @@ -59,27 +58,12 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic noRevisionCache := appSet.RefreshRequired() - var project string - if strings.Contains(appSet.Spec.Template.Spec.Project, "{{") { - project = appSetGenerator.Git.Template.Spec.Project - } else { - project = appSet.Spec.Template.Spec.Project - } - - appProject := &argoprojiov1alpha1.AppProject{} - if err := client.Get(context.TODO(), types.NamespacedName{Name: appSet.Spec.Template.Spec.Project, Namespace: appSet.Namespace}, appProject); err != nil { - return nil, fmt.Errorf("error getting project %s: %w", project, err) - } - - // we need to verify the signature on the Git revision if GPG is enabled - verifyCommit := appProject.Spec.SignatureKeys != nil && len(appProject.Spec.SignatureKeys) > 0 && gpg.IsGPGEnabled() - var err error var res []map[string]interface{} if len(appSetGenerator.Git.Directories) != 0 { - res, err = g.generateParamsForGitDirectories(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) + res, err = g.generateParamsForGitDirectories(appSetGenerator, noRevisionCache, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) } else if len(appSetGenerator.Git.Files) != 0 { - res, err = g.generateParamsForGitFiles(appSetGenerator, noRevisionCache, verifyCommit, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) + res, err = g.generateParamsForGitFiles(appSetGenerator, noRevisionCache, appSet.Spec.GoTemplate, appSet.Spec.GoTemplateOptions) } else { return nil, EmptyAppSetGeneratorError } @@ -90,9 +74,10 @@ func (g *GitGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Applic return res, nil } -func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, noRevisionCache, verifyCommit bool, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, noRevisionCache bool, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { + // Directories, not files - allPaths, err := g.repos.GetDirectories(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision, noRevisionCache, verifyCommit) + allPaths, err := g.repos.GetDirectories(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision, noRevisionCache) if err != nil { return nil, fmt.Errorf("error getting directories from repo: %w", err) } @@ -115,11 +100,12 @@ func (g *GitGenerator) generateParamsForGitDirectories(appSetGenerator *argoproj return res, nil } -func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, noRevisionCache, verifyCommit bool, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { +func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, noRevisionCache bool, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { + // Get all files that match the requested path string, removing duplicates allFiles := make(map[string][]byte) for _, requestedPath := range appSetGenerator.Git.Files { - files, err := g.repos.GetFiles(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision, requestedPath.Path, noRevisionCache, verifyCommit) + files, err := g.repos.GetFiles(context.TODO(), appSetGenerator.Git.RepoURL, appSetGenerator.Git.Revision, requestedPath.Path, noRevisionCache) if err != nil { return nil, err } @@ -139,10 +125,11 @@ func (g *GitGenerator) generateParamsForGitFiles(appSetGenerator *argoprojiov1al // Generate params from each path, and return res := []map[string]interface{}{} for _, path := range allPaths { + // A JSON / YAML file path can contain multiple sets of parameters (ie it is an array) paramsArray, err := g.generateParamsFromGitFile(path, allFiles[path], appSetGenerator.Git.Values, useGoTemplate, goTemplateOptions, appSetGenerator.Git.PathParamPrefix) if err != nil { - return nil, fmt.Errorf("unable to process file '%s': %w", path, err) + return nil, fmt.Errorf("unable to process file '%s': %v", path, err) } res = append(res, paramsArray...) @@ -160,7 +147,7 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent [] singleObj := make(map[string]interface{}) err = yaml.Unmarshal(fileContent, &singleObj) if err != nil { - return nil, fmt.Errorf("unable to parse file: %w", err) + return nil, fmt.Errorf("unable to parse file: %v", err) } objectsFound = append(objectsFound, singleObj) } else if len(objectsFound) == 0 { @@ -171,6 +158,7 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent [] res := []map[string]interface{}{} for _, objectFound := range objectsFound { + params := map[string]interface{}{} if useGoTemplate { @@ -226,13 +214,13 @@ func (g *GitGenerator) generateParamsFromGitFile(filePath string, fileContent [] return res, nil } -func (g *GitGenerator) filterApps(directories []argoprojiov1alpha1.GitDirectoryGeneratorItem, allPaths []string) []string { +func (g *GitGenerator) filterApps(Directories []argoprojiov1alpha1.GitDirectoryGeneratorItem, allPaths []string) []string { res := []string{} for _, appPath := range allPaths { appInclude := false appExclude := false // Iterating over each appPath and check whether directories object has requestedPath that matches the appPath - for _, requestedPath := range directories { + for _, requestedPath := range Directories { match, err := path.Match(requestedPath.Path, appPath) if err != nil { log.WithError(err).WithField("requestedPath", requestedPath). @@ -257,6 +245,7 @@ func (g *GitGenerator) filterApps(directories []argoprojiov1alpha1.GitDirectoryG func (g *GitGenerator) generateParamsFromApps(requestedApps []string, appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, useGoTemplate bool, goTemplateOptions []string) ([]map[string]interface{}, error) { res := make([]map[string]interface{}, len(requestedApps)) for i, a := range requestedApps { + params := make(map[string]interface{}, 5) if useGoTemplate { diff --git a/applicationset/generators/git_test.go b/applicationset/generators/git_test.go index 4f55b1c4391b2..d3fd4965057f8 100644 --- a/applicationset/generators/git_test.go +++ b/applicationset/generators/git_test.go @@ -4,16 +4,11 @@ import ( "fmt" "testing" + "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" + argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/controller-runtime/pkg/client/fake" - - "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) func Test_generateParamsFromGitFile(t *testing.T) { @@ -179,6 +174,7 @@ foo: } func TestGitGenerateParamsFromDirectories(t *testing.T) { + cases := []struct { name string directories []argoprojiov1alpha1.GitDirectoryGeneratorItem @@ -321,9 +317,9 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { argoCDServiceMock := mocks.Repos{} - argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(testCaseCopy.repoApps, testCaseCopy.repoError) + argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(testCaseCopy.repoApps, testCaseCopy.repoError) - gitGenerator := NewGitGenerator(&argoCDServiceMock) + var gitGenerator = NewGitGenerator(&argoCDServiceMock) applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "set", @@ -341,19 +337,12 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { }, } - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - appProject := argoprojiov1alpha1.AppProject{} - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appProject).Build() - - got, err := gitGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, client) + got, err := gitGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) if testCaseCopy.expectedError != nil { - require.EqualError(t, err, testCaseCopy.expectedError.Error()) + assert.EqualError(t, err, testCaseCopy.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } @@ -363,6 +352,7 @@ func TestGitGenerateParamsFromDirectories(t *testing.T) { } func TestGitGenerateParamsFromDirectoriesGoTemplate(t *testing.T) { + cases := []struct { name string directories []argoprojiov1alpha1.GitDirectoryGeneratorItem @@ -562,6 +552,7 @@ func TestGitGenerateParamsFromDirectoriesGoTemplate(t *testing.T) { }, repoError: nil, expected: []map[string]interface{}{ + { "path": map[string]interface{}{ "path": "app1", @@ -622,9 +613,9 @@ func TestGitGenerateParamsFromDirectoriesGoTemplate(t *testing.T) { argoCDServiceMock := mocks.Repos{} - argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(testCaseCopy.repoApps, testCaseCopy.repoError) + argoCDServiceMock.On("GetDirectories", mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(testCaseCopy.repoApps, testCaseCopy.repoError) - gitGenerator := NewGitGenerator(&argoCDServiceMock) + var gitGenerator = NewGitGenerator(&argoCDServiceMock) applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "set", @@ -642,28 +633,23 @@ func TestGitGenerateParamsFromDirectoriesGoTemplate(t *testing.T) { }, } - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - appProject := argoprojiov1alpha1.AppProject{} - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appProject).Build() - - got, err := gitGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, client) + got, err := gitGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) if testCaseCopy.expectedError != nil { - require.EqualError(t, err, testCaseCopy.expectedError.Error()) + assert.EqualError(t, err, testCaseCopy.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } argoCDServiceMock.AssertExpectations(t) }) } + } func TestGitGenerateParamsFromFiles(t *testing.T) { + cases := []struct { name string // files is the list of paths/globs to match @@ -986,10 +972,10 @@ cluster: t.Parallel() argoCDServiceMock := mocks.Repos{} - argoCDServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything). + argoCDServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything). Return(testCaseCopy.repoFileContents, testCaseCopy.repoPathsError) - gitGenerator := NewGitGenerator(&argoCDServiceMock) + var gitGenerator = NewGitGenerator(&argoCDServiceMock) applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "set", @@ -1006,20 +992,13 @@ cluster: }, } - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - appProject := argoprojiov1alpha1.AppProject{} - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appProject).Build() - - got, err := gitGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, client) + got, err := gitGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) fmt.Println(got, err) if testCaseCopy.expectedError != nil { - require.EqualError(t, err, testCaseCopy.expectedError.Error()) + assert.EqualError(t, err, testCaseCopy.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCaseCopy.expected, got) } @@ -1029,6 +1008,7 @@ cluster: } func TestGitGenerateParamsFromFilesGoTemplate(t *testing.T) { + cases := []struct { name string // files is the list of paths/globs to match @@ -1342,10 +1322,10 @@ cluster: t.Parallel() argoCDServiceMock := mocks.Repos{} - argoCDServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything). + argoCDServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything). Return(testCaseCopy.repoFileContents, testCaseCopy.repoPathsError) - gitGenerator := NewGitGenerator(&argoCDServiceMock) + var gitGenerator = NewGitGenerator(&argoCDServiceMock) applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "set", @@ -1362,20 +1342,13 @@ cluster: }, } - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - appProject := argoprojiov1alpha1.AppProject{} - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appProject).Build() - - got, err := gitGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, client) + got, err := gitGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) fmt.Println(got, err) if testCaseCopy.expectedError != nil { - require.EqualError(t, err, testCaseCopy.expectedError.Error()) + assert.EqualError(t, err, testCaseCopy.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCaseCopy.expected, got) } diff --git a/applicationset/generators/interface.go b/applicationset/generators/interface.go index ea105c7842279..abb4830cf3fbe 100644 --- a/applicationset/generators/interface.go +++ b/applicationset/generators/interface.go @@ -4,8 +4,6 @@ import ( "fmt" "time" - "sigs.k8s.io/controller-runtime/pkg/client" - argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -14,7 +12,7 @@ type Generator interface { // GenerateParams interprets the ApplicationSet and generates all relevant parameters for the application template. // The expected / desired list of parameters is returned, it then will be render and reconciled // against the current state of the Applications in the cluster. - GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) + GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) // GetRequeueAfter is the generator can controller the next reconciled loop // In case there is more then one generator the time will be the minimum of the times. @@ -25,10 +23,8 @@ type Generator interface { GetTemplate(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) *argoprojiov1alpha1.ApplicationSetTemplate } -var ( - EmptyAppSetGeneratorError = fmt.Errorf("ApplicationSet is empty") - NoRequeueAfter time.Duration -) +var EmptyAppSetGeneratorError = fmt.Errorf("ApplicationSet is empty") +var NoRequeueAfter time.Duration // DefaultRequeueAfterSeconds is used when GetRequeueAfter is not specified, it is the default time to wait before the next reconcile loop const ( diff --git a/applicationset/generators/list.go b/applicationset/generators/list.go index fad6a6af5c6d9..b3afabe6dac7d 100644 --- a/applicationset/generators/list.go +++ b/applicationset/generators/list.go @@ -5,7 +5,6 @@ import ( "fmt" "time" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -13,7 +12,8 @@ import ( var _ Generator = (*ListGenerator)(nil) -type ListGenerator struct{} +type ListGenerator struct { +} func NewListGenerator() Generator { g := &ListGenerator{} @@ -28,7 +28,7 @@ func (g *ListGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.Applicat return &appSetGenerator.List.Template } -func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) { +func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError } @@ -44,7 +44,7 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli var element map[string]interface{} err := json.Unmarshal(tmpItem.Raw, &element) if err != nil { - return nil, fmt.Errorf("error unmarshling list element %w", err) + return nil, fmt.Errorf("error unmarshling list element %v", err) } if appSet.Spec.GoTemplate { @@ -59,14 +59,14 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli for k, v := range values { value, ok := v.(string) if !ok { - return nil, fmt.Errorf("error parsing value as string %w", err) + return nil, fmt.Errorf("error parsing value as string %v", err) } params[fmt.Sprintf("values.%s", k)] = value } } else { v, ok := value.(string) if !ok { - return nil, fmt.Errorf("error parsing value as string %w", err) + return nil, fmt.Errorf("error parsing value as string %v", err) } params[key] = v } @@ -77,10 +77,11 @@ func (g *ListGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appli // Append elements from ElementsYaml to the response if len(appSetGenerator.List.ElementsYaml) > 0 { + var yamlElements []map[string]interface{} err := yaml.Unmarshal([]byte(appSetGenerator.List.ElementsYaml), &yamlElements) if err != nil { - return nil, fmt.Errorf("error unmarshling decoded ElementsYaml %w", err) + return nil, fmt.Errorf("error unmarshling decoded ElementsYaml %v", err) } res = append(res, yamlElements...) } diff --git a/applicationset/generators/list_test.go b/applicationset/generators/list_test.go index 5a3b1d88dd4f4..39bdb06c06dd7 100644 --- a/applicationset/generators/list_test.go +++ b/applicationset/generators/list_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -26,7 +25,8 @@ func TestGenerateListParams(t *testing.T) { } for _, testCase := range testCases { - listGenerator := NewListGenerator() + + var listGenerator = NewListGenerator() applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -38,11 +38,11 @@ func TestGenerateListParams(t *testing.T) { got, err := listGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{ List: &argoprojiov1alpha1.ListGenerator{ Elements: testCase.elements, - }, - }, &applicationSetInfo, nil) + }}, &applicationSetInfo) - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, got) + } } @@ -61,7 +61,8 @@ func TestGenerateListParamsGoTemplate(t *testing.T) { } for _, testCase := range testCases { - listGenerator := NewListGenerator() + + var listGenerator = NewListGenerator() applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -75,10 +76,9 @@ func TestGenerateListParamsGoTemplate(t *testing.T) { got, err := listGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{ List: &argoprojiov1alpha1.ListGenerator{ Elements: testCase.elements, - }, - }, &applicationSetInfo, nil) + }}, &applicationSetInfo) - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, testCase.expected, got) } } diff --git a/applicationset/generators/matrix.go b/applicationset/generators/matrix.go index 2a44d97b71ac5..3edac086a4b3c 100644 --- a/applicationset/generators/matrix.go +++ b/applicationset/generators/matrix.go @@ -5,7 +5,6 @@ import ( "time" "github.com/imdario/mergo" - "sigs.k8s.io/controller-runtime/pkg/client" "github.com/argoproj/argo-cd/v2/applicationset/utils" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -33,7 +32,8 @@ func NewMatrixGenerator(supportedGenerators map[string]Generator) Generator { return m } -func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) { +func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { + if appSetGenerator.Matrix == nil { return nil, EmptyAppSetGeneratorError } @@ -48,16 +48,17 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App res := []map[string]interface{}{} - g0, err := m.getParams(appSetGenerator.Matrix.Generators[0], appSet, nil, client) + g0, err := m.getParams(appSetGenerator.Matrix.Generators[0], appSet, nil) if err != nil { return nil, fmt.Errorf("error failed to get params for first generator in matrix generator: %w", err) } for _, a := range g0 { - g1, err := m.getParams(appSetGenerator.Matrix.Generators[1], appSet, a, client) + g1, err := m.getParams(appSetGenerator.Matrix.Generators[1], appSet, a) if err != nil { return nil, fmt.Errorf("failed to get params for second generator in the matrix generator: %w", err) } for _, b := range g1 { + if appSet.Spec.GoTemplate { tmp := map[string]interface{}{} if err := mergo.Merge(&tmp, b, mergo.WithOverride); err != nil { @@ -80,7 +81,7 @@ func (m *MatrixGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.App return res, nil } -func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, params map[string]interface{}, client client.Client) ([]map[string]interface{}, error) { +func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, params map[string]interface{}) ([]map[string]interface{}, error) { matrixGen, err := getMatrixGenerator(appSetBaseGenerator) if err != nil { return nil, err @@ -118,10 +119,10 @@ func (m *MatrixGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Appli m.supportedGenerators, argoprojiov1alpha1.ApplicationSetTemplate{}, appSet, - params, - client) + params) + if err != nil { - return nil, fmt.Errorf("child generator returned an error on parameter generation: %w", err) + return nil, fmt.Errorf("child generator returned an error on parameter generation: %v", err) } if len(t) == 0 { @@ -171,6 +172,7 @@ func (m *MatrixGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Ap } else { return NoRequeueAfter } + } func getMatrixGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*argoprojiov1alpha1.MatrixGenerator, error) { diff --git a/applicationset/generators/matrix_test.go b/applicationset/generators/matrix_test.go index 0e37f01ff06d3..21e88710ae618 100644 --- a/applicationset/generators/matrix_test.go +++ b/applicationset/generators/matrix_test.go @@ -19,11 +19,11 @@ import ( "github.com/stretchr/testify/mock" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) func TestMatrixGenerate(t *testing.T) { + gitGenerator := &argoprojiov1alpha1.GitGenerator{ RepoURL: "RepoURL", Revision: "Revision", @@ -147,11 +147,12 @@ func TestMatrixGenerate(t *testing.T) { } for _, g := range testCaseCopy.baseGenerators { + gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{ Git: g.Git, List: g.List, } - genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet, mock.Anything).Return([]map[string]interface{}{ + genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]interface{}{ { "path": "app1", "path.basename": "app1", @@ -168,7 +169,7 @@ func TestMatrixGenerate(t *testing.T) { Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) } - matrixGenerator := NewMatrixGenerator( + var matrixGenerator = NewMatrixGenerator( map[string]Generator{ "Git": genMock, "List": &ListGenerator{}, @@ -180,19 +181,22 @@ func TestMatrixGenerate(t *testing.T) { Generators: testCaseCopy.baseGenerators, Template: argoprojiov1alpha1.ApplicationSetTemplate{}, }, - }, appSet, nil) + }, appSet) if testCaseCopy.expectedErr != nil { - require.ErrorIs(t, err, testCaseCopy.expectedErr) + assert.ErrorIs(t, err, testCaseCopy.expectedErr) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } + }) + } } func TestMatrixGenerateGoTemplate(t *testing.T) { + gitGenerator := &argoprojiov1alpha1.GitGenerator{ RepoURL: "RepoURL", Revision: "Revision", @@ -356,11 +360,12 @@ func TestMatrixGenerateGoTemplate(t *testing.T) { } for _, g := range testCaseCopy.baseGenerators { + gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{ Git: g.Git, List: g.List, } - genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet, mock.Anything).Return([]map[string]interface{}{ + genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]interface{}{ { "path": map[string]string{ "path": "app1", @@ -381,7 +386,7 @@ func TestMatrixGenerateGoTemplate(t *testing.T) { Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) } - matrixGenerator := NewMatrixGenerator( + var matrixGenerator = NewMatrixGenerator( map[string]Generator{ "Git": genMock, "List": &ListGenerator{}, @@ -393,19 +398,22 @@ func TestMatrixGenerateGoTemplate(t *testing.T) { Generators: testCaseCopy.baseGenerators, Template: argoprojiov1alpha1.ApplicationSetTemplate{}, }, - }, appSet, nil) + }, appSet) if testCaseCopy.expectedErr != nil { - require.ErrorIs(t, err, testCaseCopy.expectedErr) + assert.ErrorIs(t, err, testCaseCopy.expectedErr) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } + }) + } } func TestMatrixGetRequeueAfter(t *testing.T) { + gitGenerator := &argoprojiov1alpha1.GitGenerator{ RepoURL: "RepoURL", Revision: "Revision", @@ -522,7 +530,7 @@ func TestMatrixGetRequeueAfter(t *testing.T) { mock.On("GetRequeueAfter", &gitGeneratorSpec).Return(testCaseCopy.gitGetRequeueAfter, nil) } - matrixGenerator := NewMatrixGenerator( + var matrixGenerator = NewMatrixGenerator( map[string]Generator{ "Git": mock, "List": &ListGenerator{}, @@ -540,7 +548,9 @@ func TestMatrixGetRequeueAfter(t *testing.T) { }) assert.Equal(t, testCaseCopy.expected, got) + }) + } } @@ -645,9 +655,10 @@ func TestInterpolatedMatrixGenerate(t *testing.T) { fakeClient, testCase.clientError, } - clusterGenerator := NewClusterGenerator(cl, context.Background(), appClientset, "namespace") + var clusterGenerator = NewClusterGenerator(cl, context.Background(), appClientset, "namespace") for _, g := range testCaseCopy.baseGenerators { + gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{ Git: g.Git, Clusters: g.Clusters, @@ -667,7 +678,7 @@ func TestInterpolatedMatrixGenerate(t *testing.T) { genMock.On("GetTemplate", &gitGeneratorSpec). Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) } - matrixGenerator := NewMatrixGenerator( + var matrixGenerator = NewMatrixGenerator( map[string]Generator{ "Git": genMock, "Clusters": clusterGenerator, @@ -679,14 +690,15 @@ func TestInterpolatedMatrixGenerate(t *testing.T) { Generators: testCaseCopy.baseGenerators, Template: argoprojiov1alpha1.ApplicationSetTemplate{}, }, - }, appSet, nil) + }, appSet) if testCaseCopy.expectedErr != nil { - require.ErrorIs(t, err, testCaseCopy.expectedErr) + assert.ErrorIs(t, err, testCaseCopy.expectedErr) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } + }) } } @@ -826,14 +838,16 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) { fakeClient, testCase.clientError, } - clusterGenerator := NewClusterGenerator(cl, context.Background(), appClientset, "namespace") + var clusterGenerator = NewClusterGenerator(cl, context.Background(), appClientset, "namespace") for _, g := range testCaseCopy.baseGenerators { + gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{ Git: g.Git, Clusters: g.Clusters, } genMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), appSet).Return([]map[string]interface{}{ + { "path": map[string]string{ "path": "examples/git-generator-files-discovery/cluster-config/dev/config.json", @@ -852,7 +866,7 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) { genMock.On("GetTemplate", &gitGeneratorSpec). Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) } - matrixGenerator := NewMatrixGenerator( + var matrixGenerator = NewMatrixGenerator( map[string]Generator{ "Git": genMock, "Clusters": clusterGenerator, @@ -864,19 +878,22 @@ func TestInterpolatedMatrixGenerateGoTemplate(t *testing.T) { Generators: testCaseCopy.baseGenerators, Template: argoprojiov1alpha1.ApplicationSetTemplate{}, }, - }, appSet, nil) + }, appSet) if testCaseCopy.expectedErr != nil { - require.ErrorIs(t, err, testCaseCopy.expectedErr) + assert.ErrorIs(t, err, testCaseCopy.expectedErr) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } + }) + } } func TestMatrixGenerateListElementsYaml(t *testing.T) { + gitGenerator := &argoprojiov1alpha1.GitGenerator{ RepoURL: "RepoURL", Revision: "Revision", @@ -980,6 +997,7 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { } for _, g := range testCaseCopy.baseGenerators { + gitGeneratorSpec := argoprojiov1alpha1.ApplicationSetGenerator{ Git: g.Git, List: g.List, @@ -1011,9 +1029,10 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { }}, nil) genMock.On("GetTemplate", &gitGeneratorSpec). Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) + } - matrixGenerator := NewMatrixGenerator( + var matrixGenerator = NewMatrixGenerator( map[string]Generator{ "Git": genMock, "List": &ListGenerator{}, @@ -1025,15 +1044,17 @@ func TestMatrixGenerateListElementsYaml(t *testing.T) { Generators: testCaseCopy.baseGenerators, Template: argoprojiov1alpha1.ApplicationSetTemplate{}, }, - }, appSet, nil) + }, appSet) if testCaseCopy.expectedErr != nil { - require.ErrorIs(t, err, testCaseCopy.expectedErr) + assert.ErrorIs(t, err, testCaseCopy.expectedErr) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } + }) + } } @@ -1047,7 +1068,7 @@ func (g *generatorMock) GetTemplate(appSetGenerator *argoprojiov1alpha1.Applicat return args.Get(0).(*argoprojiov1alpha1.ApplicationSetTemplate) } -func (g *generatorMock) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) { +func (g *generatorMock) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { args := g.Called(appSetGenerator, appSet) return args.Get(0).([]map[string]interface{}), args.Error(1) @@ -1057,6 +1078,7 @@ func (g *generatorMock) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.Appl args := g.Called(appSetGenerator) return args.Get(0).(time.Duration) + } func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) { @@ -1073,7 +1095,7 @@ func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) { // of that bug. listGeneratorMock := &generatorMock{} - listGeneratorMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), mock.AnythingOfType("*v1alpha1.ApplicationSet"), mock.Anything).Return([]map[string]interface{}{ + listGeneratorMock.On("GenerateParams", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator"), mock.AnythingOfType("*v1alpha1.ApplicationSet")).Return([]map[string]interface{}{ {"some": "value"}, }, nil) listGeneratorMock.On("GetTemplate", mock.AnythingOfType("*v1alpha1.ApplicationSetGenerator")).Return(&argoprojiov1alpha1.ApplicationSetTemplate{}) @@ -1086,7 +1108,7 @@ func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) { } repoServiceMock := &mocks.Repos{} - repoServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(map[string][]byte{ + repoServiceMock.On("GetFiles", mock.Anything, mock.Anything, mock.Anything, mock.Anything, mock.Anything).Return(map[string][]byte{ "some/path.json": []byte("test: content"), }, nil) gitGenerator := NewGitGenerator(repoServiceMock) @@ -1112,17 +1134,9 @@ func TestGitGenerator_GenerateParams_list_x_git_matrix_generator(t *testing.T) { }, }, } - - scheme := runtime.NewScheme() - err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) - appProject := argoprojiov1alpha1.AppProject{} - - client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(&appProject).Build() - params, err := matrixGenerator.GenerateParams(&argoprojiov1alpha1.ApplicationSetGenerator{ Matrix: matrixGeneratorSpec, - }, &argoprojiov1alpha1.ApplicationSet{}, client) + }, &argoprojiov1alpha1.ApplicationSet{}) require.NoError(t, err) assert.Equal(t, []map[string]interface{}{{ "path": "some", diff --git a/applicationset/generators/merge.go b/applicationset/generators/merge.go index e9af81fadae4e..ebda7180df70f 100644 --- a/applicationset/generators/merge.go +++ b/applicationset/generators/merge.go @@ -6,7 +6,6 @@ import ( "time" "github.com/imdario/mergo" - "sigs.k8s.io/controller-runtime/pkg/client" "github.com/argoproj/argo-cd/v2/applicationset/utils" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -37,10 +36,10 @@ func NewMergeGenerator(supportedGenerators map[string]Generator) Generator { // getParamSetsForAllGenerators generates params for each child generator in a MergeGenerator. Param sets are returned // in slices ordered according to the order of the given generators. -func (m *MergeGenerator) getParamSetsForAllGenerators(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([][]map[string]interface{}, error) { +func (m *MergeGenerator) getParamSetsForAllGenerators(generators []argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([][]map[string]interface{}, error) { var paramSets [][]map[string]interface{} for i, generator := range generators { - generatorParamSets, err := m.getParams(generator, appSet, client) + generatorParamSets, err := m.getParams(generator, appSet) if err != nil { return nil, fmt.Errorf("error getting params from generator %d of %d: %w", i+1, len(generators), err) } @@ -51,7 +50,7 @@ func (m *MergeGenerator) getParamSetsForAllGenerators(generators []argoprojiov1a } // GenerateParams gets the params produced by the MergeGenerator. -func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) { +func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { if appSetGenerator.Merge == nil { return nil, EmptyAppSetGeneratorError } @@ -60,7 +59,7 @@ func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appl return nil, ErrLessThanTwoGeneratorsInMerge } - paramSetsFromGenerators, err := m.getParamSetsForAllGenerators(appSetGenerator.Merge.Generators, appSet, client) + paramSetsFromGenerators, err := m.getParamSetsForAllGenerators(appSetGenerator.Merge.Generators, appSet) if err != nil { return nil, fmt.Errorf("error getting param sets from generators: %w", err) } @@ -78,6 +77,7 @@ func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appl for mergeKeyValue, baseParamSet := range baseParamSetsByMergeKey { if overrideParamSet, exists := paramSetsByMergeKey[mergeKeyValue]; exists { + if appSet.Spec.GoTemplate { if err := mergo.Merge(&baseParamSet, overrideParamSet, mergo.WithOverride); err != nil { return nil, fmt.Errorf("error merging base param set with override param set: %w", err) @@ -95,7 +95,7 @@ func (m *MergeGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.Appl } mergedParamSets := make([]map[string]interface{}, len(baseParamSetsByMergeKey)) - i := 0 + var i = 0 for _, mergedParamSet := range baseParamSetsByMergeKey { mergedParamSets[i] = mergedParamSet i += 1 @@ -138,7 +138,7 @@ func getParamSetsByMergeKey(mergeKeys []string, paramSets []map[string]interface } // getParams get the parameters generated by this generator. -func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) { +func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.ApplicationSetNestedGenerator, appSet *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { matrixGen, err := getMatrixGenerator(appSetBaseGenerator) if err != nil { return nil, err @@ -176,9 +176,10 @@ func (m *MergeGenerator) getParams(appSetBaseGenerator argoprojiov1alpha1.Applic m.supportedGenerators, argoprojiov1alpha1.ApplicationSetTemplate{}, appSet, - map[string]interface{}{}, client) + map[string]interface{}{}) + if err != nil { - return nil, fmt.Errorf("child generator returned an error on parameter generation: %w", err) + return nil, fmt.Errorf("child generator returned an error on parameter generation: %v", err) } if len(t) == 0 { @@ -226,6 +227,7 @@ func (m *MergeGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.App } else { return NoRequeueAfter } + } func getMergeGenerator(r argoprojiov1alpha1.ApplicationSetNestedGenerator) (*argoprojiov1alpha1.MergeGenerator, error) { diff --git a/applicationset/generators/merge_test.go b/applicationset/generators/merge_test.go index 005e5c2c32905..454b1884190a3 100644 --- a/applicationset/generators/merge_test.go +++ b/applicationset/generators/merge_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -50,6 +49,7 @@ func listOfMapsToSet(maps []map[string]interface{}) (map[string]bool, error) { } func TestMergeGenerate(t *testing.T) { + testCases := []struct { name string baseGenerators []argoprojiov1alpha1.ApplicationSetNestedGenerator @@ -156,7 +156,7 @@ func TestMergeGenerate(t *testing.T) { appSet := &argoprojiov1alpha1.ApplicationSet{} - mergeGenerator := NewMergeGenerator( + var mergeGenerator = NewMergeGenerator( map[string]Generator{ "List": &ListGenerator{}, "Matrix": &MatrixGenerator{ @@ -178,18 +178,18 @@ func TestMergeGenerate(t *testing.T) { MergeKeys: testCaseCopy.mergeKeys, Template: argoprojiov1alpha1.ApplicationSetTemplate{}, }, - }, appSet, nil) + }, appSet) if testCaseCopy.expectedErr != nil { - require.EqualError(t, err, testCaseCopy.expectedErr.Error()) + assert.EqualError(t, err, testCaseCopy.expectedErr.Error()) } else { expectedSet, err := listOfMapsToSet(testCaseCopy.expected) - require.NoError(t, err) + assert.NoError(t, err) actualSet, err := listOfMapsToSet(got) - require.NoError(t, err) + assert.NoError(t, err) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedSet, actualSet) } }) @@ -197,6 +197,7 @@ func TestMergeGenerate(t *testing.T) { } func toAPIExtensionsJSON(t *testing.T, g interface{}) *apiextensionsv1.JSON { + resVal, err := json.Marshal(g) if err != nil { t.Error("unable to unmarshal json", g) @@ -338,11 +339,13 @@ func TestParamSetsAreUniqueByMergeKeys(t *testing.T) { got, err := getParamSetsByMergeKey(testCaseCopy.mergeKeys, testCaseCopy.paramSets) if testCaseCopy.expectedErr != nil { - require.EqualError(t, err, testCaseCopy.expectedErr.Error()) + assert.EqualError(t, err, testCaseCopy.expectedErr.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } + }) + } } diff --git a/applicationset/generators/mocks/Generator.go b/applicationset/generators/mocks/Generator.go deleted file mode 100644 index dc6197f892866..0000000000000 --- a/applicationset/generators/mocks/Generator.go +++ /dev/null @@ -1,100 +0,0 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. - -package mocks - -import ( - client "sigs.k8s.io/controller-runtime/pkg/client" - - mock "github.com/stretchr/testify/mock" - - time "time" - - v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" -) - -// Generator is an autogenerated mock type for the Generator type -type Generator struct { - mock.Mock -} - -// GenerateParams provides a mock function with given fields: appSetGenerator, applicationSetInfo, _a2 -func (_m *Generator) GenerateParams(appSetGenerator *v1alpha1.ApplicationSetGenerator, applicationSetInfo *v1alpha1.ApplicationSet, _a2 client.Client) ([]map[string]interface{}, error) { - ret := _m.Called(appSetGenerator, applicationSetInfo, _a2) - - if len(ret) == 0 { - panic("no return value specified for GenerateParams") - } - - var r0 []map[string]interface{} - var r1 error - if rf, ok := ret.Get(0).(func(*v1alpha1.ApplicationSetGenerator, *v1alpha1.ApplicationSet, client.Client) ([]map[string]interface{}, error)); ok { - return rf(appSetGenerator, applicationSetInfo, _a2) - } - if rf, ok := ret.Get(0).(func(*v1alpha1.ApplicationSetGenerator, *v1alpha1.ApplicationSet, client.Client) []map[string]interface{}); ok { - r0 = rf(appSetGenerator, applicationSetInfo, _a2) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).([]map[string]interface{}) - } - } - - if rf, ok := ret.Get(1).(func(*v1alpha1.ApplicationSetGenerator, *v1alpha1.ApplicationSet, client.Client) error); ok { - r1 = rf(appSetGenerator, applicationSetInfo, _a2) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// GetRequeueAfter provides a mock function with given fields: appSetGenerator -func (_m *Generator) GetRequeueAfter(appSetGenerator *v1alpha1.ApplicationSetGenerator) time.Duration { - ret := _m.Called(appSetGenerator) - - if len(ret) == 0 { - panic("no return value specified for GetRequeueAfter") - } - - var r0 time.Duration - if rf, ok := ret.Get(0).(func(*v1alpha1.ApplicationSetGenerator) time.Duration); ok { - r0 = rf(appSetGenerator) - } else { - r0 = ret.Get(0).(time.Duration) - } - - return r0 -} - -// GetTemplate provides a mock function with given fields: appSetGenerator -func (_m *Generator) GetTemplate(appSetGenerator *v1alpha1.ApplicationSetGenerator) *v1alpha1.ApplicationSetTemplate { - ret := _m.Called(appSetGenerator) - - if len(ret) == 0 { - panic("no return value specified for GetTemplate") - } - - var r0 *v1alpha1.ApplicationSetTemplate - if rf, ok := ret.Get(0).(func(*v1alpha1.ApplicationSetGenerator) *v1alpha1.ApplicationSetTemplate); ok { - r0 = rf(appSetGenerator) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*v1alpha1.ApplicationSetTemplate) - } - } - - return r0 -} - -// NewGenerator creates a new instance of Generator. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewGenerator(t interface { - mock.TestingT - Cleanup(func()) -}) *Generator { - mock := &Generator{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/applicationset/generators/plugin.go b/applicationset/generators/plugin.go index 6b6ba1ec4027e..e0acca0622cdc 100644 --- a/applicationset/generators/plugin.go +++ b/applicationset/generators/plugin.go @@ -55,7 +55,8 @@ func (g *PluginGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.Applic return &appSetGenerator.Plugin.Template } -func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) { +func (g *PluginGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { + if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError } @@ -93,7 +94,7 @@ func (g *PluginGenerator) getPluginFromGenerator(ctx context.Context, appSetName } token, err := g.getToken(ctx, cm["token"]) if err != nil { - return nil, fmt.Errorf("error fetching Secret token: %w", err) + return nil, fmt.Errorf("error fetching Secret token: %v", err) } var requestTimeout int @@ -116,6 +117,7 @@ func (g *PluginGenerator) generateParams(appSetGenerator *argoprojiov1alpha1.App res := []map[string]interface{}{} for _, objectFound := range objectsFound { + params := map[string]interface{}{} if useGoTemplate { @@ -150,6 +152,7 @@ func (g *PluginGenerator) generateParams(appSetGenerator *argoprojiov1alpha1.App } func (g *PluginGenerator) getToken(ctx context.Context, tokenRef string) (string, error) { + if tokenRef == "" || !strings.HasPrefix(tokenRef, "$") { return "", fmt.Errorf("token is empty, or does not reference a secret key starting with '$': %v", tokenRef) } @@ -164,8 +167,9 @@ func (g *PluginGenerator) getToken(ctx context.Context, tokenRef string) (string Namespace: g.namespace, }, secret) + if err != nil { - return "", fmt.Errorf("error fetching secret %s/%s: %w", g.namespace, secretName, err) + return "", fmt.Errorf("error fetching secret %s/%s: %v", g.namespace, secretName, err) } secretValues := make(map[string]string, len(secret.Data)) @@ -188,6 +192,7 @@ func (g *PluginGenerator) getConfigMap(ctx context.Context, configMapRef string) Namespace: g.namespace, }, cm) + if err != nil { return nil, err } diff --git a/applicationset/generators/plugin_test.go b/applicationset/generators/plugin_test.go index 55ebcfd5c7820..9611a2cbf14c1 100644 --- a/applicationset/generators/plugin_test.go +++ b/applicationset/generators/plugin_test.go @@ -631,7 +631,9 @@ func TestPluginGenerateParams(t *testing.T) { ctx := context.Background() for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { + generatorConfig := argoprojiov1alpha1.ApplicationSetGenerator{ Plugin: &argoprojiov1alpha1.PluginGenerator{ ConfigMapRef: argoprojiov1alpha1.PluginConfigMapRef{Name: testCase.configmap.Name}, @@ -643,9 +645,10 @@ func TestPluginGenerateParams(t *testing.T) { } handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + authHeader := r.Header.Get("Authorization") _, tokenKey := plugin.ParseSecretKey(testCase.configmap.Data["token"]) - expectedToken := testCase.secret.Data[strings.ReplaceAll(tokenKey, "$", "")] + expectedToken := testCase.secret.Data[strings.Replace(tokenKey, "$", "", -1)] if authHeader != "Bearer "+string(expectedToken) { w.WriteHeader(http.StatusUnauthorized) return @@ -654,7 +657,7 @@ func TestPluginGenerateParams(t *testing.T) { w.Header().Set("Content-Type", "application/json") _, err := w.Write(testCase.content) if err != nil { - require.NoError(t, fmt.Errorf("Error Write %w", err)) + assert.NoError(t, fmt.Errorf("Error Write %v", err)) } }) @@ -670,7 +673,7 @@ func TestPluginGenerateParams(t *testing.T) { fakeClientWithCache := fake.NewClientBuilder().WithObjects([]client.Object{testCase.configmap, testCase.secret}...).Build() - pluginGenerator := NewPluginGenerator(fakeClientWithCache, ctx, fakeClient, "default") + var pluginGenerator = NewPluginGenerator(fakeClientWithCache, ctx, fakeClient, "default") applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -681,15 +684,16 @@ func TestPluginGenerateParams(t *testing.T) { }, } - got, err := pluginGenerator.GenerateParams(&generatorConfig, &applicationSetInfo, nil) + got, err := pluginGenerator.GenerateParams(&generatorConfig, &applicationSetInfo) + if err != nil { fmt.Println(err) } if testCase.expectedError != nil { - require.EqualError(t, err, testCase.expectedError.Error()) + assert.EqualError(t, err, testCase.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) expectedJson, err := json.Marshal(testCase.expected) require.NoError(t, err) gotJson, err := json.Marshal(got) diff --git a/applicationset/generators/pull_request.go b/applicationset/generators/pull_request.go index a453edfc83d55..c1dfd5ed978e9 100644 --- a/applicationset/generators/pull_request.go +++ b/applicationset/generators/pull_request.go @@ -24,13 +24,19 @@ const ( type PullRequestGenerator struct { client client.Client selectServiceProviderFunc func(context.Context, *argoprojiov1alpha1.PullRequestGenerator, *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) - SCMConfig + auth SCMAuthProviders + scmRootCAPath string + allowedSCMProviders []string + enableSCMProviders bool } -func NewPullRequestGenerator(client client.Client, scmConfig SCMConfig) Generator { +func NewPullRequestGenerator(client client.Client, auth SCMAuthProviders, scmRootCAPath string, allowedScmProviders []string, enableSCMProviders bool) Generator { g := &PullRequestGenerator{ - client: client, - SCMConfig: scmConfig, + client: client, + auth: auth, + scmRootCAPath: scmRootCAPath, + allowedSCMProviders: allowedScmProviders, + enableSCMProviders: enableSCMProviders, } g.selectServiceProviderFunc = g.selectServiceProvider return g @@ -50,7 +56,7 @@ func (g *PullRequestGenerator) GetTemplate(appSetGenerator *argoprojiov1alpha1.A return &appSetGenerator.PullRequest.Template } -func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) { +func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError } @@ -67,7 +73,7 @@ func (g *PullRequestGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha pulls, err := pullrequest.ListPullRequests(ctx, svc, appSetGenerator.PullRequest.Filters) if err != nil { - return nil, fmt.Errorf("error listing repos: %w", err) + return nil, fmt.Errorf("error listing repos: %v", err) } params := make([]map[string]interface{}, 0, len(pulls)) @@ -131,7 +137,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera providerConfig := generatorConfig.GitLab token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Secret token: %w", err) + return nil, fmt.Errorf("error fetching Secret token: %v", err) } return pullrequest.NewGitLabService(ctx, token, providerConfig.API, providerConfig.Project, providerConfig.Labels, providerConfig.PullRequestState, g.scmRootCAPath, providerConfig.Insecure) } @@ -139,7 +145,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera providerConfig := generatorConfig.Gitea token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Secret token: %w", err) + return nil, fmt.Errorf("error fetching Secret token: %v", err) } return pullrequest.NewGiteaService(ctx, token, providerConfig.API, providerConfig.Owner, providerConfig.Repo, providerConfig.Insecure) } @@ -148,7 +154,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera if providerConfig.BasicAuth != nil { password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Secret token: %w", err) + return nil, fmt.Errorf("error fetching Secret token: %v", err) } return pullrequest.NewBitbucketServiceBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.Repo) } else { @@ -160,13 +166,13 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera if providerConfig.BearerToken != nil { appToken, err := g.getSecretRef(ctx, providerConfig.BearerToken.TokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Secret Bearer token: %w", err) + return nil, fmt.Errorf("error fetching Secret Bearer token: %v", err) } return pullrequest.NewBitbucketCloudServiceBearerToken(providerConfig.API, appToken, providerConfig.Owner, providerConfig.Repo) } else if providerConfig.BasicAuth != nil { password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Secret token: %w", err) + return nil, fmt.Errorf("error fetching Secret token: %v", err) } return pullrequest.NewBitbucketCloudServiceBasicAuth(providerConfig.API, providerConfig.BasicAuth.Username, password, providerConfig.Owner, providerConfig.Repo) } else { @@ -177,7 +183,7 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera providerConfig := generatorConfig.AzureDevOps token, err := g.getSecretRef(ctx, providerConfig.TokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Secret token: %w", err) + return nil, fmt.Errorf("error fetching Secret token: %v", err) } return pullrequest.NewAzureDevOpsService(ctx, token, providerConfig.API, providerConfig.Organization, providerConfig.Project, providerConfig.Repo, providerConfig.Labels) } @@ -187,9 +193,9 @@ func (g *PullRequestGenerator) selectServiceProvider(ctx context.Context, genera func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alpha1.PullRequestGeneratorGithub, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) (pullrequest.PullRequestService, error) { // use an app if it was configured if cfg.AppSecretName != "" { - auth, err := g.GitHubApps.GetAuthSecret(ctx, cfg.AppSecretName) + auth, err := g.auth.GitHubApps.GetAuthSecret(ctx, cfg.AppSecretName) if err != nil { - return nil, fmt.Errorf("error getting GitHub App secret: %w", err) + return nil, fmt.Errorf("error getting GitHub App secret: %v", err) } return pullrequest.NewGithubAppService(*auth, cfg.API, cfg.Owner, cfg.Repo, cfg.Labels) } @@ -197,7 +203,7 @@ func (g *PullRequestGenerator) github(ctx context.Context, cfg *argoprojiov1alph // always default to token, even if not set (public access) token, err := g.getSecretRef(ctx, cfg.TokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Secret token: %w", err) + return nil, fmt.Errorf("error fetching Secret token: %v", err) } return pullrequest.NewGithubService(ctx, token, cfg.API, cfg.Owner, cfg.Repo, cfg.Labels) } @@ -217,7 +223,7 @@ func (g *PullRequestGenerator) getSecretRef(ctx context.Context, ref *argoprojio }, secret) if err != nil { - return "", fmt.Errorf("error fetching secret %s/%s: %w", namespace, ref.SecretName, err) + return "", fmt.Errorf("error fetching secret %s/%s: %v", namespace, ref.SecretName, err) } tokenBytes, ok := secret.Data[ref.Key] if !ok { diff --git a/applicationset/generators/pull_request_test.go b/applicationset/generators/pull_request_test.go index 7c95057c0c0ab..9f4d3d0a9b693 100644 --- a/applicationset/generators/pull_request_test.go +++ b/applicationset/generators/pull_request_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -204,12 +203,8 @@ func TestPullRequestGithubGenerateParams(t *testing.T) { PullRequest: &argoprojiov1alpha1.PullRequestGenerator{}, } - got, gotErr := gen.GenerateParams(&generatorConfig, &c.applicationSet, nil) - if c.expectedErr != nil { - assert.Equal(t, c.expectedErr.Error(), gotErr.Error()) - } else { - require.NoError(t, gotErr) - } + got, gotErr := gen.GenerateParams(&generatorConfig, &c.applicationSet) + assert.Equal(t, c.expectedErr, gotErr) assert.ElementsMatch(t, c.expected, got) } } @@ -270,9 +265,9 @@ func TestPullRequestGetSecretRef(t *testing.T) { t.Run(c.name, func(t *testing.T) { token, err := gen.getSecretRef(ctx, c.ref, c.namespace) if c.hasError { - require.Error(t, err) + assert.NotNil(t, err) } else { - require.NoError(t, err) + assert.Nil(t, err) } assert.Equal(t, c.token, token) }) @@ -283,6 +278,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { cases := []struct { name string providerConfig *argoprojiov1alpha1.PullRequestGenerator + expectedError error }{ { name: "Error Github", @@ -291,6 +287,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Gitlab", @@ -299,6 +296,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Gitea", @@ -307,6 +305,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Bitbucket", @@ -315,6 +314,7 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, } @@ -324,13 +324,13 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { t.Run(testCaseCopy.name, func(t *testing.T) { t.Parallel() - pullRequestGenerator := NewPullRequestGenerator(nil, NewSCMConfig("", []string{ + pullRequestGenerator := NewPullRequestGenerator(nil, SCMAuthProviders{}, "", []string{ "github.myorg.com", "gitlab.myorg.com", "gitea.myorg.com", "bitbucket.myorg.com", "azuredevops.myorg.com", - }, true, nil)) + }, true) applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -343,17 +343,16 @@ func TestAllowedSCMProviderPullRequest(t *testing.T) { }, } - _, err := pullRequestGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil) + _, err := pullRequestGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) - require.Error(t, err, "Must return an error") - var expectedError ErrDisallowedSCMProvider - assert.ErrorAs(t, err, &expectedError) + assert.Error(t, err, "Must return an error") + assert.ErrorAs(t, err, testCaseCopy.expectedError) }) } } func TestSCMProviderDisabled_PRGenerator(t *testing.T) { - generator := NewPullRequestGenerator(nil, NewSCMConfig("", []string{}, false, nil)) + generator := NewPullRequestGenerator(nil, SCMAuthProviders{}, "", []string{}, false) applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -370,6 +369,6 @@ func TestSCMProviderDisabled_PRGenerator(t *testing.T) { }, } - _, err := generator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil) + _, err := generator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) assert.ErrorIs(t, err, ErrSCMProvidersDisabled) } diff --git a/applicationset/generators/scm_provider.go b/applicationset/generators/scm_provider.go index 7a3c66754f90c..42b7789be67f0 100644 --- a/applicationset/generators/scm_provider.go +++ b/applicationset/generators/scm_provider.go @@ -29,36 +29,29 @@ type SCMProviderGenerator struct { client client.Client // Testing hooks. overrideProvider scm_provider.SCMProviderService - SCMConfig -} -type SCMConfig struct { + SCMAuthProviders scmRootCAPath string allowedSCMProviders []string enableSCMProviders bool - GitHubApps github_app_auth.Credentials } -func NewSCMConfig(scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool, gitHubApps github_app_auth.Credentials) SCMConfig { - return SCMConfig{ - scmRootCAPath: scmRootCAPath, - allowedSCMProviders: allowedSCMProviders, - enableSCMProviders: enableSCMProviders, - GitHubApps: gitHubApps, - } +type SCMAuthProviders struct { + GitHubApps github_app_auth.Credentials } -func NewSCMProviderGenerator(client client.Client, scmConfig SCMConfig) Generator { +func NewSCMProviderGenerator(client client.Client, providers SCMAuthProviders, scmRootCAPath string, allowedSCMProviders []string, enableSCMProviders bool) Generator { return &SCMProviderGenerator{ - client: client, - SCMConfig: scmConfig, + client: client, + SCMAuthProviders: providers, + scmRootCAPath: scmRootCAPath, + allowedSCMProviders: allowedSCMProviders, + enableSCMProviders: enableSCMProviders, } } // Testing generator func NewTestSCMProviderGenerator(overrideProvider scm_provider.SCMProviderService) Generator { - return &SCMProviderGenerator{overrideProvider: overrideProvider, SCMConfig: SCMConfig{ - enableSCMProviders: true, - }} + return &SCMProviderGenerator{overrideProvider: overrideProvider, enableSCMProviders: true} } func (g *SCMProviderGenerator) GetRequeueAfter(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator) time.Duration { @@ -115,7 +108,7 @@ func ScmProviderAllowed(applicationSetInfo *argoprojiov1alpha1.ApplicationSet, g return NewErrDisallowedSCMProvider(url, allowedScmProviders) } -func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet, _ client.Client) ([]map[string]interface{}, error) { +func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha1.ApplicationSetGenerator, applicationSetInfo *argoprojiov1alpha1.ApplicationSet) ([]map[string]interface{}, error) { if appSetGenerator == nil { return nil, EmptyAppSetGeneratorError } @@ -148,20 +141,20 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha } else if providerConfig.Gitlab != nil { token, err := g.getSecretRef(ctx, providerConfig.Gitlab.TokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Gitlab token: %w", err) + return nil, fmt.Errorf("error fetching Gitlab token: %v", err) } provider, err = scm_provider.NewGitlabProvider(ctx, providerConfig.Gitlab.Group, token, providerConfig.Gitlab.API, providerConfig.Gitlab.AllBranches, providerConfig.Gitlab.IncludeSubgroups, providerConfig.Gitlab.WillIncludeSharedProjects(), providerConfig.Gitlab.Insecure, g.scmRootCAPath, providerConfig.Gitlab.Topic) if err != nil { - return nil, fmt.Errorf("error initializing Gitlab service: %w", err) + return nil, fmt.Errorf("error initializing Gitlab service: %v", err) } } else if providerConfig.Gitea != nil { token, err := g.getSecretRef(ctx, providerConfig.Gitea.TokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Gitea token: %w", err) + return nil, fmt.Errorf("error fetching Gitea token: %v", err) } provider, err = scm_provider.NewGiteaProvider(ctx, providerConfig.Gitea.Owner, token, providerConfig.Gitea.API, providerConfig.Gitea.AllBranches, providerConfig.Gitea.Insecure) if err != nil { - return nil, fmt.Errorf("error initializing Gitea service: %w", err) + return nil, fmt.Errorf("error initializing Gitea service: %v", err) } } else if providerConfig.BitbucketServer != nil { providerConfig := providerConfig.BitbucketServer @@ -169,38 +162,38 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha if providerConfig.BasicAuth != nil { password, err := g.getSecretRef(ctx, providerConfig.BasicAuth.PasswordRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Secret token: %w", err) + return nil, fmt.Errorf("error fetching Secret token: %v", err) } provider, scmError = scm_provider.NewBitbucketServerProviderBasicAuth(ctx, providerConfig.BasicAuth.Username, password, providerConfig.API, providerConfig.Project, providerConfig.AllBranches) } else { provider, scmError = scm_provider.NewBitbucketServerProviderNoAuth(ctx, providerConfig.API, providerConfig.Project, providerConfig.AllBranches) } if scmError != nil { - return nil, fmt.Errorf("error initializing Bitbucket Server service: %w", scmError) + return nil, fmt.Errorf("error initializing Bitbucket Server service: %v", scmError) } } else if providerConfig.AzureDevOps != nil { token, err := g.getSecretRef(ctx, providerConfig.AzureDevOps.AccessTokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Azure Devops access token: %w", err) + return nil, fmt.Errorf("error fetching Azure Devops access token: %v", err) } provider, err = scm_provider.NewAzureDevOpsProvider(ctx, token, providerConfig.AzureDevOps.Organization, providerConfig.AzureDevOps.API, providerConfig.AzureDevOps.TeamProject, providerConfig.AzureDevOps.AllBranches) if err != nil { - return nil, fmt.Errorf("error initializing Azure Devops service: %w", err) + return nil, fmt.Errorf("error initializing Azure Devops service: %v", err) } } else if providerConfig.Bitbucket != nil { appPassword, err := g.getSecretRef(ctx, providerConfig.Bitbucket.AppPasswordRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %w", err) + return nil, fmt.Errorf("error fetching Bitbucket cloud appPassword: %v", err) } provider, err = scm_provider.NewBitBucketCloudProvider(ctx, providerConfig.Bitbucket.Owner, providerConfig.Bitbucket.User, appPassword, providerConfig.Bitbucket.AllBranches) if err != nil { - return nil, fmt.Errorf("error initializing Bitbucket cloud service: %w", err) + return nil, fmt.Errorf("error initializing Bitbucket cloud service: %v", err) } } else if providerConfig.AWSCodeCommit != nil { var awsErr error provider, awsErr = scm_provider.NewAWSCodeCommitProvider(ctx, providerConfig.AWSCodeCommit.TagFilters, providerConfig.AWSCodeCommit.Role, providerConfig.AWSCodeCommit.Region, providerConfig.AWSCodeCommit.AllBranches) if awsErr != nil { - return nil, fmt.Errorf("error initializing AWS codecommit service: %w", awsErr) + return nil, fmt.Errorf("error initializing AWS codecommit service: %v", awsErr) } } else { return nil, fmt.Errorf("no SCM provider implementation configured") @@ -209,7 +202,7 @@ func (g *SCMProviderGenerator) GenerateParams(appSetGenerator *argoprojiov1alpha // Find all the available repos. repos, err := scm_provider.ListRepos(ctx, provider, providerConfig.Filters, providerConfig.CloneProtocol) if err != nil { - return nil, fmt.Errorf("error listing repos: %w", err) + return nil, fmt.Errorf("error listing repos: %v", err) } paramsArray := make([]map[string]interface{}, 0, len(repos)) var shortSHALength int @@ -261,7 +254,7 @@ func (g *SCMProviderGenerator) getSecretRef(ctx context.Context, ref *argoprojio }, secret) if err != nil { - return "", fmt.Errorf("error fetching secret %s/%s: %w", namespace, ref.SecretName, err) + return "", fmt.Errorf("error fetching secret %s/%s: %v", namespace, ref.SecretName, err) } tokenBytes, ok := secret.Data[ref.Key] if !ok { @@ -274,7 +267,7 @@ func (g *SCMProviderGenerator) githubProvider(ctx context.Context, github *argop if github.AppSecretName != "" { auth, err := g.GitHubApps.GetAuthSecret(ctx, github.AppSecretName) if err != nil { - return nil, fmt.Errorf("error fetching Github app secret: %w", err) + return nil, fmt.Errorf("error fetching Github app secret: %v", err) } return scm_provider.NewGithubAppProviderFor( @@ -287,7 +280,7 @@ func (g *SCMProviderGenerator) githubProvider(ctx context.Context, github *argop token, err := g.getSecretRef(ctx, github.TokenRef, applicationSetInfo.Namespace) if err != nil { - return nil, fmt.Errorf("error fetching Github token: %w", err) + return nil, fmt.Errorf("error fetching Github token: %v", err) } return scm_provider.NewGithubProvider(ctx, github.Organization, token, github.API, github.AllBranches) } diff --git a/applicationset/generators/scm_provider_test.go b/applicationset/generators/scm_provider_test.go index 0b50b4b8b308a..c438aa8f646fe 100644 --- a/applicationset/generators/scm_provider_test.go +++ b/applicationset/generators/scm_provider_test.go @@ -5,7 +5,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -70,11 +69,12 @@ func TestSCMProviderGetSecretRef(t *testing.T) { t.Run(c.name, func(t *testing.T) { token, err := gen.getSecretRef(ctx, c.ref, c.namespace) if c.hasError { - require.Error(t, err) + assert.NotNil(t, err) } else { - require.NoError(t, err) + assert.Nil(t, err) } assert.Equal(t, c.token, token) + }) } } @@ -174,7 +174,7 @@ func TestSCMProviderGenerateParams(t *testing.T) { mockProvider := &scm_provider.MockProvider{ Repos: testCaseCopy.repos, } - scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider, SCMConfig: SCMConfig{enableSCMProviders: true}} + scmGenerator := &SCMProviderGenerator{overrideProvider: mockProvider, enableSCMProviders: true} applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ Name: "set", @@ -188,14 +188,15 @@ func TestSCMProviderGenerateParams(t *testing.T) { }, } - got, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil) + got, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) if testCaseCopy.expectedError != nil { assert.EqualError(t, err, testCaseCopy.expectedError.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } + }) } } @@ -204,6 +205,7 @@ func TestAllowedSCMProvider(t *testing.T) { cases := []struct { name string providerConfig *argoprojiov1alpha1.SCMProviderGenerator + expectedError error }{ { name: "Error Github", @@ -212,6 +214,7 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Gitlab", @@ -220,6 +223,7 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Gitea", @@ -228,6 +232,7 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error Bitbucket", @@ -236,6 +241,7 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, { name: "Error AzureDevops", @@ -244,6 +250,7 @@ func TestAllowedSCMProvider(t *testing.T) { API: "https://myservice.mynamespace.svc.cluster.local", }, }, + expectedError: &ErrDisallowedSCMProvider{}, }, } @@ -254,16 +261,14 @@ func TestAllowedSCMProvider(t *testing.T) { t.Parallel() scmGenerator := &SCMProviderGenerator{ - SCMConfig: SCMConfig{ - allowedSCMProviders: []string{ - "github.myorg.com", - "gitlab.myorg.com", - "gitea.myorg.com", - "bitbucket.myorg.com", - "azuredevops.myorg.com", - }, - enableSCMProviders: true, + allowedSCMProviders: []string{ + "github.myorg.com", + "gitlab.myorg.com", + "gitea.myorg.com", + "bitbucket.myorg.com", + "azuredevops.myorg.com", }, + enableSCMProviders: true, } applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ @@ -277,17 +282,16 @@ func TestAllowedSCMProvider(t *testing.T) { }, } - _, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil) + _, err := scmGenerator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) - require.Error(t, err, "Must return an error") - var expectedError ErrDisallowedSCMProvider - assert.ErrorAs(t, err, &expectedError) + assert.Error(t, err, "Must return an error") + assert.ErrorAs(t, err, testCaseCopy.expectedError) }) } } func TestSCMProviderDisabled_SCMGenerator(t *testing.T) { - generator := &SCMProviderGenerator{SCMConfig: SCMConfig{enableSCMProviders: false}} + generator := &SCMProviderGenerator{enableSCMProviders: false} applicationSetInfo := argoprojiov1alpha1.ApplicationSet{ ObjectMeta: metav1.ObjectMeta{ @@ -304,6 +308,6 @@ func TestSCMProviderDisabled_SCMGenerator(t *testing.T) { }, } - _, err := generator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo, nil) + _, err := generator.GenerateParams(&applicationSetInfo.Spec.Generators[0], &applicationSetInfo) assert.ErrorIs(t, err, ErrSCMProvidersDisabled) } diff --git a/applicationset/generators/utils.go b/applicationset/generators/utils.go deleted file mode 100644 index 3d106d0a79144..0000000000000 --- a/applicationset/generators/utils.go +++ /dev/null @@ -1,49 +0,0 @@ -package generators - -import ( - "context" - - "k8s.io/client-go/dynamic" - "k8s.io/client-go/kubernetes" - "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/argoproj/argo-cd/v2/applicationset/services" -) - -func GetGenerators(ctx context.Context, c client.Client, k8sClient kubernetes.Interface, namespace string, argoCDService services.Repos, dynamicClient dynamic.Interface, scmConfig SCMConfig) map[string]Generator { - terminalGenerators := map[string]Generator{ - "List": NewListGenerator(), - "Clusters": NewClusterGenerator(c, ctx, k8sClient, namespace), - "Git": NewGitGenerator(argoCDService), - "SCMProvider": NewSCMProviderGenerator(c, scmConfig), - "ClusterDecisionResource": NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace), - "PullRequest": NewPullRequestGenerator(c, scmConfig), - "Plugin": NewPluginGenerator(c, ctx, k8sClient, namespace), - } - - nestedGenerators := map[string]Generator{ - "List": terminalGenerators["List"], - "Clusters": terminalGenerators["Clusters"], - "Git": terminalGenerators["Git"], - "SCMProvider": terminalGenerators["SCMProvider"], - "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], - "PullRequest": terminalGenerators["PullRequest"], - "Plugin": terminalGenerators["Plugin"], - "Matrix": NewMatrixGenerator(terminalGenerators), - "Merge": NewMergeGenerator(terminalGenerators), - } - - topLevelGenerators := map[string]Generator{ - "List": terminalGenerators["List"], - "Clusters": terminalGenerators["Clusters"], - "Git": terminalGenerators["Git"], - "SCMProvider": terminalGenerators["SCMProvider"], - "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], - "PullRequest": terminalGenerators["PullRequest"], - "Plugin": terminalGenerators["Plugin"], - "Matrix": NewMatrixGenerator(nestedGenerators), - "Merge": NewMergeGenerator(nestedGenerators), - } - - return topLevelGenerators -} diff --git a/applicationset/generators/value_interpolation.go b/applicationset/generators/value_interpolation.go index 814843e3d899d..05a078d42f782 100644 --- a/applicationset/generators/value_interpolation.go +++ b/applicationset/generators/value_interpolation.go @@ -12,6 +12,7 @@ func appendTemplatedValues(values map[string]string, params map[string]interface for key, value := range values { result, err := replaceTemplatedString(value, params, useGoTemplate, goTemplateOptions) + if err != nil { return fmt.Errorf("failed to replace templated string: %w", err) } diff --git a/applicationset/generators/value_interpolation_test.go b/applicationset/generators/value_interpolation_test.go index 5b490233d5d7e..8aa57dc0c0e65 100644 --- a/applicationset/generators/value_interpolation_test.go +++ b/applicationset/generators/value_interpolation_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestValueInterpolation(t *testing.T) { @@ -54,9 +53,10 @@ func TestValueInterpolation(t *testing.T) { } for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { err := appendTemplatedValues(testCase.values, testCase.params, false, nil) - require.NoError(t, err) + assert.NoError(t, err) assert.EqualValues(t, testCase.expected, testCase.params) }) } @@ -115,9 +115,10 @@ func TestValueInterpolationWithGoTemplating(t *testing.T) { } for _, testCase := range testCases { + t.Run(testCase.name, func(t *testing.T) { err := appendTemplatedValues(testCase.values, testCase.params, true, nil) - require.NoError(t, err) + assert.NoError(t, err) assert.EqualValues(t, testCase.expected, testCase.params) }) } diff --git a/applicationset/services/internal/http/client.go b/applicationset/services/internal/http/client.go index df43d89f873bb..00bcf32f3204f 100644 --- a/applicationset/services/internal/http/client.go +++ b/applicationset/services/internal/http/client.go @@ -66,6 +66,7 @@ func newClient(baseURL string, options ...ClientOptionFunc) (*Client, error) { } func (c *Client) NewRequest(method, path string, body interface{}, options []ClientOptionFunc) (*http.Request, error) { + // Make sure the given URL end with a slash if !strings.HasSuffix(c.baseURL, "/") { c.baseURL += "/" @@ -134,13 +135,14 @@ func (c *Client) Do(ctx context.Context, req *http.Request, v interface{}) (*htt // CheckResponse checks the API response for errors, and returns them if present. func CheckResponse(resp *http.Response) error { + if c := resp.StatusCode; 200 <= c && c <= 299 { return nil } data, err := io.ReadAll(resp.Body) if err != nil { - return fmt.Errorf("API error with status code %d: %w", resp.StatusCode, err) + return fmt.Errorf("API error with status code %d: %v", resp.StatusCode, err) } var raw map[string]interface{} diff --git a/applicationset/services/internal/http/client_test.go b/applicationset/services/internal/http/client_test.go index 9235ce5ab3e7f..ca2c916177fee 100644 --- a/applicationset/services/internal/http/client_test.go +++ b/applicationset/services/internal/http/client_test.go @@ -17,13 +17,14 @@ func TestClient(t *testing.T) { w.WriteHeader(http.StatusOK) _, err := w.Write([]byte("Hello, World!")) if err != nil { - assert.NoError(t, fmt.Errorf("Error Write %w", err)) + assert.NoError(t, fmt.Errorf("Error Write %v", err)) } })) defer server.Close() var clientOptionFns []ClientOptionFunc _, err := NewClient(server.URL, clientOptionFns...) + if err != nil { t.Fatalf("Failed to create client: %v", err) } @@ -61,7 +62,7 @@ func TestClientDo(t *testing.T) { "key3": 123 }]`)) if err != nil { - assert.NoError(t, fmt.Errorf("Error Write %w", err)) + assert.NoError(t, fmt.Errorf("Error Write %v", err)) } })), clientOptionFns: nil, @@ -104,7 +105,7 @@ func TestClientDo(t *testing.T) { "key3": 123 }]`)) if err != nil { - assert.NoError(t, fmt.Errorf("Error Write %w", err)) + assert.NoError(t, fmt.Errorf("Error Write %v", err)) } })), clientOptionFns: nil, @@ -118,11 +119,13 @@ func TestClientDo(t *testing.T) { defer cc.fakeServer.Close() client, err := NewClient(cc.fakeServer.URL, cc.clientOptionFns...) + if err != nil { t.Fatalf("NewClient returned unexpected error: %v", err) } req, err := client.NewRequest("POST", "", cc.params, nil) + if err != nil { t.Fatalf("NewRequest returned unexpected error: %v", err) } @@ -134,8 +137,8 @@ func TestClientDo(t *testing.T) { if cc.expectedError != nil { assert.EqualError(t, err, cc.expectedError.Error()) } else { - assert.Equal(t, cc.expectedCode, resp.StatusCode) - assert.Equal(t, cc.expected, data) + assert.Equal(t, resp.StatusCode, cc.expectedCode) + assert.Equal(t, data, cc.expected) assert.NoError(t, err) } }) diff --git a/applicationset/services/mocks/Repos.go b/applicationset/services/mocks/Repos.go index 2bc9be358c379..b7620b22f08bb 100644 --- a/applicationset/services/mocks/Repos.go +++ b/applicationset/services/mocks/Repos.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. +// Code generated by mockery v2.25.1. DO NOT EDIT. package mocks @@ -13,29 +13,25 @@ type Repos struct { mock.Mock } -// GetDirectories provides a mock function with given fields: ctx, repoURL, revision, noRevisionCache, verifyCommit -func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache bool, verifyCommit bool) ([]string, error) { - ret := _m.Called(ctx, repoURL, revision, noRevisionCache, verifyCommit) - - if len(ret) == 0 { - panic("no return value specified for GetDirectories") - } +// GetDirectories provides a mock function with given fields: ctx, repoURL, revision, noRevisionCache +func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache bool) ([]string, error) { + ret := _m.Called(ctx, repoURL, revision, noRevisionCache) var r0 []string var r1 error - if rf, ok := ret.Get(0).(func(context.Context, string, string, bool, bool) ([]string, error)); ok { - return rf(ctx, repoURL, revision, noRevisionCache, verifyCommit) + if rf, ok := ret.Get(0).(func(context.Context, string, string, bool) ([]string, error)); ok { + return rf(ctx, repoURL, revision, noRevisionCache) } - if rf, ok := ret.Get(0).(func(context.Context, string, string, bool, bool) []string); ok { - r0 = rf(ctx, repoURL, revision, noRevisionCache, verifyCommit) + if rf, ok := ret.Get(0).(func(context.Context, string, string, bool) []string); ok { + r0 = rf(ctx, repoURL, revision, noRevisionCache) } else { if ret.Get(0) != nil { r0 = ret.Get(0).([]string) } } - if rf, ok := ret.Get(1).(func(context.Context, string, string, bool, bool) error); ok { - r1 = rf(ctx, repoURL, revision, noRevisionCache, verifyCommit) + if rf, ok := ret.Get(1).(func(context.Context, string, string, bool) error); ok { + r1 = rf(ctx, repoURL, revision, noRevisionCache) } else { r1 = ret.Error(1) } @@ -43,29 +39,25 @@ func (_m *Repos) GetDirectories(ctx context.Context, repoURL string, revision st return r0, r1 } -// GetFiles provides a mock function with given fields: ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit -func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache bool, verifyCommit bool) (map[string][]byte, error) { - ret := _m.Called(ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit) - - if len(ret) == 0 { - panic("no return value specified for GetFiles") - } +// GetFiles provides a mock function with given fields: ctx, repoURL, revision, pattern, noRevisionCache +func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache bool) (map[string][]byte, error) { + ret := _m.Called(ctx, repoURL, revision, pattern, noRevisionCache) var r0 map[string][]byte var r1 error - if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool, bool) (map[string][]byte, error)); ok { - return rf(ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit) + if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool) (map[string][]byte, error)); ok { + return rf(ctx, repoURL, revision, pattern, noRevisionCache) } - if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool, bool) map[string][]byte); ok { - r0 = rf(ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit) + if rf, ok := ret.Get(0).(func(context.Context, string, string, string, bool) map[string][]byte); ok { + r0 = rf(ctx, repoURL, revision, pattern, noRevisionCache) } else { if ret.Get(0) != nil { r0 = ret.Get(0).(map[string][]byte) } } - if rf, ok := ret.Get(1).(func(context.Context, string, string, string, bool, bool) error); ok { - r1 = rf(ctx, repoURL, revision, pattern, noRevisionCache, verifyCommit) + if rf, ok := ret.Get(1).(func(context.Context, string, string, string, bool) error); ok { + r1 = rf(ctx, repoURL, revision, pattern, noRevisionCache) } else { r1 = ret.Error(1) } @@ -73,12 +65,13 @@ func (_m *Repos) GetFiles(ctx context.Context, repoURL string, revision string, return r0, r1 } -// NewRepos creates a new instance of Repos. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewRepos(t interface { +type mockConstructorTestingTNewRepos interface { mock.TestingT Cleanup(func()) -}) *Repos { +} + +// NewRepos creates a new instance of Repos. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +func NewRepos(t mockConstructorTestingTNewRepos) *Repos { mock := &Repos{} mock.Mock.Test(t) diff --git a/applicationset/services/mocks/RepositoryDB.go b/applicationset/services/mocks/RepositoryDB.go new file mode 100644 index 0000000000000..9d6240d342776 --- /dev/null +++ b/applicationset/services/mocks/RepositoryDB.go @@ -0,0 +1,57 @@ +// Code generated by mockery v2.21.1. DO NOT EDIT. + +package mocks + +import ( + context "context" + + mock "github.com/stretchr/testify/mock" + + v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" +) + +// RepositoryDB is an autogenerated mock type for the RepositoryDB type +type RepositoryDB struct { + mock.Mock +} + +// GetRepository provides a mock function with given fields: ctx, url +func (_m *RepositoryDB) GetRepository(ctx context.Context, url string) (*v1alpha1.Repository, error) { + ret := _m.Called(ctx, url) + + var r0 *v1alpha1.Repository + var r1 error + if rf, ok := ret.Get(0).(func(context.Context, string) (*v1alpha1.Repository, error)); ok { + return rf(ctx, url) + } + if rf, ok := ret.Get(0).(func(context.Context, string) *v1alpha1.Repository); ok { + r0 = rf(ctx, url) + } else { + if ret.Get(0) != nil { + r0 = ret.Get(0).(*v1alpha1.Repository) + } + } + + if rf, ok := ret.Get(1).(func(context.Context, string) error); ok { + r1 = rf(ctx, url) + } else { + r1 = ret.Error(1) + } + + return r0, r1 +} + +type mockConstructorTestingTNewRepositoryDB interface { + mock.TestingT + Cleanup(func()) +} + +// NewRepositoryDB creates a new instance of RepositoryDB. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. +func NewRepositoryDB(t mockConstructorTestingTNewRepositoryDB) *RepositoryDB { + mock := &RepositoryDB{} + mock.Mock.Test(t) + + t.Cleanup(func() { mock.AssertExpectations(t) }) + + return mock +} diff --git a/applicationset/services/plugin/plugin_service.go b/applicationset/services/plugin/plugin_service.go index 175683c434d72..95573e0942407 100644 --- a/applicationset/services/plugin/plugin_service.go +++ b/applicationset/services/plugin/plugin_service.go @@ -45,7 +45,7 @@ func NewPluginService(ctx context.Context, appSetName string, baseURL string, to client, err := internalhttp.NewClient(baseURL, clientOptionFns...) if err != nil { - return nil, fmt.Errorf("error creating plugin client: %w", err) + return nil, fmt.Errorf("error creating plugin client: %v", err) } return &Service{ @@ -56,15 +56,17 @@ func NewPluginService(ctx context.Context, appSetName string, baseURL string, to func (p *Service) List(ctx context.Context, parameters v1alpha1.PluginParameters) (*ServiceResponse, error) { req, err := p.client.NewRequest(http.MethodPost, "api/v1/getparams.execute", ServiceRequest{ApplicationSetName: p.appSetName, Input: v1alpha1.PluginInput{Parameters: parameters}}, nil) + if err != nil { - return nil, fmt.Errorf("NewRequest returned unexpected error: %w", err) + return nil, fmt.Errorf("NewRequest returned unexpected error: %v", err) } var data ServiceResponse _, err = p.client.Do(ctx, req, &data) + if err != nil { - return nil, fmt.Errorf("error get api '%s': %w", p.appSetName, err) + return nil, fmt.Errorf("error get api '%s': %v", p.appSetName, err) } return &data, err diff --git a/applicationset/services/plugin/plugin_service_test.go b/applicationset/services/plugin/plugin_service_test.go index 75e7f2c4a095f..6dc81d33df71f 100644 --- a/applicationset/services/plugin/plugin_service_test.go +++ b/applicationset/services/plugin/plugin_service_test.go @@ -23,19 +23,22 @@ func TestPlugin(t *testing.T) { return } _, err := w.Write([]byte(expectedJSON)) + if err != nil { - assert.NoError(t, fmt.Errorf("Error Write %w", err)) + assert.NoError(t, fmt.Errorf("Error Write %v", err)) } }) ts := httptest.NewServer(handler) defer ts.Close() client, err := NewPluginService(context.Background(), "plugin-test", ts.URL, token, 0) + if err != nil { t.Errorf("unexpected error: %v", err) } data, err := client.List(context.Background(), nil) + if err != nil { t.Errorf("unexpected error: %v", err) } diff --git a/applicationset/services/pull_request/azure_devops.go b/applicationset/services/pull_request/azure_devops.go index 8e83d01221a44..9090b829ca0c2 100644 --- a/applicationset/services/pull_request/azure_devops.go +++ b/applicationset/services/pull_request/azure_devops.go @@ -36,10 +36,8 @@ type AzureDevOpsService struct { labels []string } -var ( - _ PullRequestService = (*AzureDevOpsService)(nil) - _ AzureDevOpsClientFactory = &devopsFactoryImpl{} -) +var _ PullRequestService = (*AzureDevOpsService)(nil) +var _ AzureDevOpsClientFactory = &devopsFactoryImpl{} func NewAzureDevOpsService(ctx context.Context, token, url, organization, project, repo string, labels []string) (PullRequestService, error) { organizationUrl := buildURL(url, organization) diff --git a/applicationset/services/pull_request/azure_devops_test.go b/applicationset/services/pull_request/azure_devops_test.go index 5c6f344bc5f29..5ed8f4de78b9d 100644 --- a/applicationset/services/pull_request/azure_devops_test.go +++ b/applicationset/services/pull_request/azure_devops_test.go @@ -8,7 +8,6 @@ import ( git "github.com/microsoft/azure-devops-go-api/azuredevops/git" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" azureMock "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/azure_devops/git/mocks" ) @@ -91,8 +90,8 @@ func TestListPullRequest(t *testing.T) { } list, err := provider.List(ctx) - require.NoError(t, err) - assert.Len(t, list, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(list)) assert.Equal(t, "feature-branch", list[0].Branch) assert.Equal(t, pr_head_sha, list[0].HeadSHA) assert.Equal(t, pr_id, list[0].Number) @@ -216,7 +215,7 @@ func TestBuildURL(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { result := buildURL(tc.url, tc.organization) - assert.Equal(t, tc.expected, result) + assert.Equal(t, result, tc.expected) }) } } diff --git a/applicationset/services/pull_request/bitbucket_cloud.go b/applicationset/services/pull_request/bitbucket_cloud.go index 88efafe15bee1..5d5f8208f9b06 100644 --- a/applicationset/services/pull_request/bitbucket_cloud.go +++ b/applicationset/services/pull_request/bitbucket_cloud.go @@ -60,7 +60,7 @@ func parseUrl(uri string) (*url.URL, error) { func NewBitbucketCloudServiceBasicAuth(baseUrl, username, password, owner, repositorySlug string) (PullRequestService, error) { url, err := parseUrl(baseUrl) if err != nil { - return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %w", baseUrl, owner, repositorySlug, err) + return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %v", baseUrl, owner, repositorySlug, err) } bitbucketClient := bitbucket.NewBasicAuth(username, password) @@ -76,7 +76,7 @@ func NewBitbucketCloudServiceBasicAuth(baseUrl, username, password, owner, repos func NewBitbucketCloudServiceBearerToken(baseUrl, bearerToken, owner, repositorySlug string) (PullRequestService, error) { url, err := parseUrl(baseUrl) if err != nil { - return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %w", baseUrl, owner, repositorySlug, err) + return nil, fmt.Errorf("error parsing base url of %s for %s/%s: %v", baseUrl, owner, repositorySlug, err) } bitbucketClient := bitbucket.NewOAuthbearerToken(bearerToken) @@ -102,7 +102,7 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error) response, err := b.client.Repositories.PullRequests.Gets(opts) if err != nil { - return nil, fmt.Errorf("error listing pull requests for %s/%s: %w", b.owner, b.repositorySlug, err) + return nil, fmt.Errorf("error listing pull requests for %s/%s: %v", b.owner, b.repositorySlug, err) } resp, ok := response.(map[string]interface{}) @@ -117,12 +117,12 @@ func (b *BitbucketCloudService) List(_ context.Context) ([]*PullRequest, error) jsonStr, err := json.Marshal(repoArray) if err != nil { - return nil, fmt.Errorf("error marshalling response body to json: %w", err) + return nil, fmt.Errorf("error marshalling response body to json: %v", err) } var pulls []BitbucketCloudPullRequest if err := json.Unmarshal(jsonStr, &pulls); err != nil { - return nil, fmt.Errorf("error unmarshalling json to type '[]BitbucketCloudPullRequest': %w", err) + return nil, fmt.Errorf("error unmarshalling json to type '[]BitbucketCloudPullRequest': %v", err) } pullRequests := []*PullRequest{} diff --git a/applicationset/services/pull_request/bitbucket_cloud_test.go b/applicationset/services/pull_request/bitbucket_cloud_test.go index cbadc26b16733..2f604c1fa9ccf 100644 --- a/applicationset/services/pull_request/bitbucket_cloud_test.go +++ b/applicationset/services/pull_request/bitbucket_cloud_test.go @@ -9,7 +9,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -52,26 +51,26 @@ func TestParseUrlEmptyUrl(t *testing.T) { url, err := parseUrl("") bitbucketUrl, _ := url.Parse("https://api.bitbucket.org/2.0") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, bitbucketUrl, url) } func TestInvalidBaseUrlBasicAuthCloud(t *testing.T) { _, err := NewBitbucketCloudServiceBasicAuth("http:// example.org", "user", "password", "OWNER", "REPO") - require.Error(t, err) + assert.Error(t, err) } func TestInvalidBaseUrlBearerTokenCloud(t *testing.T) { _, err := NewBitbucketCloudServiceBearerToken("http:// example.org", "TOKEN", "OWNER", "REPO") - require.Error(t, err) + assert.Error(t, err) } func TestInvalidBaseUrlNoAuthCloud(t *testing.T) { _, err := NewBitbucketCloudServiceNoAuth("http:// example.org", "OWNER", "REPO") - require.Error(t, err) + assert.Error(t, err) } func TestListPullRequestBearerTokenCloud(t *testing.T) { @@ -81,10 +80,10 @@ func TestListPullRequestBearerTokenCloud(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketCloudServiceBearerToken(ts.URL, "TOKEN", "OWNER", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) - assert.Len(t, pullRequests, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, 101, pullRequests[0].Number) assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) @@ -97,10 +96,10 @@ func TestListPullRequestNoAuthCloud(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) - assert.Len(t, pullRequests, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, 101, pullRequests[0].Number) assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) @@ -113,10 +112,10 @@ func TestListPullRequestBasicAuthCloud(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketCloudServiceBasicAuth(ts.URL, "user", "password", "OWNER", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) - assert.Len(t, pullRequests, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, 101, pullRequests[0].Number) assert.Equal(t, "feature/foo-bar", pullRequests[0].Branch) assert.Equal(t, "1a8dd249c04a", pullRequests[0].HeadSHA) @@ -190,10 +189,10 @@ func TestListPullRequestPaginationCloud(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) - assert.Len(t, pullRequests, 3) + assert.NoError(t, err) + assert.Equal(t, 3, len(pullRequests)) assert.Equal(t, PullRequest{ Number: 101, Branch: "feature-101", @@ -218,7 +217,7 @@ func TestListResponseErrorCloud(t *testing.T) { defer ts.Close() svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.Error(t, err) + assert.Error(t, err) } func TestListResponseMalformedCloud(t *testing.T) { @@ -242,7 +241,7 @@ func TestListResponseMalformedCloud(t *testing.T) { defer ts.Close() svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.Error(t, err) + assert.Error(t, err) } func TestListResponseMalformedValuesCloud(t *testing.T) { @@ -266,7 +265,7 @@ func TestListResponseMalformedValuesCloud(t *testing.T) { defer ts.Close() svc, _ := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.Error(t, err) + assert.Error(t, err) } func TestListResponseEmptyCloud(t *testing.T) { @@ -289,9 +288,9 @@ func TestListResponseEmptyCloud(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, pullRequests) } @@ -364,14 +363,14 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { defer ts.Close() regexp := `feature-1[\d]{2}` svc, err := NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { BranchMatch: ®exp, }, }) - require.NoError(t, err) - assert.Len(t, pullRequests, 2) + assert.NoError(t, err) + assert.Equal(t, 2, len(pullRequests)) assert.Equal(t, PullRequest{ Number: 101, Branch: "feature-101", @@ -385,14 +384,14 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { regexp = `.*2$` svc, err = NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { BranchMatch: ®exp, }, }) - require.NoError(t, err) - assert.Len(t, pullRequests, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, PullRequest{ Number: 102, Branch: "feature-102", @@ -401,11 +400,11 @@ func TestListPullRequestBranchMatchCloud(t *testing.T) { regexp = `[\d{2}` svc, err = NewBitbucketCloudServiceNoAuth(ts.URL, "OWNER", "REPO") - require.NoError(t, err) + assert.NoError(t, err) _, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { BranchMatch: ®exp, }, }) - require.Error(t, err) + assert.Error(t, err) } diff --git a/applicationset/services/pull_request/bitbucket_server.go b/applicationset/services/pull_request/bitbucket_server.go index 22c78f5323418..99665d163e1bc 100644 --- a/applicationset/services/pull_request/bitbucket_server.go +++ b/applicationset/services/pull_request/bitbucket_server.go @@ -4,10 +4,9 @@ import ( "context" "fmt" + "github.com/argoproj/argo-cd/v2/applicationset/utils" bitbucketv1 "github.com/gfleury/go-bitbucket-v1" log "github.com/sirupsen/logrus" - - "github.com/argoproj/argo-cd/v2/applicationset/utils" ) type BitbucketService struct { @@ -57,12 +56,12 @@ func (b *BitbucketService) List(_ context.Context) ([]*PullRequest, error) { for { response, err := b.client.DefaultApi.GetPullRequestsPage(b.projectKey, b.repositorySlug, paged) if err != nil { - return nil, fmt.Errorf("error listing pull requests for %s/%s: %w", b.projectKey, b.repositorySlug, err) + return nil, fmt.Errorf("error listing pull requests for %s/%s: %v", b.projectKey, b.repositorySlug, err) } pulls, err := bitbucketv1.GetPullRequestsResponse(response) if err != nil { log.Errorf("error parsing pull request response '%v'", response.Values) - return nil, fmt.Errorf("error parsing pull request response for %s/%s: %w", b.projectKey, b.repositorySlug, err) + return nil, fmt.Errorf("error parsing pull request response for %s/%s: %v", b.projectKey, b.repositorySlug, err) } for _, pull := range pulls { diff --git a/applicationset/services/pull_request/bitbucket_server_test.go b/applicationset/services/pull_request/bitbucket_server_test.go index cc3f6863205d6..911e3e7e0ccd0 100644 --- a/applicationset/services/pull_request/bitbucket_server_test.go +++ b/applicationset/services/pull_request/bitbucket_server_test.go @@ -7,10 +7,8 @@ import ( "net/http/httptest" "testing" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/stretchr/testify/assert" ) func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { @@ -56,10 +54,10 @@ func TestListPullRequestNoAuth(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) - assert.Len(t, pullRequests, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, 101, pullRequests[0].Number) assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch) assert.Equal(t, "master", pullRequests[0].TargetBranch) @@ -137,10 +135,10 @@ func TestListPullRequestPagination(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) - assert.Len(t, pullRequests, 3) + assert.NoError(t, err) + assert.Equal(t, 3, len(pullRequests)) assert.Equal(t, PullRequest{ Number: 101, Branch: "feature-101", @@ -173,10 +171,10 @@ func TestListPullRequestBasicAuth(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketServiceBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) - assert.Len(t, pullRequests, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, 101, pullRequests[0].Number) assert.Equal(t, "feature-ABC-123", pullRequests[0].Branch) assert.Equal(t, "cb3cf2e4d1517c83e720d2585b9402dbef71f992", pullRequests[0].HeadSHA) @@ -189,7 +187,7 @@ func TestListResponseError(t *testing.T) { defer ts.Close() svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.Error(t, err) + assert.Error(t, err) } func TestListResponseMalformed(t *testing.T) { @@ -214,7 +212,7 @@ func TestListResponseMalformed(t *testing.T) { defer ts.Close() svc, _ := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") _, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.Error(t, err) + assert.Error(t, err) } func TestListResponseEmpty(t *testing.T) { @@ -238,9 +236,9 @@ func TestListResponseEmpty(t *testing.T) { })) defer ts.Close() svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, pullRequests) } @@ -316,14 +314,14 @@ func TestListPullRequestBranchMatch(t *testing.T) { defer ts.Close() regexp := `feature-1[\d]{2}` svc, err := NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err := ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { BranchMatch: ®exp, }, }) - require.NoError(t, err) - assert.Len(t, pullRequests, 2) + assert.NoError(t, err) + assert.Equal(t, 2, len(pullRequests)) assert.Equal(t, PullRequest{ Number: 101, Branch: "feature-101", @@ -341,14 +339,14 @@ func TestListPullRequestBranchMatch(t *testing.T) { regexp = `.*2$` svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") - require.NoError(t, err) + assert.NoError(t, err) pullRequests, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { BranchMatch: ®exp, }, }) - require.NoError(t, err) - assert.Len(t, pullRequests, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(pullRequests)) assert.Equal(t, PullRequest{ Number: 102, Branch: "feature-102", @@ -359,11 +357,11 @@ func TestListPullRequestBranchMatch(t *testing.T) { regexp = `[\d{2}` svc, err = NewBitbucketServiceNoAuth(context.Background(), ts.URL, "PROJECT", "REPO") - require.NoError(t, err) + assert.NoError(t, err) _, err = ListPullRequests(context.Background(), svc, []v1alpha1.PullRequestGeneratorFilter{ { BranchMatch: ®exp, }, }) - require.Error(t, err) + assert.Error(t, err) } diff --git a/applicationset/services/pull_request/gitea_test.go b/applicationset/services/pull_request/gitea_test.go index 0e55d2376179e..125c8ee481b3a 100644 --- a/applicationset/services/pull_request/gitea_test.go +++ b/applicationset/services/pull_request/gitea_test.go @@ -10,7 +10,6 @@ import ( "code.gitea.io/sdk/gitea" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func giteaMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { @@ -251,14 +250,14 @@ func TestGiteaList(t *testing.T) { giteaMockHandler(t)(w, r) })) host, err := NewGiteaService(context.Background(), "", ts.URL, "test-argocd", "pr-test", false) - require.NoError(t, err) + assert.Nil(t, err) prs, err := host.List(context.Background()) - require.NoError(t, err) - assert.Len(t, prs, 1) - assert.Equal(t, 1, prs[0].Number) - assert.Equal(t, "test", prs[0].Branch) - assert.Equal(t, "main", prs[0].TargetBranch) - assert.Equal(t, "7bbaf62d92ddfafd9cc8b340c619abaec32bc09f", prs[0].HeadSHA) + assert.Nil(t, err) + assert.Equal(t, len(prs), 1) + assert.Equal(t, prs[0].Number, 1) + assert.Equal(t, prs[0].Branch, "test") + assert.Equal(t, prs[0].TargetBranch, "main") + assert.Equal(t, prs[0].HeadSHA, "7bbaf62d92ddfafd9cc8b340c619abaec32bc09f") } func TestGetGiteaPRLabelNames(t *testing.T) { diff --git a/applicationset/services/pull_request/gitlab.go b/applicationset/services/pull_request/gitlab.go index 7f88c4a230706..04a4f3464f6f0 100644 --- a/applicationset/services/pull_request/gitlab.go +++ b/applicationset/services/pull_request/gitlab.go @@ -6,10 +6,9 @@ import ( "net/http" "os" + "github.com/argoproj/argo-cd/v2/applicationset/utils" "github.com/hashicorp/go-retryablehttp" gitlab "github.com/xanzy/go-gitlab" - - "github.com/argoproj/argo-cd/v2/applicationset/utils" ) type GitLabService struct { @@ -43,7 +42,7 @@ func NewGitLabService(ctx context.Context, token, url, project string, labels [] client, err := gitlab.NewClient(token, clientOptionFns...) if err != nil { - return nil, fmt.Errorf("error creating Gitlab client: %w", err) + return nil, fmt.Errorf("error creating Gitlab client: %v", err) } return &GitLabService{ @@ -55,6 +54,7 @@ func NewGitLabService(ctx context.Context, token, url, project string, labels [] } func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) { + // Filter the merge requests on labels, if they are specified. var labels *gitlab.Labels if len(g.labels) > 0 { @@ -76,7 +76,7 @@ func (g *GitLabService) List(ctx context.Context) ([]*PullRequest, error) { for { mrs, resp, err := g.client.MergeRequests.ListProjectMergeRequests(g.project, opts) if err != nil { - return nil, fmt.Errorf("error listing merge requests for project '%s': %w", g.project, err) + return nil, fmt.Errorf("error listing merge requests for project '%s': %v", g.project, err) } for _, mr := range mrs { pullRequests = append(pullRequests, &PullRequest{ diff --git a/applicationset/services/pull_request/gitlab_test.go b/applicationset/services/pull_request/gitlab_test.go index cc8eed7bea102..59c476fcd713a 100644 --- a/applicationset/services/pull_request/gitlab_test.go +++ b/applicationset/services/pull_request/gitlab_test.go @@ -9,7 +9,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func writeMRListResponse(t *testing.T, w io.Writer) { @@ -36,10 +35,10 @@ func TestGitLabServiceCustomBaseURL(t *testing.T) { }) svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", nil, "", "", false) - require.NoError(t, err) + assert.NoError(t, err) _, err = svc.List(context.Background()) - require.NoError(t, err) + assert.NoError(t, err) } func TestGitLabServiceToken(t *testing.T) { @@ -55,10 +54,10 @@ func TestGitLabServiceToken(t *testing.T) { }) svc, err := NewGitLabService(context.Background(), "token-123", server.URL, "278964", nil, "", "", false) - require.NoError(t, err) + assert.NoError(t, err) _, err = svc.List(context.Background()) - require.NoError(t, err) + assert.NoError(t, err) } func TestList(t *testing.T) { @@ -74,15 +73,15 @@ func TestList(t *testing.T) { }) svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "", "", false) - require.NoError(t, err) + assert.NoError(t, err) prs, err := svc.List(context.Background()) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, prs, 1) - assert.Equal(t, 15442, prs[0].Number) - assert.Equal(t, "use-structured-logging-for-db-load-balancer", prs[0].Branch) - assert.Equal(t, "master", prs[0].TargetBranch) - assert.Equal(t, "2fc4e8b972ff3208ec63b6143e34ad67ff343ad7", prs[0].HeadSHA) + assert.Equal(t, prs[0].Number, 15442) + assert.Equal(t, prs[0].Branch, "use-structured-logging-for-db-load-balancer") + assert.Equal(t, prs[0].TargetBranch, "master") + assert.Equal(t, prs[0].HeadSHA, "2fc4e8b972ff3208ec63b6143e34ad67ff343ad7") } func TestListWithLabels(t *testing.T) { @@ -98,10 +97,10 @@ func TestListWithLabels(t *testing.T) { }) svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{"feature", "ready"}, "", "", false) - require.NoError(t, err) + assert.NoError(t, err) _, err = svc.List(context.Background()) - require.NoError(t, err) + assert.NoError(t, err) } func TestListWithState(t *testing.T) { @@ -117,8 +116,8 @@ func TestListWithState(t *testing.T) { }) svc, err := NewGitLabService(context.Background(), "", server.URL, "278964", []string{}, "opened", "", false) - require.NoError(t, err) + assert.NoError(t, err) _, err = svc.List(context.Background()) - require.NoError(t, err) + assert.NoError(t, err) } diff --git a/applicationset/services/pull_request/utils.go b/applicationset/services/pull_request/utils.go index 09b5b6ca10eb1..50d4e5a3c0098 100644 --- a/applicationset/services/pull_request/utils.go +++ b/applicationset/services/pull_request/utils.go @@ -16,13 +16,13 @@ func compileFilters(filters []argoprojiov1alpha1.PullRequestGeneratorFilter) ([] if filter.BranchMatch != nil { outFilter.BranchMatch, err = regexp.Compile(*filter.BranchMatch) if err != nil { - return nil, fmt.Errorf("error compiling BranchMatch regexp %q: %w", *filter.BranchMatch, err) + return nil, fmt.Errorf("error compiling BranchMatch regexp %q: %v", *filter.BranchMatch, err) } } if filter.TargetBranchMatch != nil { outFilter.TargetBranchMatch, err = regexp.Compile(*filter.TargetBranchMatch) if err != nil { - return nil, fmt.Errorf("error compiling TargetBranchMatch regexp %q: %w", *filter.TargetBranchMatch, err) + return nil, fmt.Errorf("error compiling TargetBranchMatch regexp %q: %v", *filter.TargetBranchMatch, err) } } outFilters = append(outFilters, outFilter) diff --git a/applicationset/services/pull_request/utils_test.go b/applicationset/services/pull_request/utils_test.go index a352348d40588..3f813127edab7 100644 --- a/applicationset/services/pull_request/utils_test.go +++ b/applicationset/services/pull_request/utils_test.go @@ -4,16 +4,13 @@ import ( "context" "testing" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/stretchr/testify/assert" ) func strp(s string) *string { return &s } - func TestFilterBranchMatchBadRegexp(t *testing.T) { provider, _ := NewFakeService( context.Background(), @@ -33,7 +30,7 @@ func TestFilterBranchMatchBadRegexp(t *testing.T) { }, } _, err := ListPullRequests(context.Background(), provider, filters) - require.Error(t, err) + assert.Error(t, err) } func TestFilterBranchMatch(t *testing.T) { @@ -73,7 +70,7 @@ func TestFilterBranchMatch(t *testing.T) { }, } pullRequests, err := ListPullRequests(context.Background(), provider, filters) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, pullRequests, 1) assert.Equal(t, "two", pullRequests[0].Branch) } @@ -115,7 +112,7 @@ func TestFilterTargetBranchMatch(t *testing.T) { }, } pullRequests, err := ListPullRequests(context.Background(), provider, filters) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, pullRequests, 1) assert.Equal(t, "two", pullRequests[0].Branch) } @@ -160,7 +157,7 @@ func TestMultiFilterOr(t *testing.T) { }, } pullRequests, err := ListPullRequests(context.Background(), provider, filters) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, pullRequests, 3) assert.Equal(t, "two", pullRequests[0].Branch) assert.Equal(t, "three", pullRequests[1].Branch) @@ -209,7 +206,7 @@ func TestMultiFilterOrWithTargetBranchFilter(t *testing.T) { }, } pullRequests, err := ListPullRequests(context.Background(), provider, filters) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, pullRequests, 2) assert.Equal(t, "two", pullRequests[0].Branch) assert.Equal(t, "four", pullRequests[1].Branch) @@ -236,7 +233,7 @@ func TestNoFilters(t *testing.T) { ) filters := []argoprojiov1alpha1.PullRequestGeneratorFilter{} repos, err := ListPullRequests(context.Background(), provider, filters) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, repos, 2) assert.Equal(t, "one", repos[0].Branch) assert.Equal(t, "two", repos[1].Branch) diff --git a/applicationset/services/repo_service.go b/applicationset/services/repo_service.go index f415a9a6d1d7c..64fedc34390b8 100644 --- a/applicationset/services/repo_service.go +++ b/applicationset/services/repo_service.go @@ -6,37 +6,49 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" + "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/io" ) +//go:generate go run github.com/vektra/mockery/v2@v2.25.1 --name=RepositoryDB + +// RepositoryDB Is a lean facade for ArgoDB, +// Using a lean interface makes it easier to test the functionality of the git generator +type RepositoryDB interface { + GetRepository(ctx context.Context, url string) (*v1alpha1.Repository, error) +} + type argoCDService struct { - getRepository func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) + repositoriesDB RepositoryDB storecreds git.CredsStore submoduleEnabled bool repoServerClientSet apiclient.Clientset newFileGlobbingEnabled bool } +//go:generate go run github.com/vektra/mockery/v2@v2.25.1 --name=Repos + type Repos interface { + // GetFiles returns content of files (not directories) within the target repo - GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache, verifyCommit bool) (map[string][]byte, error) + GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache bool) (map[string][]byte, error) // GetDirectories returns a list of directories (not files) within the target repo - GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache, verifyCommit bool) ([]string, error) + GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache bool) ([]string, error) } -func NewArgoCDService(getRepository func(ctx context.Context, url, project string) (*v1alpha1.Repository, error), submoduleEnabled bool, repoClientset apiclient.Clientset, newFileGlobbingEnabled bool) (Repos, error) { +func NewArgoCDService(db db.ArgoDB, submoduleEnabled bool, repoClientset apiclient.Clientset, newFileGlobbingEnabled bool) (Repos, error) { return &argoCDService{ - getRepository: getRepository, + repositoriesDB: db.(RepositoryDB), submoduleEnabled: submoduleEnabled, repoServerClientSet: repoClientset, newFileGlobbingEnabled: newFileGlobbingEnabled, }, nil } -func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache, verifyCommit bool) (map[string][]byte, error) { - repo, err := a.getRepository(ctx, repoURL, "") +func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision string, pattern string, noRevisionCache bool) (map[string][]byte, error) { + repo, err := a.repositoriesDB.GetRepository(ctx, repoURL) if err != nil { return nil, fmt.Errorf("error in GetRepository: %w", err) } @@ -48,7 +60,6 @@ func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision s Path: pattern, NewGitFileGlobbingEnabled: a.newFileGlobbingEnabled, NoRevisionCache: noRevisionCache, - VerifyCommit: verifyCommit, } closer, client, err := a.repoServerClientSet.NewRepoServerClient() if err != nil { @@ -63,8 +74,8 @@ func (a *argoCDService) GetFiles(ctx context.Context, repoURL string, revision s return fileResponse.GetMap(), nil } -func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache, verifyCommit bool) ([]string, error) { - repo, err := a.getRepository(ctx, repoURL, "") +func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revision string, noRevisionCache bool) ([]string, error) { + repo, err := a.repositoriesDB.GetRepository(ctx, repoURL) if err != nil { return nil, fmt.Errorf("error in GetRepository: %w", err) } @@ -74,7 +85,6 @@ func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revi SubmoduleEnabled: a.submoduleEnabled, Revision: revision, NoRevisionCache: noRevisionCache, - VerifyCommit: verifyCommit, } closer, client, err := a.repoServerClientSet.NewRepoServerClient() @@ -88,4 +98,5 @@ func (a *argoCDService) GetDirectories(ctx context.Context, repoURL string, revi return nil, fmt.Errorf("error retrieving Git Directories: %w", err) } return dirResponse.GetPaths(), nil + } diff --git a/applicationset/services/repo_service_test.go b/applicationset/services/repo_service_test.go index c621c317a9f4f..040fe57f96958 100644 --- a/applicationset/services/repo_service_test.go +++ b/applicationset/services/repo_service_test.go @@ -5,22 +5,23 @@ import ( "fmt" "testing" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - + "github.com/argoproj/argo-cd/v2/applicationset/services/mocks" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" repo_mocks "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" + db_mocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/argoproj/argo-cd/v2/util/git" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) func TestGetDirectories(t *testing.T) { + type fields struct { + repositoriesDBFuncs []func(*mocks.RepositoryDB) storecreds git.CredsStore submoduleEnabled bool - getRepository func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) repoServerClientFuncs []func(*repo_mocks.RepoServerServiceClient) } type args struct { @@ -28,7 +29,6 @@ func TestGetDirectories(t *testing.T) { repoURL string revision string noRevisionCache bool - verifyCommit bool } tests := []struct { name string @@ -38,13 +38,17 @@ func TestGetDirectories(t *testing.T) { wantErr assert.ErrorAssertionFunc }{ {name: "ErrorGettingRepos", fields: fields{ - getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return nil, fmt.Errorf("unable to get repos") + repositoriesDBFuncs: []func(*mocks.RepositoryDB){ + func(db *mocks.RepositoryDB) { + db.On("GetRepository", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("unable to get repos")) + }, }, }, args: args{}, want: nil, wantErr: assert.Error}, {name: "ErrorGettingDirs", fields: fields{ - getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return &v1alpha1.Repository{}, nil + repositoriesDBFuncs: []func(*mocks.RepositoryDB){ + func(db *mocks.RepositoryDB) { + db.On("GetRepository", mock.Anything, mock.Anything).Return(&v1alpha1.Repository{}, nil) + }, }, repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){ func(client *repo_mocks.RepoServerServiceClient) { @@ -53,8 +57,10 @@ func TestGetDirectories(t *testing.T) { }, }, args: args{}, want: nil, wantErr: assert.Error}, {name: "HappyCase", fields: fields{ - getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return &v1alpha1.Repository{}, nil + repositoriesDBFuncs: []func(*mocks.RepositoryDB){ + func(db *mocks.RepositoryDB) { + db.On("GetRepository", mock.Anything, mock.Anything).Return(&v1alpha1.Repository{}, nil) + }, }, repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){ func(client *repo_mocks.RepoServerServiceClient) { @@ -64,32 +70,26 @@ func TestGetDirectories(t *testing.T) { }, }, }, args: args{}, want: []string{"foo", "foo/bar", "bar/foo"}, wantErr: assert.NoError}, - {name: "ErrorVerifyingCommit", fields: fields{ - getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return &v1alpha1.Repository{}, nil - }, - repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){ - func(client *repo_mocks.RepoServerServiceClient) { - client.On("GetGitDirectories", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("revision HEAD is not signed")) - }, - }, - }, args: args{}, want: nil, wantErr: assert.Error}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + mockDb := &mocks.RepositoryDB{} mockRepoClient := &repo_mocks.RepoServerServiceClient{} // decorate the mocks + for i := range tt.fields.repositoriesDBFuncs { + tt.fields.repositoriesDBFuncs[i](mockDb) + } for i := range tt.fields.repoServerClientFuncs { tt.fields.repoServerClientFuncs[i](mockRepoClient) } a := &argoCDService{ - getRepository: tt.fields.getRepository, + repositoriesDB: mockDb, storecreds: tt.fields.storecreds, submoduleEnabled: tt.fields.submoduleEnabled, repoServerClientSet: &repo_mocks.Clientset{RepoServerServiceClient: mockRepoClient}, } - got, err := a.GetDirectories(tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.noRevisionCache, tt.args.verifyCommit) + got, err := a.GetDirectories(tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.noRevisionCache) if !tt.wantErr(t, err, fmt.Sprintf("GetDirectories(%v, %v, %v, %v)", tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.noRevisionCache)) { return } @@ -100,10 +100,10 @@ func TestGetDirectories(t *testing.T) { func TestGetFiles(t *testing.T) { type fields struct { + repositoriesDBFuncs []func(*mocks.RepositoryDB) storecreds git.CredsStore submoduleEnabled bool repoServerClientFuncs []func(*repo_mocks.RepoServerServiceClient) - getRepository func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) } type args struct { ctx context.Context @@ -111,7 +111,6 @@ func TestGetFiles(t *testing.T) { revision string pattern string noRevisionCache bool - verifyCommit bool } tests := []struct { name string @@ -121,13 +120,17 @@ func TestGetFiles(t *testing.T) { wantErr assert.ErrorAssertionFunc }{ {name: "ErrorGettingRepos", fields: fields{ - getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return nil, fmt.Errorf("unable to get repos") + repositoriesDBFuncs: []func(*mocks.RepositoryDB){ + func(db *mocks.RepositoryDB) { + db.On("GetRepository", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("unable to get repos")) + }, }, }, args: args{}, want: nil, wantErr: assert.Error}, {name: "ErrorGettingFiles", fields: fields{ - getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return &v1alpha1.Repository{}, nil + repositoriesDBFuncs: []func(*mocks.RepositoryDB){ + func(db *mocks.RepositoryDB) { + db.On("GetRepository", mock.Anything, mock.Anything).Return(&v1alpha1.Repository{}, nil) + }, }, repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){ func(client *repo_mocks.RepoServerServiceClient) { @@ -136,8 +139,10 @@ func TestGetFiles(t *testing.T) { }, }, args: args{}, want: nil, wantErr: assert.Error}, {name: "HappyCase", fields: fields{ - getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return &v1alpha1.Repository{}, nil + repositoriesDBFuncs: []func(*mocks.RepositoryDB){ + func(db *mocks.RepositoryDB) { + db.On("GetRepository", mock.Anything, mock.Anything).Return(&v1alpha1.Repository{}, nil) + }, }, repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){ func(client *repo_mocks.RepoServerServiceClient) { @@ -153,32 +158,26 @@ func TestGetFiles(t *testing.T) { "foo.json": []byte("hello: world!"), "bar.yaml": []byte("yay: appsets"), }, wantErr: assert.NoError}, - {name: "ErrorVerifyingCommit", fields: fields{ - getRepository: func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return &v1alpha1.Repository{}, nil - }, - repoServerClientFuncs: []func(*repo_mocks.RepoServerServiceClient){ - func(client *repo_mocks.RepoServerServiceClient) { - client.On("GetGitFiles", mock.Anything, mock.Anything).Return(nil, fmt.Errorf("revision HEAD is not signed")) - }, - }, - }, args: args{}, want: nil, wantErr: assert.Error}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + mockDb := &mocks.RepositoryDB{} mockRepoClient := &repo_mocks.RepoServerServiceClient{} // decorate the mocks + for i := range tt.fields.repositoriesDBFuncs { + tt.fields.repositoriesDBFuncs[i](mockDb) + } for i := range tt.fields.repoServerClientFuncs { tt.fields.repoServerClientFuncs[i](mockRepoClient) } a := &argoCDService{ - getRepository: tt.fields.getRepository, + repositoriesDB: mockDb, storecreds: tt.fields.storecreds, submoduleEnabled: tt.fields.submoduleEnabled, repoServerClientSet: &repo_mocks.Clientset{RepoServerServiceClient: mockRepoClient}, } - got, err := a.GetFiles(tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern, tt.args.noRevisionCache, tt.args.verifyCommit) + got, err := a.GetFiles(tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern, tt.args.noRevisionCache) if !tt.wantErr(t, err, fmt.Sprintf("GetFiles(%v, %v, %v, %v, %v)", tt.args.ctx, tt.args.repoURL, tt.args.revision, tt.args.pattern, tt.args.noRevisionCache)) { return } @@ -188,9 +187,7 @@ func TestGetFiles(t *testing.T) { } func TestNewArgoCDService(t *testing.T) { - service, err := NewArgoCDService(func(ctx context.Context, url, project string) (*v1alpha1.Repository, error) { - return &v1alpha1.Repository{}, nil - }, false, &repo_mocks.Clientset{}, false) - require.NoError(t, err) + service, err := NewArgoCDService(&db_mocks.ArgoDB{}, false, &repo_mocks.Clientset{}, false) + assert.NoError(t, err, err) assert.NotNil(t, service) } diff --git a/applicationset/services/scm_provider/aws_codecommit.go b/applicationset/services/scm_provider/aws_codecommit.go index 7732ff5361aa9..280711271cfb0 100644 --- a/applicationset/services/scm_provider/aws_codecommit.go +++ b/applicationset/services/scm_provider/aws_codecommit.go @@ -2,14 +2,13 @@ package scm_provider import ( "context" - "errors" "fmt" + "github.com/aws/aws-sdk-go/aws/request" pathpkg "path" "path/filepath" "strings" - "github.com/aws/aws-sdk-go/aws/request" - + application "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/arn" "github.com/aws/aws-sdk-go/aws/awserr" @@ -20,8 +19,6 @@ import ( log "github.com/sirupsen/logrus" "golang.org/x/exp/maps" "k8s.io/utils/strings/slices" - - application "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) const ( @@ -328,8 +325,7 @@ func getCodeCommitFIPSEndpoint(repoUrl string) (string, error) { } func hasAwsError(err error, codes ...string) bool { - var awsErr awserr.Error - if errors.As(err, &awsErr) { + if awsErr, ok := err.(awserr.Error); ok { return slices.Contains(codes, awsErr.Code()) } return false @@ -358,7 +354,7 @@ func createAWSDiscoveryClients(_ context.Context, role string, region string) (* Credentials: assumeRoleCreds, }) if err != nil { - return nil, nil, fmt.Errorf("error creating new AWS discovery session: %w", err) + return nil, nil, fmt.Errorf("error creating new AWS discovery session: %s", err) } } else { log.Debugf("role is not provided for AWS CodeCommit discovery, using pod role") diff --git a/applicationset/services/scm_provider/aws_codecommit_test.go b/applicationset/services/scm_provider/aws_codecommit_test.go index 42ef52a8369e3..3a4f7c1a9a6a8 100644 --- a/applicationset/services/scm_provider/aws_codecommit_test.go +++ b/applicationset/services/scm_provider/aws_codecommit_test.go @@ -6,15 +6,14 @@ import ( "sort" "testing" + "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/aws_codecommit/mocks" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/codecommit" "github.com/aws/aws-sdk-go/service/resourcegroupstaggingapi" "github.com/google/go-cmp/cmp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - - "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/aws_codecommit/mocks" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) type awsCodeCommitTestRepository struct { diff --git a/applicationset/services/scm_provider/azure_devops.go b/applicationset/services/scm_provider/azure_devops.go index a4bb50a0232e3..c71dabd0509f1 100644 --- a/applicationset/services/scm_provider/azure_devops.go +++ b/applicationset/services/scm_provider/azure_devops.go @@ -2,7 +2,6 @@ package scm_provider import ( "context" - "errors" "fmt" netUrl "net/url" "strings" @@ -52,10 +51,8 @@ type AzureDevOpsProvider struct { allBranches bool } -var ( - _ SCMProviderService = &AzureDevOpsProvider{} - _ AzureDevOpsClientFactory = &devopsFactoryImpl{} -) +var _ SCMProviderService = &AzureDevOpsProvider{} +var _ AzureDevOpsClientFactory = &devopsFactoryImpl{} func NewAzureDevOpsProvider(ctx context.Context, accessToken string, org string, url string, project string, allBranches bool) (*AzureDevOpsProvider, error) { if accessToken == "" { @@ -63,6 +60,7 @@ func NewAzureDevOpsProvider(ctx context.Context, accessToken string, org string, } devOpsURL, err := getValidDevOpsURL(url, org) + if err != nil { return nil, err } @@ -79,6 +77,7 @@ func (g *AzureDevOpsProvider) ListRepos(ctx context.Context, cloneProtocol strin } getRepoArgs := azureGit.GetRepositoriesArgs{Project: &g.teamProject} azureRepos, err := gitClient.GetRepositories(ctx, getRepoArgs) + if err != nil { return nil, err } @@ -107,7 +106,7 @@ func (g *AzureDevOpsProvider) RepoHasPath(ctx context.Context, repo *Repository, } var repoId string - if uuid, isUuid := repo.RepositoryId.(uuid.UUID); isUuid { // most likely an UUID, but do type-safe check anyway. Do %v fallback if not expected type. + if uuid, isUuid := repo.RepositoryId.(uuid.UUID); isUuid { //most likely an UUID, but do type-safe check anyway. Do %v fallback if not expected type. repoId = uuid.String() } else { repoId = fmt.Sprintf("%v", repo.RepositoryId) @@ -116,9 +115,9 @@ func (g *AzureDevOpsProvider) RepoHasPath(ctx context.Context, repo *Repository, branchName := repo.Branch getItemArgs := azureGit.GetItemArgs{RepositoryId: &repoId, Project: &g.teamProject, Path: &path, VersionDescriptor: &azureGit.GitVersionDescriptor{Version: &branchName}} _, err = gitClient.GetItem(ctx, getItemArgs) + if err != nil { - var wrappedError azuredevops.WrappedError - if errors.As(err, &wrappedError) && wrappedError.TypeKey != nil { + if wrappedError, isWrappedError := err.(azuredevops.WrappedError); isWrappedError && wrappedError.TypeKey != nil { if *wrappedError.TypeKey == AzureDevOpsErrorsTypeKeyValues.GitItemNotFound { return false, nil } @@ -139,12 +138,11 @@ func (g *AzureDevOpsProvider) GetBranches(ctx context.Context, repo *Repository) repos := []*Repository{} if !g.allBranches { - defaultBranchName := strings.Replace(repo.Branch, "refs/heads/", "", 1) // Azure DevOps returns default branch info like 'refs/heads/main', but does not support branch lookup of this format. + defaultBranchName := strings.Replace(repo.Branch, "refs/heads/", "", 1) //Azure DevOps returns default branch info like 'refs/heads/main', but does not support branch lookup of this format. getBranchArgs := azureGit.GetBranchArgs{RepositoryId: &repo.Repository, Project: &g.teamProject, Name: &defaultBranchName} branchResult, err := gitClient.GetBranch(ctx, getBranchArgs) if err != nil { - var wrappedError azuredevops.WrappedError - if errors.As(err, &wrappedError) && wrappedError.TypeKey != nil { + if wrappedError, isWrappedError := err.(azuredevops.WrappedError); isWrappedError && wrappedError.TypeKey != nil { if *wrappedError.TypeKey == AzureDevOpsErrorsTypeKeyValues.GitRepositoryNotFound { return repos, nil } @@ -172,8 +170,7 @@ func (g *AzureDevOpsProvider) GetBranches(ctx context.Context, repo *Repository) getBranchesRequest := azureGit.GetBranchesArgs{RepositoryId: &repo.Repository, Project: &g.teamProject} branches, err := gitClient.GetBranches(ctx, getBranchesRequest) if err != nil { - var wrappedError azuredevops.WrappedError - if errors.As(err, &wrappedError) && wrappedError.TypeKey != nil { + if wrappedError, isWrappedError := err.(azuredevops.WrappedError); isWrappedError && wrappedError.TypeKey != nil { if *wrappedError.TypeKey == AzureDevOpsErrorsTypeKeyValues.GitRepositoryNotFound { return repos, nil } @@ -212,6 +209,7 @@ func getValidDevOpsURL(url string, org string) (string, error) { devOpsURL := fmt.Sprintf("%s%s%s", url, separator, org) urlCheck, err := netUrl.ParseRequestURI(devOpsURL) + if err != nil { return "", fmt.Errorf("got an invalid URL for the Azure SCM generator: %w", err) } diff --git a/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go b/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go index c3cf024d882fe..7843753c9df5b 100644 --- a/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go +++ b/applicationset/services/scm_provider/azure_devops/git/mocks/Client.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. +// Code generated by mockery v2.10.4. DO NOT EDIT. package mocks @@ -24,15 +24,7 @@ type Client struct { func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateAnnotatedTag") - } - var r0 *git.GitAnnotatedTag - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateAnnotatedTagArgs) *git.GitAnnotatedTag); ok { r0 = rf(_a0, _a1) } else { @@ -41,6 +33,7 @@ func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotate } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateAnnotatedTagArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -54,15 +47,7 @@ func (_m *Client) CreateAnnotatedTag(_a0 context.Context, _a1 git.CreateAnnotate func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachmentArgs) (*git.Attachment, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateAttachment") - } - var r0 *git.Attachment - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) (*git.Attachment, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateAttachmentArgs) *git.Attachment); ok { r0 = rf(_a0, _a1) } else { @@ -71,6 +56,7 @@ func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachment } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateAttachmentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -84,15 +70,7 @@ func (_m *Client) CreateAttachment(_a0 context.Context, _a1 git.CreateAttachment func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPickArgs) (*git.GitCherryPick, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateCherryPick") - } - var r0 *git.GitCherryPick - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) (*git.GitCherryPick, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateCherryPickArgs) *git.GitCherryPick); ok { r0 = rf(_a0, _a1) } else { @@ -101,6 +79,7 @@ func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPick } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateCherryPickArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -114,15 +93,7 @@ func (_m *Client) CreateCherryPick(_a0 context.Context, _a1 git.CreateCherryPick func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) (*git.Comment, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateComment") - } - var r0 *git.Comment - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) (*git.Comment, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommentArgs) *git.Comment); ok { r0 = rf(_a0, _a1) } else { @@ -131,6 +102,7 @@ func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -144,15 +116,7 @@ func (_m *Client) CreateComment(_a0 context.Context, _a1 git.CreateCommentArgs) func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitStatusArgs) (*git.GitStatus, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateCommitStatus") - } - var r0 *git.GitStatus - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) (*git.GitStatus, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateCommitStatusArgs) *git.GitStatus); ok { r0 = rf(_a0, _a1) } else { @@ -161,6 +125,7 @@ func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitSt } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateCommitStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -174,15 +139,7 @@ func (_m *Client) CreateCommitStatus(_a0 context.Context, _a1 git.CreateCommitSt func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs) (*git.GitRefFavorite, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateFavorite") - } - var r0 *git.GitRefFavorite - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) (*git.GitRefFavorite, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateFavoriteArgs) *git.GitRefFavorite); ok { r0 = rf(_a0, _a1) } else { @@ -191,6 +148,7 @@ func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateFavoriteArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -204,15 +162,7 @@ func (_m *Client) CreateFavorite(_a0 context.Context, _a1 git.CreateFavoriteArgs func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateForkSyncRequest") - } - var r0 *git.GitForkSyncRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateForkSyncRequestArgs) *git.GitForkSyncRequest); ok { r0 = rf(_a0, _a1) } else { @@ -221,6 +171,7 @@ func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkS } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateForkSyncRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -234,15 +185,7 @@ func (_m *Client) CreateForkSyncRequest(_a0 context.Context, _a1 git.CreateForkS func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportRequestArgs) (*git.GitImportRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateImportRequest") - } - var r0 *git.GitImportRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) (*git.GitImportRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateImportRequestArgs) *git.GitImportRequest); ok { r0 = rf(_a0, _a1) } else { @@ -251,6 +194,7 @@ func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportR } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateImportRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -264,10 +208,6 @@ func (_m *Client) CreateImportRequest(_a0 context.Context, _a1 git.CreateImportR func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateLike") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.CreateLikeArgs) error); ok { r0 = rf(_a0, _a1) @@ -282,15 +222,7 @@ func (_m *Client) CreateLike(_a0 context.Context, _a1 git.CreateLikeArgs) error func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeRequestArgs) (*git.GitMerge, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateMergeRequest") - } - var r0 *git.GitMerge - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) (*git.GitMerge, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateMergeRequestArgs) *git.GitMerge); ok { r0 = rf(_a0, _a1) } else { @@ -299,6 +231,7 @@ func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeReq } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateMergeRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -312,15 +245,7 @@ func (_m *Client) CreateMergeRequest(_a0 context.Context, _a1 git.CreateMergeReq func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullRequestArgs) (*git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreatePullRequest") - } - var r0 *git.GitPullRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) (*git.GitPullRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestArgs) *git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -329,6 +254,7 @@ func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullReque } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -342,15 +268,7 @@ func (_m *Client) CreatePullRequest(_a0 context.Context, _a1 git.CreatePullReque func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreatePullRequestIterationStatus") - } - var r0 *git.GitPullRequestStatus - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -359,6 +277,7 @@ func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git. } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestIterationStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -372,15 +291,7 @@ func (_m *Client) CreatePullRequestIterationStatus(_a0 context.Context, _a1 git. func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreatePullRequestLabel") - } - var r0 *core.WebApiTagDefinition - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestLabelArgs) *core.WebApiTagDefinition); ok { r0 = rf(_a0, _a1) } else { @@ -389,6 +300,7 @@ func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePull } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestLabelArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -402,15 +314,7 @@ func (_m *Client) CreatePullRequestLabel(_a0 context.Context, _a1 git.CreatePull func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreatePullRequestReviewer") - } - var r0 *git.IdentityRefWithVote - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewerArgs) *git.IdentityRefWithVote); ok { r0 = rf(_a0, _a1) } else { @@ -419,6 +323,7 @@ func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreateP } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewerArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -432,15 +337,7 @@ func (_m *Client) CreatePullRequestReviewer(_a0 context.Context, _a1 git.CreateP func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreatePullRequestReviewers") - } - var r0 *[]git.IdentityRefWithVote - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { r0 = rf(_a0, _a1) } else { @@ -449,6 +346,7 @@ func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.Create } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestReviewersArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -462,15 +360,7 @@ func (_m *Client) CreatePullRequestReviewers(_a0 context.Context, _a1 git.Create func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreatePullRequestStatus") - } - var r0 *git.GitPullRequestStatus - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePullRequestStatusArgs) *git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -479,6 +369,7 @@ func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePul } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePullRequestStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -492,15 +383,7 @@ func (_m *Client) CreatePullRequestStatus(_a0 context.Context, _a1 git.CreatePul func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git.GitPush, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreatePush") - } - var r0 *git.GitPush - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) (*git.GitPush, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreatePushArgs) *git.GitPush); ok { r0 = rf(_a0, _a1) } else { @@ -509,6 +392,7 @@ func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git. } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreatePushArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -522,15 +406,7 @@ func (_m *Client) CreatePush(_a0 context.Context, _a1 git.CreatePushArgs) (*git. func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepositoryArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateRepository") - } - var r0 *git.GitRepository - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) (*git.GitRepository, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateRepositoryArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -539,6 +415,7 @@ func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepository } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateRepositoryArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -552,15 +429,7 @@ func (_m *Client) CreateRepository(_a0 context.Context, _a1 git.CreateRepository func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (*git.GitRevert, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateRevert") - } - var r0 *git.GitRevert - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) (*git.GitRevert, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateRevertArgs) *git.GitRevert); ok { r0 = rf(_a0, _a1) } else { @@ -569,6 +438,7 @@ func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (* } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateRevertArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -582,15 +452,7 @@ func (_m *Client) CreateRevert(_a0 context.Context, _a1 git.CreateRevertArgs) (* func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for CreateThread") - } - var r0 *git.GitPullRequestCommentThread - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.CreateThreadArgs) *git.GitPullRequestCommentThread); ok { r0 = rf(_a0, _a1) } else { @@ -599,6 +461,7 @@ func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (* } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.CreateThreadArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -612,10 +475,6 @@ func (_m *Client) CreateThread(_a0 context.Context, _a1 git.CreateThreadArgs) (* func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachmentArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeleteAttachment") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteAttachmentArgs) error); ok { r0 = rf(_a0, _a1) @@ -630,10 +489,6 @@ func (_m *Client) DeleteAttachment(_a0 context.Context, _a1 git.DeleteAttachment func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeleteComment") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteCommentArgs) error); ok { r0 = rf(_a0, _a1) @@ -648,10 +503,6 @@ func (_m *Client) DeleteComment(_a0 context.Context, _a1 git.DeleteCommentArgs) func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeleteLike") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteLikeArgs) error); ok { r0 = rf(_a0, _a1) @@ -666,10 +517,6 @@ func (_m *Client) DeleteLike(_a0 context.Context, _a1 git.DeleteLikeArgs) error func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git.DeletePullRequestIterationStatusArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeletePullRequestIterationStatus") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestIterationStatusArgs) error); ok { r0 = rf(_a0, _a1) @@ -684,10 +531,6 @@ func (_m *Client) DeletePullRequestIterationStatus(_a0 context.Context, _a1 git. func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePullRequestLabelsArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeletePullRequestLabels") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestLabelsArgs) error); ok { r0 = rf(_a0, _a1) @@ -702,10 +545,6 @@ func (_m *Client) DeletePullRequestLabels(_a0 context.Context, _a1 git.DeletePul func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeletePullRequestReviewerArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeletePullRequestReviewer") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestReviewerArgs) error); ok { r0 = rf(_a0, _a1) @@ -720,10 +559,6 @@ func (_m *Client) DeletePullRequestReviewer(_a0 context.Context, _a1 git.DeleteP func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePullRequestStatusArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeletePullRequestStatus") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeletePullRequestStatusArgs) error); ok { r0 = rf(_a0, _a1) @@ -738,10 +573,6 @@ func (_m *Client) DeletePullRequestStatus(_a0 context.Context, _a1 git.DeletePul func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavoriteArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeleteRefFavorite") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRefFavoriteArgs) error); ok { r0 = rf(_a0, _a1) @@ -756,10 +587,6 @@ func (_m *Client) DeleteRefFavorite(_a0 context.Context, _a1 git.DeleteRefFavori func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepositoryArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeleteRepository") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryArgs) error); ok { r0 = rf(_a0, _a1) @@ -774,10 +601,6 @@ func (_m *Client) DeleteRepository(_a0 context.Context, _a1 git.DeleteRepository func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.DeleteRepositoryFromRecycleBinArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for DeleteRepositoryFromRecycleBin") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.DeleteRepositoryFromRecycleBinArgs) error); ok { r0 = rf(_a0, _a1) @@ -792,15 +615,7 @@ func (_m *Client) DeleteRepositoryFromRecycleBin(_a0 context.Context, _a1 git.De func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetAnnotatedTag") - } - var r0 *git.GitAnnotatedTag - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) (*git.GitAnnotatedTag, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetAnnotatedTagArgs) *git.GitAnnotatedTag); ok { r0 = rf(_a0, _a1) } else { @@ -809,6 +624,7 @@ func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagAr } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetAnnotatedTagArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -822,15 +638,7 @@ func (_m *Client) GetAnnotatedTag(_a0 context.Context, _a1 git.GetAnnotatedTagAr func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmentContentArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetAttachmentContent") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentContentArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -839,6 +647,7 @@ func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmen } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentContentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -852,15 +661,7 @@ func (_m *Client) GetAttachmentContent(_a0 context.Context, _a1 git.GetAttachmen func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetAttachmentZip") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -869,6 +670,7 @@ func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZip } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -882,15 +684,7 @@ func (_m *Client) GetAttachmentZip(_a0 context.Context, _a1 git.GetAttachmentZip func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs) (*[]git.Attachment, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetAttachments") - } - var r0 *[]git.Attachment - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) (*[]git.Attachment, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetAttachmentsArgs) *[]git.Attachment); ok { r0 = rf(_a0, _a1) } else { @@ -899,6 +693,7 @@ func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetAttachmentsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -912,15 +707,7 @@ func (_m *Client) GetAttachments(_a0 context.Context, _a1 git.GetAttachmentsArgs func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlobRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetBlob") - } - var r0 *git.GitBlobRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) (*git.GitBlobRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobArgs) *git.GitBlobRef); ok { r0 = rf(_a0, _a1) } else { @@ -929,6 +716,7 @@ func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlo } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -942,15 +730,7 @@ func (_m *Client) GetBlob(_a0 context.Context, _a1 git.GetBlobArgs) (*git.GitBlo func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetBlobContent") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobContentArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -959,6 +739,7 @@ func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobContentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -972,15 +753,7 @@ func (_m *Client) GetBlobContent(_a0 context.Context, _a1 git.GetBlobContentArgs func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetBlobZip") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -989,6 +762,7 @@ func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.Re } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1002,15 +776,7 @@ func (_m *Client) GetBlobZip(_a0 context.Context, _a1 git.GetBlobZipArgs) (io.Re func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetBlobsZip") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetBlobsZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -1019,6 +785,7 @@ func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io. } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBlobsZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1032,15 +799,7 @@ func (_m *Client) GetBlobsZip(_a0 context.Context, _a1 git.GetBlobsZipArgs) (io. func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.GitBranchStats, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetBranch") - } - var r0 *git.GitBranchStats - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) (*git.GitBranchStats, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchArgs) *git.GitBranchStats); ok { r0 = rf(_a0, _a1) } else { @@ -1049,6 +808,7 @@ func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.Gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1062,15 +822,7 @@ func (_m *Client) GetBranch(_a0 context.Context, _a1 git.GetBranchArgs) (*git.Gi func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[]git.GitBranchStats, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetBranches") - } - var r0 *[]git.GitBranchStats - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) (*[]git.GitBranchStats, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetBranchesArgs) *[]git.GitBranchStats); ok { r0 = rf(_a0, _a1) } else { @@ -1079,6 +831,7 @@ func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[] } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetBranchesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1092,15 +845,7 @@ func (_m *Client) GetBranches(_a0 context.Context, _a1 git.GetBranchesArgs) (*[] func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git.GitCommitChanges, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetChanges") - } - var r0 *git.GitCommitChanges - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) (*git.GitCommitChanges, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetChangesArgs) *git.GitCommitChanges); ok { r0 = rf(_a0, _a1) } else { @@ -1109,6 +854,7 @@ func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git. } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetChangesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1122,15 +868,7 @@ func (_m *Client) GetChanges(_a0 context.Context, _a1 git.GetChangesArgs) (*git. func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) (*git.GitCherryPick, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetCherryPick") - } - var r0 *git.GitCherryPick - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) (*git.GitCherryPick, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickArgs) *git.GitCherryPick); ok { r0 = rf(_a0, _a1) } else { @@ -1139,6 +877,7 @@ func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1152,15 +891,7 @@ func (_m *Client) GetCherryPick(_a0 context.Context, _a1 git.GetCherryPickArgs) func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetCherryPickForRefName") - } - var r0 *git.GitCherryPick - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) (*git.GitCherryPick, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetCherryPickForRefNameArgs) *git.GitCherryPick); ok { r0 = rf(_a0, _a1) } else { @@ -1169,6 +900,7 @@ func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherry } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCherryPickForRefNameArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1182,15 +914,7 @@ func (_m *Client) GetCherryPickForRefName(_a0 context.Context, _a1 git.GetCherry func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git.Comment, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetComment") - } - var r0 *git.Comment - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) (*git.Comment, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentArgs) *git.Comment); ok { r0 = rf(_a0, _a1) } else { @@ -1199,6 +923,7 @@ func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git. } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1212,15 +937,7 @@ func (_m *Client) GetComment(_a0 context.Context, _a1 git.GetCommentArgs) (*git. func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[]git.Comment, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetComments") - } - var r0 *[]git.Comment - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) (*[]git.Comment, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommentsArgs) *[]git.Comment); ok { r0 = rf(_a0, _a1) } else { @@ -1229,6 +946,7 @@ func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[] } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommentsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1242,15 +960,7 @@ func (_m *Client) GetComments(_a0 context.Context, _a1 git.GetCommentsArgs) (*[] func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.GitCommit, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetCommit") - } - var r0 *git.GitCommit - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) (*git.GitCommit, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitArgs) *git.GitCommit); ok { r0 = rf(_a0, _a1) } else { @@ -1259,6 +969,7 @@ func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.Gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1272,15 +983,7 @@ func (_m *Client) GetCommit(_a0 context.Context, _a1 git.GetCommitArgs) (*git.Gi func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetCommitDiffs") - } - var r0 *git.GitCommitDiffs - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) (*git.GitCommitDiffs, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitDiffsArgs) *git.GitCommitDiffs); ok { r0 = rf(_a0, _a1) } else { @@ -1289,6 +992,7 @@ func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitDiffsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1302,15 +1006,7 @@ func (_m *Client) GetCommitDiffs(_a0 context.Context, _a1 git.GetCommitDiffsArgs func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetCommits") - } - var r0 *[]git.GitCommitRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) (*[]git.GitCommitRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1319,6 +1015,7 @@ func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1332,15 +1029,7 @@ func (_m *Client) GetCommits(_a0 context.Context, _a1 git.GetCommitsArgs) (*[]gi func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetCommitsBatch") - } - var r0 *[]git.GitCommitRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) (*[]git.GitCommitRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetCommitsBatchArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1349,6 +1038,7 @@ func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchAr } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetCommitsBatchArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1362,15 +1052,7 @@ func (_m *Client) GetCommitsBatch(_a0 context.Context, _a1 git.GetCommitsBatchAr func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetDeletedRepositories") - } - var r0 *[]git.GitDeletedRepository - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetDeletedRepositoriesArgs) *[]git.GitDeletedRepository); ok { r0 = rf(_a0, _a1) } else { @@ -1379,6 +1061,7 @@ func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeleted } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetDeletedRepositoriesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1392,15 +1075,7 @@ func (_m *Client) GetDeletedRepositories(_a0 context.Context, _a1 git.GetDeleted func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetForkSyncRequest") - } - var r0 *git.GitForkSyncRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) (*git.GitForkSyncRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestArgs) *git.GitForkSyncRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1409,6 +1084,7 @@ func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncReq } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1422,15 +1098,7 @@ func (_m *Client) GetForkSyncRequest(_a0 context.Context, _a1 git.GetForkSyncReq func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetForkSyncRequests") - } - var r0 *[]git.GitForkSyncRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) (*[]git.GitForkSyncRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetForkSyncRequestsArgs) *[]git.GitForkSyncRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1439,6 +1107,7 @@ func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRe } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetForkSyncRequestsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1452,15 +1121,7 @@ func (_m *Client) GetForkSyncRequests(_a0 context.Context, _a1 git.GetForkSyncRe func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.GitRepositoryRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetForks") - } - var r0 *[]git.GitRepositoryRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) (*[]git.GitRepositoryRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetForksArgs) *[]git.GitRepositoryRef); ok { r0 = rf(_a0, _a1) } else { @@ -1469,6 +1130,7 @@ func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.Gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetForksArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1482,15 +1144,7 @@ func (_m *Client) GetForks(_a0 context.Context, _a1 git.GetForksArgs) (*[]git.Gi func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequestArgs) (*git.GitImportRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetImportRequest") - } - var r0 *git.GitImportRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) (*git.GitImportRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetImportRequestArgs) *git.GitImportRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1499,6 +1153,7 @@ func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequest } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetImportRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1512,15 +1167,7 @@ func (_m *Client) GetImportRequest(_a0 context.Context, _a1 git.GetImportRequest func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitItem, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetItem") - } - var r0 *git.GitItem - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) (*git.GitItem, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemArgs) *git.GitItem); ok { r0 = rf(_a0, _a1) } else { @@ -1529,6 +1176,7 @@ func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitIte } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1542,15 +1190,7 @@ func (_m *Client) GetItem(_a0 context.Context, _a1 git.GetItemArgs) (*git.GitIte func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetItemContent") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemContentArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -1559,6 +1199,7 @@ func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemContentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1572,15 +1213,7 @@ func (_m *Client) GetItemContent(_a0 context.Context, _a1 git.GetItemContentArgs func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetItemText") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemTextArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -1589,6 +1222,7 @@ func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io. } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemTextArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1602,15 +1236,7 @@ func (_m *Client) GetItemText(_a0 context.Context, _a1 git.GetItemTextArgs) (io. func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetItemZip") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -1619,6 +1245,7 @@ func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.Re } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1632,15 +1259,7 @@ func (_m *Client) GetItemZip(_a0 context.Context, _a1 git.GetItemZipArgs) (io.Re func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.GitItem, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetItems") - } - var r0 *[]git.GitItem - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) (*[]git.GitItem, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsArgs) *[]git.GitItem); ok { r0 = rf(_a0, _a1) } else { @@ -1649,6 +1268,7 @@ func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.Gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1662,15 +1282,7 @@ func (_m *Client) GetItems(_a0 context.Context, _a1 git.GetItemsArgs) (*[]git.Gi func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) (*[][]git.GitItem, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetItemsBatch") - } - var r0 *[][]git.GitItem - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) (*[][]git.GitItem, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetItemsBatchArgs) *[][]git.GitItem); ok { r0 = rf(_a0, _a1) } else { @@ -1679,6 +1291,7 @@ func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetItemsBatchArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1692,15 +1305,7 @@ func (_m *Client) GetItemsBatch(_a0 context.Context, _a1 git.GetItemsBatchArgs) func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi.IdentityRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetLikes") - } - var r0 *[]webapi.IdentityRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) (*[]webapi.IdentityRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetLikesArgs) *[]webapi.IdentityRef); ok { r0 = rf(_a0, _a1) } else { @@ -1709,6 +1314,7 @@ func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetLikesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1722,15 +1328,7 @@ func (_m *Client) GetLikes(_a0 context.Context, _a1 git.GetLikesArgs) (*[]webapi func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetMergeBases") - } - var r0 *[]git.GitCommitRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) (*[]git.GitCommitRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeBasesArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1739,6 +1337,7 @@ func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeBasesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1752,15 +1351,7 @@ func (_m *Client) GetMergeBases(_a0 context.Context, _a1 git.GetMergeBasesArgs) func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestArgs) (*git.GitMerge, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetMergeRequest") - } - var r0 *git.GitMerge - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) (*git.GitMerge, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetMergeRequestArgs) *git.GitMerge); ok { r0 = rf(_a0, _a1) } else { @@ -1769,6 +1360,7 @@ func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestAr } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetMergeRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1782,15 +1374,7 @@ func (_m *Client) GetMergeRequest(_a0 context.Context, _a1 git.GetMergeRequestAr func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPolicyConfigurations") - } - var r0 *git.GitPolicyConfigurationResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) (*git.GitPolicyConfigurationResponse, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPolicyConfigurationsArgs) *git.GitPolicyConfigurationResponse); ok { r0 = rf(_a0, _a1) } else { @@ -1799,6 +1383,7 @@ func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicy } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPolicyConfigurationsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1812,15 +1397,7 @@ func (_m *Client) GetPolicyConfigurations(_a0 context.Context, _a1 git.GetPolicy func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs) (*git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequest") - } - var r0 *git.GitPullRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) (*git.GitPullRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestArgs) *git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1829,6 +1406,7 @@ func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1842,15 +1420,7 @@ func (_m *Client) GetPullRequest(_a0 context.Context, _a1 git.GetPullRequestArgs func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequestByIdArgs) (*git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestById") - } - var r0 *git.GitPullRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) (*git.GitPullRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestByIdArgs) *git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -1859,6 +1429,7 @@ func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequest } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestByIdArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1872,15 +1443,7 @@ func (_m *Client) GetPullRequestById(_a0 context.Context, _a1 git.GetPullRequest func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestCommits") - } - var r0 *git.GetPullRequestCommitsResponseValue - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) (*git.GetPullRequestCommitsResponseValue, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestCommitsArgs) *git.GetPullRequestCommitsResponseValue); ok { r0 = rf(_a0, _a1) } else { @@ -1889,6 +1452,7 @@ func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequ } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestCommitsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1902,15 +1466,7 @@ func (_m *Client) GetPullRequestCommits(_a0 context.Context, _a1 git.GetPullRequ func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestIteration") - } - var r0 *git.GitPullRequestIteration - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) (*git.GitPullRequestIteration, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationArgs) *git.GitPullRequestIteration); ok { r0 = rf(_a0, _a1) } else { @@ -1919,6 +1475,7 @@ func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRe } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1932,15 +1489,7 @@ func (_m *Client) GetPullRequestIteration(_a0 context.Context, _a1 git.GetPullRe func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestIterationChanges") - } - var r0 *git.GitPullRequestIterationChanges - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) (*git.GitPullRequestIterationChanges, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationChangesArgs) *git.GitPullRequestIterationChanges); ok { r0 = rf(_a0, _a1) } else { @@ -1949,6 +1498,7 @@ func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.Ge } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationChangesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1962,15 +1512,7 @@ func (_m *Client) GetPullRequestIterationChanges(_a0 context.Context, _a1 git.Ge func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestIterationCommits") - } - var r0 *[]git.GitCommitRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) (*[]git.GitCommitRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationCommitsArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -1979,6 +1521,7 @@ func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.Ge } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationCommitsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -1992,15 +1535,7 @@ func (_m *Client) GetPullRequestIterationCommits(_a0 context.Context, _a1 git.Ge func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestIterationStatus") - } - var r0 *git.GitPullRequestStatus - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) (*git.GitPullRequestStatus, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusArgs) *git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -2009,6 +1544,7 @@ func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.Get } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2022,15 +1558,7 @@ func (_m *Client) GetPullRequestIterationStatus(_a0 context.Context, _a1 git.Get func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestIterationStatuses") - } - var r0 *[]git.GitPullRequestStatus - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationStatusesArgs) *[]git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -2039,6 +1567,7 @@ func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.G } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationStatusesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2052,15 +1581,7 @@ func (_m *Client) GetPullRequestIterationStatuses(_a0 context.Context, _a1 git.G func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestIterations") - } - var r0 *[]git.GitPullRequestIteration - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) (*[]git.GitPullRequestIteration, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestIterationsArgs) *[]git.GitPullRequestIteration); ok { r0 = rf(_a0, _a1) } else { @@ -2069,6 +1590,7 @@ func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullR } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestIterationsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2082,15 +1604,7 @@ func (_m *Client) GetPullRequestIterations(_a0 context.Context, _a1 git.GetPullR func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestLabel") - } - var r0 *core.WebApiTagDefinition - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) (*core.WebApiTagDefinition, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelArgs) *core.WebApiTagDefinition); ok { r0 = rf(_a0, _a1) } else { @@ -2099,6 +1613,7 @@ func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullReques } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2112,15 +1627,7 @@ func (_m *Client) GetPullRequestLabel(_a0 context.Context, _a1 git.GetPullReques func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestLabels") - } - var r0 *[]core.WebApiTagDefinition - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) (*[]core.WebApiTagDefinition, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestLabelsArgs) *[]core.WebApiTagDefinition); ok { r0 = rf(_a0, _a1) } else { @@ -2129,6 +1636,7 @@ func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullReque } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestLabelsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2142,15 +1650,7 @@ func (_m *Client) GetPullRequestLabels(_a0 context.Context, _a1 git.GetPullReque func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullRequestPropertiesArgs) (interface{}, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestProperties") - } - var r0 interface{} - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) (interface{}, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestPropertiesArgs) interface{}); ok { r0 = rf(_a0, _a1) } else { @@ -2159,6 +1659,7 @@ func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullR } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestPropertiesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2172,15 +1673,7 @@ func (_m *Client) GetPullRequestProperties(_a0 context.Context, _a1 git.GetPullR func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestQuery") - } - var r0 *git.GitPullRequestQuery - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) (*git.GitPullRequestQuery, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestQueryArgs) *git.GitPullRequestQuery); ok { r0 = rf(_a0, _a1) } else { @@ -2189,6 +1682,7 @@ func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullReques } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestQueryArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2202,15 +1696,7 @@ func (_m *Client) GetPullRequestQuery(_a0 context.Context, _a1 git.GetPullReques func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestReviewer") - } - var r0 *git.IdentityRefWithVote - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) (*git.IdentityRefWithVote, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewerArgs) *git.IdentityRefWithVote); ok { r0 = rf(_a0, _a1) } else { @@ -2219,6 +1705,7 @@ func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullReq } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewerArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2232,15 +1719,7 @@ func (_m *Client) GetPullRequestReviewer(_a0 context.Context, _a1 git.GetPullReq func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestReviewers") - } - var r0 *[]git.IdentityRefWithVote - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) (*[]git.IdentityRefWithVote, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestReviewersArgs) *[]git.IdentityRefWithVote); ok { r0 = rf(_a0, _a1) } else { @@ -2249,6 +1728,7 @@ func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRe } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestReviewersArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2262,15 +1742,7 @@ func (_m *Client) GetPullRequestReviewers(_a0 context.Context, _a1 git.GetPullRe func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestStatus") - } - var r0 *git.GitPullRequestStatus - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) (*git.GitPullRequestStatus, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusArgs) *git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -2279,6 +1751,7 @@ func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullReque } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2292,15 +1765,7 @@ func (_m *Client) GetPullRequestStatus(_a0 context.Context, _a1 git.GetPullReque func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestStatuses") - } - var r0 *[]git.GitPullRequestStatus - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) (*[]git.GitPullRequestStatus, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestStatusesArgs) *[]git.GitPullRequestStatus); ok { r0 = rf(_a0, _a1) } else { @@ -2309,6 +1774,7 @@ func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullReq } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestStatusesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2322,15 +1788,7 @@ func (_m *Client) GetPullRequestStatuses(_a0 context.Context, _a1 git.GetPullReq func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestThread") - } - var r0 *git.GitPullRequestCommentThread - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestThreadArgs) *git.GitPullRequestCommentThread); ok { r0 = rf(_a0, _a1) } else { @@ -2339,6 +1797,7 @@ func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullReque } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestThreadArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2352,15 +1811,7 @@ func (_m *Client) GetPullRequestThread(_a0 context.Context, _a1 git.GetPullReque func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestWorkItemRefs") - } - var r0 *[]webapi.ResourceRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) (*[]webapi.ResourceRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) *[]webapi.ResourceRef); ok { r0 = rf(_a0, _a1) } else { @@ -2369,6 +1820,7 @@ func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPul } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestWorkItemRefsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2382,15 +1834,7 @@ func (_m *Client) GetPullRequestWorkItemRefs(_a0 context.Context, _a1 git.GetPul func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsArgs) (*[]git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequests") - } - var r0 *[]git.GitPullRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) (*[]git.GitPullRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsArgs) *[]git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -2399,6 +1843,7 @@ func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsAr } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2412,15 +1857,7 @@ func (_m *Client) GetPullRequests(_a0 context.Context, _a1 git.GetPullRequestsAr func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPullRequestsByProject") - } - var r0 *[]git.GitPullRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) (*[]git.GitPullRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPullRequestsByProjectArgs) *[]git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -2429,6 +1866,7 @@ func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullR } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPullRequestsByProjectArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2442,15 +1880,7 @@ func (_m *Client) GetPullRequestsByProject(_a0 context.Context, _a1 git.GetPullR func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPush, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPush") - } - var r0 *git.GitPush - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) (*git.GitPush, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPushArgs) *git.GitPush); ok { r0 = rf(_a0, _a1) } else { @@ -2459,6 +1889,7 @@ func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPus } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPushArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2472,15 +1903,7 @@ func (_m *Client) GetPush(_a0 context.Context, _a1 git.GetPushArgs) (*git.GitPus func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs) (*[]git.GitCommitRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPushCommits") - } - var r0 *[]git.GitCommitRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) (*[]git.GitCommitRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPushCommitsArgs) *[]git.GitCommitRef); ok { r0 = rf(_a0, _a1) } else { @@ -2489,6 +1912,7 @@ func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPushCommitsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2502,15 +1926,7 @@ func (_m *Client) GetPushCommits(_a0 context.Context, _a1 git.GetPushCommitsArgs func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git.GitPush, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetPushes") - } - var r0 *[]git.GitPush - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) (*[]git.GitPush, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetPushesArgs) *[]git.GitPush); ok { r0 = rf(_a0, _a1) } else { @@ -2519,6 +1935,7 @@ func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git. } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetPushesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2532,15 +1949,7 @@ func (_m *Client) GetPushes(_a0 context.Context, _a1 git.GetPushesArgs) (*[]git. func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRecycleBinRepositories") - } - var r0 *[]git.GitDeletedRepository - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) (*[]git.GitDeletedRepository, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRecycleBinRepositoriesArgs) *[]git.GitDeletedRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2549,6 +1958,7 @@ func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecy } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRecycleBinRepositoriesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2562,15 +1972,7 @@ func (_m *Client) GetRecycleBinRepositories(_a0 context.Context, _a1 git.GetRecy func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs) (*git.GitRefFavorite, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRefFavorite") - } - var r0 *git.GitRefFavorite - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) (*git.GitRefFavorite, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoriteArgs) *git.GitRefFavorite); ok { r0 = rf(_a0, _a1) } else { @@ -2579,6 +1981,7 @@ func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoriteArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2592,15 +1995,7 @@ func (_m *Client) GetRefFavorite(_a0 context.Context, _a1 git.GetRefFavoriteArgs func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRefFavorites") - } - var r0 *[]git.GitRefFavorite - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) (*[]git.GitRefFavorite, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRefFavoritesArgs) *[]git.GitRefFavorite); ok { r0 = rf(_a0, _a1) } else { @@ -2609,6 +2004,7 @@ func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesAr } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRefFavoritesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2622,15 +2018,7 @@ func (_m *Client) GetRefFavorites(_a0 context.Context, _a1 git.GetRefFavoritesAr func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRefsResponseValue, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRefs") - } - var r0 *git.GetRefsResponseValue - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) (*git.GetRefsResponseValue, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRefsArgs) *git.GetRefsResponseValue); ok { r0 = rf(_a0, _a1) } else { @@ -2639,6 +2027,7 @@ func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRef } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRefsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2652,15 +2041,7 @@ func (_m *Client) GetRefs(_a0 context.Context, _a1 git.GetRefsArgs) (*git.GetRef func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesArgs) (*[]git.GitRepository, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRepositories") - } - var r0 *[]git.GitRepository - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) (*[]git.GitRepository, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoriesArgs) *[]git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2669,6 +2050,7 @@ func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesAr } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoriesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2682,15 +2064,7 @@ func (_m *Client) GetRepositories(_a0 context.Context, _a1 git.GetRepositoriesAr func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRepository") - } - var r0 *git.GitRepository - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) (*git.GitRepository, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2699,6 +2073,7 @@ func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2712,15 +2087,7 @@ func (_m *Client) GetRepository(_a0 context.Context, _a1 git.GetRepositoryArgs) func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetRepositoryWithParentArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRepositoryWithParent") - } - var r0 *git.GitRepository - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) (*git.GitRepository, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRepositoryWithParentArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2729,6 +2096,7 @@ func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetReposi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRepositoryWithParentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2742,15 +2110,7 @@ func (_m *Client) GetRepositoryWithParent(_a0 context.Context, _a1 git.GetReposi func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.GitRevert, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRevert") - } - var r0 *git.GitRevert - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) (*git.GitRevert, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertArgs) *git.GitRevert); ok { r0 = rf(_a0, _a1) } else { @@ -2759,6 +2119,7 @@ func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.Gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2772,15 +2133,7 @@ func (_m *Client) GetRevert(_a0 context.Context, _a1 git.GetRevertArgs) (*git.Gi func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForRefNameArgs) (*git.GitRevert, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetRevertForRefName") - } - var r0 *git.GitRevert - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) (*git.GitRevert, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetRevertForRefNameArgs) *git.GitRevert); ok { r0 = rf(_a0, _a1) } else { @@ -2789,6 +2142,7 @@ func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForR } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetRevertForRefNameArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2802,15 +2156,7 @@ func (_m *Client) GetRevertForRefName(_a0 context.Context, _a1 git.GetRevertForR func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[]git.GitStatus, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetStatuses") - } - var r0 *[]git.GitStatus - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) (*[]git.GitStatus, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetStatusesArgs) *[]git.GitStatus); ok { r0 = rf(_a0, _a1) } else { @@ -2819,6 +2165,7 @@ func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[] } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetStatusesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2832,15 +2179,7 @@ func (_m *Client) GetStatuses(_a0 context.Context, _a1 git.GetStatusesArgs) (*[] func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs) (*[]git.GitSuggestion, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetSuggestions") - } - var r0 *[]git.GitSuggestion - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) (*[]git.GitSuggestion, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetSuggestionsArgs) *[]git.GitSuggestion); ok { r0 = rf(_a0, _a1) } else { @@ -2849,6 +2188,7 @@ func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetSuggestionsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2862,15 +2202,7 @@ func (_m *Client) GetSuggestions(_a0 context.Context, _a1 git.GetSuggestionsArgs func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetThreads") - } - var r0 *[]git.GitPullRequestCommentThread - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) (*[]git.GitPullRequestCommentThread, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetThreadsArgs) *[]git.GitPullRequestCommentThread); ok { r0 = rf(_a0, _a1) } else { @@ -2879,6 +2211,7 @@ func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetThreadsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2892,15 +2225,7 @@ func (_m *Client) GetThreads(_a0 context.Context, _a1 git.GetThreadsArgs) (*[]gi func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTreeRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetTree") - } - var r0 *git.GitTreeRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) (*git.GitTreeRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeArgs) *git.GitTreeRef); ok { r0 = rf(_a0, _a1) } else { @@ -2909,6 +2234,7 @@ func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTre } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2922,15 +2248,7 @@ func (_m *Client) GetTree(_a0 context.Context, _a1 git.GetTreeArgs) (*git.GitTre func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.ReadCloser, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for GetTreeZip") - } - var r0 io.ReadCloser - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) (io.ReadCloser, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.GetTreeZipArgs) io.ReadCloser); ok { r0 = rf(_a0, _a1) } else { @@ -2939,6 +2257,7 @@ func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.Re } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.GetTreeZipArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2952,15 +2271,7 @@ func (_m *Client) GetTreeZip(_a0 context.Context, _a1 git.GetTreeZipArgs) (io.Re func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for QueryImportRequests") - } - var r0 *[]git.GitImportRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) (*[]git.GitImportRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.QueryImportRequestsArgs) *[]git.GitImportRequest); ok { r0 = rf(_a0, _a1) } else { @@ -2969,6 +2280,7 @@ func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRe } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.QueryImportRequestsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -2982,15 +2294,7 @@ func (_m *Client) QueryImportRequests(_a0 context.Context, _a1 git.QueryImportRe func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for RestoreRepositoryFromRecycleBin") - } - var r0 *git.GitRepository - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) (*git.GitRepository, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -2999,6 +2303,7 @@ func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.R } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.RestoreRepositoryFromRecycleBinArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3012,10 +2317,6 @@ func (_m *Client) RestoreRepositoryFromRecycleBin(_a0 context.Context, _a1 git.R func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequestArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for SharePullRequest") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.SharePullRequestArgs) error); ok { r0 = rf(_a0, _a1) @@ -3030,15 +2331,7 @@ func (_m *Client) SharePullRequest(_a0 context.Context, _a1 git.SharePullRequest func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) (*git.Comment, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdateComment") - } - var r0 *git.Comment - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) (*git.Comment, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateCommentArgs) *git.Comment); ok { r0 = rf(_a0, _a1) } else { @@ -3047,6 +2340,7 @@ func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateCommentArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3060,15 +2354,7 @@ func (_m *Client) UpdateComment(_a0 context.Context, _a1 git.UpdateCommentArgs) func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportRequestArgs) (*git.GitImportRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdateImportRequest") - } - var r0 *git.GitImportRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) (*git.GitImportRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateImportRequestArgs) *git.GitImportRequest); ok { r0 = rf(_a0, _a1) } else { @@ -3077,6 +2363,7 @@ func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportR } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateImportRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3090,15 +2377,7 @@ func (_m *Client) UpdateImportRequest(_a0 context.Context, _a1 git.UpdateImportR func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullRequestArgs) (*git.GitPullRequest, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdatePullRequest") - } - var r0 *git.GitPullRequest - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) (*git.GitPullRequest, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestArgs) *git.GitPullRequest); ok { r0 = rf(_a0, _a1) } else { @@ -3107,6 +2386,7 @@ func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullReque } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3120,10 +2400,6 @@ func (_m *Client) UpdatePullRequest(_a0 context.Context, _a1 git.UpdatePullReque func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 git.UpdatePullRequestIterationStatusesArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdatePullRequestIterationStatuses") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestIterationStatusesArgs) error); ok { r0 = rf(_a0, _a1) @@ -3138,15 +2414,7 @@ func (_m *Client) UpdatePullRequestIterationStatuses(_a0 context.Context, _a1 gi func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.UpdatePullRequestPropertiesArgs) (interface{}, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdatePullRequestProperties") - } - var r0 interface{} - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) (interface{}, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestPropertiesArgs) interface{}); ok { r0 = rf(_a0, _a1) } else { @@ -3155,6 +2423,7 @@ func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.Updat } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdatePullRequestPropertiesArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3168,10 +2437,6 @@ func (_m *Client) UpdatePullRequestProperties(_a0 context.Context, _a1 git.Updat func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.UpdatePullRequestReviewersArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdatePullRequestReviewers") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestReviewersArgs) error); ok { r0 = rf(_a0, _a1) @@ -3186,10 +2451,6 @@ func (_m *Client) UpdatePullRequestReviewers(_a0 context.Context, _a1 git.Update func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdatePullRequestStatusesArgs) error { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdatePullRequestStatuses") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context, git.UpdatePullRequestStatusesArgs) error); ok { r0 = rf(_a0, _a1) @@ -3204,15 +2465,7 @@ func (_m *Client) UpdatePullRequestStatuses(_a0 context.Context, _a1 git.UpdateP func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.GitRef, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdateRef") - } - var r0 *git.GitRef - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) (*git.GitRef, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefArgs) *git.GitRef); ok { r0 = rf(_a0, _a1) } else { @@ -3221,6 +2474,7 @@ func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.Gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3234,15 +2488,7 @@ func (_m *Client) UpdateRef(_a0 context.Context, _a1 git.UpdateRefArgs) (*git.Gi func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdateRefs") - } - var r0 *[]git.GitRefUpdateResult - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) (*[]git.GitRefUpdateResult, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRefsArgs) *[]git.GitRefUpdateResult); ok { r0 = rf(_a0, _a1) } else { @@ -3251,6 +2497,7 @@ func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]gi } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRefsArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3264,15 +2511,7 @@ func (_m *Client) UpdateRefs(_a0 context.Context, _a1 git.UpdateRefsArgs) (*[]gi func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepositoryArgs) (*git.GitRepository, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdateRepository") - } - var r0 *git.GitRepository - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) (*git.GitRepository, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateRepositoryArgs) *git.GitRepository); ok { r0 = rf(_a0, _a1) } else { @@ -3281,6 +2520,7 @@ func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepository } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateRepositoryArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3294,15 +2534,7 @@ func (_m *Client) UpdateRepository(_a0 context.Context, _a1 git.UpdateRepository func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for UpdateThread") - } - var r0 *git.GitPullRequestCommentThread - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) (*git.GitPullRequestCommentThread, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, git.UpdateThreadArgs) *git.GitPullRequestCommentThread); ok { r0 = rf(_a0, _a1) } else { @@ -3311,6 +2543,7 @@ func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (* } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, git.UpdateThreadArgs) error); ok { r1 = rf(_a0, _a1) } else { @@ -3319,17 +2552,3 @@ func (_m *Client) UpdateThread(_a0 context.Context, _a1 git.UpdateThreadArgs) (* return r0, r1 } - -// NewClient creates a new instance of Client. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewClient(t interface { - mock.TestingT - Cleanup(func()) -}) *Client { - mock := &Client{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/applicationset/services/scm_provider/azure_devops_test.go b/applicationset/services/scm_provider/azure_devops_test.go index d718802ad3295..219e770d71250 100644 --- a/applicationset/services/scm_provider/azure_devops_test.go +++ b/applicationset/services/scm_provider/azure_devops_test.go @@ -8,17 +8,15 @@ import ( "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" + azureMock "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/azure_devops/git/mocks" "github.com/microsoft/azure-devops-go-api/azuredevops" azureGit "github.com/microsoft/azure-devops-go-api/azuredevops/git" - - azureMock "github.com/argoproj/argo-cd/v2/applicationset/services/scm_provider/azure_devops/git/mocks" ) func s(input string) *string { - return ptr.To(input) + return pointer.String(input) } func TestAzureDevopsRepoHasPath(t *testing.T) { @@ -91,24 +89,26 @@ func TestAzureDevopsRepoHasPath(t *testing.T) { hasPath, err := provider.RepoHasPath(ctx, repo, path) if testCase.clientError != nil { - require.ErrorContains(t, err, testCase.clientError.Error()) + assert.ErrorContains(t, err, testCase.clientError.Error()) gitClientMock.AssertNotCalled(t, "GetItem", ctx, azureGit.GetItemArgs{Project: &teamProject, Path: &path, VersionDescriptor: &azureGit.GitVersionDescriptor{Version: &branchName}, RepositoryId: repoId}) return } if testCase.returnError { - require.ErrorContains(t, err, testCase.errorMessage) + assert.ErrorContains(t, err, testCase.errorMessage) } assert.Equal(t, testCase.pathFound, hasPath) gitClientMock.AssertCalled(t, "GetItem", ctx, azureGit.GetItemArgs{Project: &teamProject, Path: &path, VersionDescriptor: &azureGit.GitVersionDescriptor{Version: &branchName}, RepositoryId: repoId}) + }) } } func TestGetDefaultBranchOnDisabledRepo(t *testing.T) { + organization := "myorg" teamProject := "myorg_project" repoName := "myorg_project_repo" @@ -155,9 +155,9 @@ func TestGetDefaultBranchOnDisabledRepo(t *testing.T) { branches, err := provider.GetBranches(ctx, repo) if testCase.shouldReturnError { - require.Error(t, err) + assert.Error(t, err) } else { - require.NoError(t, err) + assert.NoError(t, err) } assert.Empty(t, branches) @@ -168,6 +168,7 @@ func TestGetDefaultBranchOnDisabledRepo(t *testing.T) { } func TestGetAllBranchesOnDisabledRepo(t *testing.T) { + organization := "myorg" teamProject := "myorg_project" repoName := "myorg_project_repo" @@ -214,9 +215,9 @@ func TestGetAllBranchesOnDisabledRepo(t *testing.T) { branches, err := provider.GetBranches(ctx, repo) if testCase.shouldReturnError { - require.Error(t, err) + assert.Error(t, err) } else { - require.NoError(t, err) + assert.NoError(t, err) } assert.Empty(t, branches) @@ -227,7 +228,9 @@ func TestGetAllBranchesOnDisabledRepo(t *testing.T) { } func TestAzureDevOpsGetDefaultBranchStripsRefsName(t *testing.T) { + t.Run("Get branches only default branch removes characters before querying azure devops", func(t *testing.T) { + organization := "myorg" teamProject := "myorg_project" repoName := "myorg_project_repo" @@ -250,7 +253,7 @@ func TestAzureDevOpsGetDefaultBranchStripsRefsName(t *testing.T) { provider := AzureDevOpsProvider{organization: organization, teamProject: teamProject, clientFactory: clientFactoryMock, allBranches: false} branches, err := provider.GetBranches(ctx, repo) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, branches, 1) assert.Equal(t, strippedBranchName, branches[0].Branch) @@ -307,7 +310,7 @@ func TestAzureDevOpsGetBranchesDefultBranchOnly(t *testing.T) { branches, err := provider.GetBranches(ctx, repo) if testCase.clientError != nil { - require.ErrorContains(t, err, testCase.clientError.Error()) + assert.ErrorContains(t, err, testCase.clientError.Error()) gitClientMock.AssertNotCalled(t, "GetBranch", ctx, azureGit.GetBranchArgs{RepositoryId: &repoName, Project: &teamProject, Name: &defaultBranch}) return @@ -315,7 +318,7 @@ func TestAzureDevOpsGetBranchesDefultBranchOnly(t *testing.T) { if testCase.getBranchesApiError != nil { assert.Empty(t, branches) - require.ErrorContains(t, err, testCase.getBranchesApiError.Error()) + assert.ErrorContains(t, err, testCase.getBranchesApiError.Error()) } else { if testCase.expectedBranch != nil { assert.NotEmpty(t, branches) @@ -391,20 +394,21 @@ func TestAzureDevopsGetBranches(t *testing.T) { branches, err := provider.GetBranches(ctx, repo) if testCase.expectedProcessingErrorMsg != "" { - require.ErrorContains(t, err, testCase.expectedProcessingErrorMsg) + assert.ErrorContains(t, err, testCase.expectedProcessingErrorMsg) assert.Nil(t, branches) return } if testCase.clientError != nil { - require.ErrorContains(t, err, testCase.clientError.Error()) + assert.ErrorContains(t, err, testCase.clientError.Error()) gitClientMock.AssertNotCalled(t, "GetBranches", ctx, azureGit.GetBranchesArgs{RepositoryId: &repoName, Project: &teamProject}) return + } if testCase.getBranchesApiError != nil { assert.Empty(t, branches) - require.ErrorContains(t, err, testCase.getBranchesApiError.Error()) + assert.ErrorContains(t, err, testCase.getBranchesApiError.Error()) } else { if len(*testCase.expectedBranches) > 0 { assert.NotEmpty(t, branches) @@ -468,14 +472,14 @@ func TestGetAzureDevopsRepositories(t *testing.T) { {Name: s("missing_default_branch"), RemoteUrl: s("https://remoteurl.u"), Id: repoId}, {DefaultBranch: s("missing_name"), RemoteUrl: s("https://remoteurl.u"), Id: repoId}, {Name: s("missing_remote_url"), DefaultBranch: s("main"), Id: repoId}, - {Name: s("missing_id"), DefaultBranch: s("main"), RemoteUrl: s("https://remoteurl.u")}, - }, + {Name: s("missing_id"), DefaultBranch: s("main"), RemoteUrl: s("https://remoteurl.u")}}, expectedNumberOfRepos: 1, }, } for _, testCase := range testCases { t.Run(testCase.name, func(t *testing.T) { + gitClientMock := azureMock.Client{} gitClientMock.On("GetRepositories", ctx, azureGit.GetRepositoriesArgs{Project: s(teamProject)}).Return(&testCase.repositories, testCase.getRepositoriesError) @@ -487,7 +491,7 @@ func TestGetAzureDevopsRepositories(t *testing.T) { repositories, err := provider.ListRepos(ctx, "https") if testCase.getRepositoriesError != nil { - require.Error(t, err, "Expected an error from test case %v", testCase.name) + assert.Error(t, err, "Expected an error from test case %v", testCase.name) } if testCase.expectedNumberOfRepos == 0 { diff --git a/applicationset/services/scm_provider/bitbucket_cloud.go b/applicationset/services/scm_provider/bitbucket_cloud.go index da8f3fea54c54..3c453f6b9c17d 100644 --- a/applicationset/services/scm_provider/bitbucket_cloud.go +++ b/applicationset/services/scm_provider/bitbucket_cloud.go @@ -52,6 +52,7 @@ func (c *ExtendedClient) GetContents(repo *Repository, path string) (bool, error var _ SCMProviderService = &BitBucketCloudProvider{} func NewBitBucketCloudProvider(ctx context.Context, owner string, user string, password string, allBranches bool) (*BitBucketCloudProvider, error) { + client := &ExtendedClient{ bitbucket.NewBasicAuth(user, password), user, @@ -65,13 +66,13 @@ func (g *BitBucketCloudProvider) GetBranches(ctx context.Context, repo *Reposito repos := []*Repository{} branches, err := g.listBranches(repo) if err != nil { - return nil, fmt.Errorf("error listing branches for %s/%s: %w", repo.Organization, repo.Repository, err) + return nil, fmt.Errorf("error listing branches for %s/%s: %v", repo.Organization, repo.Repository, err) } for _, branch := range branches { hash, ok := branch.Target["hash"].(string) if !ok { - return nil, fmt.Errorf("error getting SHA for branch for %s/%s/%s: %w", g.owner, repo.Repository, branch.Name, err) + return nil, fmt.Errorf("error getting SHA for branch for %s/%s/%s: %v", g.owner, repo.Repository, branch.Name, err) } repos = append(repos, &Repository{ Organization: repo.Organization, @@ -97,12 +98,12 @@ func (g *BitBucketCloudProvider) ListRepos(ctx context.Context, cloneProtocol st repos := []*Repository{} accountReposResp, err := g.client.Repositories.ListForAccount(opt) if err != nil { - return nil, fmt.Errorf("error listing repositories for %s: %w", g.owner, err) + return nil, fmt.Errorf("error listing repositories for %s: %v", g.owner, err) } for _, bitBucketRepo := range accountReposResp.Items { cloneUrl, err := findCloneURL(cloneProtocol, &bitBucketRepo) if err != nil { - return nil, fmt.Errorf("error fetching clone url for repo %s: %w", bitBucketRepo.Slug, err) + return nil, fmt.Errorf("error fetching clone url for repo %s: %v", bitBucketRepo.Slug, err) } repos = append(repos, &Repository{ Organization: g.owner, @@ -150,9 +151,11 @@ func (g *BitBucketCloudProvider) listBranches(repo *Repository) ([]bitbucket.Rep return nil, err } return branches.Branches, nil + } func findCloneURL(cloneProtocol string, repo *bitbucket.Repository) (*string, error) { + cloneLinks, ok := repo.Links["clone"].([]interface{}) if !ok { return nil, fmt.Errorf("unknown type returned from repo links") diff --git a/applicationset/services/scm_provider/bitbucket_cloud_test.go b/applicationset/services/scm_provider/bitbucket_cloud_test.go index d4127dbbf4002..fca03e1693ade 100644 --- a/applicationset/services/scm_provider/bitbucket_cloud_test.go +++ b/applicationset/services/scm_provider/bitbucket_cloud_test.go @@ -8,7 +8,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -19,7 +18,7 @@ func TestBitbucketHasRepo(t *testing.T) { res.WriteHeader(http.StatusNotFound) _, err := res.Write([]byte("")) if err != nil { - require.NoError(t, fmt.Errorf("Error in mock response %w", err)) + assert.NoError(t, fmt.Errorf("Error in mock response %v", err)) } } if req.URL.Path == "/repositories/test-owner/testmike/src/dc1edb6c7d650d8ba67719ddf7b662ad8f8fb798/.gitignore" { @@ -56,7 +55,7 @@ func TestBitbucketHasRepo(t *testing.T) { "size": 624 }`)) if err != nil { - require.NoError(t, fmt.Errorf("Error in mock response %w", err)) + assert.NoError(t, fmt.Errorf("Error in mock response %v", err)) } } })) @@ -96,7 +95,7 @@ func TestBitbucketHasRepo(t *testing.T) { } hasPath, err := provider.RepoHasPath(context.Background(), repo, c.path) if err != nil { - require.Error(t, fmt.Errorf("Error in test %w", err)) + assert.Error(t, fmt.Errorf("Error in test %v", err)) } if c.status != http.StatusOK { assert.False(t, hasPath) @@ -209,7 +208,7 @@ func TestBitbucketListRepos(t *testing.T) { "size": 1 }`)) if err != nil { - require.NoError(t, fmt.Errorf("Error in mock response %w", err)) + assert.NoError(t, fmt.Errorf("Error in mock response %v", err)) } } if req.URL.Path == "/repositories/test-owner/testmike/refs/branches/main" { @@ -304,7 +303,7 @@ func TestBitbucketListRepos(t *testing.T) { } }`)) if err != nil { - require.NoError(t, fmt.Errorf("Error in mock response %w", err)) + assert.NoError(t, fmt.Errorf("Error in mock response %v", err)) } } if req.URL.Path == "/repositories/test-owner" { @@ -443,7 +442,7 @@ func TestBitbucketListRepos(t *testing.T) { "size": 1 }`)) if err != nil { - require.NoError(t, fmt.Errorf("Error in mock response %w", err)) + assert.NoError(t, fmt.Errorf("Error in mock response %v", err)) } } })) @@ -490,9 +489,9 @@ func TestBitbucketListRepos(t *testing.T) { provider, _ := NewBitBucketCloudProvider(context.Background(), c.owner, "user", "password", c.allBranches) rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto) if c.hasError { - require.Error(t, err) + assert.Error(t, err) } else { - require.NoError(t, err) + assert.NoError(t, err) repos := []*Repository{} branches := []string{} for _, r := range rawRepos { diff --git a/applicationset/services/scm_provider/bitbucket_server.go b/applicationset/services/scm_provider/bitbucket_server.go index d1b66c89a66c3..9e46569512156 100644 --- a/applicationset/services/scm_provider/bitbucket_server.go +++ b/applicationset/services/scm_provider/bitbucket_server.go @@ -2,14 +2,12 @@ package scm_provider import ( "context" - "errors" "fmt" "io" + "github.com/argoproj/argo-cd/v2/applicationset/utils" bitbucketv1 "github.com/gfleury/go-bitbucket-v1" log "github.com/sirupsen/logrus" - - "github.com/argoproj/argo-cd/v2/applicationset/utils" ) type BitbucketServerProvider struct { @@ -56,12 +54,12 @@ func (b *BitbucketServerProvider) ListRepos(_ context.Context, cloneProtocol str for { response, err := b.client.DefaultApi.GetRepositoriesWithOptions(b.projectKey, paged) if err != nil { - return nil, fmt.Errorf("error listing repositories for %s: %w", b.projectKey, err) + return nil, fmt.Errorf("error listing repositories for %s: %v", b.projectKey, err) } repositories, err := bitbucketv1.GetRepositoriesResponse(response) if err != nil { log.Errorf("error parsing repositories response '%v'", response.Values) - return nil, fmt.Errorf("error parsing repositories response %s: %w", b.projectKey, err) + return nil, fmt.Errorf("error parsing repositories response %s: %v", b.projectKey, err) } for _, bitbucketRepo := range repositories { var url string @@ -128,7 +126,7 @@ func (b *BitbucketServerProvider) GetBranches(_ context.Context, repo *Repositor repos := []*Repository{} branches, err := b.listBranches(repo) if err != nil { - return nil, fmt.Errorf("error listing branches for %s/%s: %w", repo.Organization, repo.Repository, err) + return nil, fmt.Errorf("error listing branches for %s/%s: %v", repo.Organization, repo.Repository, err) } for _, branch := range branches { @@ -165,12 +163,12 @@ func (b *BitbucketServerProvider) listBranches(repo *Repository) ([]bitbucketv1. for { response, err := b.client.DefaultApi.GetBranches(repo.Organization, repo.Repository, paged) if err != nil { - return nil, fmt.Errorf("error listing branches for %s/%s: %w", repo.Organization, repo.Repository, err) + return nil, fmt.Errorf("error listing branches for %s/%s: %v", repo.Organization, repo.Repository, err) } bitbucketBranches, err := bitbucketv1.GetBranchesResponse(response) if err != nil { log.Errorf("error parsing branches response '%v'", response.Values) - return nil, fmt.Errorf("error parsing branches response for %s/%s: %w", repo.Organization, repo.Repository, err) + return nil, fmt.Errorf("error parsing branches response for %s/%s: %v", repo.Organization, repo.Repository, err) } branches = append(branches, bitbucketBranches...) @@ -188,7 +186,7 @@ func (b *BitbucketServerProvider) getDefaultBranch(org string, repo string) (*bi response, err := b.client.DefaultApi.GetDefaultBranch(org, repo) // The API will return 404 if a default branch is set but doesn't exist. In case the repo is empty and default branch is unset, // we will get an EOF and a nil response. - if (response != nil && response.StatusCode == 404) || (response == nil && err != nil && errors.Is(err, io.EOF)) { + if (response != nil && response.StatusCode == 404) || (response == nil && err == io.EOF) { return nil, nil } if err != nil { diff --git a/applicationset/services/scm_provider/bitbucket_server_test.go b/applicationset/services/scm_provider/bitbucket_server_test.go index a8fc7afac5580..d403bd72caaac 100644 --- a/applicationset/services/scm_provider/bitbucket_server_test.go +++ b/applicationset/services/scm_provider/bitbucket_server_test.go @@ -8,7 +8,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { @@ -80,8 +79,8 @@ func defaultHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { } func verifyDefaultRepo(t *testing.T, err error, repos []*Repository) { - require.NoError(t, err) - assert.Len(t, repos, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(repos)) assert.Equal(t, Repository{ Organization: "PROJECT", Repository: "REPO", @@ -100,7 +99,7 @@ func TestListReposNoAuth(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") verifyDefaultRepo(t, err, repos) } @@ -192,10 +191,10 @@ func TestListReposPagination(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") - require.NoError(t, err) - assert.Len(t, repos, 2) + assert.NoError(t, err) + assert.Equal(t, 2, len(repos)) assert.Equal(t, Repository{ Organization: "PROJECT", Repository: "REPO", @@ -269,7 +268,7 @@ func TestGetBranchesBranchPagination(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", Repository: "REPO", @@ -277,8 +276,8 @@ func TestGetBranchesBranchPagination(t *testing.T) { Labels: []string{}, RepositoryId: 1, }) - require.NoError(t, err) - assert.Len(t, repos, 2) + assert.NoError(t, err) + assert.Equal(t, 2, len(repos)) assert.Equal(t, Repository{ Organization: "PROJECT", Repository: "REPO", @@ -322,7 +321,7 @@ func TestGetBranchesDefaultOnly(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", Repository: "REPO", @@ -330,8 +329,8 @@ func TestGetBranchesDefaultOnly(t *testing.T) { Labels: []string{}, RepositoryId: 1, }) - require.NoError(t, err) - assert.Len(t, repos, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(repos)) assert.Equal(t, Repository{ Organization: "PROJECT", Repository: "REPO", @@ -354,7 +353,7 @@ func TestGetBranchesMissingDefault(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", Repository: "REPO", @@ -362,7 +361,7 @@ func TestGetBranchesMissingDefault(t *testing.T) { Labels: []string{}, RepositoryId: 1, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, repos) } @@ -376,7 +375,7 @@ func TestGetBranchesEmptyRepo(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", Repository: "REPO", @@ -385,7 +384,7 @@ func TestGetBranchesEmptyRepo(t *testing.T) { RepositoryId: 1, }) assert.Empty(t, repos) - require.NoError(t, err) + assert.NoError(t, err) } func TestGetBranchesErrorDefaultBranch(t *testing.T) { @@ -399,7 +398,7 @@ func TestGetBranchesErrorDefaultBranch(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) - require.NoError(t, err) + assert.NoError(t, err) _, err = provider.GetBranches(context.Background(), &Repository{ Organization: "PROJECT", Repository: "REPO", @@ -407,7 +406,7 @@ func TestGetBranchesErrorDefaultBranch(t *testing.T) { Labels: []string{}, RepositoryId: 1, }) - require.Error(t, err) + assert.Error(t, err) } func TestListReposBasicAuth(t *testing.T) { @@ -418,7 +417,7 @@ func TestListReposBasicAuth(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderBasicAuth(context.Background(), "user", "password", ts.URL, "PROJECT", true) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") verifyDefaultRepo(t, err, repos) } @@ -445,10 +444,10 @@ func TestListReposDefaultBranch(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") - require.NoError(t, err) - assert.Len(t, repos, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(repos)) assert.Equal(t, Repository{ Organization: "PROJECT", Repository: "REPO", @@ -471,9 +470,9 @@ func TestListReposMissingDefaultBranch(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "ssh") - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, repos) } @@ -488,9 +487,9 @@ func TestListReposErrorDefaultBranch(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", false) - require.NoError(t, err) + assert.NoError(t, err) _, err = provider.ListRepos(context.Background(), "ssh") - require.Error(t, err) + assert.Error(t, err) } func TestListReposCloneProtocol(t *testing.T) { @@ -500,10 +499,10 @@ func TestListReposCloneProtocol(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) - require.NoError(t, err) + assert.NoError(t, err) repos, err := provider.ListRepos(context.Background(), "https") - require.NoError(t, err) - assert.Len(t, repos, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(repos)) assert.Equal(t, Repository{ Organization: "PROJECT", Repository: "REPO", @@ -522,9 +521,9 @@ func TestListReposUnknownProtocol(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) - require.NoError(t, err) + assert.NoError(t, err) _, errProtocol := provider.ListRepos(context.Background(), "http") - require.Error(t, errProtocol) + assert.NotNil(t, errProtocol) } func TestBitbucketServerHasPath(t *testing.T) { @@ -560,36 +559,36 @@ func TestBitbucketServerHasPath(t *testing.T) { })) defer ts.Close() provider, err := NewBitbucketServerProviderNoAuth(context.Background(), ts.URL, "PROJECT", true) - require.NoError(t, err) + assert.NoError(t, err) repo := &Repository{ Organization: "PROJECT", Repository: "REPO", Branch: "main", } ok, err := provider.RepoHasPath(context.Background(), repo, "pkg") - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, ok) ok, err = provider.RepoHasPath(context.Background(), repo, "pkg/") - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, ok) ok, err = provider.RepoHasPath(context.Background(), repo, "anotherpkg/file.txt") - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, ok) ok, err = provider.RepoHasPath(context.Background(), repo, "anotherpkg/missing.txt") - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, ok) ok, err = provider.RepoHasPath(context.Background(), repo, "notathing") - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, ok) ok, err = provider.RepoHasPath(context.Background(), repo, "return-redirect") - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, ok) _, err = provider.RepoHasPath(context.Background(), repo, "unauthorized-response") - require.Error(t, err) + assert.Error(t, err) } diff --git a/applicationset/services/scm_provider/gitea_test.go b/applicationset/services/scm_provider/gitea_test.go index 231913761014b..3d17e3175c4f8 100644 --- a/applicationset/services/scm_provider/gitea_test.go +++ b/applicationset/services/scm_provider/gitea_test.go @@ -258,7 +258,6 @@ func giteaMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { } } } - func TestGiteaListRepos(t *testing.T) { cases := []struct { name, proto, url string @@ -306,9 +305,9 @@ func TestGiteaListRepos(t *testing.T) { provider, _ := NewGiteaProvider(context.Background(), "test-argocd", "", ts.URL, c.allBranches, false) rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto) if c.hasError { - require.Error(t, err) + assert.NotNil(t, err) } else { - require.NoError(t, err) + assert.Nil(t, err) // Just check that this one project shows up. Not a great test but better thing nothing? repos := []*Repository{} branches := []string{} @@ -342,19 +341,19 @@ func TestGiteaHasPath(t *testing.T) { t.Run("file exists", func(t *testing.T) { ok, err := host.RepoHasPath(context.Background(), repo, "README.md") - require.NoError(t, err) + assert.Nil(t, err) assert.True(t, ok) }) t.Run("directory exists", func(t *testing.T) { ok, err := host.RepoHasPath(context.Background(), repo, "gitea") - require.NoError(t, err) + assert.Nil(t, err) assert.True(t, ok) }) t.Run("does not exists", func(t *testing.T) { ok, err := host.RepoHasPath(context.Background(), repo, "notathing") - require.NoError(t, err) + assert.Nil(t, err) assert.False(t, ok) }) } diff --git a/applicationset/services/scm_provider/github_test.go b/applicationset/services/scm_provider/github_test.go index 03b59c801721a..d413250f03126 100644 --- a/applicationset/services/scm_provider/github_test.go +++ b/applicationset/services/scm_provider/github_test.go @@ -8,7 +8,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -245,9 +244,9 @@ func TestGithubListRepos(t *testing.T) { provider, _ := NewGithubProvider(context.Background(), "argoproj", "", ts.URL, c.allBranches) rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto) if c.hasError { - require.Error(t, err) + assert.Error(t, err) } else { - require.NoError(t, err) + assert.NoError(t, err) // Just check that this one project shows up. Not a great test but better thing nothing? repos := []*Repository{} branches := []string{} @@ -279,11 +278,11 @@ func TestGithubHasPath(t *testing.T) { Branch: "master", } ok, err := host.RepoHasPath(context.Background(), repo, "pkg/") - require.NoError(t, err) + assert.Nil(t, err) assert.True(t, ok) ok, err = host.RepoHasPath(context.Background(), repo, "notathing/") - require.NoError(t, err) + assert.Nil(t, err) assert.False(t, ok) } @@ -300,26 +299,26 @@ func TestGithubGetBranches(t *testing.T) { } repos, err := host.GetBranches(context.Background(), repo) if err != nil { - require.NoError(t, err) + assert.NoError(t, err) } else { - assert.Equal(t, "master", repos[0].Branch) + assert.Equal(t, repos[0].Branch, "master") } - // Branch Doesn't exists instead of error will return no error + //Branch Doesn't exists instead of error will return no error repo2 := &Repository{ Organization: "argoproj", Repository: "applicationset", Branch: "main", } _, err = host.GetBranches(context.Background(), repo2) - require.NoError(t, err) + assert.NoError(t, err) // Get all branches host.allBranches = true repos, err = host.GetBranches(context.Background(), repo) if err != nil { - require.NoError(t, err) + assert.NoError(t, err) } else { // considering master branch to exist. - assert.Len(t, repos, 1) + assert.Equal(t, len(repos), 1) } } diff --git a/applicationset/services/scm_provider/gitlab.go b/applicationset/services/scm_provider/gitlab.go index 974be7bc21e16..ca174de540887 100644 --- a/applicationset/services/scm_provider/gitlab.go +++ b/applicationset/services/scm_provider/gitlab.go @@ -7,10 +7,9 @@ import ( "os" pathpkg "path" + "github.com/argoproj/argo-cd/v2/applicationset/utils" "github.com/hashicorp/go-retryablehttp" "github.com/xanzy/go-gitlab" - - "github.com/argoproj/argo-cd/v2/applicationset/utils" ) type GitlabProvider struct { @@ -58,7 +57,7 @@ func (g *GitlabProvider) GetBranches(ctx context.Context, repo *Repository) ([]* repos := []*Repository{} branches, err := g.listBranches(ctx, repo) if err != nil { - return nil, fmt.Errorf("error listing branches for %s/%s: %w", repo.Organization, repo.Repository, err) + return nil, fmt.Errorf("error listing branches for %s/%s: %v", repo.Organization, repo.Repository, err) } for _, branch := range branches { @@ -87,7 +86,7 @@ func (g *GitlabProvider) ListRepos(ctx context.Context, cloneProtocol string) ([ for { gitlabRepos, resp, err := g.client.Groups.ListGroupProjects(g.organization, opt) if err != nil { - return nil, fmt.Errorf("error listing projects for %s: %w", g.organization, err) + return nil, fmt.Errorf("error listing projects for %s: %v", g.organization, err) } for _, gitlabRepo := range gitlabRepos { var url string diff --git a/applicationset/services/scm_provider/gitlab_test.go b/applicationset/services/scm_provider/gitlab_test.go index c897e9b3183de..b93616fa8367f 100644 --- a/applicationset/services/scm_provider/gitlab_test.go +++ b/applicationset/services/scm_provider/gitlab_test.go @@ -9,7 +9,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -1047,7 +1046,6 @@ func gitlabMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request) { } } } - func TestGitlabListRepos(t *testing.T) { cases := []struct { name, proto, url, topic string @@ -1124,9 +1122,9 @@ func TestGitlabListRepos(t *testing.T) { provider, _ := NewGitlabProvider(context.Background(), "test-argocd-proton", "", ts.URL, c.allBranches, c.includeSubgroups, c.includeSharedProjects, c.insecure, "", c.topic) rawRepos, err := ListRepos(context.Background(), provider, c.filters, c.proto) if c.hasError { - require.Error(t, err) + assert.NotNil(t, err) } else { - require.NoError(t, err) + assert.Nil(t, err) // Just check that this one project shows up. Not a great test but better than nothing? repos := []*Repository{} uniqueRepos := map[string]int{} @@ -1145,11 +1143,11 @@ func TestGitlabListRepos(t *testing.T) { } // In case of listing subgroups, validate the number of returned projects if c.includeSubgroups || c.includeSharedProjects { - assert.Len(t, uniqueRepos, 2) + assert.Equal(t, 2, len(uniqueRepos)) } // In case we filter on the topic, ensure we got only one repo returned if c.topic != "" { - assert.Len(t, uniqueRepos, 1) + assert.Equal(t, 1, len(uniqueRepos)) } } }) @@ -1196,7 +1194,7 @@ func TestGitlabHasPath(t *testing.T) { for _, c := range cases { t.Run(c.name, func(t *testing.T) { ok, err := host.RepoHasPath(context.Background(), repo, c.path) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, c.exists, ok) }) } @@ -1214,8 +1212,8 @@ func TestGitlabGetBranches(t *testing.T) { } t.Run("branch exists", func(t *testing.T) { repos, err := host.GetBranches(context.Background(), repo) - require.NoError(t, err) - assert.Equal(t, "master", repos[0].Branch) + assert.Nil(t, err) + assert.Equal(t, repos[0].Branch, "master") }) repo2 := &Repository{ @@ -1224,6 +1222,6 @@ func TestGitlabGetBranches(t *testing.T) { } t.Run("unknown branch", func(t *testing.T) { _, err := host.GetBranches(context.Background(), repo2) - require.NoError(t, err) + assert.NoError(t, err) }) } diff --git a/applicationset/services/scm_provider/mock.go b/applicationset/services/scm_provider/mock.go index 15d8548e26b48..bf7e452c81c3a 100644 --- a/applicationset/services/scm_provider/mock.go +++ b/applicationset/services/scm_provider/mock.go @@ -44,6 +44,7 @@ func (m *MockProvider) GetBranches(_ context.Context, repo *Repository) ([]*Repo branchRepos = append(branchRepos, candidateRepo) } } + } return branchRepos, nil } diff --git a/applicationset/services/scm_provider/utils.go b/applicationset/services/scm_provider/utils.go index b7cdbf460605b..e92923f52707b 100644 --- a/applicationset/services/scm_provider/utils.go +++ b/applicationset/services/scm_provider/utils.go @@ -17,14 +17,14 @@ func compileFilters(filters []argoprojiov1alpha1.SCMProviderGeneratorFilter) ([] if filter.RepositoryMatch != nil { outFilter.RepositoryMatch, err = regexp.Compile(*filter.RepositoryMatch) if err != nil { - return nil, fmt.Errorf("error compiling RepositoryMatch regexp %q: %w", *filter.RepositoryMatch, err) + return nil, fmt.Errorf("error compiling RepositoryMatch regexp %q: %v", *filter.RepositoryMatch, err) } outFilter.FilterType = FilterTypeRepo } if filter.LabelMatch != nil { outFilter.LabelMatch, err = regexp.Compile(*filter.LabelMatch) if err != nil { - return nil, fmt.Errorf("error compiling LabelMatch regexp %q: %w", *filter.LabelMatch, err) + return nil, fmt.Errorf("error compiling LabelMatch regexp %q: %v", *filter.LabelMatch, err) } outFilter.FilterType = FilterTypeRepo } @@ -39,7 +39,7 @@ func compileFilters(filters []argoprojiov1alpha1.SCMProviderGeneratorFilter) ([] if filter.BranchMatch != nil { outFilter.BranchMatch, err = regexp.Compile(*filter.BranchMatch) if err != nil { - return nil, fmt.Errorf("error compiling BranchMatch regexp %q: %w", *filter.BranchMatch, err) + return nil, fmt.Errorf("error compiling BranchMatch regexp %q: %v", *filter.BranchMatch, err) } outFilter.FilterType = FilterTypeBranch } diff --git a/applicationset/services/scm_provider/utils_test.go b/applicationset/services/scm_provider/utils_test.go index 83c6c4fc23d9e..5ef6d582f8d34 100644 --- a/applicationset/services/scm_provider/utils_test.go +++ b/applicationset/services/scm_provider/utils_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) @@ -38,7 +37,7 @@ func TestFilterRepoMatch(t *testing.T) { }, } repos, err := ListRepos(context.Background(), provider, filters, "") - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, repos, 2) assert.Equal(t, "one", repos[0].Repository) assert.Equal(t, "three", repos[1].Repository) @@ -67,7 +66,7 @@ func TestFilterLabelMatch(t *testing.T) { }, } repos, err := ListRepos(context.Background(), provider, filters, "") - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, repos, 2) assert.Equal(t, "one", repos[0].Repository) assert.Equal(t, "two", repos[1].Repository) @@ -93,7 +92,7 @@ func TestFilterPathExists(t *testing.T) { }, } repos, err := ListRepos(context.Background(), provider, filters, "") - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, repos, 1) assert.Equal(t, "two", repos[0].Repository) } @@ -118,10 +117,9 @@ func TestFilterPathDoesntExists(t *testing.T) { }, } repos, err := ListRepos(context.Background(), provider, filters, "") - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, repos, 2) } - func TestFilterRepoMatchBadRegexp(t *testing.T) { provider := &MockProvider{ Repos: []*Repository{ @@ -136,7 +134,7 @@ func TestFilterRepoMatchBadRegexp(t *testing.T) { }, } _, err := ListRepos(context.Background(), provider, filters, "") - require.Error(t, err) + assert.NotNil(t, err) } func TestFilterLabelMatchBadRegexp(t *testing.T) { @@ -153,7 +151,7 @@ func TestFilterLabelMatchBadRegexp(t *testing.T) { }, } _, err := ListRepos(context.Background(), provider, filters, "") - require.Error(t, err) + assert.NotNil(t, err) } func TestFilterBranchMatch(t *testing.T) { @@ -187,7 +185,7 @@ func TestFilterBranchMatch(t *testing.T) { }, } repos, err := ListRepos(context.Background(), provider, filters, "") - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, repos, 2) assert.Equal(t, "one", repos[0].Repository) assert.Equal(t, "two", repos[0].Branch) @@ -219,7 +217,7 @@ func TestMultiFilterAnd(t *testing.T) { }, } repos, err := ListRepos(context.Background(), provider, filters, "") - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, repos, 1) assert.Equal(t, "two", repos[0].Repository) } @@ -250,7 +248,7 @@ func TestMultiFilterOr(t *testing.T) { }, } repos, err := ListRepos(context.Background(), provider, filters, "") - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, repos, 3) assert.Equal(t, "one", repos[0].Repository) assert.Equal(t, "two", repos[1].Repository) @@ -276,7 +274,7 @@ func TestNoFilters(t *testing.T) { } filters := []argoprojiov1alpha1.SCMProviderGeneratorFilter{} repos, err := ListRepos(context.Background(), provider, filters, "") - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, repos, 3) assert.Equal(t, "one", repos[0].Repository) assert.Equal(t, "two", repos[1].Repository) @@ -313,10 +311,8 @@ func TestApplicableFilterMap(t *testing.T) { BranchMatch: ®exp.Regexp{}, FilterType: FilterTypeBranch, } - filterMap := getApplicableFilters([]*Filter{ - &branchFilter, &repoFilter, - &pathExistsFilter, &labelMatchFilter, &unsetFilter, &additionalBranchFilter, &pathDoesntExistsFilter, - }) + filterMap := getApplicableFilters([]*Filter{&branchFilter, &repoFilter, + &pathExistsFilter, &labelMatchFilter, &unsetFilter, &additionalBranchFilter, &pathDoesntExistsFilter}) assert.Len(t, filterMap[FilterTypeRepo], 2) assert.Len(t, filterMap[FilterTypeBranch], 4) diff --git a/applicationset/status/resource_status.go b/applicationset/status/resource_status.go deleted file mode 100644 index 4e9db5ff560e9..0000000000000 --- a/applicationset/status/resource_status.go +++ /dev/null @@ -1,57 +0,0 @@ -package status - -import ( - argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" -) - -func BuildResourceStatus(statusMap map[string]argov1alpha1.ResourceStatus, apps []argov1alpha1.Application) map[string]argov1alpha1.ResourceStatus { - appMap := map[string]argov1alpha1.Application{} - for _, app := range apps { - appCopy := app - appMap[app.Name] = app - - gvk := app.GroupVersionKind() - // Create status if it does not exist - status, ok := statusMap[app.Name] - if !ok { - status = argov1alpha1.ResourceStatus{ - Group: gvk.Group, - Version: gvk.Version, - Kind: gvk.Kind, - Name: app.Name, - Namespace: app.Namespace, - Status: app.Status.Sync.Status, - Health: &appCopy.Status.Health, - } - } - - status.Group = gvk.Group - status.Version = gvk.Version - status.Kind = gvk.Kind - status.Name = app.Name - status.Namespace = app.Namespace - status.Status = app.Status.Sync.Status - status.Health = &appCopy.Status.Health - - statusMap[app.Name] = status - } - cleanupDeletedApplicationStatuses(statusMap, appMap) - - return statusMap -} - -func GetResourceStatusMap(appset *argov1alpha1.ApplicationSet) map[string]argov1alpha1.ResourceStatus { - statusMap := map[string]argov1alpha1.ResourceStatus{} - for _, status := range appset.Status.Resources { - statusMap[status.Name] = status - } - return statusMap -} - -func cleanupDeletedApplicationStatuses(statusMap map[string]argov1alpha1.ResourceStatus, apps map[string]argov1alpha1.Application) { - for name := range statusMap { - if _, ok := apps[name]; !ok { - delete(statusMap, name) - } - } -} diff --git a/applicationset/utils/clusterUtils.go b/applicationset/utils/clusterUtils.go index a56be51fdb7a2..3b34a5a863dbd 100644 --- a/applicationset/utils/clusterUtils.go +++ b/applicationset/utils/clusterUtils.go @@ -17,7 +17,7 @@ import ( appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "k8s.io/client-go/kubernetes" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" ) // The contents of this file are from @@ -55,14 +55,16 @@ func ValidateDestination(ctx context.Context, dest *appv1.ApplicationDestination if dest.Server == "" { server, err := getDestinationServer(ctx, dest.Name, clientset, argoCDNamespace) if err != nil { - return fmt.Errorf("unable to find destination server: %w", err) + return fmt.Errorf("unable to find destination server: %v", err) } if server == "" { return fmt.Errorf("application references destination cluster %s which does not exist", dest.Name) } dest.SetInferredServer(server) - } else if !dest.IsServerInferred() { - return fmt.Errorf("application destination can't have both name and server defined: %s %s", dest.Name, dest.Server) + } else { + if !dest.IsServerInferred() { + return fmt.Errorf("application destination can't have both name and server defined: %s %s", dest.Name, dest.Server) + } } } return nil @@ -91,6 +93,7 @@ func getDestinationServer(ctx context.Context, clusterName string, clientset kub } func ListClusters(ctx context.Context, clientset kubernetes.Interface, namespace string) (*appv1.ClusterList, error) { + clusterSecretsList, err := clientset.CoreV1().Secrets(namespace).List(ctx, metav1.ListOptions{LabelSelector: common.LabelKeySecretType + "=" + common.LabelValueSecretTypeCluster}) if err != nil { @@ -111,7 +114,7 @@ func ListClusters(ctx context.Context, clientset kubernetes.Interface, namespace // This line has changed from the original Argo CD code: now receives an error, and handles it cluster, err := secretToCluster(&clusterSecret) if err != nil || cluster == nil { - return nil, fmt.Errorf("unable to convert cluster secret to cluster object '%s': %w", clusterSecret.Name, err) + return nil, fmt.Errorf("unable to convert cluster secret to cluster object '%s': %v", clusterSecret.Name, err) } clusterList.Items[i] = *cluster @@ -177,7 +180,7 @@ func secretToCluster(s *corev1.Secret) (*appv1.Cluster, error) { if val, err := strconv.Atoi(string(shardStr)); err != nil { log.Warnf("Error while parsing shard in cluster secret '%s': %v", s.Name, err) } else { - shard = ptr.To(int64(val)) + shard = pointer.Int64(int64(val)) } } cluster := appv1.Cluster{ diff --git a/applicationset/utils/clusterUtils_test.go b/applicationset/utils/clusterUtils_test.go index 9e8694359b6bd..70332afdd80fb 100644 --- a/applicationset/utils/clusterUtils_test.go +++ b/applicationset/utils/clusterUtils_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -34,14 +33,14 @@ func Test_secretToCluster(t *testing.T) { }, } cluster, err := secretToCluster(secret) - require.NoError(t, err) - assert.Equal(t, argoappv1.Cluster{ + assert.Nil(t, err) + assert.Equal(t, *cluster, argoappv1.Cluster{ Name: "test", Server: "http://mycluster", Config: argoappv1.ClusterConfig{ Username: "foo", }, - }, *cluster) + }) } // From Argo CD util/db/cluster_test.go @@ -57,14 +56,15 @@ func Test_secretToCluster_NoConfig(t *testing.T) { }, } cluster, err := secretToCluster(secret) - require.NoError(t, err) - assert.Equal(t, argoappv1.Cluster{ + assert.Nil(t, err) + assert.Equal(t, *cluster, argoappv1.Cluster{ Name: "test", Server: "http://mycluster", - }, *cluster) + }) } func createClusterSecret(secretName string, clusterName string, clusterServer string) *corev1.Secret { + secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: secretName, @@ -81,19 +81,22 @@ func createClusterSecret(secretName string, clusterName string, clusterServer st } return secret + } // From util/argo/argo_test.go // (ported to use kubeclientset) func TestValidateDestination(t *testing.T) { + t.Run("Validate destination with server url", func(t *testing.T) { + dest := argoappv1.ApplicationDestination{ Server: "https://127.0.0.1:6443", Namespace: "default", } appCond := ValidateDestination(context.Background(), &dest, nil, fakeNamespace) - require.NoError(t, appCond) + assert.Nil(t, appCond) assert.False(t, dest.IsServerInferred()) }) @@ -108,7 +111,7 @@ func TestValidateDestination(t *testing.T) { kubeclientset := fake.NewSimpleClientset(objects...) appCond := ValidateDestination(context.Background(), &dest, kubeclientset, fakeNamespace) - require.NoError(t, appCond) + assert.Nil(t, appCond) assert.Equal(t, "https://127.0.0.1:6443", dest.Server) assert.True(t, dest.IsServerInferred()) }) @@ -171,4 +174,5 @@ func TestValidateDestination(t *testing.T) { assert.Equal(t, "unable to find destination server: there are 2 clusters with the same name: [https://127.0.0.1:2443 https://127.0.0.1:8443]", err.Error()) assert.False(t, dest.IsServerInferred()) }) + } diff --git a/applicationset/utils/createOrUpdate.go b/applicationset/utils/createOrUpdate.go index c602f002b0d47..301d477bab2db 100644 --- a/applicationset/utils/createOrUpdate.go +++ b/applicationset/utils/createOrUpdate.go @@ -37,6 +37,7 @@ import ( // // It returns the executed operation and an error. func CreateOrUpdate(ctx context.Context, logCtx *log.Entry, c client.Client, ignoreAppDifferences argov1alpha1.ApplicationSetIgnoreDifferences, ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts, obj *argov1alpha1.Application, f controllerutil.MutateFn) (controllerutil.OperationResult, error) { + key := client.ObjectKeyFromObject(obj) if err := c.Get(ctx, key, obj); err != nil { if !errors.IsNotFound(err) { diff --git a/applicationset/utils/map.go b/applicationset/utils/map.go index e15baec29bd9c..4e45e1c3fe2d2 100644 --- a/applicationset/utils/map.go +++ b/applicationset/utils/map.go @@ -26,6 +26,7 @@ func ConvertToMapStringInterface(mapStringString map[string]string) map[string]i } func CombineStringMaps(aSI map[string]interface{}, bSI map[string]interface{}) (map[string]string, error) { + a := ConvertToMapStringString(aSI) b := ConvertToMapStringString(bSI) @@ -48,6 +49,7 @@ func CombineStringMaps(aSI map[string]interface{}, bSI map[string]interface{}) ( // CombineStringMapsAllowDuplicates merges two maps. Where there are duplicates, take the latter map's value. func CombineStringMapsAllowDuplicates(aSI map[string]interface{}, bSI map[string]interface{}) (map[string]string, error) { + a := ConvertToMapStringString(aSI) b := ConvertToMapStringString(bSI) diff --git a/applicationset/utils/map_test.go b/applicationset/utils/map_test.go index c12216e0e1ac6..860bb046cc253 100644 --- a/applicationset/utils/map_test.go +++ b/applicationset/utils/map_test.go @@ -5,7 +5,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestCombineStringMaps(t *testing.T) { @@ -50,9 +49,10 @@ func TestCombineStringMaps(t *testing.T) { if testCaseCopy.expectedErr != nil { assert.EqualError(t, err, testCaseCopy.expectedErr.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCaseCopy.expected, got) } + }) } } diff --git a/applicationset/utils/mocks/Renderer.go b/applicationset/utils/mocks/Renderer.go deleted file mode 100644 index 3b108f74e7864..0000000000000 --- a/applicationset/utils/mocks/Renderer.go +++ /dev/null @@ -1,86 +0,0 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. - -package mocks - -import ( - mock "github.com/stretchr/testify/mock" - - v1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" -) - -// Renderer is an autogenerated mock type for the Renderer type -type Renderer struct { - mock.Mock -} - -// RenderTemplateParams provides a mock function with given fields: tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions -func (_m *Renderer) RenderTemplateParams(tmpl *v1alpha1.Application, syncPolicy *v1alpha1.ApplicationSetSyncPolicy, params map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (*v1alpha1.Application, error) { - ret := _m.Called(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions) - - if len(ret) == 0 { - panic("no return value specified for RenderTemplateParams") - } - - var r0 *v1alpha1.Application - var r1 error - if rf, ok := ret.Get(0).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) (*v1alpha1.Application, error)); ok { - return rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions) - } - if rf, ok := ret.Get(0).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) *v1alpha1.Application); ok { - r0 = rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*v1alpha1.Application) - } - } - - if rf, ok := ret.Get(1).(func(*v1alpha1.Application, *v1alpha1.ApplicationSetSyncPolicy, map[string]interface{}, bool, []string) error); ok { - r1 = rf(tmpl, syncPolicy, params, useGoTemplate, goTemplateOptions) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// Replace provides a mock function with given fields: tmpl, replaceMap, useGoTemplate, goTemplateOptions -func (_m *Renderer) Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) { - ret := _m.Called(tmpl, replaceMap, useGoTemplate, goTemplateOptions) - - if len(ret) == 0 { - panic("no return value specified for Replace") - } - - var r0 string - var r1 error - if rf, ok := ret.Get(0).(func(string, map[string]interface{}, bool, []string) (string, error)); ok { - return rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions) - } - if rf, ok := ret.Get(0).(func(string, map[string]interface{}, bool, []string) string); ok { - r0 = rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions) - } else { - r0 = ret.Get(0).(string) - } - - if rf, ok := ret.Get(1).(func(string, map[string]interface{}, bool, []string) error); ok { - r1 = rf(tmpl, replaceMap, useGoTemplate, goTemplateOptions) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// NewRenderer creates a new instance of Renderer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewRenderer(t interface { - mock.TestingT - Cleanup(func()) -}) *Renderer { - mock := &Renderer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/applicationset/utils/selector.go b/applicationset/utils/selector.go index 6012fdb46f61c..53db73a5b3a48 100644 --- a/applicationset/utils/selector.go +++ b/applicationset/utils/selector.go @@ -2,16 +2,15 @@ package utils import ( "fmt" - "sort" - "strconv" - "strings" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/selection" "k8s.io/apimachinery/pkg/util/validation" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/klog/v2" + "sort" + "strconv" + "strings" ) var ( diff --git a/applicationset/utils/utils.go b/applicationset/utils/utils.go index dfcc11cbdd35a..2d128eb81a16c 100644 --- a/applicationset/utils/utils.go +++ b/applicationset/utils/utils.go @@ -44,7 +44,8 @@ type Renderer interface { Replace(tmpl string, replaceMap map[string]interface{}, useGoTemplate bool, goTemplateOptions []string) (string, error) } -type Render struct{} +type Render struct { +} func copyValueIntoUnexported(destination, value reflect.Value) { reflect.NewAt(destination.Type(), unsafe.Pointer(destination.UnsafeAddr())). @@ -53,7 +54,7 @@ func copyValueIntoUnexported(destination, value reflect.Value) { } func copyUnexported(copy, original reflect.Value) { - unexported := reflect.NewAt(original.Type(), unsafe.Pointer(original.UnsafeAddr())).Elem() + var unexported = reflect.NewAt(original.Type(), unsafe.Pointer(original.UnsafeAddr())).Elem() copyValueIntoUnexported(copy, unexported) } @@ -126,7 +127,7 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri // If it is a struct we translate each field case reflect.Struct: for i := 0; i < original.NumField(); i += 1 { - currentType := fmt.Sprintf("%s.%s", original.Type().Field(i).Name, original.Type().PkgPath()) + var currentType = fmt.Sprintf("%s.%s", original.Type().Field(i).Name, original.Type().PkgPath()) // specific case time if currentType == "time.Time" { copy.Field(i).Set(original.Field(i)) @@ -268,8 +269,9 @@ func (r *Render) RenderTemplateParams(tmpl *argoappsv1.Application, syncPolicy * // b) there IS a syncPolicy, but preserveResourcesOnDeletion is set to false // See TestRenderTemplateParamsFinalizers in util_test.go for test-based definition of behaviour if (syncPolicy == nil || !syncPolicy.PreserveResourcesOnDeletion) && - (replacedTmpl.ObjectMeta.Finalizers == nil || len(replacedTmpl.ObjectMeta.Finalizers) == 0) { - replacedTmpl.ObjectMeta.Finalizers = []string{"resources-finalizer.argocd.argoproj.io"} + ((*replacedTmpl).ObjectMeta.Finalizers == nil || len((*replacedTmpl).ObjectMeta.Finalizers) == 0) { + + (*replacedTmpl).ObjectMeta.Finalizers = []string{"resources-finalizer.argocd.argoproj.io"} } return replacedTmpl, nil @@ -484,6 +486,7 @@ func SlugifyName(args ...interface{}) string { } func getTlsConfigWithCACert(scmRootCAPath string) *tls.Config { + tlsConfig := &tls.Config{} if scmRootCAPath != "" { diff --git a/applicationset/utils/utils_test.go b/applicationset/utils/utils_test.go index 5b9ed9295780b..3b4702bc35c3f 100644 --- a/applicationset/utils/utils_test.go +++ b/applicationset/utils/utils_test.go @@ -21,6 +21,7 @@ import ( ) func TestRenderTemplateParams(t *testing.T) { + // Believe it or not, this is actually less complex than the equivalent solution using reflection fieldMap := map[string]func(app *argoappsv1.Application) *string{} fieldMap["Path"] = func(app *argoappsv1.Application) *string { return &app.Spec.Source.Path } @@ -164,8 +165,11 @@ func TestRenderTemplateParams(t *testing.T) { } for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + for fieldName, getPtrFunc := range fieldMap { + // Clone the template application application := emptyApplication.DeepCopy() @@ -180,21 +184,23 @@ func TestRenderTemplateParams(t *testing.T) { // the target field has been templated into the expected value actualValue := *getPtrFunc(newApplication) assert.Equal(t, test.expectedVal, actualValue, "Field '%s' had an unexpected value. expected: '%s' value: '%s'", fieldName, test.expectedVal, actualValue) - assert.Equal(t, "annotation-value", newApplication.ObjectMeta.Annotations["annotation-key"]) - assert.Equal(t, "annotation-value2", newApplication.ObjectMeta.Annotations["annotation-key2"]) - assert.Equal(t, "label-value", newApplication.ObjectMeta.Labels["label-key"]) - assert.Equal(t, "label-value2", newApplication.ObjectMeta.Labels["label-key2"]) - assert.Equal(t, "application-one", newApplication.ObjectMeta.Name) - assert.Equal(t, "default", newApplication.ObjectMeta.Namespace) + assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-key"], "annotation-value") + assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-key2"], "annotation-value2") + assert.Equal(t, newApplication.ObjectMeta.Labels["label-key"], "label-value") + assert.Equal(t, newApplication.ObjectMeta.Labels["label-key2"], "label-value2") + assert.Equal(t, newApplication.ObjectMeta.Name, "application-one") + assert.Equal(t, newApplication.ObjectMeta.Namespace, "default") assert.Equal(t, newApplication.ObjectMeta.UID, types.UID("d546da12-06b7-4f9a-8ea2-3adb16a20e2b")) assert.Equal(t, newApplication.ObjectMeta.CreationTimestamp, application.ObjectMeta.CreationTimestamp) - require.NoError(t, err) + assert.NoError(t, err) } }) } + } func TestRenderHelmValuesObjectJson(t *testing.T) { + params := map[string]interface{}{ "test": "Hello world", } @@ -237,17 +243,19 @@ func TestRenderHelmValuesObjectJson(t *testing.T) { render := Render{} newApplication, err := render.RenderTemplateParams(application, nil, params, true, []string{}) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, newApplication) var unmarshaled interface{} err = json.Unmarshal(newApplication.Spec.Source.Helm.ValuesObject.Raw, &unmarshaled) - require.NoError(t, err) - assert.Equal(t, "Hello world", unmarshaled.(map[string]interface{})["some"].(map[string]interface{})["string"]) + assert.NoError(t, err) + assert.Equal(t, unmarshaled.(map[string]interface{})["some"].(map[string]interface{})["string"], "Hello world") + } func TestRenderHelmValuesObjectYaml(t *testing.T) { + params := map[string]interface{}{ "test": "Hello world", } @@ -287,17 +295,19 @@ func TestRenderHelmValuesObjectYaml(t *testing.T) { render := Render{} newApplication, err := render.RenderTemplateParams(application, nil, params, true, []string{}) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, newApplication) var unmarshaled interface{} err = json.Unmarshal(newApplication.Spec.Source.Helm.ValuesObject.Raw, &unmarshaled) - require.NoError(t, err) - assert.Equal(t, "Hello world", unmarshaled.(map[string]interface{})["some"].(map[string]interface{})["string"]) + assert.NoError(t, err) + assert.Equal(t, unmarshaled.(map[string]interface{})["some"].(map[string]interface{})["string"], "Hello world") + } func TestRenderTemplateParamsGoTemplate(t *testing.T) { + // Believe it or not, this is actually less complex than the equivalent solution using reflection fieldMap := map[string]func(app *argoappsv1.Application) *string{} fieldMap["Path"] = func(app *argoappsv1.Application) *string { return &app.Spec.Source.Path } @@ -606,8 +616,11 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { } for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + for fieldName, getPtrFunc := range fieldMap { + // Clone the template application application := emptyApplication.DeepCopy() @@ -621,18 +634,18 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) { // Retrieve the value of the target field from the newApplication, then verify that // the target field has been templated into the expected value if test.errorMessage != "" { - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, test.errorMessage, err.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) actualValue := *getPtrFunc(newApplication) assert.Equal(t, test.expectedVal, actualValue, "Field '%s' had an unexpected value. expected: '%s' value: '%s'", fieldName, test.expectedVal, actualValue) - assert.Equal(t, "annotation-value", newApplication.ObjectMeta.Annotations["annotation-key"]) - assert.Equal(t, "annotation-value2", newApplication.ObjectMeta.Annotations["annotation-key2"]) - assert.Equal(t, "label-value", newApplication.ObjectMeta.Labels["label-key"]) - assert.Equal(t, "label-value2", newApplication.ObjectMeta.Labels["label-key2"]) - assert.Equal(t, "application-one", newApplication.ObjectMeta.Name) - assert.Equal(t, "default", newApplication.ObjectMeta.Namespace) + assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-key"], "annotation-value") + assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-key2"], "annotation-value2") + assert.Equal(t, newApplication.ObjectMeta.Labels["label-key"], "label-value") + assert.Equal(t, newApplication.ObjectMeta.Labels["label-key2"], "label-value2") + assert.Equal(t, newApplication.ObjectMeta.Name, "application-one") + assert.Equal(t, newApplication.ObjectMeta.Namespace, "default") assert.Equal(t, newApplication.ObjectMeta.UID, types.UID("d546da12-06b7-4f9a-8ea2-3adb16a20e2b")) assert.Equal(t, newApplication.ObjectMeta.CreationTimestamp, application.ObjectMeta.CreationTimestamp) } @@ -666,7 +679,7 @@ func TestRenderGeneratorParams_does_not_panic(t *testing.T) { }, } _, err := render.RenderGeneratorParams(generator, params, true, []string{}) - require.NoError(t, err) + assert.NoError(t, err) } func TestRenderTemplateKeys(t *testing.T) { @@ -688,7 +701,7 @@ func TestRenderTemplateKeys(t *testing.T) { newApplication, err := render.RenderTemplateParams(application, nil, params, false, nil) require.NoError(t, err) require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key") - assert.Equal(t, "annotation-some-value", newApplication.ObjectMeta.Annotations["annotation-some-key"]) + assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value") }) t.Run("gotemplate", func(t *testing.T) { application := &argoappsv1.Application{ @@ -708,7 +721,7 @@ func TestRenderTemplateKeys(t *testing.T) { newApplication, err := render.RenderTemplateParams(application, nil, params, true, nil) require.NoError(t, err) require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key") - assert.Equal(t, "annotation-some-value", newApplication.ObjectMeta.Annotations["annotation-some-key"]) + assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value") }) } @@ -716,11 +729,12 @@ func Test_Render_Replace_no_panic_on_missing_closing_brace(t *testing.T) { r := &Render{} assert.NotPanics(t, func() { _, err := r.Replace("{{properly.closed}} {{improperly.closed}", nil, false, []string{}) - require.Error(t, err) + assert.Error(t, err) }) } func TestRenderTemplateParamsFinalizers(t *testing.T) { + emptyApplication := &argoappsv1.Application{ Spec: argoappsv1.ApplicationSpec{ Source: &argoappsv1.ApplicationSource{ @@ -799,7 +813,9 @@ func TestRenderTemplateParamsFinalizers(t *testing.T) { expectedFinalizers: []string{"resources-finalizer.argocd.argoproj.io/background"}, }, } { + t.Run(c.testName, func(t *testing.T) { + // Clone the template application application := emptyApplication.DeepCopy() application.Finalizers = c.existingFinalizers @@ -812,19 +828,23 @@ func TestRenderTemplateParamsFinalizers(t *testing.T) { render := Render{} res, err := render.RenderTemplateParams(application, c.syncPolicy, params, true, nil) - require.NoError(t, err) + assert.Nil(t, err) assert.ElementsMatch(t, res.Finalizers, c.expectedFinalizers) + }) + } + } func TestCheckInvalidGenerators(t *testing.T) { + scheme := runtime.NewScheme() err := argoappsv1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = argoappsv1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, c := range []struct { testName string @@ -912,7 +932,7 @@ func TestCheckInvalidGenerators(t *testing.T) { hook := logtest.NewGlobal() _ = CheckInvalidGenerators(&c.appSet) - assert.GreaterOrEqual(t, len(hook.Entries), 1, c.testName) + assert.True(t, len(hook.Entries) >= 1, c.testName) assert.NotNil(t, hook.LastEntry(), c.testName) if hook.LastEntry() != nil { assert.Equal(t, logrus.WarnLevel, hook.LastEntry().Level, c.testName) @@ -923,11 +943,12 @@ func TestCheckInvalidGenerators(t *testing.T) { } func TestInvalidGenerators(t *testing.T) { + scheme := runtime.NewScheme() err := argoappsv1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = argoappsv1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, c := range []struct { testName string @@ -1301,7 +1322,7 @@ xO7Tr5lAo74vNUkF2EHNaI28/RGnJPm2TIxZqy4rNH6L ` rootCAPath := path.Join(temppath, "foo.example.com") - err := os.WriteFile(rootCAPath, []byte(cert), 0o666) + err := os.WriteFile(rootCAPath, []byte(cert), 0666) if err != nil { panic(err) } diff --git a/applicationset/webhook/webhook.go b/applicationset/webhook/webhook.go index 4fb4d6668bc2f..d55e63e064f5a 100644 --- a/applicationset/webhook/webhook.go +++ b/applicationset/webhook/webhook.go @@ -10,7 +10,6 @@ import ( "regexp" "strconv" "strings" - "sync" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/util/retry" @@ -27,12 +26,11 @@ import ( log "github.com/sirupsen/logrus" ) -const payloadQueueSize = 50000 - -var errBasicAuthVerificationFailed = errors.New("basic auth verification failed") +var ( + errBasicAuthVerificationFailed = errors.New("basic auth verification failed") +) type WebhookHandler struct { - sync.WaitGroup // for testing namespace string github *github.Webhook gitlab *gitlab.Webhook @@ -40,7 +38,6 @@ type WebhookHandler struct { azuredevopsAuthHandler func(r *http.Request) error client client.Client generators map[string]generators.Generator - queue chan interface{} } type gitGeneratorInfo struct { @@ -71,23 +68,23 @@ type prGeneratorGitlabInfo struct { APIHostname string } -func NewWebhookHandler(namespace string, webhookParallelism int, argocdSettingsMgr *argosettings.SettingsManager, client client.Client, generators map[string]generators.Generator) (*WebhookHandler, error) { +func NewWebhookHandler(namespace string, argocdSettingsMgr *argosettings.SettingsManager, client client.Client, generators map[string]generators.Generator) (*WebhookHandler, error) { // register the webhook secrets stored under "argocd-secret" for verifying incoming payloads argocdSettings, err := argocdSettingsMgr.GetSettings() if err != nil { - return nil, fmt.Errorf("Failed to get argocd settings: %w", err) + return nil, fmt.Errorf("Failed to get argocd settings: %v", err) } githubHandler, err := github.New(github.Options.Secret(argocdSettings.WebhookGitHubSecret)) if err != nil { - return nil, fmt.Errorf("Unable to init GitHub webhook: %w", err) + return nil, fmt.Errorf("Unable to init GitHub webhook: %v", err) } gitlabHandler, err := gitlab.New(gitlab.Options.Secret(argocdSettings.WebhookGitLabSecret)) if err != nil { - return nil, fmt.Errorf("Unable to init GitLab webhook: %w", err) + return nil, fmt.Errorf("Unable to init GitLab webhook: %v", err) } azuredevopsHandler, err := azuredevops.New() if err != nil { - return nil, fmt.Errorf("Unable to init Azure DevOps webhook: %w", err) + return nil, fmt.Errorf("Unable to init Azure DevOps webhook: %v", err) } azuredevopsAuthHandler := func(r *http.Request) error { if argocdSettings.WebhookAzureDevOpsUsername != "" && argocdSettings.WebhookAzureDevOpsPassword != "" { @@ -99,7 +96,7 @@ func NewWebhookHandler(namespace string, webhookParallelism int, argocdSettingsM return nil } - webhookHandler := &WebhookHandler{ + return &WebhookHandler{ namespace: namespace, github: githubHandler, gitlab: gitlabHandler, @@ -107,28 +104,7 @@ func NewWebhookHandler(namespace string, webhookParallelism int, argocdSettingsM azuredevopsAuthHandler: azuredevopsAuthHandler, client: client, generators: generators, - queue: make(chan interface{}, payloadQueueSize), - } - - webhookHandler.startWorkerPool(webhookParallelism) - - return webhookHandler, nil -} - -func (h *WebhookHandler) startWorkerPool(webhookParallelism int) { - for i := 0; i < webhookParallelism; i++ { - h.Add(1) - go func() { - defer h.Done() - for { - payload, ok := <-h.queue - if !ok { - return - } - h.HandleEvent(payload) - } - }() - } + }, nil } func (h *WebhookHandler) HandleEvent(payload interface{}) { @@ -202,12 +178,7 @@ func (h *WebhookHandler) Handler(w http.ResponseWriter, r *http.Request) { return } - select { - case h.queue <- payload: - default: - log.Info("Queue is full, discarding webhook payload") - http.Error(w, "Queue is full, discarding webhook payload", http.StatusServiceUnavailable) - } + h.HandleEvent(payload) } func parseRevision(ref string) string { @@ -543,7 +514,7 @@ func (h *WebhookHandler) shouldRefreshMatrixGenerator(gen *v1alpha1.MatrixGenera relGenerators := generators.GetRelevantGenerators(requestedGenerator0, h.generators) params := []map[string]interface{}{} for _, g := range relGenerators { - p, err := g.GenerateParams(requestedGenerator0, appSet, h.client) + p, err := g.GenerateParams(requestedGenerator0, appSet) if err != nil { log.Error(err) return false diff --git a/applicationset/webhook/webhook_test.go b/applicationset/webhook/webhook_test.go index 683928635bd51..d22b1a07ca6f2 100644 --- a/applicationset/webhook/webhook_test.go +++ b/applicationset/webhook/webhook_test.go @@ -14,12 +14,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" kubefake "k8s.io/client-go/kubernetes/fake" - "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -39,7 +37,7 @@ func (g *generatorMock) GetTemplate(appSetGenerator *v1alpha1.ApplicationSetGene return &v1alpha1.ApplicationSetTemplate{} } -func (g *generatorMock) GenerateParams(appSetGenerator *v1alpha1.ApplicationSetGenerator, _ *v1alpha1.ApplicationSet, client client.Client) ([]map[string]interface{}, error) { +func (g *generatorMock) GenerateParams(appSetGenerator *v1alpha1.ApplicationSetGenerator, _ *v1alpha1.ApplicationSet) ([]map[string]interface{}, error) { return []map[string]interface{}{}, nil } @@ -178,13 +176,12 @@ func TestWebhookHandler(t *testing.T) { } namespace := "test" - webhookParallelism := 10 fakeClient := newFakeClient(namespace) scheme := runtime.NewScheme() err := v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) err = v1alpha1.AddToScheme(scheme) - require.NoError(t, err) + assert.Nil(t, err) for _, test := range tt { t.Run(test.desc, func(t *testing.T) { @@ -207,24 +204,22 @@ func TestWebhookHandler(t *testing.T) { fakeAppWithMergeAndNestedGitGenerator("merge-nested-git-github", namespace, "https://github.com/org/repo"), ).Build() set := argosettings.NewSettingsManager(context.TODO(), fakeClient, namespace) - h, err := NewWebhookHandler(namespace, webhookParallelism, set, fc, mockGenerators()) - require.NoError(t, err) + h, err := NewWebhookHandler(namespace, set, fc, mockGenerators()) + assert.Nil(t, err) req := httptest.NewRequest(http.MethodPost, "/api/webhook", nil) req.Header.Set(test.headerKey, test.headerValue) eventJSON, err := os.ReadFile(filepath.Join("testdata", test.payloadFile)) - require.NoError(t, err) + assert.NoError(t, err) req.Body = io.NopCloser(bytes.NewReader(eventJSON)) w := httptest.NewRecorder() h.Handler(w, req) - close(h.queue) - h.Wait() - assert.Equal(t, test.expectedStatusCode, w.Code) + assert.Equal(t, w.Code, test.expectedStatusCode) list := &v1alpha1.ApplicationSetList{} err = fc.List(context.TODO(), list) - require.NoError(t, err) + assert.Nil(t, err) effectedAppSetsAsExpected := make(map[string]bool) for _, appSetName := range test.effectedAppSets { effectedAppSetsAsExpected[appSetName] = false diff --git a/assets/swagger.json b/assets/swagger.json index fb3f457322cac..8a412bc58492f 100644 --- a/assets/swagger.json +++ b/assets/swagger.json @@ -384,7 +384,7 @@ "parameters": [ { "type": "string", - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names\n+optional", + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names\n+optional", "name": "application.metadata.name", "in": "path", "required": true @@ -1633,20 +1633,6 @@ "type": "string", "name": "project", "in": "query" - }, - { - "type": "integer", - "format": "int32", - "description": "source index (for multi source apps).", - "name": "sourceIndex", - "in": "query" - }, - { - "type": "integer", - "format": "int32", - "description": "versionId from historical data (for multi source apps).", - "name": "versionId", - "in": "query" } ], "responses": { @@ -1697,20 +1683,6 @@ "type": "string", "name": "project", "in": "query" - }, - { - "type": "integer", - "format": "int32", - "description": "source index (for multi source apps).", - "name": "sourceIndex", - "in": "query" - }, - { - "type": "integer", - "format": "int32", - "description": "versionId from historical data (for multi source apps).", - "name": "versionId", - "in": "query" } ], "responses": { @@ -1967,11 +1939,6 @@ "type": "boolean", "name": "upsert", "in": "query" - }, - { - "type": "boolean", - "name": "dryRun", - "in": "query" } ], "responses": { @@ -2063,43 +2030,6 @@ } } }, - "/api/v1/applicationsets/{name}/resource-tree": { - "get": { - "tags": [ - "ApplicationSetService" - ], - "summary": "ResourceTree returns resource tree", - "operationId": "ApplicationSetService_ResourceTree", - "parameters": [ - { - "type": "string", - "name": "name", - "in": "path", - "required": true - }, - { - "type": "string", - "description": "The application set namespace. Default empty is argocd control plane namespace.", - "name": "appsetNamespace", - "in": "query" - } - ], - "responses": { - "200": { - "description": "A successful response.", - "schema": { - "$ref": "#/definitions/v1alpha1ApplicationSetTree" - } - }, - "default": { - "description": "An unexpected error response.", - "schema": { - "$ref": "#/definitions/runtimeError" - } - } - } - } - }, "/api/v1/certificates": { "get": { "tags": [ @@ -3001,7 +2931,7 @@ "parameters": [ { "type": "string", - "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names\n+optional", + "description": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names\n+optional", "name": "project.metadata.name", "in": "path", "required": true @@ -3204,7 +3134,7 @@ "parameters": [ { "type": "string", - "description": "URL is the URL to which these credentials match", + "description": "URL is the URL that this credentials matches to", "name": "creds.url", "in": "path", "required": true @@ -3284,12 +3214,6 @@ "description": "Whether to force a cache refresh on repo's connection state.", "name": "forceRefresh", "in": "query" - }, - { - "type": "string", - "description": "App project for query.", - "name": "appProject", - "in": "query" } ], "responses": { @@ -3412,12 +3336,6 @@ "description": "Whether to force a cache refresh on repo's connection state.", "name": "forceRefresh", "in": "query" - }, - { - "type": "string", - "description": "App project for query.", - "name": "appProject", - "in": "query" } ], "responses": { @@ -3454,12 +3372,6 @@ "description": "Whether to force a cache refresh on repo's connection state.", "name": "forceRefresh", "in": "query" - }, - { - "type": "string", - "description": "App project for query.", - "name": "appProject", - "in": "query" } ], "responses": { @@ -3544,12 +3456,6 @@ "description": "Whether to force a cache refresh on repo's connection state.", "name": "forceRefresh", "in": "query" - }, - { - "type": "string", - "description": "App project for query.", - "name": "appProject", - "in": "query" } ], "responses": { @@ -3587,12 +3493,6 @@ "description": "Whether to force a cache refresh on repo's connection state.", "name": "forceRefresh", "in": "query" - }, - { - "type": "string", - "description": "App project for query.", - "name": "appProject", - "in": "query" } ], "responses": { @@ -5163,16 +5063,6 @@ }, "source": { "$ref": "#/definitions/v1alpha1ApplicationSource" - }, - "sourceIndex": { - "type": "integer", - "format": "int32", - "title": "source index (for multi source apps)" - }, - "versionId": { - "type": "integer", - "format": "int32", - "title": "versionId from historical data (for multi source apps)" } } }, @@ -5476,8 +5366,8 @@ "type": "object", "properties": { "key": { - "description": "key is the label key that the selector applies to.", - "type": "string" + "type": "string", + "title": "key is the label key that the selector applies to.\n+patchMergeKey=key\n+patchStrategy=merge" }, "operator": { "description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.", @@ -5527,10 +5417,6 @@ "type": "string", "title": "IP is set for load-balancer ingress points that are IP based\n(typically GCE or OpenStack load-balancers)\n+optional" }, - "ipMode": { - "type": "string", - "title": "IPMode specifies how the load-balancer IP behaves, and may only be specified when the ip field is specified.\nSetting this to \"VIP\" indicates that traffic is delivered to the node with\nthe destination set to the load-balancer's IP and port.\nSetting this to \"Proxy\" indicates that traffic is delivered to the node or pod with\nthe destination set to the node's IP and node port or the pod's IP and port.\nService implementations may use this information to adjust traffic routing.\n+optional" - }, "ports": { "type": "array", "title": "Ports is a list of records of service ports\nIf used, every port defined in the service should have an entry in it\n+listType=atomic\n+optional", @@ -5640,7 +5526,7 @@ "properties": { "annotations": { "type": "object", - "title": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations\n+optional", + "title": "Annotations is an unstructured key value map stored with a resource that may be\nset by external tools to store and retrieve arbitrary metadata. They are not\nqueryable and should be preserved when modifying objects.\nMore info: http://kubernetes.io/docs/user-guide/annotations\n+optional", "additionalProperties": { "type": "string" } @@ -5674,7 +5560,7 @@ }, "labels": { "type": "object", - "title": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels\n+optional", + "title": "Map of string keys and values that can be used to organize and categorize\n(scope and select) objects. May match selectors of replication controllers\nand services.\nMore info: http://kubernetes.io/docs/user-guide/labels\n+optional", "additionalProperties": { "type": "string" } @@ -5688,10 +5574,10 @@ }, "name": { "type": "string", - "title": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names\n+optional" + "title": "Name must be unique within a namespace. Is required when creating resources, although\nsome resources may allow a client to request the generation of an appropriate name\nautomatically. Name is primarily intended for creation idempotence and configuration\ndefinition.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names\n+optional" }, "namespace": { - "description": "Namespace defines the space within which each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces\n+optional", + "description": "Namespace defines the space within which each name must be unique. An empty namespace is\nequivalent to the \"default\" namespace, but \"default\" is the canonical representation.\nNot all objects are required to be scoped to a namespace - the value of this field for\nthose objects will be empty.\n\nMust be a DNS_LABEL.\nCannot be updated.\nMore info: http://kubernetes.io/docs/user-guide/namespaces\n+optional", "type": "string" }, "ownerReferences": { @@ -5710,7 +5596,7 @@ "title": "Deprecated: selfLink is a legacy read-only field that is no longer populated by the system.\n+optional" }, "uid": { - "description": "UID is the unique in time and space value for this object. It is typically generated by\nthe server on successful creation of a resource and is not allowed to change on PUT\noperations.\n\nPopulated by the system.\nRead-only.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids\n+optional", + "description": "UID is the unique in time and space value for this object. It is typically generated by\nthe server on successful creation of a resource and is not allowed to change on PUT\noperations.\n\nPopulated by the system.\nRead-only.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#uids\n+optional", "type": "string" } } @@ -5771,11 +5657,11 @@ }, "name": { "type": "string", - "title": "Name of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names" + "title": "Name of the referent.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#names" }, "uid": { "type": "string", - "title": "UID of the referent.\nMore info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids" + "title": "UID of the referent.\nMore info: http://kubernetes.io/docs/user-guide/identifiers#uids" } } }, @@ -5952,7 +5838,7 @@ }, "v1alpha1Application": { "type": "object", - "title": "Application is a definition of Application resource.\n+genclient\n+genclient:noStatus\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object\n+kubebuilder:resource:path=applications,shortName=app;apps\n+kubebuilder:printcolumn:name=\"Sync Status\",type=string,JSONPath=`.status.sync.status`\n+kubebuilder:printcolumn:name=\"Health Status\",type=string,JSONPath=`.status.health.status`\n+kubebuilder:printcolumn:name=\"Revision\",type=string,JSONPath=`.status.sync.revision`,priority=10\n+kubebuilder:printcolumn:name=\"Project\",type=string,JSONPath=`.spec.project`,priority=10", + "title": "Application is a definition of Application resource.\n+genclient\n+genclient:noStatus\n+k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object\n+kubebuilder:resource:path=applications,shortName=app;apps\n+kubebuilder:printcolumn:name=\"Sync Status\",type=string,JSONPath=`.status.sync.status`\n+kubebuilder:printcolumn:name=\"Health Status\",type=string,JSONPath=`.status.health.status`\n+kubebuilder:printcolumn:name=\"Revision\",type=string,JSONPath=`.status.sync.revision`,priority=10", "properties": { "metadata": { "$ref": "#/definitions/v1ObjectMeta" @@ -6089,19 +5975,12 @@ "step": { "type": "string", "title": "Step tracks which step this Application should be updated in" - }, - "targetrevisions": { - "description": "TargetRevision tracks the desired revisions the Application should be synced to.", - "type": "array", - "items": { - "type": "string" - } } } }, "v1alpha1ApplicationSetCondition": { "type": "object", - "title": "ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning", + "title": "ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning", "properties": { "lastTransitionTime": { "$ref": "#/definitions/v1Time" @@ -6322,13 +6201,6 @@ "items": { "$ref": "#/definitions/v1alpha1ApplicationSetCondition" } - }, - "resources": { - "description": "Resources is a list of Applications resources managed by this application set.", - "type": "array", - "items": { - "$ref": "#/definitions/v1alpha1ResourceStatus" - } } } }, @@ -6400,19 +6272,6 @@ } } }, - "v1alpha1ApplicationSetTree": { - "type": "object", - "title": "ApplicationSetTree holds nodes which belongs to the application\nUsed to build a tree of an ApplicationSet and its children", - "properties": { - "nodes": { - "type": "array", - "title": "Nodes contains list of nodes which are directly managed by the applicationset", - "items": { - "$ref": "#/definitions/v1alpha1ResourceNode" - } - } - } - }, "v1alpha1ApplicationSource": { "type": "object", "title": "ApplicationSource contains all required information about the source of an application", @@ -6965,7 +6824,7 @@ }, "serverVersion": { "type": "string", - "title": "Deprecated: use Info.ServerVersion field instead.\nThe server version" + "title": "DEPRECATED: use Info.ServerVersion field instead.\nThe server version" }, "shard": { "description": "Shard contains optional shard number. Calculated on the fly by the application controller if not specified.", @@ -8138,7 +7997,7 @@ }, "url": { "type": "string", - "title": "URL is the URL to which these credentials match" + "title": "URL is the URL that this credentials matches to" }, "username": { "type": "string", @@ -8224,7 +8083,7 @@ }, "project": { "type": "string", - "title": "Reference between project and repository that allows it to be automatically added as an item inside SourceRepos project entity" + "title": "Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity" }, "proxy": { "type": "string", diff --git a/cmd/argocd-application-controller/commands/argocd_application_controller.go b/cmd/argocd-application-controller/commands/argocd_application_controller.go index 5d7fd803e7aca..a7c7f92fab2a6 100644 --- a/cmd/argocd-application-controller/commands/argocd_application_controller.go +++ b/cmd/argocd-application-controller/commands/argocd_application_controller.go @@ -75,7 +75,7 @@ func NewCommand() *cobra.Command { serverSideDiff bool ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts ) - command := cobra.Command{ + var command = cobra.Command{ Use: cliName, Short: "Run ArgoCD Application Controller", Long: "ArgoCD application controller is a Kubernetes controller that continuously monitors running applications and compares the current, live state against the desired target state (as specified in the repo). This command runs Application Controller in the foreground. It can be configured by following options.", @@ -220,7 +220,7 @@ func NewCommand() *cobra.Command { command.Flags().StringSliceVar(&otlpAttrs, "otlp-attrs", env.StringsFromEnv("ARGOCD_APPLICATION_CONTROLLER_OTLP_ATTRS", []string{}, ","), "List of OpenTelemetry collector extra attrs when send traces, each attribute is separated by a colon(e.g. key:value)") command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces that applications are allowed to be reconciled from") command.Flags().BoolVar(&persistResourceHealth, "persist-resource-health", env.ParseBoolFromEnv("ARGOCD_APPLICATION_CONTROLLER_PERSIST_RESOURCE_HEALTH", true), "Enables storing the managed resources health in the Application CRD") - command.Flags().StringVar(&shardingAlgorithm, "sharding-method", env.StringFromEnv(common.EnvControllerShardingAlgorithm, common.DefaultShardingAlgorithm), "Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin, consistent-hashing] ") + command.Flags().StringVar(&shardingAlgorithm, "sharding-method", env.StringFromEnv(common.EnvControllerShardingAlgorithm, common.DefaultShardingAlgorithm), "Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] ") // global queue rate limit config command.Flags().Int64Var(&workqueueRateLimit.BucketSize, "wq-bucket-size", env.ParseInt64FromEnv("WORKQUEUE_BUCKET_SIZE", 500, 1, math.MaxInt64), "Set Workqueue Rate Limiter Bucket Size, default 500") command.Flags().Float64Var(&workqueueRateLimit.BucketQPS, "wq-bucket-qps", env.ParseFloat64FromEnv("WORKQUEUE_BUCKET_QPS", math.MaxFloat64, 1, math.MaxFloat64), "Set Workqueue Rate Limiter Bucket QPS, default set to MaxFloat64 which disables the bucket limiter") diff --git a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go index dc79a1d38c403..9adbc3e64a685 100644 --- a/cmd/argocd-applicationset-controller/commands/applicationset_controller.go +++ b/cmd/argocd-applicationset-controller/commands/applicationset_controller.go @@ -30,9 +30,6 @@ import ( clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" "k8s.io/client-go/tools/clientcmd" - ctrlcache "sigs.k8s.io/controller-runtime/pkg/cache" - ctrlclient "sigs.k8s.io/controller-runtime/pkg/client" - metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server" "github.com/argoproj/argo-cd/v2/applicationset/services" appv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -69,12 +66,11 @@ func NewCommand() *cobra.Command { globalPreservedAnnotations []string globalPreservedLabels []string enableScmProviders bool - webhookParallelism int ) scheme := runtime.NewScheme() _ = clientgoscheme.AddToScheme(scheme) _ = appv1alpha1.AddToScheme(scheme) - command := cobra.Command{ + var command = cobra.Command{ Use: "controller", Short: "Starts Argo CD ApplicationSet controller", RunE: func(c *cobra.Command, args []string) error { @@ -106,7 +102,7 @@ func NewCommand() *cobra.Command { os.Exit(1) } - // By default, watch all namespaces + // By default watch all namespace var watchedNamespace string = "" // If the applicationset-namespaces contains only one namespace it corresponds to the current namespace @@ -117,36 +113,17 @@ func NewCommand() *cobra.Command { os.Exit(1) } - var cacheOpt ctrlcache.Options - - if watchedNamespace != "" { - cacheOpt = ctrlcache.Options{ - DefaultNamespaces: map[string]ctrlcache.Config{ - watchedNamespace: {}, - }, - } - } - - cfg := ctrl.GetConfigOrDie() - err = appv1alpha1.SetK8SConfigDefaults(cfg) - if err != nil { - log.Error(err, "Unable to apply K8s REST config defaults") - os.Exit(1) - } - - mgr, err := ctrl.NewManager(cfg, ctrl.Options{ - Scheme: scheme, - Metrics: metricsserver.Options{ - BindAddress: metricsAddr, - }, - Cache: cacheOpt, + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ + Scheme: scheme, + MetricsBindAddress: metricsAddr, + Namespace: watchedNamespace, HealthProbeBindAddress: probeBindAddr, + Port: 9443, LeaderElection: enableLeaderElection, LeaderElectionID: "58ac56fa.applicationsets.argoproj.io", - Client: ctrlclient.Options{ - DryRun: &dryRun, - }, + DryRunClient: dryRun, }) + if err != nil { log.Error(err, "unable to start manager") os.Exit(1) @@ -160,7 +137,9 @@ func NewCommand() *cobra.Command { appSetConfig := appclientset.NewForConfigOrDie(mgr.GetConfig()) argoCDDB := db.NewDB(namespace, argoSettingsMgr, k8sClient) - scmConfig := generators.NewSCMConfig(scmRootCAPath, allowedScmProviders, enableScmProviders, github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB))) + scmAuth := generators.SCMAuthProviders{ + GitHubApps: github_app.NewAuthCredentials(argoCDDB.(db.RepoCredsDB)), + } tlsConfig := apiclient.TLSConfiguration{ DisableTLS: repoServerPlaintext, @@ -177,13 +156,45 @@ func NewCommand() *cobra.Command { } repoClientset := apiclient.NewRepoServerClientset(argocdRepoServer, repoServerTimeoutSeconds, tlsConfig) - argoCDService, err := services.NewArgoCDService(argoCDDB.GetRepository, gitSubmoduleEnabled, repoClientset, enableNewGitFileGlobbing) + argoCDService, err := services.NewArgoCDService(argoCDDB, gitSubmoduleEnabled, repoClientset, enableNewGitFileGlobbing) errors.CheckError(err) - topLevelGenerators := generators.GetGenerators(ctx, mgr.GetClient(), k8sClient, namespace, argoCDService, dynamicClient, scmConfig) + terminalGenerators := map[string]generators.Generator{ + "List": generators.NewListGenerator(), + "Clusters": generators.NewClusterGenerator(mgr.GetClient(), ctx, k8sClient, namespace), + "Git": generators.NewGitGenerator(argoCDService), + "SCMProvider": generators.NewSCMProviderGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders, enableScmProviders), + "ClusterDecisionResource": generators.NewDuckTypeGenerator(ctx, dynamicClient, k8sClient, namespace), + "PullRequest": generators.NewPullRequestGenerator(mgr.GetClient(), scmAuth, scmRootCAPath, allowedScmProviders, enableScmProviders), + "Plugin": generators.NewPluginGenerator(mgr.GetClient(), ctx, k8sClient, namespace), + } + + nestedGenerators := map[string]generators.Generator{ + "List": terminalGenerators["List"], + "Clusters": terminalGenerators["Clusters"], + "Git": terminalGenerators["Git"], + "SCMProvider": terminalGenerators["SCMProvider"], + "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], + "PullRequest": terminalGenerators["PullRequest"], + "Plugin": terminalGenerators["Plugin"], + "Matrix": generators.NewMatrixGenerator(terminalGenerators), + "Merge": generators.NewMergeGenerator(terminalGenerators), + } + + topLevelGenerators := map[string]generators.Generator{ + "List": terminalGenerators["List"], + "Clusters": terminalGenerators["Clusters"], + "Git": terminalGenerators["Git"], + "SCMProvider": terminalGenerators["SCMProvider"], + "ClusterDecisionResource": terminalGenerators["ClusterDecisionResource"], + "PullRequest": terminalGenerators["PullRequest"], + "Plugin": terminalGenerators["Plugin"], + "Matrix": generators.NewMatrixGenerator(nestedGenerators), + "Merge": generators.NewMergeGenerator(nestedGenerators), + } // start a webhook server that listens to incoming webhook payloads - webhookHandler, err := webhook.NewWebhookHandler(namespace, webhookParallelism, argoSettingsMgr, mgr.GetClient(), topLevelGenerators) + webhookHandler, err := webhook.NewWebhookHandler(namespace, argoSettingsMgr, mgr.GetClient(), topLevelGenerators) if err != nil { log.Error(err, "failed to create webhook handler") } @@ -249,7 +260,6 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&scmRootCAPath, "scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates") command.Flags().StringSliceVar(&globalPreservedAnnotations, "preserved-annotations", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_ANNOTATIONS", []string{}, ","), "Sets global preserved field values for annotations") command.Flags().StringSliceVar(&globalPreservedLabels, "preserved-labels", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_GLOBAL_PRESERVED_LABELS", []string{}, ","), "Sets global preserved field values for labels") - command.Flags().IntVar(&webhookParallelism, "webhook-parallelism-limit", env.ParseNumFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT", 50, 1, 1000), "Number of webhook requests processed concurrently") return &command } diff --git a/cmd/argocd-cmp-server/commands/argocd_cmp_server.go b/cmd/argocd-cmp-server/commands/argocd_cmp_server.go index 197f52e01ade7..526a199cb5490 100644 --- a/cmd/argocd-cmp-server/commands/argocd_cmp_server.go +++ b/cmd/argocd-cmp-server/commands/argocd_cmp_server.go @@ -30,7 +30,7 @@ func NewCommand() *cobra.Command { otlpHeaders map[string]string otlpAttrs []string ) - command := cobra.Command{ + var command = cobra.Command{ Use: cliName, Short: "Run ArgoCD ConfigManagementPlugin Server", Long: "ArgoCD ConfigManagementPlugin Server is an internal service which runs as sidecar container in reposerver deployment. The following configuration options are available:", @@ -81,8 +81,8 @@ func NewCommand() *cobra.Command { }, } - command.Flags().StringVar(&cmdutil.LogFormat, "logformat", env.StringFromEnv("ARGOCD_CMP_SERVER_LOGFORMAT", "text"), "Set the logging format. One of: text|json") - command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", env.StringFromEnv("ARGOCD_CMP_SERVER_LOGLEVEL", "info"), "Set the logging level. One of: trace|debug|info|warn|error") + command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json") + command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error") command.Flags().StringVar(&configFilePath, "config-dir-path", common.DefaultPluginConfigFilePath, "Config management plugin configuration file location, Default is '/home/argocd/cmp-server/config/'") command.Flags().StringVar(&otlpAddress, "otlp-address", env.StringFromEnv("ARGOCD_CMP_SERVER_OTLP_ADDRESS", ""), "OpenTelemetry collector address to send traces to") command.Flags().BoolVar(&otlpInsecure, "otlp-insecure", env.ParseBoolFromEnv("ARGOCD_CMP_SERVER_OTLP_INSECURE", true), "OpenTelemetry collector insecure mode") diff --git a/cmd/argocd-dex/commands/argocd_dex.go b/cmd/argocd-dex/commands/argocd_dex.go index 55b628ba96dc1..2b070ec895e41 100644 --- a/cmd/argocd-dex/commands/argocd_dex.go +++ b/cmd/argocd-dex/commands/argocd_dex.go @@ -28,7 +28,7 @@ const ( ) func NewCommand() *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: cliName, Short: "argocd-dex tools used by Argo CD", Long: "argocd-dex has internal utility tools used by Argo CD", @@ -48,7 +48,7 @@ func NewRunDexCommand() *cobra.Command { clientConfig clientcmd.ClientConfig disableTLS bool ) - command := cobra.Command{ + var command = cobra.Command{ Use: "rundex", Short: "Runs dex generating a config using settings from the Argo CD configmap and secret", RunE: func(c *cobra.Command, args []string) error { @@ -79,11 +79,11 @@ func NewRunDexCommand() *cobra.Command { log.Fatalf("could not create TLS config: %v", err) } certPem, keyPem := tls.EncodeX509KeyPair(config.Certificates[0]) - err = os.WriteFile("/tmp/tls.crt", certPem, 0o600) + err = os.WriteFile("/tmp/tls.crt", certPem, 0600) if err != nil { log.Fatalf("could not write TLS certificate: %v", err) } - err = os.WriteFile("/tmp/tls.key", keyPem, 0o600) + err = os.WriteFile("/tmp/tls.key", keyPem, 0600) if err != nil { log.Fatalf("could not write TLS key: %v", err) } @@ -102,7 +102,7 @@ func NewRunDexCommand() *cobra.Command { if len(dexCfgBytes) == 0 { log.Infof("dex is not configured") } else { - err = os.WriteFile("/tmp/dex.yaml", dexCfgBytes, 0o644) + err = os.WriteFile("/tmp/dex.yaml", dexCfgBytes, 0644) errors.CheckError(err) log.Debug(redactor(string(dexCfgBytes))) cmd = exec.Command("dex", "serve", "/tmp/dex.yaml") @@ -148,7 +148,7 @@ func NewGenDexConfigCommand() *cobra.Command { out string disableTLS bool ) - command := cobra.Command{ + var command = cobra.Command{ Use: "gendexcfg", Short: "Generates a dex config from Argo CD settings", RunE: func(c *cobra.Command, args []string) error { @@ -196,7 +196,7 @@ func NewGenDexConfigCommand() *cobra.Command { errors.CheckError(err) fmt.Print(string(maskedDexCfgBytes)) } else { - err = os.WriteFile(out, dexCfgBytes, 0o644) + err = os.WriteFile(out, dexCfgBytes, 0644) errors.CheckError(err) } return nil diff --git a/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go b/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go index a5b925ca925b8..8f457527b78b2 100644 --- a/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go +++ b/cmd/argocd-git-ask-pass/commands/argocd_git_ask_pass.go @@ -23,7 +23,7 @@ const ( ) func NewCommand() *cobra.Command { - command := cobra.Command{ + var command = cobra.Command{ Use: cliName, Short: "Argo CD git credential helper", DisableAutoGenTag: true, diff --git a/cmd/argocd-k8s-auth/commands/argocd_k8s_auth.go b/cmd/argocd-k8s-auth/commands/argocd_k8s_auth.go index 4049d5dc6d491..ce0f3ee3a2f49 100644 --- a/cmd/argocd-k8s-auth/commands/argocd_k8s_auth.go +++ b/cmd/argocd-k8s-auth/commands/argocd_k8s_auth.go @@ -9,7 +9,7 @@ const ( ) func NewCommand() *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: cliName, Short: "argocd-k8s-auth a set of commands to generate k8s auth token", DisableAutoGenTag: true, diff --git a/cmd/argocd-k8s-auth/commands/aws.go b/cmd/argocd-k8s-auth/commands/aws.go index 1794a5bf57b39..9b750ac5f92f8 100644 --- a/cmd/argocd-k8s-auth/commands/aws.go +++ b/cmd/argocd-k8s-auth/commands/aws.go @@ -39,7 +39,7 @@ func newAWSCommand() *cobra.Command { roleARN string profile string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "aws", Run: func(c *cobra.Command, args []string) { ctx := c.Context() @@ -70,7 +70,7 @@ func getSignedRequestWithRetry(ctx context.Context, timeout, interval time.Durat } select { case <-ctx.Done(): - return "", fmt.Errorf("timeout while trying to get signed aws request: last error: %w", err) + return "", fmt.Errorf("timeout while trying to get signed aws request: last error: %s", err) case <-time.After(interval): } } @@ -81,7 +81,7 @@ func getSignedRequest(clusterName, roleARN string, profile string) (string, erro Profile: profile, }) if err != nil { - return "", fmt.Errorf("error creating new AWS session: %w", err) + return "", fmt.Errorf("error creating new AWS session: %s", err) } stsAPI := sts.New(sess) if roleARN != "" { @@ -92,7 +92,7 @@ func getSignedRequest(clusterName, roleARN string, profile string) (string, erro request.HTTPRequest.Header.Add(clusterIDHeader, clusterName) signed, err := request.Presign(requestPresignParam) if err != nil { - return "", fmt.Errorf("error presigning AWS request: %w", err) + return "", fmt.Errorf("error presigning AWS request: %s", err) } return signed, nil } diff --git a/cmd/argocd-k8s-auth/commands/aws_test.go b/cmd/argocd-k8s-auth/commands/aws_test.go index 7e31e50efbba8..578aae71a2c29 100644 --- a/cmd/argocd-k8s-auth/commands/aws_test.go +++ b/cmd/argocd-k8s-auth/commands/aws_test.go @@ -7,7 +7,6 @@ import ( "time" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestGetSignedRequestWithRetry(t *testing.T) { @@ -26,7 +25,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) { signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock) // then - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "token", signed) }) t.Run("will return signed request on third attempt", func(t *testing.T) { @@ -45,7 +44,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) { signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock) // then - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "token", signed) }) t.Run("will return error on timeout", func(t *testing.T) { @@ -61,7 +60,7 @@ func TestGetSignedRequestWithRetry(t *testing.T) { signed, err := getSignedRequestWithRetry(ctx, time.Second, time.Millisecond, "cluster-name", "", "", mock.getSignedRequestMock) // then - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, "", signed) }) } diff --git a/cmd/argocd-k8s-auth/commands/azure.go b/cmd/argocd-k8s-auth/commands/azure.go index f4c3b9d3c96b9..bc45bbacef48b 100644 --- a/cmd/argocd-k8s-auth/commands/azure.go +++ b/cmd/argocd-k8s-auth/commands/azure.go @@ -20,10 +20,10 @@ const ( func newAzureCommand() *cobra.Command { o := token.NewOptions() - // we'll use default of WorkloadIdentityLogin for the login flow + //we'll use default of WorkloadIdentityLogin for the login flow o.LoginMethod = token.WorkloadIdentityLogin o.ServerID = DEFAULT_AAD_SERVER_APPLICATION_ID - command := &cobra.Command{ + var command = &cobra.Command{ Use: "azure", Run: func(c *cobra.Command, args []string) { o.UpdateFromEnv() diff --git a/cmd/argocd-k8s-auth/commands/gcp.go b/cmd/argocd-k8s-auth/commands/gcp.go index 388d274072488..65d9c9ffe3325 100644 --- a/cmd/argocd-k8s-auth/commands/gcp.go +++ b/cmd/argocd-k8s-auth/commands/gcp.go @@ -10,19 +10,20 @@ import ( "github.com/argoproj/argo-cd/v2/util/errors" ) -// defaultGCPScopes: -// - cloud-platform is the base scope to authenticate to GCP. -// - userinfo.email is used to authenticate to GKE APIs with gserviceaccount -// email instead of numeric uniqueID. -// -// https://github.com/kubernetes/client-go/blob/be758edd136e61a1bffadf1c0235fceb8aee8e9e/plugin/pkg/client/auth/gcp/gcp.go#L59 -var defaultGCPScopes = []string{ - "https://www.googleapis.com/auth/cloud-platform", - "https://www.googleapis.com/auth/userinfo.email", -} +var ( + // defaultGCPScopes: + // - cloud-platform is the base scope to authenticate to GCP. + // - userinfo.email is used to authenticate to GKE APIs with gserviceaccount + // email instead of numeric uniqueID. + // https://github.com/kubernetes/client-go/blob/be758edd136e61a1bffadf1c0235fceb8aee8e9e/plugin/pkg/client/auth/gcp/gcp.go#L59 + defaultGCPScopes = []string{ + "https://www.googleapis.com/auth/cloud-platform", + "https://www.googleapis.com/auth/userinfo.email", + } +) func newGCPCommand() *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "gcp", Run: func(c *cobra.Command, args []string) { ctx := c.Context() diff --git a/cmd/argocd-notification/commands/controller.go b/cmd/argocd-notification/commands/controller.go index a2ae2cb7e4c51..cb30fd5277d4b 100644 --- a/cmd/argocd-notification/commands/controller.go +++ b/cmd/argocd-notification/commands/controller.go @@ -58,7 +58,7 @@ func NewCommand() *cobra.Command { applicationNamespaces []string selfServiceNotificationEnabled bool ) - command := cobra.Command{ + var command = cobra.Command{ Use: "controller", Short: "Starts Argo CD Notifications controller", RunE: func(c *cobra.Command, args []string) error { diff --git a/cmd/argocd-repo-server/commands/argocd_repo_server.go b/cmd/argocd-repo-server/commands/argocd_repo_server.go index 50d444eb53e90..2ba17cd9b64ba 100644 --- a/cmd/argocd-repo-server/commands/argocd_repo_server.go +++ b/cmd/argocd-repo-server/commands/argocd_repo_server.go @@ -70,9 +70,8 @@ func NewCommand() *cobra.Command { helmManifestMaxExtractedSize string helmRegistryMaxIndexSize string disableManifestMaxExtractedSize bool - includeHiddenDirectories bool ) - command := cobra.Command{ + var command = cobra.Command{ Use: cliName, Short: "Run ArgoCD Repository Server", Long: "ArgoCD Repository Server is an internal service which maintains a local cache of the Git repository holding the application manifests, and is responsible for generating and returning the Kubernetes manifests. This command runs Repository Server in the foreground. It can be configured by following options.", @@ -131,7 +130,6 @@ func NewCommand() *cobra.Command { StreamedManifestMaxTarSize: streamedManifestMaxTarSizeQuantity.ToDec().Value(), HelmManifestMaxExtractedSize: helmManifestMaxExtractedSizeQuantity.ToDec().Value(), HelmRegistryMaxIndexSize: helmRegistryMaxIndexSizeQuantity.ToDec().Value(), - IncludeHiddenDirectories: includeHiddenDirectories, }, askPassServer) errors.CheckError(err) @@ -217,7 +215,6 @@ func NewCommand() *cobra.Command { command.Flags().StringVar(&helmManifestMaxExtractedSize, "helm-manifest-max-extracted-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_EXTRACTED_SIZE", "1G"), "Maximum size of helm manifest archives when extracted") command.Flags().StringVar(&helmRegistryMaxIndexSize, "helm-registry-max-index-size", env.StringFromEnv("ARGOCD_REPO_SERVER_HELM_MANIFEST_MAX_INDEX_SIZE", "1G"), "Maximum size of registry index file") command.Flags().BoolVar(&disableManifestMaxExtractedSize, "disable-helm-manifest-max-extracted-size", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_DISABLE_HELM_MANIFEST_MAX_EXTRACTED_SIZE", false), "Disable maximum size of helm manifest archives when extracted") - command.Flags().BoolVar(&includeHiddenDirectories, "include-hidden-directories", env.ParseBoolFromEnv("ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES", false), "Include hidden directories from Git") tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(&command) cacheSrc = reposervercache.AddCacheFlagsToCmd(&command, cacheutil.Options{ OnClientCreated: func(client *redis.Client) { diff --git a/cmd/argocd-server/commands/argocd_server.go b/cmd/argocd-server/commands/argocd_server.go index 552de22909bea..27a2db34189b4 100644 --- a/cmd/argocd-server/commands/argocd_server.go +++ b/cmd/argocd-server/commands/argocd_server.go @@ -7,15 +7,12 @@ import ( "strings" "time" - "github.com/redis/go-redis/v9" - "github.com/argoproj/pkg/stats" + "github.com/redis/go-redis/v9" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" - "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" - "sigs.k8s.io/controller-runtime/pkg/client" cmdutil "github.com/argoproj/argo-cd/v2/cmd/util" "github.com/argoproj/argo-cd/v2/common" @@ -44,7 +41,6 @@ const ( var ( failureRetryCount = env.ParseNumFromEnv(failureRetryCountEnv, 0, 0, 10) failureRetryPeriodMilliSeconds = env.ParseNumFromEnv(failureRetryPeriodMilliSecondsEnv, 100, 0, 1000) - gitSubmoduleEnabled = env.ParseBoolFromEnv(common.EnvGitSubmoduleEnabled, true) ) // NewCommand returns a new instance of an argocd command @@ -82,15 +78,8 @@ func NewCommand() *cobra.Command { staticAssetsDir string applicationNamespaces []string enableProxyExtension bool - webhookParallelism int - - // ApplicationSet - enableNewGitFileGlobbing bool - scmRootCAPath string - allowedScmProviders []string - enableScmProviders bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: cliName, Short: "Run the ArgoCD API server", Long: "The API server is a gRPC/REST server which exposes the API consumed by the Web UI, CLI, and CI/CD systems. This command runs API server in the foreground. It can be configured by following options.", @@ -140,12 +129,6 @@ func NewCommand() *cobra.Command { StrictValidation: repoServerStrictTLS, } - dynamicClient := dynamic.NewForConfigOrDie(config) - - controllerClient, err := client.New(config, client.Options{}) - errors.CheckError(err) - controllerClient = client.NewDryRunClient(controllerClient) - // Load CA information to use for validating connections to the // repository server, if strict TLS validation was requested. if !repoServerPlaintext && repoServerStrictTLS { @@ -195,48 +178,37 @@ func NewCommand() *cobra.Command { } argoCDOpts := server.ArgoCDServerOpts{ - Insecure: insecure, - ListenPort: listenPort, - ListenHost: listenHost, - MetricsPort: metricsPort, - MetricsHost: metricsHost, - Namespace: namespace, - BaseHRef: baseHRef, - RootPath: rootPath, - DynamicClientset: dynamicClient, - KubeControllerClientset: controllerClient, - KubeClientset: kubeclientset, - AppClientset: appClientSet, - RepoClientset: repoclientset, - DexServerAddr: dexServerAddress, - DexTLSConfig: dexTlsConfig, - DisableAuth: disableAuth, - ContentTypes: contentTypesList, - EnableGZip: enableGZip, - TLSConfigCustomizer: tlsConfigCustomizer, - Cache: cache, - RepoServerCache: repoServerCache, - XFrameOptions: frameOptions, - ContentSecurityPolicy: contentSecurityPolicy, - RedisClient: redisClient, - StaticAssetsDir: staticAssetsDir, - ApplicationNamespaces: applicationNamespaces, - EnableProxyExtension: enableProxyExtension, - WebhookParallelism: webhookParallelism, - } - - appsetOpts := server.ApplicationSetOpts{ - GitSubmoduleEnabled: gitSubmoduleEnabled, - EnableNewGitFileGlobbing: enableNewGitFileGlobbing, - ScmRootCAPath: scmRootCAPath, - AllowedScmProviders: allowedScmProviders, - EnableScmProviders: enableScmProviders, + Insecure: insecure, + ListenPort: listenPort, + ListenHost: listenHost, + MetricsPort: metricsPort, + MetricsHost: metricsHost, + Namespace: namespace, + BaseHRef: baseHRef, + RootPath: rootPath, + KubeClientset: kubeclientset, + AppClientset: appClientSet, + RepoClientset: repoclientset, + DexServerAddr: dexServerAddress, + DexTLSConfig: dexTlsConfig, + DisableAuth: disableAuth, + ContentTypes: contentTypesList, + EnableGZip: enableGZip, + TLSConfigCustomizer: tlsConfigCustomizer, + Cache: cache, + RepoServerCache: repoServerCache, + XFrameOptions: frameOptions, + ContentSecurityPolicy: contentSecurityPolicy, + RedisClient: redisClient, + StaticAssetsDir: staticAssetsDir, + ApplicationNamespaces: applicationNamespaces, + EnableProxyExtension: enableProxyExtension, } stats.RegisterStackDumper() stats.StartStatsTicker(10 * time.Minute) stats.RegisterHeapDumper("memprofile") - argocd := server.NewServer(ctx, argoCDOpts, appsetOpts) + argocd := server.NewServer(ctx, argoCDOpts) argocd.Init(ctx) lns, err := argocd.Listen() errors.CheckError(err) @@ -259,7 +231,7 @@ func NewCommand() *cobra.Command { Example: templates.Examples(` # Start the Argo CD API server with default settings $ argocd-server - + # Start the Argo CD API server on a custom port and enable tracing $ argocd-server --port 8888 --otlp-address localhost:4317 `), @@ -296,14 +268,6 @@ func NewCommand() *cobra.Command { command.Flags().BoolVar(&dexServerStrictTLS, "dex-server-strict-tls", env.ParseBoolFromEnv("ARGOCD_SERVER_DEX_SERVER_STRICT_TLS", false), "Perform strict validation of TLS certificates when connecting to dex server") command.Flags().StringSliceVar(&applicationNamespaces, "application-namespaces", env.StringsFromEnv("ARGOCD_APPLICATION_NAMESPACES", []string{}, ","), "List of additional namespaces where application resources can be managed in") command.Flags().BoolVar(&enableProxyExtension, "enable-proxy-extension", env.ParseBoolFromEnv("ARGOCD_SERVER_ENABLE_PROXY_EXTENSION", false), "Enable Proxy Extension feature") - command.Flags().IntVar(&webhookParallelism, "webhook-parallelism-limit", env.ParseNumFromEnv("ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT", 50, 1, 1000), "Number of webhook requests processed concurrently") - - // Flags related to the applicationSet component. - command.Flags().StringVar(&scmRootCAPath, "appset-scm-root-ca-path", env.StringFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH", ""), "Provide Root CA Path for self-signed TLS Certificates") - command.Flags().BoolVar(&enableScmProviders, "appset-enable-scm-providers", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS", true), "Enable retrieving information from SCM providers, used by the SCM and PR generators (Default: true)") - command.Flags().StringSliceVar(&allowedScmProviders, "appset-allowed-scm-providers", env.StringsFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS", []string{}, ","), "The list of allowed custom SCM provider API URLs. This restriction does not apply to SCM or PR generators which do not accept a custom API URL. (Default: Empty = all)") - command.Flags().BoolVar(&enableNewGitFileGlobbing, "appset-enable-new-git-file-globbing", env.ParseBoolFromEnv("ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING", false), "Enable new globbing in Git files generator.") - tlsConfigCustomizerSrc = tls.AddTLSFlagsToCmd(command) cacheSrc = servercache.AddCacheFlagsToCmd(command, cacheutil.Options{ OnClientCreated: func(client *redis.Client) { diff --git a/cmd/argocd/commands/account.go b/cmd/argocd/commands/account.go index 0466cb142a0e1..5472859551f75 100644 --- a/cmd/argocd/commands/account.go +++ b/cmd/argocd/commands/account.go @@ -30,7 +30,7 @@ import ( ) func NewAccountCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "account", Short: "Manage account settings", Example: templates.Examples(` @@ -68,7 +68,7 @@ func NewAccountUpdatePasswordCommand(clientOpts *argocdclient.ClientOptions) *co currentPassword string newPassword string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "update-password", Short: "Update an account's password", Long: ` @@ -151,8 +151,10 @@ has appropriate RBAC permissions to change other accounts. } func NewAccountGetUserInfoCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "get-user-info", Short: "Get user info", Example: templates.Examples(` @@ -256,7 +258,9 @@ func printAccountsTable(items []*accountpkg.Account) { } func NewAccountListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string + var ( + output string + ) cmd := &cobra.Command{ Use: "list", Short: "List accounts", @@ -408,7 +412,9 @@ argocd account generate-token --account `, } func NewAccountDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var account string + var ( + account string + ) cmd := &cobra.Command{ Use: "delete-token", Short: "Deletes account token", diff --git a/cmd/argocd/commands/admin/admin.go b/cmd/argocd/commands/admin/admin.go index e5465d9209507..9c56b066d552c 100644 --- a/cmd/argocd/commands/admin/admin.go +++ b/cmd/argocd/commands/admin/admin.go @@ -37,9 +37,11 @@ var ( // NewAdminCommand returns a new instance of an argocd command func NewAdminCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - pathOpts := clientcmd.NewDefaultPathOptions() + var ( + pathOpts = clientcmd.NewDefaultPathOptions() + ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "admin", Short: "Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access", DisableAutoGenTag: true, @@ -181,6 +183,7 @@ func isArgoCDConfigMap(name string) bool { return true } return false + } // specsEqual returns if the spec, data, labels, annotations, and finalizers of the two diff --git a/cmd/argocd/commands/admin/app.go b/cmd/argocd/commands/admin/app.go index 5c3bd761fe00c..7374a6315978e 100644 --- a/cmd/argocd/commands/admin/app.go +++ b/cmd/argocd/commands/admin/app.go @@ -44,7 +44,7 @@ import ( ) func NewAppCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "app", Short: "Manage applications configuration", Example: ` @@ -78,9 +78,8 @@ func NewGenAppSpecCommand() *cobra.Command { outputFormat string annotations []string inline bool - setFinalizer bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "generate-spec APPNAME", Short: "Generate declarative config for an application", Example: ` @@ -113,9 +112,7 @@ func NewGenAppSpecCommand() *cobra.Command { c.HelpFunc()(c, args) os.Exit(1) } - if setFinalizer { - app.Finalizers = append(app.Finalizers, "resources-finalizer.argocd.argoproj.io") - } + out, closer, err := getOutWriter(inline, fileURL) errors.CheckError(err) defer io.Close(closer) @@ -129,7 +126,6 @@ func NewGenAppSpecCommand() *cobra.Command { command.Flags().StringArrayVarP(&annotations, "annotations", "", []string{}, "Set metadata annotations (e.g. example=value)") command.Flags().StringVarP(&outputFormat, "output", "o", "yaml", "Output format. One of: json|yaml") command.Flags().BoolVarP(&inline, "inline", "i", false, "If set then generated resource is written back to the file specified in --file flag") - command.Flags().BoolVar(&setFinalizer, "set-finalizer", false, "Sets deletion finalizer on the application, application resources will be cascaded on deletion") // Only complete files with appropriate extension. err := command.Flags().SetAnnotation("file", cobra.BashCompFilenameExt, []string{"json", "yaml", "yml"}) @@ -163,7 +159,7 @@ func printLine(format string, a ...interface{}) { } func NewDiffReconcileResults() *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "diff-reconcile-results PATH1 PATH2", Short: "Compare results of two reconciliations and print diff.", Run: func(c *cobra.Command, args []string) { @@ -253,7 +249,7 @@ func NewReconcileCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "get-reconcile-results PATH", Short: "Reconcile all applications and stores reconciliation summary in the specified file.", Run: func(c *cobra.Command, args []string) { @@ -332,7 +328,7 @@ func saveToFile(err error, outputFormat string, result reconcileResults, outputP return fmt.Errorf("format %s is not supported", outputFormat) } - return os.WriteFile(outputPath, data, 0o644) + return os.WriteFile(outputPath, data, 0644) } func getReconcileResults(ctx context.Context, appClientset appclientset.Interface, namespace string, selector string) ([]appReconcileResult, error) { @@ -388,6 +384,7 @@ func reconcileApplications( }, func(r *http.Request) error { return nil }, []string{}) + if err != nil { return nil, err } @@ -437,7 +434,7 @@ func reconcileApplications( sources = append(sources, app.Spec.GetSource()) revisions = append(revisions, app.Spec.GetSource().TargetRevision) - res, err := appStateManager.CompareAppState(&app, proj, revisions, sources, false, false, nil, false, false) + res, err := appStateManager.CompareAppState(&app, proj, revisions, sources, false, false, nil, false) if err != nil { return nil, err } diff --git a/cmd/argocd/commands/admin/app_test.go b/cmd/argocd/commands/admin/app_test.go index cadce3e857009..c7bc515094439 100644 --- a/cmd/argocd/commands/admin/app_test.go +++ b/cmd/argocd/commands/admin/app_test.go @@ -9,7 +9,6 @@ import ( "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -44,7 +43,9 @@ func TestGetReconcileResults(t *testing.T) { }) result, err := getReconcileResults(ctx, appClientset, "default", "") - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } expectedResults := []appReconcileResult{{ Name: "test", @@ -117,15 +118,17 @@ func TestGetReconcileResults_Refresh(t *testing.T) { normalizers.IgnoreNormalizerOpts{}, ) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } - assert.Equal(t, health.HealthStatusMissing, result[0].Health.Status) - assert.Equal(t, v1alpha1.SyncStatusCodeOutOfSync, result[0].Sync.Status) + assert.Equal(t, result[0].Health.Status, health.HealthStatusMissing) + assert.Equal(t, result[0].Sync.Status, v1alpha1.SyncStatusCodeOutOfSync) } func TestDiffReconcileResults_NoDifferences(t *testing.T) { logs, err := captureStdout(func() { - require.NoError(t, diffReconcileResults( + assert.NoError(t, diffReconcileResults( reconcileResults{Applications: []appReconcileResult{{ Name: "app1", Sync: &v1alpha1.SyncStatus{Status: v1alpha1.SyncStatusCodeOutOfSync}, @@ -136,13 +139,13 @@ func TestDiffReconcileResults_NoDifferences(t *testing.T) { }}}, )) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "app1\n", logs) } func TestDiffReconcileResults_DifferentApps(t *testing.T) { logs, err := captureStdout(func() { - require.NoError(t, diffReconcileResults( + assert.NoError(t, diffReconcileResults( reconcileResults{Applications: []appReconcileResult{{ Name: "app1", Sync: &v1alpha1.SyncStatus{Status: v1alpha1.SyncStatusCodeOutOfSync}, @@ -159,7 +162,7 @@ func TestDiffReconcileResults_DifferentApps(t *testing.T) { }}}, )) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, `app1 app2 1,9d0 diff --git a/cmd/argocd/commands/admin/backup.go b/cmd/argocd/commands/admin/backup.go index fb54c5c7c7951..49e0615c64ba4 100644 --- a/cmd/argocd/commands/admin/backup.go +++ b/cmd/argocd/commands/admin/backup.go @@ -28,7 +28,7 @@ func NewExportCommand() *cobra.Command { clientConfig clientcmd.ClientConfig out string ) - command := cobra.Command{ + var command = cobra.Command{ Use: "export", Short: "Export all Argo CD data to stdout (default) or a file", Run: func(c *cobra.Command, args []string) { @@ -118,7 +118,7 @@ func NewImportCommand() *cobra.Command { verbose bool stopOperation bool ) - command := cobra.Command{ + var command = cobra.Command{ Use: "import SOURCE", Short: "Import Argo CD data from stdin (specify `-') or a file", Run: func(c *cobra.Command, args []string) { @@ -230,6 +230,7 @@ func NewImportCommand() *cobra.Command { if !isForbidden { fmt.Printf("%s/%s %s created%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg) } + } else if specsEqual(*bakObj, liveObj) && checkAppHasNoNeedToStopOperation(liveObj, stopOperation) { if verbose { fmt.Printf("%s/%s %s unchanged%s\n", gvk.Group, gvk.Kind, bakObj.GetName(), dryRunMsg) diff --git a/cmd/argocd/commands/admin/cluster.go b/cmd/argocd/commands/admin/cluster.go index 932460dc24d26..64c68002a86b5 100644 --- a/cmd/argocd/commands/admin/cluster.go +++ b/cmd/argocd/commands/admin/cluster.go @@ -19,7 +19,7 @@ import ( "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" cmdutil "github.com/argoproj/argo-cd/v2/cmd/util" "github.com/argoproj/argo-cd/v2/common" @@ -41,7 +41,7 @@ import ( ) func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientcmd.PathOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "cluster", Short: "Manage clusters configuration", Example: ` @@ -104,7 +104,17 @@ func loadClusters(ctx context.Context, kubeClient *kubernetes.Clientset, appClie if err != nil { return nil, err } - client := redis.NewClient(&redis.Options{Addr: fmt.Sprintf("localhost:%d", port)}) + + redisOptions := &redis.Options{Addr: fmt.Sprintf("localhost:%d", port)} + + secret, err := kubeClient.CoreV1().Secrets(namespace).Get(context.Background(), defaulRedisInitialPasswordSecretName, v1.GetOptions{}) + if err == nil { + if _, ok := secret.Data[defaultResisInitialPasswordKey]; ok { + redisOptions.Password = string(secret.Data[defaultResisInitialPasswordKey]) + } + } + + client := redis.NewClient(redisOptions) compressionType, err := cacheutil.CompressionTypeFromString(redisCompressionStr) if err != nil { return nil, err @@ -141,7 +151,7 @@ func loadClusters(ctx context.Context, kubeClient *kubernetes.Clientset, appClie cluster := batch[i] if replicas > 0 { clusterShard = clusterShards[cluster.Server] - cluster.Shard = ptr.To(int64(clusterShard)) + cluster.Shard = pointer.Int64(int64(clusterShard)) log.Infof("Cluster with uid: %s will be processed by shard %d", cluster.ID, clusterShard) } if shard != -1 && clusterShard != shard { @@ -168,8 +178,7 @@ func loadClusters(ctx context.Context, kubeClient *kubernetes.Clientset, appClie func getControllerReplicas(ctx context.Context, kubeClient *kubernetes.Clientset, namespace string, appControllerName string) (int, error) { appControllerPodLabelSelector := common.LabelKeyAppName + "=" + appControllerName controllerPods, err := kubeClient.CoreV1().Pods(namespace).List(ctx, v1.ListOptions{ - LabelSelector: appControllerPodLabelSelector, - }) + LabelSelector: appControllerPodLabelSelector}) if err != nil { return 0, err } @@ -186,7 +195,7 @@ func NewClusterShardsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comm portForwardRedis bool redisCompressionStr string ) - command := cobra.Command{ + var command = cobra.Command{ Use: "shards", Short: "Print information about each controller shard and the estimated portion of Kubernetes resources it is responsible for.", Run: func(cmd *cobra.Command, args []string) { @@ -220,7 +229,7 @@ func NewClusterShardsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comm clientConfig = cli.AddKubectlFlagsToCmd(&command) command.Flags().IntVar(&shard, "shard", -1, "Cluster shard filter") command.Flags().IntVar(&replicas, "replicas", 0, "Application controller replicas count. Inferred from number of running controller pods if not specified") - command.Flags().StringVar(&shardingAlgorithm, "sharding-method", common.DefaultShardingAlgorithm, "Sharding method. Defaults: legacy. Supported sharding methods are : [legacy, round-robin, consistent-hashing] ") + command.Flags().StringVar(&shardingAlgorithm, "sharding-method", common.DefaultShardingAlgorithm, "Sharding method. Defaults: legacy. Supported sharding methods are : [legacy, round-robin] ") command.Flags().BoolVar(&portForwardRedis, "port-forward-redis", true, "Automatically port-forward ha proxy redis from current namespace?") cacheSrc = appstatecache.AddCacheFlagsToCmd(&command) @@ -312,8 +321,10 @@ func runClusterNamespacesCommand(ctx context.Context, clientConfig clientcmd.Cli } func NewClusterNamespacesCommand() *cobra.Command { - var clientConfig clientcmd.ClientConfig - command := cobra.Command{ + var ( + clientConfig clientcmd.ClientConfig + ) + var command = cobra.Command{ Use: "namespaces", Short: "Print information namespaces which Argo CD manages in each cluster.", Run: func(cmd *cobra.Command, args []string) { @@ -356,7 +367,7 @@ func NewClusterEnableNamespacedMode() *cobra.Command { clusterResources bool namespacesCount int ) - command := cobra.Command{ + var command = cobra.Command{ Use: "enable-namespaced-mode PATTERN", Short: "Enable namespaced mode for clusters which name matches to the specified pattern.", Run: func(cmd *cobra.Command, args []string) { @@ -391,6 +402,7 @@ func NewClusterEnableNamespacedMode() *cobra.Command { } else { fmt.Println("done (dry run)") } + } return nil })) @@ -409,7 +421,7 @@ func NewClusterDisableNamespacedMode() *cobra.Command { clientConfig clientcmd.ClientConfig dryRun bool ) - command := cobra.Command{ + var command = cobra.Command{ Use: "disable-namespaced-mode PATTERN", Short: "Disable namespaced mode for clusters which name matches to the specified pattern.", Run: func(cmd *cobra.Command, args []string) { @@ -449,6 +461,7 @@ func NewClusterDisableNamespacedMode() *cobra.Command { } else { fmt.Println("done (dry run)") } + } return nil })) @@ -469,7 +482,7 @@ func NewClusterStatsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma portForwardRedis bool redisCompressionStr string ) - command := cobra.Command{ + var command = cobra.Command{ Use: "stats", Short: "Prints information cluster statistics and inferred shard number", Example: ` @@ -511,7 +524,7 @@ argocd admin cluster stats target-cluster`, clientConfig = cli.AddKubectlFlagsToCmd(&command) command.Flags().IntVar(&shard, "shard", -1, "Cluster shard filter") command.Flags().IntVar(&replicas, "replicas", 0, "Application controller replicas count. Inferred from number of running controller pods if not specified") - command.Flags().StringVar(&shardingAlgorithm, "sharding-method", common.DefaultShardingAlgorithm, "Sharding method. Defaults: legacy. Supported sharding methods are : [legacy, round-robin, consistent-hashing] ") + command.Flags().StringVar(&shardingAlgorithm, "sharding-method", common.DefaultShardingAlgorithm, "Sharding method. Defaults: legacy. Supported sharding methods are : [legacy, round-robin] ") command.Flags().BoolVar(&portForwardRedis, "port-forward-redis", true, "Automatically port-forward ha proxy redis from current namespace?") cacheSrc = appstatecache.AddCacheFlagsToCmd(&command) @@ -525,8 +538,10 @@ argocd admin cluster stats target-cluster`, // NewClusterConfig returns a new instance of `argocd admin kubeconfig` command func NewClusterConfig() *cobra.Command { - var clientConfig clientcmd.ClientConfig - command := &cobra.Command{ + var ( + clientConfig clientcmd.ClientConfig + ) + var command = &cobra.Command{ Use: "kubeconfig CLUSTER_URL OUTPUT_PATH", Short: "Generates kubeconfig for the specified cluster", DisableAutoGenTag: true, @@ -577,7 +592,7 @@ func NewGenClusterConfigCommand(pathOpts *clientcmd.PathOptions) *cobra.Command labels []string annotations []string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "generate-spec CONTEXT", Short: "Generate declarative config for a cluster", Run: func(c *cobra.Command, args []string) { diff --git a/cmd/argocd/commands/admin/dashboard.go b/cmd/argocd/commands/admin/dashboard.go index 41abce130e833..21b621d264022 100644 --- a/cmd/argocd/commands/admin/dashboard.go +++ b/cmd/argocd/commands/admin/dashboard.go @@ -3,11 +3,10 @@ package admin import ( "fmt" + "github.com/argoproj/argo-cd/v2/util/cli" "github.com/spf13/cobra" "k8s.io/client-go/tools/clientcmd" - "github.com/argoproj/argo-cd/v2/util/cli" - "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/initialize" "github.com/argoproj/argo-cd/v2/common" diff --git a/cmd/argocd/commands/admin/generatespec_utils_test.go b/cmd/argocd/commands/admin/generatespec_utils_test.go index 9c5735df5838d..ea71b1ffa76ae 100644 --- a/cmd/argocd/commands/admin/generatespec_utils_test.go +++ b/cmd/argocd/commands/admin/generatespec_utils_test.go @@ -34,7 +34,7 @@ func TestGetOutWriter_InlineOn(t *testing.T) { assert.Equal(t, tmpFile, out.(*os.File).Name()) _, err = os.Stat(fmt.Sprintf("%s.back", tmpFile)) - require.NoError(t, err, "Back file must be created") + assert.NoError(t, err, "Back file must be created") } func TestPrintResources_Secret_YAML(t *testing.T) { @@ -43,7 +43,7 @@ func TestPrintResources_Secret_YAML(t *testing.T) { ObjectMeta: metav1.ObjectMeta{Name: "my-secret"}, Data: map[string][]byte{"my-secret-key": []byte("my-secret-data")}, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, `apiVersion: v1 kind: Secret diff --git a/cmd/argocd/commands/admin/initial_password.go b/cmd/argocd/commands/admin/initial_password.go index bcd699d3d0dc3..a130ee875ae60 100644 --- a/cmd/argocd/commands/admin/initial_password.go +++ b/cmd/argocd/commands/admin/initial_password.go @@ -17,11 +17,14 @@ const initialPasswordSecretName = "argocd-initial-admin-secret" // NewInitialPasswordCommand defines a new command to retrieve Argo CD initial password. func NewInitialPasswordCommand() *cobra.Command { - var clientConfig clientcmd.ClientConfig - command := cobra.Command{ + var ( + clientConfig clientcmd.ClientConfig + ) + var command = cobra.Command{ Use: "initial-password", Short: "Prints initial password to log in to Argo CD for the first time", Run: func(c *cobra.Command, args []string) { + config, err := clientConfig.ClientConfig() errors.CheckError(err) namespace, _, err := clientConfig.Namespace() diff --git a/cmd/argocd/commands/admin/notifications.go b/cmd/argocd/commands/admin/notifications.go index 104a12a8596c2..3cbac0a53b5c2 100644 --- a/cmd/argocd/commands/admin/notifications.go +++ b/cmd/argocd/commands/admin/notifications.go @@ -15,13 +15,14 @@ import ( settings "github.com/argoproj/argo-cd/v2/util/notification/settings" "github.com/argoproj/argo-cd/v2/util/tls" + "github.com/argoproj/argo-cd/v2/pkg/apis/application" "github.com/argoproj/notifications-engine/pkg/cmd" "github.com/spf13/cobra" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application" ) -var applications = schema.GroupVersionResource{Group: application.Group, Version: "v1alpha1", Resource: application.ApplicationPlural} +var ( + applications = schema.GroupVersionResource{Group: application.Group, Version: "v1alpha1", Resource: application.ApplicationPlural} +) func NewNotificationsCommand() *cobra.Command { var ( diff --git a/cmd/argocd/commands/admin/project.go b/cmd/argocd/commands/admin/project.go index 9ba14ab80d961..8d4d5615bc826 100644 --- a/cmd/argocd/commands/admin/project.go +++ b/cmd/argocd/commands/admin/project.go @@ -23,7 +23,7 @@ import ( ) func NewProjectsCommand() *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "proj", Short: "Manage projects configuration", Run: func(c *cobra.Command, args []string) { @@ -45,7 +45,7 @@ func NewGenProjectSpecCommand() *cobra.Command { outputFormat string inline bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "generate-spec PROJECT", Short: "Generate declarative config for a project", Example: templates.Examples(` @@ -151,7 +151,7 @@ func NewUpdatePolicyRuleCommand() *cobra.Command { permission string dryRun bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "update-role-policy PROJECT_GLOB MODIFICATION ACTION", Short: "Implement bulk project role update. Useful to back-fill existing project policies or remove obsolete actions.", Example: ` # Add policy that allows executing any action (action/*) to roles which name matches to *deployer* in all projects diff --git a/cmd/argocd/commands/admin/project_allowlist.go b/cmd/argocd/commands/admin/project_allowlist.go index 9f436f2f3a81c..460ea21d93329 100644 --- a/cmd/argocd/commands/admin/project_allowlist.go +++ b/cmd/argocd/commands/admin/project_allowlist.go @@ -38,7 +38,7 @@ func NewProjectAllowListGenCommand() *cobra.Command { clientConfig clientcmd.ClientConfig out string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "generate-allow-list CLUSTERROLE_PATH PROJ_NAME", Short: "Generates project allow list from the specified clusterRole file", Example: `# Generates project allow list from the specified clusterRole file @@ -88,15 +88,15 @@ argocd admin proj generate-allow-list /path/to/clusterrole.yaml my-project`, func getResourceList(clientConfig clientcmd.ClientConfig) ([]*metav1.APIResourceList, error) { config, err := clientConfig.ClientConfig() if err != nil { - return nil, fmt.Errorf("error while creating client config: %w", err) + return nil, fmt.Errorf("error while creating client config: %s", err) } disco, err := discovery.NewDiscoveryClientForConfig(config) if err != nil { - return nil, fmt.Errorf("error while creating discovery client: %w", err) + return nil, fmt.Errorf("error while creating discovery client: %s", err) } serverResources, err := disco.ServerPreferredResources() if err != nil { - return nil, fmt.Errorf("error while getting server resources: %w", err) + return nil, fmt.Errorf("error while getting server resources: %s", err) } return serverResources, nil } @@ -104,23 +104,23 @@ func getResourceList(clientConfig clientcmd.ClientConfig) ([]*metav1.APIResource func generateProjectAllowList(serverResources []*metav1.APIResourceList, clusterRoleFileName string, projName string) (*v1alpha1.AppProject, error) { yamlBytes, err := os.ReadFile(clusterRoleFileName) if err != nil { - return nil, fmt.Errorf("error reading cluster role file: %w", err) + return nil, fmt.Errorf("error reading cluster role file: %s", err) } var obj unstructured.Unstructured err = yaml.Unmarshal(yamlBytes, &obj) if err != nil { - return nil, fmt.Errorf("error unmarshalling cluster role file yaml: %w", err) + return nil, fmt.Errorf("error unmarshalling cluster role file yaml: %s", err) } clusterRole := &rbacv1.ClusterRole{} err = scheme.Scheme.Convert(&obj, clusterRole, nil) if err != nil { - return nil, fmt.Errorf("error converting cluster role yaml into ClusterRole struct: %w", err) + return nil, fmt.Errorf("error converting cluster role yaml into ClusterRole struct: %s", err) } resourceList := make([]metav1.GroupKind, 0) for _, rule := range clusterRole.Rules { - if len(rule.APIGroups) == 0 { + if len(rule.APIGroups) <= 0 { continue } diff --git a/cmd/argocd/commands/admin/project_allowlist_test.go b/cmd/argocd/commands/admin/project_allowlist_test.go index eeec46b9be231..c4634fb9310c1 100644 --- a/cmd/argocd/commands/admin/project_allowlist_test.go +++ b/cmd/argocd/commands/admin/project_allowlist_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -16,6 +15,6 @@ func TestProjectAllowListGen(t *testing.T) { resourceList := []*metav1.APIResourceList{{APIResources: []metav1.APIResource{res}}} globalProj, err := generateProjectAllowList(resourceList, "testdata/test_clusterrole.yaml", "testproj") - require.NoError(t, err) - assert.Positive(t, len(globalProj.Spec.NamespaceResourceWhitelist)) + assert.NoError(t, err) + assert.True(t, len(globalProj.Spec.NamespaceResourceWhitelist) > 0) } diff --git a/cmd/argocd/commands/admin/project_test.go b/cmd/argocd/commands/admin/project_test.go index 341cd48f5c92a..93d8626ce1b25 100644 --- a/cmd/argocd/commands/admin/project_test.go +++ b/cmd/argocd/commands/admin/project_test.go @@ -5,7 +5,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -35,17 +34,17 @@ func TestUpdateProjects_FindMatchingProject(t *testing.T) { clientset := fake.NewSimpleClientset(newProj("foo", "test"), newProj("bar", "test")) modification, err := getModification("set", "*", "*", "allow") - require.NoError(t, err) + assert.NoError(t, err) err = updateProjects(ctx, clientset.ArgoprojV1alpha1().AppProjects(namespace), "ba*", "*", "set", modification, false) - require.NoError(t, err) + assert.NoError(t, err) fooProj, err := clientset.ArgoprojV1alpha1().AppProjects(namespace).Get(ctx, "foo", v1.GetOptions{}) - require.NoError(t, err) - assert.Empty(t, fooProj.Spec.Roles[0].Policies) + assert.NoError(t, err) + assert.Len(t, fooProj.Spec.Roles[0].Policies, 0) barProj, err := clientset.ArgoprojV1alpha1().AppProjects(namespace).Get(ctx, "bar", v1.GetOptions{}) - require.NoError(t, err) - assert.EqualValues(t, []string{"p, proj:bar:test, *, set, bar/*, allow"}, barProj.Spec.Roles[0].Policies) + assert.NoError(t, err) + assert.EqualValues(t, barProj.Spec.Roles[0].Policies, []string{"p, proj:bar:test, *, set, bar/*, allow"}) } func TestUpdateProjects_FindMatchingRole(t *testing.T) { @@ -54,26 +53,26 @@ func TestUpdateProjects_FindMatchingRole(t *testing.T) { clientset := fake.NewSimpleClientset(newProj("proj", "foo", "bar")) modification, err := getModification("set", "*", "*", "allow") - require.NoError(t, err) + assert.NoError(t, err) err = updateProjects(ctx, clientset.ArgoprojV1alpha1().AppProjects(namespace), "*", "fo*", "set", modification, false) - require.NoError(t, err) + assert.NoError(t, err) proj, err := clientset.ArgoprojV1alpha1().AppProjects(namespace).Get(ctx, "proj", v1.GetOptions{}) - require.NoError(t, err) - assert.EqualValues(t, []string{"p, proj:proj:foo, *, set, proj/*, allow"}, proj.Spec.Roles[0].Policies) - assert.Empty(t, proj.Spec.Roles[1].Policies) + assert.NoError(t, err) + assert.EqualValues(t, proj.Spec.Roles[0].Policies, []string{"p, proj:proj:foo, *, set, proj/*, allow"}) + assert.Len(t, proj.Spec.Roles[1].Policies, 0) } func TestGetModification_SetPolicy(t *testing.T) { modification, err := getModification("set", "*", "*", "allow") - require.NoError(t, err) + assert.NoError(t, err) policy := modification("proj", "myaction") assert.Equal(t, "*, myaction, proj/*, allow", policy) } func TestGetModification_RemovePolicy(t *testing.T) { modification, err := getModification("remove", "*", "*", "allow") - require.NoError(t, err) + assert.NoError(t, err) policy := modification("proj", "myaction") assert.Equal(t, "", policy) } diff --git a/cmd/argocd/commands/admin/redis_initial_password.go b/cmd/argocd/commands/admin/redis_initial_password.go index eddd915373b15..8fa1e70ad890e 100644 --- a/cmd/argocd/commands/admin/redis_initial_password.go +++ b/cmd/argocd/commands/admin/redis_initial_password.go @@ -6,26 +6,22 @@ import ( "fmt" "math/big" - apierr "k8s.io/apimachinery/pkg/api/errors" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/cli" + apierr "k8s.io/apimachinery/pkg/api/errors" + "github.com/argoproj/argo-cd/v2/util/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" - "github.com/argoproj/argo-cd/v2/util/errors" - "github.com/spf13/cobra" corev1 "k8s.io/api/core/v1" ) -const ( - defaulRedisInitialPasswordSecretName = "argocd-redis" - defaultResisInitialPasswordKey = "auth" -) +const defaulRedisInitialPasswordSecretName = "argocd-redis" +const defaultResisInitialPasswordKey = "auth" func generateRandomPassword() (string, error) { const initialPasswordLength = 16 @@ -44,8 +40,10 @@ func generateRandomPassword() (string, error) { // NewRedisInitialPasswordCommand defines a new command to ensure Argo CD Redis password secret exists. func NewRedisInitialPasswordCommand() *cobra.Command { - var clientConfig clientcmd.ClientConfig - command := cobra.Command{ + var ( + clientConfig clientcmd.ClientConfig + ) + var command = cobra.Command{ Use: "redis-initial-password", Short: "Ensure the Redis password exists, creating a new one if necessary.", Run: func(c *cobra.Command, args []string) { diff --git a/cmd/argocd/commands/admin/repo.go b/cmd/argocd/commands/admin/repo.go index ea55b341b486c..208a6ef8550f8 100644 --- a/cmd/argocd/commands/admin/repo.go +++ b/cmd/argocd/commands/admin/repo.go @@ -25,7 +25,7 @@ const ( ) func NewRepoCommand() *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "repo", Short: "Manage repositories configuration", Run: func(c *cobra.Command, args []string) { @@ -44,7 +44,7 @@ func NewGenRepoSpecCommand() *cobra.Command { ) // For better readability and easier formatting - repoAddExamples := ` + var repoAddExamples = ` # Add a Git repository via SSH using a private key for authentication, ignoring the server's host key: argocd admin repo generate-spec git@git.example.com:repos/repo --insecure-ignore-host-key --ssh-private-key-path ~/id_rsa @@ -67,7 +67,7 @@ func NewGenRepoSpecCommand() *cobra.Command { argocd admin repo generate-spec helm-oci-registry.cn-zhangjiakou.cr.aliyuncs.com --type helm --name stable --enable-oci --username test --password test ` - command := &cobra.Command{ + var command = &cobra.Command{ Use: "generate-spec REPOURL", Short: "Generate declarative config for a repo", Example: repoAddExamples, @@ -157,7 +157,7 @@ func NewGenRepoSpecCommand() *cobra.Command { _, err := argoDB.CreateRepository(ctx, &repoOpts.Repo) errors.CheckError(err) - secret, err := kubeClientset.CoreV1().Secrets(ArgoCDNamespace).Get(ctx, db.RepoURLToSecretName(repoSecretPrefix, repoOpts.Repo.Repo, repoOpts.Repo.Project), v1.GetOptions{}) + secret, err := kubeClientset.CoreV1().Secrets(ArgoCDNamespace).Get(ctx, db.RepoURLToSecretName(repoSecretPrefix, repoOpts.Repo.Repo), v1.GetOptions{}) errors.CheckError(err) errors.CheckError(PrintResources(outputFormat, os.Stdout, secret)) diff --git a/cmd/argocd/commands/admin/settings.go b/cmd/argocd/commands/admin/settings.go index b9c68bbbd58f6..d739031a7944a 100644 --- a/cmd/argocd/commands/admin/settings.go +++ b/cmd/argocd/commands/admin/settings.go @@ -146,9 +146,11 @@ func (opts *settingsOpts) getK8sClient() (*kubernetes.Clientset, string, error) } func NewSettingsCommand() *cobra.Command { - var opts settingsOpts + var ( + opts settingsOpts + ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "settings", Short: "Provides set of commands for settings validation and troubleshooting", Run: func(c *cobra.Command, args []string) { @@ -200,12 +202,12 @@ var validatorsByGroup = map[string]settingValidator{ ssoProvider := "" if general.DexConfig != "" { if _, err := settings.UnmarshalDexConfig(general.DexConfig); err != nil { - return "", fmt.Errorf("invalid dex.config: %w", err) + return "", fmt.Errorf("invalid dex.config: %v", err) } ssoProvider = "Dex" } else if general.OIDCConfigRAW != "" { if err := settings.ValidateOIDCConfig(general.OIDCConfigRAW); err != nil { - return "", fmt.Errorf("invalid oidc.config: %w", err) + return "", fmt.Errorf("invalid oidc.config: %v", err) } ssoProvider = "OIDC" } @@ -216,6 +218,7 @@ var validatorsByGroup = map[string]settingValidator{ summary = summary + " ('url' field is missing)" } } else if ssoProvider != "" && general.URL != "" { + } else { summary = "SSO is not configured" } @@ -274,7 +277,9 @@ var validatorsByGroup = map[string]settingValidator{ } func NewValidateSettingsCommand(cmdCtx commandContext) *cobra.Command { - var groups []string + var ( + groups []string + ) var allGroups []string for k := range validatorsByGroup { @@ -284,7 +289,7 @@ func NewValidateSettingsCommand(cmdCtx commandContext) *cobra.Command { return allGroups[i] < allGroups[j] }) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "validate", Short: "Validate settings", Long: "Validates settings specified in 'argocd-cm' ConfigMap and 'argocd-secret' Secret", @@ -336,7 +341,7 @@ argocd admin settings validate --group accounts --group plugins --load-cluster-s } func NewResourceOverridesCommand(cmdCtx commandContext) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "resource-overrides", Short: "Troubleshoot resource overrides", Run: func(c *cobra.Command, args []string) { @@ -398,7 +403,7 @@ func executeIgnoreResourceUpdatesOverrideCommand(ctx context.Context, cmdCtx com } func NewResourceIgnoreDifferencesCommand(cmdCtx commandContext) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "ignore-differences RESOURCE_YAML_PATH", Short: "Renders fields excluded from diffing", Long: "Renders ignored fields using the 'ignoreDifferences' setting specified in the 'resource.customizations' field of 'argocd-cm' ConfigMap", @@ -448,8 +453,10 @@ argocd admin settings resource-overrides ignore-differences ./deploy.yaml --argo } func NewResourceIgnoreResourceUpdatesCommand(cmdCtx commandContext) *cobra.Command { - var ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts - command := &cobra.Command{ + var ( + ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts + ) + var command = &cobra.Command{ Use: "ignore-resource-updates RESOURCE_YAML_PATH", Short: "Renders fields excluded from resource updates", Long: "Renders ignored fields using the 'ignoreResourceUpdates' setting specified in the 'resource.customizations' field of 'argocd-cm' ConfigMap", @@ -496,7 +503,7 @@ argocd admin settings resource-overrides ignore-resource-updates ./deploy.yaml - } func NewResourceHealthCommand(cmdCtx commandContext) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "health RESOURCE_YAML_PATH", Short: "Assess resource health", Long: "Assess resource health using the lua script configured in the 'resource.customizations' field of 'argocd-cm' ConfigMap", @@ -529,7 +536,7 @@ argocd admin settings resource-overrides health ./deploy.yaml --argocd-cm-path . } func NewResourceActionListCommand(cmdCtx commandContext) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "list-actions RESOURCE_YAML_PATH", Short: "List available resource actions", Long: "List actions available for given resource action using the lua scripts configured in the 'resource.customizations' field of 'argocd-cm' ConfigMap and outputs updated fields", @@ -573,7 +580,7 @@ argocd admin settings resource-overrides action list /tmp/deploy.yaml --argocd-c } func NewResourceActionRunCommand(cmdCtx commandContext) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "run-action RESOURCE_YAML_PATH ACTION", Aliases: []string{"action"}, Short: "Executes resource action", @@ -622,6 +629,7 @@ argocd admin settings resource-overrides action run /tmp/deploy.yaml restart --a fmt.Println(bytes.NewBuffer(yamlBytes).String()) } } + }) }, } diff --git a/cmd/argocd/commands/admin/settings_rbac.go b/cmd/argocd/commands/admin/settings_rbac.go index de0a857397f62..1c09fa0d1cfe7 100644 --- a/cmd/argocd/commands/admin/settings_rbac.go +++ b/cmd/argocd/commands/admin/settings_rbac.go @@ -21,12 +21,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/rbac" ) -type actionTraitMap map[string]rbacTrait - -type rbacTrait struct { - allowPath bool -} - // Provide a mapping of short-hand resource names to their RBAC counterparts var resourceMap map[string]string = map[string]string{ "account": rbacpolicy.ResourceAccounts, @@ -38,7 +32,6 @@ var resourceMap map[string]string = map[string]string{ "certs": rbacpolicy.ResourceCertificates, "certificate": rbacpolicy.ResourceCertificates, "cluster": rbacpolicy.ResourceClusters, - "extension": rbacpolicy.ResourceExtensions, "gpgkey": rbacpolicy.ResourceGPGKeys, "key": rbacpolicy.ResourceGPGKeys, "log": rbacpolicy.ResourceLogs, @@ -53,64 +46,33 @@ var resourceMap map[string]string = map[string]string{ } // List of allowed RBAC resources -var validRBACResourcesActions map[string]actionTraitMap = map[string]actionTraitMap{ - rbacpolicy.ResourceAccounts: accountsActions, - rbacpolicy.ResourceApplications: applicationsActions, - rbacpolicy.ResourceApplicationSets: defaultCRUDActions, - rbacpolicy.ResourceCertificates: defaultCRDActions, - rbacpolicy.ResourceClusters: defaultCRUDActions, - rbacpolicy.ResourceExtensions: extensionActions, - rbacpolicy.ResourceGPGKeys: defaultCRDActions, - rbacpolicy.ResourceLogs: logsActions, - rbacpolicy.ResourceExec: execActions, - rbacpolicy.ResourceProjects: defaultCRUDActions, - rbacpolicy.ResourceRepositories: defaultCRUDActions, +var validRBACResources map[string]bool = map[string]bool{ + rbacpolicy.ResourceAccounts: true, + rbacpolicy.ResourceApplications: true, + rbacpolicy.ResourceApplicationSets: true, + rbacpolicy.ResourceCertificates: true, + rbacpolicy.ResourceClusters: true, + rbacpolicy.ResourceGPGKeys: true, + rbacpolicy.ResourceLogs: true, + rbacpolicy.ResourceExec: true, + rbacpolicy.ResourceProjects: true, + rbacpolicy.ResourceRepositories: true, } // List of allowed RBAC actions -var defaultCRUDActions = actionTraitMap{ - rbacpolicy.ActionCreate: rbacTrait{}, - rbacpolicy.ActionGet: rbacTrait{}, - rbacpolicy.ActionUpdate: rbacTrait{}, - rbacpolicy.ActionDelete: rbacTrait{}, -} - -var defaultCRDActions = actionTraitMap{ - rbacpolicy.ActionCreate: rbacTrait{}, - rbacpolicy.ActionGet: rbacTrait{}, - rbacpolicy.ActionDelete: rbacTrait{}, -} - -var applicationsActions = actionTraitMap{ - rbacpolicy.ActionCreate: rbacTrait{}, - rbacpolicy.ActionGet: rbacTrait{}, - rbacpolicy.ActionUpdate: rbacTrait{allowPath: true}, - rbacpolicy.ActionDelete: rbacTrait{allowPath: true}, - rbacpolicy.ActionAction: rbacTrait{allowPath: true}, - rbacpolicy.ActionOverride: rbacTrait{}, - rbacpolicy.ActionSync: rbacTrait{}, -} - -var accountsActions = actionTraitMap{ - rbacpolicy.ActionCreate: rbacTrait{}, - rbacpolicy.ActionUpdate: rbacTrait{}, -} - -var execActions = actionTraitMap{ - rbacpolicy.ActionCreate: rbacTrait{}, -} - -var logsActions = actionTraitMap{ - rbacpolicy.ActionGet: rbacTrait{}, -} - -var extensionActions = actionTraitMap{ - rbacpolicy.ActionInvoke: rbacTrait{}, +var validRBACActions map[string]bool = map[string]bool{ + rbacpolicy.ActionAction: true, + rbacpolicy.ActionCreate: true, + rbacpolicy.ActionDelete: true, + rbacpolicy.ActionGet: true, + rbacpolicy.ActionOverride: true, + rbacpolicy.ActionSync: true, + rbacpolicy.ActionUpdate: true, } // NewRBACCommand is the command for 'rbac' func NewRBACCommand() *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "rbac", Short: "Validate and test RBAC configuration", Run: func(c *cobra.Command, args []string) { @@ -136,7 +98,7 @@ func NewRBACCanCommand() *cobra.Command { subResource string clientConfig clientcmd.ClientConfig ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "can ROLE/SUBJECT ACTION RESOURCE [SUB-RESOURCE]", Short: "Check RBAC permissions for a role or subject", Long: ` @@ -244,7 +206,7 @@ func NewRBACValidateCommand() *cobra.Command { clientConfig clientcmd.ClientConfig ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "validate [--policy-file POLICYFILE] [--namespace NAMESPACE]", Short: "Validate RBAC policy", Long: ` @@ -259,8 +221,8 @@ argocd admin settings rbac validate --policy-file policy.csv # i.e. 'policy.csv' and (optionally) 'policy.default' argocd admin settings rbac validate --policy-file argocd-rbac-cm.yaml -# If --policy-file is not given, and instead --namespace is giventhe ConfigMap 'argocd-rbac-cm' -# from K8s is used. +# If --policy-file is not given, and instead --namespace is giventhe ConfigMap 'argocd-rbac-cm' +# from K8s is used. argocd admin settings rbac validate --namespace argocd # Either --policy-file or --namespace must be given. @@ -414,9 +376,11 @@ func checkPolicy(subject, action, resource, subResource, builtinPolicy, userPoli // If in strict mode, validate that given RBAC resource and action are // actually valid tokens. if strict { - if err := validateRBACResourceAction(realResource, action); err != nil { - log.Fatalf("error in RBAC request: %v", err) - return false + if !isValidRBACResource(realResource) { + log.Fatalf("error in RBAC request: '%s' is not a valid resource name", realResource) + } + if !isValidRBACAction(action) { + log.Fatalf("error in RBAC request: '%s' is not a valid action name", action) } } @@ -442,18 +406,17 @@ func resolveRBACResourceName(name string) string { } } -// validateRBACResourceAction checks whether a given resource is a valid RBAC resource. -// If it is, it validates that the action is a valid RBAC action for this resource. -func validateRBACResourceAction(resource, action string) error { - validActions, ok := validRBACResourcesActions[resource] - if !ok { - return fmt.Errorf("'%s' is not a valid resource name", resource) +// isValidRBACAction checks whether a given action is a valid RBAC action +func isValidRBACAction(action string) bool { + if strings.HasPrefix(action, rbacpolicy.ActionAction+"/") { + return true } + _, ok := validRBACActions[action] + return ok +} - realAction, _, hasPath := strings.Cut(action, "/") - actionTrait, ok := validActions[realAction] - if !ok || hasPath && !actionTrait.allowPath { - return fmt.Errorf("'%s' is not a valid action for %s", action, resource) - } - return nil +// isValidRBACResource checks whether a given resource is a valid RBAC resource +func isValidRBACResource(resource string) bool { + _, ok := validRBACResources[resource] + return ok } diff --git a/cmd/argocd/commands/admin/settings_rbac_test.go b/cmd/argocd/commands/admin/settings_rbac_test.go index c2a5c6c2c3370..79835ffd0c14d 100644 --- a/cmd/argocd/commands/admin/settings_rbac_test.go +++ b/cmd/argocd/commands/admin/settings_rbac_test.go @@ -5,6 +5,7 @@ import ( "os" "testing" + "github.com/argoproj/argo-cd/v2/util/assets" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" @@ -13,9 +14,6 @@ import ( restclient "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" - - "github.com/argoproj/argo-cd/v2/server/rbacpolicy" - "github.com/argoproj/argo-cd/v2/util/assets" ) type FakeClientConfig struct { @@ -43,75 +41,35 @@ func (f *FakeClientConfig) ConfigAccess() clientcmd.ConfigAccess { return nil } -func Test_validateRBACResourceAction(t *testing.T) { - type args struct { - resource string - action string - } - tests := []struct { - name string - args args - valid bool - }{ - { - name: "Test valid resource and action", - args: args{ - resource: rbacpolicy.ResourceApplications, - action: rbacpolicy.ActionCreate, - }, - valid: true, - }, - { - name: "Test invalid resource", - args: args{ - resource: "invalid", - }, - valid: false, - }, - { - name: "Test invalid action", - args: args{ - resource: rbacpolicy.ResourceApplications, - action: "invalid", - }, - valid: false, - }, - { - name: "Test invalid action for resource", - args: args{ - resource: rbacpolicy.ResourceLogs, - action: rbacpolicy.ActionCreate, - }, - valid: false, - }, - { - name: "Test valid action with path", - args: args{ - resource: rbacpolicy.ResourceApplications, - action: rbacpolicy.ActionAction + "/apps/Deployment/restart", - }, - valid: true, - }, - { - name: "Test invalid action with path", - args: args{ - resource: rbacpolicy.ResourceApplications, - action: rbacpolicy.ActionGet + "/apps/Deployment/restart", - }, - valid: false, - }, +func Test_isValidRBACAction(t *testing.T) { + for k := range validRBACActions { + t.Run(k, func(t *testing.T) { + ok := isValidRBACAction(k) + assert.True(t, ok) + }) } + t.Run("invalid", func(t *testing.T) { + ok := isValidRBACAction("invalid") + assert.False(t, ok) + }) +} + +func Test_isValidRBACAction_ActionAction(t *testing.T) { + ok := isValidRBACAction("action/apps/Deployment/restart") + assert.True(t, ok) +} - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - result := validateRBACResourceAction(tt.args.resource, tt.args.action) - if tt.valid { - assert.NoError(t, result) - } else { - assert.Error(t, result) - } +func Test_isValidRBACResource(t *testing.T) { + for k := range validRBACResources { + t.Run(k, func(t *testing.T) { + ok := isValidRBACResource(k) + assert.True(t, ok) }) } + t.Run("invalid", func(t *testing.T) { + ok := isValidRBACResource("invalid") + assert.False(t, ok) + }) } func Test_PolicyFromCSV(t *testing.T) { diff --git a/cmd/argocd/commands/admin/settings_test.go b/cmd/argocd/commands/admin/settings_test.go index 4db8ae7ba5eeb..ff817017f4be5 100644 --- a/cmd/argocd/commands/admin/settings_test.go +++ b/cmd/argocd/commands/admin/settings_test.go @@ -13,7 +13,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/settings" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" @@ -36,6 +35,7 @@ func captureStdout(callback func()) (string, error) { utils.Close(w) data, err := io.ReadAll(r) + if err != nil { return "", err } @@ -97,16 +97,22 @@ metadata: name: argocd-cm data: url: https://myargocd.com`) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } defer utils.Close(closer) opts := settingsOpts{argocdCMPath: f} settingsManager, err := opts.createSettingsManager(ctx) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } argoCDSettings, err := settingsManager.GetSettings() - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } assert.Equal(t, "https://myargocd.com", argoCDSettings.URL) } @@ -197,11 +203,12 @@ admissionregistration.k8s.io/MutatingWebhookConfiguration: } summary, err := validator(newSettingsManager(tc.data)) if tc.containsSummary != "" { - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, summary, tc.containsSummary) } else if tc.containsError != "" { - require.Error(t, err) - assert.Contains(t, err.Error(), tc.containsError) + if assert.Error(t, err) { + assert.Contains(t, err.Error(), tc.containsError) + } } }) } @@ -266,10 +273,10 @@ func TestValidateSettingsCommand_NoErrors(t *testing.T) { cmd := NewValidateSettingsCommand(newCmdContext(map[string]string{})) out, err := captureStdout(func() { err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) for k := range validatorsByGroup { assert.Contains(t, out, fmt.Sprintf("✅ %s", k)) } @@ -277,7 +284,9 @@ func TestValidateSettingsCommand_NoErrors(t *testing.T) { func TestResourceOverrideIgnoreDifferences(t *testing.T) { f, closer, err := tempFile(testDeploymentYAML) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } defer utils.Close(closer) t.Run("NoOverridesConfigured", func(t *testing.T) { @@ -285,9 +294,9 @@ func TestResourceOverrideIgnoreDifferences(t *testing.T) { out, err := captureStdout(func() { cmd.SetArgs([]string{"ignore-differences", f}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Ignore differences are not configured for 'apps/Deployment'\n") }) @@ -296,33 +305,33 @@ func TestResourceOverrideIgnoreDifferences(t *testing.T) { "resource.customizations": `apps/Deployment: ignoreDifferences: | jsonPointers: - - /spec`, - })) + - /spec`})) out, err := captureStdout(func() { cmd.SetArgs([]string{"ignore-differences", f}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "< spec:") }) } func TestResourceOverrideHealth(t *testing.T) { f, closer, err := tempFile(testCustomResourceYAML) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } defer utils.Close(closer) t.Run("NoHealthAssessment", func(t *testing.T) { cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{ - "resource.customizations": `example.com/ExampleResource: {}`, - })) + "resource.customizations": `example.com/ExampleResource: {}`})) out, err := captureStdout(func() { cmd.SetArgs([]string{"health", f}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Health script is not configured for 'example.com/ExampleResource'\n") }) @@ -331,14 +340,13 @@ func TestResourceOverrideHealth(t *testing.T) { "resource.customizations": `example.com/ExampleResource: health.lua: | return { status = "Progressing" } -`, - })) +`})) out, err := captureStdout(func() { cmd.SetArgs([]string{"health", f}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Progressing") }) @@ -347,37 +355,39 @@ func TestResourceOverrideHealth(t *testing.T) { "resource.customizations": `example.com/*: health.lua: | return { status = "Progressing" } -`, - })) +`})) out, err := captureStdout(func() { cmd.SetArgs([]string{"health", f}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Progressing") }) } func TestResourceOverrideAction(t *testing.T) { f, closer, err := tempFile(testDeploymentYAML) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } defer utils.Close(closer) cronJobFile, closer, err := tempFile(testCronJobYAML) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } defer utils.Close(closer) t.Run("NoActions", func(t *testing.T) { cmd := NewResourceOverridesCommand(newCmdContext(map[string]string{ - "resource.customizations": `apps/Deployment: {}`, - })) + "resource.customizations": `apps/Deployment: {}`})) out, err := captureStdout(func() { cmd.SetArgs([]string{"run-action", f, "test"}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Actions are not configured") }) @@ -395,22 +405,21 @@ func TestResourceOverrideAction(t *testing.T) { action.lua: | obj.metadata.labels["test"] = 'updated' return obj -`, - })) +`})) out, err := captureStdout(func() { cmd.SetArgs([]string{"run-action", f, "test"}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "test: updated") out, err = captureStdout(func() { cmd.SetArgs([]string{"list-actions", f}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, `NAME DISABLED restart false resume false @@ -440,24 +449,23 @@ resume false result = {} result[1] = impactedResource1 return result -`, - })) +`})) out, err := captureStdout(func() { cmd.SetArgs([]string{"run-action", cronJobFile, "test"}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "resource was created:") assert.Contains(t, out, "hello-1") out, err = captureStdout(func() { cmd.SetArgs([]string{"list-actions", cronJobFile}) err := cmd.Execute() - require.NoError(t, err) + assert.NoError(t, err) }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "NAME") assert.Contains(t, out, "DISABLED") assert.Contains(t, out, "create-a-job") diff --git a/cmd/argocd/commands/app.go b/cmd/argocd/commands/app.go index 3e530d74e5131..6cfc083e2af43 100644 --- a/cmd/argocd/commands/app.go +++ b/cmd/argocd/commands/app.go @@ -3,7 +3,6 @@ package commands import ( "context" "encoding/json" - std_errors "errors" "fmt" "io" "os" @@ -30,7 +29,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" k8swatch "k8s.io/apimachinery/pkg/watch" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" @@ -52,7 +51,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/grpc" argoio "github.com/argoproj/argo-cd/v2/util/io" - logutils "github.com/argoproj/argo-cd/v2/util/log" "github.com/argoproj/argo-cd/v2/util/manifeststream" "github.com/argoproj/argo-cd/v2/util/templates" "github.com/argoproj/argo-cd/v2/util/text/label" @@ -60,7 +58,7 @@ import ( // NewApplicationCommand returns a new instance of an `argocd app` command func NewApplicationCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "app", Short: "Manage applications", Example: ` # List all the applications. @@ -122,7 +120,7 @@ func NewApplicationCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra. setFinalizer bool appNamespace string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "create APPNAME", Short: "Create an application", Example: ` # Create a directory app @@ -270,6 +268,7 @@ func hasAppChanged(appReq, appRes *argoappv1.Application, upsert bool) bool { } func parentChildDetails(appIf application.ApplicationServiceClient, ctx context.Context, appName string, appNs string) (map[string]argoappv1.ResourceNode, map[string][]string, map[string]struct{}) { + mapUidToNode := make(map[string]argoappv1.ResourceNode) mapParentToChild := make(map[string][]string) parentNode := make(map[string]struct{}) @@ -324,7 +323,7 @@ func NewApplicationGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com showOperation bool appNamespace string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "get APPNAME", Short: "Get application details", Example: templates.Examples(` @@ -438,7 +437,7 @@ func NewApplicationLogsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co container string previous bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "logs APPNAME", Short: "Get logs of application pods", Example: templates.Examples(` @@ -497,16 +496,16 @@ func NewApplicationLogsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co stream, err := appIf.PodLogs(ctx, &application.ApplicationPodLogsQuery{ Name: &appName, Group: &group, - Namespace: ptr.To(namespace), + Namespace: pointer.String(namespace), Kind: &kind, ResourceName: &resourceName, - Follow: ptr.To(follow), - TailLines: ptr.To(tail), - SinceSeconds: ptr.To(sinceSeconds), + Follow: pointer.Bool(follow), + TailLines: pointer.Int64(tail), + SinceSeconds: pointer.Int64(sinceSeconds), UntilTime: &untilTime, Filter: &filter, - Container: ptr.To(container), - Previous: ptr.To(previous), + Container: pointer.String(container), + Previous: pointer.Bool(previous), AppNamespace: &appNs, }) if err != nil { @@ -514,10 +513,10 @@ func NewApplicationLogsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co } for { msg, err := stream.Recv() + if err == io.EOF { + return + } if err != nil { - if std_errors.Is(err, io.EOF) { - return - } st, ok := status.FromError(err) if !ok { log.Fatalf("stream read failed: %v", err) @@ -642,7 +641,7 @@ func printAppSourceDetails(appSrc *argoappv1.ApplicationSource) { if appSrc.Path != "" { fmt.Printf(printOpFmtStr, " Path:", appSrc.Path) } - if appSrc.IsRef() { + if appSrc.Ref != "" { fmt.Printf(printOpFmtStr, " Ref:", appSrc.Ref) } if appSrc.Helm != nil && len(appSrc.Helm.ValueFiles) > 0 { @@ -736,7 +735,7 @@ func NewApplicationSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com appNamespace string sourcePosition int ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "set APPNAME", Short: "Set application parameters", Example: templates.Examples(` @@ -746,6 +745,12 @@ func NewApplicationSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Com # Set and validate application parameters for "my-app" argocd app set my-app --parameter key1=value1 --parameter key2=value2 --validate + # Set and override application parameters with JSON or YAML file + argocd app set my-app --from-file path/to/parameters.json + + # Set and override application parameters with a parameter file + argocd app set my-app --parameter-file path/to/parameter-file.yaml + # Set and override application parameters for a source at position 1 under spec.sources of app my-app. source-position starts at 1. argocd app set my-app --source-position 1 --repo https://github.com/argoproj/argocd-example-apps.git @@ -829,11 +834,13 @@ func (o *unsetOpts) KustomizeIsZero() bool { // NewApplicationUnsetCommand returns a new instance of an `argocd app unset` command func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var sourcePosition int + var ( + sourcePosition int + ) appOpts := cmdutil.AppOptions{} opts := unsetOpts{} var appNamespace string - command := &cobra.Command{ + var command = &cobra.Command{ Use: "unset APPNAME parameters", Short: "Unset application parameters", Example: ` # Unset kustomize override kustomize image @@ -912,7 +919,7 @@ func NewApplicationUnsetCommand(clientOpts *argocdclient.ClientOptions) *cobra.C func unset(source *argoappv1.ApplicationSource, opts unsetOpts) (updated bool, nothingToUnset bool) { needToUnsetRef := false - if opts.ref && source.IsRef() { + if opts.ref && source.Ref != "" { source.Ref = "" updated = true needToUnsetRef = true @@ -1036,8 +1043,7 @@ func targetObjects(resources []*argoappv1.ResourceDiff) ([]*unstructured.Unstruc } func getLocalObjects(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, - trackingMethod string, -) []*unstructured.Unstructured { + trackingMethod string) []*unstructured.Unstructured { manifestStrings := getLocalObjectsString(ctx, app, proj, local, localRepoRoot, appLabelKey, kubeVersion, apiVersions, kustomizeOptions, trackingMethod) objs := make([]*unstructured.Unstructured, len(manifestStrings)) for i := range manifestStrings { @@ -1050,8 +1056,7 @@ func getLocalObjects(ctx context.Context, app *argoappv1.Application, proj *argo } func getLocalObjectsString(ctx context.Context, app *argoappv1.Application, proj *argoappv1.AppProject, local, localRepoRoot, appLabelKey, kubeVersion string, apiVersions []string, kustomizeOptions *argoappv1.KustomizeOptions, - trackingMethod string, -) []string { + trackingMethod string) []string { source := app.Spec.GetSource() res, err := repository.GenerateManifests(ctx, local, localRepoRoot, source.TargetRevision, &repoapiclient.ManifestRequest{ Repo: &argoappv1.Repository{Repo: source.RepoURL}, @@ -1124,7 +1129,7 @@ func NewApplicationDiffCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts ) shortDesc := "Perform a diff against the target and live state." - command := &cobra.Command{ + var command = &cobra.Command{ Use: "diff APPNAME", Short: shortDesc, Long: shortDesc + "\nUses 'diff' to render the difference. KUBECTL_EXTERNAL_DIFF environment variable can be used to select your own diff tool.\nReturns the following exit codes: 2 on general errors, 1 when a diff is found, and 0 when no diff is found\nKubernetes Secrets are ignored from this diff.", @@ -1276,11 +1281,11 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg } else { for i := range resources.Items { res := resources.Items[i] - live := &unstructured.Unstructured{} + var live = &unstructured.Unstructured{} err := json.Unmarshal([]byte(res.NormalizedLiveState), &live) errors.CheckError(err) - target := &unstructured.Unstructured{} + var target = &unstructured.Unstructured{} err = json.Unmarshal([]byte(res.TargetState), &target) errors.CheckError(err) @@ -1305,7 +1310,6 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg WithDiffSettings(app.Spec.IgnoreDifferences, overrides, ignoreAggregatedRoles, ignoreNormalizerOpts). WithTracking(argoSettings.AppLabelKey, argoSettings.TrackingMethod). WithNoCache(). - WithLogger(logutils.NewLogrusLogger(logutils.NewWithCurrentConfig())). Build() errors.CheckError(err) diffRes, err := argodiff.StateDiff(item.live, item.target, diffConfig) @@ -1336,7 +1340,7 @@ func findandPrintDiff(ctx context.Context, app *argoappv1.Application, proj *arg func groupObjsForDiff(resources *application.ManagedResourcesResponse, objs map[kube.ResourceKey]*unstructured.Unstructured, items []objKeyLiveTarget, argoSettings *settings.Settings, appName, namespace string) []objKeyLiveTarget { resourceTracking := argo.NewResourceTracking() for _, res := range resources.Items { - live := &unstructured.Unstructured{} + var live = &unstructured.Unstructured{} err := json.Unmarshal([]byte(res.NormalizedLiveState), &live) errors.CheckError(err) @@ -1377,7 +1381,7 @@ func NewApplicationDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra. wait bool appNamespace string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "delete APPNAME", Short: "Delete an application", Example: ` # Delete an app @@ -1404,8 +1408,8 @@ func NewApplicationDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra. defer argoio.Close(conn) var isTerminal bool = isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd()) var isConfirmAll bool = false - numOfApps := len(args) - promptFlag := c.Flag("yes") + var numOfApps = len(args) + var promptFlag = c.Flag("yes") if promptFlag.Changed && promptFlag.Value.String() == "true" { noPrompt = true } @@ -1531,7 +1535,7 @@ func NewApplicationListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co appNamespace string cluster string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "list", Short: "List applications", Example: ` # List all apps @@ -1549,7 +1553,7 @@ func NewApplicationListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co conn, appIf := headless.NewClientOrDie(clientOpts, c).NewApplicationClientOrDie() defer argoio.Close(conn) apps, err := appIf.List(ctx, &application.ApplicationQuery{ - Selector: ptr.To(selector), + Selector: pointer.String(selector), AppNamespace: &appNamespace, }) @@ -1701,7 +1705,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co output string appNamespace string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "wait [APPNAME.. | -l selector]", Short: "Wait for an application to reach a synced and healthy state", Example: ` # Wait for an app @@ -1741,7 +1745,7 @@ func NewApplicationWaitCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co closer, appIf := acdClient.NewApplicationClientOrDie() defer argoio.Close(closer) if selector != "" { - list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: ptr.To(selector)}) + list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: pointer.String(selector)}) errors.CheckError(err) for _, i := range list.Items { appNames = append(appNames, i.QualifiedName()) @@ -1829,7 +1833,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co appNamespace string ignoreNormalizerOpts normalizers.IgnoreNormalizerOpts ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "sync [APPNAME... | -l selector | --project project-name]", Short: "Sync an application to its target state", Example: ` # Sync an app @@ -1891,10 +1895,9 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co appNames := args if selector != "" || len(projects) > 0 { list, err := appIf.List(ctx, &application.ApplicationQuery{ - Selector: ptr.To(selector), + Selector: pointer.String(selector), AppNamespace: &appNamespace, - Projects: projects, - }) + Projects: projects}) errors.CheckError(err) // unlike list, we'd want to fail if nothing was found @@ -2064,7 +2067,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co Backoff: &argoappv1.Backoff{ Duration: retryBackoffDuration.String(), MaxDuration: retryBackoffMaxDuration.String(), - Factor: ptr.To(retryBackoffFactor), + Factor: pointer.Int64(retryBackoffFactor), }, } } @@ -2092,8 +2095,6 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co } } else { fmt.Printf("====== No Differences found ======\n") - // if no differences found, then no need to sync - return } } _, err = appIf.Sync(ctx, &syncReq) @@ -2152,7 +2153,7 @@ func NewApplicationSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co func getAppNamesBySelector(ctx context.Context, appIf application.ApplicationServiceClient, selector string) ([]string, error) { appNames := []string{} if selector != "" { - list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: ptr.To(selector)}) + list, err := appIf.List(ctx, &application.ApplicationQuery{Selector: pointer.String(selector)}) if err != nil { return []string{}, err } @@ -2229,8 +2230,7 @@ func getResourceStates(app *argoappv1.Application, selectedResources []*argoappv sync = string(resource.Status) } states = append(states, &resourceState{ - Group: res.Group, Kind: res.Kind, Namespace: res.Namespace, Name: res.Name, Status: sync, Health: health, Hook: string(res.HookType), Message: res.Message, - }) + Group: res.Group, Kind: res.Kind, Namespace: res.Namespace, Name: res.Name, Status: sync, Health: health, Hook: string(res.HookType), Message: res.Message}) delete(resourceByKey, kube.NewResourceKey(res.Group, res.Kind, res.Namespace, res.Name)) } } @@ -2249,8 +2249,7 @@ func getResourceStates(app *argoappv1.Application, selectedResources []*argoappv health = string(res.Health.Status) } states = append(states, &resourceState{ - Group: res.Group, Kind: res.Kind, Namespace: res.Namespace, Name: res.Name, Status: string(res.Status), Health: health, Hook: "", Message: "", - }) + Group: res.Group, Kind: res.Kind, Namespace: res.Namespace, Name: res.Name, Status: string(res.Status), Health: health, Hook: "", Message: ""}) } // filter out not selected resources if len(selectedResources) > 0 { @@ -2336,7 +2335,7 @@ func checkResourceStatus(watch watchOpts, healthStatus string, syncStatus string func resourceParentChild(ctx context.Context, acdClient argocdclient.Client, appName string, appNs string) (map[string]argoappv1.ResourceNode, map[string][]string, map[string]struct{}, map[string]*resourceState) { _, appIf := acdClient.NewApplicationClientOrDie() mapUidToNode, mapParentToChild, parentNode := parentChildDetails(appIf, ctx, appName, appNs) - app, err := appIf.Get(ctx, &application.ApplicationQuery{Name: ptr.To(appName), AppNamespace: ptr.To(appNs)}) + app, err := appIf.Get(ctx, &application.ApplicationQuery{Name: pointer.String(appName), AppNamespace: pointer.String(appNs)}) errors.CheckError(err) mapNodeNameToResourceState := make(map[string]*resourceState) for _, res := range getResourceStates(app, nil) { @@ -2359,10 +2358,6 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client, // time when the sync status lags behind when an operation completes refresh := false - // printSummary controls whether we print the app summary table, OperationState, and ResourceState - // We don't want to print these when output type is json or yaml, as the output would become unparsable. - printSummary := output != "json" && output != "yaml" - appRealName, appNs := argo.ParseFromQualifiedName(appName, "") printFinalStatus := func(app *argoappv1.Application) *argoappv1.Application { @@ -2379,13 +2374,11 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client, _ = conn.Close() } - if printSummary { - fmt.Println() - printAppSummaryTable(app, appURL(ctx, acdClient, appName), nil) - fmt.Println() - if watch.operation { - printOperationResult(app.Status.OperationState) - } + fmt.Println() + printAppSummaryTable(app, appURL(ctx, acdClient, appName), nil) + fmt.Println() + if watch.operation { + printOperationResult(app.Status.OperationState) } switch output { @@ -2425,26 +2418,17 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client, AppNamespace: &appNs, }) errors.CheckError(err) - - if printSummary { - fmt.Println() - fmt.Println("This is the state of the app after `wait` timed out:") - } - + fmt.Println() + fmt.Println("This is the state of the app after `wait` timed out:") printFinalStatus(app) cancel() - - if printSummary { - fmt.Println() - fmt.Println("The command timed out waiting for the conditions to be met.") - } + fmt.Println() + fmt.Println("The command timed out waiting for the conditions to be met.") }) } w := tabwriter.NewWriter(os.Stdout, 5, 0, 2, ' ', 0) - if printSummary { - _, _ = fmt.Fprintf(w, waitFormatString, "TIMESTAMP", "GROUP", "KIND", "NAMESPACE", "NAME", "STATUS", "HEALTH", "HOOK", "MESSAGE") - } + _, _ = fmt.Fprintf(w, waitFormatString, "TIMESTAMP", "GROUP", "KIND", "NAMESPACE", "NAME", "STATUS", "HEALTH", "HOOK", "MESSAGE") prevStates := make(map[string]*resourceState) conn, appClient := acdClient.NewApplicationClientOrDie() @@ -2528,7 +2512,7 @@ func waitOnApplicationStatus(ctx context.Context, acdClient argocdclient.Client, prevStates[stateKey] = newState doPrint = true } - if doPrint && printSummary { + if doPrint { _, _ = fmt.Fprintf(w, waitFormatString, prevStates[stateKey].FormatItems()...) } } @@ -2551,8 +2535,10 @@ func setParameterOverrides(app *argoappv1.Application, parameters []string, sour sourceType = *st } else if app.Status.SourceType != "" { sourceType = app.Status.SourceType - } else if len(strings.SplitN(parameters[0], "=", 2)) == 2 { - sourceType = argoappv1.ApplicationSourceTypeHelm + } else { + if len(strings.SplitN(parameters[0], "=", 2)) == 2 { + sourceType = argoappv1.ApplicationSourceTypeHelm + } } switch sourceType { @@ -2642,7 +2628,7 @@ func NewApplicationHistoryCommand(clientOpts *argocdclient.ClientOptions) *cobra output string appNamespace string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "history APPNAME", Short: "Show application deployment history", Run: func(c *cobra.Command, args []string) { @@ -2698,7 +2684,7 @@ func NewApplicationRollbackCommand(clientOpts *argocdclient.ClientOptions) *cobr output string appNamespace string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "rollback APPNAME [ID]", Short: "Rollback application to a previous deployed version by History ID, omitted will Rollback to the previous version", Run: func(c *cobra.Command, args []string) { @@ -2729,8 +2715,8 @@ func NewApplicationRollbackCommand(clientOpts *argocdclient.ClientOptions) *cobr _, err = appIf.Rollback(ctx, &application.ApplicationRollbackRequest{ Name: &appName, AppNamespace: &appNs, - Id: ptr.To(depInfo.ID), - Prune: ptr.To(prune), + Id: pointer.Int64(depInfo.ID), + Prune: pointer.Bool(prune), }) errors.CheckError(err) @@ -2747,10 +2733,8 @@ func NewApplicationRollbackCommand(clientOpts *argocdclient.ClientOptions) *cobr return command } -const ( - printOpFmtStr = "%-20s%s\n" - defaultCheckTimeoutSeconds = 0 -) +const printOpFmtStr = "%-20s%s\n" +const defaultCheckTimeoutSeconds = 0 func printOperationResult(opState *argoappv1.OperationState) { if opState == nil { @@ -2789,7 +2773,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob local string localRepoRoot string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "manifests APPNAME", Short: "Print manifests of an application", Example: templates.Examples(` @@ -2851,10 +2835,11 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob proj := getProject(c, clientOpts, ctx, app.Spec.Project) unstructureds = getLocalObjects(context.Background(), app, proj.Project, local, localRepoRoot, argoSettings.AppLabelKey, cluster.ServerVersion, cluster.Info.APIVersions, argoSettings.KustomizeOptions, argoSettings.TrackingMethod) } else if len(revisions) > 0 && len(sourcePositions) > 0 { + q := application.ApplicationManifestQuery{ Name: &appName, AppNamespace: &appNs, - Revision: ptr.To(revision), + Revision: pointer.String(revision), Revisions: revisions, SourcePositions: sourcePositions, } @@ -2870,7 +2855,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob q := application.ApplicationManifestQuery{ Name: &appName, AppNamespace: &appNs, - Revision: ptr.To(revision), + Revision: pointer.String(revision), } res, err := appIf.GetManifests(ctx, &q) errors.CheckError(err) @@ -2912,7 +2897,7 @@ func NewApplicationManifestsCommand(clientOpts *argocdclient.ClientOptions) *cob // NewApplicationTerminateOpCommand returns a new instance of an `argocd app terminate-op` command func NewApplicationTerminateOpCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "terminate-op APPNAME", Short: "Terminate running operation of an application", Run: func(c *cobra.Command, args []string) { @@ -2937,8 +2922,10 @@ func NewApplicationTerminateOpCommand(clientOpts *argocdclient.ClientOptions) *c } func NewApplicationEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var appNamespace string - command := &cobra.Command{ + var ( + appNamespace string + ) + var command = &cobra.Command{ Use: "edit APPNAME", Short: "Edit application", Run: func(c *cobra.Command, args []string) { @@ -3049,7 +3036,7 @@ func NewApplicationAddSourceCommand(clientOpts *argocdclient.ClientOptions) *cob appOpts cmdutil.AppOptions appNamespace string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add-source APPNAME", Short: "Adds a source to the list of sources in the application", Example: ` # Append a source to the list of sources in the application diff --git a/cmd/argocd/commands/app_actions.go b/cmd/argocd/commands/app_actions.go index f795585d07b8c..866aed5ae349e 100644 --- a/cmd/argocd/commands/app_actions.go +++ b/cmd/argocd/commands/app_actions.go @@ -4,17 +4,16 @@ import ( "context" "encoding/json" "fmt" + "github.com/argoproj/argo-cd/v2/util/templates" "os" "strconv" "text/tabwriter" - "github.com/argoproj/argo-cd/v2/util/templates" - "github.com/argoproj/argo-cd/v2/cmd/util" log "github.com/sirupsen/logrus" "github.com/spf13/cobra" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" @@ -35,17 +34,19 @@ type DisplayedAction struct { Disabled bool } -var appActionExample = templates.Examples(` +var ( + appActionExample = templates.Examples(` # List all the available actions for an application argocd app actions list APPNAME # Run an available action for an application argocd app actions run APPNAME ACTION --kind KIND [--resource-name RESOURCE] [--namespace NAMESPACE] [--group GROUP] `) +) // NewApplicationResourceActionsCommand returns a new instance of an `argocd app actions` command func NewApplicationResourceActionsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "actions", Short: "Manage Resource actions", Example: appActionExample, @@ -66,7 +67,7 @@ func NewApplicationResourceActionsListCommand(clientOpts *argocdclient.ClientOpt var group string var resourceName string var output string - command := &cobra.Command{ + var command = &cobra.Command{ Use: "list APPNAME", Short: "Lists available actions on a resource", Example: templates.Examples(` @@ -95,11 +96,11 @@ func NewApplicationResourceActionsListCommand(clientOpts *argocdclient.ClientOpt availActionsForResource, err := appIf.ListResourceActions(ctx, &applicationpkg.ApplicationResourceRequest{ Name: &appName, AppNamespace: &appNs, - Namespace: ptr.To(obj.GetNamespace()), - ResourceName: ptr.To(obj.GetName()), - Group: ptr.To(gvk.Group), - Kind: ptr.To(gvk.Kind), - Version: ptr.To(gvk.Version), + Namespace: pointer.String(obj.GetNamespace()), + ResourceName: pointer.String(obj.GetName()), + Group: pointer.String(gvk.Group), + Kind: pointer.String(gvk.Kind), + Version: pointer.String(gvk.Version), }) errors.CheckError(err) for _, action := range availActionsForResource.Actions { @@ -148,7 +149,7 @@ func NewApplicationResourceActionsRunCommand(clientOpts *argocdclient.ClientOpti var kind string var group string var all bool - command := &cobra.Command{ + var command = &cobra.Command{ Use: "run APPNAME ACTION", Short: "Runs an available action on resource(s)", Example: templates.Examples(` @@ -180,7 +181,7 @@ func NewApplicationResourceActionsRunCommand(clientOpts *argocdclient.ClientOpti errors.CheckError(err) filteredObjects, err := util.FilterResources(command.Flags().Changed("group"), resources, group, kind, namespace, resourceName, all) errors.CheckError(err) - resGroup := filteredObjects[0].GroupVersionKind().Group + var resGroup = filteredObjects[0].GroupVersionKind().Group for i := range filteredObjects[1:] { if filteredObjects[i].GroupVersionKind().Group != resGroup { log.Fatal("Ambiguous resource group. Use flag --group to specify resource group explicitly.") @@ -194,12 +195,12 @@ func NewApplicationResourceActionsRunCommand(clientOpts *argocdclient.ClientOpti _, err := appIf.RunResourceAction(ctx, &applicationpkg.ResourceActionRunRequest{ Name: &appName, AppNamespace: &appNs, - Namespace: ptr.To(obj.GetNamespace()), - ResourceName: ptr.To(objResourceName), - Group: ptr.To(gvk.Group), - Kind: ptr.To(gvk.Kind), - Version: ptr.To(gvk.GroupVersion().Version), - Action: ptr.To(actionName), + Namespace: pointer.String(obj.GetNamespace()), + ResourceName: pointer.String(objResourceName), + Group: pointer.String(gvk.Group), + Kind: pointer.String(gvk.Kind), + Version: pointer.String(gvk.GroupVersion().Version), + Action: pointer.String(actionName), }) errors.CheckError(err) } diff --git a/cmd/argocd/commands/app_resource_test.go b/cmd/argocd/commands/app_resource_test.go index 5b85f96050109..5846065141e15 100644 --- a/cmd/argocd/commands/app_resource_test.go +++ b/cmd/argocd/commands/app_resource_test.go @@ -17,9 +17,9 @@ func TestPrintTreeViewAppResources(t *testing.T) { nodes[1].ResourceRef = v1alpha1.ResourceRef{Group: "apps", Version: "v1", Kind: "ReplicaSet", Namespace: "sandbox-rollout-numalogic-demo", Name: "numalogic-rollout-demo-5dcd5457d5", UID: "75c30dce-1b66-414f-a86c-573a74be0f40"} nodes[1].ParentRefs = []v1alpha1.ResourceRef{{Group: "argoproj.io", Version: "", Kind: "Rollout", Namespace: "sandbox-rollout-numalogic-demo", Name: "numalogic-rollout-demo", UID: "87f3aab0-f634-4b2c-959a-7ddd30675ed0"}} nodes[2].ResourceRef = v1alpha1.ResourceRef{Group: "argoproj.io", Version: "", Kind: "Rollout", Namespace: "sandbox-rollout-numalogic-demo", Name: "numalogic-rollout-demo", UID: "87f3aab0-f634-4b2c-959a-7ddd30675ed0"} - nodeMapping := make(map[string]v1alpha1.ResourceNode) - mapParentToChild := make(map[string][]string) - parentNode := make(map[string]struct{}) + var nodeMapping = make(map[string]v1alpha1.ResourceNode) + var mapParentToChild = make(map[string][]string) + var parentNode = make(map[string]struct{}) for _, node := range nodes { nodeMapping[node.UID] = node if len(node.ParentRefs) > 0 { @@ -58,9 +58,9 @@ func TestPrintTreeViewDetailedAppResources(t *testing.T) { Message: "Readiness Gate failed", } - nodeMapping := make(map[string]v1alpha1.ResourceNode) - mapParentToChild := make(map[string][]string) - parentNode := make(map[string]struct{}) + var nodeMapping = make(map[string]v1alpha1.ResourceNode) + var mapParentToChild = make(map[string][]string) + var parentNode = make(map[string]struct{}) for _, node := range nodes { nodeMapping[node.UID] = node if len(node.ParentRefs) > 0 { diff --git a/cmd/argocd/commands/app_resources.go b/cmd/argocd/commands/app_resources.go index c1fc1dfc82f2a..4cffb706ff1bc 100644 --- a/cmd/argocd/commands/app_resources.go +++ b/cmd/argocd/commands/app_resources.go @@ -11,7 +11,7 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "k8s.io/apimachinery/pkg/types" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/headless" argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" @@ -71,14 +71,14 @@ func NewApplicationPatchResourceCommand(clientOpts *argocdclient.ClientOptions) _, err = appIf.PatchResource(ctx, &applicationpkg.ApplicationResourcePatchRequest{ Name: &appName, AppNamespace: &appNs, - Namespace: ptr.To(obj.GetNamespace()), - ResourceName: ptr.To(obj.GetName()), - Version: ptr.To(gvk.Version), - Group: ptr.To(gvk.Group), - Kind: ptr.To(gvk.Kind), - Patch: ptr.To(patch), - PatchType: ptr.To(patchType), - Project: ptr.To(project), + Namespace: pointer.String(obj.GetNamespace()), + ResourceName: pointer.String(obj.GetName()), + Version: pointer.String(gvk.Version), + Group: pointer.String(gvk.Group), + Kind: pointer.String(gvk.Kind), + Patch: pointer.String(patch), + PatchType: pointer.String(patchType), + Project: pointer.String(project), }) errors.CheckError(err) log.Infof("Resource '%s' patched", obj.GetName()) @@ -108,8 +108,8 @@ func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) errors.CheckError(err) command.Flags().StringVar(&group, "group", "", "Group") command.Flags().StringVar(&namespace, "namespace", "", "Namespace") - command.Flags().BoolVar(&force, "force", false, "Indicates whether to force delete the resource") - command.Flags().BoolVar(&orphan, "orphan", false, "Indicates whether to orphan the dependents of the deleted resource") + command.Flags().BoolVar(&force, "force", false, "Indicates whether to orphan the dependents of the deleted resource") + command.Flags().BoolVar(&orphan, "orphan", false, "Indicates whether to force delete the resource") command.Flags().BoolVar(&all, "all", false, "Indicates whether to patch multiple matching of resources") command.Flags().StringVar(&project, "project", "", `The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist`) command.Run = func(c *cobra.Command, args []string) { @@ -136,14 +136,14 @@ func NewApplicationDeleteResourceCommand(clientOpts *argocdclient.ClientOptions) _, err = appIf.DeleteResource(ctx, &applicationpkg.ApplicationResourceDeleteRequest{ Name: &appName, AppNamespace: &appNs, - Namespace: ptr.To(obj.GetNamespace()), - ResourceName: ptr.To(obj.GetName()), - Version: ptr.To(gvk.Version), - Group: ptr.To(gvk.Group), - Kind: ptr.To(gvk.Kind), + Namespace: pointer.String(obj.GetNamespace()), + ResourceName: pointer.String(obj.GetName()), + Version: pointer.String(gvk.Version), + Group: pointer.String(gvk.Group), + Kind: pointer.String(gvk.Kind), Force: &force, Orphan: &orphan, - Project: ptr.To(project), + Project: pointer.String(project), }) errors.CheckError(err) log.Infof("Resource '%s' deleted", obj.GetName()) @@ -179,6 +179,7 @@ func printDetailedTreeViewAppResourcesNotOrphaned(nodeMapping map[string]v1alpha for uid := range parentNodes { detailedTreeViewAppResourcesNotOrphaned("", nodeMapping, parentChildMapping, nodeMapping[uid], w) } + } func printDetailedTreeViewAppResourcesOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, orphaned bool, listAll bool, w *tabwriter.Writer) { @@ -191,6 +192,7 @@ func printTreeViewAppResourcesNotOrphaned(nodeMapping map[string]v1alpha1.Resour for uid := range parentNodes { treeViewAppResourcesNotOrphaned("", nodeMapping, parentChildMapping, nodeMapping[uid], w) } + } func printTreeViewAppResourcesOrphaned(nodeMapping map[string]v1alpha1.ResourceNode, parentChildMapping map[string][]string, parentNodes map[string]struct{}, orphaned bool, listAll bool, w *tabwriter.Writer) { @@ -213,6 +215,7 @@ func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.Appli mapUidToNode, mapParentToChild, parentNode := parentChildInfo(appResourceTree.OrphanedNodes) printDetailedTreeViewAppResourcesOrphaned(mapUidToNode, mapParentToChild, parentNode, orphaned, listAll, w) } + } else if output == "tree" { fmt.Fprintf(w, "GROUP\tKIND\tNAMESPACE\tNAME\tORPHANED\n") @@ -225,7 +228,9 @@ func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.Appli mapUidToNode, mapParentToChild, parentNode := parentChildInfo(appResourceTree.OrphanedNodes) printTreeViewAppResourcesOrphaned(mapUidToNode, mapParentToChild, parentNode, orphaned, listAll, w) } + } else { + headers := []interface{}{"GROUP", "KIND", "NAMESPACE", "NAME", "ORPHANED"} fmtStr := "%s\t%s\t%s\t%s\t%s\n" _, _ = fmt.Fprintf(w, fmtStr, headers...) @@ -241,15 +246,17 @@ func printResources(listAll bool, orphaned bool, appResourceTree *v1alpha1.Appli _, _ = fmt.Fprintf(w, fmtStr, res.Group, res.Kind, res.Namespace, res.Name, "Yes") } } + } _ = w.Flush() + } func NewApplicationListResourcesCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var orphaned bool var output string var project string - command := &cobra.Command{ + var command = &cobra.Command{ Use: "resources APPNAME", Short: "List resource of application", Run: func(c *cobra.Command, args []string) { diff --git a/cmd/argocd/commands/app_test.go b/cmd/argocd/commands/app_test.go index a149d11f6e99e..ec9dcdf0f8e65 100644 --- a/cmd/argocd/commands/app_test.go +++ b/cmd/argocd/commands/app_test.go @@ -2,25 +2,13 @@ package commands import ( "context" - "encoding/json" "fmt" "io" "net/http" "os" - "slices" - "strings" "testing" "time" - "google.golang.org/grpc" - "k8s.io/apimachinery/pkg/watch" - - "github.com/argoproj/argo-cd/v2/reposerver/apiclient" - - v1 "k8s.io/api/core/v1" - - "sigs.k8s.io/yaml" - argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" accountpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/account" applicationpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" @@ -44,7 +32,6 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "golang.org/x/oauth2" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -112,6 +99,7 @@ func Test_getRefreshType(t *testing.T) { } func TestFindRevisionHistoryWithoutPassedId(t *testing.T) { + histories := v1alpha1.RevisionHistories{} histories = append(histories, v1alpha1.RevisionHistory{ID: 1}) @@ -136,6 +124,7 @@ func TestFindRevisionHistoryWithoutPassedId(t *testing.T) { } history, err := findRevisionHistory(&application, -1) + if err != nil { t.Fatal("Find revision history should fail without errors") } @@ -143,6 +132,7 @@ func TestFindRevisionHistoryWithoutPassedId(t *testing.T) { if history == nil { t.Fatal("History should be found") } + } func TestPrintTreeViewAppGet(t *testing.T) { @@ -153,9 +143,9 @@ func TestPrintTreeViewAppGet(t *testing.T) { nodes[1].ParentRefs = []v1alpha1.ResourceRef{{Group: "argoproj.io", Version: "", Kind: "Rollout", Namespace: "sandbox-rollout-numalogic-demo", Name: "numalogic-rollout-demo", UID: "87f3aab0-f634-4b2c-959a-7ddd30675ed0"}} nodes[2].ResourceRef = v1alpha1.ResourceRef{Group: "argoproj.io", Version: "", Kind: "Rollout", Namespace: "sandbox-rollout-numalogic-demo", Name: "numalogic-rollout-demo", UID: "87f3aab0-f634-4b2c-959a-7ddd30675ed0"} - nodeMapping := make(map[string]v1alpha1.ResourceNode) - mapParentToChild := make(map[string][]string) - parentNode := make(map[string]struct{}) + var nodeMapping = make(map[string]v1alpha1.ResourceNode) + var mapParentToChild = make(map[string][]string) + var parentNode = make(map[string]struct{}) for _, node := range nodes { nodeMapping[node.UID] = node @@ -192,9 +182,9 @@ func TestPrintTreeViewDetailedAppGet(t *testing.T) { nodes[1].ParentRefs = []v1alpha1.ResourceRef{{Group: "argoproj.io", Version: "", Kind: "Rollout", Namespace: "sandbox-rollout-numalogic-demo", Name: "numalogic-rollout-demo", UID: "87f3aab0-f634-4b2c-959a-7ddd30675ed0"}} nodes[2].ResourceRef = v1alpha1.ResourceRef{Group: "argoproj.io", Version: "", Kind: "Rollout", Namespace: "sandbox-rollout-numalogic-demo", Name: "numalogic-rollout-demo", UID: "87f3aab0-f634-4b2c-959a-7ddd30675ed0"} - nodeMapping := make(map[string]v1alpha1.ResourceNode) - mapParentToChild := make(map[string][]string) - parentNode := make(map[string]struct{}) + var nodeMapping = make(map[string]v1alpha1.ResourceNode) + var mapParentToChild = make(map[string][]string) + var parentNode = make(map[string]struct{}) for _, node := range nodes { nodeMapping[node.UID] = node @@ -222,40 +212,7 @@ func TestPrintTreeViewDetailedAppGet(t *testing.T) { assert.Contains(t, output, "numalogic-rollout-demo-5dcd5457d5-6trpt") assert.Contains(t, output, "Degraded") assert.Contains(t, output, "Readiness Gate failed") -} - -func TestFindRevisionHistoryWithoutPassedIdWithMultipleSources(t *testing.T) { - histories := v1alpha1.RevisionHistories{} - - histories = append(histories, v1alpha1.RevisionHistory{ID: 1}) - histories = append(histories, v1alpha1.RevisionHistory{ID: 2}) - histories = append(histories, v1alpha1.RevisionHistory{ID: 3}) - status := v1alpha1.ApplicationStatus{ - Resources: nil, - Sync: v1alpha1.SyncStatus{}, - Health: v1alpha1.HealthStatus{}, - History: histories, - Conditions: nil, - ReconciledAt: nil, - OperationState: nil, - ObservedAt: nil, - SourceType: "", - Summary: v1alpha1.ApplicationSummary{}, - } - - application := v1alpha1.Application{ - Status: status, - } - - history, err := findRevisionHistory(&application, -1) - if err != nil { - t.Fatal("Find revision history should fail without errors") - } - - if history == nil { - t.Fatal("History should be found") - } } func TestDefaultWaitOptions(t *testing.T) { @@ -266,10 +223,10 @@ func TestDefaultWaitOptions(t *testing.T) { suspended: false, } opts := getWatchOpts(watch) - assert.True(t, opts.sync) - assert.True(t, opts.health) - assert.True(t, opts.operation) - assert.False(t, opts.suspended) + assert.Equal(t, true, opts.sync) + assert.Equal(t, true, opts.health) + assert.Equal(t, true, opts.operation) + assert.Equal(t, false, opts.suspended) } func TestOverrideWaitOptions(t *testing.T) { @@ -280,13 +237,14 @@ func TestOverrideWaitOptions(t *testing.T) { suspended: false, } opts := getWatchOpts(watch) - assert.True(t, opts.sync) - assert.False(t, opts.health) - assert.False(t, opts.operation) - assert.False(t, opts.suspended) + assert.Equal(t, true, opts.sync) + assert.Equal(t, false, opts.health) + assert.Equal(t, false, opts.operation) + assert.Equal(t, false, opts.suspended) } func TestFindRevisionHistoryWithoutPassedIdAndEmptyHistoryList(t *testing.T) { + histories := v1alpha1.RevisionHistories{} status := v1alpha1.ApplicationStatus{ @@ -319,9 +277,11 @@ func TestFindRevisionHistoryWithoutPassedIdAndEmptyHistoryList(t *testing.T) { if err.Error() != "Application '' should have at least two successful deployments" { t.Fatal("Find revision history should fail with correct error message") } + } func TestFindRevisionHistoryWithPassedId(t *testing.T) { + histories := v1alpha1.RevisionHistories{} histories = append(histories, v1alpha1.RevisionHistory{ID: 1}) @@ -346,6 +306,7 @@ func TestFindRevisionHistoryWithPassedId(t *testing.T) { } history, err := findRevisionHistory(&application, 3) + if err != nil { t.Fatal("Find revision history should fail without errors") } @@ -357,9 +318,11 @@ func TestFindRevisionHistoryWithPassedId(t *testing.T) { if history.Revision != "123" { t.Fatal("Failed to find correct history with correct revision") } + } func TestFindRevisionHistoryWithPassedIdThatNotExist(t *testing.T) { + histories := v1alpha1.RevisionHistories{} histories = append(histories, v1alpha1.RevisionHistory{ID: 1}) @@ -396,6 +359,7 @@ func TestFindRevisionHistoryWithPassedIdThatNotExist(t *testing.T) { if err.Error() != "Application '' does not have deployment id '4' in history\n" { t.Fatal("Find revision history should fail with correct error message") } + } func Test_groupObjsByKey(t *testing.T) { @@ -452,6 +416,7 @@ func Test_groupObjsByKey(t *testing.T) { } func TestFormatSyncPolicy(t *testing.T) { + t.Run("Policy not defined", func(t *testing.T) { app := v1alpha1.Application{} @@ -495,6 +460,7 @@ func TestFormatSyncPolicy(t *testing.T) { t.Fatalf("Incorrect policy %q, should be Auto-Prune", policy) } }) + } func TestFormatConditionSummary(t *testing.T) { @@ -637,7 +603,7 @@ func TestPrintApplicationHistoryTableWithMultipleSources(t *testing.T) { "1a", "1b", }, - // added Source just for testing the fuction + //added Source just for testing the fuction Source: v1alpha1.ApplicationSource{ TargetRevision: "-1", RepoURL: "ignore", @@ -1042,6 +1008,7 @@ func TestTargetObjects_invalid(t *testing.T) { } func TestCheckForDeleteEvent(t *testing.T) { + ctx := context.Background() fakeClient := new(fakeAcdClient) @@ -1151,36 +1118,36 @@ func Test_unset(t *testing.T) { assert.False(t, updated) assert.False(t, nothingToUnset) - assert.Len(t, kustomizeSource.Kustomize.Images, 2) + assert.Equal(t, 2, len(kustomizeSource.Kustomize.Images)) updated, nothingToUnset = unset(kustomizeSource, unsetOpts{kustomizeImages: []string{"old1=new:tag"}}) - assert.Len(t, kustomizeSource.Kustomize.Images, 1) + assert.Equal(t, 1, len(kustomizeSource.Kustomize.Images)) assert.True(t, updated) assert.False(t, nothingToUnset) updated, nothingToUnset = unset(kustomizeSource, unsetOpts{kustomizeImages: []string{"old1=new:tag"}}) assert.False(t, updated) assert.False(t, nothingToUnset) - assert.Len(t, kustomizeSource.Kustomize.Replicas, 2) + assert.Equal(t, 2, len(kustomizeSource.Kustomize.Replicas)) updated, nothingToUnset = unset(kustomizeSource, unsetOpts{kustomizeReplicas: []string{"my-deployment"}}) - assert.Len(t, kustomizeSource.Kustomize.Replicas, 1) + assert.Equal(t, 1, len(kustomizeSource.Kustomize.Replicas)) assert.True(t, updated) assert.False(t, nothingToUnset) updated, nothingToUnset = unset(kustomizeSource, unsetOpts{kustomizeReplicas: []string{"my-deployment"}}) assert.False(t, updated) assert.False(t, nothingToUnset) - assert.Len(t, helmSource.Helm.Parameters, 2) + assert.Equal(t, 2, len(helmSource.Helm.Parameters)) updated, nothingToUnset = unset(helmSource, unsetOpts{parameters: []string{"name-1"}}) - assert.Len(t, helmSource.Helm.Parameters, 1) + assert.Equal(t, 1, len(helmSource.Helm.Parameters)) assert.True(t, updated) assert.False(t, nothingToUnset) updated, nothingToUnset = unset(helmSource, unsetOpts{parameters: []string{"name-1"}}) assert.False(t, updated) assert.False(t, nothingToUnset) - assert.Len(t, helmSource.Helm.ValueFiles, 2) + assert.Equal(t, 2, len(helmSource.Helm.ValueFiles)) updated, nothingToUnset = unset(helmSource, unsetOpts{valuesFiles: []string{"values-1.yaml"}}) - assert.Len(t, helmSource.Helm.ValueFiles, 1) + assert.Equal(t, 1, len(helmSource.Helm.ValueFiles)) assert.True(t, updated) assert.False(t, nothingToUnset) updated, nothingToUnset = unset(helmSource, unsetOpts{valuesFiles: []string{"values-1.yaml"}}) @@ -1196,27 +1163,27 @@ func Test_unset(t *testing.T) { assert.False(t, updated) assert.False(t, nothingToUnset) - assert.True(t, helmSource.Helm.IgnoreMissingValueFiles) + assert.Equal(t, true, helmSource.Helm.IgnoreMissingValueFiles) updated, nothingToUnset = unset(helmSource, unsetOpts{ignoreMissingValueFiles: true}) - assert.False(t, helmSource.Helm.IgnoreMissingValueFiles) + assert.Equal(t, false, helmSource.Helm.IgnoreMissingValueFiles) assert.True(t, updated) assert.False(t, nothingToUnset) updated, nothingToUnset = unset(helmSource, unsetOpts{ignoreMissingValueFiles: true}) assert.False(t, updated) assert.False(t, nothingToUnset) - assert.True(t, helmSource.Helm.PassCredentials) + assert.Equal(t, true, helmSource.Helm.PassCredentials) updated, nothingToUnset = unset(helmSource, unsetOpts{passCredentials: true}) - assert.False(t, helmSource.Helm.PassCredentials) + assert.Equal(t, false, helmSource.Helm.PassCredentials) assert.True(t, updated) assert.False(t, nothingToUnset) updated, nothingToUnset = unset(helmSource, unsetOpts{passCredentials: true}) assert.False(t, updated) assert.False(t, nothingToUnset) - assert.Len(t, pluginSource.Plugin.Env, 2) + assert.Equal(t, 2, len(pluginSource.Plugin.Env)) updated, nothingToUnset = unset(pluginSource, unsetOpts{pluginEnvs: []string{"env-1"}}) - assert.Len(t, pluginSource.Plugin.Env, 1) + assert.Equal(t, 1, len(pluginSource.Plugin.Env)) assert.True(t, updated) assert.False(t, nothingToUnset) updated, nothingToUnset = unset(pluginSource, unsetOpts{pluginEnvs: []string{"env-1"}}) @@ -1290,8 +1257,7 @@ func TestFilterAppResources(t *testing.T) { app := v1alpha1.Application{ Status: v1alpha1.ApplicationStatus{ Resources: []v1alpha1.ResourceStatus{ - appReplicaSet1, appReplicaSet2, appJob, appService1, appService2, appDeployment, - }, + appReplicaSet1, appReplicaSet2, appJob, appService1, appService2, appDeployment}, }, } // Resource filters @@ -1301,56 +1267,49 @@ func TestFilterAppResources(t *testing.T) { Kind: "", Name: "", Namespace: "", - Exclude: false, - } + Exclude: false} // *:*:* includeAllResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "*", Name: "*", Namespace: "", - Exclude: false, - } + Exclude: false} // !*:*:* excludeAllResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "*", Name: "*", Namespace: "", - Exclude: true, - } + Exclude: true} // *:Service:* includeAllServiceResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "Service", Name: "*", Namespace: "", - Exclude: false, - } + Exclude: false} // !*:Service:* excludeAllServiceResources = v1alpha1.SyncOperationResource{ Group: "*", Kind: "Service", Name: "*", Namespace: "", - Exclude: true, - } + Exclude: true} // apps:ReplicaSet:replicaSet-name1 includeReplicaSet1Resource = v1alpha1.SyncOperationResource{ Group: "apps", Kind: "ReplicaSet", Name: "replicaSet-name1", Namespace: "", - Exclude: false, - } + Exclude: false} // !apps:ReplicaSet:replicaSet-name2 excludeReplicaSet2Resource = v1alpha1.SyncOperationResource{ Group: "apps", Kind: "ReplicaSet", Name: "replicaSet-name2", Namespace: "", - Exclude: true, - } + Exclude: true} ) // Filtered resources @@ -1398,66 +1357,55 @@ func TestFilterAppResources(t *testing.T) { expectedResult []*v1alpha1.SyncOperationResource }{ // --resource apps:ReplicaSet:replicaSet-name1 --resource *:Service:* - { - testName: "Include ReplicaSet replicaSet-name1 resource and all service resources", + {testName: "Include ReplicaSet replicaSet-name1 resouce and all service resources", selectedResources: []*v1alpha1.SyncOperationResource{&includeAllServiceResources, &includeReplicaSet1Resource}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &service1, &service2}, }, // --resource apps:ReplicaSet:replicaSet-name1 --resource !*:Service:* - { - testName: "Include ReplicaSet replicaSet-name1 resource and exclude all service resources", + {testName: "Include ReplicaSet replicaSet-name1 resouce and exclude all service resources", selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllServiceResources, &includeReplicaSet1Resource}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, }, // --resource !apps:ReplicaSet:replicaSet-name2 --resource !*:Service:* - { - testName: "Exclude ReplicaSet replicaSet-name2 resource and all service resources", + {testName: "Exclude ReplicaSet replicaSet-name2 resouce and all service resources", selectedResources: []*v1alpha1.SyncOperationResource{&excludeReplicaSet2Resource, &excludeAllServiceResources}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, }, // --resource !apps:ReplicaSet:replicaSet-name2 - { - testName: "Exclude ReplicaSet replicaSet-name2 resource", + {testName: "Exclude ReplicaSet replicaSet-name2 resouce", selectedResources: []*v1alpha1.SyncOperationResource{&excludeReplicaSet2Resource}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &job, &service1, &service2, &deployment}, }, // --resource apps:ReplicaSet:replicaSet-name1 - { - testName: "Include ReplicaSet replicaSet-name1 resource", + {testName: "Include ReplicaSet replicaSet-name1 resouce", selectedResources: []*v1alpha1.SyncOperationResource{&includeReplicaSet1Resource}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1}, }, // --resource !*:Service:* - { - testName: "Exclude Service resources", + {testName: "Exclude Service resouces", selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllServiceResources}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &deployment}, }, // --resource *:Service:* - { - testName: "Include Service resources", + {testName: "Include Service resouces", selectedResources: []*v1alpha1.SyncOperationResource{&includeAllServiceResources}, expectedResult: []*v1alpha1.SyncOperationResource{&service1, &service2}, }, // --resource !*:*:* - { - testName: "Exclude all resources", + {testName: "Exclude all resouces", selectedResources: []*v1alpha1.SyncOperationResource{&excludeAllResources}, expectedResult: nil, }, // --resource *:*:* - { - testName: "Include all resources", + {testName: "Include all resouces", selectedResources: []*v1alpha1.SyncOperationResource{&includeAllResources}, expectedResult: []*v1alpha1.SyncOperationResource{&replicaSet1, &replicaSet2, &job, &service1, &service2, &deployment}, }, - { - testName: "No Filters", + {testName: "No Filters", selectedResources: []*v1alpha1.SyncOperationResource{&blankValues}, expectedResult: nil, }, - { - testName: "Empty Filter", + {testName: "Empty Filter", selectedResources: []*v1alpha1.SyncOperationResource{}, expectedResult: nil, }, @@ -1472,49 +1420,47 @@ func TestFilterAppResources(t *testing.T) { } func TestParseSelectedResources(t *testing.T) { - resources := []string{ - "v1alpha:Application:test", + resources := []string{"v1alpha:Application:test", "v1alpha:Application:namespace/test", "!v1alpha:Application:test", "apps:Deployment:default/test", - "!*:*:*", - } + "!*:*:*"} operationResources, err := parseSelectedResources(resources) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, operationResources, 5) - assert.Equal(t, v1alpha1.SyncOperationResource{ + assert.Equal(t, *operationResources[0], v1alpha1.SyncOperationResource{ Namespace: "", Name: "test", Kind: application.ApplicationKind, Group: "v1alpha", - }, *operationResources[0]) - assert.Equal(t, v1alpha1.SyncOperationResource{ + }) + assert.Equal(t, *operationResources[1], v1alpha1.SyncOperationResource{ Namespace: "namespace", Name: "test", Kind: application.ApplicationKind, Group: "v1alpha", - }, *operationResources[1]) - assert.Equal(t, v1alpha1.SyncOperationResource{ + }) + assert.Equal(t, *operationResources[2], v1alpha1.SyncOperationResource{ Namespace: "", Name: "test", Kind: "Application", Group: "v1alpha", Exclude: true, - }, *operationResources[2]) - assert.Equal(t, v1alpha1.SyncOperationResource{ + }) + assert.Equal(t, *operationResources[3], v1alpha1.SyncOperationResource{ Namespace: "default", Name: "test", Kind: "Deployment", Group: "apps", Exclude: false, - }, *operationResources[3]) - assert.Equal(t, v1alpha1.SyncOperationResource{ + }) + assert.Equal(t, *operationResources[4], v1alpha1.SyncOperationResource{ Namespace: "", Name: "*", Kind: "*", Group: "*", Exclude: true, - }, *operationResources[4]) + }) } func TestParseSelectedResourcesIncorrect(t *testing.T) { @@ -1527,13 +1473,14 @@ func TestParseSelectedResourcesIncorrectNamespace(t *testing.T) { resources := []string{"v1alpha:Application:namespace/test/unknown"} _, err := parseSelectedResources(resources) assert.ErrorContains(t, err, "v1alpha:Application:namespace/test/unknown") + } func TestParseSelectedResourcesEmptyList(t *testing.T) { var resources []string operationResources, err := parseSelectedResources(resources) - require.NoError(t, err) - assert.Empty(t, operationResources) + assert.NoError(t, err) + assert.Len(t, operationResources, 0) } func TestPrintApplicationTableNotWide(t *testing.T) { @@ -1562,7 +1509,7 @@ func TestPrintApplicationTableNotWide(t *testing.T) { printApplicationTable([]v1alpha1.Application{*app, *app}, &output) return nil }) - require.NoError(t, err) + assert.NoError(t, err) expectation := "NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS\napp-name http://localhost:8080 default prj OutOfSync Healthy Manual \napp-name http://localhost:8080 default prj OutOfSync Healthy Manual \n" assert.Equal(t, output, expectation) } @@ -1598,7 +1545,7 @@ func TestPrintApplicationTableWide(t *testing.T) { printApplicationTable([]v1alpha1.Application{*app, *app}, &output) return nil }) - require.NoError(t, err) + assert.NoError(t, err) expectation := "NAME CLUSTER NAMESPACE PROJECT STATUS HEALTH SYNCPOLICY CONDITIONS REPO PATH TARGET\napp-name http://localhost:8080 default prj OutOfSync Healthy Manual https://github.com/argoproj/argocd-example-apps guestbook 123\napp-name http://localhost:8080 default prj OutOfSync Healthy Manual https://github.com/argoproj/argocd-example-apps guestbook 123\n" assert.Equal(t, output, expectation) } @@ -1635,6 +1582,7 @@ func TestFormatItems(t *testing.T) { assert.Equal(t, "health", items[6]) assert.Equal(t, "hook", items[7]) assert.Equal(t, "message", items[8]) + } func TestMerge(t *testing.T) { @@ -1861,316 +1809,6 @@ func testApp(name, project string, labels map[string]string, annotations map[str } } -func TestWaitOnApplicationStatus_JSON_YAML_WideOutput(t *testing.T) { - acdClient := &customAcdClient{&fakeAcdClient{}} - ctx := context.Background() - var selectResource []*v1alpha1.SyncOperationResource - watch := watchOpts{ - sync: false, - health: false, - operation: true, - suspended: false, - } - watch = getWatchOpts(watch) - - output, err := captureOutput(func() error { - _, _, _ = waitOnApplicationStatus(ctx, acdClient, "app-name", 0, watch, selectResource, "json") - return nil - }, - ) - require.NoError(t, err) - assert.True(t, json.Valid([]byte(output))) - - output, err = captureOutput(func() error { - _, _, _ = waitOnApplicationStatus(ctx, acdClient, "app-name", 0, watch, selectResource, "yaml") - return nil - }) - - require.NoError(t, err) - err = yaml.Unmarshal([]byte(output), &v1alpha1.Application{}) - require.NoError(t, err) - - output, _ = captureOutput(func() error { - _, _, _ = waitOnApplicationStatus(ctx, acdClient, "app-name", 0, watch, selectResource, "") - return nil - }) - timeStr := time.Now().Format("2006-01-02T15:04:05-07:00") - - expectation := `TIMESTAMP GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE -%s Service default service-name1 Synced Healthy -%s apps Deployment default test Synced Healthy - -Name: argocd/test -Project: default -Server: local -Namespace: argocd -URL: http://localhost:8080/applications/app-name -Source: -- Repo: test - Target: master - Path: /test - Helm Values: path1,path2 - Name Prefix: prefix -SyncWindow: Sync Allowed -Sync Policy: Automated (Prune) -Sync Status: OutOfSync from master -Health Status: Progressing (health-message) - -Operation: Sync -Sync Revision: revision -Phase: -Start: 0001-01-01 00:00:00 +0000 UTC -Finished: 2020-11-10 23:00:00 +0000 UTC -Duration: 2333448h16m18.871345152s -Message: test - -GROUP KIND NAMESPACE NAME STATUS HEALTH HOOK MESSAGE - Service default service-name1 Synced Healthy -apps Deployment default test Synced Healthy -` - expectation = fmt.Sprintf(expectation, timeStr, timeStr) - expectationParts := strings.Split(expectation, "\n") - slices.Sort(expectationParts) - expectationSorted := strings.Join(expectationParts, "\n") - outputParts := strings.Split(output, "\n") - slices.Sort(outputParts) - outputSorted := strings.Join(outputParts, "\n") - // Need to compare sorted since map entries may not keep a specific order during serialization, leading to flakiness. - assert.Equalf(t, expectationSorted, outputSorted, "Incorrect output %q, should be %q (items order doesn't matter)", output, expectation) -} - -type customAcdClient struct { - *fakeAcdClient -} - -func (c *customAcdClient) WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *v1alpha1.ApplicationWatchEvent { - appEventsCh := make(chan *v1alpha1.ApplicationWatchEvent) - _, appClient := c.NewApplicationClientOrDie() - app, _ := appClient.Get(ctx, &applicationpkg.ApplicationQuery{}) - - newApp := v1alpha1.Application{ - TypeMeta: app.TypeMeta, - ObjectMeta: app.ObjectMeta, - Spec: app.Spec, - Status: app.Status, - Operation: app.Operation, - } - - go func() { - appEventsCh <- &v1alpha1.ApplicationWatchEvent{ - Type: watch.Bookmark, - Application: newApp, - } - close(appEventsCh) - }() - - return appEventsCh -} - -func (c *customAcdClient) NewApplicationClientOrDie() (io.Closer, applicationpkg.ApplicationServiceClient) { - return &fakeConnection{}, &fakeAppServiceClient{} -} - -func (c *customAcdClient) NewSettingsClientOrDie() (io.Closer, settingspkg.SettingsServiceClient) { - return &fakeConnection{}, &fakeSettingsServiceClient{} -} - -type fakeConnection struct{} - -func (c *fakeConnection) Close() error { - return nil -} - -type fakeSettingsServiceClient struct{} - -func (f fakeSettingsServiceClient) Get(ctx context.Context, in *settingspkg.SettingsQuery, opts ...grpc.CallOption) (*settingspkg.Settings, error) { - return &settingspkg.Settings{ - URL: "http://localhost:8080", - }, nil -} - -func (f fakeSettingsServiceClient) GetPlugins(ctx context.Context, in *settingspkg.SettingsQuery, opts ...grpc.CallOption) (*settingspkg.SettingsPluginsResponse, error) { - return nil, nil -} - -type fakeAppServiceClient struct{} - -func (c *fakeAppServiceClient) Get(ctx context.Context, in *applicationpkg.ApplicationQuery, opts ...grpc.CallOption) (*v1alpha1.Application, error) { - time := metav1.Date(2020, time.November, 10, 23, 0, 0, 0, time.UTC) - return &v1alpha1.Application{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "argocd", - }, - Spec: v1alpha1.ApplicationSpec{ - SyncPolicy: &v1alpha1.SyncPolicy{ - Automated: &v1alpha1.SyncPolicyAutomated{ - Prune: true, - }, - }, - Project: "default", - Destination: v1alpha1.ApplicationDestination{Server: "local", Namespace: "argocd"}, - Source: &v1alpha1.ApplicationSource{ - RepoURL: "test", - TargetRevision: "master", - Path: "/test", - Helm: &v1alpha1.ApplicationSourceHelm{ - ValueFiles: []string{"path1", "path2"}, - }, - Kustomize: &v1alpha1.ApplicationSourceKustomize{NamePrefix: "prefix"}, - }, - }, - Status: v1alpha1.ApplicationStatus{ - Resources: []v1alpha1.ResourceStatus{ - { - Group: "", - Kind: "Service", - Namespace: "default", - Name: "service-name1", - Status: "Synced", - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "health-message", - }, - }, - { - Group: "apps", - Kind: "Deployment", - Namespace: "default", - Name: "test", - Status: "Synced", - Health: &v1alpha1.HealthStatus{ - Status: health.HealthStatusHealthy, - Message: "health-message", - }, - }, - }, - OperationState: &v1alpha1.OperationState{ - SyncResult: &v1alpha1.SyncOperationResult{ - Revision: "revision", - }, - FinishedAt: &time, - Message: "test", - }, - Sync: v1alpha1.SyncStatus{ - Status: v1alpha1.SyncStatusCodeOutOfSync, - }, - Health: v1alpha1.HealthStatus{ - Status: health.HealthStatusProgressing, - Message: "health-message", - }, - }, - }, nil -} - -func (c *fakeAppServiceClient) List(ctx context.Context, in *applicationpkg.ApplicationQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationList, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) ListResourceEvents(ctx context.Context, in *applicationpkg.ApplicationResourceEventsQuery, opts ...grpc.CallOption) (*v1.EventList, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) Watch(ctx context.Context, in *applicationpkg.ApplicationQuery, opts ...grpc.CallOption) (applicationpkg.ApplicationService_WatchClient, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) Create(ctx context.Context, in *applicationpkg.ApplicationCreateRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) GetApplicationSyncWindows(ctx context.Context, in *applicationpkg.ApplicationSyncWindowsQuery, opts ...grpc.CallOption) (*applicationpkg.ApplicationSyncWindowsResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) RevisionMetadata(ctx context.Context, in *applicationpkg.RevisionMetadataQuery, opts ...grpc.CallOption) (*v1alpha1.RevisionMetadata, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) RevisionChartDetails(ctx context.Context, in *applicationpkg.RevisionMetadataQuery, opts ...grpc.CallOption) (*v1alpha1.ChartDetails, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) GetManifests(ctx context.Context, in *applicationpkg.ApplicationManifestQuery, opts ...grpc.CallOption) (*apiclient.ManifestResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) GetManifestsWithFiles(ctx context.Context, opts ...grpc.CallOption) (applicationpkg.ApplicationService_GetManifestsWithFilesClient, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) Update(ctx context.Context, in *applicationpkg.ApplicationUpdateRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) UpdateSpec(ctx context.Context, in *applicationpkg.ApplicationUpdateSpecRequest, opts ...grpc.CallOption) (*v1alpha1.ApplicationSpec, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) Patch(ctx context.Context, in *applicationpkg.ApplicationPatchRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) Delete(ctx context.Context, in *applicationpkg.ApplicationDeleteRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) Sync(ctx context.Context, in *applicationpkg.ApplicationSyncRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) ManagedResources(ctx context.Context, in *applicationpkg.ResourcesQuery, opts ...grpc.CallOption) (*applicationpkg.ManagedResourcesResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) ResourceTree(ctx context.Context, in *applicationpkg.ResourcesQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationTree, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) WatchResourceTree(ctx context.Context, in *applicationpkg.ResourcesQuery, opts ...grpc.CallOption) (applicationpkg.ApplicationService_WatchResourceTreeClient, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) Rollback(ctx context.Context, in *applicationpkg.ApplicationRollbackRequest, opts ...grpc.CallOption) (*v1alpha1.Application, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) TerminateOperation(ctx context.Context, in *applicationpkg.OperationTerminateRequest, opts ...grpc.CallOption) (*applicationpkg.OperationTerminateResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) GetResource(ctx context.Context, in *applicationpkg.ApplicationResourceRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResourceResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) PatchResource(ctx context.Context, in *applicationpkg.ApplicationResourcePatchRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResourceResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) ListResourceActions(ctx context.Context, in *applicationpkg.ApplicationResourceRequest, opts ...grpc.CallOption) (*applicationpkg.ResourceActionsListResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) RunResourceAction(ctx context.Context, in *applicationpkg.ResourceActionRunRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) DeleteResource(ctx context.Context, in *applicationpkg.ApplicationResourceDeleteRequest, opts ...grpc.CallOption) (*applicationpkg.ApplicationResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) PodLogs(ctx context.Context, in *applicationpkg.ApplicationPodLogsQuery, opts ...grpc.CallOption) (applicationpkg.ApplicationService_PodLogsClient, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) ListLinks(ctx context.Context, in *applicationpkg.ListAppLinksRequest, opts ...grpc.CallOption) (*applicationpkg.LinksResponse, error) { - return nil, nil -} - -func (c *fakeAppServiceClient) ListResourceLinks(ctx context.Context, in *applicationpkg.ApplicationResourceRequest, opts ...grpc.CallOption) (*applicationpkg.LinksResponse, error) { - return nil, nil -} - type fakeAcdClient struct{} func (c *fakeAcdClient) ClientOptions() argocdclient.ClientOptions { @@ -2180,111 +1818,84 @@ func (c *fakeAcdClient) HTTPClient() (*http.Client, error) { return nil, nil } func (c *fakeAcdClient) OIDCConfig(context.Context, *settingspkg.Settings) (*oauth2.Config, *oidc.Provider, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewRepoClient() (io.Closer, repositorypkg.RepositoryServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewRepoClientOrDie() (io.Closer, repositorypkg.RepositoryServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewRepoCredsClient() (io.Closer, repocredspkg.RepoCredsServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewRepoCredsClientOrDie() (io.Closer, repocredspkg.RepoCredsServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewCertClient() (io.Closer, certificatepkg.CertificateServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewCertClientOrDie() (io.Closer, certificatepkg.CertificateServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewClusterClient() (io.Closer, clusterpkg.ClusterServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewClusterClientOrDie() (io.Closer, clusterpkg.ClusterServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewGPGKeyClient() (io.Closer, gpgkeypkg.GPGKeyServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewGPGKeyClientOrDie() (io.Closer, gpgkeypkg.GPGKeyServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewApplicationClient() (io.Closer, applicationpkg.ApplicationServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewApplicationSetClient() (io.Closer, applicationsetpkg.ApplicationSetServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewApplicationClientOrDie() (io.Closer, applicationpkg.ApplicationServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewApplicationSetClientOrDie() (io.Closer, applicationsetpkg.ApplicationSetServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewNotificationClient() (io.Closer, notificationpkg.NotificationServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewNotificationClientOrDie() (io.Closer, notificationpkg.NotificationServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewSessionClient() (io.Closer, sessionpkg.SessionServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewSessionClientOrDie() (io.Closer, sessionpkg.SessionServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewSettingsClient() (io.Closer, settingspkg.SettingsServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewSettingsClientOrDie() (io.Closer, settingspkg.SettingsServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewVersionClient() (io.Closer, versionpkg.VersionServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewVersionClientOrDie() (io.Closer, versionpkg.VersionServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewProjectClient() (io.Closer, projectpkg.ProjectServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewProjectClientOrDie() (io.Closer, projectpkg.ProjectServiceClient) { return nil, nil } - func (c *fakeAcdClient) NewAccountClient() (io.Closer, accountpkg.AccountServiceClient, error) { return nil, nil, nil } - func (c *fakeAcdClient) NewAccountClientOrDie() (io.Closer, accountpkg.AccountServiceClient) { return nil, nil } - func (c *fakeAcdClient) WatchApplicationWithRetry(ctx context.Context, appName string, revision string) chan *v1alpha1.ApplicationWatchEvent { appEventsCh := make(chan *v1alpha1.ApplicationWatchEvent) diff --git a/cmd/argocd/commands/applicationset.go b/cmd/argocd/commands/applicationset.go index bd9dff90891a0..f5ed6a15b6208 100644 --- a/cmd/argocd/commands/applicationset.go +++ b/cmd/argocd/commands/applicationset.go @@ -24,7 +24,8 @@ import ( "github.com/argoproj/argo-cd/v2/util/templates" ) -var appSetExample = templates.Examples(` +var ( + appSetExample = templates.Examples(` # Get an ApplicationSet. argocd appset get APPSETNAME @@ -37,10 +38,11 @@ var appSetExample = templates.Examples(` # Delete an ApplicationSet argocd appset delete APPSETNAME (APPSETNAME...) `) +) // NewAppSetCommand returns a new instance of an `argocd appset` command func NewAppSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "appset", Short: "Manage ApplicationSets", Example: appSetExample, @@ -62,7 +64,7 @@ func NewApplicationSetGetCommand(clientOpts *argocdclient.ClientOptions) *cobra. output string showParams bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "get APPSETNAME", Short: "Get ApplicationSet details", Example: templates.Examples(` @@ -114,17 +116,13 @@ func NewApplicationSetGetCommand(clientOpts *argocdclient.ClientOptions) *cobra. // NewApplicationSetCreateCommand returns a new instance of an `argocd appset create` command func NewApplicationSetCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - var upsert, dryRun bool - command := &cobra.Command{ + var upsert bool + var command = &cobra.Command{ Use: "create", Short: "Create one or more ApplicationSets", Example: templates.Examples(` # Create ApplicationSets argocd appset create (...) - - # Dry-run AppSet creation to see what applications would be managed - argocd appset create --dry-run -o json | jq -r '.status.resources[].name' `), Run: func(c *cobra.Command, args []string) { ctx := c.Context() @@ -161,16 +159,10 @@ func NewApplicationSetCreateCommand(clientOpts *argocdclient.ClientOptions) *cob appSetCreateRequest := applicationset.ApplicationSetCreateRequest{ Applicationset: appset, Upsert: upsert, - DryRun: dryRun, } created, err := appIf.Create(ctx, &appSetCreateRequest) errors.CheckError(err) - dryRunMsg := "" - if dryRun { - dryRunMsg = " (dry-run)" - } - var action string if existing == nil { action = "created" @@ -180,31 +172,11 @@ func NewApplicationSetCreateCommand(clientOpts *argocdclient.ClientOptions) *cob action = "updated" } - c.PrintErrf("ApplicationSet '%s' %s%s\n", created.ObjectMeta.Name, action, dryRunMsg) - - switch output { - case "yaml", "json": - err := PrintResource(created, output) - errors.CheckError(err) - case "wide", "": - printAppSetSummaryTable(created) - - if len(created.Status.Conditions) > 0 { - fmt.Println() - w := tabwriter.NewWriter(os.Stdout, 0, 0, 2, ' ', 0) - printAppSetConditions(w, created) - _ = w.Flush() - fmt.Println() - } - default: - errors.CheckError(fmt.Errorf("unknown output format: %s", output)) - } + fmt.Printf("ApplicationSet '%s' %s\n", created.ObjectMeta.Name, action) } }, } command.Flags().BoolVar(&upsert, "upsert", false, "Allows to override ApplicationSet with the same name even if supplied ApplicationSet spec is different from existing spec") - command.Flags().BoolVar(&dryRun, "dry-run", false, "Allows to evaluate the ApplicationSet template on the server to get a preview of the applications that would be created") - command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide") return command } @@ -216,10 +188,10 @@ func NewApplicationSetListCommand(clientOpts *argocdclient.ClientOptions) *cobra projects []string appSetNamespace string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "list", Short: "List ApplicationSets", - Example: templates.Examples(` + Example: templates.Examples(` # List all ApplicationSets argocd appset list `), @@ -256,11 +228,13 @@ func NewApplicationSetListCommand(clientOpts *argocdclient.ClientOptions) *cobra // NewApplicationSetDeleteCommand returns a new instance of an `argocd appset delete` command func NewApplicationSetDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var noPrompt bool - command := &cobra.Command{ + var ( + noPrompt bool + ) + var command = &cobra.Command{ Use: "delete", Short: "Delete one or more ApplicationSets", - Example: templates.Examples(` + Example: templates.Examples(` # Delete an applicationset argocd appset delete APPSETNAME (APPSETNAME...) `), @@ -275,12 +249,13 @@ func NewApplicationSetDeleteCommand(clientOpts *argocdclient.ClientOptions) *cob defer argoio.Close(conn) var isTerminal bool = isatty.IsTerminal(os.Stdout.Fd()) || isatty.IsCygwinTerminal(os.Stdout.Fd()) var isConfirmAll bool = false - numOfApps := len(args) - promptFlag := c.Flag("yes") + var numOfApps = len(args) + var promptFlag = c.Flag("yes") if promptFlag.Changed && promptFlag.Value.String() == "true" { noPrompt = true } for _, appSetQualifiedName := range args { + appSetName, appSetNs := argo.ParseFromQualifiedName(appSetQualifiedName, "") appsetDeleteReq := applicationset.ApplicationSetDeleteRequest{ @@ -395,6 +370,7 @@ func printAppSetSummaryTable(appSet *arogappsetv1.ApplicationSet) { syncPolicyStr = "" } fmt.Printf(printOpFmtStr, "SyncPolicy:", syncPolicyStr) + } func printAppSetConditions(w io.Writer, appSet *arogappsetv1.ApplicationSet) { diff --git a/cmd/argocd/commands/applicationset_test.go b/cmd/argocd/commands/applicationset_test.go index e5034e05f9f9b..7740c95a4e63b 100644 --- a/cmd/argocd/commands/applicationset_test.go +++ b/cmd/argocd/commands/applicationset_test.go @@ -5,11 +5,9 @@ import ( "os" "testing" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) func TestPrintApplicationSetNames(t *testing.T) { @@ -108,7 +106,7 @@ func TestPrintApplicationSetTable(t *testing.T) { printApplicationSetTable([]v1alpha1.ApplicationSet{*app, *app2}, &output) return nil }) - require.NoError(t, err) + assert.NoError(t, err) expectation := "NAME PROJECT SYNCPOLICY CONDITIONS\napp-name default nil [{ResourcesUpToDate True }]\nteam-two/app-name default nil [{ResourcesUpToDate True }]\n" assert.Equal(t, expectation, output) } @@ -228,7 +226,7 @@ SyncPolicy: Automated w.Close() out, err := io.ReadAll(r) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, tt.expectedOutput, string(out)) }) } diff --git a/cmd/argocd/commands/bcrypt.go b/cmd/argocd/commands/bcrypt.go index d2557ef4111e1..6d8f87fd447a5 100644 --- a/cmd/argocd/commands/bcrypt.go +++ b/cmd/argocd/commands/bcrypt.go @@ -10,8 +10,10 @@ import ( // NewBcryptCmd represents the bcrypt command func NewBcryptCmd() *cobra.Command { - var password string - bcryptCmd := &cobra.Command{ + var ( + password string + ) + var bcryptCmd = &cobra.Command{ Use: "bcrypt", Short: "Generate bcrypt hash for any password", Example: `# Generate bcrypt hash for any password diff --git a/cmd/argocd/commands/cert.go b/cmd/argocd/commands/cert.go index 0a8204b89d9e0..d443d57e337d4 100644 --- a/cmd/argocd/commands/cert.go +++ b/cmd/argocd/commands/cert.go @@ -21,7 +21,7 @@ import ( // NewCertCommand returns a new instance of an `argocd repo` command func NewCertCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "cert", Short: "Manage repository certificates and SSH known hosts entries", Run: func(c *cobra.Command, args []string) { @@ -60,7 +60,7 @@ func NewCertAddTLSCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command fromFile string upsert bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add-tls SERVERNAME", Short: "Add TLS certificate data for connecting to repository server SERVERNAME", Run: func(c *cobra.Command, args []string) { @@ -144,7 +144,7 @@ func NewCertAddSSHCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command certificates []appsv1.RepositoryCertificate ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add-ssh --batch", Short: "Add SSH known host entries for repository servers", Run: func(c *cobra.Command, args []string) { @@ -214,7 +214,7 @@ func NewCertRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command certSubType string certQuery certificatepkg.RepositoryCertificateQuery ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "rm REPOSERVER", Short: "Remove certificate of TYPE for REPOSERVER", Run: func(c *cobra.Command, args []string) { @@ -265,7 +265,7 @@ func NewCertListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { sortOrder string output string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "list", Short: "List configured certificates", Run: func(c *cobra.Command, args []string) { @@ -295,6 +295,7 @@ func NewCertListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { default: errors.CheckError(fmt.Errorf("unknown output format: %s", output)) } + }, } diff --git a/cmd/argocd/commands/cluster.go b/cmd/argocd/commands/cluster.go index 2493e09455372..f203b82ae9ac0 100644 --- a/cmd/argocd/commands/cluster.go +++ b/cmd/argocd/commands/cluster.go @@ -40,7 +40,7 @@ const ( // NewClusterCommand returns a new instance of an `argocd cluster` command func NewClusterCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientcmd.PathOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "cluster", Short: "Manage cluster credentials", Run: func(c *cobra.Command, args []string) { @@ -81,7 +81,7 @@ func NewClusterAddCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clie labels []string annotations []string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add CONTEXT", Short: fmt.Sprintf("%s cluster add CONTEXT", cliName), Run: func(c *cobra.Command, args []string) { @@ -221,7 +221,7 @@ func NewClusterSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command clusterOptions cmdutil.ClusterOptions clusterName string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "set NAME", Short: "Set cluster information", Example: ` # Set cluster information @@ -283,8 +283,10 @@ func checkFieldsToUpdate(clusterOptions cmdutil.ClusterOptions) []string { // NewClusterGetCommand returns a new instance of an `argocd cluster get` command func NewClusterGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "get SERVER/NAME", Short: "Get cluster information", Example: `argocd cluster get https://12.34.567.89 @@ -357,7 +359,7 @@ func printClusterDetails(clusters []argoappv1.Cluster) { // NewClusterRemoveCommand returns a new instance of an `argocd cluster rm` command func NewClusterRemoveCommand(clientOpts *argocdclient.ClientOptions, pathOpts *clientcmd.PathOptions) *cobra.Command { var noPrompt bool - command := &cobra.Command{ + var command = &cobra.Command{ Use: "rm SERVER/NAME", Short: "Remove cluster credentials", Example: `argocd cluster rm https://12.34.567.89 @@ -371,7 +373,7 @@ argocd cluster rm cluster-name`, } conn, clusterIf := headless.NewClientOrDie(clientOpts, c).NewClusterClientOrDie() defer io.Close(conn) - numOfClusters := len(args) + var numOfClusters = len(args) var isConfirmAll bool = false for _, clusterSelector := range args { @@ -459,8 +461,10 @@ func printClusterServers(clusters []argoappv1.Cluster) { // NewClusterListCommand returns a new instance of an `argocd cluster rm` command func NewClusterListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "list", Short: "List configured clusters", Run: func(c *cobra.Command, args []string) { @@ -486,7 +490,7 @@ func NewClusterListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman # List Clusters in Default "Wide" Format argocd cluster list -# List Cluster via specifying the server +# List Cluster via specifing the server argocd cluster list --server # List Clusters in JSON Format @@ -506,7 +510,7 @@ argocd cluster list -o server // NewClusterRotateAuthCommand returns a new instance of an `argocd cluster rotate-auth` command func NewClusterRotateAuthCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "rotate-auth SERVER/NAME", Short: fmt.Sprintf("%s cluster rotate-auth SERVER/NAME", cliName), Example: `argocd cluster rotate-auth https://12.34.567.89 diff --git a/cmd/argocd/commands/cluster_test.go b/cmd/argocd/commands/cluster_test.go index d0bc485ace252..24e54ea122fc4 100644 --- a/cmd/argocd/commands/cluster_test.go +++ b/cmd/argocd/commands/cluster_test.go @@ -3,27 +3,26 @@ package commands import ( "testing" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) func Test_getQueryBySelector(t *testing.T) { query := getQueryBySelector("my-cluster") - assert.Equal(t, "my-cluster", query.Name) - assert.Equal(t, "", query.Server) + assert.Equal(t, query.Name, "my-cluster") + assert.Equal(t, query.Server, "") query = getQueryBySelector("http://my-server") - assert.Equal(t, "", query.Name) - assert.Equal(t, "http://my-server", query.Server) + assert.Equal(t, query.Name, "") + assert.Equal(t, query.Server, "http://my-server") query = getQueryBySelector("https://my-server") - assert.Equal(t, "", query.Name) - assert.Equal(t, "https://my-server", query.Server) + assert.Equal(t, query.Name, "") + assert.Equal(t, query.Server, "https://my-server") } func Test_printClusterTable(t *testing.T) { @@ -98,9 +97,9 @@ func Test_getRestConfig(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { if got, err := getRestConfig(tt.args.pathOpts, tt.args.ctxName); err == nil { - require.Equal(t, tt.expected, got) + require.Equal(t, got, tt.expected) } else if tt.wantErr { - require.Equal(t, tt.expectedErr, err.Error()) + require.Equal(t, err.Error(), tt.expectedErr) } else { t.Errorf("An unexpected error occurred during test %s:\n%s", tt.name, err.Error()) } diff --git a/cmd/argocd/commands/common_test.go b/cmd/argocd/commands/common_test.go index 24ab6ebcf7fd9..c86429b32e0c8 100644 --- a/cmd/argocd/commands/common_test.go +++ b/cmd/argocd/commands/common_test.go @@ -6,7 +6,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) // Be careful with tabs vs. spaces in the following expected formats. Indents @@ -22,7 +21,6 @@ const expectJsonSingle = `{ "foo": "bar" } ` - const expectYamlList = `one: bar: "" baz: foo @@ -80,18 +78,18 @@ func Test_PrintResource(t *testing.T) { err := PrintResource(testResource, "yaml") return err }) - require.NoError(t, err) - assert.Equal(t, expectYamlSingle, str) + assert.NoError(t, err) + assert.Equal(t, str, expectYamlSingle) str, err = captureOutput(func() error { err := PrintResource(testResource, "json") return err }) - require.NoError(t, err) - assert.Equal(t, expectJsonSingle, str) + assert.NoError(t, err) + assert.Equal(t, str, expectJsonSingle) err = PrintResource(testResource, "unknown") - require.Error(t, err) + assert.Error(t, err) } func Test_PrintResourceList(t *testing.T) { @@ -115,30 +113,30 @@ func Test_PrintResourceList(t *testing.T) { err := PrintResourceList(testResource, "yaml", false) return err }) - require.NoError(t, err) - assert.Equal(t, expectYamlList, str) + assert.NoError(t, err) + assert.Equal(t, str, expectYamlList) str, err = captureOutput(func() error { err := PrintResourceList(testResource, "json", false) return err }) - require.NoError(t, err) - assert.Equal(t, expectJsonList, str) + assert.NoError(t, err) + assert.Equal(t, str, expectJsonList) str, err = captureOutput(func() error { err := PrintResourceList(testResource2, "yaml", true) return err }) - require.NoError(t, err) - assert.Equal(t, expectYamlSingle, str) + assert.NoError(t, err) + assert.Equal(t, str, expectYamlSingle) str, err = captureOutput(func() error { err := PrintResourceList(testResource2, "json", true) return err }) - require.NoError(t, err) - assert.Equal(t, expectJsonSingle, str) + assert.NoError(t, err) + assert.Equal(t, str, expectJsonSingle) err = PrintResourceList(testResource, "unknown", false) - require.Error(t, err) + assert.Error(t, err) } diff --git a/cmd/argocd/commands/completion.go b/cmd/argocd/commands/completion.go index 106a9992572d1..7d3f5675ee95e 100644 --- a/cmd/argocd/commands/completion.go +++ b/cmd/argocd/commands/completion.go @@ -194,10 +194,10 @@ __argocd_custom_func() { ) func NewCompletionCommand() *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "completion SHELL", - Short: "output shell completion code for the specified shell (bash, zsh or fish)", - Long: `Write bash, zsh or fish shell completion code to standard output. + Short: "output shell completion code for the specified shell (bash or zsh)", + Long: `Write bash or zsh shell completion code to standard output. For bash, ensure you have bash completions installed and enabled. To access completions in your current shell, run @@ -218,11 +218,6 @@ $ source <(argocd completion bash) # For zsh $ argocd completion zsh > _argocd $ source _argocd - -# For fish -$ argocd completion fish > ~/.config/fish/completions/argocd.fish -$ source ~/.config/fish/completions/argocd.fish - `, Run: func(cmd *cobra.Command, args []string) { if len(args) != 1 { @@ -232,17 +227,16 @@ $ source ~/.config/fish/completions/argocd.fish shell := args[0] rootCommand := NewCommand() rootCommand.BashCompletionFunction = bashCompletionFunc - availableCompletions := map[string]func(out io.Writer, cmd *cobra.Command) error{ - "bash": runCompletionBash, - "zsh": runCompletionZsh, - "fish": runCompletionFish, + availableCompletions := map[string]func(io.Writer) error{ + "bash": rootCommand.GenBashCompletion, + "zsh": rootCommand.GenZshCompletion, } completion, ok := availableCompletions[shell] if !ok { - fmt.Printf("Invalid shell '%s'. The supported shells are bash, zsh and fish.\n", shell) + fmt.Printf("Invalid shell '%s'. The supported shells are bash and zsh.\n", shell) os.Exit(1) } - if err := completion(os.Stdout, rootCommand); err != nil { + if err := completion(os.Stdout); err != nil { log.Fatal(err) } }, @@ -250,15 +244,3 @@ $ source ~/.config/fish/completions/argocd.fish return command } - -func runCompletionBash(out io.Writer, cmd *cobra.Command) error { - return cmd.GenBashCompletion(out) -} - -func runCompletionZsh(out io.Writer, cmd *cobra.Command) error { - return cmd.GenZshCompletion(out) -} - -func runCompletionFish(out io.Writer, cmd *cobra.Command) error { - return cmd.GenFishCompletion(out, true) -} diff --git a/cmd/argocd/commands/context.go b/cmd/argocd/commands/context.go index 2c4b37ba2fa81..51d003b4df9df 100644 --- a/cmd/argocd/commands/context.go +++ b/cmd/argocd/commands/context.go @@ -18,7 +18,7 @@ import ( // NewContextCommand returns a new instance of an `argocd ctx` command func NewContextCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var delete bool - command := &cobra.Command{ + var command = &cobra.Command{ Use: "context [CONTEXT]", Aliases: []string{"ctx"}, Short: "Switch between contexts", @@ -31,6 +31,7 @@ argocd context cd.argoproj.io # Delete Argo CD context argocd context cd.argoproj.io --delete`, Run: func(c *cobra.Command, args []string) { + localCfg, err := localconfig.ReadLocalConfig(clientOpts.ConfigPath) errors.CheckError(err) @@ -72,7 +73,7 @@ argocd context cd.argoproj.io --delete`, err = localconfig.WriteLocalConfig(*localCfg, clientOpts.ConfigPath) errors.CheckError(err) - err = os.WriteFile(prevCtxFile, []byte(prevCtx), 0o644) + err = os.WriteFile(prevCtxFile, []byte(prevCtx), 0644) errors.CheckError(err) fmt.Printf("Switched to context '%s'\n", localCfg.CurrentContext) }, @@ -82,6 +83,7 @@ argocd context cd.argoproj.io --delete`, } func deleteContext(context, configPath string) error { + localCfg, err := localconfig.ReadLocalConfig(configPath) errors.CheckError(err) if localCfg == nil { diff --git a/cmd/argocd/commands/context_test.go b/cmd/argocd/commands/context_test.go index e9f953a22cd0f..c258485b8181f 100644 --- a/cmd/argocd/commands/context_test.go +++ b/cmd/argocd/commands/context_test.go @@ -4,10 +4,9 @@ import ( "os" "testing" + "github.com/argoproj/argo-cd/v2/util/localconfig" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - - "github.com/argoproj/argo-cd/v2/util/localconfig" ) const testConfig = `contexts: @@ -41,23 +40,23 @@ const testConfigFilePath = "./testdata/local.config" func TestContextDelete(t *testing.T) { // Write the test config file err := os.WriteFile(testConfigFilePath, []byte(testConfig), os.ModePerm) - require.NoError(t, err) + assert.NoError(t, err) defer os.Remove(testConfigFilePath) - err = os.Chmod(testConfigFilePath, 0o600) + err = os.Chmod(testConfigFilePath, 0600) require.NoError(t, err, "Could not change the file permission to 0600 %v", err) localConfig, err := localconfig.ReadLocalConfig(testConfigFilePath) - require.NoError(t, err) - assert.Equal(t, "localhost:8080", localConfig.CurrentContext) + assert.NoError(t, err) + assert.Equal(t, localConfig.CurrentContext, "localhost:8080") assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "localhost:8080", Server: "localhost:8080", User: "localhost:8080"}) // Delete a non-current context err = deleteContext("argocd1.example.com:443", testConfigFilePath) - require.NoError(t, err) + assert.NoError(t, err) localConfig, err = localconfig.ReadLocalConfig(testConfigFilePath) - require.NoError(t, err) - assert.Equal(t, "localhost:8080", localConfig.CurrentContext) + assert.NoError(t, err) + assert.Equal(t, localConfig.CurrentContext, "localhost:8080") assert.NotContains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd1.example.com:443", Server: "argocd1.example.com:443", User: "argocd1.example.com:443"}) assert.NotContains(t, localConfig.Servers, localconfig.Server{Server: "argocd1.example.com:443"}) assert.NotContains(t, localConfig.Users, localconfig.User{AuthToken: "vErrYS3c3tReFRe$hToken", Name: "argocd1.example.com:443"}) @@ -66,11 +65,11 @@ func TestContextDelete(t *testing.T) { // Delete the current context err = deleteContext("localhost:8080", testConfigFilePath) - require.NoError(t, err) + assert.NoError(t, err) localConfig, err = localconfig.ReadLocalConfig(testConfigFilePath) - require.NoError(t, err) - assert.Equal(t, "", localConfig.CurrentContext) + assert.NoError(t, err) + assert.Equal(t, localConfig.CurrentContext, "") assert.NotContains(t, localConfig.Contexts, localconfig.ContextRef{Name: "localhost:8080", Server: "localhost:8080", User: "localhost:8080"}) assert.NotContains(t, localConfig.Servers, localconfig.Server{PlainText: true, Server: "localhost:8080"}) assert.NotContains(t, localConfig.Users, localconfig.User{AuthToken: "vErrYS3c3tReFRe$hToken", Name: "localhost:8080"}) diff --git a/cmd/argocd/commands/gpg.go b/cmd/argocd/commands/gpg.go index d68c2918f1ccb..73768fc18a324 100644 --- a/cmd/argocd/commands/gpg.go +++ b/cmd/argocd/commands/gpg.go @@ -19,7 +19,7 @@ import ( // NewGPGCommand returns a new instance of an `argocd repo` command func NewGPGCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "gpg", Short: "Manage GPG keys used for signature verification", Run: func(c *cobra.Command, args []string) { @@ -37,8 +37,10 @@ func NewGPGCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { // NewGPGListCommand lists all configured public keys from the server func NewGPGListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "list", Short: "List configured GPG public keys", Example: templates.Examples(` @@ -76,8 +78,10 @@ func NewGPGListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { // NewGPGGetCommand retrieves a single public key from the server func NewGPGGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "get KEYID", Short: "Get the GPG public key with ID from the server", Example: templates.Examples(` @@ -122,8 +126,10 @@ func NewGPGGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { // NewGPGAddCommand adds a public key to the server's configuration func NewGPGAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var fromFile string - command := &cobra.Command{ + var ( + fromFile string + ) + var command = &cobra.Command{ Use: "add", Short: "Adds a GPG public key to the server's keyring", Example: templates.Examples(` @@ -154,11 +160,12 @@ func NewGPGAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { } command.Flags().StringVarP(&fromFile, "from", "f", "", "Path to the file that contains the GPG public key to import") return command + } // NewGPGDeleteCommand removes a key from the server's keyring func NewGPGDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "rm KEYID", Short: "Removes a GPG public key from the server's keyring", Run: func(c *cobra.Command, args []string) { @@ -175,6 +182,7 @@ func NewGPGDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command }, } return command + } // Print table of certificate info diff --git a/cmd/argocd/commands/headless/headless.go b/cmd/argocd/commands/headless/headless.go index 9ef70ae1c4748..eca3cb0fb498a 100644 --- a/cmd/argocd/commands/headless/headless.go +++ b/cmd/argocd/commands/headless/headless.go @@ -9,7 +9,6 @@ import ( "time" "github.com/spf13/cobra" - "sigs.k8s.io/controller-runtime/pkg/client" "github.com/argoproj/argo-cd/v2/cmd/argocd/commands/initialize" "github.com/argoproj/argo-cd/v2/common" @@ -21,11 +20,10 @@ import ( "github.com/spf13/pflag" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" cache2 "k8s.io/client-go/tools/cache" "k8s.io/client-go/tools/clientcmd" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -145,8 +143,7 @@ func (c *forwardRepoClientset) NewRepoServerClient() (io.Closer, repoapiclient.R return } c.repoClientset = repoapiclient.NewRepoServerClientset(fmt.Sprintf("localhost:%d", repoServerPort), 60, repoapiclient.TLSConfiguration{ - DisableTLS: false, StrictValidation: false, - }) + DisableTLS: false, StrictValidation: false}) }) if c.err != nil { return nil, nil, c.err @@ -208,7 +205,7 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti log.SetLevel(log.ErrorLevel) os.Setenv(v1alpha1.EnvVarFakeInClusterConfig, "true") if address == nil { - address = ptr.To("localhost") + address = pointer.String("localhost") } if port == nil || *port == 0 { addr := fmt.Sprintf("%s:0", *address) @@ -233,17 +230,6 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti return fmt.Errorf("error creating kubernetes clientset: %w", err) } - dynamicClientset, err := dynamic.NewForConfig(restConfig) - if err != nil { - return fmt.Errorf("error creating kubernetes dynamic clientset: %w", err) - } - - controllerClientset, err := client.New(restConfig, client.Options{}) - if err != nil { - return fmt.Errorf("error creating kubernetes controller clientset: %w", err) - } - controllerClientset = client.NewDryRunClient(controllerClientset) - namespace, _, err := clientConfig.Namespace() if err != nil { return fmt.Errorf("error getting namespace: %w", err) @@ -255,21 +241,19 @@ func MaybeStartLocalServer(ctx context.Context, clientOpts *apiclient.ClientOpti } appstateCache := appstatecache.NewCache(cache.NewCache(&forwardCacheClient{namespace: namespace, context: ctxStr, compression: compression, redisHaProxyName: clientOpts.RedisHaProxyName, redisName: clientOpts.RedisName}), time.Hour) srv := server.NewServer(ctx, server.ArgoCDServerOpts{ - EnableGZip: false, - Namespace: namespace, - ListenPort: *port, - AppClientset: appClientset, - DisableAuth: true, - RedisClient: redis.NewClient(&redis.Options{Addr: mr.Addr()}), - Cache: servercache.NewCache(appstateCache, 0, 0, 0), - KubeClientset: kubeClientset, - DynamicClientset: dynamicClientset, - KubeControllerClientset: controllerClientset, - Insecure: true, - ListenHost: *address, - RepoClientset: &forwardRepoClientset{namespace: namespace, context: ctxStr, repoServerName: clientOpts.RepoServerName, kubeClientset: kubeClientset}, - EnableProxyExtension: false, - }, server.ApplicationSetOpts{}) + EnableGZip: false, + Namespace: namespace, + ListenPort: *port, + AppClientset: appClientset, + DisableAuth: true, + RedisClient: redis.NewClient(&redis.Options{Addr: mr.Addr()}), + Cache: servercache.NewCache(appstateCache, 0, 0, 0), + KubeClientset: kubeClientset, + Insecure: true, + ListenHost: *address, + RepoClientset: &forwardRepoClientset{namespace: namespace, context: ctxStr, repoServerName: clientOpts.RepoServerName, kubeClientset: kubeClientset}, + EnableProxyExtension: false, + }) srv.Init(ctx) lns, err := srv.Listen() diff --git a/cmd/argocd/commands/login.go b/cmd/argocd/commands/login.go index 72b89dae1771c..abb2b004291c2 100644 --- a/cmd/argocd/commands/login.go +++ b/cmd/argocd/commands/login.go @@ -31,21 +31,19 @@ import ( "github.com/argoproj/argo-cd/v2/util/localconfig" oidcutil "github.com/argoproj/argo-cd/v2/util/oidc" "github.com/argoproj/argo-cd/v2/util/rand" - oidcconfig "github.com/argoproj/argo-cd/v2/util/settings" ) // NewLoginCommand returns a new instance of `argocd login` command func NewLoginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - ctxName string - username string - password string - sso bool - ssoPort int - skipTestTLS bool - ssoLaunchBrowser bool + ctxName string + username string + password string + sso bool + ssoPort int + skipTestTLS bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "login SERVER", Short: "Log in to Argo CD", Long: "Log in to Argo CD", @@ -136,7 +134,7 @@ argocd login cd.argoproj.io --core`, errors.CheckError(err) oauth2conf, provider, err := acdClient.OIDCConfig(ctx, acdSet) errors.CheckError(err) - tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider, ssoLaunchBrowser) + tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider) } parser := jwt.NewParser(jwt.WithoutClaimsValidation()) claims := jwt.MapClaims{} @@ -185,7 +183,6 @@ argocd login cd.argoproj.io --core`, command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application") command.Flags(). BoolVar(&skipTestTLS, "skip-test-tls", false, "Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason)") - command.Flags().BoolVar(&ssoLaunchBrowser, "sso-launch-browser", true, "Automatically launch the system default browser when performing SSO login") return command } @@ -207,7 +204,6 @@ func oauth2Login( oidcSettings *settingspkg.OIDCConfig, oauth2conf *oauth2.Config, provider *oidc.Provider, - ssoLaunchBrowser bool, ) (string, string) { oauth2conf.RedirectURL = fmt.Sprintf("http://localhost:%d/auth/callback", port) oidcConf, err := oidcutil.ParseConfig(provider) @@ -307,8 +303,9 @@ func oauth2Login( http.HandleFunc("/auth/callback", callbackHandler) // Redirect user to login & consent page to ask for permission for the scopes specified above. + fmt.Printf("Opening browser for authentication\n") + var url string - var oidcconfig oidcconfig.OIDCConfig grantType := oidcutil.InferGrantType(oidcConf) opts := []oauth2.AuthCodeOption{oauth2.AccessTypeOffline} if claimsRequested := oidcSettings.GetIDTokenClaims(); claimsRequested != nil { @@ -319,9 +316,6 @@ func oauth2Login( case oidcutil.GrantTypeAuthorizationCode: opts = append(opts, oauth2.SetAuthURLParam("code_challenge", codeChallenge)) opts = append(opts, oauth2.SetAuthURLParam("code_challenge_method", "S256")) - if oidcconfig.DomainHint != "" { - opts = append(opts, oauth2.SetAuthURLParam("domain_hint", oidcconfig.DomainHint)) - } url = oauth2conf.AuthCodeURL(stateNonce, opts...) case oidcutil.GrantTypeImplicit: url, err = oidcutil.ImplicitFlowURL(oauth2conf, stateNonce, opts...) @@ -331,7 +325,8 @@ func oauth2Login( } fmt.Printf("Performing %s flow login: %s\n", grantType, url) time.Sleep(1 * time.Second) - ssoAuthFlow(url, ssoLaunchBrowser) + err = open.Start(url) + errors.CheckError(err) go func() { log.Debugf("Listen: %s", srv.Addr) if err := srv.ListenAndServe(); err != http.ErrServerClosed { @@ -363,13 +358,3 @@ func passwordLogin(ctx context.Context, acdClient argocdclient.Client, username, errors.CheckError(err) return createdSession.Token } - -func ssoAuthFlow(url string, ssoLaunchBrowser bool) { - if ssoLaunchBrowser { - fmt.Printf("Opening system default browser for authentication\n") - err := open.Start(url) - errors.CheckError(err) - } else { - fmt.Printf("To authenticate, copy-and-paste the following URL into your preferred browser: %s\n", url) - } -} diff --git a/cmd/argocd/commands/login_test.go b/cmd/argocd/commands/login_test.go index 420b484674901..3a7411b4b7fa3 100644 --- a/cmd/argocd/commands/login_test.go +++ b/cmd/argocd/commands/login_test.go @@ -1,39 +1,12 @@ package commands import ( - "io" - "os" "testing" - utils "github.com/argoproj/argo-cd/v2/util/io" - "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" ) -func captureStdout(callback func()) (string, error) { - oldStdout := os.Stdout - oldStderr := os.Stderr - r, w, err := os.Pipe() - if err != nil { - return "", err - } - os.Stdout = w - defer func() { - os.Stdout = oldStdout - os.Stderr = oldStderr - }() - - callback() - utils.Close(w) - - data, err := io.ReadAll(r) - if err != nil { - return "", err - } - return string(data), err -} - func Test_userDisplayName_email(t *testing.T) { claims := jwt.MapClaims{"iss": "qux", "sub": "foo", "email": "firstname.lastname@example.com", "groups": []string{"baz"}} actualName := userDisplayName(claims) @@ -54,11 +27,3 @@ func Test_userDisplayName_sub(t *testing.T) { expectedName := "foo" assert.Equal(t, expectedName, actualName) } - -func Test_ssoAuthFlow_ssoLaunchBrowser_false(t *testing.T) { - out, _ := captureStdout(func() { - ssoAuthFlow("http://test-sso-browser-flow.com", false) - }) - - assert.Contains(t, out, "To authenticate, copy-and-paste the following URL into your preferred browser: http://test-sso-browser-flow.com") -} diff --git a/cmd/argocd/commands/logout.go b/cmd/argocd/commands/logout.go index ec532a81ed1ef..f64c57ccc89cc 100644 --- a/cmd/argocd/commands/logout.go +++ b/cmd/argocd/commands/logout.go @@ -14,7 +14,7 @@ import ( // NewLogoutCommand returns a new instance of `argocd logout` command func NewLogoutCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "logout CONTEXT", Short: "Log out from Argo CD", Long: "Log out from Argo CD", diff --git a/cmd/argocd/commands/logout_test.go b/cmd/argocd/commands/logout_test.go index 2a5c2da7b88f8..f70992c17bb93 100644 --- a/cmd/argocd/commands/logout_test.go +++ b/cmd/argocd/commands/logout_test.go @@ -12,25 +12,26 @@ import ( ) func TestLogout(t *testing.T) { + // Write the test config file err := os.WriteFile(testConfigFilePath, []byte(testConfig), os.ModePerm) - require.NoError(t, err) + assert.NoError(t, err) defer os.Remove(testConfigFilePath) - err = os.Chmod(testConfigFilePath, 0o600) + err = os.Chmod(testConfigFilePath, 0600) require.NoError(t, err) localConfig, err := localconfig.ReadLocalConfig(testConfigFilePath) - require.NoError(t, err) - assert.Equal(t, "localhost:8080", localConfig.CurrentContext) + assert.NoError(t, err) + assert.Equal(t, localConfig.CurrentContext, "localhost:8080") assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "localhost:8080", Server: "localhost:8080", User: "localhost:8080"}) command := NewLogoutCommand(&argocdclient.ClientOptions{ConfigPath: testConfigFilePath}) command.Run(nil, []string{"localhost:8080"}) localConfig, err = localconfig.ReadLocalConfig(testConfigFilePath) - require.NoError(t, err) - assert.Equal(t, "localhost:8080", localConfig.CurrentContext) + assert.NoError(t, err) + assert.Equal(t, localConfig.CurrentContext, "localhost:8080") assert.NotContains(t, localConfig.Users, localconfig.User{AuthToken: "vErrYS3c3tReFRe$hToken", Name: "localhost:8080"}) assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd1.example.com:443", Server: "argocd1.example.com:443", User: "argocd1.example.com:443"}) assert.Contains(t, localConfig.Contexts, localconfig.ContextRef{Name: "argocd2.example.com:443", Server: "argocd2.example.com:443", User: "argocd2.example.com:443"}) diff --git a/cmd/argocd/commands/project.go b/cmd/argocd/commands/project.go index 8cbb637c484e3..be7517b843375 100644 --- a/cmd/argocd/commands/project.go +++ b/cmd/argocd/commands/project.go @@ -37,7 +37,7 @@ type policyOpts struct { // NewProjectCommand returns a new instance of an `argocd proj` command func NewProjectCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "proj", Short: "Manage projects", Example: templates.Examples(` @@ -101,7 +101,7 @@ func NewProjectCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comm fileURL string upsert bool ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "create PROJECT", Short: "Create a project", Example: templates.Examples(` @@ -135,8 +135,10 @@ func NewProjectCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comm // NewProjectSetCommand returns a new instance of an `argocd proj set` command func NewProjectSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var opts cmdutil.ProjectOpts - command := &cobra.Command{ + var ( + opts cmdutil.ProjectOpts + ) + var command = &cobra.Command{ Use: "set PROJECT", Short: "Set project parameters", Example: templates.Examples(` @@ -176,7 +178,7 @@ func NewProjectSetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command // NewProjectAddSignatureKeyCommand returns a new instance of an `argocd proj add-signature-key` command func NewProjectAddSignatureKeyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add-signature-key PROJECT KEY-ID", Short: "Add GnuPG signature key to project", Example: templates.Examples(` @@ -218,7 +220,7 @@ func NewProjectAddSignatureKeyCommand(clientOpts *argocdclient.ClientOptions) *c // NewProjectRemoveSignatureKeyCommand returns a new instance of an `argocd proj remove-signature-key` command func NewProjectRemoveSignatureKeyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "remove-signature-key PROJECT KEY-ID", Short: "Remove GnuPG signature key from project", Example: templates.Examples(` @@ -272,7 +274,7 @@ func NewProjectAddDestinationCommand(clientOpts *argocdclient.ClientOptions) *co return v1alpha1.ApplicationDestination{Server: destination, Namespace: namespace} } - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add-destination PROJECT SERVER/NAME NAMESPACE", Short: "Add project destination", Example: templates.Examples(` @@ -316,7 +318,7 @@ func NewProjectAddDestinationCommand(clientOpts *argocdclient.ClientOptions) *co // NewProjectRemoveDestinationCommand returns a new instance of an `argocd proj remove-destination` command func NewProjectRemoveDestinationCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "remove-destination PROJECT SERVER NAMESPACE", Short: "Remove project destination", Example: templates.Examples(` @@ -361,8 +363,10 @@ func NewProjectRemoveDestinationCommand(clientOpts *argocdclient.ClientOptions) // NewProjectAddOrphanedIgnoreCommand returns a new instance of an `argocd proj add-orphaned-ignore` command func NewProjectAddOrphanedIgnoreCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var name string - command := &cobra.Command{ + var ( + name string + ) + var command = &cobra.Command{ Use: "add-orphaned-ignore PROJECT GROUP KIND", Short: "Add a resource to orphaned ignore list", Example: templates.Examples(` @@ -411,8 +415,10 @@ func NewProjectAddOrphanedIgnoreCommand(clientOpts *argocdclient.ClientOptions) // NewProjectRemoveOrphanedIgnoreCommand returns a new instance of an `argocd proj remove-orphaned-ignore` command func NewProjectRemoveOrphanedIgnoreCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var name string - command := &cobra.Command{ + var ( + name string + ) + var command = &cobra.Command{ Use: "remove-orphaned-ignore PROJECT GROUP KIND", Short: "Remove a resource from orphaned ignore list", Example: templates.Examples(` @@ -465,7 +471,7 @@ func NewProjectRemoveOrphanedIgnoreCommand(clientOpts *argocdclient.ClientOption // NewProjectAddSourceCommand returns a new instance of an `argocd proj add-src` command func NewProjectAddSourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add-source PROJECT URL", Short: "Add project source repository", Example: templates.Examples(` @@ -507,7 +513,7 @@ func NewProjectAddSourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.C // NewProjectAddSourceNamespace returns a new instance of an `argocd proj add-source-namespace` command func NewProjectAddSourceNamespace(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add-source-namespace PROJECT NAMESPACE", Short: "Add source namespace to the AppProject", Example: templates.Examples(` @@ -545,7 +551,7 @@ func NewProjectAddSourceNamespace(clientOpts *argocdclient.ClientOptions) *cobra // NewProjectRemoveSourceNamespace returns a new instance of an `argocd proj remove-source-namespace` command func NewProjectRemoveSourceNamespace(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "remove-source-namespace PROJECT NAMESPACE", Short: "Removes the source namespace from the AppProject", Example: templates.Examples(` @@ -626,7 +632,7 @@ func modifyResourceListCmd(cmdUse, cmdDesc, examples string, clientOpts *argocdc } else { defaultList = "allow" } - command := &cobra.Command{ + var command = &cobra.Command{ Use: cmdUse, Short: cmdDesc, Example: templates.Examples(examples), @@ -720,7 +726,7 @@ func NewProjectAllowClusterResourceCommand(clientOpts *argocdclient.ClientOption // NewProjectRemoveSourceCommand returns a new instance of an `argocd proj remove-src` command func NewProjectRemoveSourceCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "remove-source PROJECT URL", Short: "Remove project source repository", Example: templates.Examples(` @@ -764,7 +770,7 @@ func NewProjectRemoveSourceCommand(clientOpts *argocdclient.ClientOptions) *cobr // NewProjectDeleteCommand returns a new instance of an `argocd proj delete` command func NewProjectDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "delete PROJECT", Short: "Delete project", Example: templates.Examples(` @@ -808,8 +814,10 @@ func printProjectTable(projects []v1alpha1.AppProject) { // NewProjectListCommand returns a new instance of an `argocd proj list` command func NewProjectListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "list", Short: "List projects", Example: templates.Examples(` @@ -921,7 +929,7 @@ func printProject(p *v1alpha1.AppProject, scopedRepositories []*v1alpha1.Reposit fmt.Printf(printProjFmtStr, "", p.Spec.SourceRepos[i]) } - // Print scoped repositories + //Print scoped repositories scr0 := "" if len(scopedRepositories) > 0 { scr0 = scopedRepositories[0].Repo @@ -941,7 +949,7 @@ func printProject(p *v1alpha1.AppProject, scopedRepositories []*v1alpha1.Reposit fmt.Printf(printProjFmtStr, "", fmt.Sprintf("%s/%s", p.Spec.ClusterResourceWhitelist[i].Group, p.Spec.ClusterResourceWhitelist[i].Kind)) } - // Print scoped clusters + //Print scoped clusters scc0 := "" if len(scopedClusters) > 0 { scc0 = scopedClusters[0].Server @@ -973,12 +981,15 @@ func printProject(p *v1alpha1.AppProject, scopedRepositories []*v1alpha1.Reposit fmt.Printf(printProjFmtStr, "Signature keys:", signatureKeysStr) fmt.Printf(printProjFmtStr, "Orphaned Resources:", formatOrphanedResources(p)) + } // NewProjectGetCommand returns a new instance of an `argocd proj get` command func NewProjectGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "get PROJECT", Short: "Get project details", Example: templates.Examples(` @@ -1023,7 +1034,7 @@ func getProject(c *cobra.Command, clientOpts *argocdclient.ClientOptions, ctx co } func NewProjectEditCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "edit PROJECT", Short: "Edit project", Example: templates.Examples(` diff --git a/cmd/argocd/commands/project_role.go b/cmd/argocd/commands/project_role.go index 023bf18fba700..5920bac0dc8e4 100644 --- a/cmd/argocd/commands/project_role.go +++ b/cmd/argocd/commands/project_role.go @@ -51,8 +51,10 @@ func NewProjectRoleCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comman // NewProjectRoleAddPolicyCommand returns a new instance of an `argocd proj role add-policy` command func NewProjectRoleAddPolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var opts policyOpts - command := &cobra.Command{ + var ( + opts policyOpts + ) + var command = &cobra.Command{ Use: "add-policy PROJECT ROLE-NAME", Short: "Add a policy to a project role", Example: `# Before adding new policy @@ -110,8 +112,10 @@ ID ISSUED-AT EXPIRES-AT // NewProjectRoleRemovePolicyCommand returns a new instance of an `argocd proj role remove-policy` command func NewProjectRoleRemovePolicyCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var opts policyOpts - command := &cobra.Command{ + var ( + opts policyOpts + ) + var command = &cobra.Command{ Use: "remove-policy PROJECT ROLE-NAME", Short: "Remove a policy from a role within a project", Example: `List the policy of the test-role before removing a policy @@ -179,8 +183,10 @@ ID ISSUED-AT EXPIRES-AT // NewProjectRoleCreateCommand returns a new instance of an `argocd proj role create` command func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var description string - command := &cobra.Command{ + var ( + description string + ) + var command = &cobra.Command{ Use: "create PROJECT ROLE-NAME", Short: "Create a project role", Example: templates.Examples(` @@ -221,7 +227,7 @@ func NewProjectRoleCreateCommand(clientOpts *argocdclient.ClientOptions) *cobra. // NewProjectRoleDeleteCommand returns a new instance of an `argocd proj role delete` command func NewProjectRoleDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "delete PROJECT ROLE-NAME", Short: "Delete a project role", Example: `$ argocd proj role delete test-project test-role`, @@ -271,7 +277,7 @@ func NewProjectRoleCreateTokenCommand(clientOpts *argocdclient.ClientOptions) *c outputTokenOnly bool tokenID string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "create-token PROJECT ROLE-NAME", Short: "Create a project token", Example: `$ argocd proj role create-token test-project test-role @@ -308,7 +314,7 @@ Create token succeeded for proj:test-project:test-role. token, err := jwtgo.Parse(tokenResponse.Token, nil) if token == nil { - err = fmt.Errorf("received malformed token %w", err) + err = fmt.Errorf("received malformed token %v", err) errors.CheckError(err) return } @@ -340,8 +346,10 @@ Create token succeeded for proj:test-project:test-role. } func NewProjectRoleListTokensCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var useUnixTime bool - command := &cobra.Command{ + var ( + useUnixTime bool + ) + var command = &cobra.Command{ Use: "list-tokens PROJECT ROLE-NAME", Short: "List tokens for a given role.", Example: `$ argocd proj role list-tokens test-project test-role @@ -397,7 +405,7 @@ fa9d3517-c52d-434c-9bff-215b38508842 2023-10-08T11:08:18+01:00 Never // NewProjectRoleDeleteTokenCommand returns a new instance of an `argocd proj role delete-token` command func NewProjectRoleDeleteTokenCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "delete-token PROJECT ROLE-NAME ISSUED-AT", Short: "Delete a project token", Example: `#Create project test-project @@ -469,8 +477,10 @@ func printProjectRoleListTable(roles []v1alpha1.ProjectRole) { // NewProjectRoleListCommand returns a new instance of an `argocd proj roles list` command func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "list PROJECT", Short: "List all the roles in a project", Example: templates.Examples(` @@ -514,7 +524,7 @@ func NewProjectRoleListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Co // NewProjectRoleGetCommand returns a new instance of an `argocd proj roles get` command func NewProjectRoleGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "get PROJECT ROLE-NAME", Short: "Get the details of a specific role", Example: `$ argocd proj role get test-project test-role @@ -569,7 +579,7 @@ ID ISSUED-AT EXPIRES-AT // NewProjectRoleAddGroupCommand returns a new instance of an `argocd proj role add-group` command func NewProjectRoleAddGroupCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add-group PROJECT ROLE-NAME GROUP-CLAIM", Short: "Add a group claim to a project role", Run: func(c *cobra.Command, args []string) { @@ -600,7 +610,7 @@ func NewProjectRoleAddGroupCommand(clientOpts *argocdclient.ClientOptions) *cobr // NewProjectRoleRemoveGroupCommand returns a new instance of an `argocd proj role remove-group` command func NewProjectRoleRemoveGroupCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "remove-group PROJECT ROLE-NAME GROUP-CLAIM", Short: "Remove a group claim from a role within a project", Run: func(c *cobra.Command, args []string) { diff --git a/cmd/argocd/commands/projectwindows.go b/cmd/argocd/commands/projectwindows.go index d824222306419..93843130ebb13 100644 --- a/cmd/argocd/commands/projectwindows.go +++ b/cmd/argocd/commands/projectwindows.go @@ -50,7 +50,7 @@ argocd proj windows list `, // NewProjectWindowsDisableManualSyncCommand returns a new instance of an `argocd proj windows disable-manual-sync` command func NewProjectWindowsDisableManualSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "disable-manual-sync PROJECT ID", Short: "Disable manual sync for a sync window", Long: "Disable manual sync for a sync window. Requires ID which can be found by running \"argocd proj windows list PROJECT\"", @@ -58,7 +58,7 @@ func NewProjectWindowsDisableManualSyncCommand(clientOpts *argocdclient.ClientOp #Disable manual sync for a sync window for the Project argocd proj windows disable-manual-sync PROJECT ID -#Disabling manual sync for a windows set on the default project with Id 0 +#Disbaling manual sync for a windows set on the default project with Id 0 argocd proj windows disable-manual-sync default 0`, Run: func(c *cobra.Command, args []string) { ctx := c.Context() @@ -93,7 +93,7 @@ argocd proj windows disable-manual-sync default 0`, // NewProjectWindowsEnableManualSyncCommand returns a new instance of an `argocd proj windows enable-manual-sync` command func NewProjectWindowsEnableManualSyncCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "enable-manual-sync PROJECT ID", Short: "Enable manual sync for a sync window", Long: "Enable manual sync for a sync window. Requires ID which can be found by running \"argocd proj windows list PROJECT\"", @@ -149,7 +149,7 @@ func NewProjectWindowsAddWindowCommand(clientOpts *argocdclient.ClientOptions) * manualSync bool timeZone string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add PROJECT", Short: "Add a sync window to a project", Example: ` @@ -205,7 +205,7 @@ argocd proj windows add PROJECT \ // NewProjectWindowsDeleteCommand returns a new instance of an `argocd proj windows delete` command func NewProjectWindowsDeleteCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "delete PROJECT ID", Short: "Delete a sync window from a project. Requires ID which can be found by running \"argocd proj windows list PROJECT\"", Example: ` @@ -252,7 +252,7 @@ func NewProjectWindowsUpdateCommand(clientOpts *argocdclient.ClientOptions) *cob clusters []string timeZone string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "update PROJECT ID", Short: "Update a project sync window", Long: "Update a project sync window. Requires ID which can be found by running \"argocd proj windows list PROJECT\"", @@ -302,8 +302,10 @@ argocd proj windows update PROJECT ID \ // NewProjectWindowsListCommand returns a new instance of an `argocd proj windows list` command func NewProjectWindowsListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "list PROJECT", Short: "List project sync windows", Example: ` @@ -379,7 +381,6 @@ func formatListOutput(list []string) string { } return o } - func formatBoolOutput(active bool) string { var o string if active { @@ -389,7 +390,6 @@ func formatBoolOutput(active bool) string { } return o } - func formatManualOutput(active bool) string { var o string if active { diff --git a/cmd/argocd/commands/relogin.go b/cmd/argocd/commands/relogin.go index effb0239c051b..92affe05b2e5b 100644 --- a/cmd/argocd/commands/relogin.go +++ b/cmd/argocd/commands/relogin.go @@ -20,11 +20,10 @@ import ( // NewReloginCommand returns a new instance of `argocd relogin` command func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Command { var ( - password string - ssoPort int - ssoLaunchBrowser bool + password string + ssoPort int ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "relogin", Short: "Refresh an expired authenticate token", Long: "Refresh an expired authenticate token", @@ -73,7 +72,7 @@ func NewReloginCommand(globalClientOpts *argocdclient.ClientOptions) *cobra.Comm errors.CheckError(err) oauth2conf, provider, err := acdClient.OIDCConfig(ctx, acdSet) errors.CheckError(err) - tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider, ssoLaunchBrowser) + tokenString, refreshToken = oauth2Login(ctx, ssoPort, acdSet.GetOIDCConfig(), oauth2conf, provider) } localCfg.UpsertUser(localconfig.User{ @@ -100,6 +99,5 @@ argocd login cd.argoproj.io --core } command.Flags().StringVar(&password, "password", "", "The password of an account to authenticate") command.Flags().IntVar(&ssoPort, "sso-port", DefaultSSOLocalPort, "Port to run local OAuth2 login application") - command.Flags().BoolVar(&ssoLaunchBrowser, "sso-launch-browser", true, "Automatically launch the default browser when performing SSO login") return command } diff --git a/cmd/argocd/commands/relogin_test.go b/cmd/argocd/commands/relogin_test.go index 9b6e1e7d83b47..eb6c4cd2d2f2d 100644 --- a/cmd/argocd/commands/relogin_test.go +++ b/cmd/argocd/commands/relogin_test.go @@ -5,7 +5,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" ) @@ -29,7 +28,7 @@ func TestNewReloginCommand(t *testing.T) { ssoPortFlag := cmd.Flags().Lookup("sso-port") port, err := strconv.Atoi(ssoPortFlag.Value.String()) assert.NotNil(t, ssoPortFlag, "Expected flag --sso-port to be defined") - require.NoError(t, err, "Failed to convert sso-port flag value to integer") + assert.NoError(t, err, "Failed to convert sso-port flag value to integer") assert.Equal(t, 8085, port, "Unexpected default value for --sso-port flag") } @@ -60,6 +59,6 @@ func TestNewReloginCommandWithGlobalClientOptions(t *testing.T) { ssoPortFlag := cmd.Flags().Lookup("sso-port") port, err := strconv.Atoi(ssoPortFlag.Value.String()) assert.NotNil(t, ssoPortFlag, "Expected flag --sso-port to be defined") - require.NoError(t, err, "Failed to convert sso-port flag value to integer") + assert.NoError(t, err, "Failed to convert sso-port flag value to integer") assert.Equal(t, 8085, port, "Unexpected default value for --sso-port flag") } diff --git a/cmd/argocd/commands/repo.go b/cmd/argocd/commands/repo.go index 35b1aebb04bf8..1a5b4388fbeba 100644 --- a/cmd/argocd/commands/repo.go +++ b/cmd/argocd/commands/repo.go @@ -22,7 +22,7 @@ import ( // NewRepoCommand returns a new instance of an `argocd repo` command func NewRepoCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "repo", Short: "Manage repository connection parameters", Run: func(c *cobra.Command, args []string) { @@ -53,10 +53,12 @@ argocd repo rm https://github.com/yourusername/your-repo.git // NewRepoAddCommand returns a new instance of an `argocd repo add` command func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var repoOpts cmdutil.RepoOptions + var ( + repoOpts cmdutil.RepoOptions + ) // For better readability and easier formatting - repoAddExamples := ` # Add a Git repository via SSH using a private key for authentication, ignoring the server's host key: + var repoAddExamples = ` # Add a Git repository via SSH using a private key for authentication, ignoring the server's host key: argocd repo add git@git.example.com:repos/repo --insecure-ignore-host-key --ssh-private-key-path ~/id_rsa # Add a Git repository via SSH on a non-default port - need to use ssh:// style URLs here @@ -93,7 +95,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { argocd repo add https://source.developers.google.com/p/my-google-cloud-project/r/my-repo --gcp-service-account-key-path service-account-key.json ` - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add REPOURL", Short: "Add git repository connection parameters", Example: repoAddExamples, @@ -240,8 +242,7 @@ func NewRepoAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { // NewRepoRemoveCommand returns a new instance of an `argocd repo remove` command func NewRepoRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var project string - command := &cobra.Command{ + var command = &cobra.Command{ Use: "rm REPO", Short: "Remove repository credentials", Run: func(c *cobra.Command, args []string) { @@ -254,13 +255,12 @@ func NewRepoRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command conn, repoIf := headless.NewClientOrDie(clientOpts, c).NewRepoClientOrDie() defer io.Close(conn) for _, repoURL := range args { - _, err := repoIf.DeleteRepository(ctx, &repositorypkg.RepoQuery{Repo: repoURL, AppProject: project}) + _, err := repoIf.DeleteRepository(ctx, &repositorypkg.RepoQuery{Repo: repoURL}) errors.CheckError(err) fmt.Printf("Repository '%s' removed\n", repoURL) } }, } - command.Flags().StringVar(&project, "project", "", "project of the repository") return command } @@ -294,7 +294,7 @@ func NewRepoListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { output string refresh string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "list", Short: "List configured repositories", Run: func(c *cobra.Command, args []string) { @@ -337,9 +337,8 @@ func NewRepoGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { var ( output string refresh string - project string ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: "get", Short: "Get a configured repository by URL", Run: func(c *cobra.Command, args []string) { @@ -363,7 +362,7 @@ func NewRepoGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { err := fmt.Errorf("--refresh must be one of: 'hard'") errors.CheckError(err) } - repo, err := repoIf.Get(ctx, &repositorypkg.RepoQuery{Repo: repoURL, ForceRefresh: forceRefresh, AppProject: project}) + repo, err := repoIf.Get(ctx, &repositorypkg.RepoQuery{Repo: repoURL, ForceRefresh: forceRefresh}) errors.CheckError(err) switch output { case "yaml", "json": @@ -379,8 +378,6 @@ func NewRepoGetCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { } }, } - - command.Flags().StringVar(&project, "project", "", "project of the repository") command.Flags().StringVarP(&output, "output", "o", "wide", "Output format. One of: json|yaml|wide|url") command.Flags().StringVar(&refresh, "refresh", "", "Force a cache refresh on connection status , must be one of: 'hard'") return command diff --git a/cmd/argocd/commands/repocreds.go b/cmd/argocd/commands/repocreds.go index fa6c20c8c3f98..e43b9713a2927 100644 --- a/cmd/argocd/commands/repocreds.go +++ b/cmd/argocd/commands/repocreds.go @@ -22,7 +22,7 @@ import ( // NewRepoCredsCommand returns a new instance of an `argocd repocreds` command func NewRepoCredsCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "repocreds", Short: "Manage repository connection parameters", Example: templates.Examples(` @@ -60,7 +60,7 @@ func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma ) // For better readability and easier formatting - repocredsAddExamples := ` # Add credentials with user/pass authentication to use for all repositories under https://git.example.com/repos + var repocredsAddExamples = ` # Add credentials with user/pass authentication to use for all repositories under https://git.example.com/repos argocd repocreds add https://git.example.com/repos/ --username git --password secret # Add credentials with SSH private key authentication to use for all repositories under ssh://git@git.example.com/repos @@ -79,7 +79,7 @@ func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma argocd repocreds add https://source.developers.google.com/p/my-google-cloud-project/r/ --gcp-service-account-key-path service-account-key.json ` - command := &cobra.Command{ + var command = &cobra.Command{ Use: "add REPOURL", Short: "Add git repository connection parameters", Example: repocredsAddExamples, @@ -192,7 +192,7 @@ func NewRepoCredsAddCommand(clientOpts *argocdclient.ClientOptions) *cobra.Comma // NewRepoCredsRemoveCommand returns a new instance of an `argocd repocreds rm` command func NewRepoCredsRemoveCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "rm CREDSURL", Short: "Remove repository credentials", Example: templates.Examples(` @@ -240,8 +240,10 @@ func printRepoCredsUrls(repos []appsv1.RepoCreds) { // NewRepoCredsListCommand returns a new instance of an `argocd repo list` command func NewRepoCredsListCommand(clientOpts *argocdclient.ClientOptions) *cobra.Command { - var output string - command := &cobra.Command{ + var ( + output string + ) + var command = &cobra.Command{ Use: "list", Short: "List configured repository credentials", Example: templates.Examples(` diff --git a/cmd/argocd/commands/root.go b/cmd/argocd/commands/root.go index 10e6bed36377e..5c3b984e5bff5 100644 --- a/cmd/argocd/commands/root.go +++ b/cmd/argocd/commands/root.go @@ -34,7 +34,7 @@ func NewCommand() *cobra.Command { pathOpts = clientcmd.NewDefaultPathOptions() ) - command := &cobra.Command{ + var command = &cobra.Command{ Use: cliName, Short: "argocd controls a Argo CD server", Run: func(c *cobra.Command, args []string) { @@ -75,11 +75,11 @@ func NewCommand() *cobra.Command { command.PersistentFlags().StringVar(&clientOpts.GRPCWebRootPath, "grpc-web-root-path", config.GetFlag("grpc-web-root-path", ""), "Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.") command.PersistentFlags().StringVar(&cmdutil.LogFormat, "logformat", config.GetFlag("logformat", "text"), "Set the logging format. One of: text|json") command.PersistentFlags().StringVar(&cmdutil.LogLevel, "loglevel", config.GetFlag("loglevel", "info"), "Set the logging level. One of: debug|info|warn|error") - command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", config.GetStringSliceFlag("header", []string{}), "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)") + command.PersistentFlags().StringSliceVarP(&clientOpts.Headers, "header", "H", []string{}, "Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)") command.PersistentFlags().BoolVar(&clientOpts.PortForward, "port-forward", config.GetBoolFlag("port-forward"), "Connect to a random argocd-server port using port forwarding") command.PersistentFlags().StringVar(&clientOpts.PortForwardNamespace, "port-forward-namespace", config.GetFlag("port-forward-namespace", ""), "Namespace name which should be used for port forwarding") - command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", config.GetIntFlag("http-retry-max", 0), "Maximum number of retries to establish http connection to Argo CD server") - command.PersistentFlags().BoolVar(&clientOpts.Core, "core", config.GetBoolFlag("core"), "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server") + command.PersistentFlags().IntVar(&clientOpts.HttpRetryMax, "http-retry-max", 0, "Maximum number of retries to establish http connection to Argo CD server") + command.PersistentFlags().BoolVar(&clientOpts.Core, "core", false, "If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server") command.PersistentFlags().StringVar(&clientOpts.ServerName, "server-name", env.StringFromEnv(common.EnvServerName, common.DefaultServerName), fmt.Sprintf("Name of the Argo CD API server; set this or the %s environment variable when the server's name label differs from the default, for example when installing via the Helm chart", common.EnvServerName)) command.PersistentFlags().StringVar(&clientOpts.AppControllerName, "controller-name", env.StringFromEnv(common.EnvAppControllerName, common.DefaultApplicationControllerName), fmt.Sprintf("Name of the Argo CD Application controller; set this or the %s environment variable when the controller's name label differs from the default, for example when installing via the Helm chart", common.EnvAppControllerName)) command.PersistentFlags().StringVar(&clientOpts.RedisHaProxyName, "redis-haproxy-name", env.StringFromEnv(common.EnvRedisHaProxyName, common.DefaultRedisHaProxyName), fmt.Sprintf("Name of the Redis HA Proxy; set this or the %s environment variable when the HA Proxy's name label differs from the default, for example when installing via the Helm chart", common.EnvRedisHaProxyName)) diff --git a/cmd/argocd/commands/tree.go b/cmd/argocd/commands/tree.go index 904b2e7d689ef..5261adb5b7f4a 100644 --- a/cmd/argocd/commands/tree.go +++ b/cmd/argocd/commands/tree.go @@ -6,10 +6,9 @@ import ( "text/tabwriter" "time" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/gitops-engine/pkg/health" "k8s.io/apimachinery/pkg/util/duration" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) const ( @@ -46,11 +45,12 @@ func treeViewAppGet(prefix string, uidToNodeMap map[string]v1alpha1.ResourceNode } treeViewAppGet(p, uidToNodeMap, parentToChildMap, uidToNodeMap[childUid], mapNodeNameToResourceState, w) } + } func detailedTreeViewAppGet(prefix string, uidToNodeMap map[string]v1alpha1.ResourceNode, parentChildMap map[string][]string, parent v1alpha1.ResourceNode, mapNodeNameToResourceState map[string]*resourceState, w *tabwriter.Writer) { healthStatus, reason := extractHealthStatusAndReason(parent) - age := "" + var age = "" if parent.CreatedAt != nil { age = duration.HumanDuration(time.Since(parent.CreatedAt.Time)) } @@ -60,6 +60,7 @@ func detailedTreeViewAppGet(prefix string, uidToNodeMap map[string]v1alpha1.Reso _, _ = fmt.Fprintf(w, "%s%s\t%s\t%s\t%s\t%s\t%s\n", printPrefix(prefix), parent.Kind+"/"+value.Name, value.Status, value.Health, age, value.Message, reason) } else { _, _ = fmt.Fprintf(w, "%s%s\t%s\t%s\t%s\t%s\t%s\n", printPrefix(prefix), parent.Kind+"/"+parent.Name, "", healthStatus, age, "", reason) + } chs := parentChildMap[parent.UID] for i, child := range chs { @@ -107,9 +108,10 @@ func treeViewAppResourcesOrphaned(prefix string, uidToNodeMap map[string]v1alpha } func detailedTreeViewAppResourcesNotOrphaned(prefix string, uidToNodeMap map[string]v1alpha1.ResourceNode, parentChildMap map[string][]string, parent v1alpha1.ResourceNode, w *tabwriter.Writer) { + if len(parent.ParentRefs) == 0 { healthStatus, reason := extractHealthStatusAndReason(parent) - age := "" + var age = "" if parent.CreatedAt != nil { age = duration.HumanDuration(time.Since(parent.CreatedAt.Time)) } @@ -130,7 +132,7 @@ func detailedTreeViewAppResourcesNotOrphaned(prefix string, uidToNodeMap map[str func detailedTreeViewAppResourcesOrphaned(prefix string, uidToNodeMap map[string]v1alpha1.ResourceNode, parentChildMap map[string][]string, parent v1alpha1.ResourceNode, w *tabwriter.Writer) { healthStatus, reason := extractHealthStatusAndReason(parent) - age := "" + var age = "" if parent.CreatedAt != nil { age = duration.HumanDuration(time.Since(parent.CreatedAt.Time)) } @@ -150,6 +152,7 @@ func detailedTreeViewAppResourcesOrphaned(prefix string, uidToNodeMap map[string } func printPrefix(p string) string { + if strings.HasSuffix(p, firstElemPrefix) { p = strings.Replace(p, firstElemPrefix, pipe, strings.Count(p, firstElemPrefix)-1) } else { diff --git a/cmd/argocd/commands/tree_test.go b/cmd/argocd/commands/tree_test.go index 70f7a86ae759e..91ffb9b963d01 100644 --- a/cmd/argocd/commands/tree_test.go +++ b/cmd/argocd/commands/tree_test.go @@ -5,9 +5,8 @@ import ( "testing" "text/tabwriter" - "github.com/stretchr/testify/assert" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/stretchr/testify/assert" ) func TestTreeViewAppGet(t *testing.T) { diff --git a/cmd/argocd/commands/version_test.go b/cmd/argocd/commands/version_test.go index 54bfb21b18b61..3312e5ad958b6 100644 --- a/cmd/argocd/commands/version_test.go +++ b/cmd/argocd/commands/version_test.go @@ -4,10 +4,9 @@ import ( "bytes" "testing" - "github.com/stretchr/testify/assert" - argocdclient "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apiclient/version" + "github.com/stretchr/testify/assert" ) func TestShortVersionClient(t *testing.T) { @@ -20,7 +19,7 @@ func TestShortVersionClient(t *testing.T) { t.Fatal("Failed to execute short version command") } output := buf.String() - assert.Equal(t, "argocd: v99.99.99+unknown\n", output) + assert.Equal(t, output, "argocd: v99.99.99+unknown\n") } func TestShortVersion(t *testing.T) { @@ -34,5 +33,5 @@ func TestShortVersion(t *testing.T) { t.Fatal("Failed to execute short version command") } output := buf.String() - assert.Equal(t, "argocd: v99.99.99+unknown\nargocd-server: v99.99.99+unknown\n", output) + assert.Equal(t, output, "argocd: v99.99.99+unknown\nargocd-server: v99.99.99+unknown\n") } diff --git a/cmd/util/app.go b/cmd/util/app.go index 1ac606a22ba5c..cfb356e293afc 100644 --- a/cmd/util/app.go +++ b/cmd/util/app.go @@ -17,7 +17,7 @@ import ( "github.com/spf13/cobra" "github.com/spf13/pflag" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/pkg/apis/application" argoappv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -218,7 +218,7 @@ func SetAppSpecOptions(flags *pflag.FlagSet, spec *argoappv1.ApplicationSpec, ap Backoff: &argoappv1.Backoff{ Duration: appOpts.retryBackoffDuration.String(), MaxDuration: appOpts.retryBackoffMaxDuration.String(), - Factor: ptr.To(appOpts.retryBackoffFactor), + Factor: pointer.Int64(appOpts.retryBackoffFactor), }, } } else if appOpts.retryLimit == 0 { @@ -434,8 +434,10 @@ func SetParameterOverrides(app *argoappv1.Application, parameters []string, inde sourceType = *st } else if app.Status.SourceType != "" { sourceType = app.Status.SourceType - } else if len(strings.SplitN(parameters[0], "=", 2)) == 2 { - sourceType = argoappv1.ApplicationSourceTypeHelm + } else { + if len(strings.SplitN(parameters[0], "=", 2)) == 2 { + sourceType = argoappv1.ApplicationSourceTypeHelm + } } switch sourceType { @@ -481,12 +483,13 @@ func readAppsFromStdin(apps *[]*argoappv1.Application) error { } err = readApps(data, apps) if err != nil { - return fmt.Errorf("unable to read manifest from stdin: %w", err) + return fmt.Errorf("unable to read manifest from stdin: %v", err) } return nil } func readAppsFromURI(fileURL string, apps *[]*argoappv1.Application) error { + readFilePayload := func() ([]byte, error) { parsedURL, err := url.ParseRequestURI(fileURL) if err != nil || !(parsedURL.Scheme == "http" || parsedURL.Scheme == "https") { diff --git a/cmd/util/app_test.go b/cmd/util/app_test.go index dcaae6ea8031e..784384b233351 100644 --- a/cmd/util/app_test.go +++ b/cmd/util/app_test.go @@ -7,7 +7,6 @@ import ( log "github.com/sirupsen/logrus" "github.com/spf13/cobra" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -28,7 +27,7 @@ func Test_setHelmOpt(t *testing.T) { t.Run("IgnoreMissingValueFiles", func(t *testing.T) { src := v1alpha1.ApplicationSource{} setHelmOpt(&src, helmOpts{ignoreMissingValueFiles: true}) - assert.True(t, src.Helm.IgnoreMissingValueFiles) + assert.Equal(t, true, src.Helm.IgnoreMissingValueFiles) }) t.Run("ReleaseName", func(t *testing.T) { src := v1alpha1.ApplicationSource{} @@ -58,12 +57,12 @@ func Test_setHelmOpt(t *testing.T) { t.Run("HelmPassCredentials", func(t *testing.T) { src := v1alpha1.ApplicationSource{} setHelmOpt(&src, helmOpts{passCredentials: true}) - assert.True(t, src.Helm.PassCredentials) + assert.Equal(t, true, src.Helm.PassCredentials) }) t.Run("HelmSkipCrds", func(t *testing.T) { src := v1alpha1.ApplicationSource{} setHelmOpt(&src, helmOpts{skipCrds: true}) - assert.True(t, src.Helm.SkipCrds) + assert.Equal(t, true, src.Helm.SkipCrds) }) } @@ -199,39 +198,39 @@ func newAppOptionsFixture() *appOptionsFixture { func Test_setAppSpecOptions(t *testing.T) { f := newAppOptionsFixture() t.Run("SyncPolicy", func(t *testing.T) { - require.NoError(t, f.SetFlag("sync-policy", "automated")) + assert.NoError(t, f.SetFlag("sync-policy", "automated")) assert.NotNil(t, f.spec.SyncPolicy.Automated) f.spec.SyncPolicy = nil - require.NoError(t, f.SetFlag("sync-policy", "automatic")) + assert.NoError(t, f.SetFlag("sync-policy", "automatic")) assert.NotNil(t, f.spec.SyncPolicy.Automated) f.spec.SyncPolicy = nil - require.NoError(t, f.SetFlag("sync-policy", "auto")) + assert.NoError(t, f.SetFlag("sync-policy", "auto")) assert.NotNil(t, f.spec.SyncPolicy.Automated) - require.NoError(t, f.SetFlag("sync-policy", "none")) + assert.NoError(t, f.SetFlag("sync-policy", "none")) assert.Nil(t, f.spec.SyncPolicy) }) t.Run("SyncOptions", func(t *testing.T) { - require.NoError(t, f.SetFlag("sync-option", "a=1")) + assert.NoError(t, f.SetFlag("sync-option", "a=1")) assert.True(t, f.spec.SyncPolicy.SyncOptions.HasOption("a=1")) // remove the options using ! - require.NoError(t, f.SetFlag("sync-option", "!a=1")) + assert.NoError(t, f.SetFlag("sync-option", "!a=1")) assert.Nil(t, f.spec.SyncPolicy) }) t.Run("RetryLimit", func(t *testing.T) { - require.NoError(t, f.SetFlag("sync-retry-limit", "5")) - assert.Equal(t, int64(5), f.spec.SyncPolicy.Retry.Limit) + assert.NoError(t, f.SetFlag("sync-retry-limit", "5")) + assert.True(t, f.spec.SyncPolicy.Retry.Limit == 5) - require.NoError(t, f.SetFlag("sync-retry-limit", "0")) + assert.NoError(t, f.SetFlag("sync-retry-limit", "0")) assert.Nil(t, f.spec.SyncPolicy.Retry) }) t.Run("Kustomize", func(t *testing.T) { - require.NoError(t, f.SetFlag("kustomize-replica", "my-deployment=2")) - require.NoError(t, f.SetFlag("kustomize-replica", "my-statefulset=4")) - assert.Equal(t, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}, {Name: "my-statefulset", Count: intstr.FromInt(4)}}, f.spec.Source.Kustomize.Replicas) + assert.NoError(t, f.SetFlag("kustomize-replica", "my-deployment=2")) + assert.NoError(t, f.SetFlag("kustomize-replica", "my-statefulset=4")) + assert.Equal(t, f.spec.Source.Kustomize.Replicas, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}, {Name: "my-statefulset", Count: intstr.FromInt(4)}}) }) } @@ -256,30 +255,30 @@ func Test_setAppSpecOptionsMultiSourceApp(t *testing.T) { sourcePosition1 := 1 sourcePosition2 := 2 t.Run("SyncPolicy", func(t *testing.T) { - require.NoError(t, f.SetFlagWithSourcePosition("sync-policy", "automated", sourcePosition1)) + assert.NoError(t, f.SetFlagWithSourcePosition("sync-policy", "automated", sourcePosition1)) assert.NotNil(t, f.spec.SyncPolicy.Automated) f.spec.SyncPolicy = nil - require.NoError(t, f.SetFlagWithSourcePosition("sync-policy", "automatic", sourcePosition1)) + assert.NoError(t, f.SetFlagWithSourcePosition("sync-policy", "automatic", sourcePosition1)) assert.NotNil(t, f.spec.SyncPolicy.Automated) }) t.Run("Helm - SourcePosition 0", func(t *testing.T) { - require.NoError(t, f.SetFlagWithSourcePosition("helm-version", "v2", sourcePosition)) - assert.Len(t, f.spec.GetSources(), 2) - assert.Equal(t, "v2", f.spec.GetSources()[sourcePosition].Helm.Version) + assert.NoError(t, f.SetFlagWithSourcePosition("helm-version", "v2", sourcePosition)) + assert.Equal(t, len(f.spec.GetSources()), 2) + assert.Equal(t, f.spec.GetSources()[sourcePosition].Helm.Version, "v2") }) t.Run("Kustomize", func(t *testing.T) { - require.NoError(t, f.SetFlagWithSourcePosition("kustomize-replica", "my-deployment=2", sourcePosition1)) - assert.Equal(t, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}}, f.spec.Sources[sourcePosition1-1].Kustomize.Replicas) - require.NoError(t, f.SetFlagWithSourcePosition("kustomize-replica", "my-deployment=4", sourcePosition2)) - assert.Equal(t, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(4)}}, f.spec.Sources[sourcePosition2-1].Kustomize.Replicas) + assert.NoError(t, f.SetFlagWithSourcePosition("kustomize-replica", "my-deployment=2", sourcePosition1)) + assert.Equal(t, f.spec.Sources[sourcePosition1-1].Kustomize.Replicas, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(2)}}) + assert.NoError(t, f.SetFlagWithSourcePosition("kustomize-replica", "my-deployment=4", sourcePosition2)) + assert.Equal(t, f.spec.Sources[sourcePosition2-1].Kustomize.Replicas, v1alpha1.KustomizeReplicas{{Name: "my-deployment", Count: intstr.FromInt(4)}}) }) t.Run("Helm", func(t *testing.T) { - require.NoError(t, f.SetFlagWithSourcePosition("helm-version", "v2", sourcePosition1)) - require.NoError(t, f.SetFlagWithSourcePosition("helm-version", "v3", sourcePosition2)) - assert.Len(t, f.spec.GetSources(), 2) - assert.Equal(t, "v2", f.spec.GetSources()[sourcePosition1-1].Helm.Version) - assert.Equal(t, "v3", f.spec.GetSources()[sourcePosition2-1].Helm.Version) + assert.NoError(t, f.SetFlagWithSourcePosition("helm-version", "v2", sourcePosition1)) + assert.NoError(t, f.SetFlagWithSourcePosition("helm-version", "v3", sourcePosition2)) + assert.Equal(t, len(f.spec.GetSources()), 2) + assert.Equal(t, f.spec.GetSources()[sourcePosition1-1].Helm.Version, "v2") + assert.Equal(t, f.spec.GetSources()[sourcePosition2-1].Helm.Version, "v3") }) } @@ -358,11 +357,12 @@ func TestReadAppsFromURI(t *testing.T) { apps := make([]*v1alpha1.Application, 0) err = readAppsFromURI(file.Name(), &apps) - require.NoError(t, err) - assert.Len(t, apps, 2) + assert.NoError(t, err) + assert.Equal(t, 2, len(apps)) assert.Equal(t, "sth1", apps[0].Name) assert.Equal(t, "sth2", apps[1].Name) + } func TestConstructAppFromStdin(t *testing.T) { @@ -388,22 +388,25 @@ func TestConstructAppFromStdin(t *testing.T) { if err := file.Close(); err != nil { log.Fatal(err) } - require.NoError(t, err) - assert.Len(t, apps, 2) + assert.NoError(t, err) + assert.Equal(t, 2, len(apps)) assert.Equal(t, "sth1", apps[0].Name) assert.Equal(t, "sth2", apps[1].Name) + } func TestConstructBasedOnName(t *testing.T) { apps, err := ConstructApps("", "test", []string{}, []string{}, []string{}, AppOptions{}, nil) - require.NoError(t, err) - assert.Len(t, apps, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(apps)) assert.Equal(t, "test", apps[0].Name) } func TestFilterResources(t *testing.T) { + t.Run("Filter by ns", func(t *testing.T) { + resources := []*v1alpha1.ResourceDiff{ { LiveState: "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"name\":\"test-helm-guestbook\",\"namespace\":\"argocd\"},\"spec\":{\"selector\":{\"app\":\"helm-guestbook\",\"release\":\"test\"},\"sessionAffinity\":\"None\",\"type\":\"ClusterIP\"},\"status\":{\"loadBalancer\":{}}}", @@ -414,11 +417,12 @@ func TestFilterResources(t *testing.T) { } filteredResources, err := FilterResources(false, resources, "g", "Service", "ns", "test-helm-guestbook", true) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, filteredResources, 1) }) t.Run("Filter by kind", func(t *testing.T) { + resources := []*v1alpha1.ResourceDiff{ { LiveState: "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"name\":\"test-helm-guestbook\",\"namespace\":\"argocd\"},\"spec\":{\"selector\":{\"app\":\"helm-guestbook\",\"release\":\"test\"},\"sessionAffinity\":\"None\",\"type\":\"ClusterIP\"},\"status\":{\"loadBalancer\":{}}}", @@ -429,11 +433,12 @@ func TestFilterResources(t *testing.T) { } filteredResources, err := FilterResources(false, resources, "g", "Deployment", "argocd", "test-helm-guestbook", true) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, filteredResources, 1) }) t.Run("Filter by name", func(t *testing.T) { + resources := []*v1alpha1.ResourceDiff{ { LiveState: "{\"apiVersion\":\"v1\",\"kind\":\"Service\",\"metadata\":{\"name\":\"test-helm-guestbook\",\"namespace\":\"argocd\"},\"spec\":{\"selector\":{\"app\":\"helm-guestbook\",\"release\":\"test\"},\"sessionAffinity\":\"None\",\"type\":\"ClusterIP\"},\"status\":{\"loadBalancer\":{}}}", @@ -444,7 +449,7 @@ func TestFilterResources(t *testing.T) { } filteredResources, err := FilterResources(false, resources, "g", "Service", "argocd", "test-helm", true) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, filteredResources, 1) }) @@ -459,7 +464,7 @@ func TestFilterResources(t *testing.T) { } filteredResources, err := FilterResources(false, resources, "g", "Service", "argocd-unknown", "test-helm", true) - require.ErrorContains(t, err, "No matching resource found") + assert.ErrorContains(t, err, "No matching resource found") assert.Nil(t, filteredResources) }) @@ -474,7 +479,7 @@ func TestFilterResources(t *testing.T) { } filteredResources, err := FilterResources(false, resources, "g", "Service", "argocd", "test-helm", false) - require.ErrorContains(t, err, "Use the --all flag") + assert.ErrorContains(t, err, "Use the --all flag") assert.Nil(t, filteredResources) }) } diff --git a/cmd/util/applicationset.go b/cmd/util/applicationset.go index 6f6fd1e3de4ed..2b096aa6aa036 100644 --- a/cmd/util/applicationset.go +++ b/cmd/util/applicationset.go @@ -5,10 +5,9 @@ import ( "net/url" "os" - "github.com/argoproj/gitops-engine/pkg/utils/kube" - argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/config" + "github.com/argoproj/gitops-engine/pkg/utils/kube" ) func ConstructApplicationSet(fileURL string) ([]*argoprojiov1alpha1.ApplicationSet, error) { @@ -23,13 +22,14 @@ func constructAppsetFromFileUrl(fileURL string) ([]*argoprojiov1alpha1.Applicati // read uri err := readAppsetFromURI(fileURL, &appset) if err != nil { - return nil, fmt.Errorf("error reading applicationset from file %s: %w", fileURL, err) + return nil, fmt.Errorf("error reading applicationset from file %s: %s", fileURL, err) } return appset, nil } func readAppsetFromURI(fileURL string, appset *[]*argoprojiov1alpha1.ApplicationSet) error { + readFilePayload := func() ([]byte, error) { parsedURL, err := url.ParseRequestURI(fileURL) if err != nil || !(parsedURL.Scheme == "http" || parsedURL.Scheme == "https") { @@ -59,6 +59,7 @@ func readAppset(yml []byte, appsets *[]*argoprojiov1alpha1.ApplicationSet) error return fmt.Errorf("error unmarshalling appset: %w", err) } *appsets = append(*appsets, &appset) + } // we reach here if there is no error found while reading the Application Set return nil diff --git a/cmd/util/applicationset_test.go b/cmd/util/applicationset_test.go index 0fdc0a9f899a1..c15e58a61af14 100644 --- a/cmd/util/applicationset_test.go +++ b/cmd/util/applicationset_test.go @@ -3,9 +3,8 @@ package util import ( "testing" - "github.com/stretchr/testify/assert" - argoprojiov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "github.com/stretchr/testify/assert" ) var appSet = `apiVersion: argoproj.io/v1alpha1 @@ -37,5 +36,5 @@ func TestReadAppSet(t *testing.T) { if err != nil { t.Logf("Failed reading appset file") } - assert.Len(t, appSets, 1) + assert.Equal(t, len(appSets), 1) } diff --git a/cmd/util/cluster.go b/cmd/util/cluster.go index e56048660d83f..dffb52e775a97 100644 --- a/cmd/util/cluster.go +++ b/cmd/util/cluster.go @@ -130,7 +130,7 @@ func GetKubePublicEndpoint(client kubernetes.Interface) (string, error) { config := &clientcmdapiv1.Config{} err = yaml.Unmarshal([]byte(kubeconfig), config) if err != nil { - return "", fmt.Errorf("failed to parse cluster-info kubeconfig: %w", err) + return "", fmt.Errorf("failed to parse cluster-info kubeconfig: %v", err) } if len(config.Clusters) == 0 { return "", fmt.Errorf("cluster-info kubeconfig does not have any clusters") diff --git a/cmd/util/cluster_test.go b/cmd/util/cluster_test.go index f30a4aed51abd..37e05bf6e58cb 100644 --- a/cmd/util/cluster_test.go +++ b/cmd/util/cluster_test.go @@ -160,6 +160,7 @@ func TestGetKubePublicEndpoint(t *testing.T) { } }) } + } func kubeconfigFixture(endpoint string) string { diff --git a/cmd/util/project.go b/cmd/util/project.go index f4bbae0977430..fa446ceb3b41c 100644 --- a/cmd/util/project.go +++ b/cmd/util/project.go @@ -11,7 +11,7 @@ import ( "github.com/spf13/cobra" "github.com/spf13/pflag" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/pkg/apis/application" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -47,6 +47,7 @@ func AddProjFlags(command *cobra.Command, opts *ProjectOpts) { command.Flags().StringArrayVar(&opts.allowedNamespacedResources, "allow-namespaced-resource", []string{}, "List of allowed namespaced resources") command.Flags().StringArrayVar(&opts.deniedNamespacedResources, "deny-namespaced-resource", []string{}, "List of denied namespaced resources") command.Flags().StringSliceVar(&opts.SourceNamespaces, "source-namespaces", []string{}, "List of source namespaces for applications") + } func getGroupKindList(values []string) []v1.GroupKind { @@ -114,7 +115,7 @@ func GetOrphanedResourcesSettings(flagSet *pflag.FlagSet, opts ProjectOpts) *v1a if opts.orphanedResourcesEnabled || warnChanged { settings := v1alpha1.OrphanedResourcesMonitorSettings{} if warnChanged { - settings.Warn = ptr.To(opts.orphanedResourcesWarn) + settings.Warn = pointer.Bool(opts.orphanedResourcesWarn) } return &settings } @@ -125,7 +126,7 @@ func readProjFromStdin(proj *v1alpha1.AppProject) error { reader := bufio.NewReader(os.Stdin) err := config.UnmarshalReader(reader, &proj) if err != nil { - return fmt.Errorf("unable to read manifest from stdin: %w", err) + return fmt.Errorf("unable to read manifest from stdin: %v", err) } return nil } @@ -176,7 +177,7 @@ func SetProjSpecOptions(flags *pflag.FlagSet, spec *v1alpha1.AppProjectSpec, pro } func ConstructAppProj(fileURL string, args []string, opts ProjectOpts, c *cobra.Command) (*v1alpha1.AppProject, error) { - proj := v1alpha1.AppProject{ + var proj = v1alpha1.AppProject{ TypeMeta: v1.TypeMeta{ Kind: application.AppProjectKind, APIVersion: application.Group + "/v1alpha1", diff --git a/cmpserver/apiclient/clientset.go b/cmpserver/apiclient/clientset.go index 8e3ff9b8565e3..025625ff8092e 100644 --- a/cmpserver/apiclient/clientset.go +++ b/cmpserver/apiclient/clientset.go @@ -2,12 +2,8 @@ package apiclient import ( "context" - "math" "time" - "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/util/env" - grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" log "github.com/sirupsen/logrus" @@ -18,8 +14,10 @@ import ( "github.com/argoproj/argo-cd/v2/util/io" ) -// MaxGRPCMessageSize contains max grpc message size -var MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 100, 0, math.MaxInt32) * 1024 * 1024 +const ( + // MaxGRPCMessageSize contains max grpc message size + MaxGRPCMessageSize = 100 * 1024 * 1024 +) // Clientset represents config management plugin server api clients type Clientset interface { diff --git a/cmpserver/plugin/config_test.go b/cmpserver/plugin/config_test.go index db08e92a2f563..9e22dab1d3741 100644 --- a/cmpserver/plugin/config_test.go +++ b/cmpserver/plugin/config_test.go @@ -155,13 +155,13 @@ spec: require.NoError(t, err) err = tempFile.Close() require.NoError(t, err) - err = os.WriteFile(tempFile.Name(), []byte(tcc.fileContents), 0o644) + err = os.WriteFile(tempFile.Name(), []byte(tcc.fileContents), 0644) require.NoError(t, err) config, err := ReadPluginConfig(tempDir) if tcc.expectedErr != "" { - require.EqualError(t, err, tcc.expectedErr) + assert.EqualError(t, err, tcc.expectedErr) } else { - require.NoError(t, err) + assert.NoError(t, err) } assert.Equal(t, tcc.expected, config) }) diff --git a/cmpserver/plugin/plugin.go b/cmpserver/plugin/plugin.go index bc710b779b6d5..ca1e7592218ea 100644 --- a/cmpserver/plugin/plugin.go +++ b/cmpserver/plugin/plugin.go @@ -24,7 +24,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/io/files" "github.com/argoproj/gitops-engine/pkg/utils/kube" - securejoin "github.com/cyphar/filepath-securejoin" + "github.com/cyphar/filepath-securejoin" "github.com/mattn/go-zglob" log "github.com/sirupsen/logrus" ) @@ -54,7 +54,7 @@ func (s *Service) Init(workDir string) error { if err != nil { return fmt.Errorf("error removing workdir %q: %w", workDir, err) } - err = os.MkdirAll(workDir, 0o700) + err = os.MkdirAll(workDir, 0700) if err != nil { return fmt.Errorf("error creating workdir %q: %w", workDir, err) } @@ -128,8 +128,8 @@ func runCommand(ctx context.Context, command Command, path string, env []string) if len(output) == 0 { logCtx.Warn("Plugin command returned zero output") } else { - // Log stderr even on successful commands to help develop plugins - logCtx.Info("Plugin command successful") + // Log stderr even on successfull commands to help develop plugins + logCtx.Info("Plugin command successfull") } return strings.TrimSuffix(output, "\n"), nil @@ -240,9 +240,6 @@ func (s *Service) generateManifestGeneric(stream GenerateManifestStream) error { if err != nil { return fmt.Errorf("error generating manifests: %w", err) } - - log.Tracef("Generated manifests result: %s", response.Manifests) - err = stream.SendAndClose(response) if err != nil { return fmt.Errorf("error sending manifest response: %w", err) diff --git a/cmpserver/plugin/plugin_test.go b/cmpserver/plugin/plugin_test.go index c5f431a8fad42..b253dc414cbdc 100644 --- a/cmpserver/plugin/plugin_test.go +++ b/cmpserver/plugin/plugin_test.go @@ -103,7 +103,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, match) assert.True(t, discovery) }) @@ -118,7 +118,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, match) assert.True(t, discovery) }) @@ -133,7 +133,7 @@ func TestMatchRepository(t *testing.T) { _, _, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.ErrorContains(t, err, "syntax error") + assert.ErrorContains(t, err, "syntax error") }) t.Run("will match plugin by glob", func(t *testing.T) { // given @@ -148,7 +148,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, match) assert.True(t, discovery) }) @@ -165,7 +165,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, match) assert.True(t, discovery) }) @@ -182,7 +182,7 @@ func TestMatchRepository(t *testing.T) { _, _, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.ErrorContains(t, err, "error finding glob match for pattern") + assert.ErrorContains(t, err, "error finding glob match for pattern") }) t.Run("will match plugin by command when returns any output", func(t *testing.T) { // given @@ -199,7 +199,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, match) assert.True(t, discovery) }) @@ -217,7 +217,7 @@ func TestMatchRepository(t *testing.T) { // when match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, match) assert.True(t, discovery) }) @@ -236,7 +236,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, match) assert.True(t, discovery) }) @@ -256,7 +256,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, match) assert.True(t, discovery) }) @@ -275,7 +275,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.Error(t, err) + assert.Error(t, err) assert.False(t, match) assert.True(t, discovery) }) @@ -288,7 +288,7 @@ func TestMatchRepository(t *testing.T) { match, discovery, err := f.service.matchRepository(context.Background(), f.path, f.env, ".") // then - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, match) assert.False(t, discovery) }) @@ -323,7 +323,7 @@ func TestGenerateManifest(t *testing.T) { service.WithGenerateCommand(Command{Command: []string{"bad-command"}}) res, err := service.generateManifest(context.Background(), "testdata/kustomize", nil) - require.ErrorContains(t, err, "executable file not found") + assert.ErrorContains(t, err, "executable file not found") assert.Nil(t, res.Manifests) }) t.Run("bad yaml output", func(t *testing.T) { @@ -332,7 +332,7 @@ func TestGenerateManifest(t *testing.T) { service.WithGenerateCommand(Command{Command: []string{"echo", "invalid yaml: }"}}) res, err := service.generateManifest(context.Background(), "testdata/kustomize", nil) - require.ErrorContains(t, err, "failed to unmarshal manifest") + assert.ErrorContains(t, err, "failed to unmarshal manifest") assert.Nil(t, res.Manifests) }) } @@ -345,7 +345,7 @@ func TestGenerateManifest_deadline_exceeded(t *testing.T) { expiredCtx, cancel := context.WithTimeout(context.Background(), time.Second*0) defer cancel() _, err = service.generateManifest(expiredCtx, "", nil) - require.ErrorContains(t, err, "context deadline exceeded") + assert.ErrorContains(t, err, "context deadline exceeded") } // TestRunCommandContextTimeout makes sure the command dies at timeout rather than sleeping past the timeout. @@ -360,16 +360,16 @@ func TestRunCommandContextTimeout(t *testing.T) { before := time.Now() _, err := runCommand(ctx, command, "", []string{}) after := time.Now() - require.Error(t, err) // The command should time out, causing an error. + assert.Error(t, err) // The command should time out, causing an error. assert.Less(t, after.Sub(before), 1*time.Second) } func TestRunCommandEmptyCommand(t *testing.T) { _, err := runCommand(context.Background(), Command{}, "", nil) - require.ErrorContains(t, err, "Command is empty") + assert.ErrorContains(t, err, "Command is empty") } -// TestRunCommandContextTimeoutWithCleanup makes sure that the process is given enough time to cleanup before sending SIGKILL. +// TestRunCommandContextTimeoutWithGracefulTermination makes sure that the process is given enough time to cleanup before sending SIGKILL. func TestRunCommandContextTimeoutWithCleanup(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 900*time.Millisecond) defer cancel() @@ -385,7 +385,7 @@ func TestRunCommandContextTimeoutWithCleanup(t *testing.T) { output, err := runCommand(ctx, command, "", []string{}) after := time.Now() - require.Error(t, err) // The command should time out, causing an error. + assert.Error(t, err) // The command should time out, causing an error. assert.Less(t, after.Sub(before), 1*time.Second) // The command should still have completed the cleanup after termination. assert.Contains(t, output, "cleanup completed") @@ -451,7 +451,7 @@ func Test_getParametersAnnouncement_invalid_json(t *testing.T) { Args: []string{`[`}, } _, err := getParametersAnnouncement(context.Background(), "", []*repoclient.ParameterAnnouncement{}, command, []*apiclient.EnvEntry{}) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "unexpected end of JSON input") } @@ -461,7 +461,7 @@ func Test_getParametersAnnouncement_bad_command(t *testing.T) { Args: []string{"1"}, } _, err := getParametersAnnouncement(context.Background(), "", []*repoclient.ParameterAnnouncement{}, command, []*apiclient.EnvEntry{}) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "error executing dynamic parameter output command") } @@ -469,12 +469,12 @@ func Test_getTempDirMustCleanup(t *testing.T) { tempDir := t.TempDir() // Induce a directory create error to verify error handling. - err := os.Chmod(tempDir, 0o000) + err := os.Chmod(tempDir, 0000) require.NoError(t, err) _, _, err = getTempDirMustCleanup(path.Join(tempDir, "test")) - require.ErrorContains(t, err, "error creating temp dir") + assert.ErrorContains(t, err, "error creating temp dir") - err = os.Chmod(tempDir, 0o700) + err = os.Chmod(tempDir, 0700) require.NoError(t, err) workDir, cleanup, err := getTempDirMustCleanup(tempDir) require.NoError(t, err) @@ -487,7 +487,7 @@ func TestService_Init(t *testing.T) { // Set up a base directory containing a test directory and a test file. tempDir := t.TempDir() workDir := path.Join(tempDir, "workDir") - err := os.MkdirAll(workDir, 0o700) + err := os.MkdirAll(workDir, 0700) require.NoError(t, err) testfile := path.Join(workDir, "testfile") file, err := os.Create(testfile) @@ -496,17 +496,17 @@ func TestService_Init(t *testing.T) { require.NoError(t, err) // Make the base directory read-only so Init's cleanup fails. - err = os.Chmod(tempDir, 0o000) + err = os.Chmod(tempDir, 0000) require.NoError(t, err) s := NewService(CMPServerInitConstants{PluginConfig: PluginConfig{}}) err = s.Init(workDir) - require.ErrorContains(t, err, "error removing workdir", "Init must throw an error if it can't remove the work directory") + assert.ErrorContains(t, err, "error removing workdir", "Init must throw an error if it can't remove the work directory") // Make the base directory writable so Init's cleanup succeeds. - err = os.Chmod(tempDir, 0o700) + err = os.Chmod(tempDir, 0700) require.NoError(t, err) err = s.Init(workDir) - require.NoError(t, err) + assert.NoError(t, err) assert.DirExists(t, workDir) assert.NoFileExists(t, testfile) } diff --git a/cmpserver/server.go b/cmpserver/server.go index 5d7eacd2fd35f..13abb1c02aed0 100644 --- a/cmpserver/server.go +++ b/cmpserver/server.go @@ -18,8 +18,6 @@ import ( "google.golang.org/grpc/health/grpc_health_v1" "google.golang.org/grpc/reflection" - "google.golang.org/grpc/keepalive" - "github.com/argoproj/argo-cd/v2/cmpserver/apiclient" "github.com/argoproj/argo-cd/v2/cmpserver/plugin" "github.com/argoproj/argo-cd/v2/common" @@ -27,6 +25,7 @@ import ( "github.com/argoproj/argo-cd/v2/server/version" "github.com/argoproj/argo-cd/v2/util/errors" grpc_util "github.com/argoproj/argo-cd/v2/util/grpc" + "google.golang.org/grpc/keepalive" ) // ArgoCDCMPServer is the config management plugin server implementation @@ -111,7 +110,7 @@ func (a *ArgoCDCMPServer) CreateGRPC() (*grpc.Server, error) { pluginService := plugin.NewService(a.initConstants) err := pluginService.Init(common.GetCMPWorkDir()) if err != nil { - return nil, fmt.Errorf("error initializing plugin service: %w", err) + return nil, fmt.Errorf("error initializing plugin service: %s", err) } apiclient.RegisterConfigManagementPluginServiceServer(server, pluginService) diff --git a/common/common.go b/common/common.go index d984f0caedbb8..f4b176946bcbd 100644 --- a/common/common.go +++ b/common/common.go @@ -113,17 +113,11 @@ const ( // LegacyShardingAlgorithm is the default value for Sharding Algorithm it uses an `uid` based distribution (non-uniform) LegacyShardingAlgorithm = "legacy" - // RoundRobinShardingAlgorithm is a flag value that can be opted for Sharding Algorithm it uses an equal distribution across all shards + // RoundRobinShardingAlgorithm is a flag value that can be opted for Sharding Algorithm it uses an equal distribution accross all shards RoundRobinShardingAlgorithm = "round-robin" // AppControllerHeartbeatUpdateRetryCount is the retry count for updating the Shard Mapping to the Shard Mapping ConfigMap used by Application Controller AppControllerHeartbeatUpdateRetryCount = 3 - - // ConsistentHashingWithBoundedLoadsAlgorithm uses an algorithm that tries to use an equal distribution across - // all shards but is optimised to handle sharding and/or cluster addition or removal. In case of sharding or - // cluster changes, this algorithm minimises the changes between shard and clusters assignments. - ConsistentHashingWithBoundedLoadsAlgorithm = "consistent-hashing" - - DefaultShardingAlgorithm = LegacyShardingAlgorithm + DefaultShardingAlgorithm = LegacyShardingAlgorithm ) // Dex related constants @@ -212,7 +206,7 @@ const ( EnvVarTLSDataPath = "ARGOCD_TLS_DATA_PATH" // EnvGitAttemptsCount specifies number of git remote operations attempts count EnvGitAttemptsCount = "ARGOCD_GIT_ATTEMPTS_COUNT" - // EnvGitRetryMaxDuration specifies max duration of git remote operation retry + // EnvGitRetryMaxDuration specifices max duration of git remote operation retry EnvGitRetryMaxDuration = "ARGOCD_GIT_RETRY_MAX_DURATION" // EnvGitRetryDuration specifies duration of git remote operation retry EnvGitRetryDuration = "ARGOCD_GIT_RETRY_DURATION" @@ -238,7 +232,7 @@ const ( EnvControllerShard = "ARGOCD_CONTROLLER_SHARD" // EnvControllerShardingAlgorithm is the distribution sharding algorithm to be used: legacy or round-robin EnvControllerShardingAlgorithm = "ARGOCD_CONTROLLER_SHARDING_ALGORITHM" - // EnvEnableDynamicClusterDistribution enables dynamic sharding (ALPHA) + //EnvEnableDynamicClusterDistribution enables dynamic sharding (ALPHA) EnvEnableDynamicClusterDistribution = "ARGOCD_ENABLE_DYNAMIC_CLUSTER_DISTRIBUTION" // EnvEnableGRPCTimeHistogramEnv enables gRPC metrics collection EnvEnableGRPCTimeHistogramEnv = "ARGOCD_ENABLE_GRPC_TIME_HISTOGRAM" @@ -279,8 +273,6 @@ const ( // EnvServerSideDiff defines the env var used to enable ServerSide Diff feature. // If defined, value must be "true" or "false". EnvServerSideDiff = "ARGOCD_APPLICATION_CONTROLLER_SERVER_SIDE_DIFF" - // EnvGRPCMaxSizeMB is the environment variable to look for a max GRPC message size - EnvGRPCMaxSizeMB = "ARGOCD_GRPC_MAX_SIZE_MB" ) // Config Management Plugin related constants @@ -359,7 +351,7 @@ func GetCMPChunkSize() int { } // GetCMPWorkDir will return the full path of the work directory used by the CMP server. -// This directory and all it's contents will be deleted during CMP bootstrap. +// This directory and all it's contents will be deleted durring CMP bootstrap. func GetCMPWorkDir() string { if workDir := os.Getenv(EnvCMPWorkDir); workDir != "" { return filepath.Join(workDir, DefaultCMPWorkDirName) diff --git a/controller/appcontroller.go b/controller/appcontroller.go index 2d8eebd810751..b2c884f8be614 100644 --- a/controller/appcontroller.go +++ b/controller/appcontroller.go @@ -56,7 +56,6 @@ import ( argodiff "github.com/argoproj/argo-cd/v2/util/argo/diff" "github.com/argoproj/argo-cd/v2/util/argo/normalizers" "github.com/argoproj/argo-cd/v2/util/env" - "github.com/argoproj/argo-cd/v2/util/stats" kubeerrors "k8s.io/apimachinery/pkg/api/errors" @@ -98,15 +97,6 @@ func (a CompareWith) Pointer() *CompareWith { return &a } -func getAppLog(app *appv1.Application) *log.Entry { - return log.WithFields(log.Fields{ - "application": app.Name, - "app-namespace": app.Namespace, - "app-qualified-name": app.QualifiedName(), - "project": app.Spec.Project, - }) -} - // ApplicationController is the controller for application resources. type ApplicationController struct { cache *appstatecache.Cache @@ -220,6 +210,7 @@ func NewApplicationController( if projMeta, ok := obj.(metav1.Object); ok { ctrl.InvalidateProjectsCache(projMeta.GetName()) } + } }, UpdateFunc: func(old, new interface{}) { @@ -261,7 +252,7 @@ func NewApplicationController( if kubeerrors.IsNotFound(err) { appControllerDeployment = nil } else { - return fmt.Errorf("error retrieving Application Controller Deployment: %w", err) + return fmt.Errorf("error retrieving Application Controller Deployment: %s", err) } } if appControllerDeployment != nil { @@ -270,7 +261,7 @@ func NewApplicationController( } shard := env.ParseNumFromEnv(common.EnvControllerShard, -1, -math.MaxInt32, math.MaxInt32) if _, err := sharding.GetOrUpdateShardFromConfigMap(kubeClientset.(*kubernetes.Clientset), settingsMgr, int(*appControllerDeployment.Spec.Replicas), shard); err != nil { - return fmt.Errorf("error while updating the heartbeat for to the Shard Mapping ConfigMap: %w", err) + return fmt.Errorf("error while updating the heartbeat for to the Shard Mapping ConfigMap: %s", err) } } } @@ -306,11 +297,13 @@ func (ctrl *ApplicationController) InvalidateProjectsCache(names ...string) { for _, name := range names { ctrl.projByNameCache.Delete(name) } - } else if ctrl != nil { - ctrl.projByNameCache.Range(func(key, _ interface{}) bool { - ctrl.projByNameCache.Delete(key) - return true - }) + } else { + if ctrl != nil { + ctrl.projByNameCache.Range(func(key, _ interface{}) bool { + ctrl.projByNameCache.Delete(key) + return true + }) + } } } @@ -380,7 +373,7 @@ func (ctrl *ApplicationController) getAppProj(app *appv1.Application) (*appv1.Ap if apierr.IsNotFound(err) { return nil, err } else { - return nil, fmt.Errorf("could not retrieve AppProject '%s' from cache: %w", app.Spec.Project, err) + return nil, fmt.Errorf("could not retrieve AppProject '%s' from cache: %v", app.Spec.Project, err) } } if !proj.IsAppNamespacePermitted(app, ctrl.namespace) { @@ -420,11 +413,10 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b continue } - logCtx := getAppLog(app) // Enforce application's permission for the source namespace _, err = ctrl.getAppProj(app) if err != nil { - logCtx.Errorf("Unable to determine project for app '%s': %v", app.QualifiedName(), err) + log.Errorf("Unable to determine project for app '%s': %v", app.QualifiedName(), err) continue } @@ -437,14 +429,15 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b if ref.Namespace == "" { namespace = "(cluster-scoped)" } - logCtx.WithFields(log.Fields{ - "comparison-level": level, - "namespace": namespace, - "name": ref.Name, - "api-version": ref.APIVersion, - "kind": ref.Kind, - "server": app.Spec.Destination.Server, - "cluster-name": app.Spec.Destination.Name, + log.WithFields(log.Fields{ + "application": appKey, + "level": level, + "namespace": namespace, + "name": ref.Name, + "api-version": ref.APIVersion, + "kind": ref.Kind, + "server": app.Spec.Destination.Server, + "cluster-name": app.Spec.Destination.Name, }).Debug("Requesting app refresh caused by object update") ctrl.requestAppRefresh(app.QualifiedName(), &level, nil) @@ -454,34 +447,21 @@ func (ctrl *ApplicationController) handleObjectUpdated(managedByApp map[string]b // setAppManagedResources will build a list of ResourceDiff based on the provided comparisonResult // and persist app resources related data in the cache. Will return the persisted ApplicationTree. func (ctrl *ApplicationController) setAppManagedResources(a *appv1.Application, comparisonResult *comparisonResult) (*appv1.ApplicationTree, error) { - ts := stats.NewTimingStats() - defer func() { - logCtx := getAppLog(a) - for k, v := range ts.Timings() { - logCtx = logCtx.WithField(k, v.Milliseconds()) - } - logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) - logCtx.Debug("Finished setting app managed resources") - }() managedResources, err := ctrl.hideSecretData(a, comparisonResult) - ts.AddCheckpoint("hide_secret_data_ms") if err != nil { - return nil, fmt.Errorf("error getting managed resources: %w", err) + return nil, fmt.Errorf("error getting managed resources: %s", err) } tree, err := ctrl.getResourceTree(a, managedResources) - ts.AddCheckpoint("get_resource_tree_ms") if err != nil { - return nil, fmt.Errorf("error getting resource tree: %w", err) + return nil, fmt.Errorf("error getting resource tree: %s", err) } err = ctrl.cache.SetAppResourcesTree(a.InstanceName(ctrl.namespace), tree) - ts.AddCheckpoint("set_app_resources_tree_ms") if err != nil { - return nil, fmt.Errorf("error setting app resource tree: %w", err) + return nil, fmt.Errorf("error setting app resource tree: %s", err) } err = ctrl.cache.SetAppManagedResources(a.InstanceName(ctrl.namespace), managedResources) - ts.AddCheckpoint("set_app_managed_resources_ms") if err != nil { - return nil, fmt.Errorf("error setting app managed resources: %w", err) + return nil, fmt.Errorf("error setting app managed resources: %s", err) } return tree, nil } @@ -511,18 +491,8 @@ func isKnownOrphanedResourceExclusion(key kube.ResourceKey, proj *appv1.AppProje } func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managedResources []*appv1.ResourceDiff) (*appv1.ApplicationTree, error) { - ts := stats.NewTimingStats() - defer func() { - logCtx := getAppLog(a) - for k, v := range ts.Timings() { - logCtx = logCtx.WithField(k, v.Milliseconds()) - } - logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) - logCtx.Debug("Finished getting resource tree") - }() nodes := make([]appv1.ResourceNode, 0) proj, err := ctrl.getAppProj(a) - ts.AddCheckpoint("get_app_proj_ms") if err != nil { return nil, fmt.Errorf("failed to get project: %w", err) } @@ -536,18 +506,17 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed } warnOrphaned = proj.Spec.OrphanedResources.IsWarn() } - ts.AddCheckpoint("get_orphaned_resources_ms") for i := range managedResources { managedResource := managedResources[i] delete(orphanedNodesMap, kube.NewResourceKey(managedResource.Group, managedResource.Kind, managedResource.Namespace, managedResource.Name)) - live := &unstructured.Unstructured{} + var live = &unstructured.Unstructured{} err := json.Unmarshal([]byte(managedResource.LiveState), &live) if err != nil { return nil, fmt.Errorf("failed to unmarshal live state of managed resources: %w", err) } if live == nil { - target := &unstructured.Unstructured{} + var target = &unstructured.Unstructured{} err = json.Unmarshal([]byte(managedResource.TargetState), &target) if err != nil { return nil, fmt.Errorf("failed to unmarshal target state of managed resources: %w", err) @@ -581,7 +550,6 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed } } } - ts.AddCheckpoint("process_managed_resources_ms") orphanedNodes := make([]appv1.ResourceNode, 0) for k := range orphanedNodesMap { if k.Namespace != "" && proj.IsGroupKindPermitted(k.GroupKind(), true) && !isKnownOrphanedResourceExclusion(k, proj) { @@ -624,26 +592,15 @@ func (ctrl *ApplicationController) getResourceTree(a *appv1.Application, managed sort.Slice(orphanedNodes, func(i, j int) bool { return orphanedNodes[i].ResourceRef.String() < orphanedNodes[j].ResourceRef.String() }) - ts.AddCheckpoint("process_orphaned_resources_ms") hosts, err := ctrl.getAppHosts(a, nodes) if err != nil { return nil, fmt.Errorf("failed to get app hosts: %w", err) } - ts.AddCheckpoint("get_app_hosts_ms") return &appv1.ApplicationTree{Nodes: nodes, OrphanedNodes: orphanedNodes, Hosts: hosts}, nil } func (ctrl *ApplicationController) getAppHosts(a *appv1.Application, appNodes []appv1.ResourceNode) ([]appv1.HostInfo, error) { - ts := stats.NewTimingStats() - defer func() { - logCtx := getAppLog(a) - for k, v := range ts.Timings() { - logCtx = logCtx.WithField(k, v.Milliseconds()) - } - logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) - logCtx.Debug("Finished getting app hosts") - }() supportedResourceNames := map[v1.ResourceName]bool{ v1.ResourceCPU: true, v1.ResourceStorage: true, @@ -673,7 +630,6 @@ func (ctrl *ApplicationController) getAppHosts(a *appv1.Application, appNodes [] } } }) - ts.AddCheckpoint("iterate_resources_ms") if err != nil { return nil, err } @@ -729,7 +685,6 @@ func (ctrl *ApplicationController) getAppHosts(a *appv1.Application, appNodes [] }) hosts = append(hosts, appv1.HostInfo{Name: nodeName, SystemInfo: node.SystemInfo, ResourcesInfo: resourcesInfo}) } - ts.AddCheckpoint("process_app_pods_by_node_ms") return hosts, nil } @@ -753,28 +708,28 @@ func (ctrl *ApplicationController) hideSecretData(app *appv1.Application, compar var err error target, live, err = diff.HideSecretData(res.Target, res.Live) if err != nil { - return nil, fmt.Errorf("error hiding secret data: %w", err) + return nil, fmt.Errorf("error hiding secret data: %s", err) } compareOptions, err := ctrl.settingsMgr.GetResourceCompareOptions() if err != nil { - return nil, fmt.Errorf("error getting resource compare options: %w", err) + return nil, fmt.Errorf("error getting resource compare options: %s", err) } resourceOverrides, err := ctrl.settingsMgr.GetResourceOverrides() if err != nil { - return nil, fmt.Errorf("error getting resource overrides: %w", err) + return nil, fmt.Errorf("error getting resource overrides: %s", err) } appLabelKey, err := ctrl.settingsMgr.GetAppInstanceLabelKey() if err != nil { - return nil, fmt.Errorf("error getting app instance label key: %w", err) + return nil, fmt.Errorf("error getting app instance label key: %s", err) } trackingMethod, err := ctrl.settingsMgr.GetTrackingMethod() if err != nil { - return nil, fmt.Errorf("error getting tracking method: %w", err) + return nil, fmt.Errorf("error getting tracking method: %s", err) } clusterCache, err := ctrl.stateCache.GetClusterCache(app.Spec.Destination.Server) if err != nil { - return nil, fmt.Errorf("error getting cluster cache: %w", err) + return nil, fmt.Errorf("error getting cluster cache: %s", err) } diffConfig, err := argodiff.NewDiffConfigBuilder(). WithDiffSettings(app.Spec.IgnoreDifferences, resourceOverrides, compareOptions.IgnoreAggregatedRoles, ctrl.ignoreNormalizerOpts). @@ -784,12 +739,12 @@ func (ctrl *ApplicationController) hideSecretData(app *appv1.Application, compar WithGVKParser(clusterCache.GetGVKParser()). Build() if err != nil { - return nil, fmt.Errorf("appcontroller error building diff config: %w", err) + return nil, fmt.Errorf("appcontroller error building diff config: %s", err) } diffResult, err := argodiff.StateDiff(live, target, diffConfig) if err != nil { - return nil, fmt.Errorf("error applying diff: %w", err) + return nil, fmt.Errorf("error applying diff: %s", err) } resDiff = diffResult } @@ -797,7 +752,7 @@ func (ctrl *ApplicationController) hideSecretData(app *appv1.Application, compar if live != nil { data, err := json.Marshal(live) if err != nil { - return nil, fmt.Errorf("error marshaling live json: %w", err) + return nil, fmt.Errorf("error marshaling live json: %s", err) } item.LiveState = string(data) } else { @@ -807,7 +762,7 @@ func (ctrl *ApplicationController) hideSecretData(app *appv1.Application, compar if target != nil { data, err := json.Marshal(target) if err != nil { - return nil, fmt.Errorf("error marshaling target json: %w", err) + return nil, fmt.Errorf("error marshaling target json: %s", err) } item.TargetState = string(data) } else { @@ -952,15 +907,6 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b return } app := origApp.DeepCopy() - logCtx := getAppLog(app) - ts := stats.NewTimingStats() - defer func() { - for k, v := range ts.Timings() { - logCtx = logCtx.WithField(k, v.Milliseconds()) - } - logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) - logCtx.Debug("Finished processing app operation queue item") - }() if app.Operation != nil { // If we get here, we are about to process an operation, but we cannot rely on informer since it might have stale data. @@ -968,16 +914,14 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b // We cannot rely on informer since applications might be updated by both application controller and api server. freshApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.ObjectMeta.Namespace).Get(context.Background(), app.ObjectMeta.Name, metav1.GetOptions{}) if err != nil { - logCtx.Errorf("Failed to retrieve latest application state: %v", err) + log.Errorf("Failed to retrieve latest application state: %v", err) return } app = freshApp } - ts.AddCheckpoint("get_fresh_app_ms") if app.Operation != nil { ctrl.processRequestedAppOperation(app) - ts.AddCheckpoint("process_requested_app_operation_ms") } else if app.DeletionTimestamp != nil { if err = ctrl.finalizeApplicationDeletion(app, func(project string) ([]*appv1.Cluster, error) { return ctrl.db.GetProjectClusters(context.Background(), project) @@ -987,9 +931,8 @@ func (ctrl *ApplicationController) processAppOperationQueueItem() (processNext b Message: err.Error(), }) message := fmt.Sprintf("Unable to delete application resources: %v", err.Error()) - ctrl.logAppEvent(app, argo.EventInfo{Reason: argo.EventReasonStatusRefreshed, Type: v1.EventTypeWarning}, message, context.TODO()) + ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonStatusRefreshed, Type: v1.EventTypeWarning}, message, "") } - ts.AddCheckpoint("finalize_application_deletion_ms") } return } @@ -1105,6 +1048,7 @@ func (ctrl *ApplicationController) getPermittedAppLiveObjects(app *appv1.Applica // Don't delete live resources which are not permitted in the app project for k, v := range objsMap { permitted, err := proj.IsLiveResourcePermitted(v, app.Spec.Destination.Server, app.Spec.Destination.Name, projectClusters) + if err != nil { return nil, err } @@ -1117,24 +1061,23 @@ func (ctrl *ApplicationController) getPermittedAppLiveObjects(app *appv1.Applica } func (ctrl *ApplicationController) isValidDestination(app *appv1.Application) (bool, *appv1.Cluster) { - logCtx := getAppLog(app) // Validate the cluster using the Application destination's `name` field, if applicable, // and set the Server field, if needed. if err := argo.ValidateDestination(context.Background(), &app.Spec.Destination, ctrl.db); err != nil { - logCtx.Warnf("Unable to validate destination of the Application being deleted: %v", err) + log.Warnf("Unable to validate destination of the Application being deleted: %v", err) return false, nil } cluster, err := ctrl.db.GetCluster(context.Background(), app.Spec.Destination.Server) if err != nil { - logCtx.Warnf("Unable to locate cluster URL for Application being deleted: %v", err) + log.Warnf("Unable to locate cluster URL for Application being deleted: %v", err) return false, nil } return true, cluster } func (ctrl *ApplicationController) finalizeApplicationDeletion(app *appv1.Application, projectClusters func(project string) ([]*appv1.Cluster, error)) error { - logCtx := getAppLog(app) + logCtx := log.WithField("application", app.QualifiedName()) // Get refreshed application info, since informer app copy might be stale app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Get(context.Background(), app.Name, metav1.GetOptions{}) if err != nil { @@ -1282,7 +1225,6 @@ func (ctrl *ApplicationController) updateFinalizers(app *appv1.Application) erro } func (ctrl *ApplicationController) setAppCondition(app *appv1.Application, condition appv1.ApplicationCondition) { - logCtx := getAppLog(app) // do nothing if app already has same condition for _, c := range app.Status.Conditions { if c.Message == condition.Message && c.Type == condition.Type { @@ -1302,12 +1244,12 @@ func (ctrl *ApplicationController) setAppCondition(app *appv1.Application, condi _, err = ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Patch(context.Background(), app.Name, types.MergePatchType, patch, metav1.PatchOptions{}) } if err != nil { - logCtx.Errorf("Unable to set application condition: %v", err) + log.Errorf("Unable to set application condition: %v", err) } } func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Application) { - logCtx := getAppLog(app) + logCtx := log.WithField("application", app.QualifiedName()) var state *appv1.OperationState // Recover from any unexpected panics and automatically set the status to be failed defer func() { @@ -1322,14 +1264,6 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli ctrl.setOperationState(app, state) } }() - ts := stats.NewTimingStats() - defer func() { - for k, v := range ts.Timings() { - logCtx = logCtx.WithField(k, v.Milliseconds()) - } - logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) - logCtx.Debug("Finished processing requested app operation") - }() terminating := false if isOperationInProgress(app) { state = app.Status.OperationState.DeepCopy() @@ -1364,7 +1298,6 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli ctrl.setOperationState(app, state) logCtx.Infof("Initialized new operation: %v", *app.Operation) } - ts.AddCheckpoint("initial_operation_stage_ms") if err := argo.ValidateDestination(context.Background(), &app.Spec.Destination, ctrl.db); err != nil { state.Phase = synccommon.OperationFailed @@ -1372,11 +1305,9 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli } else { ctrl.appStateManager.SyncAppState(app, state) } - ts.AddCheckpoint("validate_and_sync_app_state_ms") // Check whether application is allowed to use project _, err := ctrl.getAppProj(app) - ts.AddCheckpoint("get_app_proj_ms") if err != nil { state.Phase = synccommon.OperationError state.Message = err.Error() @@ -1416,25 +1347,25 @@ func (ctrl *ApplicationController) processRequestedAppOperation(app *appv1.Appli } else if state.RetryCount > 0 { state.Message = fmt.Sprintf("%s (retried %d times).", state.Message, state.RetryCount) } + } ctrl.setOperationState(app, state) - ts.AddCheckpoint("final_set_operation_state") if state.Phase.Completed() && (app.Operation.Sync != nil && !app.Operation.Sync.DryRun) { // if we just completed an operation, force a refresh so that UI will report up-to-date // sync/health information if _, err := cache.MetaNamespaceKeyFunc(app); err == nil { // force app refresh with using CompareWithLatest comparison type and trigger app reconciliation loop - ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatestForceResolve.Pointer(), nil) + ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatest.Pointer(), nil) } else { logCtx.Warnf("Fails to requeue application: %v", err) } } - ts.AddCheckpoint("request_app_refresh_ms") } func (ctrl *ApplicationController) setOperationState(app *appv1.Application, state *appv1.OperationState) { - logCtx := getAppLog(app) + logCtx := log.WithFields(log.Fields{"application": app.Name, "appNamespace": app.Namespace, "project": app.Spec.Project}) + if state.Phase == "" { // expose any bugs where we neglect to set phase panic("no phase was set") @@ -1504,7 +1435,7 @@ func (ctrl *ApplicationController) setOperationState(app *appv1.Application, sta eventInfo.Type = v1.EventTypeWarning messages = append(messages, "failed:", state.Message) } - ctrl.logAppEvent(app, eventInfo, strings.Join(messages, " "), context.TODO()) + ctrl.auditLogger.LogAppEvent(app, eventInfo, strings.Join(messages, " "), "") ctrl.metricsServer.IncSync(app, state) } } @@ -1512,7 +1443,7 @@ func (ctrl *ApplicationController) setOperationState(app *appv1.Application, sta // writeBackToInformer writes a just recently updated App back into the informer cache. // This prevents the situation where the controller operates on a stale app and repeats work func (ctrl *ApplicationController) writeBackToInformer(app *appv1.Application) { - logCtx := getAppLog(app).WithField("informer-writeBack", true) + logCtx := log.WithFields(log.Fields{"application": app.Name, "appNamespace": app.Namespace, "project": app.Spec.Project, "informer-writeBack": true}) err := ctrl.appInformer.GetStore().Update(app) if err != nil { logCtx.Errorf("failed to update informer store: %v", err) @@ -1531,7 +1462,6 @@ func (ctrl *ApplicationController) PatchAppWithWriteBack(ctx context.Context, na } func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext bool) { - ts := stats.NewTimingStats() patchMs := time.Duration(0) // time spent in doing patch/update calls setOpMs := time.Duration(0) // time spent in doing Operation patch calls in autosync appKey, shutdown := ctrl.appRefreshQueue.Get() @@ -1567,20 +1497,18 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo return } app := origApp.DeepCopy() - logCtx := getAppLog(app).WithFields(log.Fields{ - "comparison-level": comparisonLevel, - "dest-server": origApp.Spec.Destination.Server, - "dest-name": origApp.Spec.Destination.Name, - "dest-namespace": origApp.Spec.Destination.Namespace, + logCtx := log.WithFields(log.Fields{ + "application": app.QualifiedName(), + "level": comparisonLevel, + "dest-server": origApp.Spec.Destination.Server, + "dest-name": origApp.Spec.Destination.Name, + "dest-namespace": origApp.Spec.Destination.Namespace, }) startTime := time.Now() defer func() { reconcileDuration := time.Since(startTime) ctrl.metricsServer.IncReconcile(origApp, reconcileDuration) - for k, v := range ts.Timings() { - logCtx = logCtx.WithField(k, v.Milliseconds()) - } logCtx.WithFields(log.Fields{ "time_ms": reconcileDuration.Milliseconds(), "patch_ms": patchMs.Milliseconds(), @@ -1606,22 +1534,19 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo return } } - ts.AddCheckpoint("comparison_with_nothing_ms") project, hasErrors := ctrl.refreshAppConditions(app) - ts.AddCheckpoint("refresh_app_conditions_ms") if hasErrors { app.Status.Sync.Status = appv1.SyncStatusCodeUnknown app.Status.Health.Status = health.HealthStatusUnknown patchMs = ctrl.persistAppStatus(origApp, &app.Status) if err := ctrl.cache.SetAppResourcesTree(app.InstanceName(ctrl.namespace), &appv1.ApplicationTree{}); err != nil { - logCtx.Warnf("failed to set app resource tree: %v", err) + log.Warnf("failed to set app resource tree: %v", err) } if err := ctrl.cache.SetAppManagedResources(app.InstanceName(ctrl.namespace), nil); err != nil { - logCtx.Warnf("failed to set app managed resources tree: %v", err) + log.Warnf("failed to set app managed resources tree: %v", err) } - ts.AddCheckpoint("process_refresh_app_conditions_errors_ms") return } @@ -1660,8 +1585,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo compareResult, err := ctrl.appStateManager.CompareAppState(app, project, revisions, sources, refreshType == appv1.RefreshTypeHard, - comparisonLevel == CompareWithLatestForceResolve, localManifests, hasMultipleSources, false) - ts.AddCheckpoint("compare_app_state_ms") + comparisonLevel == CompareWithLatestForceResolve, localManifests, hasMultipleSources) if goerrors.Is(err, CompareStateRepoError) { logCtx.Warnf("Ignoring temporary failed attempt to compare app state against repo: %v", err) @@ -1673,10 +1597,8 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo } ctrl.normalizeApplication(origApp, app) - ts.AddCheckpoint("normalize_application_ms") tree, err := ctrl.setAppManagedResources(app, compareResult) - ts.AddCheckpoint("set_app_managed_resources_ms") if err != nil { logCtx.Errorf("Failed to cache app resources: %v", err) } else { @@ -1700,7 +1622,6 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo } else { logCtx.Info("Sync prevented by sync window") } - ts.AddCheckpoint("auto_sync_ms") if app.Status.ReconciledAt == nil || comparisonLevel >= CompareWithLatest { app.Status.ReconciledAt = &now @@ -1714,10 +1635,7 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo app.Status.SourceType = compareResult.appSourceType app.Status.SourceTypes = compareResult.appSourceTypes app.Status.ControllerNamespace = ctrl.namespace - ts.AddCheckpoint("app_status_update_ms") patchMs = ctrl.persistAppStatus(origApp, &app.Status) - // This is a partly a duplicate of patch_ms, but more descriptive and allows to have measurement for the next step. - ts.AddCheckpoint("persist_app_status_ms") if (compareResult.hasPostDeleteHooks != app.HasPostDeleteFinalizer() || compareResult.hasPostDeleteHooks != app.HasPostDeleteFinalizer("cleanup")) && app.GetDeletionTimestamp() == nil { if compareResult.hasPostDeleteHooks { @@ -1732,7 +1650,6 @@ func (ctrl *ApplicationController) processAppRefreshQueueItem() (processNext boo logCtx.Errorf("Failed to update finalizers: %v", err) } } - ts.AddCheckpoint("process_finalizers_ms") return } @@ -1752,7 +1669,7 @@ func currentSourceEqualsSyncedSource(app *appv1.Application) bool { // Additionally, it returns whether full refresh was requested or not. // If full refresh is requested then target and live state should be reconciled, else only live state tree should be updated. func (ctrl *ApplicationController) needRefreshAppStatus(app *appv1.Application, statusRefreshTimeout, statusHardRefreshTimeout time.Duration) (bool, appv1.RefreshType, CompareWith) { - logCtx := getAppLog(app) + logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()}) var reason string compareWith := CompareWithLatest refreshType := appv1.RefreshTypeNormal @@ -1829,8 +1746,8 @@ func (ctrl *ApplicationController) refreshAppConditions(app *appv1.Application) // normalizeApplication normalizes an application.spec and additionally persists updates if it changed func (ctrl *ApplicationController) normalizeApplication(orig, app *appv1.Application) { + logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()}) app.Spec = *argo.NormalizeApplicationSpec(&app.Spec) - logCtx := getAppLog(app) patch, modified, err := diff.CreateTwoWayMergePatch(orig, app, appv1.Application{}) @@ -1848,14 +1765,14 @@ func (ctrl *ApplicationController) normalizeApplication(orig, app *appv1.Applica // persistAppStatus persists updates to application status. If no changes were made, it is a no-op func (ctrl *ApplicationController) persistAppStatus(orig *appv1.Application, newStatus *appv1.ApplicationStatus) (patchMs time.Duration) { - logCtx := getAppLog(orig) + logCtx := log.WithFields(log.Fields{"application": orig.QualifiedName()}) if orig.Status.Sync.Status != newStatus.Sync.Status { message := fmt.Sprintf("Updated sync status: %s -> %s", orig.Status.Sync.Status, newStatus.Sync.Status) - ctrl.logAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message, context.TODO()) + ctrl.auditLogger.LogAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message, "") } if orig.Status.Health.Status != newStatus.Health.Status { message := fmt.Sprintf("Updated health status: %s -> %s", orig.Status.Health.Status, newStatus.Health.Status) - ctrl.logAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message, context.TODO()) + ctrl.auditLogger.LogAppEvent(orig, argo.EventInfo{Reason: argo.EventReasonResourceUpdated, Type: v1.EventTypeNormal}, message, "") } var newAnnotations map[string]string if orig.GetAnnotations() != nil { @@ -1892,18 +1809,10 @@ func (ctrl *ApplicationController) persistAppStatus(orig *appv1.Application, new // autoSync will initiate a sync operation for an application configured with automated sync func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus *appv1.SyncStatus, resources []appv1.ResourceStatus) (*appv1.ApplicationCondition, time.Duration) { - logCtx := getAppLog(app) - ts := stats.NewTimingStats() - defer func() { - for k, v := range ts.Timings() { - logCtx = logCtx.WithField(k, v.Milliseconds()) - } - logCtx = logCtx.WithField("time_ms", time.Since(ts.StartTime).Milliseconds()) - logCtx.Debug("Finished auto sync") - }() if app.Spec.SyncPolicy == nil || app.Spec.SyncPolicy.Automated == nil { return nil, 0 } + logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()}) if app.Operation != nil { logCtx.Infof("Skipping auto-sync: another operation is in progress") @@ -1938,7 +1847,6 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * desiredCommitSHA := syncStatus.Revision desiredCommitSHAsMS := syncStatus.Revisions alreadyAttempted, attemptPhase := alreadyAttemptedSync(app, desiredCommitSHA, desiredCommitSHAsMS, app.Spec.HasMultipleSources()) - ts.AddCheckpoint("already_attempted_sync_ms") selfHeal := app.Spec.SyncPolicy.Automated.SelfHeal op := appv1.Operation{ Sync: &appv1.SyncOperation{ @@ -1981,8 +1889,8 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * ctrl.requestAppRefresh(app.QualifiedName(), CompareWithLatest.Pointer(), &retryAfter) return nil, 0 } + } - ts.AddCheckpoint("already_attempted_check_ms") if app.Spec.SyncPolicy.Automated.Prune && !app.Spec.SyncPolicy.Automated.AllowEmpty { bAllNeedPrune := true @@ -1999,10 +1907,8 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } appIf := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace) - ts.AddCheckpoint("get_applications_ms") start := time.Now() updatedApp, err := argo.SetAppOperation(appIf, app.Name, &op) - ts.AddCheckpoint("set_app_operation_ms") setOpTime := time.Since(start) if err != nil { if goerrors.Is(err, argo.ErrAnotherOperationInProgress) { @@ -2017,7 +1923,6 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * } else { ctrl.writeBackToInformer(updatedApp) } - ts.AddCheckpoint("write_back_to_informer_ms") var target string if updatedApp.Spec.HasMultipleSources() { @@ -2026,7 +1931,8 @@ func (ctrl *ApplicationController) autoSync(app *appv1.Application, syncStatus * target = desiredCommitSHA } message := fmt.Sprintf("Initiated automated sync to '%s'", target) - ctrl.logAppEvent(app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: v1.EventTypeNormal}, message, context.TODO()) + + ctrl.auditLogger.LogAppEvent(app, argo.EventInfo{Reason: argo.EventReasonOperationStarted, Type: v1.EventTypeNormal}, message, "") logCtx.Info(message) return nil, setOpTime } @@ -2104,7 +2010,7 @@ func (ctrl *ApplicationController) canProcessApp(obj interface{}) bool { if annotations := app.GetAnnotations(); annotations != nil { if skipVal, ok := annotations[common.AnnotationKeyAppSkipReconcile]; ok { - logCtx := getAppLog(app) + logCtx := log.WithFields(log.Fields{"application": app.QualifiedName()}) if skipReconcile, err := strconv.ParseBool(skipVal); err == nil { if skipReconcile { logCtx.Debugf("Skipping Application reconcile based on annotation %s", common.AnnotationKeyAppSkipReconcile) @@ -2240,7 +2146,7 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar newApp, newOK := new.(*appv1.Application) if oldOK && newOK { if automatedSyncEnabled(oldApp, newApp) { - getAppLog(newApp).Info("Enabled automated sync") + log.WithField("application", newApp.QualifiedName()).Info("Enabled automated sync") compareWith = CompareWithLatest.Pointer() } if ctrl.statusRefreshJitter != 0 && oldApp.ResourceVersion == newApp.ResourceVersion { @@ -2366,9 +2272,4 @@ func (ctrl *ApplicationController) getAppList(options metav1.ListOptions) (*appv return appList, nil } -func (ctrl *ApplicationController) logAppEvent(a *appv1.Application, eventInfo argo.EventInfo, message string, ctx context.Context) { - eventLabels := argo.GetAppEventLabels(a, applisters.NewAppProjectLister(ctrl.projInformer.GetIndexer()), ctrl.namespace, ctrl.settingsMgr, ctrl.db, ctx) - ctrl.auditLogger.LogAppEvent(a, eventInfo, message, "", eventLabels) -} - type ClusterFilterFunction func(c *appv1.Cluster, distributionFunction sharding.DistributionFunction) bool diff --git a/controller/appcontroller_test.go b/controller/appcontroller_test.go index 52d9ba9f98887..81299fe65f562 100644 --- a/controller/appcontroller_test.go +++ b/controller/appcontroller_test.go @@ -19,6 +19,7 @@ import ( statecache "github.com/argoproj/argo-cd/v2/controller/cache" "github.com/argoproj/argo-cd/v2/controller/sharding" + dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/argoproj/gitops-engine/pkg/cache/mocks" synccommon "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/argoproj/gitops-engine/pkg/utils/kube" @@ -35,8 +36,6 @@ import ( "k8s.io/client-go/tools/cache" "sigs.k8s.io/yaml" - dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" - mockstatecache "github.com/argoproj/argo-cd/v2/controller/cache/mocks" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned/fake" @@ -222,7 +221,6 @@ metadata: namespace: ` + test.FakeArgoCDNamespace + ` type: Opaque ` - var fakeApp = ` apiVersion: argoproj.io/v1alpha1 kind: Application @@ -374,8 +372,8 @@ data: var fakePostDeleteHook = ` { - "apiVersion": "batch/v1", - "kind": "Job", + "apiVersion": "v1", + "kind": "Pod", "metadata": { "name": "post-delete-hook", "namespace": "default", @@ -388,93 +386,22 @@ var fakePostDeleteHook = ` } }, "spec": { - "template": { - "metadata": { - "name": "post-delete-hook" - }, - "spec": { - "containers": [ - { - "name": "post-delete-hook", - "image": "busybox", - "command": [ - "/bin/sh", - "-c", - "sleep 5 && echo hello from the post-delete-hook job" - ] - } - ], - "restartPolicy": "Never" + "containers": [ + { + "name": "post-delete-hook", + "image": "busybox", + "restartPolicy": "Never", + "command": [ + "/bin/sh", + "-c", + "sleep 5 && echo hello from the post-delete-hook pod" + ] } - } - } -} -` - -var fakeServiceAccount = ` -{ - "apiVersion": "v1", - "kind": "ServiceAccount", - "metadata": { - "name": "hook-serviceaccount", - "namespace": "default", - "annotations": { - "argocd.argoproj.io/hook": "PostDelete", - "argocd.argoproj.io/hook-delete-policy": "BeforeHookCreation,HookSucceeded" - } + ] } } ` -var fakeRole = ` -{ - "apiVersion": "rbac.authorization.k8s.io/v1", - "kind": "Role", - "metadata": { - "name": "hook-role", - "namespace": "default", - "annotations": { - "argocd.argoproj.io/hook": "PostDelete", - "argocd.argoproj.io/hook-delete-policy": "BeforeHookCreation,HookSucceeded" - } - }, - "rules": [ - { - "apiGroups": [""], - "resources": ["secrets"], - "verbs": ["get", "delete", "list"] - } - ] -} -` - -var fakeRoleBinding = ` -{ - "apiVersion": "rbac.authorization.k8s.io/v1", - "kind": "RoleBinding", - "metadata": { - "name": "hook-rolebinding", - "namespace": "default", - "annotations": { - "argocd.argoproj.io/hook": "PostDelete", - "argocd.argoproj.io/hook-delete-policy": "BeforeHookCreation,HookSucceeded" - } - }, - "roleRef": { - "apiGroup": "rbac.authorization.k8s.io", - "kind": "Role", - "name": "hook-role" - }, - "subjects": [ - { - "kind": "ServiceAccount", - "name": "hook-serviceaccount", - "namespace": "default" - } - ] -} -` - func newFakeApp() *v1alpha1.Application { return createFakeApp(fakeApp) } @@ -510,39 +437,12 @@ func newFakeCM() map[string]interface{} { } func newFakePostDeleteHook() map[string]interface{} { - var hook map[string]interface{} - err := yaml.Unmarshal([]byte(fakePostDeleteHook), &hook) - if err != nil { - panic(err) - } - return hook -} - -func newFakeRoleBinding() map[string]interface{} { - var roleBinding map[string]interface{} - err := yaml.Unmarshal([]byte(fakeRoleBinding), &roleBinding) - if err != nil { - panic(err) - } - return roleBinding -} - -func newFakeRole() map[string]interface{} { - var role map[string]interface{} - err := yaml.Unmarshal([]byte(fakeRole), &role) - if err != nil { - panic(err) - } - return role -} - -func newFakeServiceAccount() map[string]interface{} { - var serviceAccount map[string]interface{} - err := yaml.Unmarshal([]byte(fakeServiceAccount), &serviceAccount) + var cm map[string]interface{} + err := yaml.Unmarshal([]byte(fakePostDeleteHook), &cm) if err != nil { panic(err) } - return serviceAccount + return cm } func TestAutoSync(t *testing.T) { @@ -555,7 +455,7 @@ func TestAutoSync(t *testing.T) { cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, app.Operation) assert.NotNil(t, app.Operation.Sync) assert.False(t, app.Operation.Sync.Prune) @@ -599,7 +499,7 @@ func TestSkipAutoSync(t *testing.T) { cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Nil(t, app.Operation) }) @@ -614,7 +514,7 @@ func TestSkipAutoSync(t *testing.T) { cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Nil(t, app.Operation) }) @@ -630,7 +530,7 @@ func TestSkipAutoSync(t *testing.T) { cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Nil(t, app.Operation) }) @@ -647,7 +547,7 @@ func TestSkipAutoSync(t *testing.T) { cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Nil(t, app.Operation) }) @@ -673,7 +573,7 @@ func TestSkipAutoSync(t *testing.T) { cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.NotNil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Nil(t, app.Operation) }) @@ -689,7 +589,7 @@ func TestSkipAutoSync(t *testing.T) { }) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Nil(t, app.Operation) }) } @@ -725,7 +625,7 @@ func TestAutoSyncIndicateError(t *testing.T) { cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.NotNil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Nil(t, app.Operation) } @@ -768,7 +668,7 @@ func TestAutoSyncParameterOverrides(t *testing.T) { cond, _ := ctrl.autoSync(app, &syncStatus, []v1alpha1.ResourceStatus{{Name: "guestbook", Kind: kube.DeploymentKind, Status: v1alpha1.SyncStatusCodeOutOfSync}}) assert.Nil(t, cond) app, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(test.FakeArgoCDNamespace).Get(context.Background(), "my-app", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, app.Operation) } @@ -813,13 +713,13 @@ func TestFinalizeAppDeletion(t *testing.T) { err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { return []*v1alpha1.Cluster{}, nil }) - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, patched) }) // Ensure any stray resources irregularly labeled with instance label of app are not deleted upon deleting, // when app project restriction is in place - t.Run("ProjectRestrictionEnforced", func(t *testing.T) { + t.Run("ProjectRestrictionEnforced", func(*testing.T) { restrictedProj := v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "restricted", @@ -864,11 +764,11 @@ func TestFinalizeAppDeletion(t *testing.T) { err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { return []*v1alpha1.Cluster{}, nil }) - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, patched) objsMap, err := ctrl.stateCache.GetManagedLiveObjs(app, []*unstructured.Unstructured{}) if err != nil { - require.NoError(t, err) + assert.NoError(t, err) } // Managed objects must be empty assert.Empty(t, objsMap) @@ -900,13 +800,14 @@ func TestFinalizeAppDeletion(t *testing.T) { err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { return []*v1alpha1.Cluster{}, nil }) - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, patched) }) // Create an Application with a cluster that doesn't exist // Ensure it can be deleted. t.Run("DeleteWithInvalidClusterName", func(t *testing.T) { + appTemplate := newFakeAppWithDestName() testShouldDelete := func(app *v1alpha1.Application) { @@ -924,7 +825,7 @@ func TestFinalizeAppDeletion(t *testing.T) { err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { return []*v1alpha1.Cluster{}, nil }) - require.NoError(t, err) + assert.NoError(t, err) } app1 := appTemplate.DeepCopy() @@ -939,6 +840,7 @@ func TestFinalizeAppDeletion(t *testing.T) { app3.Spec.Destination.Name = "invalid" app3.Spec.Destination.Server = "https://invalid" testShouldDelete(app3) + }) t.Run("PostDelete_HookIsCreated", func(t *testing.T) { @@ -950,8 +852,7 @@ func TestFinalizeAppDeletion(t *testing.T) { Manifests: []string{fakePostDeleteHook}, }}, apps: []runtime.Object{app, &defaultProj}, - managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{}, - }, nil) + managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{}}, nil) patched := false fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -967,7 +868,7 @@ func TestFinalizeAppDeletion(t *testing.T) { err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { return []*v1alpha1.Cluster{}, nil }) - require.NoError(t, err) + assert.NoError(t, err) // finalizer is not deleted assert.False(t, patched) // post-delete hook is created @@ -980,13 +881,7 @@ func TestFinalizeAppDeletion(t *testing.T) { app.SetPostDeleteFinalizer() app.Spec.Destination.Namespace = test.FakeArgoCDNamespace liveHook := &unstructured.Unstructured{Object: newFakePostDeleteHook()} - conditions := []interface{}{ - map[string]interface{}{ - "type": "Complete", - "status": "True", - }, - } - require.NoError(t, unstructured.SetNestedField(liveHook.Object, conditions, "status", "conditions")) + require.NoError(t, unstructured.SetNestedField(liveHook.Object, "Succeeded", "status", "phase")) ctrl := newFakeController(&fakeData{ manifestResponses: []*apiclient.ManifestResponse{{ Manifests: []string{fakePostDeleteHook}, @@ -994,8 +889,7 @@ func TestFinalizeAppDeletion(t *testing.T) { apps: []runtime.Object{app, &defaultProj}, managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{ kube.GetResourceKey(liveHook): liveHook, - }, - }, nil) + }}, nil) patched := false fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1011,7 +905,7 @@ func TestFinalizeAppDeletion(t *testing.T) { err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { return []*v1alpha1.Cluster{}, nil }) - require.NoError(t, err) + assert.NoError(t, err) // finalizer is removed assert.True(t, patched) }) @@ -1020,29 +914,16 @@ func TestFinalizeAppDeletion(t *testing.T) { app := newFakeApp() app.SetPostDeleteFinalizer("cleanup") app.Spec.Destination.Namespace = test.FakeArgoCDNamespace - liveRoleBinding := &unstructured.Unstructured{Object: newFakeRoleBinding()} - liveRole := &unstructured.Unstructured{Object: newFakeRole()} - liveServiceAccount := &unstructured.Unstructured{Object: newFakeServiceAccount()} liveHook := &unstructured.Unstructured{Object: newFakePostDeleteHook()} - conditions := []interface{}{ - map[string]interface{}{ - "type": "Complete", - "status": "True", - }, - } - require.NoError(t, unstructured.SetNestedField(liveHook.Object, conditions, "status", "conditions")) + require.NoError(t, unstructured.SetNestedField(liveHook.Object, "Succeeded", "status", "phase")) ctrl := newFakeController(&fakeData{ manifestResponses: []*apiclient.ManifestResponse{{ - Manifests: []string{fakeRoleBinding, fakeRole, fakeServiceAccount, fakePostDeleteHook}, + Manifests: []string{fakePostDeleteHook}, }}, apps: []runtime.Object{app, &defaultProj}, managedLiveObjs: map[kube.ResourceKey]*unstructured.Unstructured{ - kube.GetResourceKey(liveRoleBinding): liveRoleBinding, - kube.GetResourceKey(liveRole): liveRole, - kube.GetResourceKey(liveServiceAccount): liveServiceAccount, - kube.GetResourceKey(liveHook): liveHook, - }, - }, nil) + kube.GetResourceKey(liveHook): liveHook, + }}, nil) patched := false fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) @@ -1058,15 +939,10 @@ func TestFinalizeAppDeletion(t *testing.T) { err := ctrl.finalizeApplicationDeletion(app, func(project string) ([]*v1alpha1.Cluster, error) { return []*v1alpha1.Cluster{}, nil }) - require.NoError(t, err) - // post-delete hooks are deleted - require.Len(t, ctrl.kubectl.(*MockKubectl).DeletedResources, 4) - deletedResources := []string{} - for _, res := range ctrl.kubectl.(*MockKubectl).DeletedResources { - deletedResources = append(deletedResources, res.Name) - } - expectedNames := []string{"hook-rolebinding", "hook-role", "hook-serviceaccount", "post-delete-hook"} - require.ElementsMatch(t, expectedNames, deletedResources, "Deleted resources should match expected names") + assert.NoError(t, err) + // post-delete hook is deleted + require.Len(t, ctrl.kubectl.(*MockKubectl).DeletedResources, 1) + require.Equal(t, "post-delete-hook", ctrl.kubectl.(*MockKubectl).DeletedResources[0].Name) // finalizer is not removed assert.False(t, patched) }) @@ -1224,9 +1100,9 @@ func TestGetResourceTree_HasOrphanedResources(t *testing.T) { TargetState: test.DeploymentManifest, }}) - require.NoError(t, err) - assert.Equal(t, []v1alpha1.ResourceNode{managedDeploy}, tree.Nodes) - assert.Equal(t, []v1alpha1.ResourceNode{orphanedDeploy1, orphanedDeploy2}, tree.OrphanedNodes) + assert.NoError(t, err) + assert.Equal(t, tree.Nodes, []v1alpha1.ResourceNode{managedDeploy}) + assert.Equal(t, tree.OrphanedNodes, []v1alpha1.ResourceNode{orphanedDeploy1, orphanedDeploy2}) } func TestSetOperationStateOnDeletedApp(t *testing.T) { @@ -1533,7 +1409,7 @@ func TestRefreshAppConditions(t *testing.T) { _, hasErrors := ctrl.refreshAppConditions(app) assert.False(t, hasErrors) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, app.Status.Conditions, 0) }) t.Run("PreserveExistingWarningCondition", func(t *testing.T) { @@ -1584,7 +1460,7 @@ func TestUpdateReconciledAt(t *testing.T) { receivedPatch := map[string]interface{}{} fakeAppCs.AddReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - require.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) + assert.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) } return true, &v1alpha1.Application{}, nil }) @@ -1597,11 +1473,11 @@ func TestUpdateReconciledAt(t *testing.T) { ctrl.processAppRefreshQueueItem() _, updated, err := unstructured.NestedString(receivedPatch, "status", "reconciledAt") - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, updated) _, updated, err = unstructured.NestedString(receivedPatch, "status", "observedAt") - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, updated) }) @@ -1613,13 +1489,14 @@ func TestUpdateReconciledAt(t *testing.T) { ctrl.processAppRefreshQueueItem() _, updated, err := unstructured.NestedString(receivedPatch, "status", "reconciledAt") - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, updated) _, updated, err = unstructured.NestedString(receivedPatch, "status", "observedAt") - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, updated) }) + } func TestProjectErrorToCondition(t *testing.T) { @@ -1643,7 +1520,7 @@ func TestProjectErrorToCondition(t *testing.T) { obj, ok, err := ctrl.appInformer.GetIndexer().GetByKey(key) assert.True(t, ok) - require.NoError(t, err) + assert.NoError(t, err) updatedApp := obj.(*v1alpha1.Application) assert.Equal(t, v1alpha1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) assert.Equal(t, "Application referencing project wrong project which does not exist", updatedApp.Status.Conditions[0].Message) @@ -1663,7 +1540,7 @@ func TestFinalizeProjectDeletion_HasApplications(t *testing.T) { }) err := ctrl.finalizeProjectDeletion(proj) - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, patched) } @@ -1675,13 +1552,13 @@ func TestFinalizeProjectDeletion_DoesNotHaveApplications(t *testing.T) { receivedPatch := map[string]interface{}{} fakeAppCs.PrependReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - require.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) + assert.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) } return true, &v1alpha1.AppProject{}, nil }) err := ctrl.finalizeProjectDeletion(proj) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, map[string]interface{}{ "metadata": map[string]interface{}{ "finalizers": nil, @@ -1700,7 +1577,7 @@ func TestProcessRequestedAppOperation_FailedNoRetries(t *testing.T) { receivedPatch := map[string]interface{}{} fakeAppCs.PrependReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - require.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) + assert.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) } return true, &v1alpha1.Application{}, nil }) @@ -1728,7 +1605,7 @@ func TestProcessRequestedAppOperation_InvalidDestination(t *testing.T) { defer fakeAppCs.Unlock() fakeAppCs.PrependReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - require.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) + assert.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) } return true, &v1alpha1.Application{}, nil }) @@ -1754,7 +1631,7 @@ func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) { receivedPatch := map[string]interface{}{} fakeAppCs.PrependReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - require.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) + assert.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) } return true, &v1alpha1.Application{}, nil }) @@ -1766,7 +1643,7 @@ func TestProcessRequestedAppOperation_FailedHasRetries(t *testing.T) { message, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "message") assert.Contains(t, message, "Retrying attempt #1") retryCount, _, _ := unstructured.NestedFloat64(receivedPatch, "status", "operationState", "retryCount") - assert.InEpsilon(t, float64(1), retryCount, 0.0001) + assert.Equal(t, float64(1), retryCount) } func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) { @@ -1797,7 +1674,7 @@ func TestProcessRequestedAppOperation_RunningPreviouslyFailed(t *testing.T) { receivedPatch := map[string]interface{}{} fakeAppCs.PrependReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - require.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) + assert.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) } return true, &v1alpha1.Application{}, nil }) @@ -1830,7 +1707,7 @@ func TestProcessRequestedAppOperation_HasRetriesTerminated(t *testing.T) { receivedPatch := map[string]interface{}{} fakeAppCs.PrependReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { if patchAction, ok := action.(kubetesting.PatchAction); ok { - require.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) + assert.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) } return true, &v1alpha1.Application{}, nil }) @@ -1841,36 +1718,6 @@ func TestProcessRequestedAppOperation_HasRetriesTerminated(t *testing.T) { assert.Equal(t, string(synccommon.OperationFailed), phase) } -func TestProcessRequestedAppOperation_Successful(t *testing.T) { - app := newFakeApp() - app.Spec.Project = "default" - app.Operation = &v1alpha1.Operation{ - Sync: &v1alpha1.SyncOperation{}, - } - ctrl := newFakeController(&fakeData{ - apps: []runtime.Object{app, &defaultProj}, - manifestResponses: []*apiclient.ManifestResponse{{ - Manifests: []string{}, - }}, - }, nil) - fakeAppCs := ctrl.applicationClientset.(*appclientset.Clientset) - receivedPatch := map[string]interface{}{} - fakeAppCs.PrependReactor("patch", "*", func(action kubetesting.Action) (handled bool, ret runtime.Object, err error) { - if patchAction, ok := action.(kubetesting.PatchAction); ok { - require.NoError(t, json.Unmarshal(patchAction.GetPatch(), &receivedPatch)) - } - return true, &v1alpha1.Application{}, nil - }) - - ctrl.processRequestedAppOperation(app) - - phase, _, _ := unstructured.NestedString(receivedPatch, "status", "operationState", "phase") - assert.Equal(t, string(synccommon.OperationSucceeded), phase) - ok, level := ctrl.isRefreshRequested(ctrl.toAppKey(app.Name)) - assert.True(t, ok) - assert.Equal(t, CompareWithLatestForceResolve, level) -} - func TestGetAppHosts(t *testing.T) { app := newFakeApp() data := &fakeData{ @@ -1920,16 +1767,13 @@ func TestGetAppHosts(t *testing.T) { }}, }}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, []v1alpha1.HostInfo{{ Name: "minikube", SystemInfo: corev1.NodeSystemInfo{OSImage: "debian"}, - ResourcesInfo: []v1alpha1.HostResourceInfo{ - { - ResourceName: corev1.ResourceCPU, Capacity: 5000, RequestedByApp: 1000, RequestedByNeighbors: 2000, - }, - }, - }}, hosts) + ResourcesInfo: []v1alpha1.HostResourceInfo{{ + ResourceName: corev1.ResourceCPU, Capacity: 5000, RequestedByApp: 1000, RequestedByNeighbors: 2000}, + }}}, hosts) } func TestMetricsExpiration(t *testing.T) { @@ -2047,7 +1891,7 @@ func TestAddControllerNamespace(t *testing.T) { ctrl.processAppRefreshQueueItem() updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(ctrl.namespace).Get(context.Background(), app.Name, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, test.FakeArgoCDNamespace, updatedApp.Status.ControllerNamespace) }) t.Run("set controllerNamespace when the app is in another namespace than the controller", func(t *testing.T) { @@ -2066,7 +1910,7 @@ func TestAddControllerNamespace(t *testing.T) { ctrl.processAppRefreshQueueItem() updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(appNamespace).Get(context.Background(), app.Name, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, test.FakeArgoCDNamespace, updatedApp.Status.ControllerNamespace) }) } diff --git a/controller/cache/cache.go b/controller/cache/cache.go index a1b3c8538aab0..ddfe2b17fdc31 100644 --- a/controller/cache/cache.go +++ b/controller/cache/cache.go @@ -171,8 +171,8 @@ func NewLiveStateCache( metricsServer *metrics.MetricsServer, onObjectUpdated ObjectUpdatedHandler, clusterSharding sharding.ClusterShardingCache, - resourceTracking argo.ResourceTracking, -) LiveStateCache { + resourceTracking argo.ResourceTracking) LiveStateCache { + return &liveStateCache{ appInformer: appInformer, db: db, @@ -329,9 +329,11 @@ func getAppRecursive(r *clustercache.Resource, ns map[kube.ResourceKey]*clusterc return "", true } -var ignoredRefreshResources = map[string]bool{ - "/" + kube.EndpointsKind: true, -} +var ( + ignoredRefreshResources = map[string]bool{ + "/" + kube.EndpointsKind: true, + } +) // skipAppRequeuing checks if the object is an API type which we want to skip requeuing against. // We ignore API types which have a high churn rate, and/or whose updates are irrelevant to the app @@ -394,17 +396,12 @@ func isResourceQuotaConflictErr(err error) bool { } func isTransientNetworkErr(err error) bool { - var netErr net.Error - switch { - case errors.As(err, &netErr): - var dnsErr *net.DNSError - var opErr *net.OpError - var unknownNetworkErr net.UnknownNetworkError - var urlErr *url.Error - switch { - case errors.As(err, &dnsErr), errors.As(err, &opErr), errors.As(err, &unknownNetworkErr): + switch err.(type) { + case net.Error: + switch err.(type) { + case *net.DNSError, *net.OpError, net.UnknownNetworkError: return true - case errors.As(err, &urlErr): + case *url.Error: // For a URL error, where it replies "connection closed" // retry again. return strings.Contains(err.Error(), "Connection closed by foreign host") @@ -412,8 +409,7 @@ func isTransientNetworkErr(err error) bool { } errorString := err.Error() - var exitErr *exec.ExitError - if errors.As(err, &exitErr) { + if exitErr, ok := err.(*exec.ExitError); ok { errorString = fmt.Sprintf("%s %s", errorString, exitErr.Stderr) } if strings.Contains(errorString, "net/http: TLS handshake timeout") || @@ -809,6 +805,7 @@ func (c *liveStateCache) handleModEvent(oldCluster *appv1.Cluster, newCluster *a }() } } + } func (c *liveStateCache) handleDeleteEvent(clusterServer string) { diff --git a/controller/cache/cache_test.go b/controller/cache/cache_test.go index 09064883223f1..584f311f2ee30 100644 --- a/controller/cache/cache_test.go +++ b/controller/cache/cache_test.go @@ -127,7 +127,7 @@ func TestHandleAddEvent_ClusterExcluded(t *testing.T) { Config: appv1.ClusterConfig{Username: "bar"}, }) - assert.Empty(t, clustersCache.clusters) + assert.Len(t, clustersCache.clusters, 0) } func TestHandleDeleteEvent_CacheDeadlock(t *testing.T) { @@ -589,8 +589,7 @@ func TestSkipResourceUpdate(t *testing.T) { assert.False(t, skipResourceUpdate(&ResourceInfo{ manifestHash: hash1_x, Health: &health.HealthStatus{ - Status: health.HealthStatusHealthy, - }, + Status: health.HealthStatusHealthy}, }, &ResourceInfo{ manifestHash: hash3_x, Health: nil, diff --git a/controller/cache/info_test.go b/controller/cache/info_test.go index da47f8e498c63..d0d67244ca4f9 100644 --- a/controller/cache/info_test.go +++ b/controller/cache/info_test.go @@ -314,7 +314,7 @@ status: func TestGetServiceInfo(t *testing.T) { info := &ResourceInfo{} populateNodeInfo(testService, info, []string{}) - assert.Empty(t, info.Info) + assert.Equal(t, 0, len(info.Info)) assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{ TargetLabels: map[string]string{"app": "guestbook"}, Ingress: []v1.LoadBalancerIngress{{Hostname: "localhost"}}, @@ -324,7 +324,7 @@ func TestGetServiceInfo(t *testing.T) { func TestGetLinkAnnotatedServiceInfo(t *testing.T) { info := &ResourceInfo{} populateNodeInfo(testLinkAnnotatedService, info, []string{}) - assert.Empty(t, info.Info) + assert.Equal(t, 0, len(info.Info)) assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{ TargetLabels: map[string]string{"app": "guestbook"}, Ingress: []v1.LoadBalancerIngress{{Hostname: "localhost"}}, @@ -335,7 +335,7 @@ func TestGetLinkAnnotatedServiceInfo(t *testing.T) { func TestGetIstioVirtualServiceInfo(t *testing.T) { info := &ResourceInfo{} populateNodeInfo(testIstioVirtualService, info, []string{}) - assert.Empty(t, info.Info) + assert.Equal(t, 0, len(info.Info)) require.NotNil(t, info.NetworkingInfo) require.NotNil(t, info.NetworkingInfo.TargetRefs) assert.Contains(t, info.NetworkingInfo.TargetRefs, v1alpha1.ResourceRef{ @@ -356,7 +356,7 @@ func TestGetIstioVirtualServiceInfo(t *testing.T) { } func TestGetIngressInfo(t *testing.T) { - tests := []struct { + var tests = []struct { Ingress *unstructured.Unstructured }{ {testIngress}, @@ -365,7 +365,7 @@ func TestGetIngressInfo(t *testing.T) { for _, tc := range tests { info := &ResourceInfo{} populateNodeInfo(tc.Ingress, info, []string{}) - assert.Empty(t, info.Info) + assert.Equal(t, 0, len(info.Info)) sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool { return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0 }) @@ -390,7 +390,7 @@ func TestGetIngressInfo(t *testing.T) { func TestGetLinkAnnotatedIngressInfo(t *testing.T) { info := &ResourceInfo{} populateNodeInfo(testLinkAnnotatedIngress, info, []string{}) - assert.Empty(t, info.Info) + assert.Equal(t, 0, len(info.Info)) sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool { return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0 }) @@ -414,7 +414,7 @@ func TestGetLinkAnnotatedIngressInfo(t *testing.T) { func TestGetIngressInfoWildCardPath(t *testing.T) { info := &ResourceInfo{} populateNodeInfo(testIngressWildCardPath, info, []string{}) - assert.Empty(t, info.Info) + assert.Equal(t, 0, len(info.Info)) sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool { return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0 }) @@ -438,7 +438,7 @@ func TestGetIngressInfoWildCardPath(t *testing.T) { func TestGetIngressInfoWithoutTls(t *testing.T) { info := &ResourceInfo{} populateNodeInfo(testIngressWithoutTls, info, []string{}) - assert.Empty(t, info.Info) + assert.Equal(t, 0, len(info.Info)) sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool { return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0 }) @@ -495,7 +495,6 @@ func TestGetIngressInfoWithHost(t *testing.T) { ExternalURLs: []string{"https://107.178.210.11/"}, }, info.NetworkingInfo) } - func TestGetIngressInfoNoHost(t *testing.T) { ingress := strToUnstructured(` apiVersion: extensions/v1beta1 @@ -526,9 +525,8 @@ func TestGetIngressInfoNoHost(t *testing.T) { Name: "helm-guestbook", }}, }, info.NetworkingInfo) - assert.Empty(t, info.NetworkingInfo.ExternalURLs) + assert.Equal(t, len(info.NetworkingInfo.ExternalURLs), 0) } - func TestExternalUrlWithSubPath(t *testing.T) { ingress := strToUnstructured(` apiVersion: networking.k8s.io/v1 @@ -557,7 +555,6 @@ func TestExternalUrlWithSubPath(t *testing.T) { expectedExternalUrls := []string{"https://107.178.210.11/my/sub/path/"} assert.Equal(t, expectedExternalUrls, info.NetworkingInfo.ExternalURLs) } - func TestExternalUrlWithMultipleSubPaths(t *testing.T) { ingress := strToUnstructured(` apiVersion: networking.k8s.io/v1 @@ -597,7 +594,6 @@ func TestExternalUrlWithMultipleSubPaths(t *testing.T) { sort.Strings(actualURLs) assert.Equal(t, expectedExternalUrls, actualURLs) } - func TestExternalUrlWithNoSubPath(t *testing.T) { ingress := strToUnstructured(` apiVersion: networking.k8s.io/v1 @@ -664,7 +660,7 @@ func TestCustomLabel(t *testing.T) { info := &ResourceInfo{} populateNodeInfo(configmap, info, []string{"my-label"}) - assert.Empty(t, info.Info) + assert.Equal(t, 0, len(info.Info)) configmap = strToUnstructured(` apiVersion: v1 @@ -677,7 +673,7 @@ func TestCustomLabel(t *testing.T) { info = &ResourceInfo{} populateNodeInfo(configmap, info, []string{"my-label", "other-label"}) - assert.Len(t, info.Info, 1) + assert.Equal(t, 1, len(info.Info)) assert.Equal(t, "my-label", info.Info[0].Name) assert.Equal(t, "value", info.Info[0].Value) @@ -693,7 +689,7 @@ func TestCustomLabel(t *testing.T) { info = &ResourceInfo{} populateNodeInfo(configmap, info, []string{"my-label", "other-label"}) - assert.Len(t, info.Info, 2) + assert.Equal(t, 2, len(info.Info)) assert.Equal(t, "my-label", info.Info[0].Name) assert.Equal(t, "value", info.Info[0].Value) assert.Equal(t, "other-label", info.Info[1].Name) @@ -756,5 +752,5 @@ func TestManifestHash(t *testing.T) { hash, err := generateManifestHash(manifest, ignores, nil, normalizers.IgnoreNormalizerOpts{}) assert.Equal(t, expected, hash) - assert.NoError(t, err) + assert.Nil(t, err) } diff --git a/controller/cache/mocks/LiveStateCache.go b/controller/cache/mocks/LiveStateCache.go index f76fcbcf56ce6..7dc4d6b7710e2 100644 --- a/controller/cache/mocks/LiveStateCache.go +++ b/controller/cache/mocks/LiveStateCache.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. +// Code generated by mockery v1.0.0. DO NOT EDIT. package mocks @@ -29,15 +29,7 @@ type LiveStateCache struct { func (_m *LiveStateCache) GetClusterCache(server string) (cache.ClusterCache, error) { ret := _m.Called(server) - if len(ret) == 0 { - panic("no return value specified for GetClusterCache") - } - var r0 cache.ClusterCache - var r1 error - if rf, ok := ret.Get(0).(func(string) (cache.ClusterCache, error)); ok { - return rf(server) - } if rf, ok := ret.Get(0).(func(string) cache.ClusterCache); ok { r0 = rf(server) } else { @@ -46,6 +38,7 @@ func (_m *LiveStateCache) GetClusterCache(server string) (cache.ClusterCache, er } } + var r1 error if rf, ok := ret.Get(1).(func(string) error); ok { r1 = rf(server) } else { @@ -59,10 +52,6 @@ func (_m *LiveStateCache) GetClusterCache(server string) (cache.ClusterCache, er func (_m *LiveStateCache) GetClustersInfo() []cache.ClusterInfo { ret := _m.Called() - if len(ret) == 0 { - panic("no return value specified for GetClustersInfo") - } - var r0 []cache.ClusterInfo if rf, ok := ret.Get(0).(func() []cache.ClusterInfo); ok { r0 = rf() @@ -79,15 +68,7 @@ func (_m *LiveStateCache) GetClustersInfo() []cache.ClusterInfo { func (_m *LiveStateCache) GetManagedLiveObjs(a *v1alpha1.Application, targetObjs []*unstructured.Unstructured) (map[kube.ResourceKey]*unstructured.Unstructured, error) { ret := _m.Called(a, targetObjs) - if len(ret) == 0 { - panic("no return value specified for GetManagedLiveObjs") - } - var r0 map[kube.ResourceKey]*unstructured.Unstructured - var r1 error - if rf, ok := ret.Get(0).(func(*v1alpha1.Application, []*unstructured.Unstructured) (map[kube.ResourceKey]*unstructured.Unstructured, error)); ok { - return rf(a, targetObjs) - } if rf, ok := ret.Get(0).(func(*v1alpha1.Application, []*unstructured.Unstructured) map[kube.ResourceKey]*unstructured.Unstructured); ok { r0 = rf(a, targetObjs) } else { @@ -96,6 +77,7 @@ func (_m *LiveStateCache) GetManagedLiveObjs(a *v1alpha1.Application, targetObjs } } + var r1 error if rf, ok := ret.Get(1).(func(*v1alpha1.Application, []*unstructured.Unstructured) error); ok { r1 = rf(a, targetObjs) } else { @@ -109,15 +91,7 @@ func (_m *LiveStateCache) GetManagedLiveObjs(a *v1alpha1.Application, targetObjs func (_m *LiveStateCache) GetNamespaceTopLevelResources(server string, namespace string) (map[kube.ResourceKey]v1alpha1.ResourceNode, error) { ret := _m.Called(server, namespace) - if len(ret) == 0 { - panic("no return value specified for GetNamespaceTopLevelResources") - } - var r0 map[kube.ResourceKey]v1alpha1.ResourceNode - var r1 error - if rf, ok := ret.Get(0).(func(string, string) (map[kube.ResourceKey]v1alpha1.ResourceNode, error)); ok { - return rf(server, namespace) - } if rf, ok := ret.Get(0).(func(string, string) map[kube.ResourceKey]v1alpha1.ResourceNode); ok { r0 = rf(server, namespace) } else { @@ -126,6 +100,7 @@ func (_m *LiveStateCache) GetNamespaceTopLevelResources(server string, namespace } } + var r1 error if rf, ok := ret.Get(1).(func(string, string) error); ok { r1 = rf(server, namespace) } else { @@ -139,22 +114,14 @@ func (_m *LiveStateCache) GetNamespaceTopLevelResources(server string, namespace func (_m *LiveStateCache) GetVersionsInfo(serverURL string) (string, []kube.APIResourceInfo, error) { ret := _m.Called(serverURL) - if len(ret) == 0 { - panic("no return value specified for GetVersionsInfo") - } - var r0 string - var r1 []kube.APIResourceInfo - var r2 error - if rf, ok := ret.Get(0).(func(string) (string, []kube.APIResourceInfo, error)); ok { - return rf(serverURL) - } if rf, ok := ret.Get(0).(func(string) string); ok { r0 = rf(serverURL) } else { r0 = ret.Get(0).(string) } + var r1 []kube.APIResourceInfo if rf, ok := ret.Get(1).(func(string) []kube.APIResourceInfo); ok { r1 = rf(serverURL) } else { @@ -163,6 +130,7 @@ func (_m *LiveStateCache) GetVersionsInfo(serverURL string) (string, []kube.APIR } } + var r2 error if rf, ok := ret.Get(2).(func(string) error); ok { r2 = rf(serverURL) } else { @@ -176,10 +144,6 @@ func (_m *LiveStateCache) GetVersionsInfo(serverURL string) (string, []kube.APIR func (_m *LiveStateCache) Init() error { ret := _m.Called() - if len(ret) == 0 { - panic("no return value specified for Init") - } - var r0 error if rf, ok := ret.Get(0).(func() error); ok { r0 = rf() @@ -194,21 +158,14 @@ func (_m *LiveStateCache) Init() error { func (_m *LiveStateCache) IsNamespaced(server string, gk schema.GroupKind) (bool, error) { ret := _m.Called(server, gk) - if len(ret) == 0 { - panic("no return value specified for IsNamespaced") - } - var r0 bool - var r1 error - if rf, ok := ret.Get(0).(func(string, schema.GroupKind) (bool, error)); ok { - return rf(server, gk) - } if rf, ok := ret.Get(0).(func(string, schema.GroupKind) bool); ok { r0 = rf(server, gk) } else { r0 = ret.Get(0).(bool) } + var r1 error if rf, ok := ret.Get(1).(func(string, schema.GroupKind) error); ok { r1 = rf(server, gk) } else { @@ -222,10 +179,6 @@ func (_m *LiveStateCache) IsNamespaced(server string, gk schema.GroupKind) (bool func (_m *LiveStateCache) IterateHierarchy(server string, key kube.ResourceKey, action func(v1alpha1.ResourceNode, string) bool) error { ret := _m.Called(server, key, action) - if len(ret) == 0 { - panic("no return value specified for IterateHierarchy") - } - var r0 error if rf, ok := ret.Get(0).(func(string, kube.ResourceKey, func(v1alpha1.ResourceNode, string) bool) error); ok { r0 = rf(server, key, action) @@ -240,10 +193,6 @@ func (_m *LiveStateCache) IterateHierarchy(server string, key kube.ResourceKey, func (_m *LiveStateCache) IterateResources(server string, callback func(*cache.Resource, *controllercache.ResourceInfo)) error { ret := _m.Called(server, callback) - if len(ret) == 0 { - panic("no return value specified for IterateResources") - } - var r0 error if rf, ok := ret.Get(0).(func(string, func(*cache.Resource, *controllercache.ResourceInfo)) error); ok { r0 = rf(server, callback) @@ -258,10 +207,6 @@ func (_m *LiveStateCache) IterateResources(server string, callback func(*cache.R func (_m *LiveStateCache) Run(ctx context.Context) error { ret := _m.Called(ctx) - if len(ret) == 0 { - panic("no return value specified for Run") - } - var r0 error if rf, ok := ret.Get(0).(func(context.Context) error); ok { r0 = rf(ctx) @@ -271,17 +216,3 @@ func (_m *LiveStateCache) Run(ctx context.Context) error { return r0 } - -// NewLiveStateCache creates a new instance of LiveStateCache. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewLiveStateCache(t interface { - mock.TestingT - Cleanup(func()) -}) *LiveStateCache { - mock := &LiveStateCache{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/controller/clusterinfoupdater.go b/controller/clusterinfoupdater.go index 655ff6a59b759..d87cdad6be85d 100644 --- a/controller/clusterinfoupdater.go +++ b/controller/clusterinfoupdater.go @@ -3,18 +3,16 @@ package controller import ( "context" "fmt" - "time" - "github.com/argoproj/argo-cd/v2/common" + "time" + "github.com/argoproj/argo-cd/v2/util/env" "github.com/argoproj/gitops-engine/pkg/cache" "github.com/argoproj/gitops-engine/pkg/utils/kube" log "github.com/sirupsen/logrus" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" - "github.com/argoproj/argo-cd/v2/util/env" - "github.com/argoproj/argo-cd/v2/controller/metrics" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" @@ -29,7 +27,9 @@ const ( EnvClusterInfoTimeout = "ARGO_CD_UPDATE_CLUSTER_INFO_TIMEOUT" ) -var clusterInfoTimeout = env.ParseDurationFromEnv(EnvClusterInfoTimeout, defaultSecretUpdateInterval, defaultSecretUpdateInterval, 1*time.Minute) +var ( + clusterInfoTimeout = env.ParseDurationFromEnv(EnvClusterInfoTimeout, defaultSecretUpdateInterval, defaultSecretUpdateInterval, 1*time.Minute) +) type clusterInfoUpdater struct { infoSource metrics.HasClustersInfo @@ -49,8 +49,8 @@ func NewClusterInfoUpdater( cache *appstatecache.Cache, clusterFilter func(cluster *appv1.Cluster) bool, projGetter func(app *appv1.Application) (*appv1.AppProject, error), - namespace string, -) *clusterInfoUpdater { + namespace string) *clusterInfoUpdater { + return &clusterInfoUpdater{infoSource, db, appLister, cache, clusterFilter, projGetter, namespace, time.Time{}} } diff --git a/controller/clusterinfoupdater_test.go b/controller/clusterinfoupdater_test.go index 989ac630d528a..d11d4412bf30c 100644 --- a/controller/clusterinfoupdater_test.go +++ b/controller/clusterinfoupdater_test.go @@ -23,7 +23,6 @@ import ( clustercache "github.com/argoproj/gitops-engine/pkg/cache" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/tools/cache" ) @@ -34,7 +33,7 @@ func TestClusterSecretUpdater(t *testing.T) { const updatedK8sVersion = "1.0" now := time.Now() - tests := []struct { + var tests = []struct { LastCacheSyncTime *time.Time SyncError error ExpectedStatus v1alpha1.ConnectionStatus @@ -77,7 +76,7 @@ func TestClusterSecretUpdater(t *testing.T) { appCache := appstate.NewCache(cacheutil.NewCache(cacheutil.NewInMemoryCache(time.Minute)), time.Minute) cluster, err := argoDB.CreateCluster(ctx, &v1alpha1.Cluster{Server: "http://minikube"}) - require.NoError(t, err, "Test prepare test data create cluster failed") + assert.NoError(t, err, "Test prepare test data create cluster failed") for _, test := range tests { info := &clustercache.ClusterInfo{ @@ -91,11 +90,11 @@ func TestClusterSecretUpdater(t *testing.T) { updater := NewClusterInfoUpdater(nil, argoDB, lister, appCache, nil, nil, fakeNamespace) err = updater.updateClusterInfo(context.Background(), *cluster, info) - require.NoError(t, err, "Invoking updateClusterInfo failed.") + assert.NoError(t, err, "Invoking updateClusterInfo failed.") var clusterInfo v1alpha1.ClusterInfo err = appCache.GetClusterInfo(cluster.Server, &clusterInfo) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, updatedK8sVersion, clusterInfo.ServerVersion) assert.Equal(t, test.ExpectedStatus, clusterInfo.ConnectionState.Status) } @@ -104,7 +103,7 @@ func TestClusterSecretUpdater(t *testing.T) { func TestUpdateClusterLabels(t *testing.T) { shouldNotBeInvoked := func(ctx context.Context, cluster *v1alpha1.Cluster) (*v1alpha1.Cluster, error) { shouldNotHappen := errors.New("if an error happens here, something's wrong") - require.NoError(t, shouldNotHappen) + assert.NoError(t, shouldNotHappen) return nil, shouldNotHappen } tests := []struct { @@ -161,7 +160,7 @@ func TestUpdateClusterLabels(t *testing.T) { Labels: map[string]string{"argocd.argoproj.io/kubernetes-version": "1.27", "argocd.argoproj.io/auto-label-cluster-info": "true"}, }, func(ctx context.Context, cluster *v1alpha1.Cluster) (*v1alpha1.Cluster, error) { - assert.Equal(t, "1.28", cluster.Labels["argocd.argoproj.io/kubernetes-version"]) + assert.Equal(t, cluster.Labels["argocd.argoproj.io/kubernetes-version"], "1.28") return nil, nil }, assert.NoError, @@ -177,7 +176,7 @@ func TestUpdateClusterLabels(t *testing.T) { Labels: map[string]string{"argocd.argoproj.io/kubernetes-version": "1.27", "argocd.argoproj.io/auto-label-cluster-info": "true"}, }, func(ctx context.Context, cluster *v1alpha1.Cluster) (*v1alpha1.Cluster, error) { - assert.Equal(t, "1.28", cluster.Labels["argocd.argoproj.io/kubernetes-version"]) + assert.Equal(t, cluster.Labels["argocd.argoproj.io/kubernetes-version"], "1.28") return nil, errors.New("some error happened while saving") }, assert.Error, diff --git a/controller/health.go b/controller/health.go index f713a574f57d3..b1acac8ac5b9b 100644 --- a/controller/health.go +++ b/controller/health.go @@ -80,7 +80,7 @@ func setApplicationHealth(resources []managedResource, statuses []appv1.Resource app.Status.ResourceHealthSource = appv1.ResourceHealthLocationAppTree } if savedErr != nil && errCount > 1 { - savedErr = fmt.Errorf("see application-controller logs for %d other errors; most recent error was: %w", errCount-1, savedErr) + savedErr = fmt.Errorf("see applicaton-controller logs for %d other errors; most recent error was: %w", errCount-1, savedErr) } return &appHealth, savedErr } diff --git a/controller/health_test.go b/controller/health_test.go index efaf4b2a8fc80..caa53b446f733 100644 --- a/controller/health_test.go +++ b/controller/health_test.go @@ -8,7 +8,6 @@ import ( synccommon "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" @@ -47,23 +46,22 @@ func TestSetApplicationHealth(t *testing.T) { runningPod := resourceFromFile("./testdata/pod-running-restart-always.yaml") resources := []managedResource{{ - Group: "", Version: "v1", Kind: "Pod", Live: &runningPod, - }, { + Group: "", Version: "v1", Kind: "Pod", Live: &runningPod}, { Group: "batch", Version: "v1", Kind: "Job", Live: &failedJob, }} resourceStatuses := initStatuses(resources) healthStatus, err := setApplicationHealth(resources, resourceStatuses, lua.ResourceHealthOverrides{}, app, true) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, health.HealthStatusDegraded, healthStatus.Status) - assert.Equal(t, health.HealthStatusHealthy, resourceStatuses[0].Health.Status) - assert.Equal(t, health.HealthStatusDegraded, resourceStatuses[1].Health.Status) + assert.Equal(t, resourceStatuses[0].Health.Status, health.HealthStatusHealthy) + assert.Equal(t, resourceStatuses[1].Health.Status, health.HealthStatusDegraded) // now mark the job as a hook and retry. it should ignore the hook and consider the app healthy failedJob.SetAnnotations(map[string]string{synccommon.AnnotationKeyHook: "PreSync"}) healthStatus, err = setApplicationHealth(resources, resourceStatuses, nil, app, true) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, health.HealthStatusHealthy, healthStatus.Status) } @@ -76,7 +74,7 @@ func TestSetApplicationHealth_ResourceHealthNotPersisted(t *testing.T) { resourceStatuses := initStatuses(resources) healthStatus, err := setApplicationHealth(resources, resourceStatuses, lua.ResourceHealthOverrides{}, app, false) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, health.HealthStatusDegraded, healthStatus.Status) assert.Nil(t, resourceStatuses[0].Health) @@ -86,12 +84,11 @@ func TestSetApplicationHealth_MissingResource(t *testing.T) { pod := resourceFromFile("./testdata/pod-running-restart-always.yaml") resources := []managedResource{{ - Group: "", Version: "v1", Kind: "Pod", Target: &pod, - }, {}} + Group: "", Version: "v1", Kind: "Pod", Target: &pod}, {}} resourceStatuses := initStatuses(resources) healthStatus, err := setApplicationHealth(resources, resourceStatuses, lua.ResourceHealthOverrides{}, app, true) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, health.HealthStatusMissing, healthStatus.Status) } @@ -99,15 +96,14 @@ func TestSetApplicationHealth_MissingResourceNoBuiltHealthCheck(t *testing.T) { cm := resourceFromFile("./testdata/configmap.yaml") resources := []managedResource{{ - Group: "", Version: "v1", Kind: "ConfigMap", Target: &cm, - }} + Group: "", Version: "v1", Kind: "ConfigMap", Target: &cm}} resourceStatuses := initStatuses(resources) t.Run("NoOverride", func(t *testing.T) { healthStatus, err := setApplicationHealth(resources, resourceStatuses, lua.ResourceHealthOverrides{}, app, true) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, health.HealthStatusHealthy, healthStatus.Status) - assert.Equal(t, health.HealthStatusMissing, resourceStatuses[0].Health.Status) + assert.Equal(t, resourceStatuses[0].Health.Status, health.HealthStatusMissing) }) t.Run("HasOverride", func(t *testing.T) { @@ -116,7 +112,7 @@ func TestSetApplicationHealth_MissingResourceNoBuiltHealthCheck(t *testing.T) { HealthLua: "some health check", }, }, app, true) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, health.HealthStatusMissing, healthStatus.Status) }) } @@ -162,24 +158,22 @@ return hs`, t.Run("ChildAppDegraded", func(t *testing.T) { degradedApp := newAppLiveObj(health.HealthStatusDegraded) resources := []managedResource{{ - Group: application.Group, Version: "v1alpha1", Kind: application.ApplicationKind, Live: degradedApp, - }, {}} + Group: application.Group, Version: "v1alpha1", Kind: application.ApplicationKind, Live: degradedApp}, {}} resourceStatuses := initStatuses(resources) healthStatus, err := setApplicationHealth(resources, resourceStatuses, overrides, app, true) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, health.HealthStatusDegraded, healthStatus.Status) }) t.Run("ChildAppMissing", func(t *testing.T) { degradedApp := newAppLiveObj(health.HealthStatusMissing) resources := []managedResource{{ - Group: application.Group, Version: "v1alpha1", Kind: application.ApplicationKind, Live: degradedApp, - }, {}} + Group: application.Group, Version: "v1alpha1", Kind: application.ApplicationKind, Live: degradedApp}, {}} resourceStatuses := initStatuses(resources) healthStatus, err := setApplicationHealth(resources, resourceStatuses, overrides, app, true) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, health.HealthStatusHealthy, healthStatus.Status) }) } diff --git a/controller/hook.go b/controller/hook.go index 518c982b5282f..0c019ac6a1e08 100644 --- a/controller/hook.go +++ b/controller/hook.go @@ -51,7 +51,7 @@ func (ctrl *ApplicationController) executePostDeleteHooks(app *v1alpha1.Applicat revisions = append(revisions, src.TargetRevision) } - targets, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj, false) + targets, _, err := ctrl.appStateManager.GetRepoObjs(app, app.Spec.GetSources(), appLabelKey, revisions, false, false, false, proj) if err != nil { return false, err } @@ -98,18 +98,6 @@ func (ctrl *ApplicationController) executePostDeleteHooks(app *v1alpha1.Applicat if err != nil { return false, err } - if hookHealth == nil { - logCtx.WithFields(log.Fields{ - "group": obj.GroupVersionKind().Group, - "version": obj.GroupVersionKind().Version, - "kind": obj.GetKind(), - "name": obj.GetName(), - "namespace": obj.GetNamespace(), - }).Info("No health check defined for resource, considering it healthy") - hookHealth = &health.HealthStatus{ - Status: health.HealthStatusHealthy, - } - } if hookHealth.Status == health.HealthStatusProgressing { progressingHooksCnt++ } @@ -140,11 +128,6 @@ func (ctrl *ApplicationController) cleanupPostDeleteHooks(liveObjs map[kube.Reso if err != nil { return false, err } - if hookHealth == nil { - hookHealth = &health.HealthStatus{ - Status: health.HealthStatusHealthy, - } - } if health.IsWorse(aggregatedHealth, hookHealth.Status) { aggregatedHealth = hookHealth.Status } @@ -165,6 +148,7 @@ func (ctrl *ApplicationController) cleanupPostDeleteHooks(liveObjs map[kube.Reso } } } + } if pendingDeletionCount > 0 { logCtx.Infof("Waiting for %d post-delete hooks to be deleted", pendingDeletionCount) diff --git a/controller/metrics/clustercollector.go b/controller/metrics/clustercollector.go index edbe8c2581f18..bebbfef62d807 100644 --- a/controller/metrics/clustercollector.go +++ b/controller/metrics/clustercollector.go @@ -87,6 +87,7 @@ func (c *clusterCollector) Describe(ch chan<- *prometheus.Desc) { } func (c *clusterCollector) Collect(ch chan<- prometheus.Metric) { + now := time.Now() for _, c := range c.info { defaultValues := []string{c.Server} diff --git a/controller/metrics/metrics.go b/controller/metrics/metrics.go index 3e7e70ae05da5..94405b51eac75 100644 --- a/controller/metrics/metrics.go +++ b/controller/metrics/metrics.go @@ -62,21 +62,21 @@ var ( append(descAppDefaultLabels, "autosync_enabled", "repo", "dest_server", "dest_namespace", "sync_status", "health_status", "operation"), nil, ) - // Deprecated + // DEPRECATED descAppCreated = prometheus.NewDesc( "argocd_app_created_time", "Creation time in unix timestamp for an application.", descAppDefaultLabels, nil, ) - // Deprecated: superseded by sync_status label in argocd_app_info + // DEPRECATED: superseded by sync_status label in argocd_app_info descAppSyncStatusCode = prometheus.NewDesc( "argocd_app_sync_status", "The application current sync status.", append(descAppDefaultLabels, "sync_status"), nil, ) - // Deprecated: superseded by health_status label in argocd_app_info + // DEPRECATED: superseded by health_status label in argocd_app_info descAppHealthStatus = prometheus.NewDesc( "argocd_app_health_status", "The application current health status.", @@ -113,7 +113,7 @@ var ( reconcileHistogram = prometheus.NewHistogramVec( prometheus.HistogramOpts{ Name: "argocd_app_reconcile", - Help: "Application reconciliation performance in seconds.", + Help: "Application reconciliation performance.", // Buckets chosen after observing a ~2100ms mean reconcile time Buckets: []float64{0.25, .5, 1, 2, 4, 8, 16}, }, @@ -209,7 +209,7 @@ var invalidPromLabelChars = regexp.MustCompile(`[^a-zA-Z0-9_]`) func normalizeLabels(prefix string, appLabels []string) []string { results := []string{} for _, label := range appLabels { - // prometheus labels don't accept dash in their name + //prometheus labels don't accept dash in their name curr := invalidPromLabelChars.ReplaceAllString(label, "_") result := fmt.Sprintf("%s_%s", prefix, curr) results = append(results, result) diff --git a/controller/metrics/metrics_test.go b/controller/metrics/metrics_test.go index 28422be55f653..23628c38347a5 100644 --- a/controller/metrics/metrics_test.go +++ b/controller/metrics/metrics_test.go @@ -2,6 +2,7 @@ package metrics import ( "context" + "fmt" "log" "net/http" "net/http/httptest" @@ -12,7 +13,6 @@ import ( gitopsCache "github.com/argoproj/gitops-engine/pkg/cache" "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/tools/cache" @@ -213,7 +213,7 @@ func runTest(t *testing.T, cfg TestMetricServerConfig) { cancel, appLister := newFakeLister(cfg.FakeAppYAMLs...) defer cancel() metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, cfg.AppLabels) - require.NoError(t, err) + assert.NoError(t, err) if len(cfg.ClustersInfo) > 0 { ci := &fakeClusterInfo{clustersInfo: cfg.ClustersInfo} @@ -225,10 +225,10 @@ func runTest(t *testing.T, cfg TestMetricServerConfig) { } req, err := http.NewRequest(http.MethodGet, "/metrics", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() metricsServ.Handler.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) + assert.Equal(t, rr.Code, http.StatusOK) body := rr.Body.String() assertMetricsPrinted(t, cfg.ExpectedResponse, body) } @@ -336,7 +336,7 @@ func TestMetricsSyncCounter(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) - require.NoError(t, err) + assert.NoError(t, err) appSyncTotal := ` # HELP argocd_app_sync_total Number of application syncs. @@ -354,10 +354,10 @@ argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespa metricsServ.IncSync(fakeApp, &argoappv1.OperationState{Phase: common.OperationSucceeded}) req, err := http.NewRequest(http.MethodGet, "/metrics", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() metricsServ.Handler.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) + assert.Equal(t, rr.Code, http.StatusOK) body := rr.Body.String() log.Println(body) assertMetricsPrinted(t, appSyncTotal, body) @@ -370,11 +370,11 @@ func assertMetricsPrinted(t *testing.T, expectedLines, body string) { if line == "" { continue } - assert.Contains(t, body, line, "expected metrics mismatch for line: %s", line) + assert.Contains(t, body, line, fmt.Sprintf("expected metrics mismatch for line: %s", line)) } } -// assertMetricsNotPrinted +// assertMetricNotPrinted func assertMetricsNotPrinted(t *testing.T, expectedLines, body string) { for _, line := range strings.Split(expectedLines, "\n") { if line == "" { @@ -388,10 +388,10 @@ func TestReconcileMetrics(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) - require.NoError(t, err) + assert.NoError(t, err) appReconcileMetrics := ` -# HELP argocd_app_reconcile Application reconciliation performance in seconds. +# HELP argocd_app_reconcile Application reconciliation performance. # TYPE argocd_app_reconcile histogram argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.25"} 0 argocd_app_reconcile_bucket{dest_server="https://localhost:6443",namespace="argocd",le="0.5"} 0 @@ -408,10 +408,10 @@ argocd_app_reconcile_count{dest_server="https://localhost:6443",namespace="argoc metricsServ.IncReconcile(fakeApp, 5*time.Second) req, err := http.NewRequest(http.MethodGet, "/metrics", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() metricsServ.Handler.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) + assert.Equal(t, rr.Code, http.StatusOK) body := rr.Body.String() log.Println(body) assertMetricsPrinted(t, appReconcileMetrics, body) @@ -421,7 +421,7 @@ func TestMetricsReset(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) - require.NoError(t, err) + assert.NoError(t, err) appSyncTotal := ` # HELP argocd_app_sync_total Number of application syncs. @@ -432,33 +432,33 @@ argocd_app_sync_total{dest_server="https://localhost:6443",name="my-app",namespa ` req, err := http.NewRequest(http.MethodGet, "/metrics", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() metricsServ.Handler.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) + assert.Equal(t, rr.Code, http.StatusOK) body := rr.Body.String() assertMetricsPrinted(t, appSyncTotal, body) err = metricsServ.SetExpiration(time.Second) - require.NoError(t, err) + assert.NoError(t, err) time.Sleep(2 * time.Second) req, err = http.NewRequest(http.MethodGet, "/metrics", nil) - require.NoError(t, err) + assert.NoError(t, err) rr = httptest.NewRecorder() metricsServ.Handler.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) + assert.Equal(t, rr.Code, http.StatusOK) body = rr.Body.String() log.Println(body) assertMetricsNotPrinted(t, appSyncTotal, body) err = metricsServ.SetExpiration(time.Second) - require.Error(t, err) + assert.Error(t, err) } func TestWorkqueueMetrics(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) - require.NoError(t, err) + assert.NoError(t, err) expectedMetrics := ` # TYPE workqueue_adds_total counter @@ -480,10 +480,10 @@ workqueue_unfinished_work_seconds{name="test"} workqueue.NewNamed("test") req, err := http.NewRequest(http.MethodGet, "/metrics", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() metricsServ.Handler.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) + assert.Equal(t, rr.Code, http.StatusOK) body := rr.Body.String() log.Println(body) assertMetricsPrinted(t, expectedMetrics, body) @@ -493,7 +493,7 @@ func TestGoMetrics(t *testing.T) { cancel, appLister := newFakeLister() defer cancel() metricsServ, err := NewMetricsServer("localhost:8082", appLister, appFilter, noOpHealthCheck, []string{}) - require.NoError(t, err) + assert.NoError(t, err) expectedMetrics := ` # TYPE go_gc_duration_seconds summary @@ -512,10 +512,10 @@ go_threads ` req, err := http.NewRequest(http.MethodGet, "/metrics", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() metricsServ.Handler.ServeHTTP(rr, req) - assert.Equal(t, http.StatusOK, rr.Code) + assert.Equal(t, rr.Code, http.StatusOK) body := rr.Body.String() log.Println(body) assertMetricsPrinted(t, expectedMetrics, body) diff --git a/controller/sharding/cache.go b/controller/sharding/cache.go index 4a750e3545524..2f3ffcbcb95c6 100644 --- a/controller/sharding/cache.go +++ b/controller/sharding/cache.go @@ -3,10 +3,9 @@ package sharding import ( "sync" - log "github.com/sirupsen/logrus" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/db" + log "github.com/sirupsen/logrus" ) type ClusterShardingCache interface { @@ -52,7 +51,7 @@ func NewClusterSharding(_ db.ArgoDB, shard, replicas int, shardingAlgorithm stri return clusterSharding } -// IsManagedCluster returns whether or not the cluster should be processed by a given shard. +// IsManagedCluster returns wheter or not the cluster should be processed by a given shard. func (s *ClusterSharding) IsManagedCluster(c *v1alpha1.Cluster) bool { s.lock.RLock() defer s.lock.RUnlock() diff --git a/controller/sharding/cache_test.go b/controller/sharding/cache_test.go index 34318ec259872..f7798c31e3608 100644 --- a/controller/sharding/cache_test.go +++ b/controller/sharding/cache_test.go @@ -3,10 +3,9 @@ package sharding import ( "testing" - "github.com/stretchr/testify/assert" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" + "github.com/stretchr/testify/assert" ) func setupTestSharding(shard int, replicas int) *ClusterSharding { @@ -59,7 +58,7 @@ func TestClusterSharding_Add(t *testing.T) { assert.True(t, ok) assert.Equal(t, 0, myClusterDistribution) - assert.Len(t, distribution, 2) + assert.Equal(t, 2, len(distribution)) } func TestClusterSharding_AddRoundRobin_Redistributes(t *testing.T) { @@ -95,7 +94,7 @@ func TestClusterSharding_AddRoundRobin_Redistributes(t *testing.T) { assert.True(t, ok) assert.Equal(t, 1, clusterDistributionB) - assert.Len(t, distributionBefore, 2) + assert.Equal(t, 2, len(distributionBefore)) clusterC := v1alpha1.Cluster{ ID: "2", @@ -150,7 +149,7 @@ func TestClusterSharding_Delete(t *testing.T) { sharding.Delete("https://kubernetes.default.svc") distribution := sharding.GetDistribution() - assert.Len(t, distribution, 1) + assert.Equal(t, 1, len(distribution)) } func TestClusterSharding_Update(t *testing.T) { @@ -180,7 +179,7 @@ func TestClusterSharding_Update(t *testing.T) { ) distributionBefore := sharding.GetDistribution() - assert.Len(t, distributionBefore, 2) + assert.Equal(t, 2, len(distributionBefore)) distributionA, ok := distributionBefore["https://kubernetes.default.svc"] assert.True(t, ok) @@ -195,7 +194,7 @@ func TestClusterSharding_Update(t *testing.T) { }) distributionAfter := sharding.GetDistribution() - assert.Len(t, distributionAfter, 2) + assert.Equal(t, 2, len(distributionAfter)) distributionA, ok = distributionAfter["https://kubernetes.default.svc"] assert.True(t, ok) @@ -229,7 +228,7 @@ func TestClusterSharding_UpdateServerName(t *testing.T) { ) distributionBefore := sharding.GetDistribution() - assert.Len(t, distributionBefore, 2) + assert.Equal(t, 2, len(distributionBefore)) distributionA, ok := distributionBefore["https://kubernetes.default.svc"] assert.True(t, ok) @@ -244,7 +243,7 @@ func TestClusterSharding_UpdateServerName(t *testing.T) { }) distributionAfter := sharding.GetDistribution() - assert.Len(t, distributionAfter, 2) + assert.Equal(t, 2, len(distributionAfter)) _, ok = distributionAfter["https://kubernetes.default.svc"] assert.False(t, ok) // the old server name should not be present anymore @@ -320,6 +319,7 @@ func TestClusterSharding_IsManagedCluster(t *testing.T) { ID: "2", Server: "https://127.0.0.1:6443", })) + } func TestClusterSharding_ClusterShardOfResourceShouldNotBeChanged(t *testing.T) { @@ -365,7 +365,7 @@ func TestClusterSharding_ClusterShardOfResourceShouldNotBeChanged(t *testing.T) }, ) distribution := sharding.GetDistribution() - assert.Len(t, distribution, 3) + assert.Equal(t, 3, len(distribution)) assert.Nil(t, sharding.Clusters[clusterWithNil.Server].Shard) diff --git a/controller/sharding/consistent/consistent.go b/controller/sharding/consistent/consistent.go deleted file mode 100644 index bb9a5499264b2..0000000000000 --- a/controller/sharding/consistent/consistent.go +++ /dev/null @@ -1,275 +0,0 @@ -// An implementation of Consistent Hashing and -// Consistent Hashing With Bounded Loads. -// -// https://en.wikipedia.org/wiki/Consistent_hashing -// -// https://research.googleblog.com/2017/04/consistent-hashing-with-bounded-loads.html -package consistent - -import ( - "encoding/binary" - "errors" - "fmt" - "math" - "sync" - "sync/atomic" - - "github.com/google/btree" - - blake2b "github.com/minio/blake2b-simd" -) - -// OptimalExtraCapacityFactor extra factor capacity (1 + ε). The ideal balance -// between keeping the shards uniform while also keeping consistency when -// changing shard numbers. -const OptimalExtraCapacityFactor = 1.25 - -var ErrNoHosts = errors.New("no hosts added") - -type Host struct { - Name string - Load int64 -} - -type Consistent struct { - servers map[uint64]string - clients *btree.BTree - loadMap map[string]*Host - totalLoad int64 - replicationFactor int - - sync.RWMutex -} - -type item struct { - value uint64 -} - -func (i item) Less(than btree.Item) bool { - return i.value < than.(item).value -} - -func New() *Consistent { - return &Consistent{ - servers: map[uint64]string{}, - clients: btree.New(2), - loadMap: map[string]*Host{}, - replicationFactor: 1000, - } -} - -func NewWithReplicationFactor(replicationFactor int) *Consistent { - return &Consistent{ - servers: map[uint64]string{}, - clients: btree.New(2), - loadMap: map[string]*Host{}, - replicationFactor: replicationFactor, - } -} - -func (c *Consistent) Add(server string) { - c.Lock() - defer c.Unlock() - - if _, ok := c.loadMap[server]; ok { - return - } - - c.loadMap[server] = &Host{Name: server, Load: 0} - for i := 0; i < c.replicationFactor; i++ { - h := c.hash(fmt.Sprintf("%s%d", server, i)) - c.servers[h] = server - c.clients.ReplaceOrInsert(item{h}) - } -} - -// Get returns the server that owns the given client. -// As described in https://en.wikipedia.org/wiki/Consistent_hashing -// It returns ErrNoHosts if the ring has no servers in it. -func (c *Consistent) Get(client string) (string, error) { - c.RLock() - defer c.RUnlock() - - if c.clients.Len() == 0 { - return "", ErrNoHosts - } - - h := c.hash(client) - var foundItem btree.Item - c.clients.AscendGreaterOrEqual(item{h}, func(i btree.Item) bool { - foundItem = i - return false // stop the iteration - }) - - if foundItem == nil { - // If no host found, wrap around to the first one. - foundItem = c.clients.Min() - } - - host := c.servers[foundItem.(item).value] - - return host, nil -} - -// GetLeast returns the least loaded host that can serve the key. -// It uses Consistent Hashing With Bounded loads. -// https://research.googleblog.com/2017/04/consistent-hashing-with-bounded-loads.html -// It returns ErrNoHosts if the ring has no hosts in it. -func (c *Consistent) GetLeast(client string) (string, error) { - c.RLock() - defer c.RUnlock() - - if c.clients.Len() == 0 { - return "", ErrNoHosts - } - h := c.hash(client) - for { - var foundItem btree.Item - c.clients.AscendGreaterOrEqual(item{h}, func(bItem btree.Item) bool { - if h != bItem.(item).value { - foundItem = bItem - return false // stop the iteration - } - return true - }) - - if foundItem == nil { - // If no host found, wrap around to the first one. - foundItem = c.clients.Min() - } - key := c.clients.Get(foundItem) - if key != nil { - host := c.servers[key.(item).value] - if c.loadOK(host) { - return host, nil - } - h = key.(item).value - } else { - return client, nil - } - } -} - -// Sets the load of `server` to the given `load` -func (c *Consistent) UpdateLoad(server string, load int64) { - c.Lock() - defer c.Unlock() - - if _, ok := c.loadMap[server]; !ok { - return - } - c.totalLoad -= c.loadMap[server].Load - c.loadMap[server].Load = load - c.totalLoad += load -} - -// Increments the load of host by 1 -// -// should only be used with if you obtained a host with GetLeast -func (c *Consistent) Inc(server string) { - c.Lock() - defer c.Unlock() - - if _, ok := c.loadMap[server]; !ok { - return - } - atomic.AddInt64(&c.loadMap[server].Load, 1) - atomic.AddInt64(&c.totalLoad, 1) -} - -// Decrements the load of host by 1 -// -// should only be used with if you obtained a host with GetLeast -func (c *Consistent) Done(server string) { - c.Lock() - defer c.Unlock() - - if _, ok := c.loadMap[server]; !ok { - return - } - atomic.AddInt64(&c.loadMap[server].Load, -1) - atomic.AddInt64(&c.totalLoad, -1) -} - -// Deletes host from the ring -func (c *Consistent) Remove(server string) bool { - c.Lock() - defer c.Unlock() - - for i := 0; i < c.replicationFactor; i++ { - h := c.hash(fmt.Sprintf("%s%d", server, i)) - delete(c.servers, h) - c.delSlice(h) - } - delete(c.loadMap, server) - return true -} - -// Return the list of servers in the ring -func (c *Consistent) Servers() (servers []string) { - c.RLock() - defer c.RUnlock() - for k := range c.loadMap { - servers = append(servers, k) - } - return servers -} - -// Returns the loads of all the hosts -func (c *Consistent) GetLoads() map[string]int64 { - loads := map[string]int64{} - - for k, v := range c.loadMap { - loads[k] = v.Load - } - return loads -} - -// Returns the maximum load of the single host -// which is: -// (total_load/number_of_hosts)*1.25 -// total_load = is the total number of active requests served by hosts -// for more info: -// https://research.googleblog.com/2017/04/consistent-hashing-with-bounded-loads.html -func (c *Consistent) MaxLoad() int64 { - if c.totalLoad == 0 { - c.totalLoad = 1 - } - var avgLoadPerNode float64 - avgLoadPerNode = float64(c.totalLoad / int64(len(c.loadMap))) - if avgLoadPerNode == 0 { - avgLoadPerNode = 1 - } - avgLoadPerNode = math.Ceil(avgLoadPerNode * OptimalExtraCapacityFactor) - return int64(avgLoadPerNode) -} - -func (c *Consistent) loadOK(server string) bool { - // a safety check if someone performed c.Done more than needed - if c.totalLoad < 0 { - c.totalLoad = 0 - } - - var avgLoadPerNode float64 - avgLoadPerNode = float64((c.totalLoad + 1) / int64(len(c.loadMap))) - if avgLoadPerNode == 0 { - avgLoadPerNode = 1 - } - avgLoadPerNode = math.Ceil(avgLoadPerNode * 1.25) - - bserver, ok := c.loadMap[server] - if !ok { - panic(fmt.Sprintf("given host(%s) not in loadsMap", bserver.Name)) - } - - return float64(bserver.Load)+1 <= avgLoadPerNode -} - -func (c *Consistent) delSlice(val uint64) { - c.clients.Delete(item{val}) -} - -func (c *Consistent) hash(key string) uint64 { - out := blake2b.Sum512([]byte(key)) - return binary.LittleEndian.Uint64(out[:]) -} diff --git a/controller/sharding/sharding.go b/controller/sharding/sharding.go index e593547b00f8f..e4af7010931c6 100644 --- a/controller/sharding/sharding.go +++ b/controller/sharding/sharding.go @@ -2,7 +2,6 @@ package sharding import ( "context" - "encoding/json" "fmt" "hash/fnv" "math" @@ -12,22 +11,20 @@ import ( "strings" "time" - slices "golang.org/x/exp/slices" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes" + "encoding/json" "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/controller/sharding/consistent" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - - log "github.com/sirupsen/logrus" - kubeerrors "k8s.io/apimachinery/pkg/api/errors" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/env" "github.com/argoproj/argo-cd/v2/util/errors" "github.com/argoproj/argo-cd/v2/util/settings" + log "github.com/sirupsen/logrus" + kubeerrors "k8s.io/apimachinery/pkg/api/errors" ) // Make it overridable for testing @@ -43,12 +40,10 @@ var ( const ShardControllerMappingKey = "shardControllerMapping" -type ( - DistributionFunction func(c *v1alpha1.Cluster) int - ClusterFilterFunction func(c *v1alpha1.Cluster) bool - clusterAccessor func() []*v1alpha1.Cluster - appAccessor func() []*v1alpha1.Application -) +type DistributionFunction func(c *v1alpha1.Cluster) int +type ClusterFilterFunction func(c *v1alpha1.Cluster) bool +type clusterAccessor func() []*v1alpha1.Cluster +type appAccessor func() []*v1alpha1.Application // shardApplicationControllerMapping stores the mapping of Shard Number to Application Controller in ConfigMap. // It also stores the heartbeat of last synced time of the application controller. @@ -59,7 +54,7 @@ type shardApplicationControllerMapping struct { } // GetClusterFilter returns a ClusterFilterFunction which is a function taking a cluster as a parameter -// and returns whether or not the cluster should be processed by a given shard. It calls the distributionFunction +// and returns wheter or not the cluster should be processed by a given shard. It calls the distributionFunction // to determine which shard will process the cluster, and if the given shard is equal to the calculated shard // the function will return true. func GetClusterFilter(db db.ArgoDB, distributionFunction DistributionFunction, replicas, shard int) ClusterFilterFunction { @@ -89,8 +84,6 @@ func GetDistributionFunction(clusters clusterAccessor, apps appAccessor, shardin distributionFunction = RoundRobinDistributionFunction(clusters, replicasCount) case common.LegacyShardingAlgorithm: distributionFunction = LegacyDistributionFunction(replicasCount) - case common.ConsistentHashingWithBoundedLoadsAlgorithm: - distributionFunction = ConsistentHashingWithBoundedLoadsDistributionFunction(clusters, apps, replicasCount) default: log.Warnf("distribution type %s is not supported, defaulting to %s", shardingAlgorithm, common.DefaultShardingAlgorithm) } @@ -135,13 +128,13 @@ func LegacyDistributionFunction(replicas int) DistributionFunction { // for a given cluster the function will return the shard number based on the modulo of the cluster rank in // the cluster's list sorted by uid on the shard number. // This function ensures an homogenous distribution: each shards got assigned the same number of -// clusters +/-1 , but with the drawback of a reshuffling of clusters across shards in case of some changes +// clusters +/-1 , but with the drawback of a reshuffling of clusters accross shards in case of some changes // in the cluster list func RoundRobinDistributionFunction(clusters clusterAccessor, replicas int) DistributionFunction { return func(c *v1alpha1.Cluster) int { if replicas > 0 { - if c == nil { // in-cluster does not necessarily have a secret assigned. So we are receiving a nil cluster here. + if c == nil { // in-cluster does not necessarly have a secret assigned. So we are receiving a nil cluster here. return 0 } // if Shard is manually set and the assigned value is lower than the number of replicas, @@ -165,92 +158,6 @@ func RoundRobinDistributionFunction(clusters clusterAccessor, replicas int) Dist } } -// ConsistentHashingWithBoundedLoadsDistributionFunction returns a DistributionFunction using an almost homogeneous distribution algorithm: -// for a given cluster the function will return the shard number based on a consistent hashing with bounded loads algorithm. -// This function ensures an almost homogenous distribution: each shards got assigned the fairly similar number of -// clusters +/-10% , but with it is resilient to sharding and/or number of clusters changes. -func ConsistentHashingWithBoundedLoadsDistributionFunction(clusters clusterAccessor, apps appAccessor, replicas int) DistributionFunction { - return func(c *v1alpha1.Cluster) int { - if replicas > 0 { - if c == nil { // in-cluster does not necessarily have a secret assigned. So we are receiving a nil cluster here. - return 0 - } - - // if Shard is manually set and the assigned value is lower than the number of replicas, - // then its value is returned otherwise it is the default calculated value - if c.Shard != nil && int(*c.Shard) < replicas { - return int(*c.Shard) - } else { - // if the cluster is not in the clusters list anymore, we should unassign it from any shard, so we - // return the reserved value of -1 - if !slices.Contains(clusters(), c) { - log.Warnf("Cluster with id=%s not found in cluster map.", c.ID) - return -1 - } - shardIndexedByCluster := createConsistentHashingWithBoundLoads(replicas, clusters, apps) - shard, ok := shardIndexedByCluster[c.ID] - if !ok { - log.Warnf("Cluster with id=%s not found in cluster map.", c.ID) - return -1 - } - log.Debugf("Cluster with id=%s will be processed by shard %d", c.ID, shard) - return shard - } - } - log.Warnf("The number of replicas (%d) is lower than 1", replicas) - return -1 - } -} - -func createConsistentHashingWithBoundLoads(replicas int, getCluster clusterAccessor, getApp appAccessor) map[string]int { - clusters := getSortedClustersList(getCluster) - appDistribution := getAppDistribution(getCluster, getApp) - shardIndexedByCluster := make(map[string]int) - appsIndexedByShard := make(map[string]int64) - consistentHashing := consistent.New() - // Adding a shard with id "-1" as a reserved value for clusters that does not have an assigned shard - // this happens for clusters that are removed for the clusters list - // consistentHashing.Add("-1") - for i := 0; i < replicas; i++ { - shard := strconv.Itoa(i) - consistentHashing.Add(shard) - appsIndexedByShard[shard] = 0 - } - - for _, c := range clusters { - clusterIndex, err := consistentHashing.GetLeast(c.ID) - if err != nil { - log.Warnf("Cluster with id=%s not found in cluster map.", c.ID) - } - shardIndexedByCluster[c.ID], err = strconv.Atoi(clusterIndex) - if err != nil { - log.Errorf("Consistent Hashing was supposed to return a shard index but it returned %d", err) - } - numApps, ok := appDistribution[c.Server] - if !ok { - numApps = 0 - } - appsIndexedByShard[clusterIndex] += numApps - consistentHashing.UpdateLoad(clusterIndex, appsIndexedByShard[clusterIndex]) - } - - return shardIndexedByCluster -} - -func getAppDistribution(getCluster clusterAccessor, getApps appAccessor) map[string]int64 { - apps := getApps() - clusters := getCluster() - appDistribution := make(map[string]int64, len(clusters)) - - for _, a := range apps { - if _, ok := appDistribution[a.Spec.Destination.Server]; !ok { - appDistribution[a.Spec.Destination.Server] = 0 - } - appDistribution[a.Spec.Destination.Server]++ - } - return appDistribution -} - // NoShardingDistributionFunction returns a DistributionFunction that will process all cluster by shard 0 // the function is created for API compatibility purposes and is not supposed to be activated. func NoShardingDistributionFunction() DistributionFunction { @@ -313,7 +220,7 @@ func GetOrUpdateShardFromConfigMap(kubeClient kubernetes.Interface, settingsMgr if err != nil { if !kubeerrors.IsNotFound(err) { - return -1, fmt.Errorf("error getting sharding config map: %w", err) + return -1, fmt.Errorf("error getting sharding config map: %s", err) } log.Infof("shard mapping configmap %s not found. Creating default shard mapping configmap.", common.ArgoCDAppControllerShardConfigMapName) @@ -323,10 +230,10 @@ func GetOrUpdateShardFromConfigMap(kubeClient kubernetes.Interface, settingsMgr } shardMappingCM, err = generateDefaultShardMappingCM(settingsMgr.GetNamespace(), hostname, replicas, shard) if err != nil { - return -1, fmt.Errorf("error generating default shard mapping configmap %w", err) + return -1, fmt.Errorf("error generating default shard mapping configmap %s", err) } if _, err = kubeClient.CoreV1().ConfigMaps(settingsMgr.GetNamespace()).Create(context.Background(), shardMappingCM, metav1.CreateOptions{}); err != nil { - return -1, fmt.Errorf("error creating shard mapping configmap %w", err) + return -1, fmt.Errorf("error creating shard mapping configmap %s", err) } // return 0 as the controller is assigned to shard 0 while generating default shard mapping ConfigMap return shard, nil @@ -336,13 +243,13 @@ func GetOrUpdateShardFromConfigMap(kubeClient kubernetes.Interface, settingsMgr var shardMappingData []shardApplicationControllerMapping err := json.Unmarshal([]byte(data), &shardMappingData) if err != nil { - return -1, fmt.Errorf("error unmarshalling shard config map data: %w", err) + return -1, fmt.Errorf("error unmarshalling shard config map data: %s", err) } shard, shardMappingData := getOrUpdateShardNumberForController(shardMappingData, hostname, replicas, shard) updatedShardMappingData, err := json.Marshal(shardMappingData) if err != nil { - return -1, fmt.Errorf("error marshalling data of shard mapping ConfigMap: %w", err) + return -1, fmt.Errorf("error marshalling data of shard mapping ConfigMap: %s", err) } shardMappingCM.Data[ShardControllerMappingKey] = string(updatedShardMappingData) @@ -356,6 +263,7 @@ func GetOrUpdateShardFromConfigMap(kubeClient kubernetes.Interface, settingsMgr // getOrUpdateShardNumberForController takes list of shardApplicationControllerMapping and performs computation to find the matching or empty shard number func getOrUpdateShardNumberForController(shardMappingData []shardApplicationControllerMapping, hostname string, replicas, shard int) (int, []shardApplicationControllerMapping) { + // if current length of shardMappingData in shard mapping configMap is less than the number of replicas, // create additional empty entries for missing shard numbers in shardMappingDataconfigMap if len(shardMappingData) < replicas { @@ -420,6 +328,7 @@ func getOrUpdateShardNumberForController(shardMappingData []shardApplicationCont // generateDefaultShardMappingCM creates a default shard mapping configMap. Assigns current controller to shard 0. func generateDefaultShardMappingCM(namespace, hostname string, replicas, shard int) (*v1.ConfigMap, error) { + shardingCM := &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: common.ArgoCDAppControllerShardConfigMapName, @@ -439,7 +348,7 @@ func generateDefaultShardMappingCM(namespace, hostname string, replicas, shard i data, err := json.Marshal(shardMappingData) if err != nil { - return nil, fmt.Errorf("error generating default ConfigMap: %w", err) + return nil, fmt.Errorf("error generating default ConfigMap: %s", err) } shardingCM.Data[ShardControllerMappingKey] = string(data) @@ -463,9 +372,10 @@ func GetClusterSharding(kubeClient kubernetes.Interface, settingsMgr *settings.S if enableDynamicClusterDistribution { applicationControllerName := env.StringFromEnv(common.EnvAppControllerName, common.DefaultApplicationControllerName) appControllerDeployment, err := kubeClient.AppsV1().Deployments(settingsMgr.GetNamespace()).Get(context.Background(), applicationControllerName, metav1.GetOptions{}) + // if app controller deployment is not found when dynamic cluster distribution is enabled error out if err != nil { - return nil, fmt.Errorf("(dynamic cluster distribution) failed to get app controller deployment: %w", err) + return nil, fmt.Errorf("(dynamic cluster distribution) failed to get app controller deployment: %v", err) } if appControllerDeployment != nil && appControllerDeployment.Spec.Replicas != nil { @@ -473,6 +383,7 @@ func GetClusterSharding(kubeClient kubernetes.Interface, settingsMgr *settings.S } else { return nil, fmt.Errorf("(dynamic cluster distribution) failed to get app controller deployment replica count") } + } else { replicasCount = env.ParseNumFromEnv(common.EnvControllerReplicas, 0, 0, math.MaxInt32) } @@ -487,7 +398,7 @@ func GetClusterSharding(kubeClient kubernetes.Interface, settingsMgr *settings.S for i := 0; i <= common.AppControllerHeartbeatUpdateRetryCount; i++ { shardNumber, err = GetOrUpdateShardFromConfigMap(kubeClient, settingsMgr, replicasCount, shardNumber) if err != nil && !kubeerrors.IsConflict(err) { - err = fmt.Errorf("unable to get shard due to error updating the sharding config map: %w", err) + err = fmt.Errorf("unable to get shard due to error updating the sharding config map: %s", err) break } log.Warnf("conflict when getting shard from shard mapping configMap. Retrying (%d/3)", i) diff --git a/controller/sharding/sharding_test.go b/controller/sharding/sharding_test.go index ebd212062b199..1c338aac5f271 100644 --- a/controller/sharding/sharding_test.go +++ b/controller/sharding/sharding_test.go @@ -10,20 +10,18 @@ import ( "testing" "time" + "github.com/argoproj/argo-cd/v2/common" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" + "github.com/argoproj/argo-cd/v2/util/settings" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" appsv1 "k8s.io/api/apps/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" kubefake "k8s.io/client-go/kubernetes/fake" "sigs.k8s.io/yaml" - - "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" - "github.com/argoproj/argo-cd/v2/util/settings" ) func TestGetShardByID_NotEmptyID(t *testing.T) { @@ -76,7 +74,7 @@ func TestGetShardByID_NoReplicasUsingHashDistributionFunctionWithClusters(t *tes } func TestGetClusterFilterDefault(t *testing.T) { - // shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + //shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) clusterAccessor, _, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() os.Unsetenv(common.EnvControllerShardingAlgorithm) replicasCount := 2 @@ -89,7 +87,7 @@ func TestGetClusterFilterDefault(t *testing.T) { } func TestGetClusterFilterLegacy(t *testing.T) { - // shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + //shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) clusterAccessor, db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() replicasCount := 2 db.On("GetApplicationControllerReplicas").Return(replicasCount) @@ -120,7 +118,7 @@ func TestGetClusterFilterUnknown(t *testing.T) { } func TestLegacyGetClusterFilterWithFixedShard(t *testing.T) { - // shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + //shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) t.Setenv(common.EnvControllerReplicas, "5") clusterAccessor, db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() appAccessor, _, _, _, _, _ := createTestApps() @@ -147,7 +145,7 @@ func TestLegacyGetClusterFilterWithFixedShard(t *testing.T) { } func TestRoundRobinGetClusterFilterWithFixedShard(t *testing.T) { - // shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) + //shardIndex := 1 // ensuring that a shard with index 1 will process all the clusters with an "even" id (2,4,6,...) t.Setenv(common.EnvControllerReplicas, "4") clusterAccessor, db, cluster1, cluster2, cluster3, cluster4, _ := createTestClusters() appAccessor, _, _, _, _, _ := createTestApps() @@ -155,11 +153,11 @@ func TestRoundRobinGetClusterFilterWithFixedShard(t *testing.T) { db.On("GetApplicationControllerReplicas").Return(replicasCount) filter := GetDistributionFunction(clusterAccessor, appAccessor, common.RoundRobinShardingAlgorithm, replicasCount) - assert.Equal(t, 0, filter(nil)) - assert.Equal(t, 0, filter(&cluster1)) - assert.Equal(t, 1, filter(&cluster2)) - assert.Equal(t, 2, filter(&cluster3)) - assert.Equal(t, 3, filter(&cluster4)) + assert.Equal(t, filter(nil), 0) + assert.Equal(t, filter(&cluster1), 0) + assert.Equal(t, filter(&cluster2), 1) + assert.Equal(t, filter(&cluster3), 2) + assert.Equal(t, filter(&cluster4), 3) // a cluster with a fixed shard should be processed by the specified exact // same shard unless the specified shard index is greater than the number of replicas. @@ -277,108 +275,6 @@ func TestGetShardByIndexModuloReplicasCountDistributionFunctionWhenClusterIsAdde assert.Equal(t, -1, distributionFunction(&cluster6)) } -func TestConsistentHashingWhenClusterIsAddedAndRemoved(t *testing.T) { - db := dbmocks.ArgoDB{} - clusterCount := 133 - prefix := "cluster" - - clusters := []v1alpha1.Cluster{} - for i := 0; i < clusterCount; i++ { - id := fmt.Sprintf("%06d", i) - cluster := fmt.Sprintf("%s-%s", prefix, id) - clusters = append(clusters, createCluster(cluster, id)) - } - clusterAccessor := getClusterAccessor(clusters) - appAccessor, _, _, _, _, _ := createTestApps() - clusterList := &v1alpha1.ClusterList{Items: clusters} - db.On("ListClusters", mock.Anything).Return(clusterList, nil) - // Test with replicas set to 3 - replicasCount := 3 - db.On("GetApplicationControllerReplicas").Return(replicasCount) - distributionFunction := ConsistentHashingWithBoundedLoadsDistributionFunction(clusterAccessor, appAccessor, replicasCount) - assert.Equal(t, 0, distributionFunction(nil)) - distributionMap := map[int]int{} - assignementMap := map[string]int{} - for i := 0; i < clusterCount; i++ { - assignedShard := distributionFunction(&clusters[i]) - assignementMap[clusters[i].ID] = assignedShard - distributionMap[assignedShard]++ - } - - // We check that the distribution does not differ for more than 20% - var sum float64 - sum = 0 - for shard, count := range distributionMap { - if shard != -1 { - sum = (sum + float64(count)) - } - } - average := sum / float64(replicasCount) - failedTests := false - for shard, count := range distributionMap { - if shard != -1 { - if float64(count) > average*float64(1.1) || float64(count) < average*float64(0.9) { - fmt.Printf("Cluster distribution differs for more than 20%%: %d for shard %d (average: %f)\n", count, shard, average) - failedTests = true - } - if failedTests { - t.Fail() - } - } - } - - // Now we will decrease the number of replicas to 2, and we should see only clusters that were attached to shard 2 to be reassigned - replicasCount = 2 - distributionFunction = ConsistentHashingWithBoundedLoadsDistributionFunction(getClusterAccessor(clusterList.Items), appAccessor, replicasCount) - removedCluster := clusterList.Items[len(clusterList.Items)-1] - for i := 0; i < clusterCount; i++ { - c := &clusters[i] - assignedShard := distributionFunction(c) - prevıouslyAssignedShard := assignementMap[clusters[i].ID] - if prevıouslyAssignedShard != 2 && prevıouslyAssignedShard != assignedShard { - fmt.Printf("Previously assigned %s cluster has moved from replica %d to %d", c.ID, prevıouslyAssignedShard, assignedShard) - t.Fail() - } - } - // Now, we remove the last added cluster, it should be unassigned - removedCluster = clusterList.Items[len(clusterList.Items)-1] - clusterList.Items = clusterList.Items[:len(clusterList.Items)-1] - distributionFunction = ConsistentHashingWithBoundedLoadsDistributionFunction(getClusterAccessor(clusterList.Items), appAccessor, replicasCount) - assert.Equal(t, -1, distributionFunction(&removedCluster)) -} - -func TestConsistentHashingWhenClusterWithZeroReplicas(t *testing.T) { - db := dbmocks.ArgoDB{} - clusters := []v1alpha1.Cluster{createCluster("cluster-01", "01")} - clusterAccessor := getClusterAccessor(clusters) - clusterList := &v1alpha1.ClusterList{Items: clusters} - db.On("ListClusters", mock.Anything).Return(clusterList, nil) - appAccessor, _, _, _, _, _ := createTestApps() - // Test with replicas set to 0 - replicasCount := 0 - db.On("GetApplicationControllerReplicas").Return(replicasCount) - distributionFunction := ConsistentHashingWithBoundedLoadsDistributionFunction(clusterAccessor, appAccessor, replicasCount) - assert.Equal(t, -1, distributionFunction(nil)) -} - -func TestConsistentHashingWhenClusterWithFixedShard(t *testing.T) { - db := dbmocks.ArgoDB{} - var fixedShard int64 = 1 - cluster := &v1alpha1.Cluster{ID: "1", Shard: &fixedShard} - clusters := []v1alpha1.Cluster{*cluster} - - clusterAccessor := getClusterAccessor(clusters) - clusterList := &v1alpha1.ClusterList{Items: clusters} - db.On("ListClusters", mock.Anything).Return(clusterList, nil) - - // Test with replicas set to 5 - replicasCount := 5 - db.On("GetApplicationControllerReplicas").Return(replicasCount) - appAccessor, _, _, _, _, _ := createTestApps() - distributionFunction := ConsistentHashingWithBoundedLoadsDistributionFunction(clusterAccessor, appAccessor, replicasCount) - assert.Equal(t, fixedShard, int64(distributionFunction(cluster))) -} - func TestGetShardByIndexModuloReplicasCountDistributionFunction(t *testing.T) { clusters, db, cluster1, cluster2, _, _, _ := createTestClusters() replicasCount := 2 @@ -411,16 +307,16 @@ func TestInferShard(t *testing.T) { osHostnameError := errors.New("cannot resolve hostname") osHostnameFunction = func() (string, error) { return "exampleshard", osHostnameError } _, err := InferShard() - require.Error(t, err) + assert.NotNil(t, err) assert.Equal(t, err, osHostnameError) osHostnameFunction = func() (string, error) { return "exampleshard", nil } _, err = InferShard() - require.NoError(t, err) + assert.Nil(t, err) osHostnameFunction = func() (string, error) { return "example-shard", nil } _, err = InferShard() - require.NoError(t, err) + assert.Nil(t, err) } func createTestClusters() (clusterAccessor, *dbmocks.ArgoDB, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster, v1alpha1.Cluster) { @@ -495,7 +391,7 @@ func Test_generateDefaultShardMappingCM_NoPredefinedShard(t *testing.T) { } expectedMappingCM, err := json.Marshal(expectedMapping) - require.NoError(t, err) + assert.NoError(t, err) expectedShadingCM := &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -509,8 +405,9 @@ func Test_generateDefaultShardMappingCM_NoPredefinedShard(t *testing.T) { heartbeatCurrentTime = func() metav1.Time { return expectedTime } osHostnameFunction = func() (string, error) { return "test-example", nil } shardingCM, err := generateDefaultShardMappingCM("test", "test-example", replicas, -1) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedShadingCM, shardingCM) + } func Test_generateDefaultShardMappingCM_PredefinedShard(t *testing.T) { @@ -530,7 +427,7 @@ func Test_generateDefaultShardMappingCM_PredefinedShard(t *testing.T) { } expectedMappingCM, err := json.Marshal(expectedMapping) - require.NoError(t, err) + assert.NoError(t, err) expectedShadingCM := &v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ @@ -544,8 +441,9 @@ func Test_generateDefaultShardMappingCM_PredefinedShard(t *testing.T) { heartbeatCurrentTime = func() metav1.Time { return expectedTime } osHostnameFunction = func() (string, error) { return "test-example", nil } shardingCM, err := generateDefaultShardMappingCM("test", "test-example", replicas, 1) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedShadingCM, shardingCM) + } func Test_getOrUpdateShardNumberForController(t *testing.T) { @@ -971,7 +869,7 @@ func TestGetClusterSharding(t *testing.T) { t.Errorf("Expected error %v but got nil", tc.expectedErr) } } else { - require.NoError(t, err) + assert.Nil(t, err) } }) } @@ -1037,7 +935,7 @@ func getAppPointers(apps []v1alpha1.Application) []*v1alpha1.Application { } func createApp(name string, server string) v1alpha1.Application { - testApp := ` + var testApp = ` apiVersion: argoproj.io/v1alpha1 kind: Application metadata: diff --git a/controller/sharding/shuffle_test.go b/controller/sharding/shuffle_test.go index 4c05a8c7aeebd..1cca783a2afe9 100644 --- a/controller/sharding/shuffle_test.go +++ b/controller/sharding/shuffle_test.go @@ -6,12 +6,11 @@ import ( "strconv" "testing" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" ) func TestLargeShuffle(t *testing.T) { @@ -19,7 +18,7 @@ func TestLargeShuffle(t *testing.T) { db := dbmocks.ArgoDB{} clusterList := &v1alpha1.ClusterList{Items: []v1alpha1.Cluster{}} for i := 0; i < math.MaxInt/4096; i += 256 { - // fmt.Fprintf(os.Stdout, "%d", i) + //fmt.Fprintf(os.Stdout, "%d", i) cluster := createCluster(fmt.Sprintf("cluster-%d", i), fmt.Sprintf("%d", i)) clusterList.Items = append(clusterList.Items, cluster) } @@ -32,6 +31,7 @@ func TestLargeShuffle(t *testing.T) { for i, c := range clusterList.Items { assert.Equal(t, i%2567, distributionFunction(&c)) } + } func TestShuffle(t *testing.T) { @@ -78,6 +78,7 @@ func TestShuffle(t *testing.T) { assert.Equal(t, 0, distributionFunction(&cluster4)) assert.Equal(t, 1, distributionFunction(&cluster5)) assert.Equal(t, 2, distributionFunction(&cluster6)) + } func Remove(slice []v1alpha1.Cluster, s int) []v1alpha1.Cluster { diff --git a/controller/state.go b/controller/state.go index a9a3be4bdd6b8..80678b74790e7 100644 --- a/controller/state.go +++ b/controller/state.go @@ -45,9 +45,12 @@ import ( "github.com/argoproj/argo-cd/v2/util/stats" ) -var CompareStateRepoError = errors.New("failed to get repo objects") +var ( + CompareStateRepoError = errors.New("failed to get repo objects") +) -type resourceInfoProviderStub struct{} +type resourceInfoProviderStub struct { +} func (r *resourceInfoProviderStub) IsNamespaced(_ schema.GroupKind) (bool, error) { return false, nil @@ -68,9 +71,9 @@ type managedResource struct { // AppStateManager defines methods which allow to compare application spec and actual application state. type AppStateManager interface { - CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool, rollback bool) (*comparisonResult, error) + CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localObjects []string, hasMultipleSources bool) (*comparisonResult, error) SyncAppState(app *v1alpha1.Application, state *v1alpha1.OperationState) - GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) + GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) } // comparisonResult holds the state of an application after the reconciliation @@ -123,7 +126,7 @@ type appStateManager struct { // task to the repo-server. It returns the list of generated manifests as unstructured // objects. It also returns the full response from all calls to the repo server as the // second argument. -func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject, rollback bool) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) { +func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alpha1.ApplicationSource, appLabelKey string, revisions []string, noCache, noRevisionCache, verifySignature bool, proj *v1alpha1.AppProject) ([]*unstructured.Unstructured, []*apiclient.ManifestResponse, error) { ts := stats.NewTimingStats() helmRepos, err := m.db.ListHelmRepositories(context.Background()) if err != nil { @@ -175,11 +178,9 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp targetObjs := make([]*unstructured.Unstructured, 0) // Store the map of all sources having ref field into a map for applications with sources field - // If it's for a rollback process, the refSources[*].targetRevision fields are the desired - // revisions for the rollback - refSources, err := argo.GetRefSources(context.Background(), sources, app.Spec.Project, m.db.GetRepository, revisions, rollback) + refSources, err := argo.GetRefSources(context.Background(), app.Spec, m.db) if err != nil { - return nil, nil, fmt.Errorf("failed to get ref sources: %w", err) + return nil, nil, fmt.Errorf("failed to get ref sources: %v", err) } for i, source := range sources { @@ -187,7 +188,7 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp revisions[i] = source.TargetRevision } ts.AddCheckpoint("helm_ms") - repo, err := m.db.GetRepository(context.Background(), source.RepoURL, proj.Name) + repo, err := m.db.GetRepository(context.Background(), source.RepoURL) if err != nil { return nil, nil, fmt.Errorf("failed to get repo %q: %w", source.RepoURL, err) } @@ -258,10 +259,12 @@ func (m *appStateManager) GetRepoObjs(app *v1alpha1.Application, sources []v1alp } targetObj, err := unmarshalManifests(manifestInfo.Manifests) + if err != nil { return nil, nil, fmt.Errorf("failed to unmarshal manifests for source %d of %d: %w", i+1, len(sources), err) } targetObjs = append(targetObjs, targetObj...) + manifestInfos = append(manifestInfos, manifestInfo) } @@ -292,6 +295,7 @@ func DeduplicateTargetObjects( objs []*unstructured.Unstructured, infoProvider kubeutil.ResourceInfoProvider, ) ([]*unstructured.Unstructured, []v1alpha1.ApplicationCondition, error) { + targetByKey := make(map[kubeutil.ResourceKey][]*unstructured.Unstructured) for i := range objs { obj := objs[i] @@ -391,7 +395,7 @@ func isManagedNamespace(ns *unstructured.Unstructured, app *v1alpha1.Application // CompareAppState compares application git state to the live app state, using the specified // revision and supplied source. If revision or overrides are empty, then compares against // revision and overrides in the app spec. -func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool, rollback bool) (*comparisonResult, error) { +func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1alpha1.AppProject, revisions []string, sources []v1alpha1.ApplicationSource, noCache bool, noRevisionCache bool, localManifests []string, hasMultipleSources bool) (*comparisonResult, error) { ts := stats.NewTimingStats() appLabelKey, resourceOverrides, resFilter, err := m.getComparisonSettings() @@ -449,7 +453,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 } } - targetObjs, manifestInfos, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project, rollback) + targetObjs, manifestInfos, err = m.GetRepoObjs(app, sources, appLabelKey, revisions, noCache, noRevisionCache, verifySignature, project) if err != nil { targetObjs = make([]*unstructured.Unstructured, 0) msg := fmt.Sprintf("Failed to load target state: %s", err.Error()) @@ -539,10 +543,11 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 permitted, err := project.IsLiveResourcePermitted(v, app.Spec.Destination.Server, app.Spec.Destination.Name, func(project string) ([]*v1alpha1.Cluster, error) { clusters, err := m.db.GetProjectClusters(context.TODO(), project) if err != nil { - return nil, fmt.Errorf("failed to get clusters for project %q: %w", project, err) + return nil, fmt.Errorf("failed to get clusters for project %q: %v", project, err) } return clusters, nil }) + if err != nil { msg := fmt.Sprintf("Failed to check if live resource %q is permitted in project %q: %s", k.String(), app.Spec.Project, err.Error()) conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: msg, LastTransitionTime: &now}) @@ -584,6 +589,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 if isManagedNamespace(liveObj, app) && !targetNsExists { nsSpec := &v1.Namespace{TypeMeta: metav1.TypeMeta{APIVersion: "v1", Kind: kubeutil.NamespaceKind}, ObjectMeta: metav1.ObjectMeta{Name: liveObj.GetName()}} managedNs, err := kubeutil.ToUnstructured(nsSpec) + if err != nil { conditions = append(conditions, v1alpha1.ApplicationCondition{Type: v1alpha1.ApplicationConditionComparisonError, Message: err.Error(), LastTransitionTime: &now}) failedToLoadObjs = true @@ -867,6 +873,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *v1 // useDiffCache will determine if the diff should be calculated based // on the existing live state cache or not. func useDiffCache(noCache bool, manifestInfos []*apiclient.ManifestResponse, sources []v1alpha1.ApplicationSource, app *v1alpha1.Application, manifestRevisions []string, statusRefreshTimeout time.Duration, serverSideDiff bool, log *log.Entry) bool { + if noCache { log.WithField("useDiffCache", "false").Debug("noCache is true") return false diff --git a/controller/state_test.go b/controller/state_test.go index 58cfe5c596ebc..a371a30baddce 100644 --- a/controller/state_test.go +++ b/controller/state_test.go @@ -15,7 +15,6 @@ import ( "github.com/sirupsen/logrus" logrustest "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" v1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" @@ -50,14 +49,14 @@ func TestCompareAppStateEmpty(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } // TestCompareAppStateRepoError tests the case when CompareAppState notices a repo error @@ -68,21 +67,21 @@ func TestCompareAppStateRepoError(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) assert.Nil(t, compRes) - require.EqualError(t, err, CompareStateRepoError.Error()) + assert.EqualError(t, err, CompareStateRepoError.Error()) // expect to still get compare state error to as inside grace period - compRes, err = ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) + compRes, err = ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) assert.Nil(t, compRes) - require.EqualError(t, err, CompareStateRepoError.Error()) + assert.EqualError(t, err, CompareStateRepoError.Error()) time.Sleep(10 * time.Second) // expect to not get error as outside of grace period, but status should be unknown - compRes, err = ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) + compRes, err = ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) assert.NotNil(t, compRes) - require.NoError(t, err) - assert.Equal(t, argoappv1.SyncStatusCodeUnknown, compRes.syncStatus.Status) + assert.Nil(t, err) + assert.Equal(t, compRes.syncStatus.Status, argoappv1.SyncStatusCodeUnknown) } // TestCompareAppStateNamespaceMetadataDiffers tests comparison when managed namespace metadata differs @@ -114,14 +113,14 @@ func TestCompareAppStateNamespaceMetadataDiffers(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } // TestCompareAppStateNamespaceMetadataDiffers tests comparison when managed namespace metadata differs to live and manifest ns @@ -163,8 +162,8 @@ func TestCompareAppStateNamespaceMetadataDiffersToManifest(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status) @@ -174,7 +173,7 @@ func TestCompareAppStateNamespaceMetadataDiffersToManifest(t *testing.T) { assert.Len(t, compRes.diffResultList.Diffs, 1) result := NewNamespace() - require.NoError(t, json.Unmarshal(compRes.diffResultList.Diffs[0].PredictedLive, result)) + assert.NoError(t, json.Unmarshal(compRes.diffResultList.Diffs[0].PredictedLive, result)) labels := result.GetLabels() delete(labels, "kubernetes.io/metadata.name") @@ -182,7 +181,7 @@ func TestCompareAppStateNamespaceMetadataDiffersToManifest(t *testing.T) { assert.Equal(t, map[string]string{}, labels) // Manifests override definitions in managedNamespaceMetadata assert.Equal(t, map[string]string{"bar": "bat"}, result.GetAnnotations()) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, app.Status.Conditions, 0) } // TestCompareAppStateNamespaceMetadata tests comparison when managed namespace metadata differs to live @@ -221,8 +220,8 @@ func TestCompareAppStateNamespaceMetadata(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status) @@ -232,14 +231,14 @@ func TestCompareAppStateNamespaceMetadata(t *testing.T) { assert.Len(t, compRes.diffResultList.Diffs, 1) result := NewNamespace() - require.NoError(t, json.Unmarshal(compRes.diffResultList.Diffs[0].PredictedLive, result)) + assert.NoError(t, json.Unmarshal(compRes.diffResultList.Diffs[0].PredictedLive, result)) labels := result.GetLabels() delete(labels, "kubernetes.io/metadata.name") assert.Equal(t, map[string]string{"foo": "bar"}, labels) assert.Equal(t, map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true", "bar": "bat", "foo": "bar"}, result.GetAnnotations()) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, app.Status.Conditions, 0) } // TestCompareAppStateNamespaceMetadataIsTheSame tests comparison when managed namespace metadata is the same @@ -280,14 +279,14 @@ func TestCompareAppStateNamespaceMetadataIsTheSame(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } // TestCompareAppStateMissing tests when there is a manifest defined in the repo which doesn't exist in live @@ -308,14 +307,14 @@ func TestCompareAppStateMissing(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status) assert.Len(t, compRes.resources, 1) assert.Len(t, compRes.managedResources, 1) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, app.Status.Conditions, 0) } // TestCompareAppStateExtra tests when there is an extra object in live but not defined in git @@ -340,13 +339,13 @@ func TestCompareAppStateExtra(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.Equal(t, argoappv1.SyncStatusCodeOutOfSync, compRes.syncStatus.Status) - assert.Len(t, compRes.resources, 1) - assert.Len(t, compRes.managedResources, 1) - assert.Empty(t, app.Status.Conditions) + assert.Equal(t, 1, len(compRes.resources)) + assert.Equal(t, 1, len(compRes.managedResources)) + assert.Equal(t, 0, len(app.Status.Conditions)) } // TestCompareAppStateHook checks that hooks are detected during manifest generation, and not @@ -371,14 +370,14 @@ func TestCompareAppStateHook(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Len(t, compRes.reconciliationResult.Hooks, 1) - assert.Empty(t, app.Status.Conditions) + assert.Equal(t, 0, len(compRes.resources)) + assert.Equal(t, 0, len(compRes.managedResources)) + assert.Equal(t, 1, len(compRes.reconciliationResult.Hooks)) + assert.Equal(t, 0, len(app.Status.Conditions)) } // TestCompareAppStateSkipHook checks that skipped resources are detected during manifest generation, and not @@ -403,14 +402,14 @@ func TestCompareAppStateSkipHook(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Len(t, compRes.resources, 1) - assert.Len(t, compRes.managedResources, 1) - assert.Empty(t, compRes.reconciliationResult.Hooks) - assert.Empty(t, app.Status.Conditions) + assert.Equal(t, 1, len(compRes.resources)) + assert.Equal(t, 1, len(compRes.managedResources)) + assert.Equal(t, 0, len(compRes.reconciliationResult.Hooks)) + assert.Equal(t, 0, len(app.Status.Conditions)) } // checks that ignore resources are detected, but excluded from status @@ -434,14 +433,14 @@ func TestCompareAppStateCompareOptionIgnoreExtraneous(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } // TestCompareAppStateExtraHook tests when there is an extra _hook_ object in live but not defined in git @@ -467,15 +466,15 @@ func TestCompareAppStateExtraHook(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Len(t, compRes.resources, 1) - assert.Len(t, compRes.managedResources, 1) - assert.Empty(t, compRes.reconciliationResult.Hooks) - assert.Empty(t, app.Status.Conditions) + assert.Equal(t, 1, len(compRes.resources)) + assert.Equal(t, 1, len(compRes.managedResources)) + assert.Equal(t, 0, len(compRes.reconciliationResult.Hooks)) + assert.Equal(t, 0, len(app.Status.Conditions)) } // TestAppRevisions tests that revisions are properly propagated for a single source app @@ -496,12 +495,12 @@ func TestAppRevisionsSingleSource(t *testing.T) { app := newFakeApp() revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources(), false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.NotEmpty(t, compRes.syncStatus.Revision) - assert.Empty(t, compRes.syncStatus.Revisions) + assert.Len(t, compRes.syncStatus.Revisions, 0) } // TestAppRevisions tests that revisions are properly propagated for a multi source app @@ -536,8 +535,8 @@ func TestAppRevisionsMultiSource(t *testing.T) { app := newFakeMultiSourceApp() revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources(), false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, app.Spec.HasMultipleSources()) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Empty(t, compRes.syncStatus.Revision) @@ -549,7 +548,7 @@ func TestAppRevisionsMultiSource(t *testing.T) { func toJSON(t *testing.T, obj *unstructured.Unstructured) string { data, err := json.Marshal(obj) - require.NoError(t, err) + assert.NoError(t, err) return string(data) } @@ -584,15 +583,15 @@ func TestCompareAppStateDuplicatedNamespacedResources(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) - assert.Len(t, app.Status.Conditions, 1) + assert.Equal(t, 1, len(app.Status.Conditions)) assert.NotNil(t, app.Status.Conditions[0].LastTransitionTime) assert.Equal(t, argoappv1.ApplicationConditionRepeatedResourceWarning, app.Status.Conditions[0].Type) assert.Equal(t, "Resource /Pod/fake-dest-ns/my-pod appeared 2 times among application resources.", app.Status.Conditions[0].Message) - assert.Len(t, compRes.resources, 4) + assert.Equal(t, 4, len(compRes.resources)) } func TestCompareAppStateManagedNamespaceMetadataWithLiveNsDoesNotGetPruned(t *testing.T) { @@ -621,11 +620,11 @@ func TestCompareAppStateManagedNamespaceMetadataWithLiveNsDoesNotGetPruned(t *te }, } ctrl := newFakeController(&data, nil) - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, []string{}, app.Spec.Sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, []string{}, app.Spec.Sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) - assert.Empty(t, app.Status.Conditions) + assert.Equal(t, 0, len(app.Status.Conditions)) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) // Ensure that ns does not get pruned @@ -675,8 +674,9 @@ func TestCompareAppStateWithManifestGeneratePath(t *testing.T) { ctrl := newFakeController(&data, nil) revisions := make([]string, 0) revisions = append(revisions, "abc123") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, app.Spec.GetSources(), false, false, nil, false) + + assert.Nil(t, err) assert.NotNil(t, compRes) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) assert.Equal(t, "abc123", compRes.syncStatus.Revision) @@ -712,8 +712,8 @@ func TestSetHealth(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.Equal(t, health.HealthStatusHealthy, compRes.healthStatus.Status) } @@ -749,8 +749,8 @@ func TestSetHealthSelfReferencedApp(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.Equal(t, health.HealthStatusHealthy, compRes.healthStatus.Status) } @@ -774,8 +774,8 @@ func TestSetManagedResourcesWithOrphanedResources(t *testing.T) { tree, err := ctrl.setAppManagedResources(app, &comparisonResult{managedResources: make([]managedResource, 0)}) - require.NoError(t, err) - assert.Len(t, tree.OrphanedNodes, 1) + assert.NoError(t, err) + assert.Equal(t, len(tree.OrphanedNodes), 1) assert.Equal(t, "guestbook", tree.OrphanedNodes[0].Name) assert.Equal(t, app.Namespace, tree.OrphanedNodes[0].Namespace) } @@ -803,8 +803,8 @@ func TestSetManagedResourcesWithResourcesOfAnotherApp(t *testing.T) { tree, err := ctrl.setAppManagedResources(app1, &comparisonResult{managedResources: make([]managedResource, 0)}) - require.NoError(t, err) - assert.Empty(t, tree.OrphanedNodes) + assert.NoError(t, err) + assert.Equal(t, 0, len(tree.OrphanedNodes)) } func TestReturnUnknownComparisonStateOnSettingLoadError(t *testing.T) { @@ -824,8 +824,8 @@ func TestReturnUnknownComparisonStateOnSettingLoadError(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.Equal(t, health.HealthStatusUnknown, compRes.healthStatus.Status) assert.Equal(t, argoappv1.SyncStatusCodeUnknown, compRes.syncStatus.Status) @@ -856,7 +856,7 @@ func TestSetManagedResourcesKnownOrphanedResourceExceptions(t *testing.T) { tree, err := ctrl.setAppManagedResources(app, &comparisonResult{managedResources: make([]managedResource, 0)}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, tree.OrphanedNodes, 1) assert.Equal(t, "guestbook", tree.OrphanedNodes[0].Name) } @@ -873,7 +873,7 @@ func Test_appStateManager_persistRevisionHistory(t *testing.T) { } addHistory := func() { err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1.Time{}, v1alpha1.OperationInitiator{}) - require.NoError(t, err) + assert.NoError(t, err) } addHistory() assert.Len(t, app.Status.History, 1) @@ -909,7 +909,7 @@ func Test_appStateManager_persistRevisionHistory(t *testing.T) { metav1NowTime := metav1.NewTime(time.Now()) err := manager.persistRevisionHistory(app, "my-revision", argoappv1.ApplicationSource{}, []string{}, []argoappv1.ApplicationSource{}, false, metav1NowTime, v1alpha1.OperationInitiator{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, app.Status.History.LastRevisionHistory().DeployStartedAt, &metav1NowTime) } @@ -965,14 +965,14 @@ func TestSignedResponseNoSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } // We have a bad signature response, but project does not require signed commits { @@ -992,14 +992,14 @@ func TestSignedResponseNoSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &defaultProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } } @@ -1024,14 +1024,14 @@ func TestSignedResponseSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "") - compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } // We have a bad signature response and signing is required - do not sync { @@ -1051,13 +1051,13 @@ func TestSignedResponseSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "abc123") - compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) assert.Len(t, app.Status.Conditions, 1) } // We have a malformed signature response and signing is required - do not sync @@ -1078,13 +1078,13 @@ func TestSignedResponseSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "abc123") - compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) assert.Len(t, app.Status.Conditions, 1) } // We have no signature response (no signature made) and signing is required - do not sync @@ -1105,13 +1105,13 @@ func TestSignedResponseSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "abc123") - compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) assert.Len(t, app.Status.Conditions, 1) } @@ -1135,13 +1135,13 @@ func TestSignedResponseSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "abc123") - compRes, err := ctrl.appStateManager.CompareAppState(app, &testProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &testProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) assert.Len(t, app.Status.Conditions, 1) assert.Contains(t, app.Status.Conditions[0].Message, "key is not allowed") } @@ -1165,13 +1165,13 @@ func TestSignedResponseSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "abc123") - compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, localManifests, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, localManifests, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeUnknown, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) assert.Len(t, app.Status.Conditions, 1) assert.Contains(t, app.Status.Conditions[0].Message, "Cannot use local manifests") } @@ -1195,14 +1195,14 @@ func TestSignedResponseSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "abc123") - compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, nil, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } // Signature required and local manifests supplied and GPG subsystem is disabled - sync @@ -1225,14 +1225,14 @@ func TestSignedResponseSignatureRequired(t *testing.T) { sources = append(sources, app.Spec.GetSource()) revisions := make([]string, 0) revisions = append(revisions, "abc123") - compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, localManifests, false, false) - require.NoError(t, err) + compRes, err := ctrl.appStateManager.CompareAppState(app, &signedProj, revisions, sources, false, false, localManifests, false) + assert.Nil(t, err) assert.NotNil(t, compRes) assert.NotNil(t, compRes.syncStatus) assert.Equal(t, argoappv1.SyncStatusCodeSynced, compRes.syncStatus.Status) - assert.Empty(t, compRes.resources) - assert.Empty(t, compRes.managedResources) - assert.Empty(t, app.Status.Conditions) + assert.Len(t, compRes.resources, 0) + assert.Len(t, compRes.managedResources, 0) + assert.Len(t, app.Status.Conditions, 0) } } @@ -1706,7 +1706,7 @@ func TestUseDiffCache(t *testing.T) { useDiffCache := useDiffCache(tc.noCache, tc.manifestInfos, tc.sources, tc.app, tc.manifestRevisions, tc.statusRefreshTimeout, tc.serverSideDiff, log) // Then - assert.Equal(t, tc.expectedUseCache, useDiffCache) + assert.Equal(t, useDiffCache, tc.expectedUseCache) }) } } diff --git a/controller/sync.go b/controller/sync.go index 9cd4b1f0c6e93..458b744c8a8ad 100644 --- a/controller/sync.go +++ b/controller/sync.go @@ -9,9 +9,8 @@ import ( "sync/atomic" "time" - "k8s.io/apimachinery/pkg/util/strategicpatch" - cdcommon "github.com/argoproj/argo-cd/v2/common" + "k8s.io/apimachinery/pkg/util/strategicpatch" "github.com/argoproj/gitops-engine/pkg/sync" "github.com/argoproj/gitops-engine/pkg/sync/common" @@ -109,19 +108,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha return } - isMultiSourceRevision := app.Spec.HasMultipleSources() - rollback := len(syncOp.Sources) > 0 || syncOp.Source != nil - if rollback { - // rollback case - if len(state.Operation.Sync.Sources) > 0 { - sources = state.Operation.Sync.Sources - isMultiSourceRevision = true - } else { - source = *state.Operation.Sync.Source - sources = make([]v1alpha1.ApplicationSource, 0) - isMultiSourceRevision = false - } - } else { + if syncOp.Source == nil || (syncOp.Sources != nil && len(syncOp.Sources) > 0) { // normal sync case (where source is taken from app.spec.sources) if app.Spec.HasMultipleSources() { sources = app.Spec.Sources @@ -130,6 +117,14 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha source = app.Spec.GetSource() sources = make([]v1alpha1.ApplicationSource, 0) } + } else { + // rollback case + if app.Spec.HasMultipleSources() { + sources = state.Operation.Sync.Sources + } else { + source = *state.Operation.Sync.Source + sources = make([]v1alpha1.ApplicationSource, 0) + } } if state.SyncResult != nil { @@ -141,7 +136,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha // status.operationState.syncResult.source. must be set properly since auto-sync relies // on this information to decide if it should sync (if source is different than the last // sync attempt) - if isMultiSourceRevision { + if app.Spec.HasMultipleSources() { syncRes.Sources = sources } else { syncRes.Source = source @@ -152,7 +147,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha // if we get here, it means we did not remember a commit SHA which we should be syncing to. // This typically indicates we are just about to begin a brand new sync/rollback operation. // Take the value in the requested operation. We will resolve this to a SHA later. - if isMultiSourceRevision { + if app.Spec.HasMultipleSources() { if len(revisions) != len(sources) { revisions = syncOp.Revisions } @@ -175,13 +170,19 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha return } - if !isMultiSourceRevision { + if app.Spec.HasMultipleSources() { + revisions = syncRes.Revisions + } else { + revisions = append(revisions, revision) + } + + if !app.Spec.HasMultipleSources() { sources = []v1alpha1.ApplicationSource{source} revisions = []string{revision} } // ignore error if CompareStateRepoError, this shouldn't happen as noRevisionCache is true - compareResult, err := m.CompareAppState(app, proj, revisions, sources, false, true, syncOp.Manifests, isMultiSourceRevision, rollback) + compareResult, err := m.CompareAppState(app, proj, revisions, sources, false, true, syncOp.Manifests, app.Spec.HasMultipleSources()) if err != nil && !goerrors.Is(err, CompareStateRepoError) { state.Phase = common.OperationError state.Message = err.Error() @@ -295,6 +296,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha permitted, err := proj.IsDestinationPermitted(v1alpha1.ApplicationDestination{Namespace: un.GetNamespace(), Server: app.Spec.Destination.Server, Name: app.Spec.Destination.Name}, func(project string) ([]*v1alpha1.Cluster, error) { return m.db.GetProjectClusters(context.TODO(), project) }) + if err != nil { return err } @@ -337,6 +339,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha openAPISchema, opts..., ) + if err != nil { state.Phase = common.OperationError state.Message = fmt.Sprintf("failed to initialize sync context: %v", err) @@ -395,7 +398,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha logEntry.WithField("duration", time.Since(start)).Info("sync/terminate complete") if !syncOp.DryRun && len(syncOp.Resources) == 0 && state.Phase.Successful() { - err := m.persistRevisionHistory(app, compareResult.syncStatus.Revision, source, compareResult.syncStatus.Revisions, compareResult.syncStatus.ComparedTo.Sources, isMultiSourceRevision, state.StartedAt, state.Operation.InitiatedBy) + err := m.persistRevisionHistory(app, compareResult.syncStatus.Revision, source, compareResult.syncStatus.Revisions, compareResult.syncStatus.ComparedTo.Sources, app.Spec.HasMultipleSources(), state.StartedAt, state.Operation.InitiatedBy) if err != nil { state.Phase = common.OperationError state.Message = fmt.Sprintf("failed to record sync to history: %v", err) diff --git a/controller/sync_namespace.go b/controller/sync_namespace.go index 9578dc8651322..9203e27f502e7 100644 --- a/controller/sync_namespace.go +++ b/controller/sync_namespace.go @@ -1,11 +1,10 @@ package controller import ( - gitopscommon "github.com/argoproj/gitops-engine/pkg/sync/common" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" + gitopscommon "github.com/argoproj/gitops-engine/pkg/sync/common" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" ) // syncNamespace determine if Argo CD should create and/or manage the namespace diff --git a/controller/sync_namespace_test.go b/controller/sync_namespace_test.go index 7e60b0d287789..e18f52800bf03 100644 --- a/controller/sync_namespace_test.go +++ b/controller/sync_namespace_test.go @@ -1,16 +1,13 @@ package controller import ( - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/apimachinery/pkg/types" - "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/argo" + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/types" + "testing" ) func createFakeNamespace(uid string, resourceVersion string, labels map[string]string, annotations map[string]string) *unstructured.Unstructured { @@ -251,7 +248,7 @@ func Test_shouldNamespaceSync(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { actual, err := syncNamespace(argo.NewResourceTracking(), common.LabelKeyAppInstance, argo.TrackingMethodAnnotation, "some-app", tt.syncPolicy)(tt.managedNs, tt.liveNs) - require.NoError(t, err) + assert.NoError(t, err) if tt.managedNs != nil { assert.Equal(t, tt.expectedLabels, tt.managedNs.GetLabels()) diff --git a/controller/sync_test.go b/controller/sync_test.go index 1dbfa2ff9e1a5..a526548b089bd 100644 --- a/controller/sync_test.go +++ b/controller/sync_test.go @@ -53,8 +53,8 @@ func TestPersistRevisionHistory(t *testing.T) { assert.Equal(t, app.Spec.GetSource(), opState.SyncResult.Source) updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Get(context.Background(), app.Name, v1.GetOptions{}) - require.NoError(t, err) - assert.Len(t, updatedApp.Status.History, 1) + assert.Nil(t, err) + assert.Equal(t, 1, len(updatedApp.Status.History)) assert.Equal(t, app.Spec.GetSource(), updatedApp.Status.History[0].Source) assert.Equal(t, "abc123", updatedApp.Status.History[0].Revision) } @@ -142,8 +142,8 @@ func TestPersistRevisionHistoryRollback(t *testing.T) { assert.Equal(t, source, opState.SyncResult.Source) updatedApp, err := ctrl.applicationClientset.ArgoprojV1alpha1().Applications(app.Namespace).Get(context.Background(), app.Name, v1.GetOptions{}) - require.NoError(t, err) - assert.Len(t, updatedApp.Status.History, 1) + assert.Nil(t, err) + assert.Equal(t, 1, len(updatedApp.Status.History)) assert.Equal(t, source, updatedApp.Status.History[0].Source) assert.Equal(t, "abc123", updatedApp.Status.History[0].Revision) } @@ -308,21 +308,20 @@ func TestSyncWindowDeniesSync(t *testing.T) { f := setup() opMessage := "Sync operation blocked by sync window" - opState := &v1alpha1.OperationState{ - Operation: v1alpha1.Operation{ - Sync: &v1alpha1.SyncOperation{ - Source: &v1alpha1.ApplicationSource{}, - }, - }, + opState := &v1alpha1.OperationState{Operation: v1alpha1.Operation{ + Sync: &v1alpha1.SyncOperation{ + Source: &v1alpha1.ApplicationSource{}, + }}, Phase: common.OperationRunning, } // when f.controller.appStateManager.SyncAppState(f.application, opState) - // then + //then assert.Equal(t, common.OperationRunning, opState.Phase) assert.Contains(t, opState.Message, opMessage) }) + } func TestNormalizeTargetResources(t *testing.T) { @@ -363,7 +362,7 @@ func TestNormalizeTargetResources(t *testing.T) { // then require.NoError(t, err) - require.Len(t, targets, 1) + require.Equal(t, 1, len(targets)) iksmVersion := targets[0].GetAnnotations()["iksm-version"] assert.Equal(t, "2.0", iksmVersion) }) @@ -376,7 +375,7 @@ func TestNormalizeTargetResources(t *testing.T) { // then require.NoError(t, err) - require.Len(t, targets, 1) + require.Equal(t, 1, len(targets)) iksmVersion := targets[0].GetAnnotations()["iksm-version"] assert.Equal(t, "1.0", iksmVersion) }) @@ -396,7 +395,7 @@ func TestNormalizeTargetResources(t *testing.T) { // then require.NoError(t, err) - require.Len(t, targets, 1) + require.Equal(t, 1, len(targets)) _, ok := targets[0].GetAnnotations()["iksm-version"] assert.False(t, ok) }) @@ -421,7 +420,7 @@ func TestNormalizeTargetResources(t *testing.T) { // then require.NoError(t, err) - require.Len(t, targets, 1) + require.Equal(t, 1, len(targets)) normalized := targets[0] iksmVersion, ok := normalized.GetAnnotations()["iksm-version"] require.True(t, ok) @@ -450,11 +449,11 @@ func TestNormalizeTargetResources(t *testing.T) { // then require.NoError(t, err) - require.Len(t, targets, 1) + require.Equal(t, 1, len(targets)) containers, ok, err := unstructured.NestedSlice(targets[0].Object, "spec", "template", "spec", "containers") require.NoError(t, err) require.True(t, ok) - assert.Len(t, containers, 2) + assert.Equal(t, 2, len(containers)) }) } @@ -489,7 +488,7 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { Group: "projectcontour.io", Kind: "HTTPProxy", JQPathExpressions: []string{".spec.routes[]"}, - // JSONPointers: []string{"/spec/routes"}, + //JSONPointers: []string{"/spec/routes"}, }, } f := setupHttpProxy(t, ignores) @@ -501,24 +500,25 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { // then require.NoError(t, err) - require.Len(t, f.comparisonResult.reconciliationResult.Live, 1) - require.Len(t, f.comparisonResult.reconciliationResult.Target, 1) - require.Len(t, patchedTargets, 1) + require.Equal(t, 1, len(f.comparisonResult.reconciliationResult.Live)) + require.Equal(t, 1, len(f.comparisonResult.reconciliationResult.Target)) + require.Equal(t, 1, len(patchedTargets)) // live should have 1 entry - require.Len(t, dig[[]any](f.comparisonResult.reconciliationResult.Live[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors"}), 1) + require.Equal(t, 1, len(dig[[]any](f.comparisonResult.reconciliationResult.Live[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors"}))) // assert some arbitrary field to show `entries[0]` is not an empty object require.Equal(t, "sample-header", dig[string](f.comparisonResult.reconciliationResult.Live[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries", 0, "requestHeader", "headerName"})) // target has 2 entries - require.Len(t, dig[[]any](f.comparisonResult.reconciliationResult.Target[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries"}), 2) + require.Equal(t, 2, len(dig[[]any](f.comparisonResult.reconciliationResult.Target[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries"}))) // assert some arbitrary field to show `entries[0]` is not an empty object require.Equal(t, "sample-header", dig[string](f.comparisonResult.reconciliationResult.Target[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries", 0, "requestHeaderValueMatch", "headers", 0, "name"})) // It should be *1* entries in the array - require.Len(t, dig[[]any](patchedTargets[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors"}), 1) + require.Equal(t, 1, len(dig[[]any](patchedTargets[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors"}))) // and it should NOT equal an empty object require.Len(t, dig[any](patchedTargets[0].Object, []interface{}{"spec", "routes", 0, "rateLimitPolicy", "global", "descriptors", 0, "entries", 0}), 1) + }) t.Run("will correctly set array entries if new entries have been added", func(t *testing.T) { // given @@ -540,17 +540,17 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { // then require.NoError(t, err) - require.Len(t, targets, 1) + require.Equal(t, 1, len(targets)) containers, ok, err := unstructured.NestedSlice(targets[0].Object, "spec", "template", "spec", "containers") require.NoError(t, err) require.True(t, ok) - assert.Len(t, containers, 1) + assert.Equal(t, 1, len(containers)) ports := containers[0].(map[string]interface{})["ports"].([]interface{}) - assert.Len(t, ports, 1) + assert.Equal(t, 1, len(ports)) env := containers[0].(map[string]interface{})["env"].([]interface{}) - assert.Len(t, env, 3) + assert.Equal(t, 3, len(env)) first := env[0] second := env[1] @@ -592,13 +592,13 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { // then require.NoError(t, err) - require.Len(t, targets, 1) + require.Equal(t, 1, len(targets)) metadata, ok, err := unstructured.NestedMap(targets[0].Object, "metadata") require.NoError(t, err) require.True(t, ok) labels, ok := metadata["labels"].(map[string]interface{}) require.True(t, ok) - assert.Len(t, labels, 2) + assert.Equal(t, 2, len(labels)) assert.Equal(t, "web", labels["appProcess"]) spec, ok, err := unstructured.NestedMap(targets[0].Object, "spec") @@ -614,7 +614,7 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { require.True(t, ok) tLabels, ok := tMetadata["labels"].(map[string]interface{}) require.True(t, ok) - assert.Len(t, tLabels, 2) + assert.Equal(t, 2, len(tLabels)) assert.Equal(t, "web", tLabels["appProcess"]) tSpec, ok := template["spec"].(map[string]interface{}) @@ -622,7 +622,7 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { containers, ok, err := unstructured.NestedSlice(tSpec, "containers") require.NoError(t, err) require.True(t, ok) - assert.Len(t, containers, 1) + assert.Equal(t, 1, len(containers)) first := containers[0].(map[string]interface{}) assert.Equal(t, "alpine:3", first["image"]) @@ -636,7 +636,7 @@ func TestNormalizeTargetResourcesWithList(t *testing.T) { env, ok, err := unstructured.NestedSlice(first, "env") require.NoError(t, err) require.True(t, ok) - assert.Len(t, env, 1) + assert.Equal(t, 1, len(env)) env0 := env[0].(map[string]interface{}) assert.Equal(t, "EV", env0["name"]) diff --git a/docs/assets/argocd_architecture.png b/docs/assets/argocd_architecture.png index 84fe437a9ace9..3de4dd9f93d4e 100644 Binary files a/docs/assets/argocd_architecture.png and b/docs/assets/argocd_architecture.png differ diff --git a/docs/assets/versions.css b/docs/assets/versions.css index ae75d223d1335..b8bb066929dd0 100644 --- a/docs/assets/versions.css +++ b/docs/assets/versions.css @@ -53,7 +53,7 @@ div[data-md-component=announce]>div#announce-msg>a{ } /* from https://assets.readthedocs.org/static/css/badge_only.css, -most styles have to be overridden here */ +most styles have to be overriden here */ .rst-versions{ position: relative !important; bottom: 0; diff --git a/docs/assets/versions.js b/docs/assets/versions.js index 274b3b557eae6..ff72b7e718564 100644 --- a/docs/assets/versions.js +++ b/docs/assets/versions.js @@ -19,14 +19,6 @@ const observerCallback = function(mutationsList, observer) { const observer = new MutationObserver(observerCallback); observer.observe(targetNode, observerOptions); -function getCurrentVersion() { - const currentVersion = window.location.href.match(/\/en\/(release-(?:v\d+|[\d\.]+|\w+)|latest|stable)\//); - if (currentVersion && currentVersion.length > 1) { - return currentVersion[1]; - } - return null; -} - function initializeVersionDropdown() { const callbackName = 'callback_' + new Date().getTime(); window[callbackName] = function(response) { @@ -50,18 +42,18 @@ function initializeVersionDropdown() { document.getElementsByTagName('head')[0].appendChild(CSSLink); var script = document.createElement('script'); - const currentVersion = getCurrentVersion(); script.src = 'https://argo-cd.readthedocs.io/_/api/v2/footer_html/?' + - 'callback=' + callbackName + '&project=argo-cd&page=&theme=mkdocs&format=jsonp&docroot=docs&source_suffix=.md&version=' + (currentVersion || 'latest'); + 'callback=' + callbackName + '&project=argo-cd&page=&theme=mkdocs&format=jsonp&docroot=docs&source_suffix=.md&version=' + (window['READTHEDOCS_DATA'] || { version: 'latest' }).version; document.getElementsByTagName('head')[0].appendChild(script); } // VERSION WARNINGS window.addEventListener("DOMContentLoaded", function() { + var currentVersion = window.location.href.match(/\/en\/(release-(?:v\d+|\w+)|latest|stable)\//); var margin = 30; var headerHeight = document.getElementsByClassName("md-header")[0].offsetHeight; - const currentVersion = getCurrentVersion(); - if (currentVersion) { + if (currentVersion && currentVersion.length > 1) { + currentVersion = currentVersion[1]; if (currentVersion === "latest") { document.querySelector("div[data-md-component=announce]").innerHTML = "
You are viewing the docs for an unreleased version of Argo CD, click here to go to the latest stable version.
"; var bannerHeight = document.getElementById('announce-msg').offsetHeight + margin; @@ -80,4 +72,4 @@ window.addEventListener("DOMContentLoaded", function() { "@media screen and (min-width: 60em){ .md-sidebar--secondary { height: 0; top:" + (bannerHeight + headerHeight) + "px !important; }}"; } } -}); +}); \ No newline at end of file diff --git a/docs/developer-guide/debugging-remote-environment.md b/docs/developer-guide/debugging-remote-environment.md index f87d1a0bb009d..5548d3444af8c 100644 --- a/docs/developer-guide/debugging-remote-environment.md +++ b/docs/developer-guide/debugging-remote-environment.md @@ -21,7 +21,7 @@ curl -sSfL https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/i Connect to one of the services, for example, to debug the main ArgoCD server run: ```shell kubectl config set-context --current --namespace argocd -telepresence helm install --set agent.securityContext={} # Installs telepresence into your cluster +telepresence helm install # Installs telepresence into your cluster telepresence connect # Starts the connection to your cluster (bound to the current namespace) telepresence intercept argocd-server --port 8080:http --env-file .envrc.remote # Starts the interception ``` diff --git a/docs/developer-guide/dependencies.md b/docs/developer-guide/dependencies.md index 2a4c869825e31..410fd1241b1b2 100644 --- a/docs/developer-guide/dependencies.md +++ b/docs/developer-guide/dependencies.md @@ -6,32 +6,31 @@ https://github.com/argoproj/gitops-engine -### Pulling changes from `gitops-engine` +### Pulling changes from `gitops-engine` -After your GitOps Engine PR has been merged, ArgoCD needs to be updated to pull in the version of the GitOps engine that contains your change. Here are the steps: +After your GitOps Engine PR has been merged, ArgoCD needs to be updated to pull in the version of the GitOps engine that contains your change. Here are the steps: -- Retrieve the SHA hash for your commit. You will use this in the next step. -- From the `argo-cd` folder, run the following command +* Retrieve the SHA hash for your commit. You will use this in the next step. +* From the `argo-cd` folder, run the following command - `go get github.com/argoproj/gitops-engine@` + `go get github.com/argoproj/gitops-engine@` - If you get an error message `invalid version: unknown revision` then you got the wrong SHA hash + If you get an error message `invalid version: unknown revision` then you got the wrong SHA hash -- Run: +* Run: - `go mod tidy` + `go mod tidy` -- The following files are changed: +* The following files are changed: - - `go.mod` - - `go.sum` + - `go.mod` + - `go.sum` -- Create an ArgoCD PR with a `refactor:` type in its title for the two file changes. +* Create an ArgoCD PR with a `refactor:` type in its title for the two file changes. ### Tips: - -- See https://github.com/argoproj/argo-cd/pull/4434 as an example -- The PR might require additional, dependent changes in ArgoCD that are directly impacted by the changes made in the engine. +* See https://github.com/argoproj/argo-cd/pull/4434 as an example +* The PR might require additional, dependent changes in ArgoCD that are directly impacted by the changes made in the engine. ## Argo UI Components @@ -46,8 +45,10 @@ If you make changes to the Argo UI component, and your Argo CD changes depend on 1. Make changes to Argo UI and submit the PR request. 2. Also, prepare your Argo CD changes, but don't create the PR just yet. 3. **After** the Argo UI PR has been merged to master, then as part of your Argo CD changes: - - Run `yarn add git+https://github.com/argoproj/argo-ui.git` in the `ui/` directory, and then, - - Check in the regenerated yarn.lock file as part of your Argo CD commit -4. Create the Argo CD PR when you are ready. The PR build and test checks should pass. + - Run `yarn add git+https://github.com/argoproj/argo-ui.git` in the `ui/` directory, and then, + - Check in the regenerated yarn.lock file as part of your Argo CD commit +4. Create the Argo CD PR when you are ready. The PR build and test checks should pass. If your Argo UI change is a 'stand-alone' fix, and you simply want Argo CD to pull in your change, then simply create an Argo CD PR with the yarn.lock file change. + + diff --git a/docs/developer-guide/extensions/proxy-extensions.md b/docs/developer-guide/extensions/proxy-extensions.md index 5d561657eb873..c53946cade95f 100644 --- a/docs/developer-guide/extensions/proxy-extensions.md +++ b/docs/developer-guide/extensions/proxy-extensions.md @@ -120,7 +120,7 @@ Is the address where the extension backend must be available. If provided, the headers list will be added on all outgoing requests for this service config. Existing headers in the incoming request with -the same name will be overridden by the one in this list. Reserved header +the same name will be overriden by the one in this list. Reserved header names will be ignored (see the [headers](#incoming-request-headers) below). #### `extensions.backend.services.headers.name` (*string*) diff --git a/docs/developer-guide/static-code-analysis.md b/docs/developer-guide/static-code-analysis.md index 90798a70f5a32..ef4d72c99a3b6 100644 --- a/docs/developer-guide/static-code-analysis.md +++ b/docs/developer-guide/static-code-analysis.md @@ -2,7 +2,7 @@ We use the following static code analysis tools: -* golangci-lint and eslint for compile time linting +* golangci-lint and tslint for compile time linting * [codecov.io](https://codecov.io/gh/argoproj/argo-cd) - for code coverage * [snyk.io](https://app.snyk.io/org/argoproj/projects) - for image scanning * [sonarcloud.io](https://sonarcloud.io/organizations/argoproj/projects) - for code scans and security alerts diff --git a/docs/faq.md b/docs/faq.md index e98ca95f556b6..5ce6ca134ff1b 100644 --- a/docs/faq.md +++ b/docs/faq.md @@ -70,14 +70,14 @@ kubectl -n argocd patch secret argocd-secret \ ``` Another option is to delete both the `admin.password` and `admin.passwordMtime` keys and restart argocd-server. This -will generate a new password as per [the getting started guide](getting_started.md), so either to the name of the pod -(Argo CD 1.8 and earlier) +will generate a new password as per [the getting started guide](getting_started.md), so either to the name of the pod ( +Argo CD 1.8 and earlier) or a randomly generated password stored in a secret (Argo CD 1.9 and later). ## How to disable admin user? -Add `admin.enabled: "false"` to the `argocd-cm` ConfigMap -(see [user management](./operator-manual/user-management/index.md)). +Add `admin.enabled: "false"` to the `argocd-cm` ConfigMap ( +see [user management](./operator-manual/user-management/index.md)). ## Argo CD cannot deploy Helm Chart based applications without internet access, how can I solve it? @@ -110,8 +110,8 @@ to all manifest generators. ## I've configured [cluster secret](./operator-manual/declarative-setup.md#clusters) but it does not show up in CLI/UI, how do I fix it? Check if cluster secret has `argocd.argoproj.io/secret-type: cluster` label. If secret has the label but the cluster is -still not visible then make sure it might be a permission issue. Try to list clusters using `admin` user -(e.g. `argocd login --username admin && argocd cluster list`). +still not visible then make sure it might be a permission issue. Try to list clusters using `admin` user ( +e.g. `argocd login --username admin && argocd cluster list`). ## Argo CD is unable to connect to my cluster, how do I troubleshoot it? @@ -127,7 +127,7 @@ Now you can manually verify that cluster is accessible from the Argo CD pod. ## How Can I Terminate A Sync? -To terminate the sync, click on the "synchronization" then "terminate": +To terminate the sync, click on the "synchronisation" then "terminate": ![Synchronization](assets/synchronization-button.png) ![Terminate](assets/terminate-button.png) @@ -270,7 +270,7 @@ The most common instance of this error is with `env:` fields for `containers`. It's possible that your application is being generated by a tool in which case the duplication might not be evident within the scope of a single file. If you have trouble debugging this problem, consider filing a ticket to the owner of the generator tool asking them to improve its validation and error reporting. ## How to rotate Redis secret? -* Delete `argocd-redis` secret in the namespace where Argo CD is installed. +* Delete `argocd-redis` secret in the namespace where Argo CD is installed. ```bash kubectl delete secret argocd-redis -n ``` @@ -291,78 +291,22 @@ kubectl rollout restart statefulset argocd-application-controller ## How to turn off Redis auth if users really want to? -Argo CD default installation is now configured to automatically enable Redis authentication. +Argo CD default installation is now configured automatically enable Redis authentication. If for some reason authenticated Redis does not work for you and you want to use non-authenticated Redis, here are the steps: -1. You need to have your own Redis installation. -2. Configure Argo CD to use your own Redis instance. See this [doc](https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cmd-params-cm-yaml/) for the Argo CD configuration. -3. If you already installed Redis shipped with Argo CD, you also need to clean up the existing components: - - * When HA Redis is used: - - - kubectl delete deployment argocd-redis-ha-haproxy - - kubectl delete statefulset argocd-redis-ha-server - - * When non-HA Redis is used: - - - kubectl delete deployment argocd-redis - -4. Remove environment variable `REDIS_PASSWORD` from the following manifests: - * Deployment: argocd-repo-server +* You need to have your own Redis installation. +* Configure Argo CD to use your own Redis instance. See this [doc](https://argo-cd.readthedocs.io/en/stable/operator-manual/argocd-cmd-params-cm-yaml/) for the Argo CD configuration. +* If you already installed Redis shipped with Argo CD, you also need to clean up the existing components: + * When HA Redis is used: + * kubectl delete deployment argocd-redis-ha-haproxy + * kubectl delete statefulset argocd-redis-ha-server + * When non-HA Redis is used: + * kubectl delete deployment argocd-redis +* Remove environment variable `REDIS_PASSWORD` from the following manifests + * Deployment: argocd-repo-server: * Deployment: argocd-server * StatefulSet: argocd-application-controller - + ## How do I provide my own Redis credentials? The Redis password is stored in Kubernetes secret `argocd-redis` with key `auth` in the namespace where Argo CD is installed. -You can config your secret provider to generate Kubernetes secret accordingly. - -## How do I fix `Manifest generation error (cached)`? - -`Manifest generation error (cached)` means that there was an error when generating manifests and that the error message has been cached to avoid runaway retries. - -Doing a hard refresh (ignoring the cached error) can overcome transient issues. But if there's an ongoing reason manifest generation is failing, a hard refresh will not help. - -Instead, try searching the repo-server logs for the app name in order to identify the error that is causing manifest generation to fail. - -## How do I fix `field not declared in schema`? - -For certain features, Argo CD relies on a static (hard-coded) set of schemas for built-in Kubernetes resource types. - -If your manifests use fields which are not present in the hard-coded schemas, you may get an error like `field not -declared in schema`. - -The schema version is based on the Kubernetes libraries version that Argo CD is built against. To find the Kubernetes -version for a given Argo CD version, navigate to this page, where `X.Y.Z` is the Argo CD version: - -``` -https://github.com/argoproj/argo-cd/blob/vX.Y.Z/go.mod -``` - -Then find the Kubernetes version in the `go.mod` file. For example, for Argo CD v2.11.4, the Kubernetes libraries -version is v0.26.11 - -``` - k8s.io/api => k8s.io/api v0.26.11 -``` - -### How do I fix the issue? - -To completely resolve the issue, upgrade to an Argo CD version which contains a static schema supporting all the needed -fields. - -### How do I work around the issue? - -As mentioned above, only certain Argo CD features rely on the static schema: 1) `ignoreDifferences` with -`managedFieldManagers`, 2) server-side apply _without_ server-side diff, and 3) server-side diff _with_ mutation -webhooks. - -If you can avoid using these features, you can avoid triggering the error. The options are as follows: - -1. **Disable `ignoreDifferences` which have `managedFieldsManagers`**: see [diffing docs](user-guide/diffing.md) for - details about that feature. Removing this config could cause undesired diffing behavior. -2. **Disable server-side apply**: see [server-side apply docs](user-guide/sync-options.md#server-side-apply) for details about that - feature. Disabling server-side apply may have undesired effects on sync behavior. Note that you can bypass this issue - if you use server-side diff and [exclude mutation webhooks from the diff](user-guide/diff-strategies.md#mutation-webhooks). - Excluding mutation webhooks from the diff could cause undesired diffing behavior. -3. **Disable mutation webhooks when using server-side diff**: see [server-side diff docs](user-guide/diff-strategies.md#mutation-webhooks) - for details about that feature. Disabling mutation webhooks may have undesired effects on sync behavior. +You can config your secret provider to generate Kubernetes secret accordingly. \ No newline at end of file diff --git a/docs/getting_started.md b/docs/getting_started.md index ce0d9688e7963..4afe4add47267 100644 --- a/docs/getting_started.md +++ b/docs/getting_started.md @@ -23,7 +23,7 @@ This will create a new namespace, `argocd`, where Argo CD services and applicati namespace then make sure to update the namespace reference. !!! tip - If you are not interested in UI, SSO, and multi-cluster features, then you can install only the [core](operator-manual/core.md#installing) Argo CD components. + If you are not interested in UI, SSO, and multi-cluster features, then you can install only the [core](operator-manual/core/#installing) Argo CD components. This default installation will have a self-signed certificate and cannot be accessed without a bit of extra work. Do one of: @@ -217,12 +217,6 @@ events, and assessed health status. ### Syncing via UI -On the Applications page, click on *Sync* button of the guestbook application: - ![guestbook app](assets/guestbook-app.png) - -A panel will be opened and then, click on *Synchronize* button. - -You can see more details by clicking at the guestbook application: - ![view app](assets/guestbook-tree.png) + diff --git a/docs/operator-manual/application.yaml b/docs/operator-manual/application.yaml index 123569130df92..864a293ce6890 100644 --- a/docs/operator-manual/application.yaml +++ b/docs/operator-manual/application.yaml @@ -103,8 +103,6 @@ spec: beep: boop-${ARGOCD_APP_REVISION} # Toggle which enables/disables env variables substitution in commonAnnotations commonAnnotationsEnvsubst: true - forceCommonLabels: false - forceCommonAnnotations: false images: - gcr.io/heptio-images/ks-guestbook-demo:0.2 - my-app=gcr.io/my-repo/my-app:0.1 @@ -112,17 +110,6 @@ spec: replicas: - name: kustomize-guestbook-ui count: 4 - components: - - ../component # relative to the kustomization.yaml (`source.path`). - patches: - - target: - kind: Deployment - name: guestbook-ui - patch: |- - - op: add # Add new element to manifest - path: /spec/template/spec/nodeSelector/ - value: - env: "pro" # directory directory: diff --git a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md index 1636d348cb009..d72cee60ad401 100644 --- a/docs/operator-manual/applicationset/Controlling-Resource-Modification.md +++ b/docs/operator-manual/applicationset/Controlling-Resource-Modification.md @@ -32,19 +32,16 @@ spec: ``` -- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. **WARNING**: It doesn't prevent Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/) when deleting ApplicationSet. -- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. **WARNING**: It doesn't prevent Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/) when deleting ApplicationSet. +- Policy `create-only`: Prevents ApplicationSet controller from modifying or deleting Applications. Prevents Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/). +- Policy `create-update`: Prevents ApplicationSet controller from deleting Applications. Update is allowed. Prevents Application controller from deleting Applications according to [ownerReferences](https://kubernetes.io/docs/concepts/overview/working-with-objects/owners-dependents/). - Policy `create-delete`: Prevents ApplicationSet controller from modifying Applications. Delete is allowed. - Policy `sync`: Update and Delete are allowed. If the controller parameter `--policy` is set, it takes precedence on the field `applicationsSync`. It is possible to allow per ApplicationSet sync policy by setting variable `ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_POLICY_OVERRIDE` to argocd-cmd-params-cm `applicationsetcontroller.enable.policy.override` or directly with controller parameter `--enable-policy-override` (default to `false`). -### Policy - `create-only`: Prevent ApplicationSet controller from modifying and deleting Applications - -To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as *deletion*, or modification of Application fields, add this parameter in the ApplicationSet controller: - -**WARNING**: "*deletion*" indicates the case as the result of comparing generated Application between before and after, there are Applications which no longer exist. It doesn't indicate the case Applications are deleted according to ownerReferences to ApplicationSet. See [How to prevent Application controller from deleting Applications when deleting ApplicationSet](#how-to-prevent-application-controller-from-deleting-applications-when-deleting-applicationset) +### Controller parameter +To allow the ApplicationSet controller to *create* `Application` resources, but prevent any further modification, such as deletion, or modification of Application fields, add this parameter in the ApplicationSet controller: ``` --policy create-only ``` @@ -60,12 +57,9 @@ spec: applicationsSync: create-only ``` -### Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications +## Policy - `create-update`: Prevent ApplicationSet controller from deleting Applications To allow the ApplicationSet controller to create or modify `Application` resources, but prevent Applications from being deleted, add the following parameter to the ApplicationSet controller `Deployment`: - -**WARNING**: "*deletion*" indicates the case as the result of comparing generated Application between before and after, there are Applications which no longer exist. It doesn't indicate the case Applications are deleted according to ownerReferences to ApplicationSet. See [How to prevent Application controller from deleting Applications when deleting ApplicationSet](#how-to-prevent-application-controller-from-deleting-applications-when-deleting-applicationset) - ``` --policy create-update ``` @@ -83,22 +77,6 @@ spec: applicationsSync: create-update ``` -### How to prevent Application controller from deleting Applications when deleting ApplicationSet - -By default, `create-only` and `create-update` policy isn't effective against preventing deletion of Applications when deleting ApplicationSet. -You must set the finalizer to ApplicationSet to prevent deletion in such case, and use background cascading deletion. -If you use foreground cascading deletion, there's no guarantee to preserve applications. - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: ApplicationSet -metadata: - finalizers: - - resources-finalizer.argocd.argoproj.io -spec: - # (...) -``` - ## Ignore certain changes to Applications The ApplicationSet spec includes an `ignoreApplicationDifferences` field, which allows you to specify which fields of @@ -343,15 +321,3 @@ metadata: data: applicationsetcontroller.log.level: debug ``` - -## Previewing changes - -To preview changes that the ApplicationSet controller would make to Applications, you can create the AppSet in dry-run -mode. This works whether the AppSet already exists or not. - -```shell -argocd appset create --dry-run ./appset.yaml -o json | jq -r '.status.resources[].name' -``` - -The dry-run will populate the returned ApplicationSet's status with the Applications which would be managed with the -given config. You can compare to the existing Applications to see what would change. diff --git a/docs/operator-manual/applicationset/Generators-Cluster.md b/docs/operator-manual/applicationset/Generators-Cluster.md index de769b94deed9..aa18983fe3d54 100644 --- a/docs/operator-manual/applicationset/Generators-Cluster.md +++ b/docs/operator-manual/applicationset/Generators-Cluster.md @@ -64,7 +64,6 @@ In this example, the cluster secret's `name` and `server` fields are used to pop A label selector may be used to narrow the scope of targeted clusters to only those matching a specific label: ```yaml -apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: name: guestbook @@ -76,7 +75,7 @@ spec: - clusters: selector: matchLabels: - staging: "true" + staging: true # The cluster generator also supports matchExpressions. #matchExpressions: # - key: staging @@ -89,7 +88,6 @@ spec: This would match an Argo CD cluster secret containing: ```yaml -apiVersion: v1 kind: Secret data: # (... fields as above ...) diff --git a/docs/operator-manual/applicationset/Generators-List.md b/docs/operator-manual/applicationset/Generators-List.md index fdd2a91559344..e5696f37b9745 100644 --- a/docs/operator-manual/applicationset/Generators-List.md +++ b/docs/operator-manual/applicationset/Generators-List.md @@ -15,8 +15,8 @@ spec: elements: - cluster: engineering-dev url: https://kubernetes.default.svc - # - cluster: engineering-prod - # url: https://kubernetes.default.svc + - cluster: engineering-prod + url: https://kubernetes.default.svc template: metadata: name: '{{.cluster}}-guestbook' @@ -61,7 +61,7 @@ The List generator can also dynamically generate its elements based on a yaml/js apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet metadata: - name: elements-yaml + name: elementsYaml namespace: argocd spec: goTemplate: true diff --git a/docs/operator-manual/applicationset/Generators-Plugin.md b/docs/operator-manual/applicationset/Generators-Plugin.md index 13e7bcdb01f36..d0888b9949b8e 100644 --- a/docs/operator-manual/applicationset/Generators-Plugin.md +++ b/docs/operator-manual/applicationset/Generators-Plugin.md @@ -77,12 +77,10 @@ metadata: data: token: "$plugin.myplugin.token" # Alternatively $:plugin.myplugin.token baseUrl: "http://myplugin.plugin-ns.svc.cluster.local." - requestTimeout: "60" ``` - `token`: Pre-shared token used to authenticate HTTP request (points to the right key you created in the `argocd-secret` Secret) - `baseUrl`: BaseUrl of the k8s service exposing your plugin in the cluster. -- `requestTimeout`: Timeout of the request to the plugin in seconds (default: 30) ### Store credentials diff --git a/docs/operator-manual/applicationset/Generators-Post-Selector.md b/docs/operator-manual/applicationset/Generators-Post-Selector.md index bcfe7f280ce8d..896e89e267d7c 100644 --- a/docs/operator-manual/applicationset/Generators-Post-Selector.md +++ b/docs/operator-manual/applicationset/Generators-Post-Selector.md @@ -1,57 +1,8 @@ # Post Selector all generators -The `selector` field on a generator allows an `ApplciationSet` to post-filter results using [the Kubernetes common labelSelector format](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) and the generated values. +The Selector allows to post-filter based on generated values using the Kubernetes common labelSelector format. In the example, the list generator generates a set of two application which then filter by the key value to only select the `env` with value `staging`: -`matchLabels` is a map of `{key,value}` pairs. This `list` generator generates a set of two `Applications`, which is then filtered using `matchLabels` to only the list element containing the key `env` with value `staging`: -``` -spec: - generators: - - list: - elements: - - cluster: engineering-dev - url: https://kubernetes.default.svc - env: staging - - cluster: engineering-prod - url: https://kubernetes.default.svc - env: prod - selector: - matchLabels: - env: staging -``` - -The `list` generator + `matchLabels` selector generates a single set of parameters: -```yaml -- cluster: engineering-dev - url: https://kubernetes.default.svc - env: staging -``` - -It is also possible to use `matchExpressions` for more powerful selectors. - -A single `{key,value}` in the `matchLabels` map is equivalent to an element of `matchExpressions`, whose `key` field is the "key", the `operator` is "In", and the `values` array contains only the "value". So the same example using `matchExpressions` looks like: -```yaml -spec: - generators: - - list: - elements: - - cluster: engineering-dev - url: https://kubernetes.default.svc - env: staging - - cluster: engineering-prod - url: https://kubernetes.default.svc - env: prod - selector: - matchExpressions: - - key: env - operator: In - values: - - staging -``` - -Valid `operators` include `In`, `NotIn`, `Exists`, and `DoesNotExist`. The `values` set must be non-empty in the case of `In` and `NotIn`. - -## Full Example -In the example, the list generator generates a set of two applications, which then filter by the key value to only select the `env` with value `staging`: +## Example: List generator + Post Selector ```yaml apiVersion: argoproj.io/v1alpha1 kind: ApplicationSet @@ -85,3 +36,26 @@ spec: server: '{{.url}}' namespace: guestbook ``` + +The List generator + Post Selector generates a single set of parameters: + +```yaml +- cluster: engineering-dev + url: https://kubernetes.default.svc + env: staging +``` + +It is also possible to use `matchExpressions` for more powerful selectors. + +```yaml +spec: + generators: + - clusters: {} + selector: + matchExpressions: + - key: server + operator: In + values: + - https://kubernetes.default.svc + - https://some-other-cluster +``` diff --git a/docs/operator-manual/applicationset/GoTemplate.md b/docs/operator-manual/applicationset/GoTemplate.md index 55ecfc171e517..1b651200bc6cc 100644 --- a/docs/operator-manual/applicationset/GoTemplate.md +++ b/docs/operator-manual/applicationset/GoTemplate.md @@ -204,9 +204,9 @@ ApplicationSet controller provides: - all [sprig](http://masterminds.github.io/sprig/) Go templates function except `env`, `expandenv` and `getHostByName` - `normalize`: sanitizes the input so that it complies with the following rules: - 1. contains no more than 253 characters - 2. contains only lowercase alphanumeric characters, '-' or '.' - 3. starts and ends with an alphanumeric character + 1. contains no more than 253 characters + 2. contains only lowercase alphanumeric characters, '-' or '.' + 3. starts and ends with an alphanumeric character - `slugify`: sanitizes like `normalize` and smart truncates (it doesn't cut a word into 2) like described in the [introduction](#introduction) section. - `toYaml` / `fromYaml` / `fromYamlArray` helm like functions diff --git a/docs/operator-manual/applicationset/Template.md b/docs/operator-manual/applicationset/Template.md index 19d9ba98df23c..d96fb39252fed 100644 --- a/docs/operator-manual/applicationset/Template.md +++ b/docs/operator-manual/applicationset/Template.md @@ -9,24 +9,21 @@ ApplicationSet is using [fasttemplate](https://github.com/valyala/fasttemplate) An Argo CD Application is created by combining the parameters from the generator with fields of the template (via `{{values}}`), and from that a concrete `Application` resource is produced and applied to the cluster. Here is the template subfield from a Cluster generator: - ```yaml # (...) template: metadata: - name: '{{ .nameNormalized }}-guestbook' + name: '{{cluster}}-guestbook' spec: source: repoURL: https://github.com/infra-team/cluster-deployments.git targetRevision: HEAD - path: guestbook/{{ .nameNormalized }} + path: guestbook/{{cluster}} destination: - server: '{{ .server }}' + server: '{{url}}' namespace: guestbook ``` -For details on all available parameters (like `.name`, `.nameNormalized`, etc.) please refer to the [Cluster Generator docs](./Generators-Cluster.md). - The template subfields correspond directly to [the spec of an Argo CD `Application` resource](../../declarative-setup/#applications): - `project` refers to the [Argo CD Project](../../user-guide/projects.md) in use (`default` may be used here to utilize the default Argo CD Project) @@ -56,7 +53,7 @@ template as a Helm string literal. For example: ```yaml metadata: - name: '{{`{{ .nameNormalized }}`}}-guestbook' + name: '{{`{{.cluster}}`}}-guestbook' ``` This _only_ applies if you use Helm to deploy your ApplicationSet resources. @@ -91,12 +88,12 @@ spec: targetRevision: HEAD repoURL: https://github.com/argoproj/argo-cd.git # New path value is generated here: - path: 'applicationset/examples/template-override/{{ .nameNormalized }}-override' + path: 'applicationset/examples/template-override/{{cluster}}-override' destination: {} template: metadata: - name: '{{ .nameNormalized }}-guestbook' + name: '{{cluster}}-guestbook' spec: project: "default" source: @@ -105,7 +102,7 @@ spec: # This 'default' value is not used: it is replaced by the generator's template path, above path: applicationset/examples/template-override/default destination: - server: '{{ .server }}' + server: '{{url}}' namespace: guestbook ``` (*The full example can be found [here](https://github.com/argoproj/argo-cd/tree/master/applicationset/examples/template-override).*) @@ -143,15 +140,15 @@ spec: - values.debug.yaml template: metadata: - name: '{{ .nameNormalized }}-deployment' + name: '{{.cluster}}-deployment' spec: project: "default" source: repoURL: https://github.com/infra-team/cluster-deployments.git targetRevision: HEAD - path: guestbook/{{ .nameNormalized }} + path: guestbook/{{ .cluster }} destination: - server: '{{ .server }}' + server: '{{.url}}' namespace: guestbook templatePatch: | spec: diff --git a/docs/operator-manual/argocd-cm.yaml b/docs/operator-manual/argocd-cm.yaml index 61b8c3faa5d4f..88daa86c64334 100644 --- a/docs/operator-manual/argocd-cm.yaml +++ b/docs/operator-manual/argocd-cm.yaml @@ -221,16 +221,6 @@ data: # An optional comma-separated list of metadata.labels to observe in the UI. resource.customLabels: tier - # An optional comma-separated list of metadata.labels keys to add to Kubernetes events generated for Applications. - # The keys are compared against the Application and its AppProject. If matched, - # the corresponding labels are added to the generated event. - # In case of a conflict between labels on the Application and AppProject, - # the Application label values are prioritized and added to the event. Supports wildcards. - resource.includeEventLabelKeys: team,env* - # An optional comma-separated list of metadata.labels keys to exclude from Kubernetes events generated for Applications. Supports wildcards. - resource.excludeEventLabelKeys: environment,bu - - resource.compareoptions: | # if ignoreAggregatedRoles set to true then differences caused by aggregated roles in RBAC resources are ignored. ignoreAggregatedRoles: true diff --git a/docs/operator-manual/argocd-cmd-params-cm.yaml b/docs/operator-manual/argocd-cmd-params-cm.yaml index a3688d0425d57..3cb79d85f3150 100644 --- a/docs/operator-manual/argocd-cmd-params-cm.yaml +++ b/docs/operator-manual/argocd-cmd-params-cm.yaml @@ -58,7 +58,7 @@ data: controller.resource.health.persist: "true" # Cache expiration default (default 24h0m0s) controller.default.cache.expiration: "24h0m0s" - # Sharding algorithm used to balance clusters across application controller shards (default "legacy") + # Sharding algorithm used to balance clusters accross application controller shards (default "legacy") controller.sharding.algorithm: legacy # Number of allowed concurrent kubectl fork/execs. Any value less than 1 means no limit. controller.kubectl.parallelism.limit: "20" @@ -93,8 +93,6 @@ data: # Semicolon-separated list of content types allowed on non-GET requests. Set an empty string to allow all. Be aware # that allowing content types besides application/json may make your API more vulnerable to CSRF attacks. server.api.content.types: "application/json" - # Number of webhook requests processed concurrently (default 50) - server.webhook.parallelism.limit: "50" # Set the logging format. One of: text|json (default "text") server.log.format: "text" @@ -181,8 +179,6 @@ data: reposerver.git.lsremote.parallelism.limit: "0" # Git requests timeout. reposerver.git.request.timeout: "15s" - # Include hidden directories from Git - reposerver.include.hidden.directories: "false" # Disable TLS on the HTTP endpoint dexserver.disable.tls: "false" @@ -215,8 +211,6 @@ data: applicationsetcontroller.allowed.scm.providers: "https://git.example.com/,https://gitlab.example.com/" # To disable SCM providers entirely (i.e. disable the SCM and PR generators), set this to "false". Default is "true". applicationsetcontroller.enable.scm.providers: "false" - # Number of webhook requests processed concurrently (default 50) - applicationsetcontroller.webhook.parallelism.limit: "50" ## Argo CD Notifications Controller Properties # Set the logging level. One of: debug|info|warn|error (default "info") diff --git a/docs/operator-manual/config-management-plugins.md b/docs/operator-manual/config-management-plugins.md index d37c514493d37..7c86075ff2f7f 100644 --- a/docs/operator-manual/config-management-plugins.md +++ b/docs/operator-manual/config-management-plugins.md @@ -178,7 +178,7 @@ entrypoint. You can use either off-the-shelf or custom-built plugin image as sid containers: - name: my-plugin command: [/var/run/argocd/argocd-cmp-server] # Entrypoint should be Argo CD lightweight CMP server i.e. argocd-cmp-server - image: ubuntu # This can be off-the-shelf or custom-built image + image: busybox # This can be off-the-shelf or custom-built image securityContext: runAsNonRoot: true runAsUser: 999 @@ -458,7 +458,7 @@ Plugins configured with argocd-cm ran on the Argo CD image. This gave it access image by default (see the [Dockerfile](https://github.com/argoproj/argo-cd/blob/master/Dockerfile) for base image and installed tools). -You can either use a stock image (like ubuntu, busybox, or alpine/k8s) or design your own base image with the tools your plugin needs. For +You can either use a stock image (like busybox, or alpine/k8s) or design your own base image with the tools your plugin needs. For security, avoid using images with more binaries installed than what your plugin actually needs. ### Test the plugin diff --git a/docs/operator-manual/declarative-setup.md b/docs/operator-manual/declarative-setup.md index 324e6dc74620b..3830cb610796a 100644 --- a/docs/operator-manual/declarative-setup.md +++ b/docs/operator-manual/declarative-setup.md @@ -929,9 +929,7 @@ If your AKS cluster utilizes the [Mutating Admission Webhook](https://azure.gith 2. **Create Federated Identity Credential**: Generate an Azure federated identity credential for the `argocd-application-controller` and `argocd-server` service accounts. Refer to the [Federated Identity Credential](https://azure.github.io/azure-workload-identity/docs/topics/federated-identity-credential.html) documentation for detailed instructions. -3. **Add Annotations to Service Account** Add `"azure.workload.identity/client-id": "$CLIENT_ID"` and `"azure.workload.identity/tenant-id": "$TENANT_ID"` annotations to the `argocd-application-controller` and `argocd-server` service accounts using the details from the federated credential. - -4. **Set the AZURE_CLIENT_ID**: Update the `AZURE_CLIENT_ID` in the cluster secret to match the client id of the newly created federated identity credential. +3. **Set the AZURE_CLIENT_ID**: Update the `AZURE_CLIENT_ID` in the cluster secret to match the client id of the newly created federated identity credential. ```yaml @@ -1132,22 +1130,6 @@ data: Custom Labels configured with `resource.customLabels` (comma separated string) will be displayed in the UI (for any resource that defines them). -## Labels on Application Events - -An optional comma-separated list of `metadata.labels` keys can be configured with `resource.includeEventLabelKeys` to add to Kubernetes events generated for Argo CD Applications. When events are generated for Applications containing the specified labels, the controller adds the matching labels to the event. This establishes an easy link between the event and the application, allowing for filtering using labels. In case of conflict between labels on the Application and AppProject, the Application label values are prioritized and added to the event. - -```yaml - resource.includeEventLabelKeys: team,env* -``` - -To exclude certain labels from events, use the `resource.excludeEventLabelKeys` key, which takes a comma-separated list of `metadata.labels` keys. - -```yaml - resource.excludeEventLabelKeys: environment,bu -``` - -Both `resource.includeEventLabelKeys` and `resource.excludeEventLabelKeys` support wildcards. - ## SSO & RBAC * SSO configuration details: [SSO](./user-management/index.md) diff --git a/docs/operator-manual/deep_links.md b/docs/operator-manual/deep_links.md index 6a5ab8ba56772..c166a1d25d75d 100644 --- a/docs/operator-manual/deep_links.md +++ b/docs/operator-manual/deep_links.md @@ -75,9 +75,4 @@ An example `argocd-cm.yaml` file with deep links and their variations : - url: https://mycompany.splunk.com?search={{.resource.metadata.name}}&env={{.project.metadata.labels.env}} title: Splunk if: resource.kind == "Pod" || resource.kind == "Deployment" - - # sample checking a tag exists that contains - or / and how to alternatively access it - - url: https://mycompany.splunk.com?tag={{ index .resource.metadata.labels "some.specific.kubernetes.like/tag" }} - title: Tag Service - if: resource.metadata.labels["some.specific.kubernetes.like/tag"] != nil && resource.metadata.labels["some.specific.kubernetes.like/tag"] != "" ``` diff --git a/docs/operator-manual/health.md b/docs/operator-manual/health.md index 107f2f3f92cdb..8566d6460e6db 100644 --- a/docs/operator-manual/health.md +++ b/docs/operator-manual/health.md @@ -38,19 +38,21 @@ metadata: app.kubernetes.io/name: argocd-cm app.kubernetes.io/part-of: argocd data: - resource.customizations.health.argoproj.io_Application: | - hs = {} - hs.status = "Progressing" - hs.message = "" - if obj.status ~= nil then - if obj.status.health ~= nil then - hs.status = obj.status.health.status - if obj.status.health.message ~= nil then - hs.message = obj.status.health.message + resource.customizations: | + argoproj.io/Application: + health.lua: | + hs = {} + hs.status = "Progressing" + hs.message = "" + if obj.status ~= nil then + if obj.status.health ~= nil then + hs.status = obj.status.health.status + if obj.status.health.message ~= nil then + hs.message = obj.status.health.message + end + end end - end - end - return hs + return hs ``` ## Custom Health Checks @@ -66,7 +68,9 @@ There are two ways to configure a custom health check. The next two sections des Custom health checks can be defined in ```yaml - resource.customizations.health._: | + resource.customizations: | + : + health.lua: | ``` field of `argocd-cm`. If you are using argocd-operator, this is overridden by [the argocd-operator resourceCustomizations](https://argocd-operator.readthedocs.io/en/latest/reference/argocd/#resource-customizations). @@ -74,44 +78,49 @@ The following example demonstrates a health check for `cert-manager.io/Certifica ```yaml data: - resource.customizations.health.cert-manager.io_Certificate: | - hs = {} - if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = condition.message - return hs + resource.customizations: | + cert-manager.io/Certificate: + health.lua: | + hs = {} + if obj.status ~= nil then + if obj.status.conditions ~= nil then + for i, condition in ipairs(obj.status.conditions) do + if condition.type == "Ready" and condition.status == "False" then + hs.status = "Degraded" + hs.message = condition.message + return hs + end + if condition.type == "Ready" and condition.status == "True" then + hs.status = "Healthy" + hs.message = condition.message + return hs + end + end end end - end - end - hs.status = "Progressing" - hs.message = "Waiting for certificate" - return hs + hs.status = "Progressing" + hs.message = "Waiting for certificate" + return hs ``` - In order to prevent duplication of the custom health check for potentially multiple resources, it is also possible to specify a wildcard in the resource kind, and anywhere in the resource group, like this: ```yaml - resource.customizations.health.ec2.aws.crossplane.io_*: | - ... + resource.customizations: | + ec2.aws.crossplane.io/*: + health.lua: | + ... ``` ```yaml - resource.customizations.health.*.aws.crossplane.io_*: | - ... + resource.customizations: | + "*.aws.crossplane.io/*": + health.lua: | + ... ``` !!!important - Please, note that there can be ambiguous resolution of wildcards, see [#16905](https://github.com/argoproj/argo-cd/issues/16905) + Please note the required quotes in the resource customization health section, if the wildcard starts with `*`. The `obj` is a global variable which contains the resource. The script must return an object with status and optional message field. The custom health check might return one of the following health statuses: @@ -124,13 +133,15 @@ The custom health check might return one of the following health statuses: By default health typically returns `Progressing` status. NOTE: As a security measure, access to the standard Lua libraries will be disabled by default. Admins can control access by -setting `resource.customizations.useOpenLibs._`. In the following example, standard libraries are enabled for health check of `cert-manager.io/Certificate`. +setting `resource.customizations.useOpenLibs.`. In the following example, standard libraries are enabled for health check of `cert-manager.io/Certificate`. ```yaml data: - resource.customizations.useOpenLibs.cert-manager.io_Certificate: true - resource.customizations.health.cert-manager.io_Certificate: | - # Lua standard libraries are enabled for this script + resource.customizations: | + cert-manager.io/Certificate: + health.lua.useOpenLibs: true + health.lua: | + # Lua standard libraries are enabled for this script ``` ### Way 2. Contribute a Custom Health Check @@ -163,31 +174,6 @@ The [PR#1139](https://github.com/argoproj/argo-cd/pull/1139) is an example of Ce Please note that bundled health checks with wildcards are not supported. -## Overriding Go-Based Health Checks - -Health checks for some resources were [hardcoded as Go code](https://github.com/argoproj/gitops-engine/tree/master/pkg/health) -because Lua support was introduced later. Also, the logic of health checks for some resources were too complex, so it -was easier to implement it in Go. - -It is possible to override health checks for built-in resource. Argo will prefer the configured health check over the -Go-based built-in check. - -The following resources have Go-based health checks: - -* PersistentVolumeClaim -* Pod -* Service -* apiregistration.k8s.io/APIService -* apps/DaemonSet -* apps/Deployment -* apps/ReplicaSet -* apps/StatefulSet -* argoproj.io/Workflow -* autoscaling/HorizontalPodAutoscaler -* batch/Job -* extensions/Ingress -* networking.k8s.io/Ingress - ## Health Checks An Argo CD App's health is inferred from the health of its immediate child resources (the resources represented in diff --git a/docs/operator-manual/high_availability.md b/docs/operator-manual/high_availability.md index 632ac2fb1286b..fd00a5dfe2f3d 100644 --- a/docs/operator-manual/high_availability.md +++ b/docs/operator-manual/high_availability.md @@ -82,16 +82,10 @@ spec: ``` * In order to manually set the cluster's shard number, specify the optional `shard` property when creating a cluster. If not specified, it will be calculated on the fly by the application controller. -* The shard distribution algorithm of the `argocd-application-controller` can be set by using the `--sharding-method` parameter. Supported sharding methods are : [legacy (default), round-robin, consistent-hashing]: -- `legacy` mode uses an `uid` based distribution (non-uniform). -- `round-robin` uses an equal distribution across all shards. -- `consistent-hashing` uses the consistent hashing with bounded loads algorithm which tends to equal distribution and also reduces cluster or application reshuffling in case of additions or removals of shards or clusters. +* The shard distribution algorithm of the `argocd-application-controller` can be set by using the `--sharding-method` parameter. Supported sharding methods are : [legacy (default), round-robin]. `legacy` mode uses an `uid` based distribution (non-uniform). `round-robin` uses an equal distribution across all shards. The `--sharding-method` parameter can also be overriden by setting the key `controller.sharding.algorithm` in the `argocd-cmd-params-cm` `configMap` (preferably) or by setting the `ARGOCD_CONTROLLER_SHARDING_ALGORITHM` environment variable and by specifiying the same possible values. -The `--sharding-method` parameter can also be overridden by setting the key `controller.sharding.algorithm` in the `argocd-cmd-params-cm` `configMap` (preferably) or by setting the `ARGOCD_CONTROLLER_SHARDING_ALGORITHM` environment variable and by specifiying the same possible values. - -!!! warning "Alpha Features" - The `round-robin` shard distribution algorithm is an experimental feature. Reshuffling is known to occur in certain scenarios with cluster removal. If the cluster at rank-0 is removed, reshuffling all clusters across shards will occur and may temporarily have negative performance impacts. - The `consistent-hashing` shard distribution algorithm is an experimental feature. Extensive benchmark have been documented on the [CNOE blog](https://cnoe.io/blog/argo-cd-application-scalability) with encouraging results. Community feedback is highly appreciated before moving this feature to a production ready state. +!!! warning "Alpha Feature" + The `round-robin` shard distribution algorithm is an experimental feature. Reshuffling is known to occur in certain scenarios with cluster removal. If the cluster at rank-0 is removed, reshuffling all clusters across shards will occur and may temporarily have negative performance impacts. * A cluster can be manually assigned and forced to a `shard` by patching the `shard` field in the cluster secret to contain the shard number, e.g. ```yaml @@ -132,7 +126,7 @@ stringData: **metrics** -* `argocd_app_reconcile` - reports application reconciliation duration in seconds. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. +* `argocd_app_reconcile` - reports application reconciliation duration. Can be used to build reconciliation duration heat map to get a high-level reconciliation performance picture. * `argocd_app_k8s_request_total` - number of k8s requests per application. The number of fallback Kubernetes API queries - useful to identify which application has a resource with non-preferred version and causes performance issues. @@ -193,8 +187,6 @@ The `argocd.argoproj.io/manifest-generate-paths` annotation contains a semicolon Installations that use a different repository for each application are **not** subject to this behavior and will likely get no benefit from using these annotations. -Similarly, applications referencing an external Helm values file will not get the benefits of this feature when an unrelated change happens in the external source. - For webhooks, the comparison is done using the files specified in the webhook event payload instead. !!! note @@ -254,25 +246,6 @@ spec: # ... ``` -* **Glob paths** The annotation might contain a glob pattern path, which can be any pattern supported by the [Go filepath Match function](https://pkg.go.dev/path/filepath#Match): - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: guestbook - namespace: argocd - annotations: - # resolves to any file matching the pattern of *-secret.yaml in the top level shared folder - argocd.argoproj.io/manifest-generate-paths: "/shared/*-secret.yaml" -spec: - source: - repoURL: https://github.com/argoproj/argocd-example-apps.git - targetRevision: HEAD - path: guestbook -# ... -``` - ### Application Sync Timeout & Jitter Argo CD has a timeout for application syncs. It will trigger a refresh for each application periodically when the timeout expires. diff --git a/docs/operator-manual/ingress.md b/docs/operator-manual/ingress.md index 2a462e9601349..aad2208c21873 100644 --- a/docs/operator-manual/ingress.md +++ b/docs/operator-manual/ingress.md @@ -12,8 +12,7 @@ There are several ways how Ingress can be configured. The Ambassador Edge Stack can be used as a Kubernetes ingress controller with [automatic TLS termination](https://www.getambassador.io/docs/latest/topics/running/tls/#host) and routing capabilities for both the CLI and the UI. -The API server should be run with TLS disabled. Edit the `argocd-server` deployment to add the `--insecure` flag to the argocd-server command, or simply set `server.insecure: "true"` in the `argocd-cmd-params-cm` ConfigMap [as described here](server-commands/additional-configuration-method.md). Given the `argocd` CLI includes the port number in the request `host` header, 2 Mappings are required. -Note: Disabling TLS in not required if you are using grpc-web +The API server should be run with TLS disabled. Edit the `argocd-server` deployment to add the `--insecure` flag to the argocd-server command, or simply set `server.insecure: "true"` in the `argocd-cmd-params-cm` ConfigMap [as described here](server-commands/additional-configuration-method.md). Given the `argocd` CLI includes the port number in the request `host` header, 2 Mappings are required. ### Option 1: Mapping CRD for Host-based Routing ```yaml @@ -25,7 +24,7 @@ metadata: spec: host: argocd.example.com prefix: / - service: https://argocd-server:443 + service: argocd-server:443 --- apiVersion: getambassador.io/v2 kind: Mapping @@ -61,25 +60,7 @@ metadata: spec: prefix: /argo-cd rewrite: /argo-cd - service: https://argocd-server:443 -``` - -Example of `argocd-cmd-params-cm` configmap -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-cmd-params-cm - namespace: argocd - labels: - app.kubernetes.io/name: argocd-cmd-params-cm - app.kubernetes.io/part-of: argocd -data: - ## Server properties - # Value for base href in index.html. Used if Argo CD is running behind reverse proxy under subpath different from / (default "/") - server.basehref: "/argo-cd" - # Used if Argo CD is running behind reverse proxy under subpath different from / - server.rootpath: "/argo-cd" + service: argocd-server:443 ``` Login with the `argocd` CLI using the extra `--grpc-web-root-path` flag for non-root paths. @@ -369,7 +350,7 @@ the API server -- one for gRPC and the other for HTTP/HTTPS. However it allows T happen at the ingress controller. -## [Traefik (v3.0)](https://docs.traefik.io/) +## [Traefik (v2.2)](https://docs.traefik.io/) Traefik can be used as an edge router and provide [TLS](https://docs.traefik.io/user-guides/grpc/) termination within the same deployment. @@ -379,7 +360,7 @@ The API server should be run with TLS disabled. Edit the `argocd-server` deploym ### IngressRoute CRD ```yaml -apiVersion: traefik.io/v1alpha1 +apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: argocd-server @@ -395,7 +376,7 @@ spec: - name: argocd-server port: 80 - kind: Rule - match: Host(`argocd.example.com`) && Header(`Content-Type`, `application/grpc`) + match: Host(`argocd.example.com`) && Headers(`Content-Type`, `application/grpc`) priority: 11 services: - name: argocd-server @@ -511,7 +492,7 @@ spec: - --staticassets - /shared/app - --redis - - argocd-redis:6379 + - argocd-redis-ha-haproxy:6379 - --insecure - --basehref - /argocd @@ -529,7 +510,7 @@ After that install Argo CD (there should be only 3 yml file defined above in cu kubectl apply -k ./ -n argocd --wait=true ``` -Be sure you create secret for Istio ( in our case secretname is argocd-server-tls on argocd Namespace). After that we create Istio Resources +Be sure you create secret for Isito ( in our case secretname is argocd-server-tls on argocd Namespace). After that we create Istio Resources ```yaml apiVersion: networking.istio.io/v1alpha3 @@ -617,7 +598,7 @@ Edit the `--insecure` flag in the `argocd-server` command of the argocd-server d ### Creating a service -Now you need an externally accessible service. This is practically the same as the internal service Argo CD has, but with Google Cloud annotations. Note that this service is annotated to use a [Network Endpoint Group](https://cloud.google.com/load-balancing/docs/negs) (NEG) to allow your load balancer to send traffic directly to your pods without using kube-proxy, so remove the `neg` annotation if that's not what you want. +Now you need an externally accessible service. This is practically the same as the internal service Argo CD has, but with Google Cloud annotations. Note that this service is annotated to use a [Network Endpoint Group](https://cloud.google.com/load-balancing/docs/negs) (NEG) to allow your load balancer to send traffic directly to your pods without using kube-proxy, so remove the `neg` annotation it that's not what you want. The service: diff --git a/docs/operator-manual/metrics.md b/docs/operator-manual/metrics.md index 5aebb9245c0ae..a3ddbfe9904d3 100644 --- a/docs/operator-manual/metrics.md +++ b/docs/operator-manual/metrics.md @@ -10,7 +10,7 @@ Metrics about applications. Scraped at the `argocd-metrics:8082/metrics` endpoin | `argocd_app_info` | gauge | Information about Applications. It contains labels such as `sync_status` and `health_status` that reflect the application state in Argo CD. | | `argocd_app_k8s_request_total` | counter | Number of Kubernetes requests executed during application reconciliation | | `argocd_app_labels` | gauge | Argo Application labels converted to Prometheus labels. Disabled by default. See section below about how to enable it. | -| `argocd_app_reconcile` | histogram | Application reconciliation performance in seconds. | +| `argocd_app_reconcile` | histogram | Application reconciliation performance. | | `argocd_app_sync_total` | counter | Counter for application sync history | | `argocd_cluster_api_resource_objects` | gauge | Number of k8s resource objects in the cache. | | `argocd_cluster_api_resources` | gauge | Number of monitored Kubernetes API resources. | diff --git a/docs/operator-manual/notifications/catalog.md b/docs/operator-manual/notifications/catalog.md index f4d88d2cf6aeb..add7084304b98 100644 --- a/docs/operator-manual/notifications/catalog.md +++ b/docs/operator-manual/notifications/catalog.md @@ -1,9 +1,4 @@ # Triggers and Templates Catalog -## Getting Started -* Install Triggers and Templates from the catalog - ```bash - kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml - ``` ## Triggers | NAME | DESCRIPTION | TEMPLATE | |------------------------|---------------------------------------------------------------|-----------------------------------------------------| diff --git a/docs/operator-manual/notifications/grafana-dashboard.json b/docs/operator-manual/notifications/grafana-dashboard.json index 19af42cf39d06..5d04f9116aa16 100644 --- a/docs/operator-manual/notifications/grafana-dashboard.json +++ b/docs/operator-manual/notifications/grafana-dashboard.json @@ -60,7 +60,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (name)", + "expr": "sum(increase(argocd_notifications_trigger_eval_total[$interval])) by (notifier)", "refId": "A" } ], @@ -146,7 +146,7 @@ "steppedLine": false, "targets": [ { - "expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (service)", + "expr": "sum(increase(argocd_notifications_deliveries_total[$interval])) by (notifier)", "refId": "A" } ], diff --git a/docs/operator-manual/notifications/index.md b/docs/operator-manual/notifications/index.md index 002f67249c616..eccca906ae91b 100644 --- a/docs/operator-manual/notifications/index.md +++ b/docs/operator-manual/notifications/index.md @@ -93,7 +93,7 @@ data: apiVersion: v1 kind: Secret metadata: - name: argocd-notifications-secret + name: argo-cd-notification-secret type: Opaque data: pagerduty-key-my-service: diff --git a/docs/operator-manual/notifications/monitoring.md b/docs/operator-manual/notifications/monitoring.md index 3d8b4c41ea34d..a0aabbaae1f09 100644 --- a/docs/operator-manual/notifications/monitoring.md +++ b/docs/operator-manual/notifications/monitoring.md @@ -13,8 +13,8 @@ The following metrics are available: Number of delivered notifications. Labels: -* `trigger` - trigger name -* `service` - notification service name +* `template` - notification template name +* `notifier` - notification service name * `succeeded` - flag that indicates if notification was successfully sent or failed ### `argocd_notifications_trigger_eval_total` diff --git a/docs/operator-manual/notifications/services/github.md b/docs/operator-manual/notifications/services/github.md index 4cd2523908ba1..36fbda5a100ba 100755 --- a/docs/operator-manual/notifications/services/github.md +++ b/docs/operator-manual/notifications/services/github.md @@ -7,9 +7,7 @@ The GitHub notification service changes commit status using [GitHub Apps](https: - `appID` - the app id - `installationID` - the app installation id - `privateKey` - the app private key -- `enterpriseBaseURL` - optional URL, e.g. https://git.example.com/api/v3 - -> ⚠️ _NOTE:_ Specifying `/api/v3` in the `enterpriseBaseURL` is required until [argoproj/notifications-engine#205](https://github.com/argoproj/notifications-engine/issues/205) is resolved. +- `enterpriseBaseURL` - optional URL, e.g. https://git.example.com/ ## Configuration diff --git a/docs/operator-manual/notifications/services/rocketchat.md b/docs/operator-manual/notifications/services/rocketchat.md index b84861b54bd8f..20aaa405c80d0 100755 --- a/docs/operator-manual/notifications/services/rocketchat.md +++ b/docs/operator-manual/notifications/services/rocketchat.md @@ -4,7 +4,7 @@ The Rocket.Chat notification service configuration includes following settings: -* `email` - the Rocker.Chat user's SAMAccountName +* `email` - the Rocker.Chat user's email * `password` - the Rocker.Chat user's password * `alias` - optional alias that should be used to post message * `icon` - optional message icon @@ -25,7 +25,7 @@ The Rocket.Chat notification service configuration includes following settings: 4. Copy username and password that you was created for bot user 5. Create a public or private channel, or a team, for this example `my_channel` 6. Add your bot to this channel **otherwise it won't work** -7. Store email and password in argocd-notifications-secret Secret +7. Store email and password in argocd_notifications-secret Secret ```yaml apiVersion: v1 diff --git a/docs/operator-manual/notifications/troubleshooting-errors.md b/docs/operator-manual/notifications/troubleshooting-errors.md index 5ae95e8e384d6..f76bb7a2b0d3f 100644 --- a/docs/operator-manual/notifications/troubleshooting-errors.md +++ b/docs/operator-manual/notifications/troubleshooting-errors.md @@ -39,34 +39,3 @@ You need to check your argocd-notifications controller version. For instance, th ### notification service 'xxxx' is not supported You have not defined `xxxx` in `argocd-notifications-cm` or to fail to parse settings. - -## config referenced xxx, but key does not exist in secret - -- If you are using a custom secret, check that the secret is in the same namespace -- You have added the label: `app.kubernetes.io/part-of: argocd` to the secret -- You have tried restarting argocd-notifications controller - -### Example: -Secret: -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: argocd-slackbot - namespace: - labels: - app.kubernetes.io/part-of: argocd -type: Opaque -data: - slack-token: -``` -ConfigMap -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: argocd-notifications-cm -data: - service.slack: | - token: $argocd-slackbot:slack-token -``` diff --git a/docs/operator-manual/rbac.md b/docs/operator-manual/rbac.md index 8b318e77b7060..b1d386fb5eb8e 100644 --- a/docs/operator-manual/rbac.md +++ b/docs/operator-manual/rbac.md @@ -1,286 +1,195 @@ # RBAC Configuration -The RBAC feature enables restrictions of access to Argo CD resources. Argo CD does not have its own -user management system and has only one built-in user, `admin`. The `admin` user is a superuser and +The RBAC feature enables restriction of access to Argo CD resources. Argo CD does not have its own +user management system and has only one built-in user `admin`. The `admin` user is a superuser and it has unrestricted access to the system. RBAC requires [SSO configuration](user-management/index.md) or [one or more local users setup](user-management/index.md). Once SSO or local users are configured, additional RBAC roles can be defined, and SSO groups or local users can then be mapped to roles. -There are two main components where RBAC configuration can be defined: - -- The global RBAC config map (see [argo-rbac-cm.yaml](argocd-rbac-cm-yaml.md)) -- The [AppProject's roles](../user-guide/projects.md#project-roles) - ## Basic Built-in Roles Argo CD has two pre-defined roles but RBAC configuration allows defining roles and groups (see below). -- `role:readonly`: read-only access to all resources -- `role:admin`: unrestricted access to all resources +* `role:readonly` - read-only access to all resources +* `role:admin` - unrestricted access to all resources These default built-in role definitions can be seen in [builtin-policy.csv](https://github.com/argoproj/argo-cd/blob/master/assets/builtin-policy.csv) -## Default Policy for Authenticated Users - -When a user is authenticated in Argo CD, it will be granted the role specified in `policy.default`. - -!!! warning "Restricting Default Permissions" - - **All authenticated users get _at least_ the permissions granted by the default policies. This access cannot be blocked - by a `deny` rule.** It is recommended to create a new `role:authenticated` with the minimum set of permissions possible, - then grant permissions to individual roles as needed. - -## Anonymous Access - -Enabling anonymous access to the Argo CD instance allows users to assume the default role permissions specified by `policy.default` **without being authenticated**. - -The anonymous access to Argo CD can be enabled using the `users.anonymous.enabled` field in `argocd-cm` (see [argocd-cm.yaml](argocd-cm-yaml.md)). - -!!! warning - - When enabling anonymous access, consider creating a new default role and assigning it to the default policies - with `policy.default: role:unauthenticated`. - -## RBAC Model Structure - -The model syntax is based on [Casbin](https://casbin.org/docs/overview). There are two different types of syntax: one for assigning policies, and another one for assigning users to internal roles. - -**Group**: Allows to assign authenticated users/groups to internal roles. - -Syntax: `g, , ` - -- ``: The entity to whom the role will be assigned. It can be a local user or a user authenticated with SSO. - When SSO is used, the `user` will be based on the `sub` claims, while the group is one of the values returned by the `scopes` configuration. -- ``: The internal role to which the entity will be assigned. - -**Policy**: Allows to assign permissions to an entity. - -Syntax: `p, , , , , ` - -- ``: The entity to whom the policy will be assigned -- ``: The type of resource on which the action is performed. -- ``: The operation that is being performed on the resource. -- ``: The object identifier representing the resource on which the action is performed. Depending on the resource, the object's format will vary. -- ``: Whether this policy should grant or restrict the operation on the target object. One of `allow` or `deny`. - -Below is a table that summarizes all possible resources and which actions are valid for each of them. - -| Resource\Action | get | create | update | delete | sync | action | override | invoke | -| :------------------ | :-: | :----: | :----: | :----: | :--: | :----: | :------: | :----: | -| **applications** | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ | -| **applicationsets** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | -| **clusters** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | -| **projects** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | -| **repositories** | ✅ | ✅ | ✅ | ✅ | ❌ | ❌ | ❌ | ❌ | -| **accounts** | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | -| **certificates** | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | -| **gpgkeys** | ✅ | ✅ | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | -| **logs** | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| **exec** | ❌ | ✅ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | -| **extensions** | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ❌ | ✅ | - -### Application-Specific Policy - -Some policy only have meaning within an application. It is the case with the following resources: - -- `applications` -- `applicationsets` -- `logs` -- `exec` - -While they can be set in the global configuration, they can also be configured in [AppProject's roles](../user-guide/projects.md#project-roles). -The expected `` value in the policy structure is replaced by `/`. - -For instance, these policies would grant `example-user` access to get any applications, -but only be able to see logs in `my-app` application part of the `example-project` project. - -```csv -p, example-user, applications, get, *, allow -p, example-user, logs, get, example-project/my-app, allow -``` - -#### Application in Any Namespaces - -When [application in any namespace](app-any-namespace.md) is enabled, the expected `` value in the policy structure is replaced by `//`. -Since multiple applications could have the same name in the same project, the policy below makes sure to restrict access only to `app-namespace`. - -```csv -p, example-user, applications, get, */app-namespace/*, allow -p, example-user, logs, get, example-project/app-namespace/my-app, allow -``` - -### The `applications` resource +### RBAC Permission Structure -The `applications` resource is an [Application-Specific Policy](#application-specific-policy). +Breaking down the permissions definition differs slightly between applications and every other resource type in Argo CD. -#### Fine-grained Permissions for `update`/`delete` action +* All resources *except* application-specific permissions (see next bullet): -The `update` and `delete` actions, when granted on an application, will allow the user to perform the operation on the application itself **and** all of its resources. -It can be desirable to only allow `update` or `delete` on specific resources within an application. + `p, , , , ` -To do so, when the action if performed on an application's resource, the `` will have the `////` format. +* Applications, applicationsets, logs, and exec (which belong to an `AppProject`): -For instance, to grant access to `example-user` to only delete Pods in the `prod-app` Application, the policy could be: + `p, , , , /` -```csv -p, example-user, applications, delete/*/Pod/*, default/prod-app, allow -``` +### RBAC Resources and Actions -If we want to grant access to the user to update all resources of an application, but not the application itself: +Resources: `clusters`, `projects`, `applications`, `applicationsets`, +`repositories`, `certificates`, `accounts`, `gpgkeys`, `logs`, `exec`, +`extensions` -```csv -p, example-user, applications, update/*, default/prod-app, allow -``` +Actions: `get`, `create`, `update`, `delete`, `sync`, `override`,`action/` -If we want to explicitly deny delete of the application, but allow the user to delete Pods: +Note that `sync`, `override`, and `action/` only have meaning for the `applications` resource. -```csv -p, example-user, applications, delete, default/prod-app, deny -p, example-user, applications, delete/*/Pod/*, default/prod-app, allow -``` +#### Application resources -!!! note +The resource path for application objects is of the form +`/`. - It is not possible to deny fine-grained permissions for a sub-resource if the action was **explicitly allowed on the application**. - For instance, the following policies will **allow** a user to delete the Pod and any other resources in the application: - - ```csv - p, example-user, applications, delete, default/prod-app, allow - p, example-user, applications, delete/*/Pod/*, default/prod-app, deny - ``` +Delete access to sub-resources of a project, such as a rollout or a pod, cannot +be managed granularly. `/` grants access to all +subresources of an application. #### The `action` action The `action` action corresponds to either built-in resource customizations defined [in the Argo CD repository](https://github.com/argoproj/argo-cd/tree/master/resource_customizations), or to [custom resource actions](resource_actions.md#custom-resource-actions) defined by you. +The `action` path is of the form `action///`. For +example, a resource customization path +`resource_customizations/extensions/DaemonSet/actions/restart/action.lua` +corresponds to the `action` path `action/extensions/DaemonSet/restart`. You can +also use glob patterns in the action path: `action/*` (or regex patterns if you have +[enabled the `regex` match mode](https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/argocd-rbac-cm.yaml)). -The `` has the `action///` format. - -For example, a resource customization path `resource_customizations/extensions/DaemonSet/actions/restart/action.lua` -corresponds to the `action` path `action/extensions/DaemonSet/restart`. If the resource is not under a group (for example, Pods or ConfigMaps), -then the path will be `action//Pod/action-name`. - -The following policies allows the user to perform any action on the DaemonSet resources, as well as the `maintenance-off` action on a Pod: +If the resource is not under a group (for examples, Pods or ConfigMaps), then omit the group name from your RBAC +configuration: ```csv p, example-user, applications, action//Pod/maintenance-off, default/*, allow -p, example-user, applications, action/extensions/DaemonSet/*, default/*, allow -``` - -To allow the user to perform any actions: - -```csv -p, example-user, applications, action/*, default/*, allow ``` -#### The `override` action +#### The `exec` resource -When granted along with the `sync` action, the override action will allow a user to synchronize local manifests to the Application. -These manifests will be used instead of the configured source, until the next sync is performed. +`exec` is a special resource. When enabled with the `create` action, this privilege allows a user to `exec` into Pods via +the Argo CD UI. The functionality is similar to `kubectl exec`. -### The `applicationsets` resource +See [Web-based Terminal](web_based_terminal.md) for more info. -The `applicationsets` resource is an [Application-Specific policy](#application-specific-policy). +#### The `applicationsets` resource [ApplicationSets](applicationset/index.md) provide a declarative way to automatically create/update/delete Applications. -Allowing the `create` action on the resource effectively grants the ability to create Applications. While it doesn't allow the +Granting `applicationsets, create` effectively grants the ability to create Applications. While it doesn't allow the user to create Applications directly, they can create Applications via an ApplicationSet. -!!! note - - In v2.5, it is not possible to create an ApplicationSet with a templated Project field (e.g. `project: {{path.basename}}`) - via the API (or, by extension, the CLI). Disallowing templated projects makes project restrictions via RBAC safe: - -With the resource being application-specific, the `` of the applicationsets policy will have the format `/`. -However, since an ApplicationSet does belong to any project, the `` value represents the projects in which the ApplicationSet will be able to create Applications. - -With the following policy, a `dev-group` user will be unable to create an ApplicationSet capable of creating Applications -outside the `dev-project` project. +In v2.5, it is not possible to create an ApplicationSet with a templated Project field (e.g. `project: {{path.basename}}`) +via the API (or, by extension, the CLI). Disallowing templated projects makes project restrictions via RBAC safe: ```csv p, dev-group, applicationsets, *, dev-project/*, allow ``` -### The `logs` resource - -The `logs` resource is an [Application-Specific Policy](#application-specific-policy). - -When granted with the `get` action, this policy allows a user to see Pod's logs of an application via -the Argo CD UI. The functionality is similar to `kubectl logs`. - -### The `exec` resource - -The `exec` resource is an [Application-Specific Policy](#application-specific-policy). - -When granted with the `create` action, this policy allows a user to `exec` into Pods of an application via -the Argo CD UI. The functionality is similar to `kubectl exec`. - -See [Web-based Terminal](web_based_terminal.md) for more info. +With this rule in place, a `dev-group` user will be unable to create an ApplicationSet capable of creating Applications +outside the `dev-project` project. -### The `extensions` resource +#### The `extensions` resource -With the `extensions` resource, it is possible to configure permissions to invoke [proxy extensions](../developer-guide/extensions/proxy-extensions.md). -The `extensions` RBAC validation works in conjunction with the `applications` resource. -A user **needs to have read permission on the application** where the request is originated from. +With the `extensions` resource it is possible configure permissions to +invoke [proxy +extensions](../developer-guide/extensions/proxy-extensions.md). The +`extensions` RBAC validation works in conjunction with the +`applications` resource. A user logged in Argo CD (UI or CLI), needs +to have at least read permission on the project, namespace and +application where the request is originated from. -Consider the example below, it will allow the `example-user` to invoke the `httpbin` extensions in all -applications under the `default` project. +Consider the example below: ```csv -p, example-user, applications, get, default/*, allow -p, example-user, extensions, invoke, httpbin, allow +g, ext, role:extension +p, role:extension, applications, get, default/httpbin-app, allow +p, role:extension, extensions, invoke, httpbin, allow ``` -### The `deny` effect - -When `deny` is used as an effect in a policy, it will be effective if the policy matches. -Even if more specific policies with the `allow` effect match as well, the `deny` will have priority. - -The order in which the policies appears in the policy file configuration has no impact, and the result is deterministic. +Explanation: -## Policies Evaluation and Matching +* *line1*: defines the group `role:extension` associated with the + subject `ext`. +* *line2*: defines a policy allowing this role to read (`get`) the + `httpbin-app` application in the `default` project. +* *line3*: defines another policy allowing this role to `invoke` the + `httpbin` extension. -The evaluation of access is done in two parts: validating against the default policy configuration, then validating against the policies for the current user. +**Note 1**: that for extensions requests to be allowed, the policy defined +in the *line2* is also required. -**If an action is allowed or denied by the default policies, then this effect will be effective without further evaluation**. -When the effect is undefined, the evaluation will continue with subject-specific policies. +**Note 2**: `invoke` is a new action introduced specifically to be used +with the `extensions` resource. The current actions for `extensions` +are `*` or `invoke`. -The access will be evaluated for the user, then for each configured group that the user is part of. +## Tying It All Together -The matching engine, configured in `policy.matchMode`, can use two different match modes to compare the values of tokens: +Additional roles and groups can be configured in `argocd-rbac-cm` ConfigMap. The example below +configures a custom role, named `org-admin`. The role is assigned to any user which belongs to +`your-github-org:your-team` group. All other users get the default policy of `role:readonly`, +which cannot modify Argo CD settings. -- `glob`: based on the [`glob` package](https://pkg.go.dev/github.com/gobwas/glob). -- `regex`: based on the [`regexp` package](https://pkg.go.dev/regexp). +!!! warning + All authenticated users get *at least* the permissions granted by the default policy. This access cannot be blocked + by a `deny` rule. Instead, restrict the default policy and then grant permissions to individual roles as needed. -When all tokens match during the evaluation, the effect will be returned. The evaluation will continue until all matching policies are evaluated, or until a policy with the `deny` effect matches. -After all policies are evaluated, if there was at least one `allow` effect and no `deny`, access will be granted. +*ArgoCD ConfigMap `argocd-rbac-cm` Example:* -### Glob matching +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: argocd-rbac-cm + namespace: argocd +data: + policy.default: role:readonly + policy.csv: | + p, role:org-admin, applications, *, */*, allow + p, role:org-admin, clusters, get, *, allow + p, role:org-admin, repositories, get, *, allow + p, role:org-admin, repositories, create, *, allow + p, role:org-admin, repositories, update, *, allow + p, role:org-admin, repositories, delete, *, allow + p, role:org-admin, projects, get, *, allow + p, role:org-admin, projects, create, *, allow + p, role:org-admin, projects, update, *, allow + p, role:org-admin, projects, delete, *, allow + p, role:org-admin, logs, get, *, allow + p, role:org-admin, exec, create, */*, allow + + g, your-github-org:your-team, role:org-admin +``` -When `glob` is used, the policy tokens are treated as single terms, without separators. +---- -Consider the following policy: +Another `policy.csv` example might look as follows: -``` -p, example-user, applications, action/extensions/*, default/*, allow +```csv +p, role:staging-db-admin, applications, create, staging-db-project/*, allow +p, role:staging-db-admin, applications, delete, staging-db-project/*, allow +p, role:staging-db-admin, applications, get, staging-db-project/*, allow +p, role:staging-db-admin, applications, override, staging-db-project/*, allow +p, role:staging-db-admin, applications, sync, staging-db-project/*, allow +p, role:staging-db-admin, applications, update, staging-db-project/*, allow +p, role:staging-db-admin, logs, get, staging-db-project/*, allow +p, role:staging-db-admin, exec, create, staging-db-project/*, allow +p, role:staging-db-admin, projects, get, staging-db-project, allow +g, db-admins, role:staging-db-admin ``` -When the `example-user` executes the `extensions/DaemonSet/test` action, the following `glob` matches will happen: +This example defines a *role* called `staging-db-admin` with nine *permissions* that allow users with that role to perform the following *actions*: -1. The current user `example-user` matches the token `example-user`. -2. The value `applications` matches the token `applications`. -3. The value `action/extensions/DaemonSet/test` matches `action/extensions/*`. Note that `/` is not treated as a separator and the use of `**` is not necessary. -4. The value `default/my-app` matches `default/*`. +* `create`, `delete`, `get`, `override`, `sync` and `update` for applications in the `staging-db-project` project, +* `get` logs for objects in the `staging-db-project` project, +* `create` exec for objects in the `staging-db-project` project, and +* `get` for the project named `staging-db-project`. -## Using SSO Users/Groups - -The `scopes` field controls which OIDC scopes to examine during RBAC enforcement (in addition to `sub` scope). -If omitted, it defaults to `'[groups]'`. The scope value can be a string, or a list of strings. - -For more information on `scopes` please review the [User Management Documentation](user-management/index.md). +!!! note + The `scopes` field controls which OIDC scopes to examine during rbac + enforcement (in addition to `sub` scope). If omitted, defaults to: + `'[groups]'`. The scope value can be a string, or a list of strings. -The following example shows targeting `email` as well as `groups` from your OIDC provider. +Following example shows targeting `email` as well as `groups` from your OIDC provider. ```yaml apiVersion: v1 @@ -300,73 +209,24 @@ data: scopes: '[groups, email]' ``` -This can be useful to associate users' emails and groups directly in AppProject. - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: AppProject -metadata: - name: team-beta-project - namespace: argocd -spec: - roles: - - name: admin - description: Admin privileges to team-beta - policies: - - p, proj:team-beta-project:admin, applications, *, *, allow - groups: - - user@example.org # Value from the email scope - - my-org:team-beta # Value from the groups scope -``` - -## Local Users/Accounts - -[Local users](user-management/index.md#local-usersaccounts) are assigned access by either grouping them with a role or by assigning policies directly -to them. - -The example below shows how to assign a policy directly to a local user. - -```yaml -p, my-local-user, applications, sync, my-project/*, allow -``` - -This example shows how to assign a role to a local user. - -```yaml -g, my-local-user, role:admin -``` - -!!! warning "Ambiguous Group Assignments" - - If you have [enabled SSO](user-management/index.md#sso), any SSO user with a scope that matches a local user will be - added to the same roles as the local user. For example, if local user `sally` is assigned to `role:admin`, and if an - SSO user has a scope which happens to be named `sally`, that SSO user will also be assigned to `role:admin`. - - An example of where this may be a problem is if your SSO provider is an SCM, and org members are automatically - granted scopes named after the orgs. If a user can create or add themselves to an org in the SCM, they can gain the - permissions of the local user with the same name. - - To avoid ambiguity, if you are using local users and SSO, it is recommended to assign policies directly to local - users, and not to assign roles to local users. In other words, instead of using `g, my-local-user, role:admin`, you - should explicitly assign policies to `my-local-user`: - - ```yaml - p, my-local-user, *, *, *, allow - ``` +For more information on `scopes` please review the [User Management Documentation](user-management/index.md). ## Policy CSV Composition -It is possible to provide additional entries in the `argocd-rbac-cm` configmap to compose the final policy csv. -In this case, the key must follow the pattern `policy..csv`. -Argo CD will concatenate all additional policies it finds with this pattern below the main one ('policy.csv'). -The order of additional provided policies are determined by the key string. - -Example: if two additional policies are provided with keys `policy.A.csv` and `policy.B.csv`, -it will first concatenate `policy.A.csv` and then `policy.B.csv`. +It is possible to provide additional entries in the `argocd-rbac-cm` +configmap to compose the final policy csv. In this case the key must +follow the pattern `policy..csv`. Argo CD will concatenate +all additional policies it finds with this pattern below the main one +('policy.csv'). The order of additional provided policies are +determined by the key string. Example: if two additional policies are +provided with keys `policy.A.csv` and `policy.B.csv`, it will first +concatenate `policy.A.csv` and then `policy.B.csv`. -This is useful to allow composing policies in config management tools like Kustomize, Helm, etc. +This is useful to allow composing policies in config management tools +like Kustomize, Helm, etc. -The example below shows how a Kustomize patch can be provided in an overlay to add additional configuration to an existing RBAC ConfigMap. +The example below shows how a Kustomize patch can be provided in an +overlay to add additional configuration to an existing RBAC policy. ```yaml apiVersion: v1 @@ -381,21 +241,96 @@ data: g, my-org:team-qa, role:tester ``` +## Anonymous Access + +The anonymous access to Argo CD can be enabled using `users.anonymous.enabled` field in `argocd-cm` (see [argocd-cm.yaml](argocd-cm.yaml)). +The anonymous users get default role permissions specified by `policy.default` in `argocd-rbac-cm.yaml`. For read-only access you'll want `policy.default: role:readonly` as above + ## Validating and testing your RBAC policies If you want to ensure that your RBAC policies are working as expected, you can -use the [`argocd admin settings rbac` command](../user-guide/commands/argocd_admin_settings_rbac.md) to validate them. -This tool allows you to test whether a certain role or subject can perform the requested action with a policy -that's not live yet in the system, i.e. from a local file or config map. -Additionally, it can be used against the live RBAC configuration in the cluster your Argo CD is running in. +use the `argocd admin settings rbac` command to validate them. This tool allows you to +test whether a certain role or subject can perform the requested action with a +policy that's not live yet in the system, i.e. from a local file or config map. +Additionally, it can be used against the live policy in the cluster your Argo +CD is running in. + +To check whether your new policy is valid and understood by Argo CD's RBAC +implementation, you can use the `argocd admin settings rbac validate` command. ### Validating a policy -To check whether your new policy configuration is valid and understood by Argo CD's RBAC implementation, -you can use the [`argocd admin settings rbac validate` command](../user-guide/commands/argocd_admin_settings_rbac_validate.md). +To validate a policy stored in a local text file: + +```shell +argocd admin settings rbac validate --policy-file somepolicy.csv +``` + +To validate a policy stored in a local K8s ConfigMap definition in a YAML file: + +```shell +argocd admin settings rbac validate --policy-file argocd-rbac-cm.yaml +``` + +To validate a policy stored in K8s, used by Argo CD in namespace `argocd`, +ensure that your current context in `~/.kube/config` is pointing to your +Argo CD cluster and give appropriate namespace: + +```shell +argocd admin settings rbac validate --namespace argocd +``` ### Testing a policy To test whether a role or subject (group or local user) has sufficient permissions to execute certain actions on certain resources, you can -use the [`argocd admin settings rbac can` command](../user-guide/commands/argocd_admin_settings_rbac_can.md). +use the `argocd admin settings rbac can` command. Its general syntax is + +```shell +argocd admin settings rbac can SOMEROLE ACTION RESOURCE SUBRESOURCE [flags] +``` + +Given the example from the above ConfigMap, which defines the role +`role:org-admin`, and is stored on your local system as `argocd-rbac-cm-yaml`, +you can test whether that role can do something like follows: + +```console +$ argocd admin settings rbac can role:org-admin get applications --policy-file argocd-rbac-cm.yaml +Yes + +$ argocd admin settings rbac can role:org-admin get clusters --policy-file argocd-rbac-cm.yaml +Yes + +$ argocd admin settings rbac can role:org-admin create clusters 'somecluster' --policy-file argocd-rbac-cm.yaml +No + +$ argocd admin settings rbac can role:org-admin create applications 'someproj/someapp' --policy-file argocd-rbac-cm.yaml +Yes +``` + +Another example, given the policy above from `policy.csv`, which defines the +role `role:staging-db-admin` and associates the group `db-admins` with it. +Policy is stored locally as `policy.csv`: + +You can test against the role: + +```console +$ # Plain policy, without a default role defined +$ argocd admin settings rbac can role:staging-db-admin get applications --policy-file policy.csv +No + +$ argocd admin settings rbac can role:staging-db-admin get applications 'staging-db-project/*' --policy-file policy.csv +Yes + +$ # Argo CD augments a builtin policy with two roles defined, the default role +$ # being 'role:readonly' - You can include a named default role to use: +$ argocd admin settings rbac can role:staging-db-admin get applications --policy-file policy.csv --default-role role:readonly +Yes +``` + +Or against the group defined: + +```console +$ argocd admin settings rbac can db-admins get applications 'staging-db-project/*' --policy-file policy.csv +Yes +``` diff --git a/docs/operator-manual/secret-management.md b/docs/operator-manual/secret-management.md index 95343789c4868..aa224e20ff742 100644 --- a/docs/operator-manual/secret-management.md +++ b/docs/operator-manual/secret-management.md @@ -19,14 +19,13 @@ Here are some ways people are doing GitOps secrets: * [argocd-vault-replacer](https://github.com/crumbhole/argocd-vault-replacer) * [Kubernetes Secrets Store CSI Driver](https://github.com/kubernetes-sigs/secrets-store-csi-driver) * [Vals-Operator](https://github.com/digitalis-io/vals-operator) -* [argocd-secret-replacer](https://github.com/mmalyska/argocd-secret-replacer) For discussion, see [#1364](https://github.com/argoproj/argo-cd/issues/1364) ## Mitigating Risks of Secret-Injection Plugins -Argo CD caches the manifests generated by plugins, along with the injected secrets, in its Redis instance. Those -manifests are also available via the repo-server API (a gRPC service). This means that the secrets are available to +Argo CD caches the manifests generated by plugins, along with the injected secrets, in its Redis instance. Those +manifests are also available via the repo-server API (a gRPC service). This means that the secrets are available to anyone who has access to the Redis instance or to the repo-server. Consider these steps to mitigate the risks of secret-injection plugins: @@ -34,4 +33,5 @@ Consider these steps to mitigate the risks of secret-injection plugins: 1. Set up network policies to prevent direct access to Argo CD components (Redis and the repo-server). Make sure your cluster supports those network policies and can actually enforce them. 2. Consider running Argo CD on its own cluster, with no other applications running on it. - +3. [Enable password authentication on the Redis instance](https://github.com/argoproj/argo-cd/issues/3130) (currently + only supported for non-HA Argo CD installations). diff --git a/docs/operator-manual/server-commands/argocd-application-controller.md b/docs/operator-manual/server-commands/argocd-application-controller.md index 930dfa414751c..caab2770e07aa 100644 --- a/docs/operator-manual/server-commands/argocd-application-controller.md +++ b/docs/operator-manual/server-commands/argocd-application-controller.md @@ -70,7 +70,7 @@ argocd-application-controller [flags] --sentinelmaster string Redis sentinel master group name. (default "master") --server string The address and port of the Kubernetes API server --server-side-diff-enabled Feature flag to enable ServerSide diff. Default ("false") - --sharding-method string Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin, consistent-hashing] (default "legacy") + --sharding-method string Enables choice of sharding method. Supported sharding methods are : [legacy, round-robin] (default "legacy") --status-processors int Number of application status processors (default 20) --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. --token string Bearer token for authentication to the API server diff --git a/docs/operator-manual/server-commands/argocd-repo-server.md b/docs/operator-manual/server-commands/argocd-repo-server.md index 3532fc6c30b4a..0f824f494f2af 100644 --- a/docs/operator-manual/server-commands/argocd-repo-server.md +++ b/docs/operator-manual/server-commands/argocd-repo-server.md @@ -23,7 +23,6 @@ argocd-repo-server [flags] --helm-manifest-max-extracted-size string Maximum size of helm manifest archives when extracted (default "1G") --helm-registry-max-index-size string Maximum size of registry index file (default "1G") -h, --help help for argocd-repo-server - --include-hidden-directories Include hidden directories from Git --logformat string Set the logging format. One of: text|json (default "text") --loglevel string Set the logging level. One of: debug|info|warn|error (default "info") --max-combined-directory-manifests-size string Max combined size of manifest files in a directory-type Application (default "10M") @@ -51,7 +50,7 @@ argocd-repo-server [flags] --sentinelmaster string Redis sentinel master group name. (default "master") --streamed-manifest-max-extracted-size string Maximum size of streamed manifest archives when extracted (default "1G") --streamed-manifest-max-tar-size string Maximum size of streamed manifest archives (default "100M") - --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") + --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") --tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") --tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") ``` diff --git a/docs/operator-manual/server-commands/argocd-server.md b/docs/operator-manual/server-commands/argocd-server.md index 2f022f3da2be0..659a19de3d3e1 100644 --- a/docs/operator-manual/server-commands/argocd-server.md +++ b/docs/operator-manual/server-commands/argocd-server.md @@ -29,10 +29,6 @@ argocd-server [flags] --api-content-types string Semicolon separated list of allowed content types for non GET api requests. Any content type is allowed if empty. (default "application/json") --app-state-cache-expiration duration Cache expiration for app state (default 1h0m0s) --application-namespaces strings List of additional namespaces where application resources can be managed in - --appset-allowed-scm-providers strings The list of allowed custom SCM provider API URLs. This restriction does not apply to SCM or PR generators which do not accept a custom API URL. (Default: Empty = all) - --appset-enable-new-git-file-globbing Enable new globbing in Git files generator. - --appset-enable-scm-providers Enable retrieving information from SCM providers, used by the SCM and PR generators (Default: true) (default true) - --appset-scm-root-ca-path string Provide Root CA Path for self-signed TLS Certificates --as string Username to impersonate for the operation --as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups. --as-uid string UID to impersonate for the operation @@ -104,13 +100,12 @@ argocd-server [flags] --server string The address and port of the Kubernetes API server --staticassets string Directory path that contains additional static assets (default "/shared/app") --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. - --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384") + --tlsciphers string The list of acceptable ciphers to be used when establishing TLS connections. Use 'list' to list available ciphers. (default "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:TLS_RSA_WITH_AES_256_GCM_SHA384") --tlsmaxversion string The maximum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.3") --tlsminversion string The minimum SSL/TLS version that is acceptable (one of: 1.0|1.1|1.2|1.3) (default "1.2") --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use --username string Username for basic authentication to the API server - --webhook-parallelism-limit int Number of webhook requests processed concurrently (default 50) --x-frame-options value Set X-Frame-Options header in HTTP responses to value. To disable, set to "". (default "sameorigin") ``` diff --git a/docs/operator-manual/signed-release-assets.md b/docs/operator-manual/signed-release-assets.md index 3c42b27fd4e10..b574876345b5b 100644 --- a/docs/operator-manual/signed-release-assets.md +++ b/docs/operator-manual/signed-release-assets.md @@ -32,8 +32,7 @@ Argo CD container images are signed by [cosign](https://github.com/sigstore/cosi cosign verify \ --certificate-identity-regexp https://github.com/argoproj/argo-cd/.github/workflows/image-reuse.yaml@refs/tags/v \ --certificate-oidc-issuer https://token.actions.githubusercontent.com \ ---certificate-github-workflow-repository "argoproj/argo-cd" \ -quay.io/argoproj/argocd:v2.11.3 | jq +quay.io/argoproj/argocd:v2.7.0 | jq ``` The command should output the following if the container image was correctly verified: ```bash diff --git a/docs/operator-manual/tested-kubernetes-versions.md b/docs/operator-manual/tested-kubernetes-versions.md index 73475e8523f5b..a395be421e5fe 100644 --- a/docs/operator-manual/tested-kubernetes-versions.md +++ b/docs/operator-manual/tested-kubernetes-versions.md @@ -1,2 +1,5 @@ -This page is populated for released Argo CD versions. Use the version selector to view this table for a specific -version. +| Argo CD version | Kubernetes versions | +|-----------------|---------------------| +| 2.11 | v1.29, v1.28, v1.27, v1.26, v1.25 | +| 2.10 | v1.28, v1.27, v1.26, v1.25 | +| 2.9 | v1.28, v1.27, v1.26, v1.25 | diff --git a/docs/operator-manual/upgrading/2.11-2.12.md b/docs/operator-manual/upgrading/2.11-2.12.md deleted file mode 100644 index 4ce87578d1c1b..0000000000000 --- a/docs/operator-manual/upgrading/2.11-2.12.md +++ /dev/null @@ -1,46 +0,0 @@ -# v2.11 to 2.12 - -## Upgraded Helm Version - -Note that bundled Helm version has been upgraded from 3.14.4 to 3.15.2. - -## Image Registry Change for `redis` and `haproxy` - -Argo CD 2.12 upgraded its [upstream redis-ha Helm chart](https://artifacthub.io/packages/helm/dandydev-charts/redis-ha/) -version from 4.22.3 to 4.26.6. - -As part of the upgrade, the image registry for `redis` and `haproxy` was changed from DockerHub to ECR. - -Make sure that the registry change will work for your environment. One example of a problem would be that your -environment can use Cosign to verify the image signature for DockerHub but not for ECR. You would need to make sure your -Image Validation policy includes the AWS ECR as an approved registry. Please validate that the registry change is -acceptable before upgrading. - -## Server-Side Apply Management of ApplicationSet Fields - -### Summary - -If you are using server-side apply with multiple field managers to manage a single `selector` or `labelSelector` field -in an ApplicationSet, that field management must be changed to be atomic starting with 2.12. - -### Details - -Argo CD 2.12 upgraded its controller-gen version from 0.4.1 to 0.14.0. As part of that change, several ApplicationSet -CRD fields now have `x-kubernetes-map-type: atomic`. - -Each of the affected fields is a label selector with two child keys: `matchLabels` and `matchExpressions`. - -Prior to this change, two field managers could manage the `matchLabels` and `matchExpressions` fields independently. -Starting with the 2.12 CRD, a single field manager must manage both of those fields. This behavior is in line with the -upstream behavior of the label selector struct. - -See the [Kubernetes server-side apply merge strategy docs](https://kubernetes.io/docs/reference/using-api/server-side-apply/#merge-strategy) -for more information about the fields' behavior. - -The affected ApplicationSet fields are the following (jq selector syntax): - -* `.spec.generators[].selector` -* `.spec.generators[].cluster.selector` -* `.spec.generators[].clusterDecisionResource.labelSelector` -* `.spec.generators[].matrix.generators[].selector` -* `.spec.generators[].merge.generators[].selector` diff --git a/docs/operator-manual/upgrading/2.4-2.5.md b/docs/operator-manual/upgrading/2.4-2.5.md index 5ae6772dad9f9..8971c7cd8e3a4 100644 --- a/docs/operator-manual/upgrading/2.4-2.5.md +++ b/docs/operator-manual/upgrading/2.4-2.5.md @@ -86,7 +86,7 @@ p, role:org-admin, exec, create, *, allow ## argocd-cm plugins (CMPs) are deprecated Starting with Argo CD v2.5, installing config management plugins (CMPs) via the `argocd-cm` ConfigMap is deprecated. -Support will be removed in v2.7. +~~Support will be removed in v2.6.~~ Support will be removed in v2.7. You can continue to use the plugins by [installing them as sidecars](https://argo-cd.readthedocs.io/en/stable/user-guide/config-management-plugins/) on the repo-server Deployment. @@ -151,7 +151,7 @@ When using `argocd app diff --local`, code from the repo server is run on the us In order to support CMPs and reduce local requirements, we have implemented *server-side generation* of local manifests via the `--server-side-generate` argument. For example, `argocd app diff --local repoDir --server-side-generate` will upload the contents of `repoDir` to the repo server and run your manifest generation pipeline against it, the same as it would for a Git repo. -In v2.7, the `--server-side-generate` argument will become the default, and client-side generation will be supported as an alternative. +In ~~v2.6~~ v2.7, the `--server-side-generate` argument will become the default, ~~and client-side generation will be removed~~ and client-side generation will be supported as an alternative. !!! warning The semantics of *where* Argo will start generating manifests within a repo has changed between client-side and server-side generation. With client-side generation, the application's path (`spec.source.path`) was ignored and the value of `--local-repo-root` was effectively used (by default `/` relative to `--local`). diff --git a/docs/operator-manual/upgrading/overview.md b/docs/operator-manual/upgrading/overview.md index b4f1c397b62fb..6990fb05e2463 100644 --- a/docs/operator-manual/upgrading/overview.md +++ b/docs/operator-manual/upgrading/overview.md @@ -5,7 +5,7 @@ This section contains information on upgrading Argo CD. Before upgrading please make sure to read details about the breaking changes between Argo CD versions. -Argo CD uses semver-like versioning that ensures the following rules: +Argo CD uses the semver versioning and ensures that following rules: * The patch release does not introduce any breaking changes. So if you are upgrading from v1.5.1 to v1.5.3 there should be no special instructions to follow. @@ -37,7 +37,6 @@ kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/ -* [v2.11 to v2.12](./2.11-2.12.md) * [v2.10 to v2.11](./2.10-2.11.md) * [v2.9 to v2.10](./2.9-2.10.md) * [v2.8 to v2.9](./2.8-2.9.md) diff --git a/docs/operator-manual/user-management/auth0.md b/docs/operator-manual/user-management/auth0.md index c20b5f5af30c9..411517df05e06 100644 --- a/docs/operator-manual/user-management/auth0.md +++ b/docs/operator-manual/user-management/auth0.md @@ -39,7 +39,6 @@ data: issuer: https://..auth0.com/ clientID: clientSecret: - domain_hint: requestedScopes: - openid - profile diff --git a/docs/operator-manual/user-management/microsoft.md b/docs/operator-manual/user-management/microsoft.md index 19e28cf6fd289..486d647fde3d0 100644 --- a/docs/operator-manual/user-management/microsoft.md +++ b/docs/operator-manual/user-management/microsoft.md @@ -160,7 +160,7 @@ p, role:org-admin, repositories, delete, *, allow g, "84ce98d1-e359-4f3b-85af-985b458de3c6", role:org-admin -4. Mapping role from jwt token to argo. +4. Mapping role from jwt token to argo If you want to map the roles from the jwt token to match the default roles (readonly and admin) then you must change the scope variable in the rbac-configmap. policy.default: role:readonly diff --git a/docs/proposals/application-name-identifier.md b/docs/proposals/application-name-identifier.md index 0554c4139b817..3d425e9432dbc 100644 --- a/docs/proposals/application-name-identifier.md +++ b/docs/proposals/application-name-identifier.md @@ -31,7 +31,7 @@ managed (i.e. reconciled from Git). The default label used is the well-known label `app.kubernetes.io/instance`. This proposal suggests to introduce the `trackingMethod` setting that allows -controlling how application resources are identified and allows switching to +controlling how applicaton resources are identified and allows switching to using the annotation instead of `app.kubernetes.io/instance` label. ## Motivation diff --git a/docs/proposals/images/current-summary-tab.png b/docs/proposals/images/current-summary-tab.png deleted file mode 100644 index b9934ea592f36..0000000000000 Binary files a/docs/proposals/images/current-summary-tab.png and /dev/null differ diff --git a/docs/proposals/images/helm-parameter-list.png b/docs/proposals/images/helm-parameter-list.png deleted file mode 100644 index 043527efbc156..0000000000000 Binary files a/docs/proposals/images/helm-parameter-list.png and /dev/null differ diff --git a/docs/proposals/images/history-and-rollback-button.png b/docs/proposals/images/history-and-rollback-button.png deleted file mode 100644 index bea82323a1e4d..0000000000000 Binary files a/docs/proposals/images/history-and-rollback-button.png and /dev/null differ diff --git a/docs/proposals/images/history-rollback-contents.png b/docs/proposals/images/history-rollback-contents.png deleted file mode 100644 index 3070a8e19d627..0000000000000 Binary files a/docs/proposals/images/history-rollback-contents.png and /dev/null differ diff --git a/docs/proposals/images/new-sources-tab.png b/docs/proposals/images/new-sources-tab.png deleted file mode 100644 index 9bfb78c56b513..0000000000000 Binary files a/docs/proposals/images/new-sources-tab.png and /dev/null differ diff --git a/docs/proposals/multiple-sources-for-applications-ui.md b/docs/proposals/multiple-sources-for-applications-ui.md deleted file mode 100644 index 09b868db0d5ef..0000000000000 --- a/docs/proposals/multiple-sources-for-applications-ui.md +++ /dev/null @@ -1,226 +0,0 @@ ---- -title: Proposal for support multi-source apps in the UI -authors: - - "@keithchong" -sponsors: - - TBD -reviewers: - - "@alexmt" - - "@crenshaw-dev" - - "@ishitasequeira" - - "@jannfis" - - "@rbreeze" -approvers: - - "@jannfis" - - "@alexmt" - - "@crenshaw-dev" - -creation-date: 2024-02-06 -last-updated: 2024-02-06 ---- - -# UI Support for Multiple Sources in Applications - -This is the proposal for the UI changes to support multiple sources for an Application. - -Related Issues: -* [Proposal: Support multiple sources for an application](https://github.com/argoproj/argo-cd/blob/master/docs/proposals/multiple-sources-for-applications.md) -* [Issue for the Proposal: Support multiple sources for an application](https://github.com/argoproj/argo-cd/issues/677) - -## Summary - -This is a follow-on proposal to supporting Multiple Sources for Applications, but for the UI. - -The above [original](https://github.com/argoproj/argo-cd/blob/master/docs/proposals/multiple-sources-for-applications.md#changes-to-ui) ‘core’ proposal deferred -any design changes for the UI to a separate feature or secondary proposal. The proposal implementation that was made in [PR 10432](https://github.com/argoproj/argo-cd/pull/10432) -enabled the UI to tolerate multi-source applications with the new Sources field, while still supporting the original Source field. - -Here are the current restrictions and limitations of the UI when applications with multiple sources are used: - -1. The application’s details page (for [example](https://cd.apps.argoproj.io/applications/argocd/guestbook?view=tree&node=argoproj.io%2FApplication%2Fargocd%2Fguestbook%2F0&resource=)) -currently shows one ApplicationSource, regardless of whether the application has one source or multiple sources. With the PR 10432 implementation, if the application has multiple sources, -the UI displays only the first of the sources. Also, in particular, in the Summary tab, the source parameters are non-editable. - -2. History and Rollback is disabled for multi-source applications. The button is disabled. Jorge has submitted a PR for -rollback which includes [controller and UI changes](https://github.com/argoproj/argo-cd/pull/14124). - - - -3. The New Application dialog currently only allows users to provide one source. - -Thus, multiple source applications are not considered first class citizens in the UI. - -Note, see the [Open Questions](https://github.com/argoproj/argo-cd/docs/proposals/multiple-sources-for-applications-ui.md#open-questions) -section for concerns regarding the priority or value of some of the above changes. - -## Motivation - -The motivation behind this change is to add a more complete story for the multiple source feature. The UI should support -the creation of multiple source applications, and also support the viewing and editing of parameters from all sources. The three -points in the summary above are the base or core changes that need to be addressed. - -### Goals - -The goals of the proposal are: - -- Provide first-class support of multiple sources for applications in the UI (e.g. address the aforementioned restrictions) -- Outline stages of implementation that will help ease PR review, and reduce the risk of introducing regressions/issues. - - -### Non-goals -* The design changes for the Argo CD CLI is beyond the scope of this proposal (The server APIs can probably be reused) - -## Proposal - -As mentioned in the previous summary section, the application source parameters are surfaced in the UI in three locations. -The Resource details pages, specifically, the Summary and Parameters tabs, the deployment history, and the Application -Create panel page. These pages should be updated. - -### Resource Details - -The following describes the current behavior and proposed changes for the Summary tab and the Parameters Tab. - -#### i) Summary Tab - -_Current Behavior:_ - -The current Summary tab includes source-related information, including the repository. For example, in Figure 1 below, -the REPO URL and PATH. - - - -Figure 1: The current Summary tab - -_Proposed Change:_ - -To support multiple sources, the source-related information, from a single-source-based design, will be ‘pulled out’ -and put into a new tab called **Sources**, and it will be combined with the **Parameters** tab (more details following). -The new **Sources** tab will allow users to view all the information related to each source, including the repo URL -and path, chart and revision for Helm, etc. - -The view should show one source at a time (similar to what the UI is doing now, which only shows one source), but with -widgets to allow users to cycle (via pagination or combo selector?) through each source. There are API calls to retrieve -the data for each source. - - - -Figure 2. The new SOURCES tab will allow access to view all sources and application parameters. - -#### ii) Parameters Tab -_Current Behavior:_ - -The Parameters tab shows the application parameters for the application’s repository details type or source. These can -be Helm, Kustomize, Directory or Plugin (CMP). - -_Proposed Change:_ - -The Parameter tab will be removed but the contents of the current parameters tab will be ‘reused’ and will be shown in -the new **SOURCES** tab as described above. The parameters and parameter values will be shown for whatever source is -selected by the user. - -#### iii) Update/Edit Capability in the New Sources Tab - -The above points describe how all the sources will be rendered. However, the Sources tab should be the page to allow -users to delete and add sources. (You can currently change the repo URL and path from the Summary tab, or manually edit -the application by hand, in the Manifest tab, but this is not considered as ‘guided’ editing.) - -_Current Behavior:_ - -The current form-based UI doesn’t support deleting a chosen/desired source of a multi-source application. It, -obviously, does not support deleting the only source in a single-source application. - -_Proposed Change:_ - -In addition to adding the new SOURCES tab from section i) and ii), two new buttons (_Add Source_ and _Delete Source_) will -be added to the page. For the _Add Source_ button, a separate dialog/panel will need to appear to allow the user to -input the parameters or other information. - -Validation of any newly added source should prevent users from adding the same resource, and prevent users from -deleting all sources, etc. - -### History and Rollback - -Current Behavior: The History and Rollback button for multi-source apps is disabled. It's only enabled -for single-source apps, and shows source information as shown in Figure 3. - - - -Figure 3: Source information in History - -Jorge has submitted a [PR](https://github.com/argoproj/argo-cd/pull/14124) for rollback which includes controller and UI changes. -This can be treated as a separate, independent proposal. - -Other related changes pertain to the Last Synced Details. The Sync Details panel needs to be updated to show sync info -from multiple sources. See [Issue 13215](https://github.com/argoproj/argo-cd/issues/13215). - -### New App Dialog - -_Current Behavior:_ - -The dialog currently allows users to ‘quickly’ create a single source application.. - -_Proposed Changes:_ - -Make the form view of the dialog support adding, updating and viewing of multiple sources. The issue with the current -single source New App wizard is that it can lead to loss of “input” provided by the user. The content in the form-based -editor and the YAML editor (accessed via the Edit as YAML button) must match. If the user provides multiple sources in -the YAML editor, and then switches back to the form view, the form will only show the first source. The other sources -are effectively ‘lost’. Furthermore, if the user switches back to the YAML editor, only one source will be shown as well. - -The design and changes (React components) from the new Sources tab can likely be reused in this dialog. - -Other Changes. This includes the underlying plumbing to create an app using the Sources field of the Application CR, so that the -deprecated Source field can be removed in the future. - - - -### Use cases - -The use cases involves those areas in the UI where the current source is displayed. These have been described -in the Summary and Proposal sections. - - -### Implementation Details - -The implementation plan can be divided into different stages. Read-only capability can be provided first and it will -be the safest change. The UI currently is not showing all the sources for the multi-source application so this should -be the highest priority. (Before you can edit, you have to first display it.) - -Here are the general enhancements to be implemented (Upstream issues to be opened if not already): - -1. Create new Sources tab to replace Parameters tab so that all sources can be displayed (Read-only) -2. Update History and Rollback to show a summary of all sources of an application - As mentioned above, this is already covered by Jorge’s [PR](https://github.com/argoproj/argo-cd/pull/14124) -3. Add _Add Source_ and _Delete Source_ buttons to Sources tab. This will depend on #1 above. (Update and Delete) -4. Update New App dialog. (Creation) - - Support adding multiple sources in New App dialog. (This will likely depend on the Components from #1 and #3) - - Use Sources field instead of Source field. Clean up code. - -### Security Considerations -None - -### Risks and Mitigations -None - -### Upgrade / Downgrade Strategy -If downgraded, the UI will revert to showing just the first source. - -## Drawbacks -None - -## Open Questions - -Supporting multiple sources in the New App dialog may not be ‘worth’ the effort? The drawback is that switching from the -YAML editor and form editor can lead to loss of information. - -Users can simply edit the application manifest to add their sources by hand. - - -## Appendix -Multiple sources can be shown as a list of collapsible cards or sections, one below the other, under one page of the -SOURCES tab. However, this can be cumbersome especially when a source, like Helm, has many source parameters. -so it'll be difficult to find the desired source. Perhaps showing one source per page will be better. - -Appendix Figure 1: Zoomed out view of the Helm source parameter list - - diff --git a/docs/proposals/project-scoped-repository-enhancements.md b/docs/proposals/project-scoped-repository-enhancements.md deleted file mode 100644 index 85b0251326d71..0000000000000 --- a/docs/proposals/project-scoped-repository-enhancements.md +++ /dev/null @@ -1,131 +0,0 @@ ---- -title: Project scoped repository credential enhancements -authors: - - "@blakepettersson" -sponsors: - - TBD -reviewers: - - "@alexmt" - - "@jsoref" - - "@christianh814" - - "@wanghong230" - - "@yyzxw" -approvers: - - "@alexmt" - -creation-date: 2024-05-17 -last-updated: 2024-06-04 ---- - -# Project scoped repository credential enhancements - -## Summary - -This is to allow the possibility to have multiple repository credentials which share the same URL. Currently, multiple repository -credentials sharing the same URL is disallowed by the Argo CD API. - -## Motivation - -This is to allow the possibility to have multiple repository credentials which share the same URL. Currently, multiple repository -credentials sharing the same URL is disallowed by the Argo CD API. If the credentials are added directly to the `argocd` -namespace, we "get around" `argocd-server` returning an error, but this still does not work since the first secret that -matches a repository URL is the one that gets returned, and the order is also undefined. - -The reason why we want this is due to the fact that in a multi-tenant environment, multiple teams may want to -independently use the same repositories without needing to ask an Argo CD admin to add the repository for them, and then -add the necessary RBAC in the relevant `AppProject`s to prevent other teams from having access to the repository -credentials. In other words, this will enable more self-service capabilities for dev teams. - -### Goals - -The goal of this proposal is to allow multiple app projects to have the ability to have separate repository credentials -which happen to share the same URL. - -### Non-Goals - -- Having multiple repository secrets sharing the same URL _within the same_ `AppProject`. -- Allowing a single repository credential to be used in multiple `AppProject`s. -- Preventing non project-scoped repository credentials from being used by an Application. -- Extending this to repository credential templates. - -## Proposal - -There are a few parts to this proposal. - -We need to distinguish between a user accessing a repository via the API/CLI/UI and an application retrieving repository -credentials. In the first case, we need to maintain backwards compatibility for API consumers. The current behaviour -is that the API will return the first repository found matching the URL given. Since we now want to allow the same URL -to potentially be in multiple projects, we need to do some minor changes. - -* If there is only one matching repository with the same URL, and assuming the user is allowed to access it _and_ there is -no app project given as a parameter, use that repository ignoring any project-scope. This is in line with the -current behavior. -* If there is only one matching repository with the same URL, and assuming the user is allowed to access it _and_ there is -an app project given as a parameter, use that repository only if it also matches the app project given. -* If there are multiple repositories with the same URL and assuming the user is allowed to access them, then setting a -project parameter would be required, since there would otherwise be no way to determine which of the credentials a user -wants to access. This is not a breaking change since this adds functionality which has previously not existed. - -This change would apply when we retrieve a _single_ repository credential, or when we delete a repository credential. -For listing repository credentials, nothing changes - the logic would be the same as today. - -In the case of selecting a suitable repository for an application, the logic would differ slightly. What instead happens -is that the lookup would first attempt to find the first `repository` secret which matches the `project` -and repository URL of the requesting application. If there are no credentials which match the requested `project`, it -will fall back to returning the first unscoped credential, i.e, the first credential with an empty `project` parameter. - -When it comes to mutating a repository credential we need to strictly match the project to which the repository belongs, since -there would otherwise be a risk of changing (inadvertently or otherwise) a credential not belonging to the correct project. -This can be done without any breaking changes. - -The second part is specifically for when we imperatively create repository secrets. Currently, when we create a repository -secret in the UI/CLI, a suffix gets generated which is a hash of the repository URL. This mechanism will be extended to -also hash the repository _project_. - -On the API server side no major changes are anticipated to the public API. The only change we need to do from the API -perspective is to add an `appProject` parameter when retrieving or deleting a repository credential. To preserve backwards -compatibility this option is optional and would only be a required parameter if multiple repository credentials are -found for the same URL. - -Finally, we need to change the way the cache keys for the repository paths are generated in the repo-server -(see `Security Considerations`). - -### Security Considerations - -* Special care needs to be taken in order not to inadvertently expose repository credentials belonging to other `AppProject`s. -Access to repositories are covered by RBAC checks on the project, so we should be good. -* We need to change how the cache keys for the checked out repository paths are generated on the repo-server side, the -reason being that we do not want separate `AppProject`s sharing the same paths of sources which have been downloaded. -With this change there is a potential for multiple `AppProject`s to have rendered/downloaded different manifests due to -having different sets of credentials, so to mitigate that we need to check out a separate copy of the repository per -`AppProject`. - -### Risks and Mitigations - -### Upgrade / Downgrade Strategy - -When upgrading no changes need to happen - the repository credentials will work as before. On the other hand, when -downgrading to an older version we need to consider that the existing order in which multiple credentials with the same -URL gets returned is undefined. This means that deleting the credentials before downgrading to an older version would be -advisable. - -## Drawbacks - -* It will be more difficult to reason about how a specific repository credential gets selected. There could be scenarios -where a repository has both a global repository credential and a scoped credential for the project to which the -application belongs. -* There will be more secrets proliferating in the `argocd` namespace. This has the potential to increase maintenance burden -to keeping said secrets safe, and it also makes it harder to have a bird's eye view from an Argo CD admin's perspective. -* Depending on the number of projects making use of distinct credentials for the same repository URL, loading the correct -credentials from the repository secrets has the potential to scale linearly with the number of app projects (in the worst case -scenario we would need to loop through all the credentials before finding the correct credential to load). This is likely -a non-issue in practice. -* Also depending on the number of projects making use of distinct credentials for the same repository URL, this will -imply that for each `AppProject` sharing the same repository URL, a separate copy of the repository will be checked out. -This has potential implications in terms of memory consumption, sync times, CPU load times etc. This is something -of which an Argo CD admin will need to be mindful. - -## Alternatives - -To keep the existing behavior of having a single repository credential shared by multiple `AppProject`s. It would be up -to the Argo CD admins to ensure that a specific repository credential cannot be used by unauthorized parties. \ No newline at end of file diff --git a/docs/requirements.txt b/docs/requirements.txt index 7245c6823c935..d350ac4870ee2 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,6 +4,6 @@ mkdocs==1.3.0 mkdocs-material==7.1.8 markdown_include==0.6.0 pygments==2.15.0 -jinja2==3.1.4 +jinja2==3.0.3 markdown==3.3.7 pymdown-extensions==10.2.1 \ No newline at end of file diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 43bb34f823129..5f26934a1b4b4 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -13,65 +13,50 @@ recent minor releases. | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](master/argocd-test.html) | 0 | 0 | 7 | 0 | -| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 5 | -| [haproxy:2.6.17-alpine](master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 2 | -| [redis:7.0.15-alpine](master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 11 | -| [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [go.mod](master/argocd-test.html) | 0 | 0 | 9 | 0 | +| [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 1 | +| [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 8 | 14 | +| [redis:7.0.14-alpine](master/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.12.0-rc2 +### v2.9.9 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.12.0-rc2/argocd-test.html) | 0 | 0 | 8 | 0 | -| [ui/yarn.lock](v2.12.0-rc2/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.12.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 5 | -| [haproxy:2.6.17-alpine](v2.12.0-rc2/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html) | 0 | 0 | 2 | 2 | -| [redis:7.0.15-alpine](v2.12.0-rc2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [argocd:v2.12.0-rc2](v2.12.0-rc2/quay.io_argoproj_argocd_v2.12.0-rc2.html) | 0 | 0 | 3 | 11 | -| [redis:7.0.15-alpine](v2.12.0-rc2/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.12.0-rc2/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.12.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.9.9/argocd-test.html) | 0 | 1 | 11 | 0 | +| [ui/yarn.lock](v2.9.9/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.9.9/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.9.9](v2.9.9/quay.io_argoproj_argocd_v2.9.9.html) | 0 | 0 | 9 | 14 | +| [redis:7.0.11-alpine](v2.9.9/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 | +| [install.yaml](v2.9.9/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.9.9/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.11.3 +### v2.8.13 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.11.3/argocd-test.html) | 0 | 1 | 8 | 0 | -| [ui/yarn.lock](v2.11.3/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.38.0](v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 6 | 5 | -| [haproxy:2.6.14-alpine](v2.11.3/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 5 | -| [argocd:v2.11.3](v2.11.3/quay.io_argoproj_argocd_v2.11.3.html) | 0 | 0 | 4 | 19 | -| [redis:7.0.14-alpine](v2.11.3/redis_7.0.14-alpine.html) | 0 | 0 | 6 | 5 | -| [install.yaml](v2.11.3/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.11.3/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.8.13/argocd-test.html) | 0 | 1 | 11 | 0 | +| [ui/yarn.lock](v2.8.13/argocd-test.html) | 0 | 0 | 0 | 0 | +| [dex:v2.37.0](v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.8.13/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.8.13](v2.8.13/quay.io_argoproj_argocd_v2.8.13.html) | 0 | 0 | 9 | 14 | +| [redis:7.0.11-alpine](v2.8.13/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 1 | +| [install.yaml](v2.8.13/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.8.13/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.10.12 +### v2.7.17 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.10.12/argocd-test.html) | 0 | 1 | 9 | 0 | -| [ui/yarn.lock](v2.10.12/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.10.12/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 10 | 5 | -| [haproxy:2.6.14-alpine](v2.10.12/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 5 | -| [argocd:v2.10.12](v2.10.12/quay.io_argoproj_argocd_v2.10.12.html) | 0 | 0 | 4 | 19 | -| [redis:7.0.15-alpine](v2.10.12/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.10.12/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.10.12/argocd-iac-namespace-install.html) | - | - | - | - | - -### v2.9.17 - -| | Critical | High | Medium | Low | -|---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.9.17/argocd-test.html) | 0 | 2 | 9 | 0 | -| [ui/yarn.lock](v2.9.17/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.9.17/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 10 | 5 | -| [haproxy:2.6.14-alpine](v2.9.17/haproxy_2.6.14-alpine.html) | 0 | 1 | 7 | 5 | -| [argocd:v2.9.17](v2.9.17/quay.io_argoproj_argocd_v2.9.17.html) | 0 | 0 | 4 | 19 | -| [redis:7.0.15-alpine](v2.9.17/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | -| [install.yaml](v2.9.17/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.9.17/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.7.17/argocd-test.html) | 0 | 0 | 9 | 0 | +| [ui/yarn.lock](v2.7.17/argocd-test.html) | 0 | 1 | 0 | 0 | +| [dex:v2.37.0](v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 1 | +| [haproxy:2.6.14-alpine](v2.7.17/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 1 | +| [argocd:v2.7.17](v2.7.17/quay.io_argoproj_argocd_v2.7.17.html) | 0 | 0 | 12 | 19 | +| [redis:7.0.14-alpine](v2.7.17/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 1 | +| [install.yaml](v2.7.17/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.7.17/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 1641f65701b07..c063a06f7dae8 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

June 30th 2024, 12:18:51 am (UTC+00:00)

+

March 24th 2024, 12:17:17 am (UTC+00:00)

Scanned the following path: @@ -466,7 +466,7 @@

Snyk test report

-
44 total issues
+
39 total issues
@@ -498,7 +498,7 @@

Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 17] + [DocId: 16] rules[5] @@ -507,7 +507,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 21103 + Line number: 21035
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20788 + Line number: 20744
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20873 + Line number: 20829
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20901 + Line number: 20857
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20931 + Line number: 20887
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20949 + Line number: 20905
    • @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20967 + Line number: 20921
    • @@ -803,104 +803,6 @@

    Remediation

    More about this issue

    - -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 15] - - rules[0] - - resources - -
      • - -
    • - Line number: 20989 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 48] - - spec - - template - - spec - - initContainers[secret-init] - - imagePullPolicy - -
      • - -
    • - Line number: 22041 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    -

    Container could be running with outdated image

    @@ -918,7 +820,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 49] + [DocId: 47] spec @@ -933,7 +835,7 @@

    Container could be running with outdated image

  • - Line number: 22340 + Line number: 22203
    • @@ -970,7 +872,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 43] input @@ -991,7 +893,7 @@

    Container has no CPU limit

  • - Line number: 21596 + Line number: 21512
    • @@ -1028,7 +930,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 44] input @@ -1049,7 +951,7 @@

    Container has no CPU limit

  • - Line number: 21853 + Line number: 21763
    • @@ -1086,7 +988,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 44] input @@ -1107,7 +1009,7 @@

    Container has no CPU limit

  • - Line number: 21819 + Line number: 21729
    • @@ -1144,7 +1046,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 45] input @@ -1165,7 +1067,7 @@

    Container has no CPU limit

  • - Line number: 21913 + Line number: 21823
    • @@ -1202,7 +1104,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 48] + [DocId: 46] input @@ -1223,65 +1125,7 @@

    Container has no CPU limit

  • - Line number: 22012 -
    • - - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - - -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22036 + Line number: 21922
    @@ -1318,7 +1162,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 49] + [DocId: 47] input @@ -1339,7 +1183,7 @@

    Container has no CPU limit

  • - Line number: 22340 + Line number: 22203
    • @@ -1376,7 +1220,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 49] + [DocId: 47] input @@ -1397,7 +1241,7 @@

    Container has no CPU limit

  • - Line number: 22093 + Line number: 21979
    • @@ -1434,7 +1278,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 50] + [DocId: 48] input @@ -1455,7 +1299,7 @@

    Container has no CPU limit

  • - Line number: 22425 + Line number: 22288
    • @@ -1492,7 +1336,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 51] + [DocId: 49] input @@ -1513,7 +1357,7 @@

    Container has no CPU limit

  • - Line number: 22806 + Line number: 22634
    • @@ -1550,7 +1394,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 46] + [DocId: 44] spec @@ -1565,7 +1409,7 @@

    Container is running with multiple open ports

  • - Line number: 21833 + Line number: 21743
    • @@ -1602,7 +1446,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 45] + [DocId: 43] spec @@ -1617,7 +1461,7 @@

    Container is running without liveness probe

  • - Line number: 21596 + Line number: 21512
    • @@ -1654,7 +1498,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 46] + [DocId: 44] spec @@ -1669,7 +1513,7 @@

    Container is running without liveness probe

  • - Line number: 21819 + Line number: 21729
    • @@ -1706,7 +1550,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 48] + [DocId: 46] spec @@ -1721,7 +1565,7 @@

    Container is running without liveness probe

  • - Line number: 22012 + Line number: 21922
    • @@ -1758,7 +1602,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 43] input @@ -1779,7 +1623,7 @@

    Container is running without memory limit

  • - Line number: 21596 + Line number: 21512
    • @@ -1816,7 +1660,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 44] input @@ -1837,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 21819 + Line number: 21729
    • @@ -1874,7 +1718,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 44] input @@ -1895,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 21853 + Line number: 21763
    • @@ -1932,7 +1776,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 45] input @@ -1953,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 21913 + Line number: 21823
    • @@ -1990,7 +1834,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 48] + [DocId: 46] input @@ -2011,65 +1855,7 @@

    Container is running without memory limit

  • - Line number: 22012 -
    • - - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22036 + Line number: 21922
    @@ -2106,7 +1892,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 49] + [DocId: 47] input @@ -2127,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 22340 + Line number: 22203
    • @@ -2164,7 +1950,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 49] + [DocId: 47] input @@ -2185,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 22093 + Line number: 21979
    • @@ -2222,7 +2008,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 50] + [DocId: 48] input @@ -2243,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 22425 + Line number: 22288
    • @@ -2280,7 +2066,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 51] + [DocId: 49] input @@ -2301,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 22806 + Line number: 22634
    • @@ -2338,7 +2124,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 43] input @@ -2357,7 +2143,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21743 + Line number: 21653
    • @@ -2394,7 +2180,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 44] input @@ -2413,7 +2199,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21861 + Line number: 21771
    • @@ -2450,7 +2236,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 44] input @@ -2469,7 +2255,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21836 + Line number: 21746
    • @@ -2506,7 +2292,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 45] input @@ -2525,7 +2311,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21946 + Line number: 21856
    • @@ -2562,7 +2348,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 48] + [DocId: 46] input @@ -2581,7 +2367,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22029 + Line number: 21932
    • @@ -2618,63 +2404,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - securityContext - - runAsUser - -
    • - -
  • - Line number: 22043 -
    • - - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] + [DocId: 47] input @@ -2693,7 +2423,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 22347 + Line number: 22210
    @@ -2730,7 +2460,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 49] + [DocId: 47] input @@ -2749,7 +2479,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22313 + Line number: 22176
    • @@ -2786,7 +2516,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 50] + [DocId: 48] input @@ -2805,7 +2535,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22716 + Line number: 22544
    • @@ -2842,7 +2572,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 51] + [DocId: 49] input @@ -2861,7 +2591,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 23007 + Line number: 22824
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index e1733a6b770ab..1795ba67af3c6 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:19:00 am (UTC+00:00)

    +

    March 24th 2024, 12:17:26 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    43 total issues
    +
    38 total issues

    @@ -737,53 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 256 -
    • - - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - - -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 278 + Line number: 254
    @@ -820,59 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 39] - - spec - - template - - spec - - initContainers[secret-init] - - imagePullPolicy - -
    • - -
  • - Line number: 1118 -
    • - - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 38] spec @@ -887,7 +789,7 @@

      Container could be running with outdated image

    • - Line number: 1417 + Line number: 1324
    @@ -924,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -945,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 673 + Line number: 633
    • @@ -982,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1003,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 930 + Line number: 884
    • @@ -1040,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1061,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 896 + Line number: 850
    • @@ -1098,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -1119,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 990 + Line number: 944
    • @@ -1156,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -1177,65 +1079,7 @@

    Container has no CPU limit

  • - Line number: 1089 -
    • - - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1113 + Line number: 1043
    @@ -1272,7 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -1293,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1417 + Line number: 1324
    • @@ -1330,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -1351,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1170 + Line number: 1100
    • @@ -1388,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -1409,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1502 + Line number: 1409
    • @@ -1446,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -1467,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1883 + Line number: 1755
    • @@ -1504,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 37] + [DocId: 35] spec @@ -1519,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 910 + Line number: 864
    • @@ -1556,7 +1400,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 36] + [DocId: 34] spec @@ -1571,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 673 + Line number: 633
    • @@ -1608,7 +1452,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 35] spec @@ -1623,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 896 + Line number: 850
    • @@ -1660,7 +1504,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 39] + [DocId: 37] spec @@ -1675,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 1089 + Line number: 1043
    • @@ -1712,7 +1556,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -1733,7 +1577,7 @@

    Container is running without memory limit

  • - Line number: 673 + Line number: 633
    • @@ -1770,7 +1614,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1791,7 +1635,7 @@

    Container is running without memory limit

  • - Line number: 896 + Line number: 850
    • @@ -1828,7 +1672,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1849,7 +1693,7 @@

    Container is running without memory limit

  • - Line number: 930 + Line number: 884
    • @@ -1886,7 +1730,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -1907,7 +1751,7 @@

    Container is running without memory limit

  • - Line number: 990 + Line number: 944
    • @@ -1944,7 +1788,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -1965,7 +1809,7 @@

    Container is running without memory limit

  • - Line number: 1089 + Line number: 1043
    • @@ -2002,65 +1846,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - memory - -
    • - -
  • - Line number: 1113 -
    • - - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2081,7 +1867,7 @@

      Container is running without memory limit

    • - Line number: 1417 + Line number: 1324
    @@ -2118,7 +1904,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2139,7 +1925,7 @@

    Container is running without memory limit

  • - Line number: 1170 + Line number: 1100
    • @@ -2176,7 +1962,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -2197,7 +1983,7 @@

    Container is running without memory limit

  • - Line number: 1502 + Line number: 1409
    • @@ -2234,7 +2020,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -2255,7 +2041,7 @@

    Container is running without memory limit

  • - Line number: 1883 + Line number: 1755
    • @@ -2292,7 +2078,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -2311,7 +2097,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 820 + Line number: 774
    • @@ -2348,7 +2134,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -2367,7 +2153,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 938 + Line number: 892
    • @@ -2404,7 +2190,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -2423,7 +2209,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 913 + Line number: 867
    • @@ -2460,7 +2246,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -2479,7 +2265,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1023 + Line number: 977
    • @@ -2516,7 +2302,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -2535,63 +2321,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1106 -
    • - - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1120 + Line number: 1053
    @@ -2628,7 +2358,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2647,7 +2377,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1424 + Line number: 1331
    • @@ -2684,7 +2414,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2703,7 +2433,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1390 + Line number: 1297
    • @@ -2740,7 +2470,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -2759,7 +2489,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1793 + Line number: 1665
    • @@ -2796,7 +2526,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -2815,7 +2545,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 2084 + Line number: 1945
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index bf5e53dbf42bc..b745cf7cbd119 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:16:38 am (UTC+00:00)

    +

    March 24th 2024, 12:15:25 am (UTC+00:00)

    Scanned the following paths: @@ -467,9 +467,9 @@

    Snyk test report

    -
    8 known vulnerabilities
    -
    26 vulnerable dependency paths
    -
    2059 dependencies
    +
    9 known vulnerabilities
    +
    144 vulnerable dependency paths
    +
    2037 dependencies

    @@ -538,6 +538,2627 @@

    Detailed paths

    More about this vulnerability

    + +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@1.0.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.16.0 + + google.golang.org/protobuf/types/known/structpb@1.31.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2/apierror@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/internal/gensupport@0.132.0 + + github.com/googleapis/gax-go/v2@2.12.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.59.0 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.59.0 + + google.golang.org/grpc/health/grpc_health_v1@1.59.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 + + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 + + google.golang.org/api/chat/v1@0.132.0 + + google.golang.org/api/transport/http@0.132.0 + + google.golang.org/api/option@0.132.0 + + google.golang.org/grpc@1.59.0 + + google.golang.org/grpc/internal/transport@1.59.0 + + google.golang.org/grpc/internal/pretty@1.59.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    @@ -625,7 +3246,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others
    • @@ -639,9 +3260,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - code.gitea.io/sdk/gitea@0.18.0 + code.gitea.io/sdk/gitea@0.15.1 - github.com/hashicorp/go-version@1.6.0 + github.com/hashicorp/go-version@1.2.1 @@ -686,7 +3307,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4
    • @@ -701,7 +3322,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -710,9 +3331,9 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -723,7 +3344,7 @@

    Detailed paths

    github.com/xanzy/go-gitlab@0.91.1 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -732,11 +3353,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -745,11 +3366,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -758,11 +3379,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -771,13 +3392,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -786,13 +3407,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -801,13 +3422,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -816,13 +3437,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -831,15 +3452,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -848,15 +3469,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 @@ -902,7 +3523,7 @@

    MPL-2.0 license

  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.7 and others + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others
    • @@ -916,7 +3537,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -940,7 +3561,7 @@

    Detailed paths

    github.com/xanzy/go-gitlab@0.91.1 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -951,11 +3572,11 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -966,13 +3587,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -983,13 +3604,13 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/cmd@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -1000,15 +3621,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/api@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -1019,15 +3640,15 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/controller@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/subscriptions@#2daee6022f41 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + github.com/argoproj/notifications-engine/pkg/services@#2daee6022f41 github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - github.com/hashicorp/go-retryablehttp@0.7.7 + github.com/hashicorp/go-retryablehttp@0.7.4 github.com/hashicorp/go-cleanhttp@0.5.2 @@ -1109,172 +3730,6 @@

    Detailed paths

    -
    -

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html index 3f93871ba4a08..7d85ddf3861f8 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:16:48 am (UTC+00:00)

    +

    March 24th 2024, 12:15:32 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    37 known vulnerabilities
    -
    113 vulnerable dependency paths
    +
    27 known vulnerabilities
    +
    62 vulnerable dependency paths
    829 dependencies
    @@ -479,86 +479,6 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.20.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -

    Out-of-bounds Write

    @@ -713,10 +633,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -863,14 +779,13 @@

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    References

    @@ -1953,74 +1868,6 @@

    Detailed paths

    More about this vulnerability

    -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -2580,12 +2427,12 @@

    References

    -
    -

    Out-of-bounds Write

    +
    +

    CVE-2023-6237

    -
    - medium severity +
    + low severity
    @@ -2597,12 +2444,12 @@

    Out-of-bounds Write

  • Vulnerable module: - busybox/busybox + openssl/libcrypto3
  • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2
    • @@ -2617,29 +2464,7 @@

    Detailed paths

    Introduced through: docker-image|ghcr.io/dexidp/dex@v2.38.0 - busybox/busybox@1.36.1-r15 - - - - -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 + openssl/libcrypto3@3.1.4-r2 @@ -2648,9 +2473,9 @@

    Detailed paths

    Introduced through: docker-image|ghcr.io/dexidp/dex@v2.38.0 - alpine-baselayout/alpine-baselayout@3.4.3-r2 + apk-tools/apk-tools@2.14.0-r5 - busybox/busybox-binsh@1.36.1-r15 + openssl/libcrypto3@3.1.4-r2 @@ -2660,72 +2485,8 @@

    Detailed paths

    docker-image|ghcr.io/dexidp/dex@v2.38.0 busybox/ssl_client@1.36.1-r15 - - - -
    • - - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - busybox/busybox@1.36.1-r15 + openssl/libcrypto3@3.1.4-r2 @@ -2734,11 +2495,11 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.38.0 - alpine-baselayout/alpine-baselayout@3.4.3-r2 + apk-tools/apk-tools@2.14.0-r5 - busybox/busybox-binsh@1.36.1-r15 + openssl/libssl3@3.1.4-r2 - busybox/busybox@1.36.1-r15 + openssl/libcrypto3@3.1.4-r2 @@ -2747,7 +2508,7 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.38.0 - busybox/busybox-binsh@1.36.1-r15 + openssl/libssl3@3.1.4-r2 @@ -2756,9 +2517,9 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.38.0 - alpine-baselayout/alpine-baselayout@3.4.3-r2 + apk-tools/apk-tools@2.14.0-r5 - busybox/busybox-binsh@1.36.1-r15 + openssl/libssl3@3.1.4-r2 @@ -2768,6 +2529,8 @@

      Detailed paths

      docker-image|ghcr.io/dexidp/dex@v2.38.0 busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r2 @@ -2779,1024 +2542,14 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

      +

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

      -

      References

      - +

      Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

      -

      More about this vulnerability

      -
      - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

    - -
    - -
    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.12.0-rc2/argocd-test.html b/docs/snyk/master/haproxy_2.6.14-alpine.html similarity index 51% rename from docs/snyk/v2.12.0-rc2/argocd-test.html rename to docs/snyk/master/haproxy_2.6.14-alpine.html index 840085c7b8071..106ec7c2cc72f 100644 --- a/docs/snyk/v2.12.0-rc2/argocd-test.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,54 +456,59 @@

    Snyk test report

    -

    June 30th 2024, 12:19:10 am (UTC+00:00)

    +

    March 24th 2024, 12:15:37 am (UTC+00:00)

    - Scanned the following paths: + Scanned the following path:
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • +
    • haproxy:2.6.14-alpine (apk)
    -
    9 known vulnerabilities
    -
    38 vulnerable dependency paths
    -
    2059 dependencies
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    +
    18 dependencies
    - +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    +
    -
    -

    LGPL-3.0 license

    +
    +

    CVE-2023-5363

    -
    - medium severity +
    + high severity
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod + Package Manager: alpine:3.18
    • - Package Manager: golang -
      • -
    • - Module: + Vulnerable module: - gopkg.in/retry.v1 + openssl/libcrypto3
    • Introduced through: + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
    @@ -515,133 +520,97 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 + openssl/libcrypto3@3.1.2-r0
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/r3labs/diff@1.1.0 + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.18.0 and others -
      • -
    + +
  • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + -
    +
    • +
  • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + +
    • +
  • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + -
      +
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - code.gitea.io/sdk/gitea@0.18.0 + busybox/ssl_client@1.36.1-r2 - github.com/hashicorp/go-version@1.6.0 + openssl/libssl3@3.1.2-r0 @@ -652,17 +621,64 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

      +

      Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

      +

      When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

      +

      For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

      +

      Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

      +

      Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

      +

      OpenSSL 3.1 and 3.0 are vulnerable to this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    • -

    Insertion of Sensitive Information into Log File

    +

    Improper Check for Unusual or Exceptional Conditions

    @@ -673,20 +689,17 @@

    Insertion of Sensitive Information into Log File

    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang + Package Manager: alpine:3.18
    • Vulnerable module: - github.com/hashicorp/go-retryablehttp + openssl/libcrypto3
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    @@ -699,164 +712,97 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 + docker-image|haproxy@2.6.14-alpine - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + .haproxy-rundeps@20230809.001942 - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + apk-tools/apk-tools@2.14.0-r2 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + busybox/ssl_client@1.36.1-r2 - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + .haproxy-rundeps@20230809.001942 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + openssl/libssl3@3.1.2-r0 - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libssl3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + .haproxy-rundeps@20230809.001942 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libssl3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + apk-tools/apk-tools@2.14.0-r2 - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libssl3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + busybox/ssl_client@1.36.1-r2 - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libssl3@3.1.2-r0 @@ -867,25 +813,55 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Out-of-bounds Write

    @@ -896,20 +872,17 @@

    MPL-2.0 license

    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod + Package Manager: alpine:3.18
    • - Package Manager: golang -
      • -
    • - Module: + Vulnerable module: - github.com/hashicorp/go-retryablehttp + openssl/libcrypto3
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    @@ -922,164 +895,97 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + .haproxy-rundeps@20230809.001942 - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + apk-tools/apk-tools@2.14.0-r2 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + busybox/ssl_client@1.36.1-r2 - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + .haproxy-rundeps@20230809.001942 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + openssl/libssl3@3.1.2-r0 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libssl3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + .haproxy-rundeps@20230809.001942 - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libssl3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 + apk-tools/apk-tools@2.14.0-r2 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libssl3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + busybox/ssl_client@1.36.1-r2 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 + openssl/libssl3@3.1.2-r0 @@ -1090,17 +996,57 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    CVE-2024-0727

    @@ -1111,21 +1057,18 @@

    MPL-2.0 license

    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang + Package Manager: alpine:3.18
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + openssl/libcrypto3
    • Introduced through: + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others
    @@ -1137,122 +1080,97 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 + docker-image|haproxy@2.6.14-alpine - github.com/hashicorp/go-cleanhttp@0.5.2 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/xanzy/go-gitlab@0.91.1 + .haproxy-rundeps@20230809.001942 - github.com/hashicorp/go-cleanhttp@0.5.2 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/xanzy/go-gitlab@0.91.1 + apk-tools/apk-tools@2.14.0-r2 - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + docker-image|haproxy@2.6.14-alpine - github.com/hashicorp/go-retryablehttp@0.7.4 + busybox/ssl_client@1.36.1-r2 - github.com/hashicorp/go-cleanhttp@0.5.2 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + .haproxy-rundeps@20230809.001942 - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + openssl/libssl3@3.1.2-r0 - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 + openssl/libcrypto3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 + docker-image|haproxy@2.6.14-alpine - github.com/hashicorp/go-cleanhttp@0.5.2 + openssl/libssl3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/api@#0802cd427621 + .haproxy-rundeps@20230809.001942 - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 + openssl/libssl3@3.1.2-r0
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#0802cd427621 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#0802cd427621 + docker-image|haproxy@2.6.14-alpine - github.com/argoproj/notifications-engine/pkg/services@#0802cd427621 + apk-tools/apk-tools@2.14.0-r2 - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine - github.com/hashicorp/go-retryablehttp@0.7.4 + busybox/ssl_client@1.36.1-r2 - github.com/hashicorp/go-cleanhttp@0.5.2 + openssl/libssl3@3.1.2-r0 @@ -1263,41 +1181,68 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

      +

      Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

      +

      A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

      +

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

      +

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

      +

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    MPL-2.0 license

    +
    +

    CVE-2023-6237

    -
    - medium severity +
    + low severity
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod + Package Manager: alpine:3.18
    • - Package Manager: golang -
      • -
    • - Module: + Vulnerable module: - github.com/gosimple/slug + openssl/libcrypto3
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0
    @@ -1310,162 +1255,97 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/gosimple/slug@1.13.1 + openssl/libcrypto3@3.1.2-r0
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + docker-image|haproxy@2.6.14-alpine - github.com/Azure/kubelogin/pkg/token@0.0.20 + .haproxy-rundeps@20230809.001942 - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 + openssl/libcrypto3@3.1.2-r0
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    + +
  • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + -
    +
    • +
  • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + +
    • +
  • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + -
      +
    • Introduced through: - argo-cd-ui@1.0.0 + docker-image|haproxy@2.6.14-alpine - redoc@2.0.0-rc.64 + busybox/ssl_client@1.36.1-r2 - dompurify@2.3.6 + openssl/libssl3@3.1.2-r0 @@ -1476,25 +1356,15 @@

      Detailed paths

      -

      Overview

      -

      dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

      -

      Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

      -

      PoC

      - 
      <![CDATA[ ><img src onerror=alert(1)> ]]>
-
      +

      NVD Description

      +

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

      -

      References

      - +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

      -

      More about this vulnerability

      +

      More about this vulnerability

    • diff --git a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html deleted file mode 100644 index ce7506f568034..0000000000000 --- a/docs/snyk/master/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ /dev/null @@ -1,701 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:17:02 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • public.ecr.aws/docker/library/redis:7.0.15-alpine/docker/library/redis (apk)
      • -
    • public.ecr.aws/docker/library/redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.20 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index df40b6b334a0d..045db290b0fbb 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:17:21 am (UTC+00:00)

    +

    March 24th 2024, 12:15:54 am (UTC+00:00)

    Scanned the following paths: @@ -470,9 +470,9 @@

    Snyk test report

    -
    21 known vulnerabilities
    -
    98 vulnerable dependency paths
    -
    2290 dependencies
    +
    32 known vulnerabilities
    +
    175 vulnerable dependency paths
    +
    2276 dependencies
    @@ -495,7 +495,7 @@

    CVE-2020-22916

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: @@ -505,7 +505,7 @@

    CVE-2020-22916

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.6.1+really5.4.5-1 + docker-image|quay.io/argoproj/argocd@latest and xz-utils/liblzma5@5.2.5-2ubuntu1
    • @@ -520,52 +520,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.7.14build2 - - apt/libapt-pkg6.0t64@2.7.14build2 - - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - dash@0.5.12-6ubuntu5 - - dpkg@1.22.6ubuntu6 - - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.7.14build2 - - adduser@3.137ubuntu1 - - shadow/passwd@1:4.13+dfsg1-4ubuntu3 - - pam/libpam-modules@1.5.3-5ubuntu5.1 - - systemd/libsystemd0@255.4-1ubuntu8.1 - - xz-utils/liblzma5@5.6.1+really5.4.5-1 + xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -578,10 +533,10 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 xz-utils.

    +

    There is no fixed version for Ubuntu:22.04 xz-utils.

    References

    • +
    +

    CVE-2023-51767

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + openssh/openssh-client +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    @@ -616,7 +647,7 @@

    Information Exposure

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: @@ -626,7 +657,7 @@

    Information Exposure

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.10.3-2build1 + docker-image|quay.io/argoproj/argocd@latest and libgcrypt20@1.9.4-3ubuntu3
    • @@ -641,7 +672,42 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - libgcrypt20@1.10.3-2build1 + libgcrypt20@1.9.4-3ubuntu3 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + libgcrypt20@1.9.4-3ubuntu3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + libgcrypt20@1.9.4-3ubuntu3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + apt/libapt-pkg6.0@2.4.11 + + libgcrypt20@1.9.4-3ubuntu3 @@ -650,9 +716,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/dirmngr@2.4.4-2ubuntu17 + apt@2.4.11 + + gnupg2/gpgv@2.2.27-3ubuntu2.1 - libgcrypt20@1.10.3-2build1 + libgcrypt20@1.9.4-3ubuntu3 @@ -661,9 +729,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg@2.4.4-2ubuntu17 + gnupg2/gpg@2.2.27-3ubuntu2.1 - libgcrypt20@1.10.3-2build1 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + libgcrypt20@1.9.4-3ubuntu3 @@ -672,9 +742,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg-agent@2.4.4-2ubuntu17 + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 - libgcrypt20@1.10.3-2build1 + libgcrypt20@1.9.4-3ubuntu3 @@ -683,11 +755,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.7.14build2 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - apt/libapt-pkg6.0t64@2.7.14build2 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - libgcrypt20@1.10.3-2build1 + libgcrypt20@1.9.4-3ubuntu3 @@ -696,11 +768,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.7.14build2 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - gnupg2/gpgv@2.4.4-2ubuntu17 + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - libgcrypt20@1.10.3-2build1 + libgcrypt20@1.9.4-3ubuntu3 @@ -709,11 +781,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg@2.4.4-2ubuntu17 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - gnupg2/gpgconf@2.4.4-2ubuntu17 + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - libgcrypt20@1.10.3-2build1 + libgcrypt20@1.9.4-3ubuntu3 @@ -722,17 +794,26 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - apt@2.7.14build2 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - adduser@3.137ubuntu1 + gnupg2/gpgsm@2.2.27-3ubuntu2.1 + + libgcrypt20@1.9.4-3ubuntu3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - shadow/passwd@1:4.13+dfsg1-4ubuntu3 + apt@2.4.11 - pam/libpam-modules@1.5.3-5ubuntu5.1 + apt/libapt-pkg6.0@2.4.11 - systemd/libsystemd0@255.4-1ubuntu8.1 + systemd/libsystemd0@249.11-0ubuntu3.12 - libgcrypt20@1.10.3-2build1 + libgcrypt20@1.9.4-3ubuntu3 @@ -745,27 +826,26 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 libgcrypt20.

    +

    There is no fixed version for Ubuntu:22.04 libgcrypt20.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    CVE-2024-26462

    +

    CVE-2024-26461

    @@ -779,7 +859,7 @@

    CVE-2024-26462

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: @@ -789,8 +869,8 @@

    CVE-2024-26462

  • Introduced through: + docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.3 - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others
    • @@ -804,13 +884,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 + krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -819,15 +893,19 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + libnsl/libnsl2@1.3.0-2build2 - krb5/libkrb5-3@1.20.1-6ubuntu2 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libk5crypto3@1.20.1-6ubuntu2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -836,13 +914,21 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - krb5/libkrb5support0@1.20.1-6ubuntu2 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -851,15 +937,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -868,17 +946,19 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + libnsl/libnsl2@1.3.0-2build2 - krb5/libkrb5-3@1.20.1-6ubuntu2 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - krb5/libk5crypto3@1.20.1-6ubuntu2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - krb5/libkrb5support0@1.20.1-6ubuntu2 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -887,13 +967,18 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - krb5/libkrb5-3@1.20.1-6ubuntu2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -902,9 +987,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:9.6p1-3ubuntu13 + git@1:2.34.1-1ubuntu1.10 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -913,11 +1000,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -926,13 +1015,17 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + adduser@3.118ubuntu5 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + shadow/passwd@1:4.8.1-2ubuntu2.2 - libssh/libssh-4@0.10.6-2build2 + pam/libpam-modules@1.4.0-11ubuntu2.4 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -941,7 +1034,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/krb5-locales@1.20.1-6ubuntu2 + krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -954,26 +1047,25 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 krb5.

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    LGPL-3.0 license

    +

    CVE-2024-26462

    @@ -984,20 +1076,20 @@

    LGPL-3.0 license

    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - gopkg.in/retry.v1 + krb5/libk5crypto3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1010,69 +1102,1054 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@latest - gopkg.in/retry.v1@v1.0.3 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
      • -
    - -
    - +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + -
      +
    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@latest - github.com/r3labs/diff@v1.1.0 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 + + + +
      • +
    + +
    • + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-26458

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + krb5/libk5crypto3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    LGPL-3.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + gopkg.in/retry.v1 +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + gopkg.in/retry.v1@v1.0.3 + + + +
      • +
    + +
    + +
    + +

    LGPL-3.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/internal/encoding/json@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Uncaught Exception

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/r3labs/diff@v1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    @@ -1112,12 +2189,12 @@

    MPL-2.0 license

  • Module: - github.com/hashicorp/go-version + github.com/hashicorp/go-retryablehttp
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4
    • @@ -1132,7 +2209,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-version@v1.6.0 + github.com/hashicorp/go-retryablehttp@v0.7.4 @@ -1148,7 +2225,7 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -1164,7 +2241,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:latest/helm/v3 /usr/local/bin/helm
    • Package Manager: golang @@ -1172,12 +2249,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-retryablehttp + github.com/hashicorp/go-multierror
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.7 + helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
    @@ -1190,9 +2267,9 @@

    Detailed paths

    @@ -1224,7 +2301,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:latest/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1232,12 +2309,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-multierror + github.com/hashicorp/go-cleanhttp
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
    @@ -1250,9 +2327,9 @@

    Detailed paths

    @@ -1292,12 +2369,248 @@

    MPL-2.0 license

  • Module: - github.com/hashicorp/go-cleanhttp + github.com/gosimple/slug
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + +
    • + + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + github.com/gosimple/slug@v1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-7008

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + systemd/libsystemd0 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@249.11-0ubuntu3.12 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + procps/libprocps8@2:3.3.17-6ubuntu2.1 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + util-linux@2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + util-linux/bsdutils@1:2.37.2-4ubuntu3 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + apt/libapt-pkg6.0@2.4.11 + + systemd/libsystemd0@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + libfido2/libfido2-1@1.10.0-1 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + util-linux@2.37.2-4ubuntu3 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 + + apt/libapt-pkg6.0@2.4.11 + + systemd/libudev1@249.11-0ubuntu3.12 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 systemd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Arbitrary Code Injection

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + shadow/passwd +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -1305,14 +2618,45 @@

    MPL-2.0 license

    -

    Detailed paths

    +

    Detailed paths

    + +
    -
    -

    MPL-2.0 license

    +
    +

    Uncontrolled Recursion

    -
    - medium severity +
    + low severity
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/gosimple/slug + pcre3/libpcre3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + docker-image|quay.io/argoproj/argocd@latest and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -1370,9 +2727,20 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@latest - github.com/gosimple/slug@v1.13.1 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + grep@3.7-1build1 + + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -1383,12 +2751,29 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

      +

      Remediation

      +

      There is no fixed version for Ubuntu:22.04 pcre3.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -1407,7 +2792,7 @@

    Release of Invalid Pointer or Reference

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: @@ -1417,7 +2802,7 @@

    Release of Invalid Pointer or Reference

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build2
    • @@ -1432,7 +2817,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - patch@2.7.6-7build3 + patch@2.7.6-7build2 @@ -1445,10 +2830,10 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 patch.

    +

    There is no fixed version for Ubuntu:22.04 patch.

    References

    @@ -1477,7 +2862,7 @@

    Double Free

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: @@ -1487,7 +2872,7 @@

    Double Free

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build3 + docker-image|quay.io/argoproj/argocd@latest and patch@2.7.6-7build2
    • @@ -1502,7 +2887,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - patch@2.7.6-7build3 + patch@2.7.6-7build2 @@ -1515,30 +2900,30 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 patch.

    +

    There is no fixed version for Ubuntu:22.04 patch.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    CVE-2024-2511

    +

    CVE-2023-50495

    @@ -1552,17 +2937,17 @@

    CVE-2024-2511

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: - openssl/libssl3t64 + ncurses/libtinfo6
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3t64@3.0.13-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@latest and ncurses/libtinfo6@6.3-2ubuntu0.1
    • @@ -1577,7 +2962,29 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + bash@5.1-6ubuntu1.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1586,9 +2993,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - coreutils@9.4-3ubuntu6 + less@590-1ubuntu0.22.04.2 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1597,9 +3004,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 + libedit/libedit2@3.1-20210910-1build1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1608,9 +3015,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - libfido2/libfido2-1@1.14.0-1build3 + ncurses/libncurses6@6.3-2ubuntu0.1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1619,9 +3026,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:9.6p1-3ubuntu13 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1630,11 +3037,20 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ca-certificates@20240203 + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - openssl@3.0.13-0ubuntu3.1 + util-linux@2.37.2-4ubuntu3 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1643,13 +3059,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gpg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - libssh/libssh-4@0.10.6-2build2 + readline/libreadline8@8.1.2-1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1658,15 +3074,33 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 + + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + ncurses/libncursesw6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.20.1-6ubuntu2 + procps@2:3.3.17-6ubuntu2.1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -1675,15 +3109,22 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 + pinentry/pinentry-curses@1.1.1-1build2 - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 + ncurses/libncursesw6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libncurses6@6.3-2ubuntu0.1 @@ -1692,7 +3133,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl@3.0.13-0ubuntu3.1 + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libncurses6@6.3-2ubuntu0.1 @@ -1701,9 +3144,16 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ca-certificates@20240203 + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - openssl@3.0.13-0ubuntu3.1 + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -1715,46 +3165,29 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    +

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 openssl.

    +

    There is no fixed version for Ubuntu:22.04 ncurses.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    CVE-2024-4603

    +

    CVE-2023-45918

    @@ -1768,17 +3201,17 @@

    CVE-2024-4603

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: - openssl/libssl3t64 + ncurses/libtinfo6
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3t64@3.0.13-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@latest and ncurses/libtinfo6@6.3-2ubuntu0.1
    • @@ -1793,7 +3226,29 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + bash@5.1-6ubuntu1.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + ncurses/libncursesw6@6.3-2ubuntu0.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1802,9 +3257,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - coreutils@9.4-3ubuntu6 + less@590-1ubuntu0.22.04.2 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1813,9 +3268,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 + libedit/libedit2@3.1-20210910-1build1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1824,9 +3279,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - libfido2/libfido2-1@1.14.0-1build3 + ncurses/libncurses6@6.3-2ubuntu0.1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1835,9 +3290,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:9.6p1-3ubuntu13 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1846,11 +3301,20 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ca-certificates@20240203 + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - openssl@3.0.13-0ubuntu3.1 + util-linux@2.37.2-4ubuntu3 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1859,13 +3323,13 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gpg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - libssh/libssh-4@0.10.6-2build2 + readline/libreadline8@8.1.2-1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -1874,15 +3338,33 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + ncurses/libncursesw6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.20.1-6ubuntu2 + procps@2:3.3.17-6ubuntu2.1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -1891,15 +3373,22 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 + pinentry/pinentry-curses@1.1.1-1build2 - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 + ncurses/libncursesw6@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - openssl/libssl3t64@3.0.13-0ubuntu3.1 + ncurses/libncurses6@6.3-2ubuntu0.1 @@ -1908,7 +3397,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl@3.0.13-0ubuntu3.1 + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libncurses6@6.3-2ubuntu0.1 @@ -1917,9 +3408,16 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - ca-certificates@20240203 + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - openssl@3.0.13-0ubuntu3.1 + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -1931,54 +3429,27 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    +

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 openssl.

    +

    There is no fixed version for Ubuntu:22.04 ncurses.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    CVE-2024-4741

    +

    Resource Exhaustion

    @@ -1992,17 +3463,17 @@

    CVE-2024-4741

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: - openssl/libssl3t64 + libzstd/libzstd1
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3t64@3.0.13-0ubuntu3.1 + docker-image|quay.io/argoproj/argocd@latest and libzstd/libzstd1@1.4.8+dfsg-3build1
    • @@ -2017,18 +3488,84 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl/libssl3t64@3.0.13-0ubuntu3.1 + libzstd/libzstd1@1.4.8+dfsg-3build1 + + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream libzstd package and not the libzstd package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 libzstd.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Integer Overflow or Wraparound

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + krb5/libk5crypto3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest - coreutils@9.4-3ubuntu6 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 + krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -2037,9 +3574,19 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -2048,9 +3595,21 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - libfido2/libfido2-1@1.14.0-1build3 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -2059,9 +3618,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:9.6p1-3ubuntu13 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -2070,11 +3627,19 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - ca-certificates@20240203 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 - openssl@3.0.13-0ubuntu3.1 + pam/libpam-modules@1.4.0-11ubuntu2.4 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -2083,13 +3648,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - libssh/libssh-4@0.10.6-2build2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -2098,15 +3657,22 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + git@1:2.34.1-1ubuntu1.10 - krb5/libkrb5-3@1.20.1-6ubuntu2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -2115,15 +3681,13 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + git@1:2.34.1-1ubuntu1.10 - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - openssl/libssl3t64@3.0.13-0ubuntu3.1 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -2132,7 +3696,17 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssl@3.0.13-0ubuntu3.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -2141,9 +3715,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - ca-certificates@20240203 - - openssl@3.0.13-0ubuntu3.1 + krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -2155,23 +3727,30 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      Remediation

      -

      There is no fixed version for Ubuntu:24.04 openssl.

      +

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26458

    +

    Out-of-bounds Write

    @@ -2185,18 +3764,18 @@

    CVE-2024-26458

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: - krb5/libk5crypto3 + gnupg2/gpgv
  • Introduced through: + docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.2.27-3ubuntu2.1 - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others
    • @@ -2210,13 +3789,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 + gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2225,15 +3798,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + apt@2.4.11 - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 + gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2242,13 +3809,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 + gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -2257,15 +3820,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 @@ -2274,17 +3831,22 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gpg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.20.1-6ubuntu2 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libk5crypto3@1.20.1-6ubuntu2 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libkrb5support0@1.20.1-6ubuntu2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 @@ -2293,13 +3855,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpgsm@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 @@ -2308,9 +3868,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:9.6p1-3ubuntu13 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2319,11 +3877,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2332,13 +3888,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - libssh/libssh-4@0.10.6-2build2 + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -2347,84 +3901,27 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/krb5-locales@1.20.1-6ubuntu2 + gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1
    • - - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26461

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libk5crypto3@1.20.1-6ubuntu2 + gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -2433,15 +3930,29 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gpg@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.20.1-6ubuntu2 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libk5crypto3@1.20.1-6ubuntu2 + gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2450,13 +3961,11 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 + gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2465,15 +3974,11 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 + gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -2482,17 +3987,31 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.20.1-6ubuntu2 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libk5crypto3@1.20.1-6ubuntu2 + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 - krb5/libkrb5support0@1.20.1-6ubuntu2 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -2501,13 +4020,20 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - krb5/libkrb5-3@1.20.1-6ubuntu2 + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2516,9 +4042,9 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - openssh/openssh-client@1:9.6p1-3ubuntu13 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -2527,11 +4053,18 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -2540,13 +4073,18 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 + gnupg2/gpgsm@2.2.27-3ubuntu2.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - libssh/libssh-4@0.10.6-2build2 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 + gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -2555,7 +4093,7 @@

      Detailed paths

      Introduced through: docker-image|quay.io/argoproj/argocd@latest - krb5/krb5-locales@1.20.1-6ubuntu2 + gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -2567,27 +4105,31 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

      +

      Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

      Remediation

      -

      There is no fixed version for Ubuntu:24.04 krb5.

      +

      There is no fixed version for Ubuntu:22.04 gnupg2.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Out-of-bounds Write

    +

    Allocation of Resources Without Limits or Throttling

    @@ -2601,17 +4143,17 @@

    Out-of-bounds Write

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: - gnupg2/gpgv + glibc/libc-bin
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and gnupg2/gpgv@2.4.4-2ubuntu17 + docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.35-0ubuntu3.6
    • @@ -2626,69 +4168,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpgv@2.4.4-2ubuntu17 - - - - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - apt@2.7.14build2 - - gnupg2/gpgv@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/dirmngr@2.4.4-2ubuntu17 - - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gpg-agent@2.4.4-2ubuntu17 - - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gpg@2.4.4-2ubuntu17 - - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/dirmngr@2.4.4-2ubuntu17 - - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@latest - - gnupg2/gpg@2.4.4-2ubuntu17 + glibc/libc-bin@2.35-0ubuntu3.6 @@ -2697,7 +4177,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - gnupg2/gpg-agent@2.4.4-2ubuntu17 + glibc/libc6@2.35-0ubuntu3.6 @@ -2709,31 +4189,28 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

    +

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 gnupg2.

    +

    There is no fixed version for Ubuntu:22.04 glibc.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    Allocation of Resources Without Limits or Throttling

    +

    Improper Input Validation

    @@ -2747,18 +4224,18 @@

    Allocation of Resources Without Limits or Throttling

    › Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: - glibc/libc-bin + git/git-man
  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and glibc/libc-bin@2.39-0ubuntu8.2 + docker-image|quay.io/argoproj/argocd@latest, git@1:2.34.1-1ubuntu1.10 and others
    • @@ -2772,7 +4249,18 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - glibc/libc-bin@2.39-0ubuntu8.2 + git@1:2.34.1-1ubuntu1.10 + + git/git-man@1:2.34.1-1ubuntu1.10 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + git@1:2.34.1-1ubuntu1.10 @@ -2781,7 +4269,9 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - glibc/libc6@2.39-0ubuntu8.2 + git-lfs@3.0.2-1ubuntu0.2 + + git@1:2.34.1-1ubuntu1.10 @@ -2793,28 +4283,27 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    +

    Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 glibc.

    +

    There is no fixed version for Ubuntu:22.04 git.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    Improper Input Validation

    +

    Uncontrolled Recursion

    @@ -2828,18 +4317,18 @@

    Improper Input Validation

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: - git/git-man + gcc-12/libstdc++6
  • Introduced through: + docker-image|quay.io/argoproj/argocd@latest and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 - docker-image|quay.io/argoproj/argocd@latest, git@1:2.43.0-1ubuntu7.1 and others
    • @@ -2853,9 +4342,18 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + + + + +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + apt@2.4.11 - git/git-man@1:2.43.0-1ubuntu7.1 + gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -2864,7 +4362,11 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + apt@2.4.11 + + apt/libapt-pkg6.0@2.4.11 + + gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -2873,9 +4375,16 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - git-lfs@3.4.1-1 + gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest - git@1:2.43.0-1ubuntu7.1 + gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -2887,22 +4396,24 @@

    Detailed paths

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    +

    Note: Versions mentioned in the description apply only to the upstream gcc-12 package and not the gcc-12 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 git.

    +

    There is no fixed version for Ubuntu:22.04 gcc-12.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -2921,7 +4432,7 @@

    Improper Input Validation

    Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile
  • - Package Manager: ubuntu:24.04 + Package Manager: ubuntu:22.04
  • Vulnerable module: @@ -2931,7 +4442,7 @@

    Improper Input Validation

  • Introduced through: - docker-image|quay.io/argoproj/argocd@latest and coreutils@9.4-3ubuntu6 + docker-image|quay.io/argoproj/argocd@latest and coreutils@8.32-4.1ubuntu1.1
    • @@ -2946,7 +4457,7 @@

    Detailed paths

    Introduced through: docker-image|quay.io/argoproj/argocd@latest - coreutils@9.4-3ubuntu6 + coreutils@8.32-4.1ubuntu1.1 @@ -2959,24 +4470,24 @@

    Detailed paths

    NVD Description

    Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 coreutils.

    +

    There is no fixed version for Ubuntu:22.04 coreutils.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html b/docs/snyk/master/redis_7.0.14-alpine.html similarity index 59% rename from docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html rename to docs/snyk/master/redis_7.0.14-alpine.html index 4bcd1e6851d01..f47d4fe717527 100644 --- a/docs/snyk/master/public.ecr.aws_docker_library_haproxy_2.6.17-alpine.html +++ b/docs/snyk/master/redis_7.0.14-alpine.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,37 +456,29 @@

    Snyk test report

    -

    June 30th 2024, 12:16:55 am (UTC+00:00)

    +

    March 24th 2024, 12:15:59 am (UTC+00:00)

    - Scanned the following path: + Scanned the following paths:
      -
    • public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy (apk)
      • +
    • redis:7.0.14-alpine (apk)
      • +
    • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
    -
    4 known vulnerabilities
    -
    32 vulnerable dependency paths
    -
    18 dependencies
    +
    3 known vulnerabilities
    +
    27 vulnerable dependency paths
    +
    19 dependencies
    -
    - - - - - - - -
    Project docker-image|public.ecr.aws/docker/library/haproxy
    Path public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy
    Package Manager apk
    -
    +
    -

    Use After Free

    +

    Out-of-bounds Write

    @@ -497,17 +489,17 @@

    Use After Free

    • - Package Manager: alpine:3.20 + Package Manager: alpine:3.19
    • Vulnerable module: - busybox/busybox + openssl/libcrypto3
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28 + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2
    @@ -520,181 +512,97 @@

    Detailed paths

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/busybox@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine - - alpine-baselayout/alpine-baselayout@3.6.5-r0 - - busybox/busybox-binsh@1.36.1-r28 + docker-image|redis@7.0.14-alpine - busybox/busybox@1.36.1-r28 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + .redis-rundeps@20231208.201137 - busybox/busybox-binsh@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - alpine-baselayout/alpine-baselayout@3.6.5-r0 + apk-tools/apk-tools@2.14.0-r5 - busybox/busybox-binsh@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - ca-certificates/ca-certificates@20240226-r0 + busybox/ssl_client@1.36.1-r15 - busybox/busybox-binsh@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.20 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine - - busybox/busybox@1.36.1-r28 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + .redis-rundeps@20231208.201137 - alpine-baselayout/alpine-baselayout@3.6.5-r0 + openssl/libssl3@3.1.4-r2 - busybox/busybox-binsh@1.36.1-r28 - - busybox/busybox@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/busybox-binsh@1.36.1-r28 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - alpine-baselayout/alpine-baselayout@3.6.5-r0 + .redis-rundeps@20231208.201137 - busybox/busybox-binsh@1.36.1-r28 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - ca-certificates/ca-certificates@20240226-r0 + apk-tools/apk-tools@2.14.0-r5 - busybox/busybox-binsh@1.36.1-r28 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 - busybox/ssl_client@1.36.1-r28 + openssl/libssl3@3.1.4-r2 @@ -706,36 +614,67 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

      +

      Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-4741

    +
    +

    CVE-2024-0727

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.20 + Package Manager: alpine:3.19
    • Vulnerable module: @@ -745,7 +684,7 @@

      CVE-2024-4741

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2 + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2
    @@ -758,108 +697,97 @@

    Detailed paths

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - .haproxy-rundeps@20240524.005458 + .redis-rundeps@20231208.201137 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - apk-tools/apk-tools@2.14.4-r0 + apk-tools/apk-tools@2.14.0-r5 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 + busybox/ssl_client@1.36.1-r15 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - ca-certificates/ca-certificates@20240226-r0 + .redis-rundeps@20231208.201137 - openssl/libcrypto3@3.3.0-r2 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine - - .haproxy-rundeps@20240524.005458 + openssl/libssl3@3.1.4-r2 - openssl/libssl3@3.3.0-r2 - - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - .haproxy-rundeps@20240524.005458 + .redis-rundeps@20231208.201137 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - apk-tools/apk-tools@2.14.4-r0 + apk-tools/apk-tools@2.14.0-r5 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 + busybox/ssl_client@1.36.1-r15 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2 @@ -871,19 +799,46 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

      +

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

      +

      Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

      +

      A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

      +

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

      +

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

      +

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

      +

      Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-5535

    +

    CVE-2023-6237

    @@ -894,7 +849,7 @@

    CVE-2024-5535

    • - Package Manager: alpine:3.20 + Package Manager: alpine:3.19
    • Vulnerable module: @@ -904,7 +859,7 @@

      CVE-2024-5535

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2 + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2
    @@ -917,108 +872,97 @@

    Detailed paths

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - .haproxy-rundeps@20240524.005458 + .redis-rundeps@20231208.201137 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - apk-tools/apk-tools@2.14.4-r0 + apk-tools/apk-tools@2.14.0-r5 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 + busybox/ssl_client@1.36.1-r15 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - ca-certificates/ca-certificates@20240226-r0 + .redis-rundeps@20231208.201137 - openssl/libcrypto3@3.3.0-r2 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine - - .haproxy-rundeps@20240524.005458 + openssl/libssl3@3.1.4-r2 - openssl/libssl3@3.3.0-r2 - - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - .haproxy-rundeps@20240524.005458 + .redis-rundeps@20231208.201137 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - apk-tools/apk-tools@2.14.4-r0 + apk-tools/apk-tools@2.14.0-r5 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 + busybox/ssl_client@1.36.1-r15 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2 @@ -1030,82 +974,14 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

      -

      Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

      -

      Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

      -

      The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

      -

      This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

      -

      In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

      -

      This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

      -

      The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

      -

      Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

      +

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

      -

      References

      - +

      Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/master/redis_7.0.15-alpine.html b/docs/snyk/master/redis_7.0.15-alpine.html deleted file mode 100644 index 7a462dd9c2e33..0000000000000 --- a/docs/snyk/master/redis_7.0.15-alpine.html +++ /dev/null @@ -1,701 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:17:27 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.20 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.12/argocd-iac-install.html b/docs/snyk/v2.10.12/argocd-iac-install.html deleted file mode 100644 index 75c037a332118..0000000000000 --- a/docs/snyk/v2.10.12/argocd-iac-install.html +++ /dev/null @@ -1,2891 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:26:11 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • -
    -
    - -
    -
    44 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 17] - - rules[5] - - resources - -
      • - -
    • - Line number: 20895 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[0] - - resources - -
      • - -
    • - Line number: 20580 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[4] - - resources - -
      • - -
    • - Line number: 20665 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 20693 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[1] - - resources - -
      • - -
    • - Line number: 20723 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[3] - - resources - -
      • - -
    • - Line number: 20741 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 14] - - rules[0] - - resources - -
      • - -
    • - Line number: 20759 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 15] - - rules[0] - - resources - -
      • - -
    • - Line number: 20781 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 48] - - spec - - template - - spec - - initContainers[secret-init] - - imagePullPolicy - -
      • - -
    • - Line number: 21827 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 49] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 22108 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21388 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21639 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21605 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21699 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21798 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21822 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22108 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21879 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22193 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22544 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 21619 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 45] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 21388 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 21605 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 48] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 21798 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21388 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21605 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21639 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21699 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21798 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21822 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22108 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21879 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22193 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22544 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21529 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21647 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21622 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21732 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21815 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21829 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22115 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22081 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22454 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22745 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.10.12/argocd-test.html b/docs/snyk/v2.10.12/argocd-test.html deleted file mode 100644 index 665e2e909fd6f..0000000000000 --- a/docs/snyk/v2.10.12/argocd-test.html +++ /dev/null @@ -1,4384 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:24:07 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    11 known vulnerabilities
    -
    183 vulnerable dependency paths
    -
    2042 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.46.1 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#fbecbb86e412 - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/whilp/git-urls@1.0.2 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/whilp/git-urls is a Git URLs parser

    -

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    -

    Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    -

    PoC

    - 
    
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    -

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    -

    Let’s take the following regular expression as an example:

    - 
    regex = /A(B|C+)+D/
-
    -

    This regular expression accomplishes the following:

    -
      -
    • A The string must start with the letter 'A'
      • -
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • -
    • D Finally, we ensure this section of the string ends with a 'D'
      • -
    -

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    -

    It most cases, it doesn't take very long for a regex engine to find a match:

    - 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
    -

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    -

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    -

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    -
      -
    1. CCC
      2. -
    2. CC+C
      3. -
    3. C+CC
      4. -
    4. C+C+C.
      5. -
    -

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    -

    From there, the number of steps the engine must use to validate a string just continues to grow.

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    -

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for github.com/whilp/git-urls.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#84b9f7913604 - - github.com/argoproj/notifications-engine/pkg/services@#84b9f7913604 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html b/docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html deleted file mode 100644 index d141e46181c8c..0000000000000 --- a/docs/snyk/v2.10.12/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,2564 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:24:21 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • haproxy:2.6.14-alpine (apk)
      • -
    -
    - -
    -
    13 known vulnerabilities
    -
    101 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    CVE-2023-5363

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

    -

    Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

    -

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    -

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

    -

    Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

    -

    Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

    -

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Check for Unusual or Exceptional Conditions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

    -

    While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

    -

    Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

    -

    An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

    -

    Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.12/redis_7.0.15-alpine.html b/docs/snyk/v2.10.12/redis_7.0.15-alpine.html deleted file mode 100644 index 8f6f0e1d82169..0000000000000 --- a/docs/snyk/v2.10.12/redis_7.0.15-alpine.html +++ /dev/null @@ -1,701 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:24:50 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.20 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.11.3/argocd-iac-install.html b/docs/snyk/v2.11.3/argocd-iac-install.html deleted file mode 100644 index 99f94a5a063cf..0000000000000 --- a/docs/snyk/v2.11.3/argocd-iac-install.html +++ /dev/null @@ -1,2891 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:23:46 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • -
    -
    - -
    -
    44 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 17] - - rules[5] - - resources - -
      • - -
    • - Line number: 21059 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[0] - - resources - -
      • - -
    • - Line number: 20744 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[4] - - resources - -
      • - -
    • - Line number: 20829 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 20857 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[1] - - resources - -
      • - -
    • - Line number: 20887 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[3] - - resources - -
      • - -
    • - Line number: 20905 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 14] - - rules[0] - - resources - -
      • - -
    • - Line number: 20923 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 15] - - rules[0] - - resources - -
      • - -
    • - Line number: 20945 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 48] - - spec - - template - - spec - - initContainers[secret-init] - - imagePullPolicy - -
      • - -
    • - Line number: 21991 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 49] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 22278 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21552 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21803 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21769 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21863 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21962 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21986 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22278 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22043 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22363 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22714 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 21783 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 45] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 21552 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 21769 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 48] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 21962 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21552 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21769 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21803 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21863 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21962 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21986 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22278 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22043 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22363 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22714 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21693 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21811 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21786 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21896 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21979 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21993 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22285 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22251 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22624 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22915 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.11.3/argocd-test.html b/docs/snyk/v2.11.3/argocd-test.html deleted file mode 100644 index 5094796831f5e..0000000000000 --- a/docs/snyk/v2.11.3/argocd-test.html +++ /dev/null @@ -1,4169 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:21:43 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • -
    • /argo-cd/ui/yarn.lock (yarn)
      • -
    -
    - -
    -
    10 known vulnerabilities
    -
    177 vulnerable dependency paths
    -
    2041 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.26.11 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.21.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.46.1 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.59.0 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.59.0 - - google.golang.org/grpc/health/grpc_health_v1@1.59.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/testing@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.14.7 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/resource@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/util/retry@0.26.11 - - k8s.io/apimachinery/pkg/api/errors@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/portforward@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.26.11 - - k8s.io/apimachinery/pkg/api/equality@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/fake@0.26.11 - - k8s.io/client-go/testing@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/health@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.14.7 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/auth@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 - - k8s.io/apimachinery/pkg/util/strategicpatch@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.26.11 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/record@0.26.11 - - k8s.io/client-go/tools/reference@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/apps/v1@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers@0.26.11 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.26.11 - - k8s.io/client-go/tools/remotecommand@0.26.11 - - k8s.io/client-go/transport/spdy@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - k8s.io/client-go/transport@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - k8s.io/client-go/listers/core/v1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.26.11 - - k8s.io/client-go/applyconfigurations/meta/v1@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.14.7 - - k8s.io/client-go/tools/cache@0.26.11 - - k8s.io/client-go/tools/pager@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/diff@#fbecbb86e412 - - k8s.io/kubectl/pkg/cmd/util@0.26.11 - - k8s.io/kubectl/pkg/validation@0.26.11 - - k8s.io/cli-runtime/pkg/resource@0.26.11 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/builder@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/envtest@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.14.7 - - k8s.io/apimachinery/pkg/runtime/serializer@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - k8s.io/client-go/tools/clientcmd@0.26.11 - - k8s.io/client-go/tools/clientcmd/api/latest@0.26.11 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/kubernetes@0.26.11 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#fbecbb86e412 - - k8s.io/kubernetes/pkg/apis/storage/install@1.26.11 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.26.11 - - k8s.io/api/storage/v1alpha1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/handler@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/sync/common@#fbecbb86e412 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/manager@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/metrics@0.14.7 - - k8s.io/client-go/tools/leaderelection@0.26.11 - - k8s.io/client-go/tools/leaderelection/resourcelock@0.26.11 - - k8s.io/client-go/rest@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - google.golang.org/api/chat/v1@0.132.0 - - google.golang.org/api/transport/http@0.132.0 - - google.golang.org/api/option@0.132.0 - - google.golang.org/grpc@1.59.0 - - google.golang.org/grpc/internal/transport@1.59.0 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#fbecbb86e412 - - k8s.io/kubectl/pkg/util/openapi@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.14.7 - - k8s.io/client-go/restmapper@0.26.11 - - k8s.io/client-go/discovery@0.26.11 - - k8s.io/client-go/kubernetes/scheme@0.26.11 - - k8s.io/api/storage/v1beta1@0.26.11 - - k8s.io/api/core/v1@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/controller@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.14.7 - - sigs.k8s.io/controller-runtime/pkg/client@0.14.7 - - k8s.io/client-go/dynamic@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.26.11 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.26.11 - - k8s.io/apimachinery/pkg/watch@0.26.11 - - k8s.io/apimachinery/pkg/util/net@0.26.11 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/r3labs/diff@1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - code.gitea.io/sdk/gitea@0.15.1 - - github.com/hashicorp/go-version@1.2.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#f48567108f01 - - github.com/argoproj/notifications-engine/pkg/services@#f48567108f01 - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - github.com/hashicorp/go-cleanhttp@0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/gosimple/slug@1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/Azure/azure-sdk-for-go/sdk/azidentity -
      • - -
    • Introduced through: - - - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - argo-cd-ui@1.0.0 - - redoc@2.0.0-rc.64 - - dompurify@2.3.6 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

    -

    Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

    -

    PoC

    - 
    <![CDATA[ ><img src onerror=alert(1)> ]]>
-
    -

    Remediation

    -

    Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.12.0-rc2/argocd-iac-install.html b/docs/snyk/v2.12.0-rc2/argocd-iac-install.html deleted file mode 100644 index 1c5af80e8c736..0000000000000 --- a/docs/snyk/v2.12.0-rc2/argocd-iac-install.html +++ /dev/null @@ -1,2891 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:21:14 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • -
    -
    - -
    -
    44 total issues
    -
    -
    -
    -
    - -
    - - - - - - -
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    -
    -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 17] - - rules[5] - - resources - -
      • - -
    • - Line number: 21103 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 10] - - rules[0] - - resources - -
      • - -
    • - Line number: 20788 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 11] - - rules[4] - - resources - -
      • - -
    • - Line number: 20873 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 20901 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[1] - - resources - -
      • - -
    • - Line number: 20931 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 13] - - rules[3] - - resources - -
      • - -
    • - Line number: 20949 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 14] - - rules[0] - - resources - -
      • - -
    • - Line number: 20967 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 15] - - rules[0] - - resources - -
      • - -
    • - Line number: 20989 -
      • -
    - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 48] - - spec - - template - - spec - - initContainers[secret-init] - - imagePullPolicy - -
      • - -
    • - Line number: 22035 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 49] - - spec - - template - - spec - - initContainers[copyutil] - - imagePullPolicy - -
      • - -
    • - Line number: 22334 -
      • -
    - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21596 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21847 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21813 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 21907 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22006 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22030 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22334 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22087 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22419 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 22770 -
      • -
    - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running with multiple open ports

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-36 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - containers[dex] - - ports - -
      • - -
    • - Line number: 21827 -
      • -
    - -
    - -

    Impact

    -

    Increases the attack surface of the application and the container.

    - -

    Remediation

    -

    Reduce `ports` count to 2

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 45] - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - livenessProbe - -
      • - -
    • - Line number: 21596 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 46] - - spec - - template - - spec - - containers[dex] - - livenessProbe - -
      • - -
    • - Line number: 21813 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without liveness probe

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-41 -
      • - -
    • Introduced through: - [DocId: 48] - - spec - - template - - spec - - containers[redis] - - livenessProbe - -
      • - -
    • - Line number: 22006 -
      • -
    - -
    - -

    Impact

    -

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    - -

    Remediation

    -

    Add `livenessProbe` attribute

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21596 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21813 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21847 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 21907 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22006 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22030 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22334 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22087 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22419 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - resources - - limits - - memory - -
      • - -
    • - Line number: 22770 -
      • -
    - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 45] - - input - - spec - - template - - spec - - containers[argocd-applicationset-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21737 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21855 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 46] - - input - - spec - - template - - spec - - containers[dex] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21830 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - - containers[argocd-notifications-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 21940 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - containers[redis] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22023 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 48] - - input - - spec - - template - - spec - - initContainers[secret-init] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22037 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - initContainers[copyutil] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22341 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 49] - - input - - spec - - template - - spec - - containers[argocd-repo-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22307 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 50] - - input - - spec - - template - - spec - - containers[argocd-server] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22680 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 51] - - input - - spec - - template - - spec - - containers[argocd-application-controller] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 22971 -
      • -
    - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -
    - -
    - - - diff --git a/docs/snyk/v2.12.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.12.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html deleted file mode 100644 index 116b1cdac5788..0000000000000 --- a/docs/snyk/v2.12.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html +++ /dev/null @@ -1,3808 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:19:16 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex (apk)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/dex (gomodules)
      • -
    -
    - -
    -
    37 known vulnerabilities
    -
    113 vulnerable dependency paths
    -
    829 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.19.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.20.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/internal/encoding/json -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/internal/encoding/json@v1.31.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/internal/encoding/json@v1.32.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Stack-based Buffer Overflow

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Infinite loop

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - google.golang.org/protobuf/encoding/protojson -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - google.golang.org/protobuf/encoding/protojson@v1.31.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - google.golang.org/protobuf/encoding/protojson@v1.32.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    -

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/vault/sdk/helper/certutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/sdk/logical@v0.5.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/vault/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/vault/api@v1.6.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/serf/coordinate -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/serf/coordinate@v0.9.7 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/hcl/v2 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/hashicorp/hcl/v2/json@v2.13.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/hcl -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl@v1.0.0 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/hcl/hcl/token@v1.0.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/golang-lru/simplelru -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/golang-lru/simplelru@v0.5.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-version@v1.5.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-sockaddr -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr@v1.0.2 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-sockaddr/template@v1.0.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/strutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/parseutil -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-secure-stdlib/mlock -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-rootcerts -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-rootcerts@v1.0.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-plugin -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin@v1.4.4 - - - -
      • -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-immutable-radix -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-immutable-radix@v1.3.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/errwrap -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/errwrap@v1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/consul/api -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/consul/api@v1.13.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/gosimple/slug@v1.12.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/go-sql-driver/mysql -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-sql-driver/mysql@v1.7.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/dexidp/dex@* - - github.com/go-jose/go-jose/v3@v3.0.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.12.0-rc2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html b/docs/snyk/v2.12.0-rc2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html deleted file mode 100644 index 3e8e0f114a654..0000000000000 --- a/docs/snyk/v2.12.0-rc2/public.ecr.aws_docker_library_redis_7.0.15-alpine.html +++ /dev/null @@ -1,701 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:19:25 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • public.ecr.aws/docker/library/redis:7.0.15-alpine/docker/library/redis (apk)
      • -
    • public.ecr.aws/docker/library/redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.20 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine and openssl/libcrypto3@3.3.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.12.0-rc2/quay.io_argoproj_argocd_v2.12.0-rc2.html b/docs/snyk/v2.12.0-rc2/quay.io_argoproj_argocd_v2.12.0-rc2.html deleted file mode 100644 index 0d2858733b0e1..0000000000000 --- a/docs/snyk/v2.12.0-rc2/quay.io_argoproj_argocd_v2.12.0-rc2.html +++ /dev/null @@ -1,3056 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:19:46 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.12.0-rc2//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.12.0-rc2/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.12.0-rc2/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • -
    -
    - -
    -
    22 known vulnerabilities
    -
    99 vulnerable dependency paths
    -
    2290 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2020-22916

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - xz-utils/liblzma5 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and xz-utils/liblzma5@5.6.1+really5.4.5-1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - apt@2.7.14build2 - - apt/libapt-pkg6.0t64@2.7.14build2 - - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - dash@0.5.12-6ubuntu5 - - dpkg@1.22.6ubuntu6 - - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - apt@2.7.14build2 - - adduser@3.137ubuntu1 - - shadow/passwd@1:4.13+dfsg1-4ubuntu3 - - pam/libpam-modules@1.5.3-5ubuntu5.1 - - systemd/libsystemd0@255.4-1ubuntu8.1 - - xz-utils/liblzma5@5.6.1+really5.4.5-1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream xz-utils package and not the xz-utils package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 xz-utils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - libgcrypt20 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and libgcrypt20@1.10.3-2build1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - libgcrypt20@1.10.3-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/dirmngr@2.4.4-2ubuntu17 - - libgcrypt20@1.10.3-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/gpg@2.4.4-2ubuntu17 - - libgcrypt20@1.10.3-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/gpg-agent@2.4.4-2ubuntu17 - - libgcrypt20@1.10.3-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - apt@2.7.14build2 - - apt/libapt-pkg6.0t64@2.7.14build2 - - libgcrypt20@1.10.3-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - apt@2.7.14build2 - - gnupg2/gpgv@2.4.4-2ubuntu17 - - libgcrypt20@1.10.3-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/gpg@2.4.4-2ubuntu17 - - gnupg2/gpgconf@2.4.4-2ubuntu17 - - libgcrypt20@1.10.3-2build1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - apt@2.7.14build2 - - adduser@3.137ubuntu1 - - shadow/passwd@1:4.13+dfsg1-4ubuntu3 - - pam/libpam-modules@1.5.3-5ubuntu5.1 - - systemd/libsystemd0@255.4-1ubuntu8.1 - - libgcrypt20@1.10.3-2build1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream libgcrypt20 package and not the libgcrypt20 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 libgcrypt20.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26462

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2, git@1:2.43.0-1ubuntu7.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssh/openssh-client@1:9.6p1-3ubuntu13 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - libssh/libssh-4@0.10.6-2build2 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - krb5/krb5-locales@1.20.1-6ubuntu2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    LGPL-3.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - gopkg.in/retry.v1 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - gopkg.in/retry.v1@v1.0.3 - - - -
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/r3labs/diff@v1.1.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.6.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-version@v1.6.0 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-retryablehttp@v0.7.4 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/helm/v3 /usr/local/bin/helm -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-multierror -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/hashicorp/go-multierror@v1.1.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-cleanhttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/hashicorp/go-cleanhttp@v0.5.2 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/gosimple/slug -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/gosimple/slug@v1.13.1 - - - -
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Release of Invalid Pointer or Reference

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and patch@2.7.6-7build3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - patch@2.7.6-7build3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Double Free

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - patch -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and patch@2.7.6-7build3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - patch@2.7.6-7build3 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    A double free exists in the another_hunk function in pch.c in GNU patch through 2.7.6.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 patch.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3t64 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and openssl/libssl3t64@3.0.13-0ubuntu3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - coreutils@9.4-3ubuntu6 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - libfido2/libfido2-1@1.14.0-1build3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssh/openssh-client@1:9.6p1-3ubuntu13 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - ca-certificates@20240203 - - openssl@3.0.13-0ubuntu3.1 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - libssh/libssh-4@0.10.6-2build2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 - - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssl@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - ca-certificates@20240203 - - openssl@3.0.13-0ubuntu3.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3t64 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and openssl/libssl3t64@3.0.13-0ubuntu3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - coreutils@9.4-3ubuntu6 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - libfido2/libfido2-1@1.14.0-1build3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssh/openssh-client@1:9.6p1-3ubuntu13 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - ca-certificates@20240203 - - openssl@3.0.13-0ubuntu3.1 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - libssh/libssh-4@0.10.6-2build2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 - - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssl@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - ca-certificates@20240203 - - openssl@3.0.13-0ubuntu3.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - openssl/libssl3t64 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and openssl/libssl3t64@3.0.13-0ubuntu3.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - coreutils@9.4-3ubuntu6 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - cyrus-sasl2/libsasl2-modules@2.1.28+dfsg1-5ubuntu3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - libfido2/libfido2-1@1.14.0-1build3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssh/openssh-client@1:9.6p1-3ubuntu13 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - ca-certificates@20240203 - - openssl@3.0.13-0ubuntu3.1 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - libssh/libssh-4@0.10.6-2build2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - openldap/libldap2@2.6.7+dfsg-1~exp1ubuntu8 - - cyrus-sasl2/libsasl2-2@2.1.28+dfsg1-5ubuntu3 - - openssl/libssl3t64@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssl@3.0.13-0ubuntu3.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - ca-certificates@20240203 - - openssl@3.0.13-0ubuntu3.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 openssl.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26458

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2, git@1:2.43.0-1ubuntu7.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssh/openssh-client@1:9.6p1-3ubuntu13 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - libssh/libssh-4@0.10.6-2build2 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - krb5/krb5-locales@1.20.1-6ubuntu2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-26461

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - krb5/libk5crypto3 -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2, git@1:2.43.0-1ubuntu7.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - krb5/libk5crypto3@1.20.1-6ubuntu2 - - krb5/libkrb5support0@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - krb5/libkrb5-3@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - openssh/openssh-client@1:9.6p1-3ubuntu13 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - curl/libcurl3t64-gnutls@8.5.0-2ubuntu10.1 - - libssh/libssh-4@0.10.6-2build2 - - krb5/libgssapi-krb5-2@1.20.1-6ubuntu2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - krb5/krb5-locales@1.20.1-6ubuntu2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 krb5.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - gnupg2/gpgv -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and gnupg2/gpgv@2.4.4-2ubuntu17 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/gpgv@2.4.4-2ubuntu17 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - apt@2.7.14build2 - - gnupg2/gpgv@2.4.4-2ubuntu17 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/dirmngr@2.4.4-2ubuntu17 - - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/gpg-agent@2.4.4-2ubuntu17 - - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/gpg@2.4.4-2ubuntu17 - - gnupg2/gpgconf@2.4.4-2ubuntu17 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/dirmngr@2.4.4-2ubuntu17 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/gpg@2.4.4-2ubuntu17 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - gnupg2/gpg-agent@2.4.4-2ubuntu17 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnupg2 package and not the gnupg2 package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 gnupg2.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - glibc/libc-bin -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and glibc/libc-bin@2.39-0ubuntu8.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - glibc/libc-bin@2.39-0ubuntu8.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - glibc/libc6@2.39-0ubuntu8.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 glibc.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - git/git-man -
      • - -
    • Introduced through: - - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2, git@1:2.43.0-1ubuntu7.1 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - git/git-man@1:2.43.0-1ubuntu7.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git@1:2.43.0-1ubuntu7.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - git-lfs@3.4.1-1 - - git@1:2.43.0-1ubuntu7.1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream git package and not the git package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    GIT version 2.15.1 and earlier contains a Input Validation Error vulnerability in Client that can result in problems including messing up terminal configuration to RCE. This attack appear to be exploitable via The user must interact with a malicious git server, (or have their traffic modified in a MITM attack).

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 git.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Input Validation

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.12.0-rc2/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:24.04 -
      • -
    • - Vulnerable module: - - coreutils -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 and coreutils@9.4-3ubuntu6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.12.0-rc2 - - coreutils@9.4-3ubuntu6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream coreutils package and not the coreutils package as distributed by Ubuntu. - See How to fix? for Ubuntu:24.04 relevant fixed versions and status.

    -

    chroot in GNU coreutils, when used with --userspec, allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:24.04 coreutils.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.12.0-rc2/redis_7.0.15-alpine.html b/docs/snyk/v2.12.0-rc2/redis_7.0.15-alpine.html deleted file mode 100644 index 0ef01b1b16240..0000000000000 --- a/docs/snyk/v2.12.0-rc2/redis_7.0.15-alpine.html +++ /dev/null @@ -1,701 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:19:51 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.20 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.9.17/argocd-iac-install.html b/docs/snyk/v2.7.17/argocd-iac-install.html similarity index 89% rename from docs/snyk/v2.9.17/argocd-iac-install.html rename to docs/snyk/v2.7.17/argocd-iac-install.html index ed46d2f0bb05a..cfced2ce2b173 100644 --- a/docs/snyk/v2.9.17/argocd-iac-install.html +++ b/docs/snyk/v2.7.17/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:28:41 am (UTC+00:00)

    +

    March 24th 2024, 12:23:21 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    43 total issues
    +
    39 total issues
    @@ -507,7 +507,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20310 + Line number: 16324
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20395 + Line number: 16401
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20423 + Line number: 16429
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20453 + Line number: 16459
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20471 + Line number: 16477
    • @@ -737,53 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20489 -
    • - - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 15] - - rules[0] - - resources - -
      • - -
    • - Line number: 20511 + Line number: 16493
    @@ -828,58 +782,6 @@

    Container could be running with outdated image

    spec - initContainers[secret-init] - - imagePullPolicy - - - -
  • - Line number: 21439 -
    • - - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 47] - - spec - - template - - spec - initContainers[copyutil] imagePullPolicy @@ -887,7 +789,7 @@

      Container could be running with outdated image

    • - Line number: 21696 + Line number: 17537
    @@ -924,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -945,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 21012 + Line number: 16980
    • @@ -982,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1003,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 21257 + Line number: 17152
    • @@ -1040,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1061,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 21223 + Line number: 17118
    • @@ -1098,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1119,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 21317 + Line number: 17212
    • @@ -1156,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1177,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 21410 + Line number: 17293
    • @@ -1224,7 +1126,7 @@

    Container has no CPU limit

    spec - initContainers[secret-init] + initContainers[copyutil] resources @@ -1235,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 21434 + Line number: 17537
    • @@ -1272,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -1282,7 +1184,7 @@

    Container has no CPU limit

    spec - initContainers[copyutil] + containers[argocd-repo-server] resources @@ -1293,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 21696 + Line number: 17349
    • @@ -1340,7 +1242,7 @@

    Container has no CPU limit

    spec - containers[argocd-repo-server] + containers[argocd-server] resources @@ -1351,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 21491 + Line number: 17622
    • @@ -1398,7 +1300,7 @@

    Container has no CPU limit

    spec - containers[argocd-server] + containers[argocd-application-controller] resources @@ -1409,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 21781 + Line number: 17932
    • @@ -1431,7 +1333,7 @@

    Remediation

    -

    Container has no CPU limit

    +

    Container is running with multiple open ports

    @@ -1442,13 +1344,11 @@

    Container has no CPU limit

    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-36
    • Introduced through: - [DocId: 49] - - input + [DocId: 43] spec @@ -1456,40 +1356,36 @@

      Container has no CPU limit

      spec - containers[argocd-application-controller] - - resources - - limits + containers[dex] - cpu + ports
    • - Line number: 22108 + Line number: 17132

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    +

    Increases the attack surface of the application and the container.

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    +

    Reduce `ports` count to 2

    -

    More about this issue

    +

    More about this issue

    -

    Container is running with multiple open ports

    +

    Container is running with writable root filesystem

    @@ -1500,11 +1396,11 @@

    Container is running with multiple open ports

    • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-8
    • Introduced through: - [DocId: 44] + [DocId: 45] spec @@ -1512,31 +1408,33 @@

      Container is running with multiple open ports

      spec - containers[dex] + containers[redis] - ports + securityContext + + readOnlyRootFilesystem
    • - Line number: 21237 + Line number: 17303

    Impact

    -

    Increases the attack surface of the application and the container.

    +

    Compromised process could abuse writable root filesystem to elevate privileges

    Remediation

    -

    Reduce `ports` count to 2

    +

    Set `spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem` to `true`

    -

    More about this issue

    +

    More about this issue

    @@ -1556,7 +1454,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 43] + [DocId: 42] spec @@ -1571,7 +1469,7 @@

    Container is running without liveness probe

  • - Line number: 21012 + Line number: 16980
    • @@ -1608,7 +1506,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 44] + [DocId: 43] spec @@ -1623,7 +1521,7 @@

    Container is running without liveness probe

  • - Line number: 21223 + Line number: 17118
    • @@ -1660,7 +1558,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 46] + [DocId: 45] spec @@ -1675,7 +1573,7 @@

    Container is running without liveness probe

  • - Line number: 21410 + Line number: 17293
    • @@ -1712,7 +1610,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -1733,7 +1631,7 @@

    Container is running without memory limit

  • - Line number: 21012 + Line number: 16980
    • @@ -1770,7 +1668,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1791,7 +1689,7 @@

    Container is running without memory limit

  • - Line number: 21223 + Line number: 17118
    • @@ -1828,7 +1726,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -1849,7 +1747,7 @@

    Container is running without memory limit

  • - Line number: 21257 + Line number: 17152
    • @@ -1886,7 +1784,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -1907,7 +1805,7 @@

    Container is running without memory limit

  • - Line number: 21317 + Line number: 17212
    • @@ -1944,7 +1842,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -1965,7 +1863,7 @@

    Container is running without memory limit

  • - Line number: 21410 + Line number: 17293
    • @@ -2012,64 +1910,6 @@

    Container is running without memory limit

    spec - initContainers[secret-init] - - resources - - limits - - memory - - - -
  • - Line number: 21434 -
    • - - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - initContainers[copyutil] resources @@ -2081,7 +1921,7 @@

      Container is running without memory limit

    • - Line number: 21696 + Line number: 17537
    @@ -2118,7 +1958,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2139,7 +1979,7 @@

    Container is running without memory limit

  • - Line number: 21491 + Line number: 17349
    • @@ -2176,7 +2016,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2197,7 +2037,7 @@

    Container is running without memory limit

  • - Line number: 21781 + Line number: 17622
    • @@ -2234,7 +2074,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 49] + [DocId: 48] input @@ -2255,7 +2095,7 @@

    Container is running without memory limit

  • - Line number: 22108 + Line number: 17932
    • @@ -2292,7 +2132,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 43] + [DocId: 42] input @@ -2311,7 +2151,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21147 + Line number: 17055
    • @@ -2348,7 +2188,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -2367,7 +2207,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21265 + Line number: 17160
    • @@ -2404,7 +2244,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 44] + [DocId: 43] input @@ -2423,7 +2263,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21240 + Line number: 17135
    • @@ -2460,7 +2300,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 45] + [DocId: 44] input @@ -2479,7 +2319,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21344 + Line number: 17227
    • @@ -2516,7 +2356,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 46] + [DocId: 45] input @@ -2535,7 +2375,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21427 + Line number: 17303
    • @@ -2582,62 +2422,6 @@

    Container's or Pod's UID could clash with hos spec - initContainers[secret-init] - - securityContext - - runAsUser - - - -
  • - Line number: 21441 -
    • - - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 47] - - input - - spec - - template - - spec - initContainers[copyutil] securityContext @@ -2647,7 +2431,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 21703 + Line number: 17544
    @@ -2684,7 +2468,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 47] + [DocId: 46] input @@ -2703,7 +2487,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 21669 + Line number: 17510
    • @@ -2740,7 +2524,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 48] + [DocId: 47] input @@ -2759,7 +2543,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22018 + Line number: 17842
    • @@ -2796,7 +2580,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 49] + [DocId: 48] input @@ -2815,7 +2599,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 22267 + Line number: 18074
    • diff --git a/docs/snyk/v2.10.12/argocd-iac-namespace-install.html b/docs/snyk/v2.7.17/argocd-iac-namespace-install.html similarity index 89% rename from docs/snyk/v2.10.12/argocd-iac-namespace-install.html rename to docs/snyk/v2.7.17/argocd-iac-namespace-install.html index c07ded390488e..f9744975422e6 100644 --- a/docs/snyk/v2.10.12/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.7.17/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:26:21 am (UTC+00:00)

    +

    March 24th 2024, 12:23:30 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    43 total issues
    +
    39 total issues

    @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 162 + Line number: 154
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 190 + Line number: 182
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 220 + Line number: 212
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 238 + Line number: 230
    • @@ -737,53 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 256 -
    • - - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 278 + Line number: 246
    @@ -828,58 +782,6 @@

    Container could be running with outdated image

    spec - initContainers[secret-init] - - imagePullPolicy - - - -
  • - Line number: 1112 -
    • - - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 40] - - spec - - template - - spec - initContainers[copyutil] imagePullPolicy @@ -887,7 +789,7 @@

      Container could be running with outdated image

    • - Line number: 1393 + Line number: 1197
    @@ -924,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -945,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 673 + Line number: 640
    • @@ -982,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -1003,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 924 + Line number: 812
    • @@ -1040,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -1061,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 890 + Line number: 778
    • @@ -1098,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -1119,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 984 + Line number: 872
    • @@ -1156,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -1177,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 1083 + Line number: 953
    • @@ -1224,7 +1126,7 @@

    Container has no CPU limit

    spec - initContainers[secret-init] + initContainers[copyutil] resources @@ -1235,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1107 + Line number: 1197
    • @@ -1272,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -1282,7 +1184,7 @@

    Container has no CPU limit

    spec - initContainers[copyutil] + containers[argocd-repo-server] resources @@ -1293,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1393 + Line number: 1009
    • @@ -1340,7 +1242,7 @@

    Container has no CPU limit

    spec - containers[argocd-repo-server] + containers[argocd-server] resources @@ -1351,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1164 + Line number: 1282
    • @@ -1398,7 +1300,7 @@

    Container has no CPU limit

    spec - containers[argocd-server] + containers[argocd-application-controller] resources @@ -1409,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1478 + Line number: 1592
    • @@ -1431,7 +1333,7 @@

    Remediation

    -

    Container has no CPU limit

    +

    Container is running with multiple open ports

    @@ -1442,13 +1344,11 @@

    Container has no CPU limit

    • - Public ID: SNYK-CC-K8S-5 + Public ID: SNYK-CC-K8S-36
    • Introduced through: - [DocId: 42] - - input + [DocId: 36] spec @@ -1456,40 +1356,36 @@

      Container has no CPU limit

      spec - containers[argocd-application-controller] - - resources - - limits + containers[dex] - cpu + ports
    • - Line number: 1829 + Line number: 792

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    +

    Increases the attack surface of the application and the container.

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    +

    Reduce `ports` count to 2

    -

    More about this issue

    +

    More about this issue

    -

    Container is running with multiple open ports

    +

    Container is running with writable root filesystem

    @@ -1500,11 +1396,11 @@

    Container is running with multiple open ports

    • - Public ID: SNYK-CC-K8S-36 + Public ID: SNYK-CC-K8S-8
    • Introduced through: - [DocId: 37] + [DocId: 38] spec @@ -1512,31 +1408,33 @@

      Container is running with multiple open ports

      spec - containers[dex] + containers[redis] - ports + securityContext + + readOnlyRootFilesystem
    • - Line number: 904 + Line number: 963

    Impact

    -

    Increases the attack surface of the application and the container.

    +

    Compromised process could abuse writable root filesystem to elevate privileges

    Remediation

    -

    Reduce `ports` count to 2

    +

    Set `spec.{containers, initContainers}.securityContext.readOnlyRootFilesystem` to `true`

    -

    More about this issue

    +

    More about this issue

    @@ -1556,7 +1454,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 36] + [DocId: 35] spec @@ -1571,7 +1469,7 @@

    Container is running without liveness probe

  • - Line number: 673 + Line number: 640
    • @@ -1608,7 +1506,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 36] spec @@ -1623,7 +1521,7 @@

    Container is running without liveness probe

  • - Line number: 890 + Line number: 778
    • @@ -1660,7 +1558,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 39] + [DocId: 38] spec @@ -1675,7 +1573,7 @@

    Container is running without liveness probe

  • - Line number: 1083 + Line number: 953
    • @@ -1712,7 +1610,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -1733,7 +1631,7 @@

    Container is running without memory limit

  • - Line number: 673 + Line number: 640
    • @@ -1770,7 +1668,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -1791,7 +1689,7 @@

    Container is running without memory limit

  • - Line number: 890 + Line number: 778
    • @@ -1828,7 +1726,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -1849,7 +1747,7 @@

    Container is running without memory limit

  • - Line number: 924 + Line number: 812
    • @@ -1886,7 +1784,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -1907,7 +1805,7 @@

    Container is running without memory limit

  • - Line number: 984 + Line number: 872
    • @@ -1944,7 +1842,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -1965,7 +1863,7 @@

    Container is running without memory limit

  • - Line number: 1083 + Line number: 953
    • @@ -2012,64 +1910,6 @@

    Container is running without memory limit

    spec - initContainers[secret-init] - - resources - - limits - - memory - - - -
  • - Line number: 1107 -
    • - - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - initContainers[copyutil] resources @@ -2081,7 +1921,7 @@

      Container is running without memory limit

    • - Line number: 1393 + Line number: 1197
    @@ -2118,7 +1958,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -2139,7 +1979,7 @@

    Container is running without memory limit

  • - Line number: 1164 + Line number: 1009
    • @@ -2176,7 +2016,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 41] + [DocId: 40] input @@ -2197,7 +2037,7 @@

    Container is running without memory limit

  • - Line number: 1478 + Line number: 1282
    • @@ -2234,7 +2074,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 41] input @@ -2255,7 +2095,7 @@

    Container is running without memory limit

  • - Line number: 1829 + Line number: 1592
    • @@ -2292,7 +2132,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 35] input @@ -2311,7 +2151,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 814 + Line number: 715
    • @@ -2348,7 +2188,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -2367,7 +2207,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 932 + Line number: 820
    • @@ -2404,7 +2244,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 36] input @@ -2423,7 +2263,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 907 + Line number: 795
    • @@ -2460,7 +2300,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 37] input @@ -2479,7 +2319,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1017 + Line number: 887
    • @@ -2516,7 +2356,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 38] input @@ -2535,7 +2375,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1100 + Line number: 963
    • @@ -2582,62 +2422,6 @@

    Container's or Pod's UID could clash with hos spec - initContainers[secret-init] - - securityContext - - runAsUser - - - -
  • - Line number: 1114 -
    • - - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 40] - - input - - spec - - template - - spec - initContainers[copyutil] securityContext @@ -2647,7 +2431,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 1400 + Line number: 1204
    @@ -2684,7 +2468,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 39] input @@ -2703,7 +2487,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1366 + Line number: 1170
    • @@ -2740,7 +2524,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 41] + [DocId: 40] input @@ -2759,7 +2543,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1739 + Line number: 1502
    • @@ -2796,7 +2580,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 41] input @@ -2815,7 +2599,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 2030 + Line number: 1734
    • diff --git a/docs/snyk/v2.7.17/argocd-test.html b/docs/snyk/v2.7.17/argocd-test.html new file mode 100644 index 0000000000000..f130f831d96d1 --- /dev/null +++ b/docs/snyk/v2.7.17/argocd-test.html @@ -0,0 +1,2957 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:21:51 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • +
    • /argo-cd/ui/yarn.lock (yarn)
      • +
    +
    + +
    +
    10 known vulnerabilities
    +
    106 vulnerable dependency paths
    +
    1755 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd ui/yarn.lock +
      • +
    • + Package Manager: npm +
      • +
    • + Vulnerable module: + + semver +
      • + +
    • Introduced through: + + + argo-cd-ui@1.0.0, superagent@8.0.9 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + argo-cd-ui@1.0.0 + + superagent@8.0.9 + + semver@7.3.8 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    semver is a semantic version parser used by npm.

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

    +

    PoC

    + 
    
+        const semver = require('semver')
+        const lengths_2 = [2000, 4000, 8000, 16000, 32000, 64000, 128000]
+        
+        console.log("n[+] Valid range - Test payloads")
+        for (let i = 0; i =1.2.3' + ' '.repeat(lengths_2[i]) + '<1.3.0';
+        const start = Date.now()
+        semver.validRange(value)
+        // semver.minVersion(value)
+        // semver.maxSatisfying(["1.2.3"], value)
+        // semver.minSatisfying(["1.2.3"], value)
+        // new semver.Range(value, {})
+        
+        const end = Date.now();
+        console.log('length=%d, time=%d ms', value.length, end - start);
+        }
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    Upgrade semver to version 5.7.2, 6.3.1, 7.5.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#a4dd357b057e + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.11.1 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.31.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@#16092bd1d58a + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.3.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.3.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Authentication Bypass by Capture-replay

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/r3labs/diff@1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.15.1 + + github.com/hashicorp/go-version@1.2.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.60.0 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/subscriptions@#f754726f03da + + github.com/argoproj/notifications-engine/pkg/services@#f754726f03da + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/gosimple/slug@1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.10.12/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html similarity index 72% rename from docs/snyk/v2.10.12/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html index 08149593d8ff7..2bc1adb34dcef 100644 --- a/docs/snyk/v2.10.12/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.7.17/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:24:16 am (UTC+00:00)

    +

    March 24th 2024, 12:21:56 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    52 known vulnerabilities
    -
    172 vulnerable dependency paths
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    786 dependencies

    @@ -655,7 +655,7 @@

    Remediation

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    References

    @@ -818,14 +818,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -904,7 +904,6 @@

    References

    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Heap-based Buffer Overflow

    @@ -1236,7 +1154,6 @@

    Remediation

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    References

    @@ -1386,13 +1303,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    References

    @@ -1545,19 +1462,18 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    References

    @@ -1708,21 +1624,20 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    References

    @@ -1877,14 +1792,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -2048,10 +1962,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2198,14 +2108,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2736,18 +2645,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -3656,74 +3560,6 @@

    Detailed paths

    More about this vulnerability

    -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -4367,12 +4203,12 @@

    References

    -
    -

    Out-of-bounds Write

    +
    +

    CVE-2023-6237

    -
    - medium severity +
    + low severity
    @@ -4384,12 +4220,12 @@

    Out-of-bounds Write

  • Vulnerable module: - busybox/busybox + openssl/libcrypto3
  • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    • @@ -4404,29 +4240,7 @@

    Detailed paths

    Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/busybox@1.36.1-r0 - - - - -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 + openssl/libcrypto3@3.1.1-r1 @@ -4435,9 +4249,9 @@

    Detailed paths

    Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - alpine-baselayout/alpine-baselayout@3.4.3-r1 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r0 + openssl/libcrypto3@3.1.1-r1 @@ -4447,72 +4261,8 @@

    Detailed paths

    docker-image|ghcr.io/dexidp/dex@v2.37.0 busybox/ssl_client@1.36.1-r0 - - - -
    • - - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/busybox@1.36.1-r0 + openssl/libcrypto3@3.1.1-r1 @@ -4521,11 +4271,11 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - alpine-baselayout/alpine-baselayout@3.4.3-r1 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r0 + openssl/libssl3@3.1.1-r1 - busybox/busybox@1.36.1-r0 + openssl/libcrypto3@3.1.1-r1 @@ -4534,7 +4284,7 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/busybox-binsh@1.36.1-r0 + openssl/libssl3@3.1.1-r1 @@ -4543,9 +4293,9 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - alpine-baselayout/alpine-baselayout@3.4.3-r1 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r0 + openssl/libssl3@3.1.1-r1 @@ -4555,6 +4305,8 @@

      Detailed paths

      docker-image|ghcr.io/dexidp/dex@v2.37.0 busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -4566,1024 +4318,14 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

      +

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html b/docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..4487d720d3a0c --- /dev/null +++ b/docs/snyk/v2.7.17/haproxy_2.6.14-alpine.html @@ -0,0 +1,1376 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:22:00 am (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.14-alpine (apk)
      • +
    +
    + +
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    +
    +
    +
    +
    +

    CVE-2023-5363

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

    +

    Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

    +

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    +

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

    +

    Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

    +

    Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

    +

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Check for Unusual or Exceptional Conditions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

    +

    While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

    +

    Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

    +

    An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

    +

    Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

    +

    Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

    +

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    +

    The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

    +

    The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-0727

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

    +

    Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

    +

    A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

    +

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

    +

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

    +

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-6237

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.10.12/quay.io_argoproj_argocd_v2.10.12.html b/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html similarity index 70% rename from docs/snyk/v2.10.12/quay.io_argoproj_argocd_v2.10.12.html rename to docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html index 3073477e09b4b..88785b4be1777 100644 --- a/docs/snyk/v2.10.12/quay.io_argoproj_argocd_v2.10.12.html +++ b/docs/snyk/v2.7.17/quay.io_argoproj_argocd_v2.7.17.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    June 30th 2024, 12:24:44 am (UTC+00:00)

    +

    March 24th 2024, 12:22:17 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.10.12/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.12//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.12/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.12/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.7.17/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    32 known vulnerabilities
    -
    198 vulnerable dependency paths
    -
    2278 dependencies
    +
    46 known vulnerabilities
    +
    224 vulnerable dependency paths
    +
    2070 dependencies
    @@ -481,7 +481,7 @@

    Snyk test report

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -492,7 +492,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm
  • Package Manager: golang @@ -500,12 +500,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + golang.org/x/net/http2/hpack
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + helm.sh/helm/v3@* and golang.org/x/net/http2/hpack@v0.5.0
    • @@ -518,18 +518,91 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - golang.org/x/net/http2@v0.19.0 + golang.org/x/net/http2/hpack@v0.5.0
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade golang.org/x/net/http2/hpack to version 0.7.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.17.0 + golang.org/x/net/http2@v0.5.0 @@ -542,50 +615,62 @@

      Detailed paths

      Overview

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) such that a maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.7.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2020-22916

    +
    +

    Denial of Service (DoS)

    -
    - medium severity +
    + high severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - xz-utils/liblzma5 + golang.org/x/net/http2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and xz-utils/liblzma5@5.2.5-2ubuntu1 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0
    @@ -598,9 +683,9 @@

    Detailed paths

    -
    -

    Resource Exhaustion

    +
    +

    Directory Traversal

    -
    - medium severity +
    + high severity
    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - openssl/libssl3 + github.com/cyphar/filepath-securejoin
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and openssl/libssl3@3.0.2-0ubuntu1.15 + helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3
    @@ -674,113 +764,99 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + helm.sh/helm/v3@* - openssl/libssl3@3.0.2-0ubuntu1.15 + github.com/cyphar/filepath-securejoin@v0.2.3
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

    +

    Note: + This vulnerability is only exploitable on Windows OS.

    +

    Details

    +

    A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

    +

    Directory Traversal vulnerabilities can be generally divided into two types:

    +
      +
    • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
      • +
    +

    st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

    +

    If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

    + 
    curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
+
    +

    Note %2e is the URL encoded version of . (dot).

    +
      +
    • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
      • +
    +

    One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

    +

    The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

    + 
    2018-04-15 22:04:29 .....           19           19  good.txt
+        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
+
    +

    Remediation

    +

    Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    • +
    +

    CVE-2020-22916

    +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssl@3.0.2-0ubuntu1.15 - - +
    + medium severity +
    -
    • +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + xz-utils/liblzma5 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and xz-utils/liblzma5@5.2.5-2ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -

    Information Exposure

    +

    CVE-2023-51767

    @@ -833,7 +904,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -841,12 +912,12 @@

      Information Exposure

    • Vulnerable module: - libgcrypt20 + openssh/openssh-client
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.6
    @@ -859,42 +930,118 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - libgcrypt20@1.9.4-3ubuntu3 + openssh/openssh-client@1:8.9p1-3ubuntu0.6
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - libgcrypt20@1.9.4-3ubuntu3 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 openssh.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    • +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libgcrypt20 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and libgcrypt20@1.9.4-3ubuntu3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + libgcrypt20@1.9.4-3ubuntu3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + libgcrypt20@1.9.4-3ubuntu3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnupg2/gpg@2.2.27-3ubuntu2.1 + + libgcrypt20@1.9.4-3ubuntu3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -903,9 +1050,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -916,7 +1063,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -929,7 +1076,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -942,7 +1089,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -955,7 +1102,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -968,7 +1115,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -981,7 +1128,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -994,11 +1141,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1024,7 +1171,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -1035,7 +1181,79 @@

    References

    -

    CVE-2024-26462

    +

    CVE-2022-48624

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + less +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and less@590-1ubuntu0.22.04.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + less@590-1ubuntu0.22.04.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 less to version 590-1ubuntu0.22.04.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-26461

    @@ -1046,7 +1264,7 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1059,7 +1277,7 @@

      CVE-2024-26462

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1072,7 +1290,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1081,11 +1299,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1102,11 +1320,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1125,7 +1343,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1134,11 +1352,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -1155,7 +1373,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1164,9 +1382,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1175,11 +1393,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1188,11 +1406,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1203,28 +1421,1116 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-26462

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + krb5/libk5crypto3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-26458

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + krb5/libk5crypto3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/internal/encoding/json@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Allocation of Resources Without Limits or Throttling

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.5.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/http2@v0.5.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

    +

    Note:

    +

    This issue is related to CVE-2023-44487

    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Authentication Bypass by Capture-replay

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + golang.org/x/crypto/ssh@v0.16.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.2 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 gnutls28.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Uncaught Exception

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + apt@2.4.11 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + gnupg2/dirmngr@2.2.27-3ubuntu2.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - pam/libpam-modules@1.4.0-11ubuntu2.4 + git@1:2.34.1-1ubuntu1.10 - libnsl/libnsl2@1.3.0-2build2 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + openldap/libldap-2.5-0@2.5.16+dfsg-0ubuntu0.22.04.2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 @@ -1236,27 +2542,28 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      +

      A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      +

      There is no fixed version for Ubuntu:22.04 gnutls28.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    LGPL-3.0 license

    +

    MPL-2.0 license

    @@ -1267,7 +2574,7 @@

    LGPL-3.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1275,12 +2582,12 @@

      LGPL-3.0 license

    • Module: - gopkg.in/retry.v1 + github.com/r3labs/diff
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
    @@ -1295,7 +2602,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - gopkg.in/retry.v1@v1.0.3 + github.com/r3labs/diff@v1.1.0 @@ -1306,12 +2613,12 @@

    Detailed paths

    -

    LGPL-3.0 license

    +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -1327,7 +2634,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1335,12 +2642,12 @@

      MPL-2.0 license

    • Module: - github.com/r3labs/diff + github.com/hashicorp/go-version
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1
    @@ -1355,7 +2662,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/r3labs/diff@v1.1.0 + github.com/hashicorp/go-version@v1.2.1 @@ -1371,7 +2678,7 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -1387,7 +2694,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1395,12 +2702,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-version + github.com/hashicorp/go-retryablehttp
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.0
    @@ -1415,7 +2722,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-version@v1.2.1 + github.com/hashicorp/go-retryablehttp@v0.7.0 @@ -1431,12 +2738,12 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Insertion of Sensitive Information into Log File

    +

    MPL-2.0 license

    @@ -1447,20 +2754,20 @@

    Insertion of Sensitive Information into Log File

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Vulnerable module: + Module: - github.com/hashicorp/go-retryablehttp + github.com/hashicorp/go-cleanhttp
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2
    @@ -1475,7 +2782,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-retryablehttp@v0.7.4 + github.com/hashicorp/go-cleanhttp@v0.5.2 @@ -1486,20 +2793,12 @@

    Detailed paths

    -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - +

    MPL-2.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -1515,7 +2814,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1523,12 +2822,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-retryablehttp + github.com/gosimple/slug
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1
    @@ -1543,7 +2842,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-retryablehttp@v0.7.4 + github.com/gosimple/slug@v1.13.1 @@ -1559,12 +2858,12 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    MPL-2.0 license

    +

    Denial of Service (DoS)

    @@ -1575,20 +2874,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.7.17/helm/v3 /usr/local/bin/helm
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-multierror + github.com/docker/distribution/registry/api/v2
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + helm.sh/helm/v3@* and github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible
    @@ -1603,7 +2902,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* - github.com/hashicorp/go-multierror@v1.1.1 + github.com/docker/distribution/registry/api/v2@v2.8.1+incompatible @@ -1614,17 +2913,26 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) due to improper validation of the value passed to the n parameter in the /v2/_catalog endpoint. + Exploiting this vulnerability is possible by sending a crafted malicious request to the /v2/_catalog API endpoint, which results in an allocation of a massive string array and excessive use of memory.

    +

    Remediation

    +

    Upgrade github.com/docker/distribution/registry/api/v2 to version 2.8.2-beta.1 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    MPL-2.0 license

    +

    Resource Exhaustion

    @@ -1635,21 +2943,21 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + expat/libexpat1
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others
    @@ -1661,9 +2969,11 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    CVE-2024-28757

    @@ -1695,21 +3017,21 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - github.com/gosimple/slug + expat/libexpat1
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others
    @@ -1721,9 +3043,11 @@

    Detailed paths

    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + bash +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and bash@5.1-6ubuntu1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + bash@5.1-6ubuntu1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream bash package and not the bash package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    A flaw was found in the bash package, where a heap-buffer overflow can occur in valid parameter_transform. This issue may lead to memory problems.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 bash to version 5.1-6ubuntu1.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    @@ -1755,7 +3164,7 @@

    CVE-2023-7008

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1768,7 +3177,7 @@

      CVE-2023-7008

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -1781,7 +3190,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1790,9 +3199,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1801,7 +3210,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 procps/libprocps8@2:3.3.17-6ubuntu2.1 @@ -1812,9 +3221,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1823,9 +3232,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux/bsdutils@1:2.37.2-4ubuntu3.4 + util-linux/bsdutils@1:2.37.2-4ubuntu3 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1834,11 +3243,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1847,7 +3256,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 systemd/libudev1@249.11-0ubuntu3.12 @@ -1856,7 +3265,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 libfido2/libfido2-1@1.10.0-1 @@ -1867,9 +3276,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 systemd/libudev1@249.11-0ubuntu3.12 @@ -1878,11 +3287,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libudev1@249.11-0ubuntu3.12 @@ -1907,126 +3316,20 @@

      References

    • https://access.redhat.com/security/cve/CVE-2023-7008
    • https://bugzilla.redhat.com/show_bug.cgi?id=2222261
    • https://bugzilla.redhat.com/show_bug.cgi?id=2222672
      • -
    • https://github.com/systemd/systemd/issues/25676
      • -
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/
      • -
    • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/
      • -
    • https://access.redhat.com/errata/RHSA-2024:2463
      • -
    • https://access.redhat.com/errata/RHSA-2024:3203
      • -
    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Arbitrary Code Injection

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - shadow/passwd -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.12 and shadow/passwd@1:4.8.1-2ubuntu2.2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - shadow/login@1:4.8.1-2ubuntu2.2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    -

    Remediation

    -

    There is no fixed version for Ubuntu:22.04 shadow.

    -

    References

    -
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Uncontrolled Recursion

    +

    Arbitrary Code Injection

    @@ -2037,7 +3340,7 @@

    Uncontrolled Recursion

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2045,12 +3348,12 @@

      Uncontrolled Recursion

    • Vulnerable module: - pcre3/libpcre3 + shadow/passwd
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -2063,20 +3366,40 @@

    Detailed paths

    -

    Release of Invalid Pointer or Reference

    +

    Improper Authentication

    @@ -2125,7 +3444,7 @@

    Release of Invalid Pointer or Reference

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2133,12 +3452,12 @@

      Release of Invalid Pointer or Reference

    • Vulnerable module: - patch + shadow/passwd
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and shadow/passwd@1:4.8.1-2ubuntu2.1
    @@ -2151,9 +3470,40 @@

    Detailed paths

    -

    Double Free

    +

    Uncontrolled Recursion

    @@ -2195,7 +3548,7 @@

    Double Free

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2203,12 +3556,12 @@

      Double Free

    • Vulnerable module: - patch + pcre3/libpcre3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    @@ -2221,9 +3574,20 @@

    Detailed paths

    -

    CVE-2024-2511

    +

    Release of Invalid Pointer or Reference

    @@ -2270,7 +3636,7 @@

    CVE-2024-2511

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2278,12 +3644,12 @@

      CVE-2024-2511

    • Vulnerable module: - openssl/libssl3 + patch
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and openssl/libssl3@3.0.2-0ubuntu1.15 + docker-image|quay.io/argoproj/argocd@v2.7.17 and patch@2.7.6-7build2
    @@ -2296,113 +3662,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssl@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ca-certificates@20230311ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssl@3.0.2-0ubuntu1.15 + patch@2.7.6-7build2 @@ -2414,46 +3676,26 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

      -

      Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

      -

      This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

      -

      This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

      +

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      There is no fixed version for Ubuntu:22.04 patch.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-4603

    +

    Double Free

    @@ -2464,7 +3706,7 @@

    CVE-2024-4603

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2472,12 +3714,12 @@

      CVE-2024-4603

    • Vulnerable module: - openssl/libssl3 + patch
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and openssl/libssl3@3.0.2-0ubuntu1.15 + docker-image|quay.io/argoproj/argocd@v2.7.17 and patch@2.7.6-7build2
    @@ -2485,118 +3727,14 @@

    CVE-2024-4603

    -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - openssl@3.0.2-0ubuntu1.15 - - +

      Detailed paths

      -
      • +
    -

    CVE-2024-4741

    +

    Improper Check for Unusual or Exceptional Conditions

    @@ -2666,7 +3781,7 @@

    CVE-2024-4741

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2679,7 +3794,7 @@

      CVE-2024-4741

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and openssl/libssl3@3.0.2-0ubuntu1.15 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2692,81 +3807,81 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssl/libssl3@3.0.2-0ubuntu1.15 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - openssl/libssl3@3.0.2-0ubuntu1.15 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 libfido2/libfido2-1@1.10.0-1 - openssl/libssl3@3.0.2-0ubuntu1.15 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - openssl/libssl3@3.0.2-0ubuntu1.15 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 ca-certificates@20230311ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.15 + openssl@3.0.2-0ubuntu1.13 - openssl/libssl3@3.0.2-0ubuntu1.15 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - openssl/libssl3@3.0.2-0ubuntu1.15 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -2778,27 +3893,27 @@

      Detailed paths

      krb5/libkrb5-3@1.19.2-2ubuntu0.3 - openssl/libssl3@3.0.2-0ubuntu1.15 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssl@3.0.2-0ubuntu1.15 + openssl@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 ca-certificates@20230311ubuntu0.22.04.1 - openssl@3.0.2-0ubuntu1.15 + openssl@3.0.2-0ubuntu1.13 @@ -2810,23 +3925,55 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 openssl.

      +

      Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-50495

    +

    Out-of-bounds Write

    @@ -2837,7 +3984,7 @@

    CVE-2023-50495

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2845,12 +3992,12 @@

      CVE-2023-50495

    • Vulnerable module: - ncurses/libtinfo6 + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -2863,200 +4010,113 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - procps@2:3.3.17-6ubuntu2.1 + libfido2/libfido2-1@1.10.0-1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - util-linux@2.37.2-4ubuntu3.4 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - ncurses/libtinfo6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - gnupg2/gpg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + ca-certificates@20230311ubuntu0.22.04.1 - readline/libreadline8@8.1.2-1 + openssl@3.0.2-0ubuntu1.13 - ncurses/libtinfo6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + git@1:2.34.1-1ubuntu1.10 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 - pinentry/pinentry-curses@1.1.1-1build2 + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + adduser@3.118ubuntu5 - procps@2:3.3.17-6ubuntu2.1 + shadow/passwd@1:4.8.1-2ubuntu2.1 - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + pam/libpam-modules@1.4.0-11ubuntu2.4 - gnupg2/gnupg@2.2.27-3ubuntu2.1 + libnsl/libnsl2@1.3.0-2build2 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - pinentry/pinentry-curses@1.1.1-1build2 + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + krb5/libkrb5-3@1.19.2-2ubuntu0.3 - ncurses/libncurses6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - procps@2:3.3.17-6ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/libncurses6@6.3-2ubuntu0.1 + openssl@3.0.2-0ubuntu1.13
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + ca-certificates@20230311ubuntu0.22.04.1 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + openssl@3.0.2-0ubuntu1.13 @@ -3068,29 +4128,57 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-45918

    +

    CVE-2023-6237

    @@ -3101,7 +4189,7 @@

    CVE-2023-45918

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3109,12 +4197,12 @@

      CVE-2023-45918

    • Vulnerable module: - ncurses/libtinfo6 + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -3124,203 +4212,116 @@

    CVE-2023-45918

    Detailed paths

    -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • +
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/libtinfo6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 - pinentry/pinentry-curses@1.1.1-1build2 + cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - ncurses/libtinfo6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/libncursesw6@6.3-2ubuntu0.1 + libfido2/libfido2-1@1.10.0-1 + + openssl/libssl3@3.0.2-0ubuntu1.13
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - procps@2:3.3.17-6ubuntu2.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - ncurses/libncursesw6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + ca-certificates@20230311ubuntu0.22.04.1 - pinentry/pinentry-curses@1.1.1-1build2 + openssl@3.0.2-0ubuntu1.13 - ncurses/libncursesw6@6.3-2ubuntu0.1 + openssl/libssl3@3.0.2-0ubuntu1.13
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/libncurses6@6.3-2ubuntu0.1 + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + openssl/libssl3@3.0.2-0ubuntu1.13
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - procps@2:3.3.17-6ubuntu2.1 + adduser@3.118ubuntu5 - ncurses/libncurses6@6.3-2ubuntu0.1 + shadow/passwd@1:4.8.1-2ubuntu2.1 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + openssl/libssl3@3.0.2-0ubuntu1.13
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/ncurses-base@6.3-2ubuntu0.1 + openssl@3.0.2-0ubuntu1.13
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + ca-certificates@20230311ubuntu0.22.04.1 + + openssl@3.0.2-0ubuntu1.13 @@ -3332,27 +4333,23 @@

        Detailed paths

        NVD Description

        -

        Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

        -

        ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

        +

        This vulnerability has not been analyzed by NVD yet.

        Remediation

        -

        There is no fixed version for Ubuntu:22.04 ncurses.

        +

        Upgrade Ubuntu:22.04 openssl to version 3.0.2-0ubuntu1.14 or higher.

        References

        -

        More about this vulnerability

        +

        More about this vulnerability

    -

    Resource Exhaustion

    +

    CVE-2024-0727

    @@ -3363,7 +4360,7 @@

    Resource Exhaustion

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3371,12 +4368,12 @@

      Resource Exhaustion

    • Vulnerable module: - libzstd/libzstd1 + openssl/libssl3
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and openssl/libssl3@3.0.2-0ubuntu1.13
    @@ -3389,9 +4386,113 @@

    Detailed paths

    -

    Integer Overflow or Wraparound

    +

    CVE-2023-50495

    @@ -3440,7 +4555,7 @@

    Integer Overflow or Wraparound

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3448,12 +4563,12 @@

      Integer Overflow or Wraparound

    • Vulnerable module: - krb5/libk5crypto3 + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -3466,159 +4581,200 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - adduser@3.118ubuntu5 + docker-image|quay.io/argoproj/argocd@v2.7.17 - shadow/passwd@1:4.8.1-2ubuntu2.2 + bash@5.1-6ubuntu1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncursesw6@6.3-2ubuntu0.1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + less@590-1ubuntu0.22.04.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - adduser@3.118ubuntu5 + libedit/libedit2@3.1-20210910-1build1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libncurses6@6.3-2ubuntu0.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + util-linux@2.37.2-4ubuntu3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - adduser@3.118ubuntu5 + gnupg2/gpg@2.2.27-3ubuntu2.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + readline/libreadline8@8.1.2-1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 + + procps@2:3.3.17-6ubuntu2.1 + + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/ncurses-base@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3630,30 +4786,29 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      +

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      +

      There is no fixed version for Ubuntu:22.04 ncurses.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26461

    +

    CVE-2023-45918

    @@ -3664,7 +4819,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3672,12 +4827,12 @@

      CVE-2024-26461

    • Vulnerable module: - krb5/libk5crypto3 + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -3690,159 +4845,271 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + bash@5.1-6ubuntu1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncursesw6@6.3-2ubuntu0.1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + less@590-1ubuntu0.22.04.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - adduser@3.118ubuntu5 + libedit/libedit2@3.1-20210910-1build1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libncurses6@6.3-2ubuntu0.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + util-linux@2.37.2-4ubuntu3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - adduser@3.118ubuntu5 + gnupg2/gpg@2.2.27-3ubuntu2.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + readline/libreadline8@8.1.2-1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + procps@2:3.3.17-6ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - git@1:2.34.1-1ubuntu1.11 + docker-image|quay.io/argoproj/argocd@v2.7.17 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.7.17 - pam/libpam-modules@1.4.0-11ubuntu2.4 + procps@2:3.3.17-6ubuntu2.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.7.17 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/ncurses-bin@6.3-2ubuntu0.1
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 ncurses.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Resource Exhaustion

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libzstd/libzstd1 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.7.17 and libzstd/libzstd1@1.4.8+dfsg-3build1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -

    CVE-2024-26458

    +

    Integer Overflow or Wraparound

    @@ -3885,7 +5158,7 @@

    CVE-2024-26458

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3898,7 +5171,7 @@

      CVE-2024-26458

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.7.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3911,7 +5184,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3920,11 +5193,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3941,11 +5214,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3964,7 +5237,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3973,11 +5246,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -3994,7 +5267,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4003,9 +5276,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4014,11 +5287,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4027,11 +5300,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -4042,11 +5315,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 adduser@3.118ubuntu5 - shadow/passwd@1:4.8.1-2ubuntu2.2 + shadow/passwd@1:4.8.1-2ubuntu2.1 pam/libpam-modules@1.4.0-11ubuntu2.4 @@ -4061,7 +5334,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -4077,20 +5350,23 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

      +

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      Remediation

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -4106,7 +5382,7 @@

    Out-of-bounds Write

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4119,7 +5395,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -4132,7 +5408,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4141,9 +5417,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4152,7 +5428,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4163,7 +5439,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4174,7 +5450,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4185,7 +5461,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4198,7 +5474,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4211,7 +5487,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4220,7 +5496,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4231,7 +5507,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4244,7 +5520,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4253,7 +5529,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4264,7 +5540,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4273,7 +5549,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4284,7 +5560,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4293,7 +5569,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4304,7 +5580,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4317,7 +5593,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4330,7 +5606,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4339,7 +5615,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4350,7 +5626,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4363,7 +5639,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4376,7 +5652,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4385,7 +5661,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4396,7 +5672,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4405,7 +5681,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4416,7 +5692,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4425,7 +5701,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4436,7 +5712,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4457,13 +5733,13 @@

      Remediation

      There is no fixed version for Ubuntu:22.04 gnupg2.

      References

      @@ -4485,7 +5761,7 @@

      Allocation of Resources Without Limits or Throttling

    • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4498,7 +5774,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and glibc/libc-bin@2.35-0ubuntu3.8 + docker-image|quay.io/argoproj/argocd@v2.7.17 and glibc/libc-bin@2.35-0ubuntu3.6
    @@ -4511,18 +5787,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - glibc/libc-bin@2.35-0ubuntu3.8 + glibc/libc-bin@2.35-0ubuntu3.6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - glibc/libc6@2.35-0ubuntu3.8 + glibc/libc6@2.35-0ubuntu3.6 @@ -4541,10 +5817,10 @@

      Remediation

      There is no fixed version for Ubuntu:22.04 glibc.

      References

      @@ -4566,7 +5842,7 @@

      Improper Input Validation

      • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -4580,7 +5856,7 @@

        Improper Input Validation

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12, git@1:2.34.1-1ubuntu1.11 and others + docker-image|quay.io/argoproj/argocd@v2.7.17, git@1:2.34.1-1ubuntu1.10 and others
      @@ -4592,31 +5868,31 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - git/git-man@1:2.34.1-1ubuntu1.11 + git/git-man@1:2.34.1-1ubuntu1.10
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 @@ -4635,8 +5911,8 @@

        Remediation

        There is no fixed version for Ubuntu:22.04 git.

        References

        @@ -4659,7 +5935,7 @@

        Uncontrolled Recursion

        • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -4672,7 +5948,7 @@

          Uncontrolled Recursion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.7.17 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
        @@ -4685,7 +5961,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4694,9 +5970,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4705,11 +5981,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4718,7 +5994,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4727,7 +6003,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 + docker-image|quay.io/argoproj/argocd@v2.7.17 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4774,7 +6050,7 @@

          Improper Input Validation

          • - Manifest file: quay.io/argoproj/argocd:v2.10.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.7.17/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -4787,7 +6063,7 @@

            Improper Input Validation

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.12 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.7.17 and coreutils@8.32-4.1ubuntu1
          @@ -4800,9 +6076,9 @@

          Detailed paths

    -
    - - - - - - - -
    Project docker-image|public.ecr.aws/docker/library/haproxy
    Path public.ecr.aws/docker/library/haproxy:2.6.17-alpine/docker/library/haproxy
    Package Manager apk
    -
    +
    -

    Use After Free

    +

    Out-of-bounds Write

    @@ -497,17 +489,17 @@

    Use After Free

    • - Package Manager: alpine:3.20 + Package Manager: alpine:3.19
    • Vulnerable module: - busybox/busybox + openssl/libcrypto3
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28 + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2
    @@ -520,181 +512,97 @@

    Detailed paths

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/busybox@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine - - alpine-baselayout/alpine-baselayout@3.6.5-r0 - - busybox/busybox-binsh@1.36.1-r28 + docker-image|redis@7.0.14-alpine - busybox/busybox@1.36.1-r28 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + .redis-rundeps@20231208.201137 - busybox/busybox-binsh@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - alpine-baselayout/alpine-baselayout@3.6.5-r0 + apk-tools/apk-tools@2.14.0-r5 - busybox/busybox-binsh@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - ca-certificates/ca-certificates@20240226-r0 + busybox/ssl_client@1.36.1-r15 - busybox/busybox-binsh@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.20 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and busybox/busybox@1.36.1-r28 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine - - busybox/busybox@1.36.1-r28 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + .redis-rundeps@20231208.201137 - alpine-baselayout/alpine-baselayout@3.6.5-r0 + openssl/libssl3@3.1.4-r2 - busybox/busybox-binsh@1.36.1-r28 - - busybox/busybox@1.36.1-r28 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/busybox-binsh@1.36.1-r28 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - alpine-baselayout/alpine-baselayout@3.6.5-r0 + .redis-rundeps@20231208.201137 - busybox/busybox-binsh@1.36.1-r28 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - ca-certificates/ca-certificates@20240226-r0 + apk-tools/apk-tools@2.14.0-r5 - busybox/busybox-binsh@1.36.1-r28 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine + + busybox/ssl_client@1.36.1-r15 - busybox/ssl_client@1.36.1-r28 + openssl/libssl3@3.1.4-r2 @@ -706,36 +614,67 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      Upgrade Alpine:3.20 busybox to version 1.36.1-r29 or higher.

      +

      Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-4741

    +
    +

    CVE-2024-0727

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.20 + Package Manager: alpine:3.19
    • Vulnerable module: @@ -745,7 +684,7 @@

      CVE-2024-4741

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2 + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2
    @@ -758,108 +697,97 @@

    Detailed paths

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - .haproxy-rundeps@20240524.005458 + .redis-rundeps@20231208.201137 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - apk-tools/apk-tools@2.14.4-r0 + apk-tools/apk-tools@2.14.0-r5 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 + busybox/ssl_client@1.36.1-r15 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - ca-certificates/ca-certificates@20240226-r0 + .redis-rundeps@20231208.201137 - openssl/libcrypto3@3.3.0-r2 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine - - .haproxy-rundeps@20240524.005458 + openssl/libssl3@3.1.4-r2 - openssl/libssl3@3.3.0-r2 - - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - .haproxy-rundeps@20240524.005458 + .redis-rundeps@20231208.201137 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - apk-tools/apk-tools@2.14.4-r0 + apk-tools/apk-tools@2.14.0-r5 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 + busybox/ssl_client@1.36.1-r15 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2 @@ -871,19 +799,46 @@

      Detailed paths

      NVD Description

      -

      This vulnerability has not been analyzed by NVD yet.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

      +

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

      +

      Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

      +

      A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

      +

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

      +

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

      +

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.20 openssl to version 3.3.0-r3 or higher.

      +

      Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-5535

    +

    CVE-2023-6237

    @@ -894,7 +849,7 @@

    CVE-2024-5535

    • - Package Manager: alpine:3.20 + Package Manager: alpine:3.19
    • Vulnerable module: @@ -904,7 +859,7 @@

      CVE-2024-5535

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine and openssl/libcrypto3@3.3.0-r2 + docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2
    @@ -917,108 +872,97 @@

    Detailed paths

    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - .haproxy-rundeps@20240524.005458 + .redis-rundeps@20231208.201137 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - apk-tools/apk-tools@2.14.4-r0 + apk-tools/apk-tools@2.14.0-r5 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 + busybox/ssl_client@1.36.1-r15 - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - ca-certificates/ca-certificates@20240226-r0 + .redis-rundeps@20231208.201137 - openssl/libcrypto3@3.3.0-r2 - - - -
      • -
    • - Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine - - .haproxy-rundeps@20240524.005458 + openssl/libssl3@3.1.4-r2 - openssl/libssl3@3.3.0-r2 - - openssl/libcrypto3@3.3.0-r2 + openssl/libcrypto3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - .haproxy-rundeps@20240524.005458 + .redis-rundeps@20231208.201137 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - apk-tools/apk-tools@2.14.4-r0 + apk-tools/apk-tools@2.14.0-r5 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2
    • Introduced through: - docker-image|public.ecr.aws/docker/library/haproxy@2.6.17-alpine + docker-image|redis@7.0.14-alpine - busybox/ssl_client@1.36.1-r28 + busybox/ssl_client@1.36.1-r15 - openssl/libssl3@3.3.0-r2 + openssl/libssl3@3.1.4-r2 @@ -1030,82 +974,14 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

      -

      Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

      -

      Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

      -

      The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

      -

      This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

      -

      In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

      -

      This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

      -

      The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

      -

      Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

      +

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

      -

      References

      - +

      Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/v2.12.0-rc2/argocd-iac-namespace-install.html b/docs/snyk/v2.8.13/argocd-iac-install.html similarity index 87% rename from docs/snyk/v2.12.0-rc2/argocd-iac-namespace-install.html rename to docs/snyk/v2.8.13/argocd-iac-install.html index ddbaf8c863e38..8e0c8abdd40c3 100644 --- a/docs/snyk/v2.12.0-rc2/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.8.13/argocd-iac-install.html @@ -456,17 +456,17 @@

    Snyk test report

    -

    June 30th 2024, 12:21:24 am (UTC+00:00)

    +

    March 24th 2024, 12:21:30 am (UTC+00:00)

    Scanned the following path:
      -
    • /argo-cd/manifests/namespace-install.yaml (Kubernetes)
      • +
    • /argo-cd/manifests/install.yaml (Kubernetes)
    -
    43 total issues
    +
    38 total issues
    @@ -475,8 +475,8 @@

    Snyk test report

    - - + +
    Project manifests/namespace-install.yaml
    Path /argo-cd/manifests/namespace-install.yaml
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    @@ -498,7 +498,7 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 7] + [DocId: 10] rules[0] @@ -507,7 +507,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 77 + Line number: 18466
    • @@ -544,7 +544,7 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 8] + [DocId: 11] rules[4] @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 162 + Line number: 18543
    • @@ -590,7 +590,7 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 9] + [DocId: 12] rules[0] @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 190 + Line number: 18571
    • @@ -636,7 +636,7 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 10] + [DocId: 13] rules[1] @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 220 + Line number: 18601
    • @@ -682,7 +682,7 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 10] + [DocId: 13] rules[3] @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 238 + Line number: 18619
    • @@ -728,7 +728,7 @@

    Role or ClusterRole with dangerous permissions

  • Introduced through: - [DocId: 11] + [DocId: 14] rules[0] @@ -737,53 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 256 -
    • - - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 278 + Line number: 18635
    @@ -820,59 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 39] - - spec - - template - - spec - - initContainers[secret-init] - - imagePullPolicy - -
    • - -
  • - Line number: 1112 -
    • - - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 45] spec @@ -887,7 +789,7 @@

      Container could be running with outdated image

    • - Line number: 1411 + Line number: 19761
    @@ -924,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 41] input @@ -945,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 673 + Line number: 19118
    • @@ -982,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 42] input @@ -1003,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 924 + Line number: 19351
    • @@ -1040,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 42] input @@ -1061,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 890 + Line number: 19317
    • @@ -1098,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 43] input @@ -1119,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 984 + Line number: 19411
    • @@ -1156,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 44] input @@ -1177,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 1083 + Line number: 19504
    • @@ -1214,65 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - cpu - -
    • - -
  • - Line number: 1107 -
    • - - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 45] input @@ -1293,7 +1137,7 @@

      Container has no CPU limit

    • - Line number: 1411 + Line number: 19761
    @@ -1330,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 45] input @@ -1351,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1164 + Line number: 19561
    • @@ -1388,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 41] + [DocId: 46] input @@ -1409,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1496 + Line number: 19846
    • @@ -1446,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 47] input @@ -1467,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1847 + Line number: 20168
    • @@ -1504,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 37] + [DocId: 42] spec @@ -1519,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 904 + Line number: 19331
    • @@ -1556,7 +1400,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 36] + [DocId: 41] spec @@ -1571,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 673 + Line number: 19118
    • @@ -1608,7 +1452,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 42] spec @@ -1623,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 890 + Line number: 19317
    • @@ -1660,7 +1504,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 39] + [DocId: 44] spec @@ -1675,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 1083 + Line number: 19504
    • @@ -1712,7 +1556,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 41] input @@ -1733,7 +1577,7 @@

    Container is running without memory limit

  • - Line number: 673 + Line number: 19118
    • @@ -1770,7 +1614,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 42] input @@ -1791,7 +1635,7 @@

    Container is running without memory limit

  • - Line number: 890 + Line number: 19317
    • @@ -1828,7 +1672,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 42] input @@ -1849,7 +1693,7 @@

    Container is running without memory limit

  • - Line number: 924 + Line number: 19351
    • @@ -1886,7 +1730,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 43] input @@ -1907,7 +1751,7 @@

    Container is running without memory limit

  • - Line number: 984 + Line number: 19411
    • @@ -1944,7 +1788,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 44] input @@ -1965,65 +1809,7 @@

    Container is running without memory limit

  • - Line number: 1083 -
    • - - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1107 + Line number: 19504
    @@ -2060,7 +1846,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 45] input @@ -2081,7 +1867,7 @@

    Container is running without memory limit

  • - Line number: 1411 + Line number: 19761
    • @@ -2118,7 +1904,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 45] input @@ -2139,7 +1925,7 @@

    Container is running without memory limit

  • - Line number: 1164 + Line number: 19561
    • @@ -2176,7 +1962,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 41] + [DocId: 46] input @@ -2197,7 +1983,7 @@

    Container is running without memory limit

  • - Line number: 1496 + Line number: 19846
    • @@ -2234,7 +2020,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 47] input @@ -2255,7 +2041,7 @@

    Container is running without memory limit

  • - Line number: 1847 + Line number: 20168
    • @@ -2292,7 +2078,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 41] input @@ -2311,7 +2097,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 814 + Line number: 19241
    • @@ -2348,7 +2134,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 42] input @@ -2367,7 +2153,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 932 + Line number: 19359
    • @@ -2404,7 +2190,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 42] input @@ -2423,7 +2209,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 907 + Line number: 19334
    • @@ -2460,7 +2246,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 43] input @@ -2479,7 +2265,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1017 + Line number: 19438
    • @@ -2516,7 +2302,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 44] input @@ -2535,63 +2321,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1100 -
    • - - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1114 + Line number: 19514
    @@ -2628,7 +2358,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 45] input @@ -2647,7 +2377,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1418 + Line number: 19768
    • @@ -2684,7 +2414,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 45] input @@ -2703,7 +2433,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1384 + Line number: 19734
    • @@ -2740,7 +2470,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 41] + [DocId: 46] input @@ -2759,7 +2489,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1757 + Line number: 20078
    • @@ -2796,7 +2526,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 47] input @@ -2815,7 +2545,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 2048 + Line number: 20316
    • diff --git a/docs/snyk/v2.11.3/argocd-iac-namespace-install.html b/docs/snyk/v2.8.13/argocd-iac-namespace-install.html similarity index 87% rename from docs/snyk/v2.11.3/argocd-iac-namespace-install.html rename to docs/snyk/v2.8.13/argocd-iac-namespace-install.html index e29b2d961e25c..17296cd003c37 100644 --- a/docs/snyk/v2.11.3/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.8.13/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:23:56 am (UTC+00:00)

    +

    March 24th 2024, 12:21:38 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    43 total issues
    +
    38 total issues

    @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 162 + Line number: 154
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 190 + Line number: 182
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 220 + Line number: 212
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 238 + Line number: 230
    • @@ -737,53 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 256 -
    • - - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 278 + Line number: 246
    @@ -820,59 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 39] - - spec - - template - - spec - - initContainers[secret-init] - - imagePullPolicy - -
    • - -
  • - Line number: 1112 -
    • - - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 38] spec @@ -887,7 +789,7 @@

      Container could be running with outdated image

    • - Line number: 1399 + Line number: 1267
    @@ -924,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -945,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 673 + Line number: 624
    • @@ -982,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1003,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 924 + Line number: 857
    • @@ -1040,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1061,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 890 + Line number: 823
    • @@ -1098,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -1119,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 984 + Line number: 917
    • @@ -1156,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -1177,65 +1079,7 @@

    Container has no CPU limit

  • - Line number: 1083 -
    • - - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - cpu - -
      • - -
    • - Line number: 1107 + Line number: 1010
    @@ -1272,7 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -1293,7 +1137,7 @@

    Container has no CPU limit

  • - Line number: 1399 + Line number: 1267
    • @@ -1330,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -1351,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1164 + Line number: 1067
    • @@ -1388,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -1409,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1484 + Line number: 1352
    • @@ -1446,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -1467,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1835 + Line number: 1674
    • @@ -1504,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 37] + [DocId: 35] spec @@ -1519,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 904 + Line number: 837
    • @@ -1556,7 +1400,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 36] + [DocId: 34] spec @@ -1571,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 673 + Line number: 624
    • @@ -1608,7 +1452,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 35] spec @@ -1623,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 890 + Line number: 823
    • @@ -1660,7 +1504,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 39] + [DocId: 37] spec @@ -1675,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 1083 + Line number: 1010
    • @@ -1712,7 +1556,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -1733,7 +1577,7 @@

    Container is running without memory limit

  • - Line number: 673 + Line number: 624
    • @@ -1770,7 +1614,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1791,7 +1635,7 @@

    Container is running without memory limit

  • - Line number: 890 + Line number: 823
    • @@ -1828,7 +1672,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1849,7 +1693,7 @@

    Container is running without memory limit

  • - Line number: 924 + Line number: 857
    • @@ -1886,7 +1730,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -1907,7 +1751,7 @@

    Container is running without memory limit

  • - Line number: 984 + Line number: 917
    • @@ -1944,7 +1788,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -1965,7 +1809,7 @@

    Container is running without memory limit

  • - Line number: 1083 + Line number: 1010
    • @@ -2002,65 +1846,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - memory - -
    • - -
  • - Line number: 1107 -
    • - - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2081,7 +1867,7 @@

      Container is running without memory limit

    • - Line number: 1399 + Line number: 1267
    @@ -2118,7 +1904,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2139,7 +1925,7 @@

    Container is running without memory limit

  • - Line number: 1164 + Line number: 1067
    • @@ -2176,7 +1962,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -2197,7 +1983,7 @@

    Container is running without memory limit

  • - Line number: 1484 + Line number: 1352
    • @@ -2234,7 +2020,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -2255,7 +2041,7 @@

    Container is running without memory limit

  • - Line number: 1835 + Line number: 1674
    • @@ -2292,7 +2078,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -2311,7 +2097,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 814 + Line number: 747
    • @@ -2348,7 +2134,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -2367,7 +2153,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 932 + Line number: 865
    • @@ -2404,7 +2190,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -2423,7 +2209,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 907 + Line number: 840
    • @@ -2460,7 +2246,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -2479,7 +2265,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1017 + Line number: 944
    • @@ -2516,7 +2302,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -2535,63 +2321,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1100 -
    • - - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - securityContext - - runAsUser - -
      • - -
    • - Line number: 1114 + Line number: 1020
    @@ -2628,7 +2358,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2647,7 +2377,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1406 + Line number: 1274
    • @@ -2684,7 +2414,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2703,7 +2433,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1372 + Line number: 1240
    • @@ -2740,7 +2470,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -2759,7 +2489,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1745 + Line number: 1584
    • @@ -2796,7 +2526,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -2815,7 +2545,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 2036 + Line number: 1822
    • diff --git a/docs/snyk/v2.8.13/argocd-test.html b/docs/snyk/v2.8.13/argocd-test.html new file mode 100644 index 0000000000000..8f02f01423f2f --- /dev/null +++ b/docs/snyk/v2.8.13/argocd-test.html @@ -0,0 +1,3027 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:19:50 am (UTC+00:00)

    +
    +
    + Scanned the following paths: +
      +
    • /argo-cd/argoproj/argo-cd/v2/go.mod (gomodules)
      • +
    • /argo-cd/ui/yarn.lock (yarn)
      • +
    +
    + +
    +
    12 known vulnerabilities
    +
    108 vulnerable dependency paths
    +
    1856 dependencies
    +
    +
    +
    +
    + +
    +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/coreos/go-oidc/v3/oidc@3.6.0 + + github.com/go-jose/go-jose/v3@3.0.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    LGPL-3.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + gopkg.in/retry.v1 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/Azure/kubelogin/pkg/token@0.0.20 + + gopkg.in/retry.v1@1.0.3 + + + +
      • +
    + +
    + +
    + +

    LGPL-3.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/internal/encoding/json +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/pkg/grpc/http@#d56162821bd1 + + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 + + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.7.0 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/reflection@1.58.3 + + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + google.golang.org/grpc/health@1.58.3 + + google.golang.org/grpc/health/grpc_health_v1@1.58.3 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 + + google.golang.org/grpc@1.58.3 + + google.golang.org/grpc/internal/transport@1.58.3 + + google.golang.org/grpc/internal/pretty@1.58.3 + + github.com/golang/protobuf/jsonpb@1.4.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Authentication Bypass by Capture-replay

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/crypto/ssh +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/r3labs/diff +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/r3labs/diff@1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/r3labs/diff@1.1.0 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-version +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, code.gitea.io/sdk/gitea@0.15.1 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + code.gitea.io/sdk/gitea@0.15.1 + + github.com/hashicorp/go-version@1.2.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/hashicorp/go-retryablehttp@0.7.4 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/xanzy/go-gitlab@0.86.0 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 + + github.com/hashicorp/go-retryablehttp@0.7.4 + + github.com/hashicorp/go-cleanhttp@0.5.2 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/gosimple/slug +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/gosimple/slug@1.13.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/gosimple/slug@1.13.1 + + + +
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Handling of Highly Compressed Data (Data Amplification)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/coreos/go-oidc/v3/oidc@3.6.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/coreos/go-oidc/v3/oidc@3.6.0 + + github.com/go-jose/go-jose/v3@3.0.0 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.9.17/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html similarity index 72% rename from docs/snyk/v2.9.17/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html index 25dd61af3cb6a..24a737a6ba12f 100644 --- a/docs/snyk/v2.9.17/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.8.13/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:26:51 am (UTC+00:00)

    +

    March 24th 2024, 12:19:56 am (UTC+00:00)

    Scanned the following paths: @@ -469,8 +469,8 @@

    Snyk test report

    -
    52 known vulnerabilities
    -
    172 vulnerable dependency paths
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    786 dependencies

    @@ -655,7 +655,7 @@

    Remediation

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    References

    @@ -818,14 +818,14 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    References

    @@ -904,7 +904,6 @@

    References

    -
    -
    -

    Allocation of Resources Without Limits or Throttling

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - golang.org/x/net/http2@v0.7.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.11.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    Heap-based Buffer Overflow

    @@ -1236,7 +1154,6 @@

    Remediation

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    References

    @@ -1386,13 +1303,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    References

    @@ -1545,19 +1462,18 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    References

    @@ -1708,21 +1624,20 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    References

    @@ -1877,14 +1792,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    References

    @@ -2048,10 +1962,6 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • -
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • -
  • http://www.openwall.com/lists/oss-security/2024/03/11/1
    • -
  • https://security.netapp.com/advisory/ntap-20240503-0011/
    • @@ -2198,14 +2108,13 @@

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    References

    @@ -2736,18 +2645,13 @@

    References

  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
    • -
  • GitHub Commit
    • -
  • GitHub Commit
  • GitHub Commit
  • GitHub Commit
  • GitHub Issue
  • GitHub Issue
    • -
  • GitHub PR
  • Go Forum
  • Google Groups Forum
    • -
  • Jenkins Advisory
  • Security Release
    • -
  • Nuclei Templates
    • @@ -3656,74 +3560,6 @@

    Detailed paths

    More about this vulnerability

    -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/hairyhenderson/gomplate/v3@* - - github.com/hashicorp/go-retryablehttp@v0.7.1 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -4367,12 +4203,12 @@

    References

    -
    -

    Out-of-bounds Write

    +
    +

    CVE-2023-6237

    -
    - medium severity +
    + low severity
    @@ -4384,12 +4220,12 @@

    Out-of-bounds Write

  • Vulnerable module: - busybox/busybox + openssl/libcrypto3
  • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    • @@ -4404,29 +4240,7 @@

    Detailed paths

    Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/busybox@1.36.1-r0 - - - - -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 + openssl/libcrypto3@3.1.1-r1 @@ -4435,9 +4249,9 @@

    Detailed paths

    Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - alpine-baselayout/alpine-baselayout@3.4.3-r1 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r0 + openssl/libcrypto3@3.1.1-r1 @@ -4447,72 +4261,8 @@

    Detailed paths

    docker-image|ghcr.io/dexidp/dex@v2.37.0 busybox/ssl_client@1.36.1-r0 - - - -
    • - - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/busybox@1.36.1-r0 + openssl/libcrypto3@3.1.1-r1 @@ -4521,11 +4271,11 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - alpine-baselayout/alpine-baselayout@3.4.3-r1 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r0 + openssl/libssl3@3.1.1-r1 - busybox/busybox@1.36.1-r0 + openssl/libcrypto3@3.1.1-r1 @@ -4534,7 +4284,7 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/busybox-binsh@1.36.1-r0 + openssl/libssl3@3.1.1-r1 @@ -4543,9 +4293,9 @@

      Detailed paths

      Introduced through: docker-image|ghcr.io/dexidp/dex@v2.37.0 - alpine-baselayout/alpine-baselayout@3.4.3-r1 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r0 + openssl/libssl3@3.1.1-r1 @@ -4555,6 +4305,8 @@

      Detailed paths

      docker-image|ghcr.io/dexidp/dex@v2.37.0 busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -4566,1024 +4318,14 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

      +

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.37.0 - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    More about this vulnerability

    +

    More about this vulnerability

    diff --git a/docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html b/docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..b2b3a76ed356e --- /dev/null +++ b/docs/snyk/v2.8.13/haproxy_2.6.14-alpine.html @@ -0,0 +1,1376 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:20:01 am (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.14-alpine (apk)
      • +
    +
    + +
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    +
    +
    +
    +
    +

    CVE-2023-5363

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

    +

    Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

    +

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    +

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

    +

    Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

    +

    Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

    +

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Check for Unusual or Exceptional Conditions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

    +

    While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

    +

    Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

    +

    An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

    +

    Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

    +

    Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

    +

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    +

    The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

    +

    The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-0727

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

    +

    Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

    +

    A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

    +

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

    +

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

    +

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-6237

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html b/docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html similarity index 82% rename from docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html rename to docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html index 92cf1cc8ef68b..01078e7e7a861 100644 --- a/docs/snyk/v2.9.17/quay.io_argoproj_argocd_v2.9.17.html +++ b/docs/snyk/v2.8.13/quay.io_argoproj_argocd_v2.8.13.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    June 30th 2024, 12:27:18 am (UTC+00:00)

    +

    March 24th 2024, 12:20:18 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.9.17/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.17//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.17/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.17/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.13/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    33 known vulnerabilities
    -
    199 vulnerable dependency paths
    -
    2190 dependencies
    +
    39 known vulnerabilities
    +
    182 vulnerable dependency paths
    +
    2120 dependencies
    @@ -492,7 +492,7 @@

    Denial of Service (DoS)

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm
    • Package Manager: golang @@ -500,12 +500,12 @@

      Denial of Service (DoS)

    • Vulnerable module: - google.golang.org/grpc + golang.org/x/net/http2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0
    @@ -518,9 +518,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - google.golang.org/grpc@v1.56.2 + golang.org/x/net/http2@v0.8.0 @@ -532,15 +532,14 @@

      Detailed paths

      Overview

      -

      google.golang.org/grpc is a Go implementation of gRPC

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

      Remediation

      -

      Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      References

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -574,7 +573,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -582,12 +581,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + github.com/go-jose/go-jose/v3
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0
    • @@ -602,16 +601,87 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.19.0 + github.com/go-jose/go-jose/v3@v3.0.0 + + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Directory Traversal

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/cyphar/filepath-securejoin +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.17.0 + github.com/cyphar/filepath-securejoin@v0.2.3 @@ -623,22 +693,41 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

      +

      Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

      +

      Note: + This vulnerability is only exploitable on Windows OS.

      +

      Details

      +

      A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

      +

      Directory Traversal vulnerabilities can be generally divided into two types:

      +
        +
      • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
        • +
      +

      st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

      +

      If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

      + 
      curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
+
      +

      Note %2e is the URL encoded version of . (dot).

      +
        +
      • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
        • +
      +

      One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

      +

      The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

      + 
      2018-04-15 22:04:29 .....           19           19  good.txt
+        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
+

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      +

      Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -654,7 +743,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -667,7 +756,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -680,7 +769,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -719,7 +808,7 @@

      References

    -

    Resource Exhaustion

    +

    CVE-2023-51767

    @@ -730,7 +819,7 @@

    Resource Exhaustion

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -738,12 +827,12 @@

      Resource Exhaustion

    • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and openssl/libssl3@3.0.2-0ubuntu1.15 + docker-image|quay.io/argoproj/argocd@v2.8.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.6
    @@ -756,113 +845,9 @@

    Detailed paths

    @@ -915,7 +895,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -928,7 +908,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and libgcrypt20@1.9.4-3ubuntu3
    @@ -941,7 +921,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 libgcrypt20@1.9.4-3ubuntu3 @@ -950,7 +930,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -961,7 +941,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -972,11 +952,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -985,9 +965,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -998,7 +978,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1011,7 +991,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1024,7 +1004,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1037,7 +1017,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1050,7 +1030,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1063,7 +1043,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1076,11 +1056,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1106,7 +1086,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -1117,7 +1096,7 @@

    References

    -

    CVE-2024-26462

    +

    CVE-2024-26461

    @@ -1128,7 +1107,7 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1141,7 +1120,7 @@

      CVE-2024-26462

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1154,7 +1133,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1163,7 +1142,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1184,7 +1163,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1207,7 +1186,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1216,7 +1195,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1237,7 +1216,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1246,9 +1225,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1257,11 +1236,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1270,11 +1249,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1285,7 +1264,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -1304,7 +1283,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1320,25 +1299,24 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      +

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

      Remediation

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    LGPL-3.0 license

    +

    CVE-2024-26462

    @@ -1349,20 +1327,20 @@

    LGPL-3.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - gopkg.in/retry.v1 + krb5/libk5crypto3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1375,90 +1353,410 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.8.13 - gopkg.in/retry.v1@v1.0.3 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.8.13 - github.com/r3labs/diff@v1.1.0 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
      • -
    - -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 + + + +
    • + + +
    -

    MPL-2.0 license

    +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    MPL-2.0 license

    +

    CVE-2024-26458

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + krb5/libk5crypto3 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    LGPL-3.0 license

    @@ -1469,7 +1767,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1477,12 +1775,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-version + gopkg.in/retry.v1
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 + github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
    @@ -1497,7 +1795,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-version@v1.2.1 + gopkg.in/retry.v1@v1.0.3 @@ -1508,17 +1806,17 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    LGPL-3.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Insertion of Sensitive Information into Log File

    +

    Infinite loop

    @@ -1529,7 +1827,7 @@

    Insertion of Sensitive Information into Log File

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1537,12 +1835,12 @@

      Insertion of Sensitive Information into Log File

    • Vulnerable module: - github.com/hashicorp/go-retryablehttp + google.golang.org/protobuf/internal/encoding/json
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0
    @@ -1557,7 +1855,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-retryablehttp@v0.7.4 + google.golang.org/protobuf/internal/encoding/json@v1.31.0 @@ -1569,24 +1867,27 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    MPL-2.0 license

    +

    Stack-based Buffer Overflow

    @@ -1597,20 +1898,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-retryablehttp + google.golang.org/protobuf/encoding/protojson
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0
    @@ -1625,7 +1926,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-retryablehttp@v0.7.4 + google.golang.org/protobuf/encoding/protojson@v1.31.0 @@ -1636,17 +1937,25 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    MPL-2.0 license

    +

    Infinite loop

    @@ -1657,20 +1966,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-multierror + google.golang.org/protobuf/encoding/protojson
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0
    @@ -1683,9 +1992,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-multierror@v1.1.1 + google.golang.org/protobuf/encoding/protojson@v1.31.0 @@ -1696,17 +2005,28 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      Overview

      +

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      +

      Note:

      +

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      +

      Remediation

      +

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Allocation of Resources Without Limits or Throttling

    @@ -1717,20 +2037,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + golang.org/x/net/http2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0
    @@ -1743,9 +2063,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - github.com/hashicorp/go-cleanhttp@v0.5.2 + golang.org/x/net/http2@v0.8.0 @@ -1756,17 +2076,29 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      Overview

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

      +

      Note:

      +

      This issue is related to CVE-2023-44487

      +

      Remediation

      +

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Authentication Bypass by Capture-replay

    @@ -1777,20 +2109,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/gosimple/slug + golang.org/x/crypto/ssh
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0
    @@ -1805,7 +2137,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/gosimple/slug@v1.13.1 + golang.org/x/crypto/ssh@v0.16.0 @@ -1816,28 +2148,61 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-7008

    +
    +

    Information Exposure

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1845,12 +2210,12 @@

      CVE-2023-7008

    • Vulnerable module: - systemd/libsystemd0 + gnutls28/libgnutls30
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -1863,110 +2228,74 @@

    Detailed paths

    -
    -

    Arbitrary Code Injection

    +
    +

    Uncaught Exception

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2023,12 +2348,12 @@

      Arbitrary Code Injection

    • Vulnerable module: - shadow/passwd + gnutls28/libgnutls30
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -2041,40 +2366,74 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - adduser@3.118ubuntu5 + apt@2.4.11 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - shadow/login@1:4.8.1-2ubuntu2.2 + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 @@ -2086,53 +2445,52 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

      +

      A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 shadow.

      +

      There is no fixed version for Ubuntu:22.04 gnutls28.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Uncontrolled Recursion

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - pcre3/libpcre3 + github.com/r3labs/diff
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
    @@ -2145,20 +2503,9 @@

    Detailed paths

    -
    -

    Release of Invalid Pointer or Reference

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - patch + github.com/hashicorp/go-version
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and patch@2.7.6-7build2 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1
    @@ -2233,9 +2563,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + github.com/argoproj/argo-cd/v2@* - patch@2.7.6-7build2 + github.com/hashicorp/go-version@v1.2.1 @@ -2246,51 +2576,41 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 patch.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Double Free

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - patch + github.com/hashicorp/go-retryablehttp
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and patch@2.7.6-7build2 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4
    @@ -2303,9 +2623,9 @@

    Detailed paths

    -
    -

    CVE-2024-2511

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/helm/v3 /usr/local/bin/helm
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - openssl/libssl3 + github.com/hashicorp/go-multierror
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and openssl/libssl3@3.0.2-0ubuntu1.15 + helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
    @@ -2378,113 +2683,69 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + helm.sh/helm/v3@* - openssl/libssl3@3.0.2-0ubuntu1.15 + github.com/hashicorp/go-multierror@v1.1.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    + +

    MPL-2.0 license

    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    +

    More about this vulnerability

    +
    + +
    • +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + +
      • +
    + +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - openssl@3.0.2-0ubuntu1.15 - - +

    Detailed paths

    -
    • +
    -
    -

    CVE-2024-4603

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - openssl/libssl3 + github.com/gosimple/slug
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and openssl/libssl3@3.0.2-0ubuntu1.15 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1
    @@ -2572,113 +2803,69 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + github.com/argoproj/argo-cd/v2@* - openssl/libssl3@3.0.2-0ubuntu1.15 + github.com/gosimple/slug@v1.13.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    + +

    MPL-2.0 license

    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    • +
    +

    Improper Handling of Highly Compressed Data (Data Amplification)

    +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - openssl@3.0.2-0ubuntu1.15 - - +
    + medium severity +
    -
    • +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -
    -

    CVE-2024-4741

    +
    +

    Out-of-bounds Write

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2756,12 +2914,12 @@

      CVE-2024-4741

    • Vulnerable module: - openssl/libssl3 + bash
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and openssl/libssl3@3.0.2-0ubuntu1.15 + docker-image|quay.io/argoproj/argocd@v2.8.13 and bash@5.1-6ubuntu1
    @@ -2769,118 +2927,14 @@

    CVE-2024-4741

    -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - openssl@3.0.2-0ubuntu1.15 - - - -
      • +

      Detailed paths

      + +
    -

    CVE-2023-50495

    +

    CVE-2023-7008

    @@ -2919,7 +2976,7 @@

    CVE-2023-50495

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2927,12 +2984,12 @@

      CVE-2023-50495

    • Vulnerable module: - ncurses/libtinfo6 + systemd/libsystemd0
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2945,200 +3002,110 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + apt@2.4.11 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - procps@2:3.3.17-6ubuntu2.1 + procps/libprocps8@2:3.3.17-6ubuntu2.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 - readline/libreadline8@8.1.2-1 + util-linux/bsdutils@1:2.37.2-4ubuntu3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + apt@2.4.11 - pinentry/pinentry-curses@1.1.1-1build2 + apt/libapt-pkg6.0@2.4.11 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - ncurses/libncursesw6@6.3-2ubuntu0.1 + systemd/libudev1@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - procps@2:3.3.17-6ubuntu2.1 + libfido2/libfido2-1@1.10.0-1 - ncurses/libncursesw6@6.3-2ubuntu0.1 + systemd/libudev1@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + util-linux@2.37.2-4ubuntu3 - ncurses/libncurses6@6.3-2ubuntu0.1 + systemd/libudev1@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - procps@2:3.3.17-6ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + apt@2.4.11 - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + apt/libapt-pkg6.0@2.4.11 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + systemd/libudev1@249.11-0ubuntu3.12 @@ -3150,29 +3117,31 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      +

      A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 systemd.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-45918

    +

    Arbitrary Code Injection

    @@ -3183,7 +3152,7 @@

    CVE-2023-45918

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3191,12 +3160,12 @@

      CVE-2023-45918

    • Vulnerable module: - ncurses/libtinfo6 + shadow/passwd
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -3209,200 +3178,201 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - ncurses/libtinfo6@6.3-2ubuntu0.1 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - bash@5.1-6ubuntu1.1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - ncurses/libncursesw6@6.3-2ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - ncurses/libtinfo6@6.3-2ubuntu0.1 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - less@590-1ubuntu0.22.04.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 - ncurses/libtinfo6@6.3-2ubuntu0.1 + shadow/login@1:4.8.1-2ubuntu2.2
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    • +
    +

    Uncontrolled Recursion

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + pcre3/libpcre3 +
      • - -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    • Introduced through: -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - + docker-image|quay.io/argoproj/argocd@v2.8.13 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - +
      • +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - +
    -
    • + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - ncurses/libncurses6@6.3-2ubuntu0.1 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - procps@2:3.3.17-6ubuntu2.1 + grep@3.7-1build1 - ncurses/libncurses6@6.3-2ubuntu0.1 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - +
    - +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 pcre3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Release of Invalid Pointer or Reference

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + patch +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and patch@2.7.6-7build2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -

    Resource Exhaustion

    +

    Double Free

    @@ -3445,7 +3414,7 @@

    Resource Exhaustion

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3453,12 +3422,12 @@

      Resource Exhaustion

    • Vulnerable module: - libzstd/libzstd1 + patch
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and patch@2.7.6-7build2
    @@ -3471,9 +3440,9 @@

    Detailed paths

    -

    Integer Overflow or Wraparound

    +

    CVE-2023-50495

    @@ -3522,7 +3489,7 @@

    Integer Overflow or Wraparound

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3530,12 +3497,12 @@

      Integer Overflow or Wraparound

    • Vulnerable module: - krb5/libk5crypto3 + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -3548,159 +3515,200 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - adduser@3.118ubuntu5 + docker-image|quay.io/argoproj/argocd@v2.8.13 - shadow/passwd@1:4.8.1-2ubuntu2.2 + bash@5.1-6ubuntu1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncursesw6@6.3-2ubuntu0.1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + less@590-1ubuntu0.22.04.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - adduser@3.118ubuntu5 + libedit/libedit2@3.1-20210910-1build1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libncurses6@6.3-2ubuntu0.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + util-linux@2.37.2-4ubuntu3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - adduser@3.118ubuntu5 + gnupg2/gpg@2.2.27-3ubuntu2.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + readline/libreadline8@8.1.2-1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + procps@2:3.3.17-6ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 - git@1:2.34.1-1ubuntu1.11 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + pinentry/pinentry-curses@1.1.1-1build2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - git@1:2.34.1-1ubuntu1.11 + docker-image|quay.io/argoproj/argocd@v2.8.13 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/ncurses-base@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3712,30 +3720,29 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      +

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      +

      There is no fixed version for Ubuntu:22.04 ncurses.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26461

    +

    CVE-2023-45918

    @@ -3746,7 +3753,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3754,12 +3761,12 @@

      CVE-2024-26461

    • Vulnerable module: - krb5/libk5crypto3 + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -3772,159 +3779,271 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + bash@5.1-6ubuntu1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncursesw6@6.3-2ubuntu0.1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + less@590-1ubuntu0.22.04.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - adduser@3.118ubuntu5 + libedit/libedit2@3.1-20210910-1build1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libncurses6@6.3-2ubuntu0.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + util-linux@2.37.2-4ubuntu3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - adduser@3.118ubuntu5 + gnupg2/gpg@2.2.27-3ubuntu2.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + readline/libreadline8@8.1.2-1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + procps@2:3.3.17-6ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - git@1:2.34.1-1ubuntu1.11 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + docker-image|quay.io/argoproj/argocd@v2.8.13 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 + procps@2:3.3.17-6ubuntu2.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.13 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/ncurses-bin@6.3-2ubuntu0.1
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 ncurses.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Resource Exhaustion

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libzstd/libzstd1 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.13 and libzstd/libzstd1@1.4.8+dfsg-3build1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -

    CVE-2024-26458

    +

    Integer Overflow or Wraparound

    @@ -3967,7 +4092,7 @@

    CVE-2024-26458

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3980,7 +4105,7 @@

      CVE-2024-26458

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3993,7 +4118,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -4002,7 +4127,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -4023,7 +4148,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -4046,7 +4171,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -4055,7 +4180,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -4076,7 +4201,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4085,9 +4210,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4096,11 +4221,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4109,11 +4234,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -4124,7 +4249,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 adduser@3.118ubuntu5 @@ -4143,7 +4268,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -4159,20 +4284,23 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

      +

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      Remediation

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -4188,7 +4316,7 @@

    Out-of-bounds Write

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4201,7 +4329,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.13 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -4214,7 +4342,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4223,9 +4351,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4234,7 +4362,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4245,7 +4373,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4256,7 +4384,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4267,7 +4395,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4280,7 +4408,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4293,7 +4421,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4302,7 +4430,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4313,7 +4441,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4326,7 +4454,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4335,7 +4463,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4346,7 +4474,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4355,7 +4483,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4366,7 +4494,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4375,7 +4503,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4386,7 +4514,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4399,7 +4527,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4412,7 +4540,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4421,7 +4549,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4432,7 +4560,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4445,7 +4573,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4458,7 +4586,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4467,7 +4595,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4478,7 +4606,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4487,7 +4615,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4498,7 +4626,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4507,7 +4635,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4518,7 +4646,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4539,13 +4667,13 @@

      Remediation

      There is no fixed version for Ubuntu:22.04 gnupg2.

      References

      @@ -4567,7 +4695,7 @@

      Allocation of Resources Without Limits or Throttling

    • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4580,7 +4708,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and glibc/libc-bin@2.35-0ubuntu3.8 + docker-image|quay.io/argoproj/argocd@v2.8.13 and glibc/libc-bin@2.35-0ubuntu3.6
    @@ -4593,18 +4721,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - glibc/libc-bin@2.35-0ubuntu3.8 + glibc/libc-bin@2.35-0ubuntu3.6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - glibc/libc6@2.35-0ubuntu3.8 + glibc/libc6@2.35-0ubuntu3.6 @@ -4623,10 +4751,10 @@

      Remediation

      There is no fixed version for Ubuntu:22.04 glibc.

      References

      @@ -4648,7 +4776,7 @@

      Improper Input Validation

      • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -4662,7 +4790,7 @@

        Improper Input Validation

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17, git@1:2.34.1-1ubuntu1.11 and others + docker-image|quay.io/argoproj/argocd@v2.8.13, git@1:2.34.1-1ubuntu1.10 and others
      @@ -4674,31 +4802,31 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - git/git-man@1:2.34.1-1ubuntu1.11 + git/git-man@1:2.34.1-1ubuntu1.10
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 @@ -4717,8 +4845,8 @@

        Remediation

        There is no fixed version for Ubuntu:22.04 git.

        References

        @@ -4741,7 +4869,7 @@

        Uncontrolled Recursion

        • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -4754,7 +4882,7 @@

          Uncontrolled Recursion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.8.13 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
        @@ -4767,7 +4895,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4776,9 +4904,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4787,11 +4915,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4800,7 +4928,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4809,7 +4937,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 + docker-image|quay.io/argoproj/argocd@v2.8.13 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4856,7 +4984,7 @@

          Improper Input Validation

          • - Manifest file: quay.io/argoproj/argocd:v2.9.17/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.13/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -4869,7 +4997,7 @@

            Improper Input Validation

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.17 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.8.13 and coreutils@8.32-4.1ubuntu1.1
          @@ -4882,9 +5010,9 @@

          Detailed paths

    - +
    + + + + + + + +
    Project docker-image|redis
    Path redis:7.0.11-alpine
    Package Manager apk
    +
    -
    +

    Out-of-bounds Write

    -
    - medium severity +
    + critical severity
    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: - openssl/libcrypto3 + busybox/busybox
    • Introduced through: - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0
    @@ -512,97 +520,51 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.4-r2 + busybox/busybox@1.36.1-r0
    • Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine + alpine-baselayout/alpine-baselayout@3.4.3-r1 - apk-tools/apk-tools@2.14.0-r5 + busybox/busybox-binsh@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + busybox/busybox@1.36.1-r0
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 + busybox/busybox-binsh@1.36.1-r0
    • Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.4-r2 + alpine-baselayout/alpine-baselayout@3.4.3-r1 - openssl/libcrypto3@3.1.4-r2 + busybox/busybox-binsh@1.36.1-r0
    • Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.4-r2 + busybox/ssl_client@1.36.1-r0 @@ -614,71 +576,36 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

      -

      Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

      -

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      -

      The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

      -

      The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

      +

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

      +

      Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-0727

    +
    +

    CVE-2023-5363

    -
    - medium severity +
    + high severity
    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: @@ -688,7 +615,7 @@

      CVE-2024-0727

    • Introduced through: - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    @@ -701,97 +628,97 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 @@ -804,46 +731,62 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

      -

      Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

      -

      A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

      -

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

      -

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

      +

      Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

      +

      When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

      +

      For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

      +

      Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

      +

      Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

      +

      OpenSSL 3.1 and 3.0 are vulnerable to this issue.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Out-of-bounds Write

    +

    Improper Authentication

    @@ -854,17 +797,17 @@

    Out-of-bounds Write

    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: - busybox/busybox + openssl/libcrypto3
    • Introduced through: - docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    @@ -877,159 +820,97 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox@1.36.1-r15 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r2 + .redis-rundeps@20230614.215749 - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r15 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r2 + busybox/ssl_client@1.36.1-r0 - busybox/busybox-binsh@1.36.1-r15 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine + .redis-rundeps@20230614.215749 - busybox/busybox@1.36.1-r15 + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 + docker-image|redis@7.0.11-alpine - busybox/busybox@1.36.1-r15 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r15 + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r2 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r15 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 - busybox/ssl_client@1.36.1-r15 + openssl/libssl3@3.1.1-r1 @@ -1041,25 +922,47 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Use After Free

    +

    Inefficient Regular Expression Complexity

    @@ -1070,17 +973,17 @@

    Use After Free

    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: - busybox/busybox + openssl/libcrypto3
    • Introduced through: - docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    @@ -1093,159 +996,97 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox@1.36.1-r15 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r2 + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r15 + .redis-rundeps@20230614.215749 - busybox/busybox@1.36.1-r15 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r15 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r2 + busybox/ssl_client@1.36.1-r0 - busybox/busybox-binsh@1.36.1-r15 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and busybox/busybox@1.36.1-r15 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine + .redis-rundeps@20230614.215749 - busybox/busybox@1.36.1-r15 + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r2 + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 - busybox/busybox-binsh@1.36.1-r15 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r2 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r15 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 - busybox/ssl_client@1.36.1-r15 + openssl/libssl3@3.1.1-r1 @@ -1257,36 +1098,68 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2023-6237

    +
    +

    Excessive Iteration

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: @@ -1296,7 +1169,7 @@

      CVE-2023-6237

    • Introduced through: - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    @@ -1309,97 +1182,97 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 @@ -1412,59 +1285,67 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

      -

      Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

      -

      When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

      -

      An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

      -

      The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

      + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-2511

    +
    +

    Improper Check for Unusual or Exceptional Conditions

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: @@ -1474,7 +1355,7 @@

      CVE-2024-2511

    • Introduced through: - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    @@ -1487,97 +1368,97 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 @@ -1590,55 +1471,64 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

      -

      Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

      -

      This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

      -

      This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

      + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-4603

    +
    +

    Out-of-bounds Write

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: @@ -1648,7 +1538,7 @@

      CVE-2024-4603

    • Introduced through: - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    @@ -1661,97 +1551,97 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 @@ -1764,63 +1654,66 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

      -

      Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

      -

      The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

      -

      Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

      -

      An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

      -

      These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

      -

      Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-5535

    +
    +

    CVE-2024-0727

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: @@ -1830,7 +1723,7 @@

      CVE-2024-5535

    • Introduced through: - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    @@ -1843,97 +1736,97 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 @@ -1946,86 +1839,45 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

      -

      Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

      -

      The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

      -

      This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

      -

      In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

      -

      This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

      -

      The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

      -

      Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

      + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

      +

      Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

      +

      A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

      +

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

      +

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

      +

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-4741

    +

    CVE-2023-6237

    @@ -2036,7 +1888,7 @@

    CVE-2024-4741

    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: @@ -2046,7 +1898,7 @@

      CVE-2024-4741

    • Introduced through: - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    @@ -2059,97 +1911,97 @@

    Detailed paths

    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - .redis-rundeps@20231208.201137 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|redis@7.0.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 @@ -2163,12 +2015,12 @@

      Detailed paths

      NVD Description

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/v2.9.17/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.17/haproxy_2.6.14-alpine.html deleted file mode 100644 index 8df19ec1c39a6..0000000000000 --- a/docs/snyk/v2.9.17/haproxy_2.6.14-alpine.html +++ /dev/null @@ -1,2564 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:26:57 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • haproxy:2.6.14-alpine (apk)
      • -
    -
    - -
    -
    13 known vulnerabilities
    -
    101 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    CVE-2023-5363

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

    -

    Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

    -

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    -

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

    -

    Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

    -

    Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

    -

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Check for Unusual or Exceptional Conditions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

    -

    While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

    -

    Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

    -

    An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

    -

    Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

    -

    Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

    -

    When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

    -

    An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

    -

    The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4603

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

    -

    Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

    -

    The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

    -

    Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

    -

    An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

    -

    Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-4741

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.9.17/redis_7.0.15-alpine.html b/docs/snyk/v2.9.17/redis_7.0.15-alpine.html deleted file mode 100644 index 0d328bc4a9684..0000000000000 --- a/docs/snyk/v2.9.17/redis_7.0.15-alpine.html +++ /dev/null @@ -1,701 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    June 30th 2024, 12:27:24 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.15-alpine (apk)
      • -
    • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    1 known vulnerabilities
    -
    9 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    CVE-2024-5535

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.20 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.3.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - openssl/libcrypto3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - .redis-rundeps@20240620.205653 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - apk-tools/apk-tools@2.14.4-r0 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.15-alpine - - busybox/ssl_client@1.36.1-r29 - - openssl/libssl3@3.3.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.20 relevant fixed versions and status.

    -

    Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

    -

    Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

    -

    The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

    -

    This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

    -

    In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

    -

    This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

    -

    The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

    -

    Remediation

    -

    Upgrade Alpine:3.20 openssl to version 3.3.1-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.9.9/argocd-iac-install.html b/docs/snyk/v2.9.9/argocd-iac-install.html new file mode 100644 index 0000000000000..e25fc886459cb --- /dev/null +++ b/docs/snyk/v2.9.9/argocd-iac-install.html @@ -0,0 +1,2575 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:19:27 am (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • /argo-cd/manifests/install.yaml (Kubernetes)
      • +
    +
    + +
    +
    38 total issues
    +
    +
    +
    +
    + +
    + + + + + + +
    Project manifests/install.yaml
    Path /argo-cd/manifests/install.yaml
    Project Type Kubernetes
    +
    +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 10] + + rules[0] + + resources + +
      • + +
    • + Line number: 20316 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 11] + + rules[4] + + resources + +
      • + +
    • + Line number: 20401 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 12] + + rules[0] + + resources + +
      • + +
    • + Line number: 20429 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 13] + + rules[1] + + resources + +
      • + +
    • + Line number: 20459 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 13] + + rules[3] + + resources + +
      • + +
    • + Line number: 20477 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Role or ClusterRole with dangerous permissions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-47 +
      • + +
    • Introduced through: + [DocId: 14] + + rules[0] + + resources + +
      • + +
    • + Line number: 20493 +
      • +
    + +
    + +

    Impact

    +

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    + +

    Remediation

    +

    Consider removing these permissions

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container could be running with outdated image

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-42 +
      • + +
    • Introduced through: + [DocId: 45] + + spec + + template + + spec + + initContainers[copyutil] + + imagePullPolicy + +
      • + +
    • + Line number: 21633 +
      • +
    + +
    + +

    Impact

    +

    The container may run with outdated or unauthorized image

    + +

    Remediation

    +

    Set `imagePullPolicy` attribute to `Always`

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 41] + + input + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 20978 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 42] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 21223 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 42] + + input + + spec + + template + + spec + + containers[dex] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 21189 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 43] + + input + + spec + + template + + spec + + containers[argocd-notifications-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 21283 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 44] + + input + + spec + + template + + spec + + containers[redis] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 21376 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 21633 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + containers[argocd-repo-server] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 21433 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + containers[argocd-server] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 21718 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container has no CPU limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-5 +
      • + +
    • Introduced through: + [DocId: 47] + + input + + spec + + template + + spec + + containers[argocd-application-controller] + + resources + + limits + + cpu + +
      • + +
    • + Line number: 22040 +
      • +
    + +
    + +

    Impact

    +

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    + +

    Remediation

    +

    Add `resources.limits.cpu` field with required CPU limit value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running with multiple open ports

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-36 +
      • + +
    • Introduced through: + [DocId: 42] + + spec + + template + + spec + + containers[dex] + + ports + +
      • + +
    • + Line number: 21203 +
      • +
    + +
    + +

    Impact

    +

    Increases the attack surface of the application and the container.

    + +

    Remediation

    +

    Reduce `ports` count to 2

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 41] + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + livenessProbe + +
      • + +
    • + Line number: 20978 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 42] + + spec + + template + + spec + + containers[dex] + + livenessProbe + +
      • + +
    • + Line number: 21189 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without liveness probe

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-41 +
      • + +
    • Introduced through: + [DocId: 44] + + spec + + template + + spec + + containers[redis] + + livenessProbe + +
      • + +
    • + Line number: 21376 +
      • +
    + +
    + +

    Impact

    +

    Kubernetes will not be able to detect if application is able to service requests, and will not restart unhealthy pods

    + +

    Remediation

    +

    Add `livenessProbe` attribute

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 41] + + input + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 20978 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 42] + + input + + spec + + template + + spec + + containers[dex] + + resources + + limits + + memory + +
      • + +
    • + Line number: 21189 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 42] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + memory + +
      • + +
    • + Line number: 21223 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 43] + + input + + spec + + template + + spec + + containers[argocd-notifications-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 21283 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 44] + + input + + spec + + template + + spec + + containers[redis] + + resources + + limits + + memory + +
      • + +
    • + Line number: 21376 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + initContainers[copyutil] + + resources + + limits + + memory + +
      • + +
    • + Line number: 21633 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + containers[argocd-repo-server] + + resources + + limits + + memory + +
      • + +
    • + Line number: 21433 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + containers[argocd-server] + + resources + + limits + + memory + +
      • + +
    • + Line number: 21718 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container is running without memory limit

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-4 +
      • + +
    • Introduced through: + [DocId: 47] + + input + + spec + + template + + spec + + containers[argocd-application-controller] + + resources + + limits + + memory + +
      • + +
    • + Line number: 22040 +
      • +
    + +
    + +

    Impact

    +

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    + +

    Remediation

    +

    Set `resources.limits.memory` value

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 41] + + input + + spec + + template + + spec + + containers[argocd-applicationset-controller] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21113 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 42] + + input + + spec + + template + + spec + + initContainers[copyutil] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21231 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 42] + + input + + spec + + template + + spec + + containers[dex] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21206 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 43] + + input + + spec + + template + + spec + + containers[argocd-notifications-controller] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21310 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 44] + + input + + spec + + template + + spec + + containers[redis] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21386 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + initContainers[copyutil] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21640 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 45] + + input + + spec + + template + + spec + + containers[argocd-repo-server] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21606 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 46] + + input + + spec + + template + + spec + + containers[argocd-server] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 21950 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +

    Container's or Pod's UID could clash with host's UID

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Public ID: SNYK-CC-K8S-11 +
      • + +
    • Introduced through: + [DocId: 47] + + input + + spec + + template + + spec + + containers[argocd-application-controller] + + securityContext + + runAsUser + +
      • + +
    • + Line number: 22188 +
      • +
    + +
    + +

    Impact

    +

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    + +

    Remediation

    +

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    + + +
    +
    + +
    +

    More about this issue

    +
    + +
    +
    +
    + +
    + + + diff --git a/docs/snyk/v2.9.17/argocd-iac-namespace-install.html b/docs/snyk/v2.9.9/argocd-iac-namespace-install.html similarity index 88% rename from docs/snyk/v2.9.17/argocd-iac-namespace-install.html rename to docs/snyk/v2.9.9/argocd-iac-namespace-install.html index 2f01f97c23fc0..5fd494538c87c 100644 --- a/docs/snyk/v2.9.17/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.9.9/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:28:51 am (UTC+00:00)

    +

    March 24th 2024, 12:19:35 am (UTC+00:00)

    Scanned the following path: @@ -466,7 +466,7 @@

    Snyk test report

    -
    43 total issues
    +
    38 total issues
    @@ -737,53 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 256 -
    • - - -
    - -

    Impact

    -

    Using this role grants dangerous permissions. For a ClusterRole this would be considered high severity.

    - -

    Remediation

    -

    Consider removing these permissions

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Role or ClusterRole with dangerous permissions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-47 -
      • - -
    • Introduced through: - [DocId: 12] - - rules[0] - - resources - -
      • - -
    • - Line number: 278 + Line number: 254
    @@ -820,59 +774,7 @@

    Container could be running with outdated image

  • Introduced through: - [DocId: 39] - - spec - - template - - spec - - initContainers[secret-init] - - imagePullPolicy - -
    • - -
  • - Line number: 1100 -
    • - - -
    - -

    Impact

    -

    The container may run with outdated or unauthorized image

    - -

    Remediation

    -

    Set `imagePullPolicy` attribute to `Always`

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container could be running with outdated image

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-42 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 38] spec @@ -887,7 +789,7 @@

      Container could be running with outdated image

    • - Line number: 1357 + Line number: 1288
    @@ -924,7 +826,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -945,7 +847,7 @@

    Container has no CPU limit

  • - Line number: 673 + Line number: 633
    • @@ -982,7 +884,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1003,7 +905,7 @@

    Container has no CPU limit

  • - Line number: 918 + Line number: 878
    • @@ -1040,7 +942,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1061,7 +963,7 @@

    Container has no CPU limit

  • - Line number: 884 + Line number: 844
    • @@ -1098,7 +1000,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -1119,7 +1021,7 @@

    Container has no CPU limit

  • - Line number: 978 + Line number: 938
    • @@ -1156,7 +1058,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -1177,7 +1079,7 @@

    Container has no CPU limit

  • - Line number: 1071 + Line number: 1031
    • @@ -1214,65 +1116,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - cpu - -
    • - -
  • - Line number: 1095 -
    • - - -
    - -

    Impact

    -

    CPU limits can prevent containers from consuming valuable compute time for no benefit (e.g. inefficient code) that might lead to unnecessary costs. It is advisable to also configure CPU requests to ensure application stability.

    - -

    Remediation

    -

    Add `resources.limits.cpu` field with required CPU limit value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container has no CPU limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-5 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -1293,7 +1137,7 @@

      Container has no CPU limit

    • - Line number: 1357 + Line number: 1288
    @@ -1330,7 +1174,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -1351,7 +1195,7 @@

    Container has no CPU limit

  • - Line number: 1152 + Line number: 1088
    • @@ -1388,7 +1232,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -1409,7 +1253,7 @@

    Container has no CPU limit

  • - Line number: 1442 + Line number: 1373
    • @@ -1446,7 +1290,7 @@

    Container has no CPU limit

  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -1467,7 +1311,7 @@

    Container has no CPU limit

  • - Line number: 1769 + Line number: 1695
    • @@ -1504,7 +1348,7 @@

    Container is running with multiple open ports

  • Introduced through: - [DocId: 37] + [DocId: 35] spec @@ -1519,7 +1363,7 @@

    Container is running with multiple open ports

  • - Line number: 898 + Line number: 858
    • @@ -1556,7 +1400,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 36] + [DocId: 34] spec @@ -1571,7 +1415,7 @@

    Container is running without liveness probe

  • - Line number: 673 + Line number: 633
    • @@ -1608,7 +1452,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 37] + [DocId: 35] spec @@ -1623,7 +1467,7 @@

    Container is running without liveness probe

  • - Line number: 884 + Line number: 844
    • @@ -1660,7 +1504,7 @@

    Container is running without liveness probe

  • Introduced through: - [DocId: 39] + [DocId: 37] spec @@ -1675,7 +1519,7 @@

    Container is running without liveness probe

  • - Line number: 1071 + Line number: 1031
    • @@ -1712,7 +1556,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -1733,7 +1577,7 @@

    Container is running without memory limit

  • - Line number: 673 + Line number: 633
    • @@ -1770,7 +1614,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1791,7 +1635,7 @@

    Container is running without memory limit

  • - Line number: 884 + Line number: 844
    • @@ -1828,7 +1672,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -1849,7 +1693,7 @@

    Container is running without memory limit

  • - Line number: 918 + Line number: 878
    • @@ -1886,7 +1730,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -1907,7 +1751,7 @@

    Container is running without memory limit

  • - Line number: 978 + Line number: 938
    • @@ -1944,7 +1788,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -1965,65 +1809,7 @@

    Container is running without memory limit

  • - Line number: 1071 -
    • - - -
    - -

    Impact

    -

    Containers without memory limits are more likely to be terminated when the node runs out of memory

    - -

    Remediation

    -

    Set `resources.limits.memory` value

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container is running without memory limit

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-4 -
      • - -
    • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - resources - - limits - - memory - -
      • - -
    • - Line number: 1095 + Line number: 1031
    @@ -2060,7 +1846,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2081,7 +1867,7 @@

    Container is running without memory limit

  • - Line number: 1357 + Line number: 1288
    • @@ -2118,7 +1904,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2139,7 +1925,7 @@

    Container is running without memory limit

  • - Line number: 1152 + Line number: 1088
    • @@ -2176,7 +1962,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -2197,7 +1983,7 @@

    Container is running without memory limit

  • - Line number: 1442 + Line number: 1373
    • @@ -2234,7 +2020,7 @@

    Container is running without memory limit

  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -2255,7 +2041,7 @@

    Container is running without memory limit

  • - Line number: 1769 + Line number: 1695
    • @@ -2292,7 +2078,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 36] + [DocId: 34] input @@ -2311,7 +2097,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 808 + Line number: 768
    • @@ -2348,7 +2134,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -2367,7 +2153,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 926 + Line number: 886
    • @@ -2404,7 +2190,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 37] + [DocId: 35] input @@ -2423,7 +2209,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 901 + Line number: 861
    • @@ -2460,7 +2246,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 38] + [DocId: 36] input @@ -2479,7 +2265,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1005 + Line number: 965
    • @@ -2516,7 +2302,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] + [DocId: 37] input @@ -2535,7 +2321,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1088 + Line number: 1041
    • @@ -2572,63 +2358,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 39] - - input - - spec - - template - - spec - - initContainers[secret-init] - - securityContext - - runAsUser - -
    • - -
  • - Line number: 1102 -
    • - - -
    - -

    Impact

    -

    UID of the container processes could clash with host's UIDs and lead to unintentional authorization bypass

    - -

    Remediation

    -

    Set `securityContext.runAsUser` value to greater or equal than 10'000. SecurityContext can be set on both `pod` and `container` level. If both are set, then the container level takes precedence

    - - -
    -
    - -
    -

    More about this issue

    -
    - -
    -
    -

    Container's or Pod's UID could clash with host's UID

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Public ID: SNYK-CC-K8S-11 -
      • - -
    • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2647,7 +2377,7 @@

      Container's or Pod's UID could clash with hos

    • - Line number: 1364 + Line number: 1295
    @@ -2684,7 +2414,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 40] + [DocId: 38] input @@ -2703,7 +2433,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1330 + Line number: 1261
    • @@ -2740,7 +2470,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 41] + [DocId: 39] input @@ -2759,7 +2489,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1679 + Line number: 1605
    • @@ -2796,7 +2526,7 @@

    Container's or Pod's UID could clash with hos
  • Introduced through: - [DocId: 42] + [DocId: 40] input @@ -2815,7 +2545,7 @@

    Container's or Pod's UID could clash with hos

  • - Line number: 1928 + Line number: 1843
    • diff --git a/docs/snyk/v2.9.17/argocd-test.html b/docs/snyk/v2.9.9/argocd-test.html similarity index 56% rename from docs/snyk/v2.9.17/argocd-test.html rename to docs/snyk/v2.9.9/argocd-test.html index 04a83efba6187..c4894f56b168a 100644 --- a/docs/snyk/v2.9.17/argocd-test.html +++ b/docs/snyk/v2.9.9/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    June 30th 2024, 12:26:44 am (UTC+00:00)

    +

    March 24th 2024, 12:17:43 am (UTC+00:00)

    Scanned the following paths: @@ -468,8 +468,8 @@

    Snyk test report

    12 known vulnerabilities
    -
    183 vulnerable dependency paths
    -
    1919 dependencies
    +
    133 vulnerable dependency paths
    +
    1917 dependencies
    @@ -817,7 +817,6 @@

    References

    -
    -

    Allocation of Resources Without Limits or Throttling

    +
    +

    LGPL-3.0 license

    -
    - high severity +
    + medium severity
    @@ -857,15 +856,15 @@

    Allocation of Resources Without Limits or Throttling

  • - Vulnerable module: + Module: - golang.org/x/net/http2 + gopkg.in/retry.v1
  • Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0, k8s.io/apimachinery/pkg/util/net@0.24.17 and others + github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
    • @@ -879,198 +878,75 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/Azure/kubelogin/pkg/token@0.0.20 - golang.org/x/net/http2@0.19.0 + gopkg.in/retry.v1@1.0.3 -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/soheilhy/cmux@0.1.5 - - golang.org/x/net/http2@0.19.0 - - + -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - +
    • - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - golang.org/x/net/http2@0.19.0 - - +
    + +

    LGPL-3.0 license

    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - +
    • +
    +

    Infinite loop

    +
    - -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - +
    + medium severity +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - + google.golang.org/protobuf/internal/encoding/json +
      • - -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - +
    • Introduced through: -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    -
    • -
  • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - +
    -
    • + +

    Detailed paths

    + +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/record@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 + + github.com/golang/protobuf/jsonpb@1.4.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/protobuf/encoding/protojson@1.31.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1079,13 +955,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + github.com/argoproj/pkg/grpc/http@#d56162821bd1 - k8s.io/apimachinery/pkg/watch@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1094,13 +972,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc@1.56.2 + + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/transport@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/protobuf/encoding/protojson@1.31.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1115,7 +995,11 @@

      Detailed paths

      google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc/internal/pretty@1.56.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1130,7 +1014,11 @@

      Detailed paths

      google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc/internal/pretty@1.56.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1145,7 +1033,11 @@

      Detailed paths

      google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc/internal/pretty@1.56.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1160,7 +1052,11 @@

      Detailed paths

      google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc/internal/pretty@1.56.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1175,7 +1071,11 @@

      Detailed paths

      google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc/internal/pretty@1.56.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1190,7 +1090,11 @@

      Detailed paths

      google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc/internal/pretty@1.56.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1205,7 +1109,11 @@

      Detailed paths

      google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc/internal/pretty@1.56.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 + + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1220,22 +1128,11 @@

      Detailed paths

      google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/openapi@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/protobuf/encoding/protojson@1.31.0 - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1244,28 +1141,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/auth@0.24.17 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + google.golang.org/grpc@1.56.2 - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/protobuf/encoding/protojson@1.31.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1274,28 +1162,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 + google.golang.org/grpc/reflection@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/kubernetes/fake@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/testing@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/protobuf/encoding/protojson@1.31.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1304,28 +1183,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 + google.golang.org/grpc/health@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/informers/apps/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/protobuf/encoding/protojson@1.31.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/internal/encoding/json@1.31.0 @@ -1334,582 +1204,98 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - k8s.io/client-go/listers/core/v1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - k8s.io/client-go/tools/cache@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/rbac/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/api/core/v1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/errors@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/api/equality@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/pkg/kubeclientmetrics@#d56162821bd1 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/testing@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/azure@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/gcp@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/plugin/pkg/client/auth/oidc@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - k8s.io/client-go/transport@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/reflection@1.56.2 - - google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 google.golang.org/grpc@1.56.2 - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - google.golang.org/grpc/health@1.56.2 - - google.golang.org/grpc/health/grpc_health_v1@1.56.2 - - google.golang.org/grpc@1.56.2 - - google.golang.org/grpc/internal/transport@1.56.2 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/auth@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/informers/core/v1@0.24.17 - - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/kubectl/pkg/util/term@0.24.17 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 - - k8s.io/client-go/rest@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/Azure/kubelogin/pkg/token@0.0.20 - - k8s.io/client-go/pkg/apis/clientauthentication/v1beta1@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/apimachinery/pkg/util/managedfields@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/protobuf/encoding/protojson@1.31.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/internal/encoding/json@1.31.0
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Stack-based Buffer Overflow

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 - - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -1918,17 +1304,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/testing@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/argoproj/pkg/grpc/http@#d56162821bd1 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -1937,17 +1319,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -1956,17 +1334,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/scheme@0.11.0 - - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/apimachinery/pkg/watch@0.24.17 + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -1975,17 +1349,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/listers/core/v1@0.24.17 - - k8s.io/api/core/v1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -1994,17 +1366,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/resource@0.24.17 - - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2013,17 +1383,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2032,17 +1400,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/util/retry@0.24.17 - - k8s.io/apimachinery/pkg/api/errors@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2051,17 +1417,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2070,17 +1434,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/portforward@0.24.17 - - k8s.io/api/core/v1@0.24.17 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2089,17 +1451,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1@0.24.17 - - k8s.io/apimachinery/pkg/api/equality@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2108,17 +1468,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/api/validation@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/validation@0.24.17 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2127,17 +1485,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/transport@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2146,17 +1502,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/fake@0.24.17 - - k8s.io/client-go/testing@0.24.17 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/rest@0.24.17 + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - k8s.io/client-go/transport@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/protobuf/types/known/structpb@1.31.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2165,17 +1519,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/remotecommand@0.24.17 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/client-go/transport/spdy@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/transport@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2184,17 +1538,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/health@#b0fffe419a0f + google.golang.org/grpc/reflection@1.56.2 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2203,17 +1557,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f + google.golang.org/grpc/health@1.56.2 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2222,17 +1576,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/restmapper@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2241,17 +1595,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + google.golang.org/grpc@1.56.2 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/dynamic@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2260,17 +1614,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - sigs.k8s.io/controller-runtime/pkg/internal/testing/controlplane@0.11.0 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/tools/clientcmd@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/tools/auth@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2279,19 +1633,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/diff@#b0fffe419a0f - - k8s.io/apimachinery/pkg/util/strategicpatch@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2300,19 +1652,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/resource@#b0fffe419a0f + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2321,19 +1671,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2342,19 +1690,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2363,19 +1709,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/core/v1@0.24.17 - - k8s.io/client-go/listers/core/v1@0.24.17 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2384,19 +1728,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/record@0.24.17 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/client-go/tools/reference@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2405,19 +1749,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + google.golang.org/grpc/reflection@1.56.2 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - k8s.io/client-go/tools/pager@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2426,19 +1770,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers/apps/v1@0.24.17 + google.golang.org/grpc/health@1.56.2 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/client-go/tools/pager@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2447,19 +1791,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/informers@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - k8s.io/client-go/tools/cache@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - k8s.io/client-go/tools/pager@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2468,40 +1814,95 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - k8s.io/client-go/listers/core/v1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 + + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Infinite loop

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/protobuf/encoding/protojson +
      • + +
    • Introduced through: + + + github.com/argoproj/argo-cd/v2@0.0.0, github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - k8s.io/apimachinery/pkg/watch@0.24.17 - - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2510,19 +1911,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/term@0.24.17 - - k8s.io/client-go/tools/remotecommand@0.24.17 - - k8s.io/client-go/transport/spdy@0.24.17 + github.com/argoproj/pkg/grpc/http@#d56162821bd1 - k8s.io/client-go/rest@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/runtime@1.16.0 - k8s.io/client-go/transport@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 - - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2531,19 +1926,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - - github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - google.golang.org/grpc@1.56.2 google.golang.org/grpc/internal/transport@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/grpc/internal/pretty@1.56.2 + + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2552,19 +1941,13 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/client-go/tools/cache@0.24.17 + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - k8s.io/client-go/rest@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2573,19 +1956,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes@0.24.17 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - - k8s.io/client-go/applyconfigurations/storage/v1beta1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/client-go/applyconfigurations/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2594,19 +1973,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/admission@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2615,21 +1990,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2638,21 +2007,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 - - k8s.io/api/core/v1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2661,21 +2024,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 - - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2684,21 +2041,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 - - k8s.io/client-go/tools/cache@0.24.17 - - k8s.io/client-go/tools/pager@0.24.17 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2707,21 +2058,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2730,21 +2075,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/syncwaves@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/rest@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2753,21 +2092,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/manager@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/internal/metrics@0.11.0 + google.golang.org/grpc@1.56.2 - sigs.k8s.io/controller-runtime/pkg/metrics@0.11.0 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2776,21 +2109,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + go.opentelemetry.io/proto/otlp/collector/trace/v1@0.19.0 - k8s.io/client-go/dynamic@0.24.17 + github.com/grpc-ecosystem/grpc-gateway/v2/runtime@2.11.3 - k8s.io/client-go/rest@0.24.17 + google.golang.org/protobuf/types/known/structpb@1.31.0 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2799,23 +2126,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/builder@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2824,23 +2145,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/envtest@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/webhook/conversion@0.11.0 - - k8s.io/apimachinery/pkg/runtime/serializer@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + google.golang.org/grpc/reflection@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2849,23 +2164,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - k8s.io/client-go/tools/clientcmd@0.24.17 - - k8s.io/client-go/tools/clientcmd/api/latest@0.24.17 - - k8s.io/apimachinery/pkg/runtime/serializer/versioning@0.24.17 + google.golang.org/grpc/health@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2874,23 +2183,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2899,23 +2202,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - k8s.io/client-go/kubernetes@0.24.17 - - k8s.io/client-go/kubernetes/typed/storage/v1beta1@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2924,23 +2221,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube/scheme@#b0fffe419a0f - - k8s.io/kubernetes/pkg/apis/storage/install@1.24.17 - - k8s.io/kubernetes/pkg/apis/storage/v1alpha1@1.24.17 - - k8s.io/api/storage/v1alpha1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/auth@1.4.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2949,23 +2240,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 - - k8s.io/client-go/dynamic@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/retry@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2974,23 +2259,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync/ignore@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/hook/helm@#b0fffe419a0f - - github.com/argoproj/gitops-engine/pkg/sync/common@#b0fffe419a0f + github.com/grpc-ecosystem/go-grpc-prometheus@1.2.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f + google.golang.org/grpc@1.56.2 - k8s.io/kubectl/pkg/util/openapi@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/discovery@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -2999,23 +2278,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@1.16.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + google.golang.org/grpc@1.56.2 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/client-go/dynamic@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/client-go/rest@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3024,25 +2297,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/cache@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus@1.4.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3051,25 +2316,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/sync@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 - - k8s.io/api/storage/v1beta1@0.24.17 + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@0.42.0 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3078,25 +2335,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/gitops-engine/pkg/utils/kube@#b0fffe419a0f - - k8s.io/kubectl/pkg/util/openapi@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 + github.com/improbable-eng/grpc-web/go/grpcweb@0.15.0 - k8s.io/api/storage/v1beta1@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3105,25 +2356,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/handler@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/runtime/inject@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/cache/internal@0.11.0 + google.golang.org/grpc/reflection@1.56.2 - k8s.io/client-go/tools/cache@0.24.17 + google.golang.org/grpc/reflection/grpc_reflection_v1alpha@1.56.2 - k8s.io/client-go/tools/pager@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3132,27 +2377,19 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller/controllerutil@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/client/apiutil@0.11.0 - - k8s.io/client-go/restmapper@0.24.17 - - k8s.io/client-go/discovery@0.24.17 - - k8s.io/client-go/kubernetes/scheme@0.24.17 + google.golang.org/grpc/health@1.56.2 - k8s.io/api/storage/v1beta1@0.24.17 + google.golang.org/grpc/health/grpc_health_v1@1.56.2 - k8s.io/api/core/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3161,27 +2398,21 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - k8s.io/client-go/dynamic@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3190,29 +2421,23 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - sigs.k8s.io/controller-runtime/pkg/controller@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/source/internal@0.11.0 - - sigs.k8s.io/controller-runtime/pkg/predicate@0.11.0 + github.com/grpc-ecosystem/go-grpc-middleware/tags/logrus@1.4.0 - sigs.k8s.io/controller-runtime/pkg/event@0.11.0 + github.com/grpc-ecosystem/go-grpc-middleware/logging/logrus/ctxlogrus@1.4.0 - sigs.k8s.io/controller-runtime/pkg/client@0.11.0 + github.com/grpc-ecosystem/go-grpc-middleware/tags@1.4.0 - k8s.io/client-go/dynamic@0.24.17 + github.com/grpc-ecosystem/go-grpc-middleware@1.4.0 - k8s.io/apimachinery/pkg/apis/meta/v1/unstructured@0.24.17 + google.golang.org/grpc@1.56.2 - k8s.io/apimachinery/pkg/apis/meta/v1@0.24.17 + google.golang.org/grpc/internal/transport@1.56.2 - k8s.io/apimachinery/pkg/watch@0.24.17 + google.golang.org/grpc/internal/pretty@1.56.2 - k8s.io/apimachinery/pkg/util/net@0.24.17 + github.com/golang/protobuf/jsonpb@1.4.2 - golang.org/x/net/http2@0.19.0 + google.golang.org/protobuf/encoding/protojson@1.31.0 @@ -3224,27 +2449,27 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

      +

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      +

      Note:

      +

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      +

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    LGPL-3.0 license

    +

    Authentication Bypass by Capture-replay

    @@ -3261,15 +2486,15 @@

    LGPL-3.0 license

    Package Manager: golang
  • - Module: + Vulnerable module: - gopkg.in/retry.v1 + golang.org/x/crypto/ssh
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and golang.org/x/crypto/ssh@0.16.0 - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
    • @@ -3283,69 +2508,115 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/Azure/kubelogin/pkg/token@0.0.20 - - gopkg.in/retry.v1@1.0.3 + golang.org/x/crypto/ssh@0.16.0 - - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Regular Expression Denial of Service (ReDoS)

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/whilp/git-urls -
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + -
    • Introduced through: +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + -
      • -
    + +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 + + -
    +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 + + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 + + -
      +
    • Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/whilp/git-urls@1.0.2 + github.com/go-git/go-git/v5@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + golang.org/x/crypto/ssh@0.16.0 @@ -3354,9 +2625,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/skeema/knownhosts@1.2.1 - github.com/whilp/git-urls@1.0.2 + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 @@ -3365,11 +2642,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/go-git/go-git/v5@5.11.0 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 + + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/whilp/git-urls@1.0.2 + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh@0.16.0 @@ -3378,11 +2659,15 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 - github.com/whilp/git-urls@1.0.2 + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 @@ -3391,13 +2676,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf + github.com/go-git/go-git/v5@5.11.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 - github.com/whilp/git-urls@1.0.2 + github.com/skeema/knownhosts@1.2.1 + + golang.org/x/crypto/ssh/knownhosts@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 @@ -3406,13 +2695,17 @@

      Detailed paths

      Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + github.com/go-git/go-git/v5@5.11.0 - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + github.com/go-git/go-git/v5/plumbing/transport/client@5.11.0 - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + github.com/go-git/go-git/v5/plumbing/transport/ssh@5.11.0 + + github.com/xanzy/ssh-agent@0.3.3 - github.com/whilp/git-urls@1.0.2 + golang.org/x/crypto/ssh/agent@0.16.0 + + golang.org/x/crypto/ssh@0.16.0 @@ -3424,99 +2717,44 @@

      Detailed paths

      Overview

      -

      github.com/whilp/git-urls is a Git URLs parser

      -

      Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

      -

      Note: - This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

      -

      PoC

      - 
      
-        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
-        malicious_url := "6en6ar@-:0////" + payload + "\"
-        begin := time.Now()
-        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
-        _, err := giturls.ParseScp(malicious_url)
-        if err != nil {
-        fmt.Errorf("[ - ] Error ->" + err.Error())
-        }
-        //fmt.Println("[ + ] Url --> " + u.Host)
-        elapse := time.Since(begin)
-        fmt.Printf("Function took %s", elapse)
-
      -

      Details

      -

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

      -

      The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

      -

      Let’s take the following regular expression as an example:

      - 
      regex = /A(B|C+)+D/
-
      -

      This regular expression accomplishes the following:

      -
        -
      • A The string must start with the letter 'A'
        • -
      • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
        • -
      • D Finally, we ensure this section of the string ends with a 'D'
        • -
      -

      The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

      -

      It most cases, it doesn't take very long for a regex engine to find a match:

      - 
      $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
-        0.04s user 0.01s system 95% cpu 0.052 total
-        
-        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
-        1.79s user 0.02s system 99% cpu 1.812 total
-
      -

      The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

      -

      Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

      -

      Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

      +

      golang.org/x/crypto/ssh is a SSH client and server

      +

      Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

      +

      Note:

        -
      1. CCC
        2. -
      2. CC+C
        3. -
      3. C+CC
        4. -
      4. C+C+C.
        5. +

      5. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

        +
        6. +

      6. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

        +
      -

      The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

      -

      From there, the number of steps the engine must use to validate a string just continues to grow.

      - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
      StringNumber of C'sNumber of steps
      ACCCX338
      ACCCCX471
      ACCCCCX5136
      ACCCCCCCCCCCCCCX1465,553
      -

      By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

      +

      Impact:

      +

      While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

      +

      Workaround

      +

      Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

      Remediation

      -

      There is no fixed version for github.com/whilp/git-urls.

      +

      Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • @@ -3641,162 +2879,6 @@

    Detailed paths

    More about this vulnerability

    -
    -
    -

    Insertion of Sensitive Information into Log File

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/hashicorp/go-retryablehttp -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@0.0.0 and github.com/hashicorp/go-retryablehttp@0.7.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/xanzy/go-gitlab@0.91.1 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@0.0.0 - - github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf - - github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf - - github.com/opsgenie/opsgenie-go-sdk-v2/client@1.0.5 - - github.com/hashicorp/go-retryablehttp@0.7.4 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

    -

    Remediation

    -

    Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -4180,7 +3262,7 @@

    Detailed paths

    -

    Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

    +

    Improper Handling of Highly Compressed Data (Data Amplification)

    @@ -4199,13 +3281,13 @@

    Concurrent Execution using Shared Resource with Improper
  • Vulnerable module: - github.com/Azure/azure-sdk-for-go/sdk/azidentity + github.com/go-jose/go-jose/v3
  • Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/go-jose/go-jose/v3@3.0.1 - github.com/argoproj/argo-cd/v2@0.0.0, github.com/Azure/kubelogin/pkg/token@0.0.20 and others
    • @@ -4219,100 +3301,18 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@0.0.0 - github.com/Azure/kubelogin/pkg/token@0.0.20 - - github.com/Azure/azure-sdk-for-go/sdk/azidentity@1.1.0 + github.com/go-jose/go-jose/v3@3.0.1 - - -
    - -
    - -

    Overview

    -

    github.com/Azure/azure-sdk-for-go/sdk/azidentity is a module that provides Microsoft Entra ID (formerly Azure Active Directory) token authentication support across the Azure SDK. It includes a set of TokenCredential implementations, which can be used with Azure SDK clients supporting token authentication.

    -

    Affected versions of this package are vulnerable to Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in the authentication process. An attacker can elevate privileges by exploiting race conditions during the token validation steps. This is only exploitable if the application is configured to use multiple threads or processes for handling authentication requests.

    -

    Notes:

    -
      -

    1. An attacker who successfully exploited the vulnerability could elevate privileges and read any file on the file system with SYSTEM access permissions;

      -
      2. -

    2. An attacker who successfully exploits this vulnerability can only obtain read access to the system files by exploiting this vulnerability. The attacker cannot perform write or delete operations on the files;

      -
      3. -

    3. The vulnerability exists in the following credential types: DefaultAzureCredential and ManagedIdentityCredential;

      -
      4. -

    4. The vulnerability exists in the following credential types:

      -
      5. -
    -

    ManagedIdentityApplication (.NET)

    -

    ManagedIdentityApplication (Java)

    -

    ManagedIdentityApplication (Node.js)

    -

    Remediation

    -

    Upgrade github.com/Azure/azure-sdk-for-go/sdk/azidentity to version 1.6.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Template Injection

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: /argo-cd ui/yarn.lock -
      • -
    • - Package Manager: npm -
      • -
    • - Vulnerable module: - - dompurify -
      • - -
    • Introduced through: - - - argo-cd-ui@1.0.0, redoc@2.0.0-rc.64 and others -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - argo-cd-ui@1.0.0 + github.com/argoproj/argo-cd/v2@0.0.0 - redoc@2.0.0-rc.64 + github.com/coreos/go-oidc/v3/oidc@3.6.0 - dompurify@2.3.6 + github.com/go-jose/go-jose/v3@3.0.1 @@ -4324,24 +3324,20 @@

      Detailed paths

      Overview

      -

      dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG.

      -

      Affected versions of this package are vulnerable to Template Injection in purify.js, due to inconsistencies in the parsing of XML and HTML tags. Executable code can be injected in HTML inside XML CDATA blocks.

      -

      PoC

      - 
      <![CDATA[ ><img src onerror=alert(1)> ]]>
-
      +

      Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

      Remediation

      -

      Upgrade dompurify to version 2.4.9, 3.0.11 or higher.

      +

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html similarity index 69% rename from docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html rename to docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html index 0222eacba5726..ca1fb70c0e4b2 100644 --- a/docs/snyk/v2.11.3/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/v2.9.9/ghcr.io_dexidp_dex_v2.37.0.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,22 +456,22 @@

    Snyk test report

    -

    June 30th 2024, 12:21:50 am (UTC+00:00)

    +

    March 24th 2024, 12:17:49 am (UTC+00:00)

    Scanned the following paths:
      -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex (apk)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
      • -
    • ghcr.io/dexidp/dex:v2.38.0/dexidp/dex//usr/local/bin/dex (gomodules)
      • +
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex (apk)
      • +
    • ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3//usr/local/bin/gomplate (gomodules)
      • +
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/docker-entrypoint (gomodules)
      • +
    • ghcr.io/dexidp/dex:v2.37.0/dexidp/dex//usr/local/bin/dex (gomodules)
    -
    37 known vulnerabilities
    -
    113 vulnerable dependency paths
    -
    829 dependencies
    +
    42 known vulnerabilities
    +
    121 vulnerable dependency paths
    +
    786 dependencies
    @@ -479,19 +479,19 @@

    Snyk test report

    -
    -

    Allocation of Resources Without Limits or Throttling

    +
    +

    Path Traversal

    -
    - high severity +
    + critical severity
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -499,12 +499,12 @@

      Allocation of Resources Without Limits or Throttling

      Vulnerable module: - golang.org/x/net/http2 + github.com/go-git/go-git/v5
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.19.0 + github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5@v5.4.2
    @@ -519,16 +519,7 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - golang.org/x/net/http2@v0.19.0 - - - - -
  • - Introduced through: - github.com/dexidp/dex@* - - golang.org/x/net/http2@v0.20.0 + github.com/go-git/go-git/v5@v5.4.2 @@ -540,48 +531,55 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    +

    Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

    +

    Notes:

    +
      +

    1. This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.

      +
      2. +

    2. Applications using BoundOS or in-memory filesystems are not affected by this issue.

      +
      3. +

    3. Users running versions of go-git from v4 and above are recommended to upgrade to v5.11 in order to mitigate this vulnerability.

      +
      4. +
    +

    Workaround

    +

    This vulnerability can be mitigated by limiting the client's use to trustworthy Git servers.

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    +

    Upgrade github.com/go-git/go-git/v5 to version 5.11.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -
    +

    Out-of-bounds Write

    -
    - medium severity +
    + critical severity
    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: - openssl/libcrypto3 + busybox/busybox
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and busybox/busybox@1.36.1-r0
    @@ -594,75 +592,51 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 + busybox/busybox@1.36.1-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - apk-tools/apk-tools@2.14.0-r5 + alpine-baselayout/alpine-baselayout@3.4.3-r1 - openssl/libssl3@3.1.4-r2 + busybox/busybox-binsh@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + busybox/busybox@1.36.1-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - openssl/libssl3@3.1.4-r2 + busybox/busybox-binsh@1.36.1-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - apk-tools/apk-tools@2.14.0-r5 + alpine-baselayout/alpine-baselayout@3.4.3-r1 - openssl/libssl3@3.1.4-r2 + busybox/busybox-binsh@1.36.1-r0
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - openssl/libssl3@3.1.4-r2 + busybox/ssl_client@1.36.1-r0 @@ -674,71 +648,36 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

      -

      Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

      -

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      -

      The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

      -

      The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

      +

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

      +

      Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-0727

    +
    +

    CVE-2023-5363

    -
    - medium severity +
    + high severity
    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: @@ -748,7 +687,7 @@

      CVE-2024-0727

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    @@ -761,75 +700,75 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 @@ -842,57 +781,73 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

      -

      Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

      -

      A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

      -

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

      -

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

      +

      Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

      +

      When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

      +

      For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

      +

      Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

      +

      Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

      +

      OpenSSL 3.1 and 3.0 are vulnerable to this issue.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Infinite loop

    +
    +

    Denial of Service (DoS)

    -
    - medium severity +
    + high severity
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -900,12 +855,12 @@

      Infinite loop

    • Vulnerable module: - google.golang.org/protobuf/internal/encoding/json + google.golang.org/grpc
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0 + github.com/hairyhenderson/gomplate/v3@* and google.golang.org/grpc@v1.46.2
    @@ -920,7 +875,7 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - google.golang.org/protobuf/internal/encoding/json@v1.31.0 + google.golang.org/grpc@v1.46.2 @@ -929,7 +884,7 @@

    Detailed paths

    Introduced through: github.com/dexidp/dex@* - google.golang.org/protobuf/internal/encoding/json@v1.32.0 + google.golang.org/grpc@v1.56.1 @@ -941,38 +896,48 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    -

    Note:

    -

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    google.golang.org/grpc is a Go implementation of gRPC

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    Remediation

    -

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    Stack-based Buffer Overflow

    +
    +

    Denial of Service (DoS)

    -
    - medium severity +
    + high severity
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -980,12 +945,12 @@

      Stack-based Buffer Overflow

    • Vulnerable module: - google.golang.org/protobuf/encoding/protojson + golang.org/x/net/http2
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0
    @@ -1000,7 +965,16 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - google.golang.org/protobuf/encoding/protojson@v1.31.0 + golang.org/x/net/http2@v0.7.0 + + + + +
  • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/http2@v0.11.0 @@ -1012,35 +986,48 @@

    Detailed paths

    Overview

    -

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    Remediation

    -

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • -
    -

    Infinite loop

    +
    +

    Heap-based Buffer Overflow

    -
    - medium severity +
    + high severity
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex
    • Package Manager: golang @@ -1048,12 +1035,12 @@

      Infinite loop

    • Vulnerable module: - google.golang.org/protobuf/encoding/protojson + github.com/mattn/go-sqlite3
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/dexidp/dex@* and github.com/mattn/go-sqlite3@v1.14.17
    @@ -1066,18 +1053,79 @@

    Detailed paths

    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + github.com/dexidp/dex@* - google.golang.org/protobuf/encoding/protojson@v1.31.0 + github.com/mattn/go-sqlite3@v1.14.17
      • +
    + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the sessionReadRecord function in the ext/session/sqlite3session.c file. An attacker can cause a program crash or execute arbitrary code by manipulating the input to trigger a heap-based buffer overflow.

    +

    Remediation

    +

    Upgrade github.com/mattn/go-sqlite3 to version 1.14.18 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: github.com/dexidp/dex@* - google.golang.org/protobuf/encoding/protojson@v1.32.0 + github.com/go-jose/go-jose/v3@v3.0.0 @@ -1089,27 +1137,36 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      -

      Note:

      -

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      +

      Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

      +

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Improper Authentication

    @@ -1120,20 +1177,17 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang + Package Manager: alpine:3.18
    • - Module: + Vulnerable module: - github.com/hashicorp/vault/sdk/helper/certutil + openssl/libcrypto3
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    @@ -1146,54 +1200,75 @@

    Detailed paths

    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/vault/sdk/logical@v0.5.0 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -1204,17 +1279,48 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Inefficient Regular Expression Complexity

    @@ -1225,20 +1331,17 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang + Package Manager: alpine:3.18
    • - Module: + Vulnerable module: - github.com/hashicorp/vault/api + openssl/libcrypto3
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    @@ -1251,69 +1354,75 @@

    Detailed paths

    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/vault/api@v1.6.0 + openssl/libcrypto3@3.1.1-r1
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/serf/coordinate -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7 +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + -
      • -
    + +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + -
    +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + -
      +
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/serf/coordinate@v0.9.7 + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -1324,17 +1433,58 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    • -

    MPL-2.0 license

    +

    Excessive Iteration

    @@ -1345,20 +1495,17 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex -
      • -
    • - Package Manager: golang + Package Manager: alpine:3.18
    • - Module: + Vulnerable module: - github.com/hashicorp/hcl/v2 + openssl/libcrypto3
    • Introduced through: - github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    @@ -1371,72 +1518,75 @@

    Detailed paths

    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl/v2@v2.13.0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 - - - -
      • -
    • - Introduced through: - github.com/dexidp/dex@* + apk-tools/apk-tools@2.14.0-r2 - github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl/v2/gohcl@v2.13.0 + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl/v2/hclparse@v2.13.0 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1
    • Introduced through: - github.com/dexidp/dex@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl/v2/json@v2.13.0 + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -1447,17 +1597,58 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Improper Check for Unusual or Exceptional Conditions

    @@ -1468,20 +1659,17 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang + Package Manager: alpine:3.18
    • - Module: + Vulnerable module: - github.com/hashicorp/hcl + openssl/libcrypto3
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    @@ -1494,78 +1682,75 @@

    Detailed paths

    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl@v1.0.0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/hcl/hcl/token@v1.0.0 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/golang-lru/simplelru -
      • - -
    • Introduced through: - - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4 - -
      • -
    +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + -
    +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + -

    Detailed paths

    +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + -
      +
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/golang-lru/simplelru@v0.5.4 + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -1576,17 +1761,55 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    • -

    MPL-2.0 license

    +

    Out-of-bounds Write

    @@ -1597,20 +1820,17 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Package Manager: alpine:3.18
    • - Package Manager: golang -
      • -
    • - Module: + Vulnerable module: - github.com/hashicorp/go-version + openssl/libcrypto3
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    @@ -1623,30 +1843,136 @@

    Detailed paths

    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/go-version@v1.5.0 + openssl/libcrypto3@3.1.1-r1
      • -
    - +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
    • +
  • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 + + + +
    • + +
    -

    MPL-2.0 license

    +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

    +

    Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

    +

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    +

    The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

    +

    The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    MPL-2.0 license

    +

    CVE-2024-0727

    @@ -1657,20 +1983,17 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate -
      • -
    • - Package Manager: golang + Package Manager: alpine:3.18
    • - Module: + Vulnerable module: - github.com/hashicorp/go-sockaddr + openssl/libcrypto3
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    @@ -1683,18 +2006,75 @@

    Detailed paths

    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/go-sockaddr@v1.0.2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + docker-image|ghcr.io/dexidp/dex@v2.37.0 - github.com/hashicorp/go-sockaddr/template@v1.0.2 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|ghcr.io/dexidp/dex@v2.37.0 + + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -1705,17 +2085,47 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

      +

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

      +

      Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

      +

      A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

      +

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

      +

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

      +

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      +

      Remediation

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Infinite loop

    @@ -1726,20 +2136,20 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-secure-stdlib/strutil + google.golang.org/protobuf/internal/encoding/json
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 + github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/internal/encoding/json@v1.28.0
    @@ -1754,7 +2164,16 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 + google.golang.org/protobuf/internal/encoding/json@v1.28.0 + + + + +
  • + Introduced through: + github.com/dexidp/dex@* + + google.golang.org/protobuf/internal/encoding/json@v1.31.0 @@ -1765,17 +2184,28 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    MPL-2.0 license

    +

    Stack-based Buffer Overflow

    @@ -1786,20 +2216,20 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-secure-stdlib/parseutil + google.golang.org/protobuf/encoding/protojson
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 + github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0
    @@ -1814,7 +2244,16 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 + google.golang.org/protobuf/encoding/protojson@v1.28.0 + + + + +
  • + Introduced through: + github.com/dexidp/dex@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 @@ -1825,17 +2264,25 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    MPL-2.0 license

    +

    Infinite loop

    @@ -1846,20 +2293,20 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-secure-stdlib/mlock + google.golang.org/protobuf/encoding/protojson
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 + github.com/hairyhenderson/gomplate/v3@* and google.golang.org/protobuf/encoding/protojson@v1.28.0
    @@ -1874,7 +2321,16 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 + google.golang.org/protobuf/encoding/protojson@v1.28.0 + + + + +
  • + Introduced through: + github.com/dexidp/dex@* + + google.golang.org/protobuf/encoding/protojson@v1.31.0 @@ -1885,17 +2341,28 @@

    Detailed paths

    -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +
    • -

    MPL-2.0 license

    +

    Allocation of Resources Without Limits or Throttling

    @@ -1906,20 +2373,20 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-rootcerts + golang.org/x/net/http2
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2 + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/net/http2@v0.7.0
    @@ -1934,7 +2401,16 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-rootcerts@v1.0.2 + golang.org/x/net/http2@v0.7.0 + + + + +
  • + Introduced through: + github.com/dexidp/dex@* + + golang.org/x/net/http2@v0.11.0 @@ -1945,17 +2421,29 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

    +

    Note:

    +

    This issue is related to CVE-2023-44487

    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    • -

    Insertion of Sensitive Information into Log File

    +

    Cross-site Scripting (XSS)

    @@ -1966,7 +2454,7 @@

    Insertion of Sensitive Information into Log File

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex
    • Package Manager: golang @@ -1974,12 +2462,12 @@

      Insertion of Sensitive Information into Log File

    • Vulnerable module: - github.com/hashicorp/go-retryablehttp + golang.org/x/net/html
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 + github.com/dexidp/dex@* and golang.org/x/net/html@v0.11.0
    @@ -1992,9 +2480,9 @@

    Detailed paths

    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + github.com/dexidp/dex@* - github.com/hashicorp/go-retryablehttp@v0.7.1 + golang.org/x/net/html@v0.11.0 @@ -2006,24 +2494,82 @@

      Detailed paths

      Overview

      -

      Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

      +

      golang.org/x/net/html is a package that implements an HTML5-compliant tokenizer and parser.

      +

      Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the render1() function in render.go. Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be.

      +

      Details

      +

      A cross-site scripting attack occurs when the attacker tricks a legitimate web-based application or site to accept a request as originating from a trusted source.

      +

      This is done by escaping the context of the web application; the web application then delivers that data to its users along with other trusted dynamic content, without validating it. The browser unknowingly executes malicious script on the client side (through client-side languages; usually JavaScript or HTML) in order to perform actions that are otherwise typically blocked by the browser’s Same Origin Policy.

      +

      Injecting malicious code is the most prevalent manner by which XSS is exploited; for this reason, escaping characters in order to prevent this manipulation is the top method for securing code against this vulnerability.

      +

      Escaping means that the application is coded to mark key characters, and particularly key characters included in user input, to prevent those characters from being interpreted in a dangerous context. For example, in HTML, < can be coded as &lt; and > can be coded as &gt; in order to be interpreted and displayed as themselves in text, while within the code itself, they are used for HTML tags. If malicious content is injected into an application that escapes special characters and that malicious content uses < and > as HTML tags, those characters are nonetheless not interpreted as HTML tags by the browser if they’ve been correctly escaped in the application code and in this way the attempted attack is diverted.

      +

      The most prominent use of XSS is to steal cookies (source: OWASP HttpOnly) and hijack user sessions, but XSS exploits have been used to expose sensitive information, enable access to privileged services and functionality and deliver malware.

      +

      Types of attacks

      +

      There are a few methods by which XSS can be manipulated:

      + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      TypeOriginDescription
      StoredServerThe malicious code is inserted in the application (usually as a link) by the attacker. The code is activated every time a user clicks the link.
      ReflectedServerThe attacker delivers a malicious link externally from the vulnerable web site application to a user. When clicked, malicious code is sent to the vulnerable web site, which reflects the attack back to the user’s browser.
      DOM-basedClientThe attacker forces the user’s browser to render a malicious page. The data in the page itself delivers the cross-site scripting data.
      MutatedThe attacker injects code that appears safe, but is then rewritten and modified by the browser, while parsing the markup. An example is rebalancing unclosed quotation marks or even adding quotation marks to unquoted parameters.
      +

      Affected environments

      +

      The following environments are susceptible to an XSS attack:

      +
        +
      • Web servers
        • +
      • Application servers
        • +
      • Web application environments
        • +
      +

      How to prevent

      +

      This section describes the top best practices designed to specifically protect your code:

      +
        +
      • Sanitize data input in an HTTP request before reflecting it back, ensuring all data is validated, filtered or escaped before echoing anything back to the user, such as the values of query parameters during searches.
        • +
      • Convert special characters such as ?, &, /, <, > and spaces to their respective HTML or URL encoded equivalents.
        • +
      • Give users the option to disable client-side scripts.
        • +
      • Redirect invalid requests.
        • +
      • Detect simultaneous logins, including those from two separate IP addresses, and invalidate those sessions.
        • +
      • Use and enforce a Content Security Policy (source: Wikipedia) to disable any features that might be manipulated for an XSS attack.
        • +
      • Read the documentation for any of the libraries referenced in your code to understand which elements allow for embedded HTML.
        • +

      Remediation

      -

      Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

      +

      Upgrade golang.org/x/net/html to version 0.13.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Authentication Bypass by Capture-replay

    @@ -2034,20 +2580,20 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-retryablehttp + golang.org/x/crypto/ssh
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 + github.com/hairyhenderson/gomplate/v3@* and golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e
    @@ -2062,7 +2608,7 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-retryablehttp@v0.7.1 + golang.org/x/crypto/ssh@v0.0.0-20220525230936-793ad666bf5e @@ -2073,12 +2619,45 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -2094,7 +2673,7 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -2102,12 +2681,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-plugin + github.com/hashicorp/vault/sdk/helper/certutil
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0
    @@ -2122,7 +2701,7 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-plugin@v1.4.4 + github.com/hashicorp/vault/sdk/helper/certutil@v0.5.0 @@ -2131,7 +2710,70 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-plugin/internal/plugin@v1.4.4 + github.com/hashicorp/vault/sdk/helper/compressutil@v0.5.0 + + + + +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/vault/sdk/helper/consts@v0.5.0 + + + +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/vault/sdk/helper/jsonutil@v0.5.0 + + + +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/vault/sdk/helper/pluginutil@v0.5.0 + + + +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/vault/sdk/helper/strutil@v0.5.0 + + + +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/vault/sdk/logical@v0.5.0 + + + +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/vault/sdk/physical@v0.5.0 + + + +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/vault/sdk/physical/inmem@v0.5.0 @@ -2147,7 +2789,7 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -2163,7 +2805,7 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -2171,12 +2813,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-immutable-radix + github.com/hashicorp/vault/api
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/vault/api@v1.6.0
    @@ -2191,7 +2833,7 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-immutable-radix@v1.3.1 + github.com/hashicorp/vault/api@v1.6.0 @@ -2207,7 +2849,7 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -2223,7 +2865,7 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -2231,12 +2873,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-cleanhttp + github.com/hashicorp/serf/coordinate
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/serf/coordinate@v0.9.7
    @@ -2251,7 +2893,7 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/go-cleanhttp@v0.5.2 + github.com/hashicorp/serf/coordinate@v0.9.7 @@ -2267,7 +2909,7 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -2283,7 +2925,7 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex
    • Package Manager: golang @@ -2291,12 +2933,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/errwrap + github.com/hashicorp/hcl/v2
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 + github.com/dexidp/dex@* and github.com/hashicorp/hcl/v2@v2.13.0
    @@ -2309,9 +2951,72 @@

    Detailed paths

    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* + github.com/dexidp/dex@* - github.com/hashicorp/errwrap@v1.1.0 + github.com/hashicorp/hcl/v2@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/ext/customdecode@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/ext/tryfunc@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/gohcl@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/hclparse@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/hclsyntax@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/hclwrite@v2.13.0 + + + +
      • +
    • + Introduced through: + github.com/dexidp/dex@* + + github.com/hashicorp/hcl/v2/json@v2.13.0 @@ -2327,7 +3032,7 @@

      Detailed paths

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -2343,7 +3048,7 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -2351,12 +3056,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/consul/api + github.com/hashicorp/hcl
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/hcl@v1.0.0
    @@ -2371,24 +3076,60 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/hashicorp/consul/api@v1.13.0 + github.com/hashicorp/hcl@v1.0.0 - - -
    - -
    - -

    MPL-2.0 license

    +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/hcl/hcl/parser@v1.0.0 + + -
    +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/hcl/hcl/strconv@v1.0.0 + + -
    -

    More about this vulnerability

    -
    +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/hcl/hcl/token@v1.0.0 + + + +
    • +
  • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/hcl/json/parser@v1.0.0 + + + +
    • + + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    @@ -2403,7 +3144,7 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -2411,12 +3152,12 @@

      MPL-2.0 license

    • Module: - github.com/gosimple/slug + github.com/hashicorp/golang-lru/simplelru
    • Introduced through: - github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/golang-lru/simplelru@v0.5.4
    @@ -2431,7 +3172,7 @@

    Detailed paths

    Introduced through: github.com/hairyhenderson/gomplate/v3@* - github.com/gosimple/slug@v1.12.0 + github.com/hashicorp/golang-lru/simplelru@v0.5.4 @@ -2447,7 +3188,7 @@

    Detailed paths

    -

    More about this vulnerability

    +

    More about this vulnerability

    @@ -2463,7 +3204,7 @@

    MPL-2.0 license

    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang @@ -2471,12 +3212,12 @@

      MPL-2.0 license

    • Module: - github.com/go-sql-driver/mysql + github.com/hashicorp/go-version
    • Introduced through: - github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-version@v1.5.0
    @@ -2489,9 +3230,9 @@

    Detailed paths

    -

    Improper Handling of Highly Compressed Data (Data Amplification)

    +

    MPL-2.0 license

    @@ -2523,20 +3264,20 @@

    Improper Handling of Highly Compressed Data (Data Amplif
    • - Manifest file: ghcr.io/dexidp/dex:v2.38.0/dexidp/dex /usr/local/bin/dex + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • Package Manager: golang
    • - Vulnerable module: + Module: - github.com/go-jose/go-jose/v3 + github.com/hashicorp/go-sockaddr
    • Introduced through: - github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.1 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-sockaddr@v1.0.2
    @@ -2549,9 +3290,18 @@

    Detailed paths

    • Introduced through: - github.com/dexidp/dex@* + github.com/hairyhenderson/gomplate/v3@* + + github.com/hashicorp/go-sockaddr@v1.0.2 + + + +
      • +
    • + Introduced through: + github.com/hairyhenderson/gomplate/v3@* - github.com/go-jose/go-jose/v3@v3.0.1 + github.com/hashicorp/go-sockaddr/template@v1.0.2 @@ -2562,26 +3312,17 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

      -

      Remediation

      -

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Out-of-bounds Write

    +

    MPL-2.0 license

    @@ -2592,17 +3333,20 @@

    Out-of-bounds Write

    • - Package Manager: alpine:3.19 + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • - Vulnerable module: + Package Manager: golang +
      • +
    • + Module: - busybox/busybox + github.com/hashicorp/go-secure-stdlib/strutil
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2
    @@ -2615,51 +3359,9 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + github.com/hairyhenderson/gomplate/v3@* - busybox/ssl_client@1.36.1-r15 + github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2 @@ -2670,26 +3372,17 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

      -

      Remediation

      -

      Upgrade Alpine:3.19 busybox to version 1.36.1-r16 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Use After Free

    +

    MPL-2.0 license

    @@ -2700,17 +3393,20 @@

    Use After Free

    • - Package Manager: alpine:3.19 + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • - Vulnerable module: + Package Manager: golang +
      • +
    • + Module: - busybox/busybox + github.com/hashicorp/go-secure-stdlib/parseutil
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5
    @@ -2723,51 +3419,9 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + github.com/hairyhenderson/gomplate/v3@* - busybox/ssl_client@1.36.1-r15 + github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.5 @@ -2778,26 +3432,17 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

      -

      Remediation

      -

      Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Use After Free

    +

    MPL-2.0 license

    @@ -2808,17 +3453,20 @@

    Use After Free

    • - Package Manager: alpine:3.19 + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • - Vulnerable module: + Package Manager: golang +
      • +
    • + Module: - busybox/busybox + github.com/hashicorp/go-secure-stdlib/mlock
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2
    @@ -2831,51 +3479,9 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + github.com/hairyhenderson/gomplate/v3@* - busybox/ssl_client@1.36.1-r15 + github.com/hashicorp/go-secure-stdlib/mlock@v0.1.2 @@ -2886,26 +3492,17 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

      -

      Remediation

      -

      Upgrade Alpine:3.19 busybox to version 1.36.1-r19 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Use After Free

    +

    MPL-2.0 license

    @@ -2916,17 +3513,20 @@

    Use After Free

    • - Package Manager: alpine:3.19 + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • - Vulnerable module: + Package Manager: golang +
      • +
    • + Module: - busybox/busybox + github.com/hashicorp/go-rootcerts
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and busybox/busybox@1.36.1-r15 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-rootcerts@v1.0.2
    @@ -2939,51 +3539,69 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + github.com/hairyhenderson/gomplate/v3@* - busybox/busybox@1.36.1-r15 + github.com/hashicorp/go-rootcerts@v1.0.2
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - busybox/busybox@1.36.1-r15 - - +
    - -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/busybox-binsh@1.36.1-r15 - - +
    • - -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - alpine-baselayout/alpine-baselayout@3.4.3-r2 - - busybox/busybox-binsh@1.36.1-r15 - - +
    + +

    MPL-2.0 license

    -
    • +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-retryablehttp +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-retryablehttp@v0.7.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + github.com/hairyhenderson/gomplate/v3@* - busybox/ssl_client@1.36.1-r15 + github.com/hashicorp/go-retryablehttp@v0.7.1 @@ -2994,47 +3612,41 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

      -

      Remediation

      -

      Upgrade Alpine:3.19 busybox to version 1.36.1-r17 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2023-6237

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.19 + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • - Vulnerable module: + Package Manager: golang +
      • +
    • + Module: - openssl/libcrypto3 + github.com/hashicorp/go-plugin
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-plugin@v1.4.4
    @@ -3047,75 +3659,258 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + github.com/hairyhenderson/gomplate/v3@* - openssl/libcrypto3@3.1.4-r2 + github.com/hashicorp/go-plugin@v1.4.4
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 + github.com/hairyhenderson/gomplate/v3@* - openssl/libcrypto3@3.1.4-r2 + github.com/hashicorp/go-plugin/internal/plugin@v1.4.4
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - +
    - +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-immutable-radix +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-immutable-radix@v1.3.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 + github.com/hairyhenderson/gomplate/v3@* - openssl/libcrypto3@3.1.4-r2 + github.com/hashicorp/go-immutable-radix@v1.3.1
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + github.com/hairyhenderson/gomplate/v3@* - openssl/libssl3@3.1.4-r2 + github.com/hashicorp/go-cleanhttp@v0.5.2
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/errwrap +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/errwrap@v1.1.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 + github.com/hairyhenderson/gomplate/v3@* - openssl/libssl3@3.1.4-r2 + github.com/hashicorp/errwrap@v1.1.0
      • +
    + +
    + +
    + +

    MPL-2.0 license

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/consul/api +
      • + +
    • Introduced through: + + github.com/hairyhenderson/gomplate/v3@* and github.com/hashicorp/consul/api@v1.13.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 + github.com/hairyhenderson/gomplate/v3@* - openssl/libssl3@3.1.4-r2 + github.com/hashicorp/consul/api@v1.13.0 @@ -3126,71 +3921,41 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

      -

      Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

      -

      When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

      -

      An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

      -

      The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      -

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-2511

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.19 + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate
    • - Vulnerable module: + Package Manager: golang +
      • +
    • + Module: - openssl/libcrypto3 + github.com/gosimple/slug
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + github.com/hairyhenderson/gomplate/v3@* and github.com/gosimple/slug@v1.12.0
    @@ -3203,75 +3968,69 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + github.com/hairyhenderson/gomplate/v3@* - openssl/libcrypto3@3.1.4-r2 + github.com/gosimple/slug@v1.12.0
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - +
    - -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - +
    • - -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - +
    + +

    MPL-2.0 license

    -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - +
    -
    • -
  • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - +
    +

    More about this vulnerability

    +
    -
    • +
    +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/go-sql-driver/mysql +
      • + +
    • Introduced through: + + github.com/dexidp/dex@* and github.com/go-sql-driver/mysql@v1.7.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -
    -

    CVE-2024-4603

    +
    +

    Improper Handling of Highly Compressed Data (Data Amplification)

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.19 + Manifest file: ghcr.io/dexidp/dex:v2.37.0/dexidp/dex /usr/local/bin/dex +
      • +
    • + Package Manager: golang
    • Vulnerable module: - openssl/libcrypto3 + github.com/go-jose/go-jose/v3
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + github.com/dexidp/dex@* and github.com/go-jose/go-jose/v3@v3.0.0
    @@ -3355,75 +4088,9 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 + github.com/dexidp/dex@* - openssl/libssl3@3.1.4-r2 + github.com/go-jose/go-jose/v3@v3.0.0 @@ -3434,75 +4101,50 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

      -

      Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

      -

      The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

      -

      Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

      -

      An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

      -

      These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

      -

      Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      +

      Overview

      +

      Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification). An attacker could send a JWE containing compressed data that, when decompressed by Decrypt or DecryptMulti, would use large amounts of memory and CPU.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.5-r0 or higher.

      +

      Upgrade github.com/go-jose/go-jose/v3 to version 3.0.3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-5535

    +
    +

    Uncontrolled Resource Consumption ('Resource Exhaustion')

    -
    - low severity +
    + medium severity
    • - Package Manager: alpine:3.19 + Manifest file: ghcr.io/dexidp/dex:v2.37.0/hairyhenderson/gomplate/v3 /usr/local/bin/gomplate +
      • +
    • + Package Manager: golang
    • Vulnerable module: - openssl/libcrypto3 + github.com/go-git/go-git/v5/plumbing
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + github.com/hairyhenderson/gomplate/v3@* and github.com/go-git/go-git/v5/plumbing@v5.4.2
    @@ -3515,75 +4157,9 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 - - busybox/ssl_client@1.36.1-r15 + github.com/hairyhenderson/gomplate/v3@* - openssl/libssl3@3.1.4-r2 + github.com/go-git/go-git/v5/plumbing@v5.4.2 @@ -3594,88 +4170,41 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

      -

      Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

      -

      Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

      -

      The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

      -

      This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

      -

      In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

      -

      This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

      -

      The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

      -

      Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

      +

      Overview

      +

      github.com/go-git/go-git/v5/plumbing is a highly extensible git implementation library written in pure Go.

      +

      Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') via specially crafted responses from a Git server, which triggers resource exhaustion in clients.

      +

      Note + This is only exploitable if the client is not using the in-memory filesystem supported by the library.

      +

      Workaround

      +

      In cases where a bump to the latest version of go-git is not possible, we recommend limiting its use to only trust-worthy Git servers.

      +

      Details

      +

      Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

      +

      Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

      +

      One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

      +

      When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

      +

      Two common types of DoS vulnerabilities:

      +
        +

      • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

        +
        • +

      • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

        +
        • +

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

      +

      Upgrade github.com/go-git/go-git/v5/plumbing to version 5.11.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-4741

    +

    CVE-2023-6237

    @@ -3686,7 +4215,7 @@

    CVE-2024-4741

    • - Package Manager: alpine:3.19 + Package Manager: alpine:3.18
    • Vulnerable module: @@ -3696,7 +4225,7 @@

      CVE-2024-4741

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 and openssl/libcrypto3@3.1.4-r2 + docker-image|ghcr.io/dexidp/dex@v2.37.0 and openssl/libcrypto3@3.1.1-r1
    @@ -3709,75 +4238,75 @@

    Detailed paths

    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.4-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - apk-tools/apk-tools@2.14.0-r5 + apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|ghcr.io/dexidp/dex@v2.38.0 + docker-image|ghcr.io/dexidp/dex@v2.37.0 - busybox/ssl_client@1.36.1-r15 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.4-r2 + openssl/libssl3@3.1.1-r1 @@ -3791,12 +4320,12 @@

      Detailed paths

      NVD Description

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade Alpine:3.19 openssl to version 3.1.6-r0 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html new file mode 100644 index 0000000000000..22d46e565dc6f --- /dev/null +++ b/docs/snyk/v2.9.9/haproxy_2.6.14-alpine.html @@ -0,0 +1,1376 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
    +
    +
    +
    + + + Snyk - Open Source Security + + + + + + + +
    +

    Snyk test report

    + +

    March 24th 2024, 12:17:53 am (UTC+00:00)

    +
    +
    + Scanned the following path: +
      +
    • haproxy:2.6.14-alpine (apk)
      • +
    +
    + +
    +
    5 known vulnerabilities
    +
    45 vulnerable dependency paths
    +
    18 dependencies
    +
    +
    +
    +
    +
    + + + + + + + +
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Package Manager apk
    +
    +
    +
    +
    +

    CVE-2023-5363

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

    +

    Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

    +

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    +

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

    +

    Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

    +

    Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

    +

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Improper Check for Unusual or Exceptional Conditions

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

    +

    Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

    +

    While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

    +

    Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

    +

    An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

    +

    DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

    +

    Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Out-of-bounds Write

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

    +

    Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

    +

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    +

    The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

    +

    The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2024-0727

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

    +

    Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

    +

    A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

    +

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

    +

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

    +

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    CVE-2023-6237

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Package Manager: alpine:3.18 +
      • +
    • + Vulnerable module: + + openssl/libcrypto3 +
      • + +
    • Introduced through: + + docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + openssl/libcrypto3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + .haproxy-rundeps@20230809.001942 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    • + Introduced through: + docker-image|haproxy@2.6.14-alpine + + busybox/ssl_client@1.36.1-r2 + + openssl/libssl3@3.1.2-r0 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    This vulnerability has not been analyzed by NVD yet.

    +

    Remediation

    +

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +
    +
    + + + diff --git a/docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html b/docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html similarity index 82% rename from docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html rename to docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html index d4608f2eb99ac..704d480d51ff7 100644 --- a/docs/snyk/v2.11.3/quay.io_argoproj_argocd_v2.11.3.html +++ b/docs/snyk/v2.9.9/quay.io_argoproj_argocd_v2.9.9.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    June 30th 2024, 12:22:17 am (UTC+00:00)

    +

    March 24th 2024, 12:18:09 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.11.3/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.3//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.3/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.11.3/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.9/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    32 known vulnerabilities
    -
    198 vulnerable dependency paths
    -
    2280 dependencies
    +
    36 known vulnerabilities
    +
    179 vulnerable dependency paths
    +
    2189 dependencies
    @@ -481,7 +481,7 @@

    Snyk test report

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -492,7 +492,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -500,12 +500,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + google.golang.org/grpc
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2
    • @@ -520,16 +520,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.19.0 - - - - -
  • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.17.0 + google.golang.org/grpc@v1.56.2 @@ -541,22 +532,32 @@

    Detailed paths

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    +

    google.golang.org/grpc is a Go implementation of gRPC

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    +

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    References

    -

    More about this vulnerability

    +

    More about this vulnerability

    • @@ -572,7 +573,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -585,7 +586,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -598,7 +599,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -637,7 +638,7 @@

      References

    -

    Resource Exhaustion

    +

    CVE-2023-51767

    @@ -648,7 +649,7 @@

    Resource Exhaustion

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -656,12 +657,12 @@

      Resource Exhaustion

    • Vulnerable module: - openssl/libssl3 + openssh/openssh-client
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and openssl/libssl3@3.0.2-0ubuntu1.15 + docker-image|quay.io/argoproj/argocd@v2.9.9 and openssh/openssh-client@1:8.9p1-3ubuntu0.6
    @@ -674,113 +675,9 @@

    Detailed paths

    @@ -833,7 +725,7 @@

    Information Exposure

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -846,7 +738,7 @@

      Information Exposure

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and libgcrypt20@1.9.4-3ubuntu3
    @@ -859,7 +751,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 libgcrypt20@1.9.4-3ubuntu3 @@ -868,7 +760,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -879,7 +771,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -890,11 +782,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 libgcrypt20@1.9.4-3ubuntu3 @@ -903,9 +795,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -916,7 +808,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -929,7 +821,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -942,7 +834,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -955,7 +847,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -968,7 +860,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -981,7 +873,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -994,11 +886,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -1024,7 +916,6 @@

      References

    • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
    • https://access.redhat.com/security/cve/CVE-2024-2236
    • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
      • -
    • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    @@ -1035,7 +926,7 @@

    References

    -

    CVE-2024-26462

    +

    CVE-2024-26461

    @@ -1046,7 +937,7 @@

    CVE-2024-26462

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1059,7 +950,7 @@

      CVE-2024-26462

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1072,7 +963,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1081,7 +972,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1102,7 +993,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1125,7 +1016,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1134,7 +1025,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1155,7 +1046,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1164,9 +1055,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1175,11 +1066,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1188,11 +1079,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -1203,7 +1094,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -1222,7 +1113,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1238,25 +1129,24 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

      +

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c.

      Remediation

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    LGPL-3.0 license

    +

    CVE-2024-26462

    @@ -1267,20 +1157,20 @@

    LGPL-3.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • - Module: + Vulnerable module: - gopkg.in/retry.v1 + krb5/libk5crypto3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1293,150 +1183,190 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.9.9 - gopkg.in/retry.v1@v1.0.3 + krb5/libk5crypto3@1.19.2-2ubuntu0.3
      • -
    - -
    - -
    - -

    LGPL-3.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/r3labs/diff -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.9.9 - github.com/r3labs/diff@v1.1.0 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
      • -
    - -
    - -
    - -

    MPL-2.0 license

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    MPL-2.0 license

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Module: - - github.com/hashicorp/go-version -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.9.9 - github.com/hashicorp/go-version@v1.2.1 + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3
      • -
    - -
    +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + -
    - -

    MPL-2.0 license

    +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
    • +
  • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 + + + +
    • + + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 krb5.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    Insertion of Sensitive Information into Log File

    +

    CVE-2024-26458

    @@ -1447,20 +1377,20 @@

    Insertion of Sensitive Information into Log File

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • - Package Manager: golang + Package Manager: ubuntu:22.04
    • Vulnerable module: - github.com/hashicorp/go-retryablehttp + krb5/libk5crypto3
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1473,9 +1403,159 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + docker-image|quay.io/argoproj/argocd@v2.9.9 - github.com/hashicorp/go-retryablehttp@v0.7.4 + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + krb5/libk5crypto3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + krb5/libkrb5-3@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + openssh/openssh-client@1:8.9p1-3ubuntu0.6 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + adduser@3.118ubuntu5 + + shadow/passwd@1:4.8.1-2ubuntu2.2 + + pam/libpam-modules@1.4.0-11ubuntu2.4 + + libnsl/libnsl2@1.3.0-2build2 + + libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + + krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1486,25 +1566,27 @@

      Detailed paths

      -

      Overview

      -

      Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to not sanitizing urls when writing them to the log file. This could lead to an attacker writing sensitive HTTP basic auth credentials to the log file.

      +

      NVD Description

      +

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      +

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

      Remediation

      -

      Upgrade github.com/hashicorp/go-retryablehttp to version 0.7.7 or higher.

      +

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    LGPL-3.0 license

    @@ -1515,7 +1597,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -1523,12 +1605,12 @@

      MPL-2.0 license

    • Module: - github.com/hashicorp/go-retryablehttp + gopkg.in/retry.v1
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4 + github.com/argoproj/argo-cd/v2@* and gopkg.in/retry.v1@v1.0.3
    @@ -1543,7 +1625,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-retryablehttp@v0.7.4 + gopkg.in/retry.v1@v1.0.3 @@ -1554,17 +1636,17 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    LGPL-3.0 license

    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    MPL-2.0 license

    +

    Infinite loop

    @@ -1575,20 +1657,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-multierror + google.golang.org/protobuf/internal/encoding/json
    • Introduced through: - helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/internal/encoding/json@v1.31.0
    @@ -1601,9 +1683,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-multierror@v1.1.1 + google.golang.org/protobuf/internal/encoding/json@v1.31.0 @@ -1614,17 +1696,28 @@

      Detailed paths

      -

      MPL-2.0 license

      +

      Overview

      +

      Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

      +

      Note:

      +

      This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

      +

      Remediation

      +

      Upgrade google.golang.org/protobuf/internal/encoding/json to version 1.33.0 or higher.

      +

      References

      +
      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    MPL-2.0 license

    +

    Stack-based Buffer Overflow

    @@ -1635,20 +1728,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/hashicorp/go-cleanhttp + google.golang.org/protobuf/encoding/protojson
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0
    @@ -1663,7 +1756,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/hashicorp/go-cleanhttp@v0.5.2 + google.golang.org/protobuf/encoding/protojson@v1.31.0 @@ -1674,17 +1767,25 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    Affected versions of this package are vulnerable to Stack-based Buffer Overflow when processing input that uses pathologically deep nesting.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.32.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -

    MPL-2.0 license

    +

    Infinite loop

    @@ -1695,20 +1796,20 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang
    • - Module: + Vulnerable module: - github.com/gosimple/slug + google.golang.org/protobuf/encoding/protojson
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1 + github.com/argoproj/argo-cd/v2@* and google.golang.org/protobuf/encoding/protojson@v1.31.0
    @@ -1723,7 +1824,7 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/gosimple/slug@v1.13.1 + google.golang.org/protobuf/encoding/protojson@v1.31.0 @@ -1734,41 +1835,52 @@

    Detailed paths

    -

    MPL-2.0 license

    +

    Overview

    +

    Affected versions of this package are vulnerable to Infinite loop via the protojson.Unmarshal function. An attacker can cause a denial of service condition by unmarshaling certain forms of invalid JSON.

    +

    Note:

    +

    This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.

    +

    Remediation

    +

    Upgrade google.golang.org/protobuf/encoding/protojson to version 1.33.0 or higher.

    +

    References

    +
    -

    More about this vulnerability

    +

    More about this vulnerability

    -
    -

    CVE-2023-7008

    +
    +

    Authentication Bypass by Capture-replay

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - systemd/libsystemd0 + golang.org/x/crypto/ssh
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and systemd/libsystemd0@249.11-0ubuntu3.12 + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0
    @@ -1781,110 +1893,167 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + github.com/argoproj/argo-cd/v2@* - systemd/libsystemd0@249.11-0ubuntu3.12 + golang.org/x/crypto/ssh@v0.16.0
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - apt@2.4.12 - - systemd/libsystemd0@249.11-0ubuntu3.12 - - +
    - +
    + +
    + +

    Overview

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    Note:

    +
      +

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      +
      2. +

    2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

      +
      3. +
    +

    Impact:

    +

    While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

    +

    Workaround

    +

    Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

    +

    Remediation

    +

    Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Information Exposure

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + gnutls28/libgnutls30 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -
    -

    Arbitrary Code Injection

    +
    +

    Uncaught Exception

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1941,12 +2106,12 @@

      Arbitrary Code Injection

    • Vulnerable module: - shadow/passwd + gnutls28/libgnutls30
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    @@ -1959,40 +2124,74 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - adduser@3.118ubuntu5 + apt@2.4.11 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + gnupg2/dirmngr@2.2.27-3ubuntu2.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnutls28/libgnutls30@3.7.3-4ubuntu1.4
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - shadow/login@1:4.8.1-2ubuntu2.2 + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 + + rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 + + gnutls28/libgnutls30@3.7.3-4ubuntu1.4 @@ -2004,53 +2203,52 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

      +

      A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 shadow.

      +

      There is no fixed version for Ubuntu:22.04 gnutls28.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Uncontrolled Recursion

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - pcre3/libpcre3 + github.com/r3labs/diff
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + github.com/argoproj/argo-cd/v2@* and github.com/r3labs/diff@v1.1.0
    @@ -2063,20 +2261,9 @@

    Detailed paths

    -
    -

    Release of Invalid Pointer or Reference

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - patch + github.com/hashicorp/go-version
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and patch@2.7.6-7build2 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-version@v1.2.1
    @@ -2151,9 +2321,9 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + github.com/argoproj/argo-cd/v2@* - patch@2.7.6-7build2 + github.com/hashicorp/go-version@v1.2.1 @@ -2164,51 +2334,41 @@

      Detailed paths

      -

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream patch package and not the patch package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An Invalid Pointer vulnerability exists in GNU patch 2.7 via the another_hunk function, which causes a Denial of Service.

      -

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 patch.

      -

      References

      - +

      MPL-2.0 license

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Double Free

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - patch + github.com/hashicorp/go-retryablehttp
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and patch@2.7.6-7build2 + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-retryablehttp@v0.7.4
    @@ -2221,9 +2381,9 @@

    Detailed paths

    -
    -

    CVE-2024-2511

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/helm/v3 /usr/local/bin/helm
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - openssl/libssl3 + github.com/hashicorp/go-multierror
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and openssl/libssl3@3.0.2-0ubuntu1.15 + helm.sh/helm/v3@* and github.com/hashicorp/go-multierror@v1.1.1
    @@ -2296,113 +2441,69 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + helm.sh/helm/v3@* - openssl/libssl3@3.0.2-0ubuntu1.15 + github.com/hashicorp/go-multierror@v1.1.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    + +

    MPL-2.0 license

    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    +

    More about this vulnerability

    +
    + +
    • +
    +

    MPL-2.0 license

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Module: + + github.com/hashicorp/go-cleanhttp +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/hashicorp/go-cleanhttp@v0.5.2 + +
      • +
    + +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - openssl@3.0.2-0ubuntu1.15 - - +

    Detailed paths

    -
    • +
    -
    -

    CVE-2024-4603

    +
    +

    MPL-2.0 license

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • - Vulnerable module: + Module: - openssl/libssl3 + github.com/gosimple/slug
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and openssl/libssl3@3.0.2-0ubuntu1.15 + github.com/argoproj/argo-cd/v2@* and github.com/gosimple/slug@v1.13.1
    @@ -2490,113 +2561,69 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + github.com/argoproj/argo-cd/v2@* - openssl/libssl3@3.0.2-0ubuntu1.15 + github.com/gosimple/slug@v1.13.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    + +

    MPL-2.0 license

    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - +
    • +
    +

    Improper Handling of Highly Compressed Data (Data Amplification)

    +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - openssl@3.0.2-0ubuntu1.15 - - +
    + medium severity +
    -
    • +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/go-jose/go-jose/v3 +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -
    -

    CVE-2024-4741

    +
    +

    Out-of-bounds Write

    -
    - low severity +
    + medium severity
    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2674,12 +2672,12 @@

      CVE-2024-4741

    • Vulnerable module: - openssl/libssl3 + bash
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and openssl/libssl3@3.0.2-0ubuntu1.15 + docker-image|quay.io/argoproj/argocd@v2.9.9 and bash@5.1-6ubuntu1
    @@ -2687,118 +2685,14 @@

    CVE-2024-4741

    -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1.2 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - libfido2/libfido2-1@1.10.0-1 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - openssh/openssh-client@1:8.9p1-3ubuntu0.7 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ca-certificates@20230311ubuntu0.22.04.1 - - openssl@3.0.2-0ubuntu1.15 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 - - krb5/libkrb5-3@1.19.2-2ubuntu0.3 - - openssl/libssl3@3.0.2-0ubuntu1.15 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - openssl@3.0.2-0ubuntu1.15 - - - -
      • +

      Detailed paths

      + +
    -

    CVE-2023-50495

    +

    CVE-2023-7008

    @@ -2837,7 +2734,7 @@

    CVE-2023-50495

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -2845,12 +2742,12 @@

      CVE-2023-50495

    • Vulnerable module: - ncurses/libtinfo6 + systemd/libsystemd0
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and systemd/libsystemd0@249.11-0ubuntu3.12
    @@ -2863,200 +2760,110 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - bash@5.1-6ubuntu1.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - less@590-1ubuntu0.22.04.3 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + apt@2.4.11 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - procps@2:3.3.17-6ubuntu2.1 + procps/libprocps8@2:3.3.17-6ubuntu2.1 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - util-linux@2.37.2-4ubuntu3.4 + util-linux@2.37.2-4ubuntu3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 - readline/libreadline8@8.1.2-1 + util-linux/bsdutils@1:2.37.2-4ubuntu3 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 + apt@2.4.11 - pinentry/pinentry-curses@1.1.1-1build2 + apt/libapt-pkg6.0@2.4.11 - ncurses/libtinfo6@6.3-2ubuntu0.1 + systemd/libsystemd0@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - ncurses/libncursesw6@6.3-2ubuntu0.1 + systemd/libudev1@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - procps@2:3.3.17-6ubuntu2.1 + libfido2/libfido2-1@1.10.0-1 - ncurses/libncursesw6@6.3-2ubuntu0.1 + systemd/libudev1@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + util-linux@2.37.2-4ubuntu3 - ncurses/libncurses6@6.3-2ubuntu0.1 + systemd/libudev1@249.11-0ubuntu3.12
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - procps@2:3.3.17-6ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 - ncurses/libncurses6@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + apt@2.4.11 - ncurses/ncurses-base@6.3-2ubuntu0.1 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + apt/libapt-pkg6.0@2.4.11 - ncurses/ncurses-bin@6.3-2ubuntu0.1 + systemd/libudev1@249.11-0ubuntu3.12 @@ -3068,29 +2875,31 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream systemd package and not the systemd package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      +

      A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 ncurses.

      +

      There is no fixed version for Ubuntu:22.04 systemd.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2023-45918

    +

    Arbitrary Code Injection

    @@ -3101,7 +2910,7 @@

    CVE-2023-45918

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3109,12 +2918,12 @@

      CVE-2023-45918

    • Vulnerable module: - ncurses/libtinfo6 + shadow/passwd
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and shadow/passwd@1:4.8.1-2ubuntu2.2
    @@ -3127,200 +2936,201 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - ncurses/libtinfo6@6.3-2ubuntu0.1 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - bash@5.1-6ubuntu1.1 + adduser@3.118ubuntu5 - ncurses/libtinfo6@6.3-2ubuntu0.1 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - ncurses/libncursesw6@6.3-2ubuntu0.1 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 - ncurses/libtinfo6@6.3-2ubuntu0.1 + shadow/passwd@1:4.8.1-2ubuntu2.2
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - less@590-1ubuntu0.22.04.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - ncurses/libtinfo6@6.3-2ubuntu0.1 + shadow/login@1:4.8.1-2ubuntu2.2
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - libedit/libedit2@3.1-20210910-1build1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ncurses/libncurses6@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    • - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ncurses/ncurses-bin@6.3-2ubuntu0.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream shadow package and not the shadow package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 shadow.

    +

    References

    + -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - util-linux@2.37.2-4ubuntu3.4 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    +

    More about this vulnerability

    +
    -
    • -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - gnupg2/gpg@2.2.27-3ubuntu2.1 - - gnupg2/gpgconf@2.2.27-3ubuntu2.1 - - readline/libreadline8@8.1.2-1 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    • +
    +

    Uncontrolled Recursion

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + pcre3/libpcre3 +
      • - -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libtinfo6@6.3-2ubuntu0.1 - - +
    • Introduced through: -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - + docker-image|quay.io/argoproj/argocd@v2.9.9 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - procps@2:3.3.17-6ubuntu2.1 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - +
      • +
    - -
  • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - gnupg2/gnupg@2.2.27-3ubuntu2.1 - - gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - - pinentry/pinentry-curses@1.1.1-1build2 - - ncurses/libncursesw6@6.3-2ubuntu0.1 - - +
    -
    • + +

    Detailed paths

    + +
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - ncurses/libncurses6@6.3-2ubuntu0.1 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - procps@2:3.3.17-6ubuntu2.1 + grep@3.7-1build1 - ncurses/libncurses6@6.3-2ubuntu0.1 + pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - ncurses/ncurses-base@6.3-2ubuntu0.1 - - +
    - +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream pcre3 package and not the pcre3 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    In PCRE 8.41, the OP_KETRMAX feature in the match function in pcre_exec.c allows stack exhaustion (uncontrolled recursion) when processing a crafted regular expression.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 pcre3.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Release of Invalid Pointer or Reference

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + patch +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.9.9 and patch@2.7.6-7build2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -

    Resource Exhaustion

    +

    Double Free

    @@ -3363,7 +3172,7 @@

    Resource Exhaustion

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3371,12 +3180,12 @@

      Resource Exhaustion

    • Vulnerable module: - libzstd/libzstd1 + patch
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and patch@2.7.6-7build2
    @@ -3389,9 +3198,9 @@

    Detailed paths

    -

    Integer Overflow or Wraparound

    +

    CVE-2023-50495

    @@ -3440,7 +3247,7 @@

    Integer Overflow or Wraparound

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3448,12 +3255,12 @@

      Integer Overflow or Wraparound

    • Vulnerable module: - krb5/libk5crypto3 + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -3466,159 +3273,200 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - adduser@3.118ubuntu5 + docker-image|quay.io/argoproj/argocd@v2.9.9 - shadow/passwd@1:4.8.1-2ubuntu2.2 + bash@5.1-6ubuntu1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncursesw6@6.3-2ubuntu0.1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + less@590-1ubuntu0.22.04.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - adduser@3.118ubuntu5 + libedit/libedit2@3.1-20210910-1build1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libncurses6@6.3-2ubuntu0.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + util-linux@2.37.2-4ubuntu3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - adduser@3.118ubuntu5 + gnupg2/gpg@2.2.27-3ubuntu2.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + readline/libreadline8@8.1.2-1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + procps@2:3.3.17-6ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 + + gnupg2/gnupg@2.2.27-3ubuntu2.1 - git@1:2.34.1-1ubuntu1.11 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + pinentry/pinentry-curses@1.1.1-1build2 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - git@1:2.34.1-1ubuntu1.11 + docker-image|quay.io/argoproj/argocd@v2.9.9 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 - - libnsl/libnsl2@1.3.0-2build2 - - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/ncurses-base@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libkrb5support0@1.19.2-2ubuntu0.3 + ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3630,30 +3478,29 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. +

      Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      +

      NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().

      Remediation

      -

      There is no fixed version for Ubuntu:22.04 krb5.

      +

      There is no fixed version for Ubuntu:22.04 ncurses.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-26461

    +

    CVE-2023-45918

    @@ -3664,7 +3511,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3672,12 +3519,12 @@

      CVE-2024-26461

    • Vulnerable module: - krb5/libk5crypto3 + ncurses/libtinfo6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and ncurses/libtinfo6@6.3-2ubuntu0.1
    @@ -3690,159 +3537,271 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 + bash@5.1-6ubuntu1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncursesw6@6.3-2ubuntu0.1 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + less@590-1ubuntu0.22.04.2 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - adduser@3.118ubuntu5 + libedit/libedit2@3.1-20210910-1build1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - pam/libpam-modules@1.4.0-11ubuntu2.4 + ncurses/libncurses6@6.3-2ubuntu0.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-bin@6.3-2ubuntu0.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + procps@2:3.3.17-6ubuntu2.1 - krb5/libk5crypto3@1.19.2-2ubuntu0.3 + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + util-linux@2.37.2-4ubuntu3 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - adduser@3.118ubuntu5 + gnupg2/gpg@2.2.27-3ubuntu2.1 - shadow/passwd@1:4.8.1-2ubuntu2.2 + gnupg2/gpgconf@2.2.27-3ubuntu2.1 - pam/libpam-modules@1.4.0-11ubuntu2.4 + readline/libreadline8@8.1.2-1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libtinfo6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libkrb5-3@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libtinfo6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + procps@2:3.3.17-6ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - git@1:2.34.1-1ubuntu1.11 + gnupg2/gnupg@2.2.27-3ubuntu2.1 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + gnupg2/gpg-agent@2.2.27-3ubuntu2.1 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + pinentry/pinentry-curses@1.1.1-1build2 + + ncurses/libncursesw6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 - - git@1:2.34.1-1ubuntu1.11 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + docker-image|quay.io/argoproj/argocd@v2.9.9 - libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 - - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/libncurses6@6.3-2ubuntu0.1
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - adduser@3.118ubuntu5 - - shadow/passwd@1:4.8.1-2ubuntu2.2 - - pam/libpam-modules@1.4.0-11ubuntu2.4 + procps@2:3.3.17-6ubuntu2.1 - libnsl/libnsl2@1.3.0-2build2 + ncurses/libncurses6@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - libtirpc/libtirpc3@1.3.2-2ubuntu0.1 + ncurses/ncurses-base@6.3-2ubuntu0.1 + + + +
      • +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.9 - krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 + ncurses/ncurses-bin@6.3-2ubuntu0.1
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream ncurses package and not the ncurses package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 ncurses.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Resource Exhaustion

    +
    + +
    + low severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + libzstd/libzstd1 +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.9.9 and libzstd/libzstd1@1.4.8+dfsg-3build1 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    -

    CVE-2024-26458

    +

    Integer Overflow or Wraparound

    @@ -3885,7 +3850,7 @@

    CVE-2024-26458

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -3898,7 +3863,7 @@

      CVE-2024-26458

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -3911,7 +3876,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3920,7 +3885,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3941,7 +3906,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3964,7 +3929,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3973,7 +3938,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -3994,7 +3959,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4003,9 +3968,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - openssh/openssh-client@1:8.9p1-3ubuntu0.7 + openssh/openssh-client@1:8.9p1-3ubuntu0.6 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4014,11 +3979,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4027,11 +3992,11 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + curl/libcurl3-gnutls@7.81.0-1ubuntu1.15 libssh/libssh-4@0.9.6-2ubuntu0.22.04.3 @@ -4042,7 +4007,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 adduser@3.118ubuntu5 @@ -4061,7 +4026,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -4077,20 +4042,23 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream krb5 package and not the krb5 package as distributed by Ubuntu. See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

      -

      Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c.

      +

      An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. There is a variable "dbentry->n_key_data" in kadmin/dbutil/dump.c that can store 16-bit data but unknowingly the developer has assigned a "u4" variable to it, which is for 32-bit data. An attacker can use this vulnerability to affect other artifacts of the database as we know that a Kerberos database dump file contains trusted data.

      Remediation

      There is no fixed version for Ubuntu:22.04 krb5.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -4106,7 +4074,7 @@

    Out-of-bounds Write

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4119,7 +4087,7 @@

      Out-of-bounds Write

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gnupg2/gpgv@2.2.27-3ubuntu2.1
    @@ -4132,7 +4100,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4141,9 +4109,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4152,7 +4120,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4163,7 +4131,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4174,7 +4142,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4185,7 +4153,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4198,7 +4166,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4211,7 +4179,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4220,7 +4188,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4231,7 +4199,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4244,7 +4212,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4253,7 +4221,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4264,7 +4232,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4273,7 +4241,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4284,7 +4252,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4293,7 +4261,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4304,7 +4272,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4317,7 +4285,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4330,7 +4298,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4339,7 +4307,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4350,7 +4318,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4363,7 +4331,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4376,7 +4344,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4385,7 +4353,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4396,7 +4364,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4405,7 +4373,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4416,7 +4384,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4425,7 +4393,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4436,7 +4404,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4457,13 +4425,13 @@

      Remediation

      There is no fixed version for Ubuntu:22.04 gnupg2.

      References

      @@ -4485,7 +4453,7 @@

      Allocation of Resources Without Limits or Throttling

    • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -4498,7 +4466,7 @@

      Allocation of Resources Without Limits or Throttling

      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and glibc/libc-bin@2.35-0ubuntu3.8 + docker-image|quay.io/argoproj/argocd@v2.9.9 and glibc/libc-bin@2.35-0ubuntu3.6
    @@ -4511,18 +4479,18 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - glibc/libc-bin@2.35-0ubuntu3.8 + glibc/libc-bin@2.35-0ubuntu3.6
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - glibc/libc6@2.35-0ubuntu3.8 + glibc/libc6@2.35-0ubuntu3.6 @@ -4541,10 +4509,10 @@

      Remediation

      There is no fixed version for Ubuntu:22.04 glibc.

      References

      @@ -4566,7 +4534,7 @@

      Improper Input Validation

      • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -4580,7 +4548,7 @@

        Improper Input Validation

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3, git@1:2.34.1-1ubuntu1.11 and others + docker-image|quay.io/argoproj/argocd@v2.9.9, git@1:2.34.1-1ubuntu1.10 and others
      @@ -4592,31 +4560,31 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 - git/git-man@1:2.34.1-1ubuntu1.11 + git/git-man@1:2.34.1-1ubuntu1.10
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10
      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 git-lfs@3.0.2-1ubuntu0.2 - git@1:2.34.1-1ubuntu1.11 + git@1:2.34.1-1ubuntu1.10 @@ -4635,8 +4603,8 @@

        Remediation

        There is no fixed version for Ubuntu:22.04 git.

        References

        @@ -4659,7 +4627,7 @@

        Uncontrolled Recursion

        • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -4672,7 +4640,7 @@

          Uncontrolled Recursion

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.9.9 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
        @@ -4685,7 +4653,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4694,9 +4662,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4705,11 +4673,11 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 - apt@2.4.12 + apt@2.4.11 - apt/libapt-pkg6.0@2.4.12 + apt/libapt-pkg6.0@2.4.11 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4718,7 +4686,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4727,7 +4695,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 + docker-image|quay.io/argoproj/argocd@v2.9.9 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4774,7 +4742,7 @@

          Improper Input Validation

          • - Manifest file: quay.io/argoproj/argocd:v2.11.3/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.9/argoproj/argocd Dockerfile
          • Package Manager: ubuntu:22.04 @@ -4787,7 +4755,7 @@

            Improper Input Validation

          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.11.3 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.9.9 and coreutils@8.32-4.1ubuntu1.1
          @@ -4800,9 +4768,9 @@

          Detailed paths

    @@ -476,8 +476,8 @@

    Snyk test report

    - - + + @@ -485,204 +485,12 @@

    Snyk test report

    -
    -

    CVE-2023-5363

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

    -

    Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

    -

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    -

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

    -

    Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

    -

    Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

    -

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Check for Unusual or Exceptional Conditions

    +
    +

    Out-of-bounds Write

    -
    - medium severity +
    + critical severity
    @@ -694,12 +502,12 @@

    Improper Check for Unusual or Exceptional Conditions

    Vulnerable module: - openssl/libcrypto3 + busybox/busybox
  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0
    • @@ -712,97 +520,51 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 + busybox/busybox@1.36.1-r0
    • Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + alpine-baselayout/alpine-baselayout@3.4.3-r1 - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine + busybox/busybox-binsh@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + busybox/busybox@1.36.1-r0
    • Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + busybox/busybox-binsh@1.36.1-r0
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - apk-tools/apk-tools@2.14.0-r2 + alpine-baselayout/alpine-baselayout@3.4.3-r1 - openssl/libssl3@3.1.2-r0 + busybox/busybox-binsh@1.36.1-r0
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 + busybox/ssl_client@1.36.1-r0 @@ -814,59 +576,29 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. +

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

      -

      Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

      -

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

      -

      Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

      -

      An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

      -

      DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      -

      Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      +

      There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      +

      Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    Out-of-bounds Write

    +
    +

    CVE-2023-5363

    -
    - medium severity +
    + high severity
    @@ -883,7 +615,7 @@

    Out-of-bounds Write

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -896,524 +628,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1 -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - openssl/libcrypto3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - .haproxy-rundeps@20230809.001942 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - openssl/libssl3@3.1.2-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - busybox/busybox@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r2 - - - -
      • -
    • - Introduced through: - docker-image|haproxy@2.6.14-alpine - - busybox/ssl_client@1.36.1-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Use After Free

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 - -
      • -
    - -
    - - -

    Detailed paths

    + +
  • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libcrypto3@3.1.1-r1 + + -
      +
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r1 + .redis-rundeps@20230614.215749 - busybox/busybox-binsh@1.36.1-r2 + openssl/libssl3@3.1.1-r1 - busybox/busybox@1.36.1-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r1 + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r2 + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -1425,25 +730,63 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.

      +

      Issue summary: A bug has been identified in the processing of key and + initialisation vector (IV) lengths. This can lead to potential truncation + or overruns during the initialisation of some symmetric ciphers.

      +

      Impact summary: A truncation in the IV can result in non-uniqueness, + which could result in loss of confidentiality for some cipher modes.

      +

      When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or + EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after + the key and IV have been established. Any alterations to the key length, + via the "keylen" parameter or the IV length, via the "ivlen" parameter, + within the OSSL_PARAM array will not take effect as intended, potentially + causing truncation or overreading of these values. The following ciphers + and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

      +

      For the CCM, GCM and OCB cipher modes, truncation of the IV can result in + loss of confidentiality. For example, when following NIST's SP 800-38D + section 8.2.1 guidance for constructing a deterministic IV for AES in + GCM mode, truncation of the counter portion could lead to IV reuse.

      +

      Both truncations and overruns of the key and overruns of the IV will + produce incorrect results and could, in some cases, trigger a memory + exception. However, these issues are not currently assessed as security + critical.

      +

      Changing the key and/or IV lengths is not considered to be a common operation + and the vulnerable API was recently introduced. Furthermore it is likely that + application developers will have spotted this problem during testing since + decryption would fail unless both peers in the communication were similarly + vulnerable. For these reasons we expect the probability of an application being + vulnerable to this to be quite low. However if an application is vulnerable then + this issue is considered very serious. For these reasons we have assessed this + issue as Moderate severity overall.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because + the issue lies outside of the FIPS provider boundary.

      +

      OpenSSL 3.1 and 3.0 are vulnerable to this issue.

      Remediation

      -

      Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    • -

    Use After Free

    +

    Improper Authentication

    @@ -1459,12 +802,12 @@

    Use After Free

  • Vulnerable module: - busybox/busybox + openssl/libcrypto3
  • Introduced through: - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1477,51 +820,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox@1.36.1-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r1 + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r2 + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox@1.36.1-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r1 + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r2 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine + + busybox/ssl_client@1.36.1-r0 - busybox/ssl_client@1.36.1-r2 + openssl/libssl3@3.1.1-r1 @@ -1533,25 +922,47 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.

      +

      Issue summary: The AES-SIV cipher implementation contains a bug that causes + it to ignore empty associated data entries which are unauthenticated as + a consequence.

      +

      Impact summary: Applications that use the AES-SIV algorithm and want to + authenticate empty data entries as associated data can be mislead by removing + adding or reordering such empty entries as these are ignored by the OpenSSL + implementation. We are currently unaware of any such applications.

      +

      The AES-SIV algorithm allows for authentication of multiple associated + data entries along with the encryption. To authenticate empty data the + application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with + NULL pointer as the output buffer and 0 as the input buffer length. + The AES-SIV implementation in OpenSSL just returns success for such a call + instead of performing the associated data authentication operation. + The empty data thus will not be authenticated.

      +

      As this issue does not affect non-empty associated data authentication and + we expect it to be rare for an application to use empty associated data + entries this is qualified as Low severity issue.

      Remediation

      -

      Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Use After Free

    +

    Inefficient Regular Expression Complexity

    @@ -1567,12 +978,12 @@

    Use After Free

  • Vulnerable module: - busybox/busybox + openssl/libcrypto3
  • Introduced through: - docker-image|haproxy@2.6.14-alpine and busybox/busybox@1.36.1-r2 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1585,51 +996,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/busybox@1.36.1-r2 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r1 + .redis-rundeps@20230614.215749 + + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 - busybox/busybox-binsh@1.36.1-r2 + openssl/libcrypto3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine - busybox/busybox@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine + + .redis-rundeps@20230614.215749 - busybox/busybox-binsh@1.36.1-r2 + openssl/libssl3@3.1.1-r1 + + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - alpine-baselayout/alpine-baselayout@3.4.3-r1 + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine - busybox/busybox-binsh@1.36.1-r2 + .redis-rundeps@20230614.215749 + + openssl/libssl3@3.1.1-r1 + + + +
      • +
    • + Introduced through: + docker-image|redis@7.0.11-alpine + + apk-tools/apk-tools@2.14.0-r2 + + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 + + openssl/libssl3@3.1.1-r1 @@ -1641,29 +1098,61 @@

      Detailed paths

      NVD Description

      -

      Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. +

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. One of those + checks confirms that the modulus ('p' parameter) is not too large. Trying to use + a very large modulus is slow and OpenSSL will not normally use a modulus which + is over 10,000 bits in length.

      +

      However the DH_check() function checks numerous aspects of the key or parameters + that have been supplied. Some of those checks use the supplied modulus value + even if it has already been found to be too large.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulernable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the '-check' option.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue. + The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 busybox to version 1.36.1-r7 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2023-6237

    +
    +

    Excessive Iteration

    -
    - low severity +
    + medium severity
    @@ -1680,7 +1169,7 @@

    CVE-2023-6237

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1693,97 +1182,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1797,51 +1286,59 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long invalid RSA public keys may take - a long time.

      -

      Impact summary: Applications that use the function EVP_PKEY_public_check() - to check RSA public keys may experience long delays. Where the key that - is being checked has been obtained from an untrusted source this may lead - to a Denial of Service.

      -

      When function EVP_PKEY_public_check() is called on RSA public keys, - a computation is done to confirm that the RSA modulus, n, is composite. - For valid RSA keys, n is a product of two or more large primes and this - computation completes quickly. However, if n is an overly large prime, - then this computation would take a long time.

      -

      An application that calls EVP_PKEY_public_check() and supplies an RSA key - obtained from an untrusted source could be vulnerable to a Denial of Service - attack.

      -

      The function EVP_PKEY_public_check() is not called from other OpenSSL - functions however it is called from the OpenSSL pkey command line - application. For that reason that application is also vulnerable if used - with the '-pubin' and '-check' options on untrusted data.

      +

      Issue summary: Checking excessively long DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_check(), DH_check_ex() + or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long + delays. Where the key or parameters that are being checked have been obtained + from an untrusted source this may lead to a Denial of Service.

      +

      The function DH_check() performs various checks on DH parameters. After fixing + CVE-2023-3446 it was discovered that a large q parameter value can also trigger + an overly long computation during some of these checks. A correct q value, + if present, cannot be larger than the modulus p parameter, thus it is + unnecessary to perform these checks if q is larger than p.

      +

      An application that calls DH_check() and supplies a key or parameters obtained + from an untrusted source could be vulnerable to a Denial of Service attack.

      +

      The function DH_check() is itself called by a number of other OpenSSL functions. + An application calling any of those other functions may similarly be affected. + The other functions affected by this are DH_check_ex() and + EVP_PKEY_param_check().

      +

      Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications + when using the "-check" option.

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-2511

    +
    +

    Improper Check for Unusual or Exceptional Conditions

    -
    - low severity +
    + medium severity
    @@ -1858,7 +1355,7 @@

    CVE-2024-2511

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -1871,97 +1368,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -1975,47 +1472,56 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

      -

      Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

      -

      This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

      -

      This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

      -

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

      +

      Issue summary: Generating excessively long X9.42 DH keys or checking + excessively long X9.42 DH keys or parameters may be very slow.

      +

      Impact summary: Applications that use the functions DH_generate_key() to + generate an X9.42 DH key may experience long delays. Likewise, applications + that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() + to check an X9.42 DH key or X9.42 DH parameters may experience long delays. + Where the key or parameters that are being checked have been obtained from + an untrusted source this may lead to a Denial of Service.

      +

      While DH_check() performs all the necessary checks (as of CVE-2023-3817), + DH_check_pub_key() doesn't make any of these checks, and is therefore + vulnerable for excessively large P and Q parameters.

      +

      Likewise, while DH_generate_key() performs a check for an excessively large + P, it doesn't check for an excessively large Q.

      +

      An application that calls DH_generate_key() or DH_check_pub_key() and + supplies a key or parameters obtained from an untrusted source could be + vulnerable to a Denial of Service attack.

      +

      DH_generate_key() and DH_check_pub_key() are also called by a number of + other OpenSSL functions. An application calling any of those other + functions may similarly be affected. The other functions affected by this + are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

      +

      Also vulnerable are the OpenSSL pkey command line application when using the + "-pubcheck" option, as well as the OpenSSL genpkey command line application.

      +

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      +

      The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-4603

    +
    +

    Out-of-bounds Write

    -
    - low severity +
    + medium severity
    @@ -2032,7 +1538,7 @@

    CVE-2024-4603

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -2045,97 +1551,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -2149,55 +1655,58 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Checking excessively long DSA keys or parameters may be very - slow.

      -

      Impact summary: Applications that use the functions EVP_PKEY_param_check() - or EVP_PKEY_public_check() to check a DSA public key or DSA parameters may - experience long delays. Where the key or parameters that are being checked - have been obtained from an untrusted source this may lead to a Denial of - Service.

      -

      The functions EVP_PKEY_param_check() or EVP_PKEY_public_check() perform - various checks on DSA parameters. Some of those computations take a long time - if the modulus (p parameter) is too large.

      -

      Trying to use a very large modulus is slow and OpenSSL will not allow using - public keys with a modulus which is over 10,000 bits in length for signature - verification. However the key and parameter check functions do not limit - the modulus size when performing the checks.

      -

      An application that calls EVP_PKEY_param_check() or EVP_PKEY_public_check() - and supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

      -

      These functions are not called by OpenSSL itself on untrusted DSA keys so - only applications that directly call these functions may be vulnerable.

      -

      Also vulnerable are the OpenSSL pkey and pkeyparam command line applications - when using the -check option.

      -

      The OpenSSL SSL/TLS implementation is not affected by this issue.

      -

      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

      +

      Issue summary: The POLY1305 MAC (message authentication code) implementation + contains a bug that might corrupt the internal state of applications running + on PowerPC CPU based platforms if the CPU provides vector instructions.

      +

      Impact summary: If an attacker can influence whether the POLY1305 MAC + algorithm is used, the application state might be corrupted with various + application dependent consequences.

      +

      The POLY1305 MAC (message authentication code) implementation in OpenSSL for + PowerPC CPUs restores the contents of vector registers in a different order + than they are saved. Thus the contents of some of these vector registers + are corrupted when returning to the caller. The vulnerable code is used only + on newer PowerPC processors supporting the PowerISA 2.07 instructions.

      +

      The consequences of this kind of internal application state corruption can + be various - from no consequences, if the calling application does not + depend on the contents of non-volatile XMM registers at all, to the worst + consequences, where the attacker could get complete control of the application + process. However unless the compiler uses the vector registers for storing + pointers, the most likely consequence, if any, would be an incorrect result + of some application dependent calculations or a crash leading to a denial of + service.

      +

      The POLY1305 MAC algorithm is most frequently used as part of the + CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) + algorithm. The most common usage of this AEAD cipher is with TLS protocol + versions 1.2 and 1.3. If this cipher is enabled on the server a malicious + client can influence whether this AEAD cipher is used. This implies that + TLS server applications using OpenSSL can be potentially impacted. However + we are currently not aware of any concrete application that would be affected + by this issue therefore we consider this a Low severity security issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.5-r0 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -
    -

    CVE-2024-5535

    +
    +

    CVE-2024-0727

    -
    - low severity +
    + medium severity
    @@ -2214,7 +1723,7 @@

    CVE-2024-5535

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -2227,97 +1736,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -2331,85 +1840,44 @@

      Detailed paths

      NVD Description

      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. See How to fix? for Alpine:3.18 relevant fixed versions and status.

      -

      Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an - empty supported client protocols buffer may cause a crash or memory contents to - be sent to the peer.

      -

      Impact summary: A buffer overread can have a range of potential consequences - such as unexpected application beahviour or a crash. In particular this issue - could result in up to 255 bytes of arbitrary private data from memory being sent - to the peer leading to a loss of confidentiality. However, only applications - that directly call the SSL_select_next_proto function with a 0 length list of - supported client protocols are affected by this issue. This would normally never - be a valid scenario and is typically not under attacker control but may occur by - accident in the case of a configuration or programming error in the calling - application.

      -

      The OpenSSL API function SSL_select_next_proto is typically used by TLS - applications that support ALPN (Application Layer Protocol Negotiation) or NPN - (Next Protocol Negotiation). NPN is older, was never standardised and - is deprecated in favour of ALPN. We believe that ALPN is significantly more - widely deployed than NPN. The SSL_select_next_proto function accepts a list of - protocols from the server and a list of protocols from the client and returns - the first protocol that appears in the server list that also appears in the - client list. In the case of no overlap between the two lists it returns the - first item in the client list. In either case it will signal whether an overlap - between the two lists was found. In the case where SSL_select_next_proto is - called with a zero length client list it fails to notice this condition and - returns the memory immediately following the client list pointer (and reports - that there was no overlap in the lists).

      -

      This function is typically called from a server side application callback for - ALPN or a client side application callback for NPN. In the case of ALPN the list - of protocols supplied by the client is guaranteed by libssl to never be zero in - length. The list of server protocols comes from the application and should never - normally be expected to be of zero length. In this case if the - SSL_select_next_proto function has been called as expected (with the list - supplied by the client passed in the client/client_len parameters), then the - application will not be vulnerable to this issue. If the application has - accidentally been configured with a zero length server list, and has - accidentally passed that zero length server list in the client/client_len - parameters, and has additionally failed to correctly handle a "no overlap" - response (which would normally result in a handshake failure in ALPN) then it - will be vulnerable to this problem.

      -

      In the case of NPN, the protocol permits the client to opportunistically select - a protocol when there is no overlap. OpenSSL returns the first client protocol - in the no overlap case in support of this. The list of client protocols comes - from the application and should never normally be expected to be of zero length. - However if the SSL_select_next_proto function is accidentally called with a - client_len of 0 then an invalid memory pointer will be returned instead. If the - application uses this output as the opportunistic protocol then the loss of - confidentiality will occur.

      -

      This issue has been assessed as Low severity because applications are most - likely to be vulnerable if they are using NPN instead of ALPN - but NPN is not - widely used. It also requires an application configuration or programming error. - Finally, this issue would not typically be under attacker control making active - exploitation unlikely.

      -

      The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.

      -

      Due to the low severity of this issue we are not issuing new releases of - OpenSSL at this time. The fix will be included in the next releases when they - become available.

      +

      Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL + to crash leading to a potential Denial of Service attack

      +

      Impact summary: Applications loading files in the PKCS12 format from untrusted + sources might terminate abruptly.

      +

      A file in PKCS12 format can contain certificates and keys and may come from an + untrusted source. The PKCS12 specification allows certain fields to be NULL, but + OpenSSL does not correctly check for this case. This can lead to a NULL pointer + dereference that results in OpenSSL crashing. If an application processes PKCS12 + files from an untrusted source using the OpenSSL APIs then that application will + be vulnerable to this issue.

      +

      OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), + PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() + and PKCS12_newpass().

      +

      We have also fixed a similar issue in SMIME_write_PKCS7(). However since this + function is related to writing data we do not consider it security significant.

      +

      The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    CVE-2024-4741

    +

    CVE-2023-6237

    @@ -2430,7 +1898,7 @@

    CVE-2024-4741

  • Introduced through: - docker-image|haproxy@2.6.14-alpine and openssl/libcrypto3@3.1.2-r0 + docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1
    • @@ -2443,97 +1911,97 @@

    Detailed paths

    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 - openssl/libcrypto3@3.1.2-r0 + openssl/libcrypto3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - .haproxy-rundeps@20230809.001942 + .redis-rundeps@20230614.215749 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine apk-tools/apk-tools@2.14.0-r2 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1
    • Introduced through: - docker-image|haproxy@2.6.14-alpine + docker-image|redis@7.0.11-alpine - busybox/ssl_client@1.36.1-r2 + busybox/ssl_client@1.36.1-r0 - openssl/libssl3@3.1.2-r0 + openssl/libssl3@3.1.1-r1 @@ -2547,12 +2015,12 @@

      Detailed paths

      NVD Description

      This vulnerability has not been analyzed by NVD yet.

      Remediation

      -

      Upgrade Alpine:3.18 openssl to version 3.1.6-r0 or higher.

      +

      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

      -

      More about this vulnerability

      +

      More about this vulnerability

    diff --git a/docs/user-guide/commands/argocd.md b/docs/user-guide/commands/argocd.md index dc5cd36297760..b03b3971284f6 100644 --- a/docs/user-guide/commands/argocd.md +++ b/docs/user-guide/commands/argocd.md @@ -45,7 +45,7 @@ argocd [flags] * [argocd appset](argocd_appset.md) - Manage ApplicationSets * [argocd cert](argocd_cert.md) - Manage repository certificates and SSH known hosts entries * [argocd cluster](argocd_cluster.md) - Manage cluster credentials -* [argocd completion](argocd_completion.md) - output shell completion code for the specified shell (bash, zsh or fish) +* [argocd completion](argocd_completion.md) - output shell completion code for the specified shell (bash or zsh) * [argocd context](argocd_context.md) - Switch between contexts * [argocd gpg](argocd_gpg.md) - Manage GPG keys used for signature verification * [argocd login](argocd_login.md) - Log in to Argo CD diff --git a/docs/user-guide/commands/argocd_admin_app_generate-spec.md b/docs/user-guide/commands/argocd_admin_app_generate-spec.md index 71b29112ee293..ed9f36a4268c0 100644 --- a/docs/user-guide/commands/argocd_admin_app_generate-spec.md +++ b/docs/user-guide/commands/argocd_admin_app_generate-spec.md @@ -86,7 +86,6 @@ argocd admin app generate-spec APPNAME [flags] --revision string The tracking source branch, tag, commit or Helm chart version the application will sync to --revision-history-limit int How many items to keep in revision history (default 10) --self-heal Set self healing when sync is automated - --set-finalizer Sets deletion finalizer on the application, application resources will be cascaded on deletion --sync-option Prune=false Add or remove a sync option, e.g add Prune=false. Remove using `!` prefix, e.g. `!Prune=false` --sync-policy string Set the sync policy (one of: manual (aliases of manual: none), automated (aliases of automated: auto, automatic)) --sync-retry-backoff-duration duration Sync retry backoff base duration. Input needs to be a duration (e.g. 2m, 1h) (default 5s) diff --git a/docs/user-guide/commands/argocd_admin_cluster_shards.md b/docs/user-guide/commands/argocd_admin_cluster_shards.md index 44efa4392b9ac..48f6138d47b4a 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_shards.md +++ b/docs/user-guide/commands/argocd_admin_cluster_shards.md @@ -43,7 +43,7 @@ argocd admin cluster shards [flags] --sentinelmaster string Redis sentinel master group name. (default "master") --server string The address and port of the Kubernetes API server --shard int Cluster shard filter (default -1) - --sharding-method string Sharding method. Defaults: legacy. Supported sharding methods are : [legacy, round-robin, consistent-hashing] (default "legacy") + --sharding-method string Sharding method. Defaults: legacy. Supported sharding methods are : [legacy, round-robin] (default "legacy") --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use diff --git a/docs/user-guide/commands/argocd_admin_cluster_stats.md b/docs/user-guide/commands/argocd_admin_cluster_stats.md index 18aa583f01305..c5297ce7e35ed 100644 --- a/docs/user-guide/commands/argocd_admin_cluster_stats.md +++ b/docs/user-guide/commands/argocd_admin_cluster_stats.md @@ -57,7 +57,7 @@ argocd admin cluster stats target-cluster --sentinelmaster string Redis sentinel master group name. (default "master") --server string The address and port of the Kubernetes API server --shard int Cluster shard filter (default -1) - --sharding-method string Sharding method. Defaults: legacy. Supported sharding methods are : [legacy, round-robin, consistent-hashing] (default "legacy") + --sharding-method string Sharding method. Defaults: legacy. Supported sharding methods are : [legacy, round-robin] (default "legacy") --tls-server-name string If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used. --token string Bearer token for authentication to the API server --user string The name of the kubeconfig user to use diff --git a/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md b/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md index 4be305e40a33c..b051c7c63694b 100644 --- a/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md +++ b/docs/user-guide/commands/argocd_admin_settings_rbac_validate.md @@ -26,8 +26,8 @@ argocd admin settings rbac validate --policy-file policy.csv # i.e. 'policy.csv' and (optionally) 'policy.default' argocd admin settings rbac validate --policy-file argocd-rbac-cm.yaml -# If --policy-file is not given, and instead --namespace is giventhe ConfigMap 'argocd-rbac-cm' -# from K8s is used. +# If --policy-file is not given, and instead --namespace is giventhe ConfigMap 'argocd-rbac-cm' +# from K8s is used. argocd admin settings rbac validate --namespace argocd # Either --policy-file or --namespace must be given. diff --git a/docs/user-guide/commands/argocd_app_delete-resource.md b/docs/user-guide/commands/argocd_app_delete-resource.md index e397c0c019fa8..4a305eb4b4489 100644 --- a/docs/user-guide/commands/argocd_app_delete-resource.md +++ b/docs/user-guide/commands/argocd_app_delete-resource.md @@ -12,12 +12,12 @@ argocd app delete-resource APPNAME [flags] ``` --all Indicates whether to patch multiple matching of resources - --force Indicates whether to force delete the resource + --force Indicates whether to orphan the dependents of the deleted resource --group string Group -h, --help help for delete-resource --kind string Kind --namespace string Namespace - --orphan Indicates whether to orphan the dependents of the deleted resource + --orphan Indicates whether to force delete the resource --project string The name of the application's project - specifying this allows the command to report "not found" instead of "permission denied" if the app does not exist --resource-name string Name of resource ``` diff --git a/docs/user-guide/commands/argocd_app_set.md b/docs/user-guide/commands/argocd_app_set.md index 077f9ed175c70..f5180d41a1be7 100644 --- a/docs/user-guide/commands/argocd_app_set.md +++ b/docs/user-guide/commands/argocd_app_set.md @@ -17,6 +17,12 @@ argocd app set APPNAME [flags] # Set and validate application parameters for "my-app" argocd app set my-app --parameter key1=value1 --parameter key2=value2 --validate + # Set and override application parameters with JSON or YAML file + argocd app set my-app --from-file path/to/parameters.json + + # Set and override application parameters with a parameter file + argocd app set my-app --parameter-file path/to/parameter-file.yaml + # Set and override application parameters for a source at position 1 under spec.sources of app my-app. source-position starts at 1. argocd app set my-app --source-position 1 --repo https://github.com/argoproj/argocd-example-apps.git diff --git a/docs/user-guide/commands/argocd_appset_create.md b/docs/user-guide/commands/argocd_appset_create.md index 70c9d6b61c84f..fccc03fcc971c 100644 --- a/docs/user-guide/commands/argocd_appset_create.md +++ b/docs/user-guide/commands/argocd_appset_create.md @@ -13,18 +13,13 @@ argocd appset create [flags] ``` # Create ApplicationSets argocd appset create (...) - - # Dry-run AppSet creation to see what applications would be managed - argocd appset create --dry-run -o json | jq -r '.status.resources[].name' ``` ### Options ``` - --dry-run Allows to evaluate the ApplicationSet template on the server to get a preview of the applications that would be created - -h, --help help for create - -o, --output string Output format. One of: json|yaml|wide (default "wide") - --upsert Allows to override ApplicationSet with the same name even if supplied ApplicationSet spec is different from existing spec + -h, --help help for create + --upsert Allows to override ApplicationSet with the same name even if supplied ApplicationSet spec is different from existing spec ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_cluster_list.md b/docs/user-guide/commands/argocd_cluster_list.md index 3e03f1581648f..9779a4fb8af0b 100644 --- a/docs/user-guide/commands/argocd_cluster_list.md +++ b/docs/user-guide/commands/argocd_cluster_list.md @@ -15,7 +15,7 @@ argocd cluster list [flags] # List Clusters in Default "Wide" Format argocd cluster list -# List Cluster via specifying the server +# List Cluster via specifing the server argocd cluster list --server # List Clusters in JSON Format diff --git a/docs/user-guide/commands/argocd_completion.md b/docs/user-guide/commands/argocd_completion.md index 09d2bf264f1e8..3d6d981ef4c8f 100644 --- a/docs/user-guide/commands/argocd_completion.md +++ b/docs/user-guide/commands/argocd_completion.md @@ -2,11 +2,11 @@ ## argocd completion -output shell completion code for the specified shell (bash, zsh or fish) +output shell completion code for the specified shell (bash or zsh) ### Synopsis -Write bash, zsh or fish shell completion code to standard output. +Write bash or zsh shell completion code to standard output. For bash, ensure you have bash completions installed and enabled. To access completions in your current shell, run @@ -36,11 +36,6 @@ $ source <(argocd completion bash) $ argocd completion zsh > _argocd $ source _argocd -# For fish -$ argocd completion fish > ~/.config/fish/completions/argocd.fish -$ source ~/.config/fish/completions/argocd.fish - - ``` ### Options diff --git a/docs/user-guide/commands/argocd_login.md b/docs/user-guide/commands/argocd_login.md index cad6572ce44cc..adf02fefbc454 100644 --- a/docs/user-guide/commands/argocd_login.md +++ b/docs/user-guide/commands/argocd_login.md @@ -28,14 +28,13 @@ argocd login cd.argoproj.io --core ### Options ``` - -h, --help help for login - --name string Name to use for the context - --password string The password of an account to authenticate - --skip-test-tls Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason) - --sso Perform SSO login - --sso-launch-browser Automatically launch the system default browser when performing SSO login (default true) - --sso-port int Port to run local OAuth2 login application (default 8085) - --username string The username of an account to authenticate + -h, --help help for login + --name string Name to use for the context + --password string The password of an account to authenticate + --skip-test-tls Skip testing whether the server is configured with TLS (this can help when the command hangs for no apparent reason) + --sso Perform SSO login + --sso-port int Port to run local OAuth2 login application (default 8085) + --username string The username of an account to authenticate ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md b/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md index 3f01015395f1b..e3b84ac38cc0e 100644 --- a/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md +++ b/docs/user-guide/commands/argocd_proj_windows_disable-manual-sync.md @@ -19,7 +19,7 @@ argocd proj windows disable-manual-sync PROJECT ID [flags] #Disable manual sync for a sync window for the Project argocd proj windows disable-manual-sync PROJECT ID -#Disabling manual sync for a windows set on the default project with Id 0 +#Disbaling manual sync for a windows set on the default project with Id 0 argocd proj windows disable-manual-sync default 0 ``` diff --git a/docs/user-guide/commands/argocd_relogin.md b/docs/user-guide/commands/argocd_relogin.md index c3b28a46b21d7..430ab4a9222c9 100644 --- a/docs/user-guide/commands/argocd_relogin.md +++ b/docs/user-guide/commands/argocd_relogin.md @@ -32,10 +32,9 @@ argocd login cd.argoproj.io --core ### Options ``` - -h, --help help for relogin - --password string The password of an account to authenticate - --sso-launch-browser Automatically launch the default browser when performing SSO login (default true) - --sso-port int Port to run local OAuth2 login application (default 8085) + -h, --help help for relogin + --password string The password of an account to authenticate + --sso-port int Port to run local OAuth2 login application (default 8085) ``` ### Options inherited from parent commands diff --git a/docs/user-guide/commands/argocd_repo_get.md b/docs/user-guide/commands/argocd_repo_get.md index e1d445d1068f6..5a900adb09487 100644 --- a/docs/user-guide/commands/argocd_repo_get.md +++ b/docs/user-guide/commands/argocd_repo_get.md @@ -13,7 +13,6 @@ argocd repo get [flags] ``` -h, --help help for get -o, --output string Output format. One of: json|yaml|wide|url (default "wide") - --project string project of the repository --refresh string Force a cache refresh on connection status , must be one of: 'hard' ``` diff --git a/docs/user-guide/commands/argocd_repo_rm.md b/docs/user-guide/commands/argocd_repo_rm.md index 4e44bf0acf90b..01e89d48e76a1 100644 --- a/docs/user-guide/commands/argocd_repo_rm.md +++ b/docs/user-guide/commands/argocd_repo_rm.md @@ -11,8 +11,7 @@ argocd repo rm REPO [flags] ### Options ``` - -h, --help help for rm - --project string project of the repository + -h, --help help for rm ``` ### Options inherited from parent commands diff --git a/docs/user-guide/diff-strategies.md b/docs/user-guide/diff-strategies.md index ffd09660696ac..2890fe64cbb0e 100644 --- a/docs/user-guide/diff-strategies.md +++ b/docs/user-guide/diff-strategies.md @@ -114,7 +114,7 @@ metadata: ... ``` -Note: This annotation is only effective when Server-Side Diff is +Note: This annoation is only effective when Server-Side Diff is enabled. To enable both options for a given application add the following annotation in the Argo CD Application resource: diff --git a/docs/user-guide/diffing.md b/docs/user-guide/diffing.md index 7e5b72d97959c..2a69654b4aa1a 100644 --- a/docs/user-guide/diffing.md +++ b/docs/user-guide/diffing.md @@ -68,14 +68,13 @@ spec: The above configuration will ignore differences from all fields owned by `kube-controller-manager` for all resources belonging to this application. -If you have a slash `/` in your pointer path, you need to replace it with the `~1` character. For example: +If you have a slash `/` in your pointer path, you can use the `~1` character. For example: ```yaml spec: ignoreDifferences: - kind: Node - jsonPointers: - - /metadata/labels/node-role.kubernetes.io~1worker + jsonPointers: /metadata/labels/node-role.kubernetes.io~1worker ``` ## System-Level Configuration diff --git a/docs/user-guide/gpg-verification.md b/docs/user-guide/gpg-verification.md index bf632cabdfbc5..07f9f474647b3 100644 --- a/docs/user-guide/gpg-verification.md +++ b/docs/user-guide/gpg-verification.md @@ -17,8 +17,8 @@ allowed public key. By default, signature verification is enabled but not enforced. If you wish to completely disable the GnuPG functionality in ArgoCD, you have to set the environment variable `ARGOCD_GPG_ENABLED` to `"false"` in the pod templates of -the `argocd-server`, `argocd-repo-server`, `argocd-application-controller` and -`argocd-applicationset-controller` deployment manifests. +the `argocd-server`, `argocd-repo-server` and `argocd-application-controller` +deployment manifests. Verification of GnuPG signatures is only supported with Git repositories. It is not possible using Helm repositories. @@ -282,8 +282,8 @@ spec: The GnuPG feature can be completely disabled if desired. In order to disable it, set the environment variable `ARGOCD_GPG_ENABLED` to `false` for the pod -templates of the `argocd-server`, `argocd-repo-server`, `argocd-application-controller` -and `argocd-applicationset-controller` deployments. +templates of the `argocd-server`, `argocd-repo-server` and + `argocd-application-controller` deployments. After the pods have been restarted, the GnuPG feature is disabled. diff --git a/docs/user-guide/helm.md b/docs/user-guide/helm.md index 3b5a5de0dc262..c3b6aa0c6e8fa 100644 --- a/docs/user-guide/helm.md +++ b/docs/user-guide/helm.md @@ -72,22 +72,6 @@ source: - values-production.yaml ``` -If Helm is passed a non-existing value file during template expansion, it will error out. Missing -values files can be ignored (meaning, not passed to Helm) using the `--ignore-missing-value-files`. This can be -particularly helpful to implement a [default/override -pattern](https://github.com/argoproj/argo-cd/issues/7767#issue-1060611415) with [Application -Sets](./application-set.md). - -In the declarative syntax: -```yaml -source: - helm: - valueFiles: - - values-common.yaml - - values-optional-override.yaml - ignoreMissingValueFiles: true -``` - ## Values Argo CD supports the equivalent of a values file directly in the Application manifest using the `source.helm.valuesObject` key. @@ -217,28 +201,6 @@ the result will be param1=value5 The list of parameters seen in the ui is not what is used for resources, rather it is the values/valuesObject merged with parameters (see [this issue](https://github.com/argoproj/argo-cd/issues/9213) incase it has been resolved) As a workaround using parameters instead of values/valuesObject will provide a better overview of what will be used for resources -## Helm --set-file support - -The `--set-file` argument to helm can be used with the following syntax on -the cli: - -```bash -argocd app set helm-guestbook --helm-set-file some.key=path/to/file.ext -``` - -or using the fileParameters for yaml: - -```yaml -source: - helm: - fileParameters: - - name: some.key - value: path/to/file.ext -``` - -!!! warning "Reference in multiple sources not supported" - Please note that using a multiple sources application will not let you load the file by reference. See [argoproj/argo-cd#13220](https://github.com/argoproj/argo-cd/issues/13220) - ## Helm Release Name By default, the Helm release name is equal to the Application name to which it belongs. Sometimes, especially on a centralised Argo CD, diff --git a/docs/user-guide/kustomize.md b/docs/user-guide/kustomize.md index 28dfaebd28f25..1aa876fb74224 100644 --- a/docs/user-guide/kustomize.md +++ b/docs/user-guide/kustomize.md @@ -1,26 +1,5 @@ # Kustomize -## Declarative - -You can define a Kustomize application manifest in the declarative GitOps way. Here is an example: - -```yaml -apiVersion: argoproj.io/v1alpha1 -kind: Application -metadata: - name: kustomize-example -spec: - project: default - source: - path: examples/helloWorld - repoURL: 'https://github.com/kubernetes-sigs/kustomize' - targetRevision: HEAD - destination: - namespace: default - server: 'https://kubernetes.default.svc' - -If the `kustomization.yaml` file exists at the location pointed to by `repoURL` and `path`, Argo CD will render the manifests using Kustomize. - The following configuration options are available for Kustomize: * `namePrefix` is a prefix appended to resources for Kustomize apps @@ -233,7 +212,7 @@ argocd app set --kustomize-version v3.5.4 ## Build Environment -Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config management plugin](../operator-manual/config-management-plugins.md) to alter the rendered manifests. +Kustomize apps have access to the [standard build environment](build-environment.md) which can be used in combination with a [config managment plugin](../operator-manual/config-management-plugins.md) to alter the rendered manifests. You can use these build environment variables in your Argo CD Application manifests. You can enable this by setting `.spec.source.kustomize.commonAnnotationsEnvsubst` to `true` in your Application manifest. diff --git a/docs/user-guide/multiple_sources.md b/docs/user-guide/multiple_sources.md index 462bfa13475f3..be8f8852e609f 100644 --- a/docs/user-guide/multiple_sources.md +++ b/docs/user-guide/multiple_sources.md @@ -1,7 +1,9 @@ # Multiple Sources for an Application !!! warning "Beta Feature" - Specifying multiple sources for an application is a beta feature. This feature is subject to change in backwards incompatible ways until it is marked stable. + Specifying multiple sources for an application is a beta feature. The UI and CLI still generally behave as if only + the first source is specified. Full UI/CLI support will be added in a future release. + This feature is subject to change in backwards incompatible ways until it is marked stable. By default an Argo CD application is a link between a single source and a cluster. Sometimes however, you want to combine files from multiple locations to form a single Application. diff --git a/docs/user-guide/status-badge.md b/docs/user-guide/status-badge.md index a933a751d2550..3363227997309 100644 --- a/docs/user-guide/status-badge.md +++ b/docs/user-guide/status-badge.md @@ -14,45 +14,7 @@ The URLs for status image are available on application details page: for the status image URL in markdown, html, etc are available . 4. Copy the text and paste it into your README or website. -## Additional query parameters options -### showAppName -Display the application name in the status badge. +The application name may optionally be displayed in the status badge by adding the `?showAppName=true` query parameter. -Available values: `true/false` - -Default value: `false` - -Example: `&showAppName=true` - -### revision -Display revision targeted by the application. - -It will also extend the badge width to 192px. - -Available values: `true/false` - -Default value: `false` - -Example: `&revision=true` -### keepFullRevision -By default, displayed revision is truncated to 7 characters. - -This parameter allows to display it fully if it exceeds that length. - -It will also extend the badge width to 400px. - -Available values: `true/false` - -Default value: `false` - -Example: `&keepFullRevision=true` -### width -Change width of the badge. - -Completely replace current calculated width. - -Available values: `integer` - -Default value: `nil` - -Example: `&width=500` \ No newline at end of file +For example, `${argoCdBaseUrl}/api/badge?name=${appName}&showAppName=true`. +To remove the application name from the badge, remove the query parameter from the URL or set it to `false`. \ No newline at end of file diff --git a/docs/user-guide/sync-kubectl.md b/docs/user-guide/sync-kubectl.md index 53700afed4f67..100ec2cdf70b1 100644 --- a/docs/user-guide/sync-kubectl.md +++ b/docs/user-guide/sync-kubectl.md @@ -38,7 +38,7 @@ operation: username: sync: syncStrategy: - hook: {} + hook: {} ``` ```bash diff --git a/docs/user-guide/tracking_strategies.md b/docs/user-guide/tracking_strategies.md index 9cfc63811b6b4..57dfc5f907b65 100644 --- a/docs/user-guide/tracking_strategies.md +++ b/docs/user-guide/tracking_strategies.md @@ -25,15 +25,14 @@ Helm chart versions are [Semantic Versions](https://semver.org/). As a result, y ## Git -For Git, all versions are Git references but tags [Semantic Versions](https://semver.org/) can also be used: +For Git, all versions are Git references: | Use Case | How | Notes | |-|-|-| | Pin to a version (e.g. in production) | Either (a) tag the commit with (e.g. `v1.2.0`) and use that tag, or (b) using commit SHA. | See [commit pinning](#commit-pinning). | -| Track patches (e.g. in pre-production) | Use a range (e.g. `1.2.*` or `>=1.2.0 <1.3.0`) | See [tag tracking](#tag-tracking) | -| Track minor releases (e.g. in QA) | Use a range (e.g. `1.*` or `>=1.0.0 <2.0.0`) | See [tag tracking](#tag-tracking) | -| Use the latest (e.g. in local development) | Use `HEAD` or `master` (assuming `master` is your master branch). | See [HEAD / Branch Tracking](#head-branch-tracking) | -| Use the latest including pre-releases | Use star range with `-0` suffix | `*-0` or `>=0.0.0-0` | +| Track patches (e.g. in pre-production) | Tag/re-tag the commit, e.g. (e.g. `v1.2`) and use that tag. | See [tag tracking](#tag-tracking) | +| Track minor releases (e.g. in QA) | Re-tag the commit as (e.g. `v1`) and use that tag. | See [tag tracking](#tag-tracking) | +| Use the latest (e.g. in local development) | Use `HEAD` or `master` (assuming `master` is your master branch). | See [HEAD / Branch Tracking](#head-branch-tracking) | ### HEAD / Branch Tracking @@ -54,9 +53,6 @@ To redeploy an app, the user uses Git to change the meaning of a tag by retaggin different commit SHA. Argo CD will detect the new meaning of the tag when performing the comparison/sync. -But if you're using semantic versioning you can set the constraint in your service revision -and Argo CD will get the latest version following the constraint rules. - ### Commit Pinning If a Git commit SHA is specified, the app is effectively pinned to the manifests defined at diff --git a/go.mod b/go.mod index 18d403ad6900c..f11970ca4e466 100644 --- a/go.mod +++ b/go.mod @@ -1,37 +1,39 @@ module github.com/argoproj/argo-cd/v2 -go 1.21.0 +go 1.21 + +toolchain go1.21.0 require ( - code.gitea.io/sdk/gitea v0.18.0 + code.gitea.io/sdk/gitea v0.15.1 github.com/Azure/kubelogin v0.0.20 + github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible github.com/Masterminds/semver/v3 v3.2.1 github.com/Masterminds/sprig/v3 v3.2.3 github.com/TomOnTime/utfutil v0.0.0-20180511104225-09c41003ee1d - github.com/alicebob/miniredis/v2 v2.33.0 + github.com/alicebob/miniredis/v2 v2.30.4 github.com/antonmedv/expr v1.15.2 - github.com/argoproj/gitops-engine v0.7.1-0.20240628155502-fa0e8d60a3a4 - github.com/argoproj/notifications-engine v0.4.1-0.20240606074338-0802cd427621 + github.com/argoproj/gitops-engine v0.7.1-0.20240715141605-18ba62e1f1fb + github.com/argoproj/notifications-engine v0.4.1-0.20240403133627-f48567108f01 github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 github.com/aws/aws-sdk-go v1.50.8 - github.com/bmatcuk/doublestar/v4 v4.6.1 + github.com/bmatcuk/doublestar/v4 v4.6.0 github.com/bombsimon/logrusr/v2 v2.0.1 github.com/bradleyfalzon/ghinstallation/v2 v2.6.0 - github.com/casbin/casbin/v2 v2.97.0 - github.com/casbin/govaluate v1.1.0 + github.com/casbin/casbin/v2 v2.77.2 github.com/cespare/xxhash/v2 v2.2.0 github.com/chainguard-dev/git-urls v1.0.2 - github.com/coreos/go-oidc/v3 v3.10.0 + github.com/coreos/go-oidc/v3 v3.6.0 github.com/cyphar/filepath-securejoin v0.2.4 github.com/dustin/go-humanize v1.0.1 github.com/evanphx/json-patch v5.9.0+incompatible github.com/felixge/httpsnoop v1.0.3 - github.com/fsnotify/fsnotify v1.7.0 + github.com/fsnotify/fsnotify v1.6.0 github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e - github.com/go-git/go-git/v5 v5.12.0 + github.com/go-git/go-git/v5 v5.11.0 github.com/go-jose/go-jose/v3 v3.0.3 - github.com/go-logr/logr v1.4.1 - github.com/go-openapi/loads v0.22.0 + github.com/go-logr/logr v1.3.0 + github.com/go-openapi/loads v0.21.2 github.com/go-openapi/runtime v0.26.0 github.com/go-playground/webhooks/v6 v6.3.0 github.com/go-redis/cache/v9 v9.0.0 @@ -40,32 +42,30 @@ require ( github.com/gogo/protobuf v1.3.2 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/golang/protobuf v1.5.4 - github.com/google/btree v1.1.2 github.com/google/go-cmp v0.6.0 github.com/google/go-github/v35 v35.3.0 github.com/google/go-jsonnet v0.20.0 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 - github.com/google/uuid v1.6.0 + github.com/google/uuid v1.3.1 github.com/gorilla/handlers v1.5.1 github.com/gorilla/websocket v1.5.0 github.com/gosimple/slug v1.13.1 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/grpc-ecosystem/grpc-gateway v1.16.0 - github.com/hashicorp/go-retryablehttp v0.7.7 + github.com/hashicorp/go-retryablehttp v0.7.4 github.com/imdario/mergo v0.3.16 github.com/improbable-eng/grpc-web v0.15.0 github.com/itchyny/gojq v0.12.13 github.com/jeremywohl/flatten v1.0.1 github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 github.com/ktrysmt/go-bitbucket v0.9.67 - github.com/mattn/go-isatty v0.0.20 + github.com/mattn/go-isatty v0.0.19 github.com/mattn/go-zglob v0.0.4 github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 - github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 github.com/olekukonko/tablewriter v0.0.5 github.com/patrickmn/go-cache v2.1.0+incompatible - github.com/prometheus/client_golang v1.18.0 + github.com/prometheus/client_golang v1.16.0 github.com/r3labs/diff v1.1.0 github.com/redis/go-redis/v9 v9.0.5 github.com/robfig/cron/v3 v3.0.1 @@ -74,39 +74,37 @@ require ( github.com/soheilhy/cmux v0.1.5 github.com/spf13/cobra v1.7.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.8.4 github.com/valyala/fasttemplate v1.2.2 github.com/xanzy/go-gitlab v0.91.1 - github.com/yuin/gopher-lua v1.1.1 + github.com/yuin/gopher-lua v1.1.0 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.1 go.opentelemetry.io/otel v1.21.0 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.21.0 go.opentelemetry.io/otel/sdk v1.21.0 - golang.org/x/crypto v0.23.0 + golang.org/x/crypto v0.19.0 golang.org/x/exp v0.0.0-20230522175609-2e198f4a06a1 - golang.org/x/net v0.25.0 - golang.org/x/oauth2 v0.13.0 - golang.org/x/sync v0.5.0 - golang.org/x/term v0.20.0 - golang.org/x/time v0.5.0 + golang.org/x/oauth2 v0.11.0 + golang.org/x/sync v0.3.0 + golang.org/x/term v0.17.0 google.golang.org/genproto/googleapis/api v0.0.0-20230822172742-b8732ec3820d google.golang.org/grpc v1.59.0 google.golang.org/protobuf v1.33.0 gopkg.in/yaml.v2 v2.4.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.29.6 - k8s.io/apiextensions-apiserver v0.29.6 - k8s.io/apimachinery v0.29.6 - k8s.io/apiserver v0.29.6 - k8s.io/client-go v0.29.6 - k8s.io/code-generator v0.29.6 - k8s.io/klog/v2 v2.110.1 - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 - k8s.io/kubectl v0.29.6 - k8s.io/utils v0.0.0-20230726121419-3b25d923346b + k8s.io/api v0.26.11 + k8s.io/apiextensions-apiserver v0.26.10 + k8s.io/apimachinery v0.26.11 + k8s.io/apiserver v0.26.11 + k8s.io/client-go v0.26.11 + k8s.io/code-generator v0.26.11 + k8s.io/klog/v2 v2.100.1 + k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f + k8s.io/kubectl v0.26.4 + k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 oras.land/oras-go/v2 v2.3.0 - sigs.k8s.io/controller-runtime v0.17.2 + sigs.k8s.io/controller-runtime v0.14.7 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 sigs.k8s.io/yaml v1.4.0 ) @@ -131,25 +129,16 @@ require ( github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect github.com/aws/smithy-go v1.19.0 // indirect - github.com/davidmz/go-pageant v1.0.2 // indirect - github.com/distribution/reference v0.5.0 // indirect - github.com/go-fed/httpsig v1.1.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect - github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/s2a-go v0.1.7 // indirect + github.com/google/s2a-go v0.1.4 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.5 // indirect github.com/googleapis/gax-go/v2 v2.12.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect - github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect + github.com/tidwall/gjson v1.14.4 // indirect + github.com/tidwall/match v1.1.1 // indirect + github.com/tidwall/pretty v1.2.0 // indirect go.opencensus.io v0.24.0 // indirect - go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect - golang.org/x/tools v0.16.1 // indirect google.golang.org/api v0.132.0 // indirect google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230822172742-b8732ec3820d // indirect @@ -163,8 +152,8 @@ require ( cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.29 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect + github.com/Azure/go-autorest/autorest v0.11.27 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect @@ -172,7 +161,7 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Microsoft/go-winio v0.6.1 // indirect github.com/PagerDuty/go-pagerduty v1.7.0 // indirect - github.com/ProtonMail/go-crypto v1.0.0 // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 // indirect github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect @@ -180,33 +169,36 @@ require ( github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v4 v4.2.1 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/cloudflare/circl v1.3.7 // indirect + github.com/cloudflare/circl v1.3.3 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f // indirect github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect - github.com/emicklei/go-restful/v3 v3.11.0 // indirect + github.com/docker/distribution v2.8.2+incompatible // indirect + github.com/emicklei/go-restful/v3 v3.9.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect - github.com/evanphx/json-patch/v5 v5.8.0 // indirect + github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/camelcase v1.0.0 // indirect - github.com/fvbommel/sortorder v1.1.0 // indirect + github.com/fvbommel/sortorder v1.0.1 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-openapi/analysis v0.23.0 // indirect - github.com/go-openapi/errors v0.22.0 // indirect - github.com/go-openapi/jsonpointer v0.21.0 // indirect - github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/spec v0.21.0 // indirect - github.com/go-openapi/strfmt v0.23.0 // indirect - github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/analysis v0.21.4 // indirect + github.com/go-openapi/errors v0.20.3 // indirect + github.com/go-openapi/jsonpointer v0.19.6 // indirect + github.com/go-openapi/jsonreference v0.20.1 // indirect + github.com/go-openapi/spec v0.20.8 // indirect + github.com/go-openapi/strfmt v0.21.7 // indirect + github.com/go-openapi/swag v0.22.3 // indirect github.com/go-openapi/validate v0.22.1 // indirect github.com/go-telegram-bot-api/telegram-bot-api/v5 v5.5.1 // indirect github.com/golang/glog v1.1.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/google/btree v1.1.2 // indirect + github.com/google/gnostic v0.6.9 // indirect github.com/google/go-github/v41 v41.0.0 // indirect github.com/google/go-github/v53 v53.2.0 // indirect github.com/google/go-querystring v1.1.0 // indirect @@ -216,7 +208,7 @@ require ( github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-version v1.6.0 // indirect + github.com/hashicorp/go-version v1.2.1 // indirect github.com/huandu/xstrings v1.3.3 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/itchyny/timefmt-go v0.1.5 // indirect @@ -231,12 +223,13 @@ require ( github.com/mailru/easyjson v0.7.7 // indirect github.com/malexdev/utfutil v0.0.0-20180510171754-00c8d4a8e7a8 // indirect github.com/mattn/go-runewidth v0.0.14 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/copystructure v1.0.0 // indirect - github.com/mitchellh/go-wordwrap v1.0.1 // indirect + github.com/mitchellh/go-wordwrap v1.0.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.0 // indirect github.com/moby/spdystream v0.2.0 // indirect - github.com/moby/term v0.0.0-20221205130635-1aeaba878587 // indirect + github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect @@ -249,46 +242,53 @@ require ( github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/client_model v0.5.0 - github.com/prometheus/common v0.45.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_model v0.3.0 + github.com/prometheus/common v0.42.0 // indirect + github.com/prometheus/procfs v0.10.1 // indirect github.com/rivo/uniseg v0.4.4 // indirect github.com/rs/cors v1.9.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect + github.com/sergi/go-diff v1.1.0 // indirect github.com/shopspring/decimal v1.2.0 // indirect github.com/skeema/knownhosts v1.2.2 // indirect github.com/slack-go/slack v0.12.2 // indirect github.com/spf13/cast v1.6.0 // indirect - github.com/stretchr/objx v0.5.2 // indirect + github.com/stretchr/objx v0.5.0 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/vmihailenco/go-tinylfu v0.2.2 // indirect github.com/vmihailenco/msgpack/v5 v5.3.4 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/xlab/treeprint v1.2.0 // indirect - go.mongodb.org/mongo-driver v1.14.0 // indirect + github.com/xlab/treeprint v1.1.0 // indirect + go.mongodb.org/mongo-driver v1.11.3 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect go.opentelemetry.io/otel/metric v1.21.0 // indirect go.opentelemetry.io/otel/trace v1.21.0 // indirect go.opentelemetry.io/proto/otlp v1.0.0 // indirect + go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd // indirect + golang.org/x/mod v0.12.0 // indirect + golang.org/x/net v0.19.0 + golang.org/x/sys v0.17.0 // indirect + golang.org/x/text v0.14.0 // indirect + golang.org/x/time v0.5.0 + golang.org/x/tools v0.13.0 // indirect gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 // indirect - gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect + gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect gomodules.xyz/notify v0.1.1 // indirect - google.golang.org/appengine v1.6.8 // indirect + google.golang.org/appengine v1.6.7 // indirect gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/cli-runtime v0.29.6 // indirect - k8s.io/component-base v0.29.6 // indirect - k8s.io/component-helpers v0.29.6 // indirect - k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect - k8s.io/kube-aggregator v0.29.6 // indirect - k8s.io/kubernetes v1.29.6 // indirect + k8s.io/cli-runtime v0.26.11 // indirect + k8s.io/component-base v0.26.11 // indirect + k8s.io/component-helpers v0.26.11 // indirect + k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect + k8s.io/kube-aggregator v0.26.4 // indirect + k8s.io/kubernetes v1.26.11 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect - sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect + sigs.k8s.io/kustomize/api v0.12.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.13.9 // indirect ) replace ( @@ -300,40 +300,43 @@ replace ( github.com/golang/protobuf => github.com/golang/protobuf v1.5.4 github.com/grpc-ecosystem/grpc-gateway => github.com/grpc-ecosystem/grpc-gateway v1.16.0 + // Avoid CVE-2023-46402 + github.com/whilp/git-urls => github.com/chainguard-dev/git-urls v1.0.2 + // Avoid CVE-2022-3064 gopkg.in/yaml.v2 => gopkg.in/yaml.v2 v2.4.0 // Avoid CVE-2022-28948 gopkg.in/yaml.v3 => gopkg.in/yaml.v3 v3.0.1 - k8s.io/api => k8s.io/api v0.29.6 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.29.6 - k8s.io/apimachinery => k8s.io/apimachinery v0.29.6 - k8s.io/apiserver => k8s.io/apiserver v0.29.6 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.29.6 - k8s.io/client-go => k8s.io/client-go v0.29.6 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.29.6 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.29.6 - k8s.io/code-generator => k8s.io/code-generator v0.29.6 - k8s.io/component-base => k8s.io/component-base v0.29.6 - k8s.io/component-helpers => k8s.io/component-helpers v0.29.6 - k8s.io/controller-manager => k8s.io/controller-manager v0.29.6 - k8s.io/cri-api => k8s.io/cri-api v0.29.6 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.29.6 - k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.29.6 - k8s.io/endpointslice => k8s.io/endpointslice v0.29.6 - k8s.io/kms => k8s.io/kms v0.29.6 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.29.6 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.29.6 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.29.6 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.29.6 - k8s.io/kubectl => k8s.io/kubectl v0.29.6 - k8s.io/kubelet => k8s.io/kubelet v0.29.6 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.29.6 - k8s.io/metrics => k8s.io/metrics v0.29.6 - k8s.io/mount-utils => k8s.io/mount-utils v0.29.6 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.29.6 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.29.6 - k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.29.6 - k8s.io/sample-controller => k8s.io/sample-controller v0.29.6 + k8s.io/api => k8s.io/api v0.26.11 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.26.11 + k8s.io/apimachinery => k8s.io/apimachinery v0.26.11 + k8s.io/apiserver => k8s.io/apiserver v0.26.11 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.26.11 + k8s.io/client-go => k8s.io/client-go v0.26.11 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.26.11 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.26.11 + k8s.io/code-generator => k8s.io/code-generator v0.26.11 + k8s.io/component-base => k8s.io/component-base v0.26.11 + k8s.io/component-helpers => k8s.io/component-helpers v0.26.11 + k8s.io/controller-manager => k8s.io/controller-manager v0.26.11 + k8s.io/cri-api => k8s.io/cri-api v0.26.11 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.26.11 + k8s.io/dynamic-resource-allocation => k8s.io/dynamic-resource-allocation v0.26.11 + k8s.io/kms => k8s.io/kms v0.26.11 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.26.11 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.26.11 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.26.11 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.26.11 + k8s.io/kubectl => k8s.io/kubectl v0.26.11 + k8s.io/kubelet => k8s.io/kubelet v0.26.11 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.26.11 + k8s.io/metrics => k8s.io/metrics v0.26.11 + k8s.io/mount-utils => k8s.io/mount-utils v0.26.11 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.26.11 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.26.11 + k8s.io/sample-cli-plugin => k8s.io/sample-cli-plugin v0.26.11 + k8s.io/sample-controller => k8s.io/sample-controller v0.26.11 + ) diff --git a/go.sum b/go.sum index cc34e46e76d38..b5e5f36032846 100644 --- a/go.sum +++ b/go.sum @@ -597,8 +597,9 @@ cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoIS cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= -code.gitea.io/sdk/gitea v0.18.0 h1:+zZrwVmujIrgobt6wVBWCqITz6bn1aBjnCUHmpZrerI= -code.gitea.io/sdk/gitea v0.18.0/go.mod h1:IG9xZJoltDNeDSW0qiF2Vqx5orMWa7OhVWrjvrd5NpI= +code.gitea.io/gitea-vet v0.2.1/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE= +code.gitea.io/sdk/gitea v0.15.1 h1:WJreC7YYuxbn0UDaPuWIe/mtiNKTvLN8MLkaw71yx/M= +code.gitea.io/sdk/gitea v0.15.1/go.mod h1:klY2LVI3s3NChzIk/MzMn7G1FHrfU7qd63iSMVoHRBA= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= @@ -614,11 +615,11 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOEl github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= -github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= -github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= -github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= -github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= +github.com/Azure/go-autorest/autorest v0.11.27 h1:F3R3q42aWytozkV8ihzcgMO4OA4cuqr3bNlsEuF6//A= +github.com/Azure/go-autorest/autorest v0.11.27/go.mod h1:7l8ybrIdUmGqZMTD0sRtAr8NvbHjfofbf8RSP2q7w7U= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= +github.com/Azure/go-autorest/autorest/adal v0.9.20 h1:gJ3E98kMpFB1MFqQCvA1yFab8vthOeD4VlFRQULxahg= +github.com/Azure/go-autorest/autorest/adal v0.9.20/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k= @@ -637,6 +638,7 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/Jeffail/gabs v1.4.0 h1://5fYRRTq1edjfIrQGvdkcd22pkYUrHZ5YC/H2GJVAo= github.com/Jeffail/gabs v1.4.0/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= +github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible h1:1G1pk05UrOh0NlF1oeaaix1x8XzrfjIDK47TY0Zehcw= github.com/Knetic/govaluate v3.0.1-0.20171022003610-9aa49832a739+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0= github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ= github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE= @@ -657,8 +659,8 @@ github.com/OvyFlash/telegram-bot-api/v5 v5.0.0-20240108230938-63e5c59035bf/go.mo github.com/PagerDuty/go-pagerduty v1.7.0 h1:S1NcMKECxT5hJwV4VT+QzeSsSiv4oWl1s2821dUqG/8= github.com/PagerDuty/go-pagerduty v1.7.0/go.mod h1:PuFyJKRz1liIAH4h5KVXVD18Obpp1ZXRdxHvmGXooro= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= -github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 h1:kkhsdkhsCvIsutKu5zLMgWtgh9YxGCNAw8Ad8hjwfYg= +github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/RocketChat/Rocket.Chat.Go.SDK v0.0.0-20210112200207-10ab4d695d60 h1:prBTRx78AQnXzivNT9Crhu564W/zPPr3ibSlpT9xKcE= @@ -680,8 +682,8 @@ github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRF github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a h1:HbKu58rmZpUGpz5+4FfNmIU+FmZg2P3Xaj2v2bfNWmk= github.com/alicebob/gopher-json v0.0.0-20200520072559-a9ecdc9d1d3a/go.mod h1:SGnFV6hVsYE877CKEZ6tDNTjaSXYUk6QqoIK6PrAtcc= -github.com/alicebob/miniredis/v2 v2.33.0 h1:uvTF0EDeu9RLnUEG27Db5I68ESoIxTiXbNUiji6lZrA= -github.com/alicebob/miniredis/v2 v2.33.0/go.mod h1:MhP4a3EU7aENRi9aO+tHfTBZicLqQevyi/DJpoj6mi0= +github.com/alicebob/miniredis/v2 v2.30.4 h1:8S4/o1/KoUArAGbGwPxcwf0krlzceva2XVOSchFS7Eo= +github.com/alicebob/miniredis/v2 v2.30.4/go.mod h1:b25qWj4fCEsBeAAR2mlb0ufImGC6uH3VlUfb/HS5zKg= github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= @@ -694,10 +696,10 @@ github.com/apache/thrift v0.12.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb github.com/apache/thrift v0.13.0/go.mod h1:cp2SuWMxlEZw2r+iP2GNCdIi4C1qmUzdZFSVb+bacwQ= github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/appscode/go v0.0.0-20191119085241-0887d8ec2ecc/go.mod h1:OawnOmAL4ZX3YaPdN+8HTNwBveT1jMsqP74moa9XUbE= -github.com/argoproj/gitops-engine v0.7.1-0.20240628155502-fa0e8d60a3a4 h1:xctch+EYCzsz012kNrdK3eRALf+/ZLhWJAWG0xfxpl8= -github.com/argoproj/gitops-engine v0.7.1-0.20240628155502-fa0e8d60a3a4/go.mod h1:xMIbuLg9Qj2e0egTy+8NcukbhRaVmWwK9vm3aAQZoi4= -github.com/argoproj/notifications-engine v0.4.1-0.20240606074338-0802cd427621 h1:Yg1nt+D2uDK1SL2jSlfukA4yc7db184TTN7iWy3voRE= -github.com/argoproj/notifications-engine v0.4.1-0.20240606074338-0802cd427621/go.mod h1:N0A4sEws2soZjEpY4hgZpQS8mRIEw6otzwfkgc3g9uQ= +github.com/argoproj/gitops-engine v0.7.1-0.20240715141605-18ba62e1f1fb h1:PbngWUqmtdVxU5qRR0Dngeo6AXhxY3qZi6RlpfCLbuI= +github.com/argoproj/gitops-engine v0.7.1-0.20240715141605-18ba62e1f1fb/go.mod h1:d4eLldeEFyZIcVySAMhXhnh1tTa4qfvPYfut9B8UClw= +github.com/argoproj/notifications-engine v0.4.1-0.20240403133627-f48567108f01 h1:/V8+HM0VPPTrdjTwUrkIj5a+SjaU//tJwfIXJ1QAOvg= +github.com/argoproj/notifications-engine v0.4.1-0.20240403133627-f48567108f01/go.mod h1:N0A4sEws2soZjEpY4hgZpQS8mRIEw6otzwfkgc3g9uQ= github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1 h1:qsHwwOJ21K2Ao0xPju1sNuqphyMnMYkyB3ZLoLtxWpo= github.com/argoproj/pkg v0.13.7-0.20230626144333-d56162821bd1/go.mod h1:CZHlkyAD1/+FbEn6cB2DQTj48IoLGvEYsWEvtzP3238= github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o= @@ -753,8 +755,8 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I= -github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= +github.com/bmatcuk/doublestar/v4 v4.6.0 h1:HTuxyug8GyFbRkrffIpzNCSK4luc0TY3wzXvzIZhEXc= +github.com/bmatcuk/doublestar/v4 v4.6.0/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc= github.com/bombsimon/logrusr/v2 v2.0.1 h1:1VgxVNQMCvjirZIYaT9JYn6sAVGVEcNtRE0y4mvaOAM= github.com/bombsimon/logrusr/v2 v2.0.1/go.mod h1:ByVAX+vHdLGAfdroiMg6q0zgq2FODY2lc5YJvzmOJio= github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= @@ -765,14 +767,13 @@ github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= github.com/bsm/ginkgo/v2 v2.7.0/go.mod h1:AiKlXPm7ItEHNc/2+OkrNG4E0ITzojb9/xWzvQ9XZ9w= github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= github.com/bsm/gomega v1.26.0/go.mod h1:JyEr/xRbxbtgWNi8tIEVPUYZ5Dzef52k01W3YH0H+O0= +github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0= github.com/bwesterb/go-ristretto v1.2.0/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/bwmarrin/discordgo v0.19.0/go.mod h1:O9S4p+ofTFwB02em7jkpkV8M3R0/PUVOwN61zSZ0r4Q= github.com/casbin/casbin/v2 v2.1.2/go.mod h1:YcPU1XXisHhLzuxH9coDNf2FbKpjGlbCg3n9yuLkIJQ= -github.com/casbin/casbin/v2 v2.97.0 h1:FFHIzY+6fLIcoAB/DKcG5xvscUo9XqRpBniRYhlPWkg= -github.com/casbin/casbin/v2 v2.97.0/go.mod h1:jX8uoN4veP85O/n2674r2qtfSXI6myvxW85f6TH50fw= -github.com/casbin/govaluate v1.1.0 h1:6xdCWIpE9CwHdZhlVQW+froUrCsjb6/ZYNcXODfLT+E= -github.com/casbin/govaluate v1.1.0/go.mod h1:G/UnbIjZk/0uMNaLwZZmFQrR72tYRZWQkO70si/iR7A= +github.com/casbin/casbin/v2 v2.77.2 h1:yQinn/w9x8AswiwqwtrXz93VU48R1aYTXdHEx4RI3jM= +github.com/casbin/casbin/v2 v2.77.2/go.mod h1:mzGx0hYW9/ksOSpw3wNjk3NRAroq5VMFYUQ6G43iGPk= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff v2.2.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= github.com/cenkalti/backoff/v4 v4.1.1/go.mod h1:scbssz8iZGpm3xbr14ovlUdkxfGXNInqkPWOWmG2CLw= @@ -795,9 +796,8 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/clbanning/x2j v0.0.0-20191024224557-825249438eec/go.mod h1:jMjuTZXRI4dUb/I5gc9Hdhagfvm9+RyrPryS/auMzxE= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= +github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= -github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -817,8 +817,8 @@ github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:z github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/codegangsta/inject v0.0.0-20150114235600-33e0aa1cb7c0/go.mod h1:4Zcjuz89kmFXt9morQgcfYZAYZ5n8WHjt81YYWIwtTM= github.com/codeskyblue/go-sh v0.0.0-20190412065543-76bd3d59ff27/go.mod h1:VQx0hjo2oUeQkQUET7wRwradO6f+fN5jzXgB/zROxxE= -github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU= -github.com/coreos/go-oidc/v3 v3.10.0/go.mod h1:5j11xcw0D3+SGxn6Z/WFADsgcWVMyNAlSQupk0KK3ac= +github.com/coreos/go-oidc/v3 v3.6.0 h1:AKVxfYw1Gmkn/w96z0DbT/B/xFnzTd3MkZvWLjF4n/o= +github.com/coreos/go-oidc/v3 v3.6.0/go.mod h1:ZpHUsHBucTUj6WOkrP4E20UPynbLZzhTQ1XKCXkxyPc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-systemd v0.0.0-20180511133405-39ca1b05acc7/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4= github.com/coreos/pkg v0.0.0-20160727233714-3ac0863d7acf/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= @@ -827,25 +827,23 @@ github.com/cpuguy83/go-md2man/v2 v2.0.2 h1:p1EgwI/C7NhT0JmVkwCD2ZBK8j4aeHQX2pMHH github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= -github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= +github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= +github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davidmz/go-pageant v1.0.2 h1:bPblRCh5jGU+Uptpz6LgMZGD5hJoOt7otgT454WvHn0= -github.com/davidmz/go-pageant v1.0.2/go.mod h1:P2EDDnMqIwG5Rrp05dTRITj9z2zpGcD9efWSkTNKLIE= github.com/deckarep/golang-set v1.7.1/go.mod h1:93vsz/8Wt4joVM7c2AVqh+YRMiUSc14yDtF28KmMOgQ= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f h1:U5y3Y5UE0w7amNe7Z5G/twsBW0KEalRQXZzf8ufSh9I= github.com/desertbit/timer v0.0.0-20180107155436-c41aec40b27f/go.mod h1:xH/i4TFMt8koVQZ6WFms69WAsDWr2XsYL3Hkl7jkoLE= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= -github.com/distribution/reference v0.5.0 h1:/FUIFXtfc/x2gpa5/VGfiGLuOIdYa1t65IKK2OFGvA0= -github.com/distribution/reference v0.5.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= github.com/dnaeon/go-vcr v1.1.0 h1:ReYa/UBrRyQdant9B4fNHGoCNKw6qh6P0fsdGmZpR7c= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= +github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= +github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= @@ -855,11 +853,12 @@ github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU= github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I= github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M= +github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/emicklei/go-restful/v3 v3.11.0 h1:rAQeMHw1c7zTmncogyy8VvRZwtkmkZ4FxERmMY4rD+g= -github.com/emicklei/go-restful/v3 v3.11.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE= +github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g= @@ -880,11 +879,12 @@ github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0+ github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= +github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= -github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= -github.com/evanphx/json-patch/v5 v5.8.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= +github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d h1:105gxyaGwCFad8crR9dcMQWvV9Hvulu6hwUh4tWPJnM= github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZMPRZwes7CROmyNKgQzC3XPs6L/G2EJLHddWejkmf4= github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64= @@ -893,11 +893,10 @@ github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+ne github.com/fatih/camelcase v1.0.0 h1:hxNvNX/xYBp0ovncs8WyWZrOrpBNub/JfaMvbURyft8= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/flowstack/go-jsonschema v0.1.1/go.mod h1:yL7fNggx1o8rm9RlgXv7hTBWxdBM0rVwpMwimd3F3N0= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4= @@ -907,10 +906,10 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw= -github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= +github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= +github.com/fvbommel/sortorder v1.0.1 h1:dSnXLt4mJYH25uDDGa3biZNQsozaUWDSWeKJ0qqFfzE= +github.com/fvbommel/sortorder v1.0.1/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e h1:C3DkNr9pxqXqCrmRHO7s3XgZS3zpi9GEA01GuWZODfo= github.com/gfleury/go-bitbucket-v1 v0.0.0-20220301131131-8e7ed04b843e/go.mod h1:LB3osS9X2JMYmTzcCArHHLrndBAfcVLQAvUddfs+ONs= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= @@ -919,12 +918,10 @@ github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= github.com/gin-gonic/gin v1.6.3 h1:ahKqKTFpO5KTPHxWZjEdPScmYaGtLo8Y4DMHoEsnp14= github.com/gin-gonic/gin v1.6.3/go.mod h1:75u5sXoLsGZoRN5Sgbi1eraJ4GU3++wFwWzhwvtwp4M= -github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= -github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= +github.com/gliderlabs/ssh v0.3.5 h1:OcaySEmAQJgyYcArR+gGGTHCyE7nvhEMTlYY+Dp8CpY= +github.com/gliderlabs/ssh v0.3.5/go.mod h1:8XB4KraRrX39qHhT6yxPsHedjA08I/uBVwj4xC+/+z4= github.com/go-errors/errors v1.4.2 h1:J6MZopCL4uSllY1OfXM374weqZFFItUbrImctkmUxIA= github.com/go-errors/errors v1.4.2/go.mod h1:sIVyrIiJhuEF+Pj9Ebtd6P/rEYROXFi3BopGUQ5a5Og= -github.com/go-fed/httpsig v1.1.0 h1:9M+hb0jkEICD8/cAiNqEB66R87tTINszBRTjwjQzWcI= -github.com/go-fed/httpsig v1.1.0/go.mod h1:RCMrTZvN1bJYtofsG4rd5NaO5obxQ5xBkdiS7xsT7bM= github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= @@ -936,15 +933,13 @@ github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+ github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= -github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= +github.com/go-git/go-git/v5 v5.11.0 h1:XIZc1p+8YzypNr34itUfSvYJcv+eYdTnTvOZ2vD3cA4= +github.com/go-git/go-git/v5 v5.11.0/go.mod h1:6GFcX2P3NM7FPBfpePbpLd21XxsgdAt+lKqXmCUiUCY= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= -github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.10.0/go.mod h1:xUsJbQ/Fp4kEt7AFgCuvyX4a71u8h9jB8tj/ORgOZ7o= @@ -961,49 +956,49 @@ github.com/go-logr/logr v1.0.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= +github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= -github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= -github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= +github.com/go-logr/zapr v1.2.3 h1:a9vnzlIBPQBBkeaR9IuMUfmVOrQlkoC4YfPoFkX3T7A= +github.com/go-logr/zapr v1.2.3/go.mod h1:eIauM6P8qSvTw5o2ez6UEAfGjQKrxQTl5EoK+Qa2oG4= github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY= -github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU= -github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo= +github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc= +github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo= github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w= -github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE= +github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= +github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= +github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= +github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= -github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns= +github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo= +github.com/go-openapi/jsonreference v0.20.1 h1:FBLnyygC4/IZZr893oiomc9XaghoveYTrLC1F86HID8= github.com/go-openapi/jsonreference v0.20.1/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= -github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= -github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco= -github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs= +github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= +github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= -github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY= -github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk= +github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= +github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxRU= +github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c= -github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4= +github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= +github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= +github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= -github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= @@ -1022,8 +1017,6 @@ github.com/go-redis/cache/v9 v9.0.0/go.mod h1:cMwi1N8ASBOufbIvk7cdXe2PbPjK/WMRL9 github.com/go-sql-driver/mysql v1.4.0/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0= @@ -1071,6 +1064,7 @@ github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzq github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= @@ -1108,8 +1102,9 @@ github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9 github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= +github.com/google/gnostic v0.6.9 h1:ZK/5VhkoX835RikCHpSUJV9a+S3e1zLh59YnyWeBW+0= +github.com/google/gnostic v0.6.9/go.mod h1:Nm8234We1lq6iB9OmlgNv3nH91XLLVZHCDayfA3xq+E= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.2.1-0.20190312032427-6f77996f0c42/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -1163,22 +1158,20 @@ github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= +github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= -github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= @@ -1246,22 +1239,22 @@ github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtng github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= -github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v0.9.2 h1:CG6TE5H9/JXsFWJCfoIVpKFIkFe6ysEuHirp4DxCsHI= +github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-retryablehttp v0.5.1/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= -github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= -github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA= +github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= -github.com/hashicorp/go-version v1.6.0 h1:feTTfFNnjP967rlCxM/I9g701jU+RN74YKx2mOkIeek= -github.com/hashicorp/go-version v1.6.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= +github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= +github.com/hashicorp/go-version v1.2.1/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA= github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -1296,6 +1289,7 @@ github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOl github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jeremywohl/flatten v1.0.1 h1:LrsxmB3hfwJuE+ptGOijix1PIfOoKLJ3Uee/mzbgtrs= github.com/jeremywohl/flatten v1.0.1/go.mod h1:4AmD/VxjWcI5SRB0n6szE2A6s2fsNHDLO0nAlMHgfLQ= +github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -1387,15 +1381,13 @@ github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsI github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= @@ -1405,14 +1397,12 @@ github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4 github.com/mattn/go-zglob v0.0.4 h1:LQi2iOm0/fGgu80AioIJ/1j9w9Oh+9DZ39J4VAGzHQM= github.com/mattn/go-zglob v0.0.4/go.mod h1:MxxjyoXXnMxfIpxTK2GAkw1w8glPsQILx3N5wrKakiY= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5 h1:YH424zrwLTlyHSH/GzLMJeu5zhYVZSx5RQxGKm1h96s= github.com/microsoft/azure-devops-go-api/azuredevops v1.0.0-b5/go.mod h1:PoGiBqKSQK1vIfQ+yVaFcGjDySHvym6FM1cNYnwzbrY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= -github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1 h1:lYpkrQH5ajf0OXOcUbGjvZxxijuBwbbmlSxLiuofa+g= -github.com/minio/blake2b-simd v0.0.0-20160723061019-3f5f724cb5b1/go.mod h1:pD8RvIylQ358TN4wwqatJ8rNavkEINozVn9DtGI3dfQ= github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/minio/md5-simd v1.1.2/go.mod h1:MzdKDxYpY2BT9XQFocsiZf/NKVtR7nkE4RoEpN+20RM= github.com/minio/minio-go/v7 v7.0.58/go.mod h1:NUDy4A4oXPq1l2yK6LTSvCEzAMeIcoz9lcj5dbzSrRE= @@ -1422,8 +1412,8 @@ github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMK github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= -github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= +github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= +github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= github.com/mitchellh/iochan v1.0.0/go.mod h1:JwYml1nuB7xOzsp52dPpHFffvOCDupsG0QubkSMEySY= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= @@ -1436,8 +1426,8 @@ github.com/mitchellh/reflectwalk v1.0.0 h1:9D+8oIskB4VJBN5SFlmc27fSlIBZaov1Wpk/I github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= -github.com/moby/term v0.0.0-20221205130635-1aeaba878587 h1:HfkjXDfhgVaN5rmueG8cL8KKeFNecRCXFhaJ2qZ5SKA= -github.com/moby/term v0.0.0-20221205130635-1aeaba878587/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae h1:O4SWKdcHVCvYqyDV+9CJA1fcDN2L11Bule0iFy3YlAI= +github.com/moby/term v0.0.0-20220808134915-39b0c02b01ae/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1457,7 +1447,6 @@ github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRW github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/grpc-proxy v0.0.0-20181017164139-0f1106ef9c76/go.mod h1:x5OoJHDHqxHS801UIuhqGl6QdSAEJvtausosHSdazIo= -github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/nats-io/jwt v0.3.0/go.mod h1:fRYCDE99xlTsqUzISS1Bi75UBJ6ljOJQOAAu5VglpSg= github.com/nats-io/jwt v0.3.2/go.mod h1:/euKqTS1ZD+zzjYrY7pseZrTtWQSjujC7xjPc8wL6eU= @@ -1494,17 +1483,8 @@ github.com/onsi/ginkgo/v2 v2.1.6/go.mod h1:MEH45j8TBi6u9BMogfbp0stKC5cdGjumZj5Y7 github.com/onsi/ginkgo/v2 v2.3.0/go.mod h1:Eew0uilEqZmIEZr8JrvYlvOM7Rr6xzTmMV8AyFNU9d0= github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/ginkgo/v2 v2.5.0/go.mod h1:Luc4sArBICYCS8THh8v3i3i5CuSZO+RaQRaJoeNwomw= +github.com/onsi/ginkgo/v2 v2.7.0 h1:/XxtEV3I3Eif/HobnVx9YmJgk8ENdRsuUmM+fLCFNow= github.com/onsi/ginkgo/v2 v2.7.0/go.mod h1:yjiuMwPokqY1XauOgju45q3sJt6VzQ/Fict1LFVcsAo= -github.com/onsi/ginkgo/v2 v2.8.1/go.mod h1:N1/NbDngAFcSLdyZ+/aYTYGSlq9qMCS/cNKGJjy+csc= -github.com/onsi/ginkgo/v2 v2.9.0/go.mod h1:4xkjoL/tZv4SMWeww56BU5kAt19mVB47gTWxmrTcxyk= -github.com/onsi/ginkgo/v2 v2.9.1/go.mod h1:FEcmzVcCHl+4o9bQZVab+4dC9+j+91t2FHSzmGAPfuo= -github.com/onsi/ginkgo/v2 v2.9.2/go.mod h1:WHcJJG2dIlcCqVfBAwUCrJxSPFb6v4azBwgxeMeDuts= -github.com/onsi/ginkgo/v2 v2.9.5/go.mod h1:tvAoo1QUJwNEU2ITftXTpR7R1RbCzoZUOs3RonqW57k= -github.com/onsi/ginkgo/v2 v2.9.7/go.mod h1:cxrmXWykAwTwhQsJOPfdIDiJ+l2RYq7U8hFU+M/1uw0= -github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM= -github.com/onsi/ginkgo/v2 v2.13.0/go.mod h1:TE309ZR8s5FsKKpuB1YAQYBzCaAfUgatB/xlT/ETL/o= -github.com/onsi/ginkgo/v2 v2.14.0 h1:vSmGj2Z5YPb9JwCWT6z6ihcUvDhuXLc3sJiqd3jMKAY= -github.com/onsi/ginkgo/v2 v2.14.0/go.mod h1:JkUdW7JkN0V6rFvsHcJ478egV3XH9NxpD27Hal/PhZw= github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.5.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= @@ -1515,20 +1495,12 @@ github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9 github.com/onsi/gomega v1.20.1/go.mod h1:DtrZpjmvpn2mPm4YWQa0/ALMDj9v4YxLgojwPeREyVo= github.com/onsi/gomega v1.21.1/go.mod h1:iYAIXgPSaDHak0LCMA+AWBpIKBr8WZicMxnE8luStNc= github.com/onsi/gomega v1.22.1/go.mod h1:x6n7VNe4hw0vkyYUM4mjIXx3JbLiPaBPNgB7PRQ1tuM= +github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.24.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/onsi/gomega v1.24.1/go.mod h1:3AOiACssS3/MajrniINInwbfOOtfZvplPzuRSmvt1jM= github.com/onsi/gomega v1.25.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= -github.com/onsi/gomega v1.26.0/go.mod h1:r+zV744Re+DiYCIPRlYOTxn0YkOLcAnW8k1xXdMPGhM= -github.com/onsi/gomega v1.27.1/go.mod h1:aHX5xOykVYzWOV4WqQy0sy8BQptgukenXpCXfadcIAw= -github.com/onsi/gomega v1.27.3/go.mod h1:5vG284IBtfDAmDyrK+eGyZmUgUlmi+Wngqo557cZ6Gw= -github.com/onsi/gomega v1.27.4/go.mod h1:riYq/GJKh8hhoM01HN6Vmuy93AarCXCBGpvFDK3q3fQ= -github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= -github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4= -github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= +github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= -github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/op/go-logging v0.0.0-20160315200505-970db520ece7/go.mod h1:HzydrMdWErDVzsI23lYNej1Htcns9BCg93Dk0bBINWk= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= @@ -1580,32 +1552,31 @@ github.com/prometheus/client_golang v0.9.3-0.20190127221311-3c4408c8b829/go.mod github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.3.0/go.mod h1:hJaj2vgQTGQmVCsAACORcieXFeDPbaTKGT+JTgUa3og= github.com/prometheus/client_golang v1.7.1/go.mod h1:PY5Wy2awLA44sXw4AOSfFBetzPP4j5+D6mVACh+pe2M= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8= +github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190115171406-56726106282f/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.1.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= +github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= github.com/prometheus/common v0.2.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.7.0/go.mod h1:DjGbpBbp5NYNiECxcL/VnbXCCaQpKd3tt26CguLLsqA= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.15.0/go.mod h1:U+gB1OBLb1lF3O42bTCL+FK18tX9Oar16Clt/msog/s= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= +github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.0-20190117184657-bf6a532e95b1/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= github.com/prometheus/procfs v0.3.0/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.10.1 h1:kYK1Va/YMlutzCGazswoHKo//tZVlFpKYh+PymziUAg= +github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPHWJq+XBB/FM= github.com/r3labs/diff v1.1.0 h1:V53xhrbTHrWFWq3gI4b94AjgEJOerO1+1l0xyHOBi8M= github.com/r3labs/diff v1.1.0/go.mod h1:7WjXasNzi0vJetRcB/RqNl5dlIsmXcTTLmF5IoH6Xig= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= @@ -1626,7 +1597,6 @@ github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFR github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/cors v1.7.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= @@ -1641,8 +1611,8 @@ github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZ github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= +github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= github.com/shopspring/decimal v1.2.0 h1:abSATXmQEYyShuxI4/vyW3tV1MrKAJzCZ/0zLUXYbsQ= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= @@ -1687,15 +1657,15 @@ github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnIn github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/ssor/bom v0.0.0-20170718123548-6386211fdfcf/go.mod h1:RJID2RhlZKId02nZ62WenDCkgHFerpIOmW0iT7GKmXM= +github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8= github.com/streadway/amqp v0.0.0-20190404075320-75d898a42a94/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/amqp v0.0.0-20190827072141-edfb9018d271/go.mod h1:AZpEONHx3DKn8O/DFsRAY58/XVQiIPMTMB1SddzLXVw= github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5JnDBl6z3cMAg/SywNDC5ABu5ApDIw6lUbRmI= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= -github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -1705,11 +1675,15 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/tidwall/gjson v1.14.4 h1:uo0p8EbA09J7RQaflQ1aBRffTR7xedD2bcIVSYxLnkM= +github.com/tidwall/gjson v1.14.4/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= +github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= +github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs= +github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/ugorji/go v1.1.7 h1:/68gy2h+1mWMrwZFeD1kQialdSzAb432dtpeJ42ovdo= github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw= @@ -1733,10 +1707,15 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs= +github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g= github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM= +github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8= +github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= +github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= -github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= +github.com/xlab/treeprint v1.1.0 h1:G/1DjNkPpfZCFt9CSh6b5/nY4VimlbHF3Rh4obvtzDk= +github.com/xlab/treeprint v1.1.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1745,16 +1724,17 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M= -github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= +github.com/yuin/gopher-lua v1.1.0 h1:BojcDhfyDWgU2f2TOzYK/g5p2gxMrku8oupLDqlnSqE= +github.com/yuin/gopher-lua v1.1.0/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw= github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= -go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= -go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= +go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= +go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y= +go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -1785,26 +1765,26 @@ go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= -go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= -go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= +go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd h1:Uo/x0Ir5vQJ+683GXB9Ug+4fcjsbp7z7Ul8UaZbhsRM= +go.starlark.net v0.0.0-20220328144851-d1966c6b9fcd/go.mod h1:t3mmBBPzAVvK0L0n1drDmrQsJ8FoIx4INCqVMTr/Zo0= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ= +go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4= +go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4= go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= -go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM= go.uber.org/zap v1.18.1/go.mod h1:xg/QME4nWcxGxrpdeYfq7UvYrLh66cuVKdrbD1XF/NI= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= +go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181029021203-45a5f77698d3/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20181030102418-4d3f4d9ffa16/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -1819,29 +1799,23 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= -golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8= golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1904,10 +1878,8 @@ golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -1928,6 +1900,7 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -1985,15 +1958,11 @@ golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -2024,10 +1993,8 @@ golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= +golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= -golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= -golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -2046,9 +2013,8 @@ golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -2057,6 +2023,7 @@ golang.org/x/sys v0.0.0-20181026203630-95b1ffbd15a5/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190204203706-41f3e6584952/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -2154,6 +2121,7 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -2163,18 +2131,13 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= @@ -2184,15 +2147,11 @@ golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= -golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/term v0.11.0/go.mod h1:zC9APTIj3jG3FdV/Ons+XE1riIZXG4aZ4GTHiPZJPIU= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= -golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -2210,12 +2169,10 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -2245,6 +2202,7 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -2271,6 +2229,7 @@ golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapK golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200325010219-a49f79bcc224/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -2304,12 +2263,8 @@ golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.4.0/go.mod h1:UE5sM2OK9E/d67R0ANs2xJizIymRP5gJU295PvKXxjQ= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.9.1/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= -golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= -golang.org/x/tools v0.12.0/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ= golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -2320,8 +2275,8 @@ golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNq golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45 h1:juzzlx91nWAOsHuOVfXZPMXHtJEKouZvY9bBbwlOeYs= gomodules.xyz/envconfig v1.3.1-0.20190308184047-426f31af0d45/go.mod h1:41y72mzHT7+jFNgyBpJRrZWuZJcLmLrTpq6iGgOFJMQ= -gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= -gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +gomodules.xyz/jsonpatch/v2 v2.2.0 h1:4pT439QV83L+G9FkcCriY6EkpcK6r6bK+A5FBUMI7qY= +gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY= gomodules.xyz/notify v0.1.1 h1:1tTuoyswmPvzqPCTEDQK8SZ3ukCxLsonAAwst2+y1a0= gomodules.xyz/notify v0.1.1/go.mod h1:QgQyU4xEA/plJcDeT66J2Go2V7U4c0pD9wjo7HfFil4= gomodules.xyz/version v0.1.0/go.mod h1:Y8xuV02mL/45psyPKG3NCVOwvAOy6T5Kx0l3rCjKSjU= @@ -2404,9 +2359,8 @@ google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c= google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= @@ -2440,6 +2394,7 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= @@ -2473,6 +2428,7 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= @@ -2652,6 +2608,9 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk= +gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= +gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= honnef.co/go/tools v0.0.0-20180728063816-88497007e858/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -2661,45 +2620,48 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -k8s.io/api v0.29.6 h1:eDxIl8+PeEpwbe2YyS5RXJ9vdn4hnKWMBf4WUJP9DQM= -k8s.io/api v0.29.6/go.mod h1:ZuUPMhJV74DJXapldbg6upaHfiOjrBb+0ffUbBi1jaw= -k8s.io/apiextensions-apiserver v0.29.6 h1:tUu1N6Zt9GT8KVcPF5aGDqfISz1mveM4yFh7eL5bxmE= -k8s.io/apiextensions-apiserver v0.29.6/go.mod h1:iw1EbwZat08I219qrQKoFMHGo7J9KxPqMpVKxCbNbCs= -k8s.io/apimachinery v0.29.6 h1:CLjJ5b0hWW7531n/njRE3rnusw3rhVGCFftPfnG54CI= -k8s.io/apimachinery v0.29.6/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y= -k8s.io/apiserver v0.29.6 h1:JxgDbpgahOgqoDOf+zVl2mI+rQcHcLQnK6YhhtsjbNs= -k8s.io/apiserver v0.29.6/go.mod h1:HrQwfPWxhwEa+n8/+5YwSF5yT2WXbeyFjqq6KEXHTX8= -k8s.io/cli-runtime v0.29.6 h1:nPbmS6ICW223S0BWTV+sK5xClWe89QB/n16/c5cJwT8= -k8s.io/cli-runtime v0.29.6/go.mod h1:5BzzwnVhtqVJvatDZmSZ6OtiSGqbdn0hKzpRbV3uf5o= -k8s.io/client-go v0.29.6 h1:5E2ebuB/p0F0THuQatyvhDvPL2SIeqwTPrtnrwKob/8= -k8s.io/client-go v0.29.6/go.mod h1:jHZcrQqDplyv20v7eu+iFM4gTpglZSZoMVcKrh8sRGg= -k8s.io/code-generator v0.29.6 h1:Z8T9VMR0mr7V5GG66c6GVAZrIiEy2uFoQwbeVeWLqPA= -k8s.io/code-generator v0.29.6/go.mod h1:7TYnI0dYItL2cKuhhgPSuF3WED9uMdELgbVXFfn/joE= -k8s.io/component-base v0.29.6 h1:XkVJI67FvBgNb/3kKqvaGKokxUrIR0RrksCPNI+JYCs= -k8s.io/component-base v0.29.6/go.mod h1:kIahZm8aw9lV8Vw17LF89REmeBrv5+QEl3v7HsrmITY= -k8s.io/component-helpers v0.29.6 h1:kG/tK0gXPXj6n3Oxn5Eul8nYzer3SejZI3ClwiWkreQ= -k8s.io/component-helpers v0.29.6/go.mod h1:Ltb44cbXci9fy9rytWwYsu8vHfi4fjyQdSwk6UlCR4E= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= -k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/api v0.26.11 h1:hLhTZRdYc3vBBOY4wbEyTLWgMyieOAk2Ws9NG57QqO4= +k8s.io/api v0.26.11/go.mod h1:bSr/A0TKRt5W2OMDdexkM/ER1NxOxiQqNNFXW2nMZrM= +k8s.io/apiextensions-apiserver v0.26.11 h1:6/T0Jm9c+Aw1AYUflPOz2sAsty304/DDSkciTr8+HuE= +k8s.io/apiextensions-apiserver v0.26.11/go.mod h1:xMqWxAB+AvSTdmFRVWlpavY9bJl/3g6yWiPn/fwZbT0= +k8s.io/apimachinery v0.26.11 h1:w//840HHdwSRKqD15j9YX9HLlU6RPlfrvW0xEhLk2+0= +k8s.io/apimachinery v0.26.11/go.mod h1:2/HZp0l6coXtS26du1Bk36fCuAEr/lVs9Q9NbpBtd1Y= +k8s.io/apiserver v0.26.11 h1:JcrlATLu5xQVLV7/rfRFFl9ivvNLmZH0dM3DFFdFp+w= +k8s.io/apiserver v0.26.11/go.mod h1:htEG/Q3sI3+6Is3Z26QzBjaCGICsz/kFj+IhIP4oJuE= +k8s.io/cli-runtime v0.26.11 h1:HO3Sgf06XkT8/8wWnhskfz4+LMKrChRz+A13vDJSQrE= +k8s.io/cli-runtime v0.26.11/go.mod h1:D98GjQtDmqn7WDuKBgWivd6R8qEs3yzT19EmCM5pqBs= +k8s.io/client-go v0.26.11 h1:RjfZr5+vQjjTRmk4oCqHyC0cgrZXPjw+X+ge35sk4GI= +k8s.io/client-go v0.26.11/go.mod h1:+emNszw9va/uRJIM5ALTBtFnlZMTjwBrNjRfEh0iuw8= +k8s.io/code-generator v0.26.11 h1:S0PJxapUhG6LWYezYB/FVE5Gf4BxGY0fCwnLrwfQ/70= +k8s.io/code-generator v0.26.11/go.mod h1:Hjxj7hpvSxcNnYIWzCSuEdwN0/9aHlezQRKJXr0Kv8U= +k8s.io/component-base v0.26.11 h1:1/JmB6fexefGByfFyIK6aHksZZVtaDskttzXOzmZ6zA= +k8s.io/component-base v0.26.11/go.mod h1:jYNisnoM6iWFRUg51pxaQabzL5fBYTr5CMpsLjUYGp0= +k8s.io/component-helpers v0.26.11 h1:XD2/2lik/5n1WFepDvgHzIGL0tix/EU3GaxGJHdsgkA= +k8s.io/component-helpers v0.26.11/go.mod h1:lw3bchkI0NHMPmb+CE73GznPW0Mvqd/Y9UVMEqBkysE= +k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= +k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.5.0/go.mod h1:hy9LJ/NvuK+iVyP4Ehqva4HxZG/oXyIS3n3Jmire4Ec= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/klog/v2 v2.110.1 h1:U/Af64HJf7FcwMcXyKm2RPM22WZzyR7OSpYj5tg3cL0= -k8s.io/klog/v2 v2.110.1/go.mod h1:YGtd1984u+GgbuZ7e08/yBuAfKLSO0+uR1Fhi6ExXjo= -k8s.io/kube-aggregator v0.29.6 h1:jZJjYF58F6kVuGC/kqLfuu7qGHqc2hoVKsDnRj26QRs= -k8s.io/kube-aggregator v0.29.6/go.mod h1:a6z0yORlXVXtGfsVB5PCjh2Soq1S7Wc6fApU6/T2eCE= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= -k8s.io/kubectl v0.29.6 h1:hmkOMyH2uSUV16gIB3Qp2dv09fM2+PGEXz5SH1gwp7Y= -k8s.io/kubectl v0.29.6/go.mod h1:IUpyXy2OCbIMuBMAisDHM9shh5/Nseij4w+HIt0aq6A= -k8s.io/kubernetes v1.29.6 h1:jn8kA/oVOAWZOeoorx6xZ4d+KgGp+Evgi90x9bEI/DE= -k8s.io/kubernetes v1.29.6/go.mod h1:28sDhcb87LX5z3GWAKYmLrhrifxi4W9bEWua4DRTIvk= +k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= +k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= +k8s.io/kube-aggregator v0.26.11 h1:P46aQPWOE+8bTbK2cqxUFP1XwH4ShZEHnlk1T5QFT8U= +k8s.io/kube-aggregator v0.26.11/go.mod h1:XNGLFzn4Ex7qFVqpCnvLUr354EM4QhMFuFSoB6JHmL4= +k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= +k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= +k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= +k8s.io/kubectl v0.26.11 h1:cVPzYA4HKefU3tPiVK7hZpJ+5Lm04XoyvCCY5ODznpQ= +k8s.io/kubectl v0.26.11/go.mod h1:xjEX/AHtEQrGj2AGqVopyHr/JU1hLy1k7Yn48JuK9LQ= +k8s.io/kubernetes v1.26.11 h1:g3r1IAUqsaHnOG2jdpoagJ5W9UCXkR2ljQ/7BmCzPNg= +k8s.io/kubernetes v1.26.11/go.mod h1:z1URAaBJ+XnOTr3Q/l4umxRUxn/OyD2fbkUgS0Bl7u4= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5 h1:kmDqav+P+/5e1i9tFfHq1qcF3sOrDp+YEkVDAHu7Jwk= +k8s.io/utils v0.0.0-20230220204549-a5ecb0141aa5/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427 h1:RZkKxMR3jbQxdCEcglq3j7wY3PRJIopAwBlx1RE71X0= layeh.com/gopher-json v0.0.0-20190114024228-97fed8db8427/go.mod h1:ivKkcY8Zxw5ba0jldhZCYYQfGdb2K6u9tbYK1AwMIBc= lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= @@ -2745,14 +2707,15 @@ rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.14.7 h1:Vrnm2vk9ZFlRkXATHz0W0wXcqNl7kPat8q2JyxVy0Q8= +sigs.k8s.io/controller-runtime v0.14.7/go.mod h1:ErTs3SJCOujNUnTz4AS+uh8hp6DHMo1gj6fFndJT1X8= +sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0= -sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U= -sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag= +sigs.k8s.io/kustomize/api v0.12.1 h1:7YM7gW3kYBwtKvoY216ZzY+8hM+lV53LUayghNRJ0vM= +sigs.k8s.io/kustomize/api v0.12.1/go.mod h1:y3JUhimkZkR6sbLNwfJHxvo1TCLwuwm14sCYnkH6S1s= +sigs.k8s.io/kustomize/kyaml v0.13.9 h1:Qz53EAaFFANyNgyOEJbT/yoIHygK40/ZcvU3rgry2Tk= +sigs.k8s.io/kustomize/kyaml v0.13.9/go.mod h1:QsRbD0/KcU+wdk0/L0fIp2KLnohkVzs6fQ85/nOXac4= sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= diff --git a/hack/dev-mounter/main.go b/hack/dev-mounter/main.go index b74d46c170326..61988b2daa275 100644 --- a/hack/dev-mounter/main.go +++ b/hack/dev-mounter/main.go @@ -33,7 +33,7 @@ func newCommand() *cobra.Command { clientConfig clientcmd.ClientConfig configMaps []string ) - command := cobra.Command{ + var command = cobra.Command{ Run: func(cmd *cobra.Command, args []string) { config, err := clientConfig.ClientConfig() errors.CheckError(err) @@ -87,7 +87,7 @@ func newCommand() *cobra.Command { // Create or update files that are specified in ConfigMap for name, data := range cm.Data { p := path.Join(destPath, name) - err := os.WriteFile(p, []byte(data), 0o644) + err := os.WriteFile(p, []byte(data), 0644) if err != nil { log.Warnf("Failed to create file %s: %v", p, err) } diff --git a/hack/gen-catalog/main.go b/hack/gen-catalog/main.go index ff3da21d6791d..486327e33ee6e 100644 --- a/hack/gen-catalog/main.go +++ b/hack/gen-catalog/main.go @@ -25,7 +25,7 @@ import ( ) func main() { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "gen", Run: func(c *cobra.Command, args []string) { c.HelpFunc()(c, args) @@ -81,8 +81,9 @@ func newCatalogCommand() *cobra.Command { d, err := yaml.Marshal(cm) dieOnError(err, "Failed to marshal final configmap") - err = os.WriteFile(target, d, 0o644) + err = os.WriteFile(target, d, 0644) dieOnError(err, "Failed to write builtin configmap") + }, } } @@ -101,14 +102,14 @@ func newDocsCommand() *cobra.Command { notificationTemplates, notificationTriggers, err := buildConfigFromFS(templatesDir, triggersDir) dieOnError(err, "Failed to build builtin config") generateBuiltInTriggersDocs(&builtItDocsData, notificationTriggers, notificationTemplates) - if err := os.WriteFile("./docs/operator-manual/notifications/catalog.md", builtItDocsData.Bytes(), 0o644); err != nil { + if err := os.WriteFile("./docs/operator-manual/notifications/catalog.md", builtItDocsData.Bytes(), 0644); err != nil { log.Fatal(err) } var commandDocs bytes.Buffer if err := generateCommandsDocs(&commandDocs); err != nil { log.Fatal(err) } - if err := os.WriteFile("./docs/operator-manual/notifications/troubleshooting-commands.md", commandDocs.Bytes(), 0o644); err != nil { + if err := os.WriteFile("./docs/operator-manual/notifications/troubleshooting-commands.md", commandDocs.Bytes(), 0644); err != nil { log.Fatal(err) } }, @@ -117,13 +118,6 @@ func newDocsCommand() *cobra.Command { func generateBuiltInTriggersDocs(out io.Writer, triggers map[string][]triggers.Condition, templates map[string]services.Notification) { _, _ = fmt.Fprintln(out, "# Triggers and Templates Catalog") - - _, _ = fmt.Fprintln(out, "## Getting Started") - _, _ = fmt.Fprintln(out, "* Install Triggers and Templates from the catalog") - _, _ = fmt.Fprintln(out, " ```bash") - _, _ = fmt.Fprintln(out, " kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/notifications_catalog/install.yaml") - _, _ = fmt.Fprintln(out, " ```") - _, _ = fmt.Fprintln(out, "## Triggers") w := tablewriter.NewWriter(out) diff --git a/hack/gen-crd-spec/main.go b/hack/gen-crd-spec/main.go index 16c0022dd1cb1..e7dcd658ef26a 100644 --- a/hack/gen-crd-spec/main.go +++ b/hack/gen-crd-spec/main.go @@ -2,7 +2,6 @@ package main import ( "encoding/json" - "errors" "fmt" "os" "os/exec" @@ -16,16 +15,19 @@ import ( "sigs.k8s.io/yaml" ) -var kindToCRDPath = map[string]string{ - application.ApplicationFullName: "manifests/crds/application-crd.yaml", - application.AppProjectFullName: "manifests/crds/appproject-crd.yaml", - application.ApplicationSetFullName: "manifests/crds/applicationset-crd.yaml", -} +var ( + kindToCRDPath = map[string]string{ + application.ApplicationFullName: "manifests/crds/application-crd.yaml", + application.AppProjectFullName: "manifests/crds/appproject-crd.yaml", + application.ApplicationSetFullName: "manifests/crds/applicationset-crd.yaml", + } +) func getCustomResourceDefinitions() map[string]*extensionsobj.CustomResourceDefinition { crdYamlBytes, err := exec.Command( "controller-gen", "paths=./pkg/apis/application/...", + "crd:trivialVersions=true", "crd:crdVersions=v1", "output:crd:stdout", ).Output() @@ -115,10 +117,6 @@ func removeDescription(v interface{}) { func checkErr(err error) { if err != nil { - var execError *exec.ExitError - if errors.As(err, &execError) { - fmt.Println(string(execError.Stderr)) - } panic(err) } } @@ -151,6 +149,6 @@ func writeCRDintoFile(crd *extensionsobj.CustomResourceDefinition, path string) yamlBytes, err := yaml.JSONToYAML(jsonBytes) checkErr(err) - err = os.WriteFile(path, yamlBytes, 0o644) + err = os.WriteFile(path, yamlBytes, 0644) checkErr(err) } diff --git a/hack/gen-docs/main.go b/hack/gen-docs/main.go index c641e833417d3..f102f4c1d7e89 100644 --- a/hack/gen-docs/main.go +++ b/hack/gen-docs/main.go @@ -20,7 +20,7 @@ func main() { func generateNotificationsDocs() { _ = os.RemoveAll("./docs/operator-manual/notifications/services") - _ = os.MkdirAll("./docs/operator-manual/notifications/services", 0o755) + _ = os.MkdirAll("./docs/operator-manual/notifications/services", 0755) files, err := docs.CopyServicesDocs("./docs/operator-manual/notifications/services") if err != nil { log.Fatal(err) @@ -70,7 +70,7 @@ func updateMkDocsNav(parent string, child string, subchild string, files []strin // it at the YAML parser level. newmkdocs = bytes.Replace(newmkdocs, []byte("site_url: READTHEDOCS_CANONICAL_URL"), []byte("site_url: !ENV READTHEDOCS_CANONICAL_URL"), 1) - return os.WriteFile("mkdocs.yml", newmkdocs, 0o644) + return os.WriteFile("mkdocs.yml", newmkdocs, 0644) } func trimPrefixes(files []string, prefix string) { diff --git a/hack/gen-resources/cmd/commands/cmd.go b/hack/gen-resources/cmd/commands/cmd.go index 5804e4cda8910..ba9ded0c37577 100644 --- a/hack/gen-resources/cmd/commands/cmd.go +++ b/hack/gen-resources/cmd/commands/cmd.go @@ -30,9 +30,10 @@ func initConfig() { // NewCommand returns a new instance of an argocd command func NewCommand() *cobra.Command { + var generateOpts util.GenerateOpts - command := &cobra.Command{ + var command = &cobra.Command{ Use: cliName, Short: "Generator for argocd resources", Run: func(c *cobra.Command, args []string) { @@ -49,7 +50,7 @@ func NewCommand() *cobra.Command { func NewGenerateCommand(opts *util.GenerateOpts) *cobra.Command { var file string - command := &cobra.Command{ + var command = &cobra.Command{ Use: "generate [-f file]", Short: "Generate entities", Long: "Generate entities", @@ -93,7 +94,7 @@ func NewGenerateCommand(opts *util.GenerateOpts) *cobra.Command { } func NewCleanCommand(opts *util.GenerateOpts) *cobra.Command { - command := &cobra.Command{ + var command = &cobra.Command{ Use: "clean", Short: "Clean entities", Long: "Clean entities", diff --git a/hack/gen-resources/generators/project_generator.go b/hack/gen-resources/generators/project_generator.go index 943ecf0239f0a..7eee295af7f07 100644 --- a/hack/gen-resources/generators/project_generator.go +++ b/hack/gen-resources/generators/project_generator.go @@ -3,9 +3,8 @@ package generator import ( "context" "fmt" - "log" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "log" "github.com/argoproj/argo-cd/v2/hack/gen-resources/util" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" diff --git a/hack/gen-resources/util/gen_options_parser.go b/hack/gen-resources/util/gen_options_parser.go index 8446dd5c07754..08fb37ab9b653 100644 --- a/hack/gen-resources/util/gen_options_parser.go +++ b/hack/gen-resources/util/gen_options_parser.go @@ -1,9 +1,8 @@ package util import ( - "os" - "gopkg.in/yaml.v2" + "os" ) type SourceOpts struct { diff --git a/hack/generate-mock.sh b/hack/generate-mock.sh deleted file mode 100755 index 0371b156ac139..0000000000000 --- a/hack/generate-mock.sh +++ /dev/null @@ -1,18 +0,0 @@ -#! /usr/bin/env bash - -set -x -set -o errexit -set -o nounset -set -o pipefail - -# shellcheck disable=SC2128 -PROJECT_ROOT=$( - cd "$(dirname "${BASH_SOURCE}")"/.. - pwd -) -PATH="${PROJECT_ROOT}/dist:${PATH}" - -# output tool versions -mockery --version - -mockery --config ${PROJECT_ROOT}/.mockery.yaml \ No newline at end of file diff --git a/hack/installers/checksums/helm-v3.15.2-darwin-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.15.2-darwin-amd64.tar.gz.sha256 deleted file mode 100644 index 29fbec1a8217e..0000000000000 --- a/hack/installers/checksums/helm-v3.15.2-darwin-amd64.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -e99a9266a5328cb575d81ef10247911f42d9e90c76ef6eef154c5c535565658b helm-v3.15.2-darwin-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.15.2-darwin-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.15.2-darwin-arm64.tar.gz.sha256 deleted file mode 100644 index fa28023088fd1..0000000000000 --- a/hack/installers/checksums/helm-v3.15.2-darwin-arm64.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -30143dabc1da9d32c7d6c589fad04b1f1ecc73841393d5823fa21c5d7f5bf8f6 helm-v3.15.2-darwin-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.15.2-linux-amd64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.15.2-linux-amd64.tar.gz.sha256 deleted file mode 100644 index 6112735da391e..0000000000000 --- a/hack/installers/checksums/helm-v3.15.2-linux-amd64.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -2694b91c3e501cff57caf650e639604a274645f61af2ea4d601677b746b44fe2 helm-v3.15.2-linux-amd64.tar.gz diff --git a/hack/installers/checksums/helm-v3.15.2-linux-arm64.tar.gz.sha256 b/hack/installers/checksums/helm-v3.15.2-linux-arm64.tar.gz.sha256 deleted file mode 100644 index 397aa7df1ce58..0000000000000 --- a/hack/installers/checksums/helm-v3.15.2-linux-arm64.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -adcf07b08484b52508e5cbc8b5f4b0b0db50342f7bc487ecd88b8948b680e6a7 helm-v3.15.2-linux-arm64.tar.gz diff --git a/hack/installers/checksums/helm-v3.15.2-linux-ppc64le.tar.gz.sha256 b/hack/installers/checksums/helm-v3.15.2-linux-ppc64le.tar.gz.sha256 deleted file mode 100644 index 8cd9a695b81c8..0000000000000 --- a/hack/installers/checksums/helm-v3.15.2-linux-ppc64le.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -9d95528fb797f6429f7f9b6dee0cf87bf8c71f6470e1db4a51e844c169c285a3 helm-v3.15.2-linux-ppc64le.tar.gz diff --git a/hack/installers/checksums/helm-v3.15.2-linux-s390x.tar.gz.sha256 b/hack/installers/checksums/helm-v3.15.2-linux-s390x.tar.gz.sha256 deleted file mode 100644 index 354d5237efd70..0000000000000 --- a/hack/installers/checksums/helm-v3.15.2-linux-s390x.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -5b42bc3d08fd0ffaf4f9ed810f28464f52ec4ea431b809c7179071d76f3d6f16 helm-v3.15.2-linux-s390x.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.2_darwin_amd64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.2_darwin_amd64.tar.gz.sha256 deleted file mode 100644 index 33f50b8b23a52..0000000000000 --- a/hack/installers/checksums/kustomize_5.4.2_darwin_amd64.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -d1dadf6d51058cdda6470344c95767e1c283cc5a36d5019eb32f8e43e63bd0df kustomize_5.4.2_darwin_amd64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.2_darwin_arm64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.2_darwin_arm64.tar.gz.sha256 deleted file mode 100644 index daa903d3b0bf8..0000000000000 --- a/hack/installers/checksums/kustomize_5.4.2_darwin_arm64.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -9b7da623cb40542f2dd220fa31d906d9254759b4e27583706e4e846fccba9fab kustomize_5.4.2_darwin_arm64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.2_linux_amd64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.2_linux_amd64.tar.gz.sha256 deleted file mode 100644 index 71cb7ef37cda5..0000000000000 --- a/hack/installers/checksums/kustomize_5.4.2_linux_amd64.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -881c6e9007c7ea2b9ecc214d13f4cdd1f837635dcf4db49ce4479898f7d911a3 kustomize_5.4.2_linux_amd64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.2_linux_arm64.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.2_linux_arm64.tar.gz.sha256 deleted file mode 100644 index ad7a240a0aaac..0000000000000 --- a/hack/installers/checksums/kustomize_5.4.2_linux_arm64.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -175af88af8a7d8d7d6b1f26659060950f0764d00b9979b4e11b61b8b212b7c22 kustomize_5.4.2_linux_arm64.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.2_linux_ppc64le.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.2_linux_ppc64le.tar.gz.sha256 deleted file mode 100644 index ab8410045bd73..0000000000000 --- a/hack/installers/checksums/kustomize_5.4.2_linux_ppc64le.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -be71e5cb95362a111dcee315ee5fb50ec5faac0446571ecc84ba4aa6e1298feb kustomize_5.4.2_linux_ppc64le.tar.gz diff --git a/hack/installers/checksums/kustomize_5.4.2_linux_s390x.tar.gz.sha256 b/hack/installers/checksums/kustomize_5.4.2_linux_s390x.tar.gz.sha256 deleted file mode 100644 index 735958aeece44..0000000000000 --- a/hack/installers/checksums/kustomize_5.4.2_linux_s390x.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -3724d3a711a6f06650ef31e9d6a7c8aaaed0727183d6f61b2103ffc717af68a1 kustomize_5.4.2_linux_s390x.tar.gz diff --git a/hack/installers/install-codegen-go-tools.sh b/hack/installers/install-codegen-go-tools.sh index 1fd3ea5434afe..6c9775ff46274 100755 --- a/hack/installers/install-codegen-go-tools.sh +++ b/hack/installers/install-codegen-go-tools.sh @@ -45,13 +45,10 @@ go_mod_install k8s.io/code-generator/cmd/lister-gen go_mod_install k8s.io/kube-openapi/cmd/openapi-gen # controller-gen is run by ./hack/gen-crd-spec to generate the CRDs -go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0 +go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.4.1 # swagger cli is used to generate swagger docs go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 # goimports is used to auto-format generated code go install golang.org/x/tools/cmd/goimports@v0.1.8 - -# mockery is used to generate mock -go install github.com/vektra/mockery/v2@v2.43.2 \ No newline at end of file diff --git a/hack/installers/install-lint-tools.sh b/hack/installers/install-lint-tools.sh index 54e7b725478c8..b4f68e464b15b 100755 --- a/hack/installers/install-lint-tools.sh +++ b/hack/installers/install-lint-tools.sh @@ -1,4 +1,4 @@ #!/bin/bash set -eux -o pipefail -GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.58.2 +GO111MODULE=on go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.0 diff --git a/hack/known_types/main.go b/hack/known_types/main.go index e6647396c3c39..be8bcfdc7b50c 100644 --- a/hack/known_types/main.go +++ b/hack/known_types/main.go @@ -23,8 +23,10 @@ const ( ) func newCommand() *cobra.Command { - var docsOutputPath string = "" - command := &cobra.Command{ + var ( + docsOutputPath string = "" + ) + var command = &cobra.Command{ Use: "go run github.com/argoproj/argo-cd/hack/known_types ALIAS PACKAGE_PATH OUTPUT_PATH", Example: "go run github.com/argoproj/argo-cd/hack/known_types corev1 k8s.io/api/core/v1 corev1_known_types.go", RunE: func(c *cobra.Command, args []string) error { @@ -77,12 +79,12 @@ import corev1 "k8s.io/api/core/v1" func init() {%s }`, strings.Join(mapItems, "")) if docsOutputPath != "" { - if err = os.WriteFile(docsOutputPath, []byte(strings.Join(docs, "\n")), 0o644); err != nil { + if err = os.WriteFile(docsOutputPath, []byte(strings.Join(docs, "\n")), 0644); err != nil { return err } } - return os.WriteFile(outputPath, []byte(res+"\n"), 0o644) + return os.WriteFile(outputPath, []byte(res+"\n"), 0644) }, } command.Flags().StringVar(&docsOutputPath, "docs", "", "Docs output file path") diff --git a/hack/snyk-report.sh b/hack/snyk-report.sh index 8147c3bba3bc4..074f218289c43 100755 --- a/hack/snyk-report.sh +++ b/hack/snyk-report.sh @@ -37,8 +37,8 @@ git clone https://github.com/argoproj/argo-cd.git cd argo-cd git checkout master -minor_version=$(git tag -l | sort -V | tail -n 1 | grep -Eo '[0-9]+\.[0-9]+') -patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -V | tail -n 1) +minor_version=$(git tag -l | sort -g | tail -n 1 | grep -Eo '[0-9]+\.[0-9]+') +patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -g | tail -n 1) version="v$minor_version.$patch_num" versions="master " @@ -54,7 +54,7 @@ for i in $(seq "$version_count"); do minor_num=$(printf '%s' "$minor_version" | sed -E 's/[0-9]+\.//') minor_num=$((minor_num-1)) minor_version=$(printf '%s' "$minor_version" | sed -E "s/\.[0-9]+$/.$minor_num/g") - patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -V | tail -n 1) + patch_num=$(git tag -l | grep "v$minor_version." | grep -o "[a-z[:digit:]-]*$" | sort -g | tail -n 1) version="v$minor_version.$patch_num" done diff --git a/hack/test.sh b/hack/test.sh index c13718063b862..454a58d749291 100755 --- a/hack/test.sh +++ b/hack/test.sh @@ -4,7 +4,7 @@ set -eux -o pipefail which go-junit-report || go install github.com/jstemmer/go-junit-report@latest TEST_RESULTS=${TEST_RESULTS:-test-results} -TEST_FLAGS=${TEST_FLAGS:-} +TEST_FLAGS= if test "${ARGOCD_TEST_PARALLELISM:-}" != ""; then TEST_FLAGS="$TEST_FLAGS -p $ARGOCD_TEST_PARALLELISM" @@ -15,4 +15,4 @@ fi mkdir -p $TEST_RESULTS -GODEBUG="tarinsecurepath=0,zipinsecurepath=0" ${DIST_DIR}/gotestsum --rerun-fails-report=rerunreport.txt --junitfile=$TEST_RESULTS/junit.xml --format=testname --rerun-fails="$RERUN_FAILS" --packages="$PACKAGES" -- -cover $TEST_FLAGS $* +GODEBUG="tarinsecurepath=0,zipinsecurepath=0" ${DIST_DIR}/gotestsum --rerun-fails-report=rerunreport.txt --junitfile=$TEST_RESULTS/junit.xml --format=testname --rerun-fails="$RERUN_FAILS" --packages="$PACKAGES" -- $TEST_FLAGS $* diff --git a/hack/tool-versions.sh b/hack/tool-versions.sh index d37fad005f803..a49285c88000d 100644 --- a/hack/tool-versions.sh +++ b/hack/tool-versions.sh @@ -11,8 +11,8 @@ # Use ./hack/installers/checksums/add-helm-checksums.sh and # add-kustomize-checksums.sh to help download checksums. ############################################################################### -helm3_version=3.15.2 +helm3_version=3.14.4 kubectl_version=1.17.8 kubectx_version=0.6.3 -kustomize5_version=5.4.2 +kustomize5_version=5.2.1 protoc_version=3.17.3 diff --git a/hack/update-codegen.sh b/hack/update-codegen.sh index cdd932807d784..9f6d15524d04d 100755 --- a/hack/update-codegen.sh +++ b/hack/update-codegen.sh @@ -27,10 +27,10 @@ PATH="${PROJECT_ROOT}/dist:${PATH}" GOPATH=$(go env GOPATH) GOPATH_PROJECT_ROOT="${GOPATH}/src/github.com/argoproj/argo-cd" -TARGET_SCRIPT=/tmp/kube_codegen.sh +TARGET_SCRIPT=/tmp/generate-groups.sh -# codegen utilities are installed outside of kube_codegen.sh so remove the `go install` step in the script. -sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/kube_codegen.sh >${TARGET_SCRIPT} +# codegen utilities are installed outside of generate-groups.sh so remove the `go install` step in the script. +sed -e '/go install/d' ${PROJECT_ROOT}/vendor/k8s.io/code-generator/generate-groups.sh >${TARGET_SCRIPT} # generate-groups.sh assumes codegen utilities are installed to GOBIN, but we just ensure the CLIs # are in the path and invoke them without assumption of their location diff --git a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml index 6bade745f76c1..b24124ccb833f 100644 --- a/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml +++ b/manifests/base/applicationset-controller/argocd-applicationset-controller-deployment.yaml @@ -157,12 +157,6 @@ spec: name: argocd-cmd-params-cm key: applicationsetcontroller.enable.scm.providers optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: applicationsetcontroller.webhook.parallelism.limit - optional: true volumeMounts: - mountPath: /app/config/ssh name: ssh-known-hosts diff --git a/manifests/base/kustomization.yaml b/manifests/base/kustomization.yaml index e80274cddc620..3ffbca3ced4c8 100644 --- a/manifests/base/kustomization.yaml +++ b/manifests/base/kustomization.yaml @@ -5,7 +5,7 @@ kind: Kustomization images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.5 resources: - ./application-controller - ./dex diff --git a/manifests/base/repo-server/argocd-repo-server-deployment.yaml b/manifests/base/repo-server/argocd-repo-server-deployment.yaml index 0e86acd3e3b5e..971b7a21c2151 100644 --- a/manifests/base/repo-server/argocd-repo-server-deployment.yaml +++ b/manifests/base/repo-server/argocd-repo-server-deployment.yaml @@ -203,18 +203,6 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES - valueFrom: - configMapKeyRef: - key: reposerver.include.hidden.directories - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME diff --git a/manifests/base/server/argocd-server-deployment.yaml b/manifests/base/server/argocd-server-deployment.yaml index 24104cb7e026d..1107323b2e3b9 100644 --- a/manifests/base/server/argocd-server-deployment.yaml +++ b/manifests/base/server/argocd-server-deployment.yaml @@ -17,362 +17,332 @@ spec: spec: serviceAccountName: argocd-server containers: - - name: argocd-server - image: quay.io/argoproj/argocd:latest - imagePullPolicy: Always - args: - - /usr/local/bin/argocd-server - env: - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - key: auth - name: argocd-redis - - name: ARGOCD_SERVER_INSECURE - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.insecure - optional: true - - name: ARGOCD_SERVER_BASEHREF - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.basehref - optional: true - - name: ARGOCD_SERVER_ROOTPATH - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.rootpath - optional: true - - name: ARGOCD_SERVER_LOGFORMAT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.log.format - optional: true - - name: ARGOCD_SERVER_LOG_LEVEL - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.log.level - optional: true - - name: ARGOCD_SERVER_REPO_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: repo.server - optional: true - - name: ARGOCD_SERVER_DEX_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.dex.server - optional: true - - name: ARGOCD_SERVER_DISABLE_AUTH - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.disable.auth - optional: true - - name: ARGOCD_SERVER_ENABLE_GZIP - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.enable.gzip - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.repo.server.timeout.seconds - optional: true - - name: ARGOCD_SERVER_X_FRAME_OPTIONS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.x.frame.options - optional: true - - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.content.security.policy - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.repo.server.plaintext - optional: true - - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.repo.server.strict.tls - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.dex.server.plaintext - optional: true - - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.dex.server.strict.tls - optional: true - - name: ARGOCD_TLS_MIN_VERSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.tls.minversion - optional: true - - name: ARGOCD_TLS_MAX_VERSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.tls.maxversion - optional: true - - name: ARGOCD_TLS_CIPHERS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.tls.ciphers - optional: true - - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.connection.status.cache.expiration - optional: true - - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.oidc.cache.expiration - optional: true - - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.login.attempts.expiration - optional: true - - name: ARGOCD_SERVER_STATIC_ASSETS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.staticassets - optional: true - - name: ARGOCD_APP_STATE_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.app.state.cache.expiration - optional: true - - name: REDIS_SERVER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.server - optional: true - - name: REDIS_COMPRESSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.compression - optional: true - - name: REDISDB - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: redis.db - optional: true - - name: ARGOCD_DEFAULT_CACHE_EXPIRATION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.default.cache.expiration - optional: true - - name: ARGOCD_MAX_COOKIE_NUMBER - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.http.cookie.maxnumber - optional: true - - name: ARGOCD_SERVER_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.listen.address - optional: true - - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.metrics.listen.address - optional: true - - name: ARGOCD_SERVER_OTLP_ADDRESS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: otlp.address - optional: true - - name: ARGOCD_SERVER_OTLP_INSECURE - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: otlp.insecure - optional: true - - name: ARGOCD_SERVER_OTLP_HEADERS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: otlp.headers - optional: true - - name: ARGOCD_APPLICATION_NAMESPACES - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: application.namespaces - optional: true - - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.enable.proxy.extension - optional: true - - name: ARGOCD_K8SCLIENT_RETRY_MAX - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.k8sclient.retry.max - optional: true - - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.k8sclient.retry.base.backoff - optional: true - - name: ARGOCD_API_CONTENT_TYPES - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.api.content.types - optional: true - - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: server.webhook.parallelism.limit - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.new.git.file.globbing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.scm.root.ca.path - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: applicationsetcontroller.allowed.scm.providers - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - name: argocd-cmd-params-cm - key: applicationsetcontroller.enable.scm.providers - optional: true - volumeMounts: - - name: ssh-known-hosts - mountPath: /app/config/ssh - - name: tls-certs - mountPath: /app/config/tls - - name: argocd-repo-server-tls - mountPath: /app/config/server/tls - - name: argocd-dex-server-tls - mountPath: /app/config/dex/tls - - mountPath: /home/argocd - name: plugins-home - - mountPath: /tmp - name: tmp - ports: - - containerPort: 8080 - - containerPort: 8083 - livenessProbe: - httpGet: - path: /healthz?full=true - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - timeoutSeconds: 5 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - initialDelaySeconds: 3 - periodSeconds: 30 - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - runAsNonRoot: true - capabilities: - drop: - - ALL - seccompProfile: - type: RuntimeDefault - volumes: - - emptyDir: {} - name: plugins-home - - emptyDir: {} - name: tmp + - name: argocd-server + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + args: + - /usr/local/bin/argocd-server + env: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + key: auth + name: argocd-redis + - name: ARGOCD_SERVER_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.insecure + optional: true + - name: ARGOCD_SERVER_BASEHREF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.basehref + optional: true + - name: ARGOCD_SERVER_ROOTPATH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.rootpath + optional: true + - name: ARGOCD_SERVER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.format + optional: true + - name: ARGOCD_SERVER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.log.level + optional: true + - name: ARGOCD_SERVER_REPO_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: repo.server + optional: true + - name: ARGOCD_SERVER_DEX_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server + optional: true + - name: ARGOCD_SERVER_DISABLE_AUTH + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.disable.auth + optional: true + - name: ARGOCD_SERVER_ENABLE_GZIP + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.gzip + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_TIMEOUT_SECONDS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.timeout.seconds + optional: true + - name: ARGOCD_SERVER_X_FRAME_OPTIONS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.x.frame.options + optional: true + - name: ARGOCD_SERVER_CONTENT_SECURITY_POLICY + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.content.security.policy + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.plaintext + optional: true + - name: ARGOCD_SERVER_REPO_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.repo.server.strict.tls + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_PLAINTEXT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.plaintext + optional: true + - name: ARGOCD_SERVER_DEX_SERVER_STRICT_TLS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.dex.server.strict.tls + optional: true + - name: ARGOCD_TLS_MIN_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.minversion + optional: true + - name: ARGOCD_TLS_MAX_VERSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.maxversion + optional: true + - name: ARGOCD_TLS_CIPHERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.tls.ciphers + optional: true + - name: ARGOCD_SERVER_CONNECTION_STATUS_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.connection.status.cache.expiration + optional: true + - name: ARGOCD_SERVER_OIDC_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.oidc.cache.expiration + optional: true + - name: ARGOCD_SERVER_LOGIN_ATTEMPTS_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.login.attempts.expiration + optional: true + - name: ARGOCD_SERVER_STATIC_ASSETS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.staticassets + optional: true + - name: ARGOCD_APP_STATE_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.app.state.cache.expiration + optional: true + - name: REDIS_SERVER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.server + optional: true + - name: REDIS_COMPRESSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.compression + optional: true + - name: REDISDB + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: redis.db + optional: true + - name: ARGOCD_DEFAULT_CACHE_EXPIRATION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.default.cache.expiration + optional: true + - name: ARGOCD_MAX_COOKIE_NUMBER + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.http.cookie.maxnumber + optional: true + - name: ARGOCD_SERVER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.listen.address + optional: true + - name: ARGOCD_SERVER_METRICS_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.metrics.listen.address + optional: true + - name: ARGOCD_SERVER_OTLP_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.address + optional: true + - name: ARGOCD_SERVER_OTLP_INSECURE + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.insecure + optional: true + - name: ARGOCD_SERVER_OTLP_HEADERS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: otlp.headers + optional: true + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.proxy.extension + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_MAX + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.max + optional: true + - name: ARGOCD_K8SCLIENT_RETRY_BASE_BACKOFF + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.k8sclient.retry.base.backoff + optional: true + - name: ARGOCD_API_CONTENT_TYPES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.api.content.types + optional: true + volumeMounts: - name: ssh-known-hosts - configMap: - name: argocd-ssh-known-hosts-cm + mountPath: /app/config/ssh - name: tls-certs - configMap: - name: argocd-tls-certs-cm + mountPath: /app/config/tls - name: argocd-repo-server-tls - secret: - secretName: argocd-repo-server-tls - optional: true - items: - - key: tls.crt - path: tls.crt - - key: tls.key - path: tls.key - - key: ca.crt - path: ca.crt + mountPath: /app/config/server/tls - name: argocd-dex-server-tls - secret: - secretName: argocd-dex-server-tls - optional: true - items: - - key: tls.crt - path: tls.crt - - key: ca.crt - path: ca.crt + mountPath: /app/config/dex/tls + - mountPath: /home/argocd + name: plugins-home + - mountPath: /tmp + name: tmp + ports: + - containerPort: 8080 + - containerPort: 8083 + livenessProbe: + httpGet: + path: /healthz?full=true + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + initialDelaySeconds: 3 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault + volumes: + - emptyDir: {} + name: plugins-home + - emptyDir: {} + name: tmp + - name: ssh-known-hosts + configMap: + name: argocd-ssh-known-hosts-cm + - name: tls-certs + configMap: + name: argocd-tls-certs-cm + - name: argocd-repo-server-tls + secret: + secretName: argocd-repo-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: tls.key + path: tls.key + - key: ca.crt + path: ca.crt + - name: argocd-dex-server-tls + secret: + secretName: argocd-dex-server-tls + optional: true + items: + - key: tls.crt + path: tls.crt + - key: ca.crt + path: ca.crt affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - - weight: 100 - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/name: argocd-server - topologyKey: kubernetes.io/hostname - - weight: 5 - podAffinityTerm: - labelSelector: - matchLabels: - app.kubernetes.io/part-of: argocd - topologyKey: kubernetes.io/hostname + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/name: argocd-server + topologyKey: kubernetes.io/hostname + - weight: 5 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/part-of: argocd + topologyKey: kubernetes.io/hostname diff --git a/manifests/core-install.yaml b/manifests/core-install.yaml index 33af6be5d3b01..942a7424cdff7 100644 --- a/manifests/core-install.yaml +++ b/manifests/core-install.yaml @@ -29,29 +29,20 @@ spec: name: Revision priority: 10 type: string - - jsonPath: .spec.project - name: Project - priority: 10 - type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -149,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -484,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -823,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -845,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -856,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -880,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -911,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -940,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1269,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1601,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2097,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2442,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2457,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2572,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2929,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3291,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3315,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3326,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3373,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3760,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4114,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4144,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4229,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4260,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4608,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4962,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5062,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5659,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7422,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8019,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11885,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12482,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13079,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16945,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19646,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20305,16 +20303,11 @@ spec: type: string step: type: string - targetRevisions: - items: - type: string - type: array required: - application - message - status - step - - targetRevisions type: object type: array conditions: @@ -20338,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20401,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20433,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20450,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20479,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20494,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20511,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -21268,13 +21224,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -21392,7 +21342,7 @@ spec: - argocd - admin - redis-initial-password - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: IfNotPresent name: secret-init securityContext: @@ -21627,25 +21577,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES - valueFrom: - configMapKeyRef: - key: reposerver.include.hidden.directories - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -21697,7 +21635,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -21969,7 +21907,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/manifests/core-install/kustomization.yaml b/manifests/core-install/kustomization.yaml index 07a82b3707700..c4a7d942cb0ef 100644 --- a/manifests/core-install/kustomization.yaml +++ b/manifests/core-install/kustomization.yaml @@ -12,4 +12,4 @@ resources: images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.5 diff --git a/manifests/crds/application-crd.yaml b/manifests/crds/application-crd.yaml index 55abcb2032ca8..aaf1347f64dfb 100644 --- a/manifests/crds/application-crd.yaml +++ b/manifests/crds/application-crd.yaml @@ -28,29 +28,20 @@ spec: name: Revision priority: 10 type: string - - jsonPath: .spec.project - name: Project - priority: 10 - type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -148,21 +139,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -483,18 +475,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -822,10 +814,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -844,10 +837,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -855,10 +848,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -879,9 +872,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -910,9 +903,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -939,17 +933,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1268,10 +1263,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1600,10 +1595,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2096,10 +2091,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2441,10 +2437,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2456,9 +2453,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2571,21 +2568,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2928,18 +2926,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3290,10 +3289,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3314,10 +3314,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3325,10 +3326,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3372,9 +3374,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3759,10 +3761,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4113,10 +4116,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4143,9 +4147,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4228,9 +4231,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4259,9 +4263,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4607,10 +4612,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4961,10 +4967,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL diff --git a/manifests/crds/applicationset-crd.yaml b/manifests/crds/applicationset-crd.yaml index 8b33949da3786..2668052f431a0 100644 --- a/manifests/crds/applicationset-crd.yaml +++ b/manifests/crds/applicationset-crd.yaml @@ -61,7 +61,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -658,7 +657,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -2421,7 +2419,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -3018,7 +3015,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -6884,7 +6880,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -7481,7 +7476,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8078,7 +8072,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11944,7 +11937,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -14645,7 +14637,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -15304,16 +15295,11 @@ spec: type: string step: type: string - targetRevisions: - items: - type: string - type: array required: - application - message - status - step - - targetRevisions type: object type: array conditions: @@ -15337,37 +15323,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata diff --git a/manifests/crds/appproject-crd.yaml b/manifests/crds/appproject-crd.yaml index 2ebe3c2f4e325..989b3004892f6 100644 --- a/manifests/crds/appproject-crd.yaml +++ b/manifests/crds/appproject-crd.yaml @@ -20,28 +20,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -52,9 +46,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -69,9 +63,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -98,9 +92,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -113,9 +107,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -130,9 +124,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string diff --git a/manifests/ha/base/kustomization.yaml b/manifests/ha/base/kustomization.yaml index ae40b96e8657e..c82a96423d178 100644 --- a/manifests/ha/base/kustomization.yaml +++ b/manifests/ha/base/kustomization.yaml @@ -12,7 +12,7 @@ patches: images: - name: quay.io/argoproj/argocd newName: quay.io/argoproj/argocd - newTag: latest + newTag: v2.11.5 resources: - ../../base/application-controller - ../../base/applicationset-controller diff --git a/manifests/ha/base/redis-ha/chart/upstream.yaml b/manifests/ha/base/redis-ha/chart/upstream.yaml index a9963b70cce1d..3af047e07c540 100644 --- a/manifests/ha/base/redis-ha/chart/upstream.yaml +++ b/manifests/ha/base/redis-ha/chart/upstream.yaml @@ -1091,7 +1091,7 @@ spec: topologyKey: kubernetes.io/hostname initContainers: - name: config-init - image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1115,7 +1115,7 @@ spec: mountPath: /data containers: - name: haproxy - image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent securityContext: allowPrivilegeEscalation: false @@ -1219,7 +1219,7 @@ spec: automountServiceAccountToken: false initContainers: - name: config-init - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent resources: {} @@ -1258,7 +1258,7 @@ spec: containers: - name: redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - redis-server @@ -1321,7 +1321,7 @@ spec: - /bin/sh - /readonly-config/trigger-failover-if-master.sh - name: sentinel - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - redis-sentinel @@ -1378,7 +1378,7 @@ spec: {} - name: split-brain-fix - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent command: - sh diff --git a/manifests/ha/base/redis-ha/chart/values.yaml b/manifests/ha/base/redis-ha/chart/values.yaml index fdf1846bcef5b..abe256292aa09 100644 --- a/manifests/ha/base/redis-ha/chart/values.yaml +++ b/manifests/ha/base/redis-ha/chart/values.yaml @@ -14,7 +14,8 @@ redis-ha: IPv6: enabled: false image: - tag: 2.6.17-alpine + repository: haproxy + tag: 2.6.14-alpine containerSecurityContext: null timeout: server: 6m @@ -23,6 +24,7 @@ redis-ha: metrics: enabled: true image: + repository: redis tag: 7.0.15-alpine containerSecurityContext: null sentinel: diff --git a/manifests/ha/install.yaml b/manifests/ha/install.yaml index 6a533553a0e18..f54cc194d1315 100644 --- a/manifests/ha/install.yaml +++ b/manifests/ha/install.yaml @@ -29,29 +29,20 @@ spec: name: Revision priority: 10 type: string - - jsonPath: .spec.project - name: Project - priority: 10 - type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -149,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -484,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -823,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -845,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -856,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -880,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -911,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -940,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1269,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1601,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2097,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2442,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2457,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2572,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2929,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3291,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3315,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3326,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3373,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3760,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4114,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4144,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4229,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4260,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4608,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4962,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5062,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5659,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7422,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8019,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11885,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12482,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13079,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16945,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19646,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20305,16 +20303,11 @@ spec: type: string step: type: string - targetRevisions: - items: - type: string - type: array required: - application - message - status - step - - targetRevisions type: object type: array conditions: @@ -20338,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20401,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20433,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20450,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20479,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20494,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20511,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -22609,13 +22565,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -22738,7 +22688,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: copyutil securityContext: @@ -22820,7 +22770,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -22900,7 +22850,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -22939,7 +22889,7 @@ spec: - argocd - admin - redis-initial-password - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: IfNotPresent name: secret-init securityContext: @@ -22955,7 +22905,7 @@ spec: - /readonly/haproxy_init.sh command: - sh - image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -23202,25 +23152,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES - valueFrom: - configMapKeyRef: - key: reposerver.include.hidden.directories - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -23272,7 +23210,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -23596,37 +23534,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: server.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.new.git.file.globbing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.scm.root.ca.path - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.allowed.scm.providers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.scm.providers - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: httpGet: @@ -23925,7 +23833,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-application-controller ports: @@ -24008,7 +23916,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -24068,7 +23976,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -24126,7 +24034,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -24161,7 +24069,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: diff --git a/manifests/ha/namespace-install.yaml b/manifests/ha/namespace-install.yaml index e62a9afb57586..97fdb3c774f70 100644 --- a/manifests/ha/namespace-install.yaml +++ b/manifests/ha/namespace-install.yaml @@ -1686,13 +1686,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -1815,7 +1809,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: copyutil securityContext: @@ -1897,7 +1891,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -1977,7 +1971,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -2016,7 +2010,7 @@ spec: - argocd - admin - redis-initial-password - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: IfNotPresent name: secret-init securityContext: @@ -2032,7 +2026,7 @@ spec: - /readonly/haproxy_init.sh command: - sh - image: public.ecr.aws/docker/library/haproxy:2.6.17-alpine + image: haproxy:2.6.14-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: @@ -2279,25 +2273,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES - valueFrom: - configMapKeyRef: - key: reposerver.include.hidden.directories - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -2349,7 +2331,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -2673,37 +2655,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: server.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.new.git.file.globbing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.scm.root.ca.path - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.allowed.scm.providers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.scm.providers - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: httpGet: @@ -3002,7 +2954,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-application-controller ports: @@ -3085,7 +3037,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: preStop: @@ -3145,7 +3097,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent lifecycle: {} livenessProbe: @@ -3203,7 +3155,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: split-brain-fix resources: {} @@ -3238,7 +3190,7 @@ spec: secretKeyRef: key: auth name: argocd-redis - image: public.ecr.aws/docker/library/redis:7.0.15-alpine + image: redis:7.0.15-alpine imagePullPolicy: IfNotPresent name: config-init securityContext: diff --git a/manifests/install.yaml b/manifests/install.yaml index bfeeb639d2645..e36d5a73d3f17 100644 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -29,29 +29,20 @@ spec: name: Revision priority: 10 type: string - - jsonPath: .spec.project - name: Project - priority: 10 - type: string name: v1alpha1 schema: openAPIV3Schema: description: Application is a definition of Application resource. properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -149,21 +140,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version (Helm) + which to sync the application to If omitted, will use the revision + specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must be specified @@ -484,18 +476,18 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be + commit, tag, or branch. If omitted, will equal to HEAD. In case of Helm, this is a semver tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -823,10 +815,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -845,10 +838,10 @@ spec: the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object hook: @@ -856,10 +849,10 @@ spec: perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to supply + the --force flag to `kubectl apply`. The --force flag + deletes and re-create the resource, when PATCH encounters + conflict and has retried for 5 times. type: boolean type: object type: object @@ -880,9 +873,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -911,9 +904,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted managers. + Fields mutated by those managers will take precedence over + the desired state defined in the SCM and won't be displayed + in diffs items: type: string type: array @@ -940,17 +934,18 @@ spec: type: object type: array project: - description: |- - Project is a reference to the project this application belongs to. - The empty string means that application belongs to the 'default' project. + description: Project is a reference to the project this application + belongs to. The empty string means that application belongs to the + 'default' project. type: string revisionHistoryLimit: - description: |- - RevisionHistoryLimit limits the number of items kept in the application's revision history, which is used for informational purposes as well as for rollbacks to previous versions. - This should only be changed in exceptional circumstances. - Setting to zero will store no history. This will reduce storage used. - Increasing will increase the space used to store the history, so we do not recommend increasing it. - Default is 10. + description: RevisionHistoryLimit limits the number of items kept + in the application's revision history, which is used for informational + purposes as well as for rollbacks to previous versions. This should + only be changed in exceptional circumstances. Setting to zero will + store no history. This will reduce storage used. Increasing will + increase the space used to store the history, so we do not recommend + increasing it. Default is 10. format: int64 type: integer source: @@ -1269,10 +1264,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -1601,10 +1596,10 @@ spec: that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. type: string required: - repoURL @@ -2097,10 +2092,11 @@ spec: Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2442,10 +2438,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -2457,9 +2454,9 @@ spec: type: object type: array observedAt: - description: |- - ObservedAt indicates when the application state was updated without querying latest git state - Deprecated: controller no longer updates ObservedAt field + description: 'ObservedAt indicates when the application state was + updated without querying latest git state Deprecated: controller + no longer updates ObservedAt field' format: date-time type: string operationState: @@ -2572,21 +2569,22 @@ spec: type: object type: array revision: - description: |- - Revision is the revision (Git) or chart version (Helm) which to sync the application to - If omitted, will use the revision specified in app spec. + description: Revision is the revision (Git) or chart version + (Helm) which to sync the application to If omitted, + will use the revision specified in app spec. type: string revisions: - description: |- - Revisions is the list of revision (Git) or chart version (Helm) which to sync each source in sources field for the application to - If omitted, will use the revision specified in app spec. + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. items: type: string type: array source: - description: |- - Source overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Source overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation properties: chart: description: Chart is a Helm chart name, and must @@ -2929,18 +2927,19 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL type: object sources: - description: |- - Sources overrides the source definition set in the application. - This is typically set in a Rollback operation and is nil during a Sync operation + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation items: description: ApplicationSource contains all required information about the source of an application @@ -3291,10 +3290,11 @@ spec: (Git or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. type: string required: - repoURL @@ -3315,10 +3315,11 @@ spec: to perform the sync. properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object hook: @@ -3326,10 +3327,11 @@ spec: to perform the sync. This is the default strategy properties: force: - description: |- - Force indicates whether or not to supply the --force flag to `kubectl apply`. - The --force flag deletes and re-create the resource, when PATCH encounters conflict and has - retried for 5 times. + description: Force indicates whether or not to + supply the --force flag to `kubectl apply`. + The --force flag deletes and re-create the resource, + when PATCH encounters conflict and has retried + for 5 times. type: boolean type: object type: object @@ -3373,9 +3375,9 @@ spec: description: Group specifies the API group of the resource type: string hookPhase: - description: |- - HookPhase contains the state of any operation associated with this resource OR hook - This can also contain values for non-hook resources. + description: HookPhase contains the state of any operation + associated with this resource OR hook This can also + contain values for non-hook resources. type: string hookType: description: HookType specifies the type of the hook. @@ -3760,10 +3762,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4114,10 +4117,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -4144,9 +4148,8 @@ spec: description: Resources is a list of Kubernetes resources managed by this application items: - description: |- - ResourceStatus holds the current sync and health status of a resource - TODO: describe members of this type + description: 'ResourceStatus holds the current sync and health status + of a resource TODO: describe members of this type' properties: group: type: string @@ -4229,9 +4232,10 @@ spec: if Server is not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace + for the application's resources. The namespace will + only be set for namespace-scoped resources that have + not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -4260,9 +4264,10 @@ spec: kind: type: string managedFieldsManagers: - description: |- - ManagedFieldsManagers is a list of trusted managers. Fields mutated by those managers will take precedence over the - desired state defined in the SCM and won't be displayed in diffs + description: ManagedFieldsManagers is a list of trusted + managers. Fields mutated by those managers will take + precedence over the desired state defined in the SCM + and won't be displayed in diffs items: type: string type: array @@ -4608,10 +4613,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. type: string required: - repoURL @@ -4962,10 +4968,11 @@ spec: or Helm) that contains the application manifests type: string targetRevision: - description: |- - TargetRevision defines the revision of the source to sync the application to. - In case of Git, this can be commit, tag, or branch. If omitted, will equal to HEAD. - In case of Helm, this is a semver tag for the Chart's version. + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. type: string required: - repoURL @@ -5062,7 +5069,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -5659,7 +5665,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -7422,7 +7427,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -8019,7 +8023,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -11885,7 +11888,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array template: @@ -12482,7 +12484,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic name: type: string requeueAfterSeconds: @@ -13079,7 +13080,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic template: properties: metadata: @@ -16945,7 +16945,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array mergeKeys: @@ -19646,7 +19645,6 @@ spec: type: string type: object type: object - x-kubernetes-map-type: atomic type: object type: array goTemplate: @@ -20305,16 +20303,11 @@ spec: type: string step: type: string - targetRevisions: - items: - type: string - type: array required: - application - message - status - step - - targetRevisions type: object type: array conditions: @@ -20338,37 +20331,6 @@ spec: - type type: object type: array - resources: - items: - properties: - group: - type: string - health: - properties: - message: - type: string - status: - type: string - type: object - hook: - type: boolean - kind: - type: string - name: - type: string - namespace: - type: string - requiresPruning: - type: boolean - status: - type: string - syncWave: - format: int64 - type: integer - version: - type: string - type: object - type: array type: object required: - metadata @@ -20401,28 +20363,22 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - AppProject provides a logical grouping of applications, providing controls for: - * where the apps may deploy to (cluster whitelist) - * what may be deployed (repository whitelist, resource whitelist/blacklist) - * who can access these applications (roles, OIDC group claims bindings) - * and what they can do (RBAC policies) - * automation access to these roles (JWT tokens) + description: 'AppProject provides a logical grouping of applications, providing + controls for: * where the apps may deploy to (cluster whitelist) * what + may be deployed (repository whitelist, resource whitelist/blacklist) * who + can access these applications (roles, OIDC group claims bindings) * and + what they can do (RBAC policies) * automation access to these roles (JWT + tokens)' properties: apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -20433,9 +20389,9 @@ spec: description: ClusterResourceBlacklist contains list of blacklisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20450,9 +20406,9 @@ spec: description: ClusterResourceWhitelist contains list of whitelisted cluster level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20479,9 +20435,9 @@ spec: not set. type: string namespace: - description: |- - Namespace specifies the target namespace for the application's resources. - The namespace will only be set for namespace-scoped resources that have not set a value for .metadata.namespace + description: Namespace specifies the target namespace for the + application's resources. The namespace will only be set for + namespace-scoped resources that have not set a value for .metadata.namespace type: string server: description: Server specifies the URL of the target cluster's @@ -20494,9 +20450,9 @@ spec: description: NamespaceResourceBlacklist contains list of blacklisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -20511,9 +20467,9 @@ spec: description: NamespaceResourceWhitelist contains list of whitelisted namespace level resources items: - description: |- - GroupKind specifies a Group and a Kind, but does not force a version. This is useful for identifying - concepts during lookup stages without having partially valid types + description: GroupKind specifies a Group and a Kind, but does not + force a version. This is useful for identifying concepts during + lookup stages without having partially valid types properties: group: type: string @@ -21726,13 +21682,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -21855,7 +21805,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: copyutil securityContext: @@ -21937,7 +21887,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -22037,7 +21987,7 @@ spec: - argocd - admin - redis-initial-password - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: IfNotPresent name: secret-init securityContext: @@ -22272,25 +22222,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES - valueFrom: - configMapKeyRef: - key: reposerver.include.hidden.directories - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -22342,7 +22280,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -22664,37 +22602,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: server.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.new.git.file.globbing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.scm.root.ca.path - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.allowed.scm.providers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.scm.providers - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: httpGet: @@ -22993,7 +22901,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index d062411bb42b8..0e0d76070b234 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -803,13 +803,7 @@ spec: key: applicationsetcontroller.enable.scm.providers name: argocd-cmd-params-cm optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-applicationset-controller ports: @@ -932,7 +926,7 @@ spec: - -n - /usr/local/bin/argocd - /shared/argocd-dex - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: copyutil securityContext: @@ -1014,7 +1008,7 @@ spec: key: notificationscontroller.selfservice.enabled name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: tcpSocket: @@ -1114,7 +1108,7 @@ spec: - argocd - admin - redis-initial-password - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: IfNotPresent name: secret-init securityContext: @@ -1349,25 +1343,13 @@ spec: key: reposerver.git.request.timeout name: argocd-cmd-params-cm optional: true - - name: ARGOCD_GRPC_MAX_SIZE_MB - valueFrom: - configMapKeyRef: - key: reposerver.grpc.max.size - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_REPO_SERVER_INCLUDE_HIDDEN_DIRECTORIES - valueFrom: - configMapKeyRef: - key: reposerver.include.hidden.directories - name: argocd-cmd-params-cm - optional: true - name: HELM_CACHE_HOME value: /helm-working-dir - name: HELM_CONFIG_HOME value: /helm-working-dir - name: HELM_DATA_HOME value: /helm-working-dir - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: failureThreshold: 3 @@ -1419,7 +1401,7 @@ spec: - -n - /usr/local/bin/argocd - /var/run/argocd/argocd-cmp-server - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 name: copyutil securityContext: allowPrivilegeEscalation: false @@ -1741,37 +1723,7 @@ spec: key: server.api.content.types name: argocd-cmd-params-cm optional: true - - name: ARGOCD_SERVER_WEBHOOK_PARALLELISM_LIMIT - valueFrom: - configMapKeyRef: - key: server.webhook.parallelism.limit - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_NEW_GIT_FILE_GLOBBING - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.new.git.file.globbing - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_SCM_ROOT_CA_PATH - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.scm.root.ca.path - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ALLOWED_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.allowed.scm.providers - name: argocd-cmd-params-cm - optional: true - - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_SCM_PROVIDERS - valueFrom: - configMapKeyRef: - key: applicationsetcontroller.enable.scm.providers - name: argocd-cmd-params-cm - optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always livenessProbe: httpGet: @@ -2070,7 +2022,7 @@ spec: key: controller.ignore.normalizer.jq.timeout name: argocd-cmd-params-cm optional: true - image: quay.io/argoproj/argocd:latest + image: quay.io/argoproj/argocd:v2.11.5 imagePullPolicy: Always name: argocd-application-controller ports: diff --git a/notification_controller/controller/controller.go b/notification_controller/controller/controller.go index 1bc3e73a6fbd7..7d871af4c44a3 100644 --- a/notification_controller/controller/controller.go +++ b/notification_controller/controller/controller.go @@ -18,6 +18,7 @@ import ( "github.com/argoproj/argo-cd/v2/util/notification/settings" + "github.com/argoproj/argo-cd/v2/pkg/apis/application" "github.com/argoproj/notifications-engine/pkg/api" "github.com/argoproj/notifications-engine/pkg/controller" "github.com/argoproj/notifications-engine/pkg/services" @@ -31,8 +32,6 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application" ) const ( @@ -91,8 +90,7 @@ func NewController( configMapInformer: configMapInformer, appInformer: appInformer, appProjInformer: appProjInformer, - apiFactory: apiFactory, - } + apiFactory: apiFactory} skipProcessingOpt := controller.WithSkipProcessing(func(obj v1.Object) (bool, string) { app, ok := (obj).(*unstructured.Unstructured) if !ok { @@ -139,6 +137,7 @@ func (c *notificationController) alterDestinations(obj v1.Object, destinations s } func newInformer(resClient dynamic.ResourceInterface, controllerNamespace string, applicationNamespaces []string, selector string) cache.SharedIndexInformer { + informer := cache.NewSharedIndexInformer( &cache.ListWatch{ ListFunc: func(options v1.ListOptions) (runtime.Object, error) { @@ -166,7 +165,9 @@ func newInformer(resClient dynamic.ResourceInterface, controllerNamespace string &unstructured.Unstructured{}, resyncPeriod, cache.Indexers{ - cache.NamespaceIndex: cache.MetaNamespaceIndexFunc, + cache.NamespaceIndex: func(obj interface{}) ([]string, error) { + return cache.MetaNamespaceIndexFunc(obj) + }, }, ) return informer diff --git a/notification_controller/controller/controller_test.go b/notification_controller/controller/controller_test.go index ca901cf2c1890..4eedb28f5e001 100644 --- a/notification_controller/controller/controller_test.go +++ b/notification_controller/controller/controller_test.go @@ -5,16 +5,14 @@ import ( "testing" "time" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/dynamic/fake" k8sfake "k8s.io/client-go/kubernetes/fake" "k8s.io/client-go/tools/cache" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) func TestIsAppSyncStatusRefreshed(t *testing.T) { @@ -134,7 +132,7 @@ func TestInit(t *testing.T) { err = nc.Init(ctx) - require.NoError(t, err) + assert.NoError(t, err) } } @@ -170,7 +168,7 @@ func TestInitTimeout(t *testing.T) { err = nc.Init(ctx) // Expect an error & add assertion for the error message - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, "Timed out waiting for caches to sync", err.Error()) } diff --git a/pkg/apiclient/apiclient.go b/pkg/apiclient/apiclient.go index 52164255164ae..83e841dd99bea 100644 --- a/pkg/apiclient/apiclient.go +++ b/pkg/apiclient/apiclient.go @@ -62,10 +62,14 @@ const ( EnvArgoCDServer = "ARGOCD_SERVER" // EnvArgoCDAuthToken is the environment variable to look for an Argo CD auth token EnvArgoCDAuthToken = "ARGOCD_AUTH_TOKEN" + // EnvArgoCDgRPCMaxSizeMB is the environment variable to look for a max gRPC message size + EnvArgoCDgRPCMaxSizeMB = "ARGOCD_GRPC_MAX_SIZE_MB" ) -// MaxGRPCMessageSize contains max grpc message size -var MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 200, 0, math.MaxInt32) * 1024 * 1024 +var ( + // MaxGRPCMessageSize contains max grpc message size + MaxGRPCMessageSize = env.ParseNumFromEnv(EnvArgoCDgRPCMaxSizeMB, 200, 0, math.MaxInt32) * 1024 * 1024 +) // Client defines an interface for interaction with an Argo CD server. type Client interface { @@ -334,11 +338,11 @@ func (c *client) OIDCConfig(ctx context.Context, set *settingspkg.Settings) (*oa } provider, err := oidc.NewProvider(ctx, issuerURL) if err != nil { - return nil, nil, fmt.Errorf("Failed to query provider %q: %w", issuerURL, err) + return nil, nil, fmt.Errorf("Failed to query provider %q: %v", issuerURL, err) } oidcConf, err := oidcutil.ParseConfig(provider) if err != nil { - return nil, nil, fmt.Errorf("Failed to parse provider config: %w", err) + return nil, nil, fmt.Errorf("Failed to parse provider config: %v", err) } scopes = oidcutil.GetScopesOrDefault(scopes) if oidcutil.OfflineAccess(oidcConf.ScopesSupported) { @@ -845,7 +849,7 @@ func (c *client) WatchApplicationWithRetry(ctx context.Context, appName string, } func isCanceledContextErr(err error) bool { - if err != nil && errors.Is(err, context.Canceled) { + if err == context.Canceled { return true } if stat, ok := status.FromError(err); ok { diff --git a/pkg/apiclient/apiclient_test.go b/pkg/apiclient/apiclient_test.go index 221b20eb07bcc..b4b35d0b80d48 100644 --- a/pkg/apiclient/apiclient_test.go +++ b/pkg/apiclient/apiclient_test.go @@ -4,17 +4,16 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func Test_parseHeaders(t *testing.T) { t.Run("Header parsed successfully", func(t *testing.T) { headerString := []string{"foo:", "foo1:bar1", "foo2:bar2:bar2"} headers, err := parseHeaders(headerString) - require.NoError(t, err) - assert.Equal(t, "", headers.Get("foo")) - assert.Equal(t, "bar1", headers.Get("foo1")) - assert.Equal(t, "bar2:bar2", headers.Get("foo2")) + assert.NoError(t, err) + assert.Equal(t, headers.Get("foo"), "") + assert.Equal(t, headers.Get("foo1"), "bar1") + assert.Equal(t, headers.Get("foo2"), "bar2:bar2") }) t.Run("Header parsed error", func(t *testing.T) { @@ -28,9 +27,9 @@ func Test_parseGRPCHeaders(t *testing.T) { t.Run("Header parsed successfully", func(t *testing.T) { headerStrings := []string{"origin: https://foo.bar", "content-length: 123"} headers, err := parseGRPCHeaders(headerStrings) - require.NoError(t, err) - assert.Equal(t, []string{" https://foo.bar"}, headers.Get("origin")) - assert.Equal(t, []string{" 123"}, headers.Get("content-length")) + assert.NoError(t, err) + assert.Equal(t, headers.Get("origin"), []string{" https://foo.bar"}) + assert.Equal(t, headers.Get("content-length"), []string{" 123"}) }) t.Run("Header parsed error", func(t *testing.T) { diff --git a/pkg/apiclient/application/application.pb.go b/pkg/apiclient/application/application.pb.go index 2f73469d1049f..2f87272d3ed3e 100644 --- a/pkg/apiclient/application/application.pb.go +++ b/pkg/apiclient/application/application.pb.go @@ -214,12 +214,8 @@ type RevisionMetadataQuery struct { // the revision of the app Revision *string `protobuf:"bytes,2,req,name=revision" json:"revision,omitempty"` // the application's namespace - AppNamespace *string `protobuf:"bytes,3,opt,name=appNamespace" json:"appNamespace,omitempty"` - Project *string `protobuf:"bytes,4,opt,name=project" json:"project,omitempty"` - // source index (for multi source apps) - SourceIndex *int32 `protobuf:"varint,5,opt,name=sourceIndex" json:"sourceIndex,omitempty"` - // versionId from historical data (for multi source apps) - VersionId *int32 `protobuf:"varint,6,opt,name=versionId" json:"versionId,omitempty"` + AppNamespace *string `protobuf:"bytes,3,opt,name=appNamespace" json:"appNamespace,omitempty"` + Project *string `protobuf:"bytes,4,opt,name=project" json:"project,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -286,20 +282,6 @@ func (m *RevisionMetadataQuery) GetProject() string { return "" } -func (m *RevisionMetadataQuery) GetSourceIndex() int32 { - if m != nil && m.SourceIndex != nil { - return *m.SourceIndex - } - return 0 -} - -func (m *RevisionMetadataQuery) GetVersionId() int32 { - if m != nil && m.VersionId != nil { - return *m.VersionId - } - return 0 -} - // ApplicationEventsQuery is a query for application resource events type ApplicationResourceEventsQuery struct { Name *string `protobuf:"bytes,1,req,name=name" json:"name,omitempty"` @@ -2842,179 +2824,177 @@ func init() { } var fileDescriptor_df6e82b174b5eaec = []byte{ - // 2742 bytes of a gzipped FileDescriptorProto + // 2711 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x5a, 0x4d, 0x8c, 0x1b, 0x49, - 0x15, 0xa6, 0xec, 0xf1, 0x8c, 0xe7, 0x79, 0x26, 0x93, 0xd4, 0x26, 0x83, 0xd7, 0x99, 0x0d, 0xde, - 0x4e, 0xb2, 0x71, 0x26, 0x19, 0x3b, 0x31, 0x01, 0x65, 0x67, 0x77, 0x05, 0xc9, 0xe4, 0x17, 0x26, - 0xd9, 0xd0, 0x93, 0x10, 0xb4, 0x1c, 0xa0, 0xb6, 0xbb, 0xc6, 0xd3, 0x4c, 0xbb, 0xbb, 0xd3, 0xdd, - 0x76, 0x18, 0x85, 0x5c, 0x16, 0xed, 0x05, 0xad, 0x40, 0xc0, 0x1e, 0x10, 0x42, 0x80, 0x16, 0xad, - 0x84, 0x10, 0x88, 0x0b, 0x42, 0x48, 0x08, 0x09, 0x0e, 0x20, 0x38, 0x20, 0xad, 0xe0, 0xc8, 0x05, - 0x45, 0x88, 0x23, 0x5c, 0xf6, 0x8c, 0x50, 0x55, 0x57, 0x75, 0x57, 0xfb, 0xa7, 0xed, 0xc1, 0x46, - 0x9b, 0x5b, 0xbf, 0x72, 0xd5, 0x7b, 0xdf, 0x7b, 0xf5, 0xea, 0xbd, 0x57, 0xaf, 0x0c, 0x27, 0x02, - 0xea, 0x77, 0xa9, 0xdf, 0x20, 0x9e, 0x67, 0x5b, 0x06, 0x09, 0x2d, 0xd7, 0x51, 0xbf, 0xeb, 0x9e, - 0xef, 0x86, 0x2e, 0x2e, 0x29, 0x43, 0x95, 0x95, 0x96, 0xeb, 0xb6, 0x6c, 0xda, 0x20, 0x9e, 0xd5, - 0x20, 0x8e, 0xe3, 0x86, 0x7c, 0x38, 0x88, 0xa6, 0x56, 0xb4, 0xdd, 0x8b, 0x41, 0xdd, 0x72, 0xf9, - 0xaf, 0x86, 0xeb, 0xd3, 0x46, 0xf7, 0x7c, 0xa3, 0x45, 0x1d, 0xea, 0x93, 0x90, 0x9a, 0x62, 0xce, - 0x85, 0x64, 0x4e, 0x9b, 0x18, 0x3b, 0x96, 0x43, 0xfd, 0xbd, 0x86, 0xb7, 0xdb, 0x62, 0x03, 0x41, - 0xa3, 0x4d, 0x43, 0x32, 0x68, 0xd5, 0x66, 0xcb, 0x0a, 0x77, 0x3a, 0xaf, 0xd7, 0x0d, 0xb7, 0xdd, - 0x20, 0x7e, 0xcb, 0xf5, 0x7c, 0xf7, 0x4b, 0xfc, 0x63, 0xcd, 0x30, 0x1b, 0xdd, 0x66, 0xc2, 0x40, - 0xd5, 0xa5, 0x7b, 0x9e, 0xd8, 0xde, 0x0e, 0xe9, 0xe7, 0x76, 0x75, 0x04, 0x37, 0x9f, 0x7a, 0xae, - 0xb0, 0x0d, 0xff, 0xb4, 0x42, 0xd7, 0xdf, 0x53, 0x3e, 0x23, 0x36, 0xda, 0xfb, 0x08, 0x0e, 0x5e, - 0x4a, 0xe4, 0x7d, 0xa6, 0x43, 0xfd, 0x3d, 0x8c, 0x61, 0xc6, 0x21, 0x6d, 0x5a, 0x46, 0x55, 0x54, - 0x9b, 0xd7, 0xf9, 0x37, 0x2e, 0xc3, 0x9c, 0x4f, 0xb7, 0x7d, 0x1a, 0xec, 0x94, 0x73, 0x7c, 0x58, - 0x92, 0xb8, 0x02, 0x45, 0x26, 0x9c, 0x1a, 0x61, 0x50, 0xce, 0x57, 0xf3, 0xb5, 0x79, 0x3d, 0xa6, - 0x71, 0x0d, 0x96, 0x7c, 0x1a, 0xb8, 0x1d, 0xdf, 0xa0, 0x9f, 0xa5, 0x7e, 0x60, 0xb9, 0x4e, 0x79, - 0x86, 0xaf, 0xee, 0x1d, 0x66, 0x5c, 0x02, 0x6a, 0x53, 0x23, 0x74, 0xfd, 0x72, 0x81, 0x4f, 0x89, - 0x69, 0x86, 0x87, 0x01, 0x2f, 0xcf, 0x46, 0x78, 0xd8, 0x37, 0xd6, 0x60, 0x81, 0x78, 0xde, 0x6d, - 0xd2, 0xa6, 0x81, 0x47, 0x0c, 0x5a, 0x9e, 0xe3, 0xbf, 0xa5, 0xc6, 0x18, 0x66, 0x81, 0xa4, 0x5c, - 0xe4, 0xc0, 0x24, 0xa9, 0x6d, 0xc0, 0xfc, 0x6d, 0xd7, 0xa4, 0xc3, 0xd5, 0xed, 0x65, 0x9f, 0xeb, - 0x67, 0xaf, 0xfd, 0x1e, 0xc1, 0x11, 0x9d, 0x76, 0x2d, 0x86, 0xff, 0x16, 0x0d, 0x89, 0x49, 0x42, - 0xd2, 0xcb, 0x31, 0x17, 0x73, 0xac, 0x40, 0xd1, 0x17, 0x93, 0xcb, 0x39, 0x3e, 0x1e, 0xd3, 0x7d, - 0xd2, 0xf2, 0xd9, 0xca, 0x44, 0x26, 0x94, 0x24, 0xae, 0x42, 0x29, 0xb2, 0xe5, 0x4d, 0xc7, 0xa4, - 0x5f, 0xe6, 0xd6, 0x2b, 0xe8, 0xea, 0x10, 0x5e, 0x81, 0xf9, 0x6e, 0x64, 0xe7, 0x9b, 0x26, 0xb7, - 0x62, 0x41, 0x4f, 0x06, 0xb4, 0x7f, 0x22, 0x38, 0xa6, 0xf8, 0x80, 0x2e, 0x76, 0xe6, 0x6a, 0x97, - 0x3a, 0x61, 0x30, 0x5c, 0xa1, 0xb3, 0x70, 0x48, 0x6e, 0x62, 0xaf, 0x9d, 0xfa, 0x7f, 0x60, 0x2a, - 0xaa, 0x83, 0x52, 0x45, 0x75, 0x8c, 0x29, 0x22, 0xe9, 0x7b, 0x37, 0xaf, 0x08, 0x35, 0xd5, 0xa1, - 0x3e, 0x43, 0x15, 0xb2, 0x0d, 0x35, 0x9b, 0x32, 0x94, 0xf6, 0x1e, 0x82, 0xb2, 0xa2, 0xe8, 0x2d, - 0xe2, 0x58, 0xdb, 0x34, 0x08, 0xc7, 0xdd, 0x33, 0x34, 0xc5, 0x3d, 0xab, 0xc1, 0x52, 0xa4, 0xd5, - 0x1d, 0x76, 0x1e, 0x59, 0xfc, 0x29, 0x17, 0xaa, 0xf9, 0x5a, 0x5e, 0xef, 0x1d, 0x66, 0x7b, 0x27, - 0x65, 0x06, 0xe5, 0x59, 0xee, 0xc6, 0xc9, 0x80, 0xf6, 0x3c, 0xcc, 0x5f, 0xb3, 0x6c, 0xba, 0xb1, - 0xd3, 0x71, 0x76, 0xf1, 0x61, 0x28, 0x18, 0xec, 0x83, 0xeb, 0xb0, 0xa0, 0x47, 0x84, 0xf6, 0x4d, - 0x04, 0xcf, 0x0f, 0xd3, 0xfa, 0xbe, 0x15, 0xee, 0xb0, 0xf5, 0xc1, 0x30, 0xf5, 0x8d, 0x1d, 0x6a, - 0xec, 0x06, 0x9d, 0xb6, 0x74, 0x59, 0x49, 0x4f, 0xa6, 0xbe, 0xf6, 0x13, 0x04, 0xb5, 0x91, 0x98, - 0xee, 0xfb, 0xc4, 0xf3, 0xa8, 0x8f, 0xaf, 0x41, 0xe1, 0x01, 0xfb, 0x81, 0x1f, 0xd0, 0x52, 0xb3, - 0x5e, 0x57, 0x03, 0xfc, 0x48, 0x2e, 0x37, 0x3e, 0xa4, 0x47, 0xcb, 0x71, 0x5d, 0x9a, 0x27, 0xc7, - 0xf9, 0x2c, 0xa7, 0xf8, 0xc4, 0x56, 0x64, 0xf3, 0xf9, 0xb4, 0xcb, 0xb3, 0x30, 0xe3, 0x11, 0x3f, - 0xd4, 0x8e, 0xc0, 0x33, 0xe9, 0xe3, 0xe1, 0xb9, 0x4e, 0x40, 0xb5, 0x5f, 0xa7, 0xbd, 0x69, 0xc3, - 0xa7, 0x24, 0xa4, 0x3a, 0x7d, 0xd0, 0xa1, 0x41, 0x88, 0x77, 0x41, 0xcd, 0x39, 0xdc, 0xaa, 0xa5, - 0xe6, 0xcd, 0x7a, 0x12, 0xb4, 0xeb, 0x32, 0x68, 0xf3, 0x8f, 0x2f, 0x18, 0x66, 0xbd, 0xdb, 0xac, - 0x7b, 0xbb, 0xad, 0x3a, 0x4b, 0x01, 0x29, 0x64, 0x32, 0x05, 0xa8, 0xaa, 0xea, 0x2a, 0x77, 0xbc, - 0x0c, 0xb3, 0x1d, 0x2f, 0xa0, 0x7e, 0xc8, 0x35, 0x2b, 0xea, 0x82, 0x62, 0xfb, 0xd7, 0x25, 0xb6, - 0x65, 0x92, 0x30, 0xda, 0x9f, 0xa2, 0x1e, 0xd3, 0xda, 0x6f, 0xd2, 0xe8, 0xef, 0x79, 0xe6, 0x07, - 0x85, 0x5e, 0x45, 0x99, 0x4b, 0xa3, 0x54, 0x3d, 0x28, 0x9f, 0xf6, 0xa0, 0x5f, 0xa4, 0xf1, 0x5f, - 0xa1, 0x36, 0x4d, 0xf0, 0x0f, 0x72, 0xe6, 0x32, 0xcc, 0x19, 0x24, 0x30, 0x88, 0x29, 0xa5, 0x48, - 0x92, 0x05, 0x32, 0xcf, 0x77, 0x3d, 0xd2, 0xe2, 0x9c, 0xee, 0xb8, 0xb6, 0x65, 0xec, 0x09, 0x71, - 0xfd, 0x3f, 0xf4, 0x39, 0xfe, 0x4c, 0xb6, 0xe3, 0x17, 0xd2, 0xb0, 0x8f, 0x43, 0x69, 0x6b, 0xcf, - 0x31, 0x5e, 0xf5, 0xa2, 0xc3, 0x7d, 0x18, 0x0a, 0x56, 0x48, 0xdb, 0x41, 0x19, 0xf1, 0x83, 0x1d, - 0x11, 0xda, 0x7f, 0x0a, 0xb0, 0xac, 0xe8, 0xc6, 0x16, 0x64, 0x69, 0x96, 0x15, 0xa5, 0x96, 0x61, - 0xd6, 0xf4, 0xf7, 0xf4, 0x8e, 0x23, 0x1c, 0x40, 0x50, 0x4c, 0xb0, 0xe7, 0x77, 0x9c, 0x08, 0x7e, - 0x51, 0x8f, 0x08, 0xbc, 0x0d, 0xc5, 0x20, 0x64, 0x55, 0x46, 0x6b, 0x8f, 0x03, 0x2f, 0x35, 0x3f, - 0x35, 0xd9, 0xa6, 0x33, 0xe8, 0x5b, 0x82, 0xa3, 0x1e, 0xf3, 0xc6, 0x0f, 0x58, 0x4c, 0x8b, 0x02, - 0x5d, 0x50, 0x9e, 0xab, 0xe6, 0x6b, 0xa5, 0xe6, 0xd6, 0xe4, 0x82, 0x5e, 0xf5, 0x58, 0x85, 0xa4, - 0x64, 0x30, 0x3d, 0x91, 0xc2, 0xc2, 0x68, 0x5b, 0xc4, 0x87, 0x40, 0x54, 0x03, 0xc9, 0x00, 0xfe, - 0x1c, 0x14, 0x2c, 0x67, 0xdb, 0x0d, 0xca, 0xf3, 0x1c, 0xcc, 0xe5, 0xc9, 0xc0, 0xdc, 0x74, 0xb6, - 0x5d, 0x3d, 0x62, 0x88, 0x1f, 0xc0, 0xa2, 0x4f, 0x43, 0x7f, 0x4f, 0x5a, 0xa1, 0x0c, 0xdc, 0xae, - 0x9f, 0x9e, 0x4c, 0x82, 0xae, 0xb2, 0xd4, 0xd3, 0x12, 0xf0, 0x3a, 0x94, 0x82, 0xc4, 0xc7, 0xca, - 0x25, 0x2e, 0xb0, 0x9c, 0x62, 0xa4, 0xf8, 0xa0, 0xae, 0x4e, 0xee, 0xf3, 0xee, 0x85, 0x6c, 0xef, - 0x5e, 0x1c, 0x99, 0xd5, 0x0e, 0x8c, 0x91, 0xd5, 0x96, 0x7a, 0xb3, 0xda, 0xbf, 0x11, 0xac, 0xf4, - 0x05, 0xa7, 0x2d, 0x8f, 0x66, 0x1e, 0x03, 0x02, 0x33, 0x81, 0x47, 0x0d, 0x9e, 0xa9, 0x4a, 0xcd, - 0x5b, 0x53, 0x8b, 0x56, 0x5c, 0x2e, 0x67, 0x9d, 0x15, 0x50, 0x27, 0x8c, 0x0b, 0x3f, 0x40, 0xf0, - 0x61, 0x45, 0xe6, 0x1d, 0x12, 0x1a, 0x3b, 0x59, 0xca, 0xb2, 0xf3, 0xcb, 0xe6, 0x88, 0xbc, 0x1c, - 0x11, 0xcc, 0xaa, 0xfc, 0xe3, 0xee, 0x9e, 0xc7, 0x00, 0xb2, 0x5f, 0x92, 0x81, 0x09, 0x8b, 0xa7, - 0x9f, 0x22, 0xa8, 0xa8, 0x31, 0xdc, 0xb5, 0xed, 0xd7, 0x89, 0xb1, 0x9b, 0x05, 0xf2, 0x00, 0xe4, - 0x2c, 0x93, 0x23, 0xcc, 0xeb, 0x39, 0xcb, 0xdc, 0x67, 0x30, 0xea, 0x85, 0x3b, 0x9b, 0x0d, 0x77, - 0x2e, 0x0d, 0xf7, 0xfd, 0x1e, 0xb8, 0x32, 0x24, 0x64, 0xc0, 0x5d, 0x81, 0x79, 0xa7, 0xa7, 0x90, - 0x4d, 0x06, 0x06, 0x14, 0xb0, 0xb9, 0xbe, 0x02, 0xb6, 0x0c, 0x73, 0xdd, 0xf8, 0x9a, 0xc3, 0x7e, - 0x96, 0x24, 0x53, 0xb1, 0xe5, 0xbb, 0x1d, 0x4f, 0x18, 0x3d, 0x22, 0x18, 0x8a, 0x5d, 0xcb, 0x61, - 0x25, 0x39, 0x47, 0xc1, 0xbe, 0xf7, 0x7f, 0xb1, 0x49, 0xa9, 0xfd, 0xb3, 0x1c, 0x7c, 0x64, 0x80, - 0xda, 0x23, 0xfd, 0xe9, 0xe9, 0xd0, 0x3d, 0xf6, 0xea, 0xb9, 0xa1, 0x5e, 0x5d, 0x1c, 0xe5, 0xd5, - 0xf3, 0xd9, 0xf6, 0x82, 0xb4, 0xbd, 0x7e, 0x9c, 0x83, 0xea, 0x00, 0x7b, 0x8d, 0x2e, 0x27, 0x9e, - 0x1a, 0x83, 0x6d, 0xbb, 0xbe, 0xf0, 0x92, 0xa2, 0x1e, 0x11, 0xec, 0x9c, 0xb9, 0xbe, 0xb7, 0x43, - 0x1c, 0xee, 0x1d, 0x45, 0x5d, 0x50, 0x13, 0x9a, 0xea, 0x6b, 0x39, 0x28, 0x4b, 0xfb, 0x5c, 0x32, - 0xb8, 0xb5, 0x3a, 0xce, 0xd3, 0x6f, 0xa2, 0x65, 0x98, 0x25, 0x1c, 0xad, 0x70, 0x2a, 0x41, 0xf5, - 0x19, 0xa3, 0x98, 0x6d, 0x8c, 0xf9, 0xb4, 0x31, 0xde, 0x44, 0x70, 0x34, 0x6d, 0x8c, 0x60, 0xd3, - 0x0a, 0x42, 0x79, 0x39, 0xc0, 0xdb, 0x30, 0x17, 0xc9, 0x89, 0x4a, 0xbb, 0x52, 0x73, 0x73, 0xd2, - 0x84, 0x9f, 0x32, 0xbc, 0x64, 0xae, 0xbd, 0x08, 0x47, 0x07, 0x46, 0x39, 0x01, 0xa3, 0x02, 0x45, - 0x59, 0xe4, 0x88, 0xad, 0x89, 0x69, 0xed, 0xcd, 0x99, 0x74, 0xca, 0x71, 0xcd, 0x4d, 0xb7, 0x95, - 0x71, 0xdf, 0xcf, 0xde, 0x4e, 0x66, 0x2a, 0xd7, 0x54, 0xae, 0xf6, 0x92, 0x64, 0xeb, 0x0c, 0xd7, - 0x09, 0x89, 0xe5, 0x50, 0x5f, 0x64, 0xc5, 0x64, 0x80, 0x6d, 0x43, 0x60, 0x39, 0x06, 0xdd, 0xa2, - 0x86, 0xeb, 0x98, 0x01, 0xdf, 0xcf, 0xbc, 0x9e, 0x1a, 0xc3, 0x37, 0x60, 0x9e, 0xd3, 0x77, 0xad, - 0x76, 0x94, 0x06, 0x4a, 0xcd, 0xd5, 0x7a, 0xd4, 0x83, 0xab, 0xab, 0x3d, 0xb8, 0xc4, 0x86, 0x6d, - 0x1a, 0x92, 0x7a, 0xf7, 0x7c, 0x9d, 0xad, 0xd0, 0x93, 0xc5, 0x0c, 0x4b, 0x48, 0x2c, 0x7b, 0xd3, - 0x72, 0x78, 0xe1, 0xc9, 0x44, 0x25, 0x03, 0xcc, 0x55, 0xb6, 0x5d, 0xdb, 0x76, 0x1f, 0xca, 0x73, - 0x13, 0x51, 0x6c, 0x55, 0xc7, 0x09, 0x2d, 0x9b, 0xcb, 0x8f, 0x1c, 0x21, 0x19, 0xe0, 0xab, 0x2c, - 0x3b, 0xa4, 0xbe, 0x38, 0x30, 0x82, 0x8a, 0x9d, 0xb1, 0x14, 0xb5, 0x95, 0xe4, 0x79, 0x8d, 0xdc, - 0x76, 0x41, 0x75, 0xdb, 0xde, 0xa3, 0xb0, 0x38, 0xa0, 0x37, 0xc2, 0xbb, 0x6c, 0xb4, 0x6b, 0xb9, - 0x1d, 0x56, 0x53, 0xf1, 0xd2, 0x43, 0xd2, 0x7d, 0xae, 0xbc, 0x94, 0xed, 0xca, 0x07, 0xd3, 0xae, - 0xfc, 0x5b, 0x04, 0xc5, 0x4d, 0xb7, 0x75, 0xd5, 0x09, 0xfd, 0x3d, 0x7e, 0x4b, 0x72, 0x9d, 0x90, - 0x3a, 0xd2, 0x5f, 0x24, 0xc9, 0x36, 0x21, 0xb4, 0xda, 0x74, 0x2b, 0x24, 0x6d, 0x4f, 0xd4, 0x58, - 0xfb, 0xda, 0x84, 0x78, 0x31, 0x33, 0x8c, 0x4d, 0x82, 0x90, 0x9f, 0xf8, 0xa2, 0xce, 0xbf, 0x99, - 0x0a, 0xf1, 0x84, 0xad, 0xd0, 0x17, 0xc7, 0x3d, 0x35, 0xa6, 0xba, 0x58, 0x21, 0xc2, 0x26, 0x48, - 0xad, 0x0d, 0xcf, 0xc6, 0xc5, 0xff, 0x5d, 0xea, 0xb7, 0x2d, 0x87, 0x64, 0x47, 0xef, 0x31, 0xda, - 0x7b, 0x19, 0x77, 0x4f, 0x37, 0x75, 0xe8, 0x58, 0x2d, 0x7d, 0xdf, 0x72, 0x4c, 0xf7, 0x61, 0xc6, - 0xe1, 0x99, 0x4c, 0xe0, 0x5f, 0xd2, 0x1d, 0x3a, 0x45, 0x62, 0x7c, 0xd2, 0x6f, 0xc0, 0x22, 0x8b, - 0x09, 0x5d, 0x2a, 0x7e, 0x10, 0x61, 0x47, 0x1b, 0xd6, 0x2c, 0x49, 0x78, 0xe8, 0xe9, 0x85, 0x78, - 0x13, 0x96, 0x48, 0x10, 0x58, 0x2d, 0x87, 0x9a, 0x92, 0x57, 0x6e, 0x6c, 0x5e, 0xbd, 0x4b, 0xa3, - 0x6b, 0x37, 0x9f, 0x21, 0xf6, 0x5b, 0x92, 0xda, 0x57, 0x11, 0x1c, 0x19, 0xc8, 0x24, 0x3e, 0x39, - 0x48, 0x09, 0xe3, 0x15, 0x28, 0x06, 0xc6, 0x0e, 0x35, 0x3b, 0x36, 0x95, 0xbd, 0x28, 0x49, 0xb3, - 0xdf, 0xcc, 0x4e, 0xb4, 0xfb, 0x22, 0x8d, 0xc4, 0x34, 0x3e, 0x06, 0xd0, 0x26, 0x4e, 0x87, 0xd8, - 0x1c, 0xc2, 0x0c, 0x87, 0xa0, 0x8c, 0x68, 0x2b, 0x50, 0x19, 0xe4, 0x3a, 0xa2, 0xc7, 0xf3, 0x2f, - 0x04, 0x07, 0x64, 0x50, 0x15, 0xbb, 0x5b, 0x83, 0x25, 0xc5, 0x0c, 0xb7, 0x93, 0x8d, 0xee, 0x1d, - 0x1e, 0x11, 0x30, 0xa5, 0x97, 0xe4, 0xd3, 0x4d, 0xf6, 0x6e, 0xaa, 0x4d, 0x3e, 0x76, 0xbe, 0x43, - 0x53, 0xaa, 0x1f, 0xbf, 0x02, 0xe5, 0x5b, 0xc4, 0x21, 0x2d, 0x6a, 0xc6, 0x6a, 0xc7, 0x2e, 0xf6, - 0x45, 0xb5, 0x59, 0x31, 0x71, 0x6b, 0x20, 0x2e, 0xb5, 0xac, 0xed, 0x6d, 0xd9, 0xf8, 0xf0, 0xa1, - 0xb8, 0x69, 0x39, 0xbb, 0xec, 0xfe, 0xcc, 0x34, 0x0e, 0xad, 0xd0, 0x96, 0xd6, 0x8d, 0x08, 0x7c, - 0x10, 0xf2, 0x1d, 0xdf, 0x16, 0x1e, 0xc0, 0x3e, 0x71, 0x15, 0x4a, 0x26, 0x0d, 0x0c, 0xdf, 0xf2, - 0xc4, 0xfe, 0xf3, 0xa6, 0xb1, 0x32, 0xc4, 0xf6, 0xc1, 0x32, 0x5c, 0x67, 0xc3, 0x26, 0x41, 0x20, - 0x13, 0x50, 0x3c, 0xa0, 0xbd, 0x0c, 0x8b, 0x4c, 0x66, 0xa2, 0xe6, 0x99, 0xb4, 0x9a, 0x47, 0x52, - 0xf0, 0x25, 0x3c, 0x89, 0x98, 0xc0, 0x33, 0x2c, 0xef, 0x5f, 0xf2, 0x3c, 0xc1, 0x64, 0xcc, 0x72, - 0x28, 0x3f, 0x28, 0x7f, 0x0e, 0xec, 0x95, 0x36, 0xff, 0x76, 0x1c, 0xb0, 0x7a, 0x4e, 0xa8, 0xdf, - 0xb5, 0x0c, 0x8a, 0xbf, 0x85, 0x60, 0x86, 0x89, 0xc6, 0xcf, 0x0d, 0x3b, 0x96, 0xdc, 0x5f, 0x2b, - 0xd3, 0xbb, 0x08, 0x33, 0x69, 0xda, 0xca, 0x1b, 0x7f, 0xfd, 0xc7, 0xb7, 0x73, 0xcb, 0xf8, 0x30, - 0x7f, 0x21, 0xeb, 0x9e, 0x57, 0x5f, 0xab, 0x02, 0xfc, 0x16, 0x02, 0x2c, 0xea, 0x20, 0xe5, 0x0d, - 0x01, 0x9f, 0x19, 0x06, 0x71, 0xc0, 0x5b, 0x43, 0xe5, 0x39, 0x25, 0xab, 0xd4, 0x0d, 0xd7, 0xa7, - 0x2c, 0x87, 0xf0, 0x09, 0x1c, 0xc0, 0x2a, 0x07, 0x70, 0x02, 0x6b, 0x83, 0x00, 0x34, 0x1e, 0x31, - 0x8b, 0x3e, 0x6e, 0xd0, 0x48, 0xee, 0x3b, 0x08, 0x0a, 0xf7, 0xf9, 0x1d, 0x62, 0x84, 0x91, 0xb6, - 0xa6, 0x66, 0x24, 0x2e, 0x8e, 0xa3, 0xd5, 0x8e, 0x73, 0xa4, 0xcf, 0xe1, 0xa3, 0x12, 0x69, 0x10, - 0xfa, 0x94, 0xb4, 0x53, 0x80, 0xcf, 0x21, 0xfc, 0x2e, 0x82, 0xd9, 0xa8, 0x79, 0x8c, 0x4f, 0x0e, - 0x43, 0x99, 0x6a, 0x2e, 0x57, 0xa6, 0xd7, 0x89, 0xd5, 0x4e, 0x73, 0x8c, 0xc7, 0xb5, 0x81, 0xdb, - 0xb9, 0x9e, 0xea, 0xd3, 0xbe, 0x8d, 0x20, 0x7f, 0x9d, 0x8e, 0xf4, 0xb7, 0x29, 0x82, 0xeb, 0x33, - 0xe0, 0x80, 0xad, 0xc6, 0x3f, 0x42, 0xf0, 0xec, 0x75, 0x1a, 0x0e, 0x4e, 0x8f, 0xb8, 0x36, 0x3a, - 0x67, 0x09, 0xb7, 0x3b, 0x33, 0xc6, 0xcc, 0x38, 0x2f, 0x34, 0x38, 0xb2, 0xd3, 0xf8, 0x54, 0x96, - 0x13, 0x06, 0x7b, 0x8e, 0xf1, 0x50, 0xe0, 0xf8, 0x13, 0x82, 0x83, 0xbd, 0x6f, 0x85, 0x38, 0x9d, - 0x50, 0x07, 0x3e, 0x25, 0x56, 0x6e, 0x4f, 0x1a, 0x65, 0xd3, 0x4c, 0xb5, 0x4b, 0x1c, 0xf9, 0x4b, - 0xf8, 0xc5, 0x2c, 0xe4, 0x71, 0x27, 0xae, 0xf1, 0x48, 0x7e, 0x3e, 0xe6, 0xef, 0xda, 0x1c, 0xf6, - 0x9f, 0x11, 0x1c, 0x96, 0x7c, 0x37, 0x76, 0x88, 0x1f, 0x5e, 0xa1, 0xac, 0x86, 0x0e, 0xc6, 0xd2, - 0x67, 0xc2, 0xac, 0xa1, 0xca, 0xd3, 0xae, 0x72, 0x5d, 0x3e, 0x81, 0x5f, 0xd9, 0xb7, 0x2e, 0x06, - 0x63, 0x63, 0x0a, 0xd8, 0x6f, 0x20, 0x58, 0xb8, 0x4e, 0xc3, 0x5b, 0x71, 0x37, 0xf8, 0xe4, 0x58, - 0x2f, 0x4c, 0x95, 0x95, 0xba, 0xf2, 0x9c, 0x2e, 0x7f, 0x8a, 0x5d, 0x64, 0x8d, 0x83, 0x3b, 0x85, - 0x4f, 0x66, 0x81, 0x4b, 0x3a, 0xd0, 0xef, 0x20, 0x38, 0xa2, 0x82, 0x48, 0x5e, 0xe6, 0x3e, 0xb6, - 0xbf, 0xf7, 0x2e, 0xf1, 0x6a, 0x36, 0x02, 0x5d, 0x93, 0xa3, 0x3b, 0xab, 0x0d, 0x76, 0xe0, 0x76, - 0x1f, 0x8a, 0x75, 0xb4, 0x5a, 0x43, 0xf8, 0x77, 0x08, 0x66, 0xa3, 0x66, 0xec, 0x70, 0x1b, 0xa5, - 0x5e, 0x92, 0xa6, 0x19, 0x0d, 0xc4, 0x6e, 0x57, 0xce, 0x0d, 0x36, 0xa8, 0xba, 0x5e, 0xba, 0x6a, - 0x9d, 0x5b, 0x39, 0x1d, 0xc6, 0x7e, 0x89, 0x00, 0x92, 0x86, 0x32, 0x3e, 0x9d, 0xad, 0x87, 0xd2, - 0x74, 0xae, 0x4c, 0xb7, 0xa5, 0xac, 0xd5, 0xb9, 0x3e, 0xb5, 0x4a, 0x35, 0x33, 0x86, 0x78, 0xd4, - 0x58, 0x8f, 0x9a, 0xcf, 0x3f, 0x44, 0x50, 0xe0, 0x7d, 0x3c, 0x7c, 0x62, 0x18, 0x66, 0xb5, 0xcd, - 0x37, 0x4d, 0xd3, 0xbf, 0xc0, 0xa1, 0x56, 0x9b, 0x59, 0x81, 0x78, 0x1d, 0xad, 0xe2, 0x2e, 0xcc, - 0x46, 0x9d, 0xb3, 0xe1, 0xee, 0x91, 0xea, 0xac, 0x55, 0xaa, 0x19, 0x85, 0x41, 0xe4, 0xa8, 0x22, - 0x07, 0xac, 0x8e, 0xca, 0x01, 0x33, 0x2c, 0x4c, 0xe3, 0xe3, 0x59, 0x41, 0xfc, 0xff, 0x60, 0x98, - 0x33, 0x1c, 0xdd, 0x49, 0xad, 0x3a, 0x2a, 0x0f, 0x30, 0xeb, 0x7c, 0x07, 0xc1, 0xc1, 0xde, 0xe2, - 0x1a, 0x1f, 0xed, 0x89, 0x99, 0xea, 0x5d, 0xa3, 0x92, 0xb6, 0xe2, 0xb0, 0xc2, 0x5c, 0xfb, 0x24, - 0x47, 0xb1, 0x8e, 0x2f, 0x8e, 0x3c, 0x19, 0xb7, 0x65, 0xd4, 0x61, 0x8c, 0xd6, 0x92, 0xd7, 0xb1, - 0x5f, 0x21, 0x58, 0x90, 0x7c, 0xef, 0xfa, 0x94, 0x66, 0xc3, 0x9a, 0xde, 0x41, 0x60, 0xb2, 0xb4, - 0x97, 0x39, 0xfc, 0x8f, 0xe3, 0x0b, 0x63, 0xc2, 0x97, 0xb0, 0xd7, 0x42, 0x86, 0xf4, 0x0f, 0x08, - 0x0e, 0xdd, 0x8f, 0xfc, 0xfe, 0x03, 0xc2, 0xbf, 0xc1, 0xf1, 0xbf, 0x82, 0x5f, 0xca, 0xa8, 0xf3, - 0x46, 0xa9, 0x71, 0x0e, 0xe1, 0x9f, 0x23, 0x28, 0xca, 0x57, 0x15, 0x7c, 0x6a, 0xe8, 0xc1, 0x48, - 0xbf, 0xbb, 0x4c, 0xd3, 0x99, 0x45, 0x51, 0xa3, 0x9d, 0xc8, 0x4c, 0xa7, 0x42, 0x3e, 0x73, 0xe8, - 0xb7, 0x11, 0xe0, 0xf8, 0xce, 0x1c, 0xdf, 0xa2, 0xf1, 0x0b, 0x29, 0x51, 0x43, 0x1b, 0x33, 0x95, - 0x53, 0x23, 0xe7, 0xa5, 0x53, 0xe9, 0x6a, 0x66, 0x2a, 0x75, 0x63, 0xf9, 0x5f, 0x47, 0x50, 0xba, - 0x4e, 0xe3, 0x3b, 0x48, 0x86, 0x2d, 0xd3, 0x8f, 0x42, 0x95, 0xda, 0xe8, 0x89, 0x02, 0xd1, 0x59, - 0x8e, 0xe8, 0x05, 0x9c, 0x6d, 0x2a, 0x09, 0xe0, 0x7b, 0x08, 0x16, 0xef, 0xa8, 0x2e, 0x8a, 0xcf, - 0x8e, 0x92, 0x94, 0x8a, 0xe4, 0xe3, 0xe3, 0xfa, 0x28, 0xc7, 0xb5, 0xa6, 0x8d, 0x85, 0x6b, 0x5d, - 0xbc, 0xaf, 0x7c, 0x1f, 0x45, 0x97, 0xd8, 0x9e, 0x7e, 0xf6, 0xff, 0x6a, 0xb7, 0x8c, 0xb6, 0xb8, - 0x76, 0x81, 0xe3, 0xab, 0xe3, 0xb3, 0xe3, 0xe0, 0x6b, 0x88, 0x26, 0x37, 0xfe, 0x2e, 0x82, 0x43, - 0xfc, 0xad, 0x41, 0x65, 0xdc, 0x93, 0x62, 0x86, 0xbd, 0x4c, 0x8c, 0x91, 0x62, 0x44, 0xfc, 0xd1, - 0xf6, 0x05, 0x6a, 0x5d, 0xbe, 0x23, 0x7c, 0x03, 0xc1, 0x01, 0x99, 0xd4, 0xc4, 0xee, 0xae, 0x8d, - 0x32, 0xdc, 0x7e, 0x93, 0xa0, 0x70, 0xb7, 0xd5, 0xf1, 0xdc, 0xed, 0x5d, 0x04, 0x73, 0xa2, 0x9b, - 0x9f, 0x51, 0x2a, 0x28, 0xed, 0xfe, 0x4a, 0x4f, 0x8f, 0x43, 0x34, 0x83, 0xb5, 0xcf, 0x73, 0xb1, - 0xf7, 0x70, 0x23, 0x4b, 0xac, 0xe7, 0x9a, 0x41, 0xe3, 0x91, 0xe8, 0xc4, 0x3e, 0x6e, 0xd8, 0x6e, - 0x2b, 0x78, 0x4d, 0xc3, 0x99, 0x09, 0x91, 0xcd, 0x39, 0x87, 0x70, 0x08, 0xf3, 0xcc, 0x39, 0x78, - 0xe3, 0x04, 0x57, 0x7b, 0xda, 0x2c, 0x7d, 0x3d, 0x95, 0x4a, 0xa5, 0xaf, 0x11, 0x93, 0x64, 0x40, - 0x71, 0x8d, 0xc5, 0xcf, 0x67, 0x8a, 0xe5, 0x82, 0xde, 0x42, 0x70, 0x48, 0xf5, 0xf6, 0x48, 0xfc, - 0xd8, 0xbe, 0x9e, 0x85, 0x42, 0x14, 0xd5, 0x78, 0x75, 0x2c, 0x47, 0xe2, 0x70, 0x2e, 0x5f, 0xfb, - 0xe3, 0x93, 0x63, 0xe8, 0xbd, 0x27, 0xc7, 0xd0, 0xdf, 0x9f, 0x1c, 0x43, 0xaf, 0x5d, 0x1c, 0xef, - 0x3f, 0xc2, 0x86, 0x6d, 0x51, 0x27, 0x54, 0xd9, 0xff, 0x37, 0x00, 0x00, 0xff, 0xff, 0x45, 0x63, - 0x3b, 0x00, 0x09, 0x2d, 0x00, 0x00, + 0x15, 0xa6, 0xec, 0xb1, 0xc7, 0xf3, 0x3c, 0x93, 0x9f, 0xda, 0x64, 0xe8, 0x75, 0x66, 0x83, 0xd3, + 0xf9, 0x9b, 0x4c, 0x32, 0x76, 0x62, 0x02, 0xca, 0xce, 0xee, 0x0a, 0x92, 0xc9, 0x2f, 0x4c, 0xb2, + 0xa1, 0x27, 0x21, 0x68, 0x39, 0x40, 0x6d, 0xbb, 0xc6, 0xd3, 0x4c, 0xbb, 0xbb, 0xd3, 0xdd, 0x76, + 0x34, 0x0a, 0xb9, 0x2c, 0xca, 0x05, 0xad, 0x40, 0xc0, 0x1e, 0x10, 0x42, 0x80, 0x16, 0xad, 0x84, + 0x10, 0x88, 0x0b, 0x42, 0x48, 0x08, 0x09, 0x2e, 0x08, 0x0e, 0x48, 0x2b, 0x38, 0x72, 0x41, 0x11, + 0xe2, 0x08, 0x97, 0x3d, 0x23, 0x54, 0xd5, 0x55, 0xdd, 0xd5, 0xfe, 0x69, 0x7b, 0xb0, 0xd1, 0xe6, + 0xd6, 0xaf, 0x5c, 0xf5, 0xde, 0xf7, 0x5e, 0xbd, 0x7a, 0xef, 0xd5, 0x2b, 0xc3, 0x89, 0x80, 0xfa, + 0x5d, 0xea, 0xd7, 0x89, 0xe7, 0xd9, 0x96, 0x49, 0x42, 0xcb, 0x75, 0xd4, 0xef, 0x9a, 0xe7, 0xbb, + 0xa1, 0x8b, 0xcb, 0xca, 0x50, 0x65, 0xa9, 0xe5, 0xba, 0x2d, 0x9b, 0xd6, 0x89, 0x67, 0xd5, 0x89, + 0xe3, 0xb8, 0x21, 0x1f, 0x0e, 0xa2, 0xa9, 0x15, 0x7d, 0xe7, 0x52, 0x50, 0xb3, 0x5c, 0xfe, 0xab, + 0xe9, 0xfa, 0xb4, 0xde, 0xbd, 0x50, 0x6f, 0x51, 0x87, 0xfa, 0x24, 0xa4, 0x4d, 0x31, 0xe7, 0x62, + 0x32, 0xa7, 0x4d, 0xcc, 0x6d, 0xcb, 0xa1, 0xfe, 0x6e, 0xdd, 0xdb, 0x69, 0xb1, 0x81, 0xa0, 0xde, + 0xa6, 0x21, 0x19, 0xb4, 0x6a, 0xa3, 0x65, 0x85, 0xdb, 0x9d, 0x37, 0x6b, 0xa6, 0xdb, 0xae, 0x13, + 0xbf, 0xe5, 0x7a, 0xbe, 0xfb, 0x15, 0xfe, 0xb1, 0x6a, 0x36, 0xeb, 0xdd, 0x46, 0xc2, 0x40, 0xd5, + 0xa5, 0x7b, 0x81, 0xd8, 0xde, 0x36, 0xe9, 0xe7, 0x76, 0x6d, 0x04, 0x37, 0x9f, 0x7a, 0xae, 0xb0, + 0x0d, 0xff, 0xb4, 0x42, 0xd7, 0xdf, 0x55, 0x3e, 0x23, 0x36, 0xfa, 0x07, 0x08, 0x0e, 0x5c, 0x4e, + 0xe4, 0x7d, 0xae, 0x43, 0xfd, 0x5d, 0x8c, 0x61, 0xc6, 0x21, 0x6d, 0xaa, 0xa1, 0x2a, 0x5a, 0x9e, + 0x33, 0xf8, 0x37, 0xd6, 0x60, 0xd6, 0xa7, 0x5b, 0x3e, 0x0d, 0xb6, 0xb5, 0x1c, 0x1f, 0x96, 0x24, + 0xae, 0x40, 0x89, 0x09, 0xa7, 0x66, 0x18, 0x68, 0xf9, 0x6a, 0x7e, 0x79, 0xce, 0x88, 0x69, 0xbc, + 0x0c, 0xfb, 0x7d, 0x1a, 0xb8, 0x1d, 0xdf, 0xa4, 0x9f, 0xa7, 0x7e, 0x60, 0xb9, 0x8e, 0x36, 0xc3, + 0x57, 0xf7, 0x0e, 0x33, 0x2e, 0x01, 0xb5, 0xa9, 0x19, 0xba, 0xbe, 0x56, 0xe0, 0x53, 0x62, 0x9a, + 0xe1, 0x61, 0xc0, 0xb5, 0x62, 0x84, 0x87, 0x7d, 0x63, 0x1d, 0xe6, 0x89, 0xe7, 0xdd, 0x21, 0x6d, + 0x1a, 0x78, 0xc4, 0xa4, 0xda, 0x2c, 0xff, 0x2d, 0x35, 0xc6, 0x30, 0x0b, 0x24, 0x5a, 0x89, 0x03, + 0x93, 0xa4, 0xbe, 0x0e, 0x73, 0x77, 0xdc, 0x26, 0x1d, 0xae, 0x6e, 0x2f, 0xfb, 0x5c, 0x3f, 0x7b, + 0xfd, 0x29, 0x82, 0xc3, 0x06, 0xed, 0x5a, 0x0c, 0xff, 0x6d, 0x1a, 0x92, 0x26, 0x09, 0x49, 0x2f, + 0xc7, 0x5c, 0xcc, 0xb1, 0x02, 0x25, 0x5f, 0x4c, 0xd6, 0x72, 0x7c, 0x3c, 0xa6, 0xfb, 0xa4, 0xe5, + 0xb3, 0x95, 0x89, 0x4c, 0x18, 0x2b, 0xf3, 0x4f, 0x04, 0x47, 0x95, 0x3d, 0x34, 0x84, 0x65, 0xaf, + 0x75, 0xa9, 0x13, 0x06, 0xc3, 0x01, 0x9d, 0x83, 0x83, 0x72, 0x13, 0x7a, 0xf5, 0xec, 0xff, 0x81, + 0x41, 0x54, 0x07, 0x25, 0x44, 0x75, 0x0c, 0x57, 0xa1, 0x2c, 0xe9, 0xfb, 0xb7, 0xae, 0x0a, 0x98, + 0xea, 0x50, 0x9f, 0xa2, 0x85, 0x6c, 0x45, 0x8b, 0x69, 0x45, 0xdf, 0x47, 0xa0, 0x29, 0x8a, 0xde, + 0x26, 0x8e, 0xb5, 0x45, 0x83, 0x70, 0x5c, 0x9b, 0xa3, 0xe9, 0xd9, 0x9c, 0x39, 0x76, 0xa4, 0xd5, + 0x5d, 0x76, 0x9e, 0x58, 0xfc, 0xd0, 0x0a, 0xd5, 0xfc, 0x72, 0xde, 0xe8, 0x1d, 0xc6, 0x4b, 0x30, + 0x27, 0x65, 0x06, 0x5a, 0x91, 0xbb, 0x61, 0x32, 0xa0, 0x1f, 0x83, 0xb9, 0xeb, 0x96, 0x4d, 0xd7, + 0xb7, 0x3b, 0xce, 0x0e, 0x3e, 0x04, 0x05, 0x93, 0x7d, 0x70, 0x1d, 0xe6, 0x8d, 0x88, 0xd0, 0xbf, + 0x85, 0xe0, 0xd8, 0x30, 0xad, 0x1f, 0x58, 0xe1, 0x36, 0x5b, 0x1f, 0x0c, 0x53, 0xdf, 0xdc, 0xa6, + 0xe6, 0x4e, 0xd0, 0x69, 0x4b, 0x97, 0x93, 0xf4, 0x84, 0x2e, 0xf7, 0x53, 0x04, 0xcb, 0x23, 0x31, + 0x3d, 0xf0, 0x89, 0xe7, 0x51, 0x1f, 0x5f, 0x87, 0xc2, 0x43, 0xf6, 0x03, 0x3f, 0x60, 0xe5, 0x46, + 0xad, 0xa6, 0x06, 0xe8, 0x91, 0x5c, 0x6e, 0x7e, 0xc4, 0x88, 0x96, 0xe3, 0x9a, 0x34, 0x4f, 0x8e, + 0xf3, 0x59, 0x4c, 0xf1, 0x89, 0xad, 0xc8, 0xe6, 0xf3, 0x69, 0x57, 0x8a, 0x30, 0xe3, 0x11, 0x3f, + 0xd4, 0x0f, 0xc3, 0x0b, 0xe9, 0xe3, 0xe1, 0xb9, 0x4e, 0x40, 0xf5, 0xdf, 0xa4, 0xbd, 0x69, 0xdd, + 0xa7, 0x24, 0xa4, 0x06, 0x7d, 0xd8, 0xa1, 0x41, 0x88, 0x77, 0x40, 0xcd, 0x19, 0xdc, 0xaa, 0xe5, + 0xc6, 0xad, 0x5a, 0x12, 0x74, 0x6b, 0x32, 0xe8, 0xf2, 0x8f, 0x2f, 0x99, 0xcd, 0x5a, 0xb7, 0x51, + 0xf3, 0x76, 0x5a, 0x35, 0x16, 0xc2, 0x53, 0xc8, 0x64, 0x08, 0x57, 0x55, 0x35, 0x54, 0xee, 0x78, + 0x11, 0x8a, 0x1d, 0x2f, 0xa0, 0x7e, 0xc8, 0x35, 0x2b, 0x19, 0x82, 0x62, 0xfb, 0xd7, 0x25, 0xb6, + 0xd5, 0x24, 0x61, 0xb4, 0x3f, 0x25, 0x23, 0xa6, 0xf5, 0xdf, 0xa6, 0xd1, 0xdf, 0xf7, 0x9a, 0x1f, + 0x16, 0x7a, 0x15, 0x65, 0x2e, 0x8d, 0x52, 0xf5, 0xa0, 0x7c, 0xda, 0x83, 0x7e, 0x99, 0xc6, 0x7f, + 0x95, 0xda, 0x34, 0xc1, 0x3f, 0xc8, 0x99, 0x35, 0x98, 0x35, 0x49, 0x60, 0x92, 0xa6, 0x94, 0x22, + 0x49, 0x16, 0xc8, 0x3c, 0xdf, 0xf5, 0x48, 0x8b, 0x73, 0xba, 0xeb, 0xda, 0x96, 0xb9, 0x2b, 0xc4, + 0xf5, 0xff, 0xd0, 0xe7, 0xf8, 0x33, 0xd9, 0x8e, 0x5f, 0x48, 0xc3, 0x3e, 0x0e, 0xe5, 0xcd, 0x5d, + 0xc7, 0x7c, 0xdd, 0x8b, 0x0e, 0xf7, 0x21, 0x28, 0x58, 0x21, 0x6d, 0x07, 0x1a, 0xe2, 0x07, 0x3b, + 0x22, 0xf4, 0xff, 0x14, 0x60, 0x51, 0xd1, 0x8d, 0x2d, 0xc8, 0xd2, 0x2c, 0x2b, 0x4a, 0x2d, 0x42, + 0xb1, 0xe9, 0xef, 0x1a, 0x1d, 0x47, 0x38, 0x80, 0xa0, 0x98, 0x60, 0xcf, 0xef, 0x38, 0x11, 0xfc, + 0x92, 0x11, 0x11, 0x78, 0x0b, 0x4a, 0x41, 0xc8, 0xaa, 0x84, 0xd6, 0x2e, 0x07, 0x5e, 0x6e, 0x7c, + 0x66, 0xb2, 0x4d, 0x67, 0xd0, 0x37, 0x05, 0x47, 0x23, 0xe6, 0x8d, 0x1f, 0xb2, 0x98, 0x16, 0x05, + 0xba, 0x40, 0x9b, 0xad, 0xe6, 0x97, 0xcb, 0x8d, 0xcd, 0xc9, 0x05, 0xbd, 0xee, 0xb1, 0x0a, 0x47, + 0xc9, 0x60, 0x46, 0x22, 0x85, 0x85, 0xd1, 0xb6, 0x88, 0x0f, 0x81, 0xc8, 0xe6, 0xc9, 0x00, 0xfe, + 0x02, 0x14, 0x2c, 0x67, 0xcb, 0x0d, 0xb4, 0x39, 0x0e, 0xe6, 0xca, 0x64, 0x60, 0x6e, 0x39, 0x5b, + 0xae, 0x11, 0x31, 0xc4, 0x0f, 0x61, 0xc1, 0xa7, 0xa1, 0xbf, 0x2b, 0xad, 0xa0, 0x01, 0xb7, 0xeb, + 0x67, 0x27, 0x93, 0x60, 0xa8, 0x2c, 0x8d, 0xb4, 0x04, 0xbc, 0x06, 0xe5, 0x20, 0xf1, 0x31, 0xad, + 0xcc, 0x05, 0x6a, 0x29, 0x46, 0x8a, 0x0f, 0x1a, 0xea, 0xe4, 0x3e, 0xef, 0x9e, 0xcf, 0xf6, 0xee, + 0x85, 0x91, 0x59, 0x6d, 0xdf, 0x18, 0x59, 0x6d, 0x7f, 0x6f, 0x56, 0xfb, 0x37, 0x82, 0xa5, 0xbe, + 0xe0, 0xb4, 0xe9, 0xd1, 0xcc, 0x63, 0x40, 0x60, 0x26, 0xf0, 0xa8, 0xc9, 0x33, 0x55, 0xb9, 0x71, + 0x7b, 0x6a, 0xd1, 0x8a, 0xcb, 0xe5, 0xac, 0xb3, 0x02, 0xea, 0x84, 0x71, 0xe1, 0x87, 0x08, 0x3e, + 0xaa, 0xc8, 0xbc, 0x4b, 0x42, 0x73, 0x3b, 0x4b, 0x59, 0x76, 0x7e, 0xd9, 0x1c, 0x91, 0x97, 0x23, + 0x82, 0x59, 0x95, 0x7f, 0xdc, 0xdb, 0xf5, 0x18, 0x40, 0xf6, 0x4b, 0x32, 0x30, 0x61, 0xf1, 0xf4, + 0x33, 0x04, 0x15, 0x35, 0x86, 0xbb, 0xb6, 0xfd, 0x26, 0x31, 0x77, 0xb2, 0x40, 0xee, 0x83, 0x9c, + 0xd5, 0xe4, 0x08, 0xf3, 0x46, 0xce, 0x6a, 0xee, 0x31, 0x18, 0xf5, 0xc2, 0x2d, 0x66, 0xc3, 0x9d, + 0x4d, 0xc3, 0xfd, 0xa0, 0x07, 0xae, 0x0c, 0x09, 0x19, 0x70, 0x97, 0x60, 0xce, 0xe9, 0x29, 0x64, + 0x93, 0x81, 0x01, 0x05, 0x6c, 0xae, 0xaf, 0x80, 0xd5, 0x60, 0xb6, 0x1b, 0x5f, 0x53, 0xd8, 0xcf, + 0x92, 0x64, 0x2a, 0xb6, 0x7c, 0xb7, 0xe3, 0x09, 0xa3, 0x47, 0x04, 0x43, 0xb1, 0x63, 0x39, 0x4d, + 0xad, 0x18, 0xa1, 0x60, 0xdf, 0x7b, 0xbf, 0x98, 0xa4, 0xd4, 0xfe, 0x79, 0x0e, 0x3e, 0x36, 0x40, + 0xed, 0x91, 0xfe, 0xf4, 0x7c, 0xe8, 0x1e, 0x7b, 0xf5, 0xec, 0x50, 0xaf, 0x2e, 0x8d, 0xf2, 0xea, + 0xb9, 0x6c, 0x7b, 0x41, 0xda, 0x5e, 0x3f, 0xc9, 0x41, 0x75, 0x80, 0xbd, 0x46, 0x97, 0x13, 0xcf, + 0x8d, 0xc1, 0xb6, 0x5c, 0x5f, 0x78, 0x49, 0xc9, 0x88, 0x08, 0x76, 0xce, 0x5c, 0xdf, 0xdb, 0x26, + 0x0e, 0xf7, 0x8e, 0x92, 0x21, 0xa8, 0x09, 0x4d, 0xf5, 0xf5, 0x1c, 0x68, 0xd2, 0x3e, 0x97, 0x4d, + 0x6e, 0xad, 0x8e, 0xf3, 0xfc, 0x9b, 0x68, 0x11, 0x8a, 0x84, 0xa3, 0x15, 0x4e, 0x25, 0xa8, 0x3e, + 0x63, 0x94, 0xb2, 0x8d, 0x31, 0x97, 0x36, 0xc6, 0x53, 0x04, 0x47, 0xd2, 0xc6, 0x08, 0x36, 0xac, + 0x20, 0x94, 0x97, 0x03, 0xbc, 0x05, 0xb3, 0x91, 0x9c, 0xa8, 0xb4, 0x2b, 0x37, 0x36, 0x26, 0x4d, + 0xf8, 0x29, 0xc3, 0x4b, 0xe6, 0xfa, 0xcb, 0x70, 0x64, 0x60, 0x94, 0x13, 0x30, 0x2a, 0x50, 0x92, + 0x45, 0x8e, 0xd8, 0x9a, 0x98, 0xd6, 0x9f, 0xce, 0xa4, 0x53, 0x8e, 0xdb, 0xdc, 0x70, 0x5b, 0x19, + 0xf7, 0xfd, 0xec, 0xed, 0x64, 0xa6, 0x72, 0x9b, 0xca, 0xd5, 0x5e, 0x92, 0x6c, 0x9d, 0xe9, 0x3a, + 0x21, 0xb1, 0x1c, 0xea, 0x8b, 0xac, 0x98, 0x0c, 0xb0, 0x6d, 0x08, 0x2c, 0xc7, 0xa4, 0x9b, 0xd4, + 0x74, 0x9d, 0x66, 0xc0, 0xf7, 0x33, 0x6f, 0xa4, 0xc6, 0xf0, 0x4d, 0x98, 0xe3, 0xf4, 0x3d, 0xab, + 0x1d, 0xa5, 0x81, 0x72, 0x63, 0xa5, 0x16, 0xf5, 0xd0, 0x6a, 0x6a, 0x0f, 0x2d, 0xb1, 0x61, 0x9b, + 0x86, 0xa4, 0xd6, 0xbd, 0x50, 0x63, 0x2b, 0x8c, 0x64, 0x31, 0xc3, 0x12, 0x12, 0xcb, 0xde, 0xb0, + 0x1c, 0x5e, 0x78, 0x32, 0x51, 0xc9, 0x00, 0x73, 0x95, 0x2d, 0xd7, 0xb6, 0xdd, 0x47, 0xf2, 0xdc, + 0x44, 0x14, 0x5b, 0xd5, 0x71, 0x42, 0xcb, 0xe6, 0xf2, 0x23, 0x47, 0x48, 0x06, 0xf8, 0x2a, 0xcb, + 0x0e, 0xa9, 0x2f, 0x0e, 0x8c, 0xa0, 0x62, 0x67, 0x2c, 0x47, 0x6d, 0x21, 0x79, 0x5e, 0x23, 0xb7, + 0x9d, 0x57, 0xdd, 0xb6, 0xf7, 0x28, 0x2c, 0x0c, 0xe8, 0x8d, 0xf0, 0x2e, 0x19, 0xed, 0x5a, 0x6e, + 0x87, 0xd5, 0x54, 0xbc, 0xf4, 0x90, 0x74, 0x9f, 0x2b, 0xef, 0xcf, 0x76, 0xe5, 0x03, 0x69, 0x57, + 0xfe, 0x1d, 0x82, 0xd2, 0x86, 0xdb, 0xba, 0xe6, 0x84, 0xfe, 0x2e, 0xbf, 0x25, 0xb9, 0x4e, 0x48, + 0x1d, 0xe9, 0x2f, 0x92, 0x64, 0x9b, 0x10, 0x5a, 0x6d, 0xba, 0x19, 0x92, 0xb6, 0x27, 0x6a, 0xac, + 0x3d, 0x6d, 0x42, 0xbc, 0x98, 0x19, 0xc6, 0x26, 0x41, 0xc8, 0x4f, 0x7c, 0xc9, 0xe0, 0xdf, 0x4c, + 0x85, 0x78, 0xc2, 0x66, 0xe8, 0x8b, 0xe3, 0x9e, 0x1a, 0x53, 0x5d, 0xac, 0x10, 0x61, 0x13, 0xa4, + 0xde, 0x86, 0x17, 0xe3, 0xe2, 0xff, 0x1e, 0xf5, 0xdb, 0x96, 0x43, 0xb2, 0xa3, 0xf7, 0x18, 0xed, + 0xb9, 0x8c, 0xbb, 0xa7, 0x9b, 0x3a, 0x74, 0xac, 0x96, 0x7e, 0x60, 0x39, 0x4d, 0xf7, 0x51, 0xc6, + 0xe1, 0x99, 0x4c, 0xe0, 0x5f, 0xd2, 0x1d, 0x3a, 0x45, 0x62, 0x7c, 0xd2, 0x6f, 0xc2, 0x02, 0x8b, + 0x09, 0x5d, 0x2a, 0x7e, 0x10, 0x61, 0x47, 0x1f, 0xd6, 0x2c, 0x49, 0x78, 0x18, 0xe9, 0x85, 0x78, + 0x03, 0xf6, 0x93, 0x20, 0xb0, 0x5a, 0x0e, 0x6d, 0x4a, 0x5e, 0xb9, 0xb1, 0x79, 0xf5, 0x2e, 0x8d, + 0xae, 0xdd, 0x7c, 0x86, 0xd8, 0x6f, 0x49, 0xea, 0x5f, 0x43, 0x70, 0x78, 0x20, 0x93, 0xf8, 0xe4, + 0x20, 0x25, 0x8c, 0x57, 0xa0, 0x14, 0x98, 0xdb, 0xb4, 0xd9, 0xb1, 0xa9, 0xec, 0x45, 0x49, 0x9a, + 0xfd, 0xd6, 0xec, 0x44, 0xbb, 0x2f, 0xd2, 0x48, 0x4c, 0xe3, 0xa3, 0x00, 0x6d, 0xe2, 0x74, 0x88, + 0xcd, 0x21, 0xcc, 0x70, 0x08, 0xca, 0x88, 0xbe, 0x04, 0x95, 0x41, 0xae, 0x23, 0x7a, 0x3c, 0xff, + 0x42, 0xb0, 0x4f, 0x06, 0x55, 0xb1, 0xbb, 0xcb, 0xb0, 0x5f, 0x31, 0xc3, 0x9d, 0x64, 0xa3, 0x7b, + 0x87, 0x47, 0x04, 0x4c, 0xe9, 0x25, 0xf9, 0x74, 0x93, 0xbc, 0x9b, 0x6a, 0x73, 0x8f, 0x9d, 0xef, + 0xd0, 0x94, 0xea, 0xc7, 0xaf, 0x82, 0x76, 0x9b, 0x38, 0xa4, 0x45, 0x9b, 0xb1, 0xda, 0xb1, 0x8b, + 0x7d, 0x59, 0x6d, 0x56, 0x4c, 0xdc, 0x1a, 0x88, 0x4b, 0x2d, 0x6b, 0x6b, 0x4b, 0x36, 0x3e, 0x7c, + 0x28, 0x6d, 0x58, 0xce, 0x0e, 0xbb, 0x3f, 0x33, 0x8d, 0x43, 0x2b, 0xb4, 0xa5, 0x75, 0x23, 0x02, + 0x1f, 0x80, 0x7c, 0xc7, 0xb7, 0x85, 0x07, 0xb0, 0x4f, 0x5c, 0x85, 0x72, 0x93, 0x06, 0xa6, 0x6f, + 0x79, 0x62, 0xff, 0x79, 0xd3, 0x58, 0x19, 0x62, 0xfb, 0x60, 0x99, 0xae, 0xb3, 0x6e, 0x93, 0x20, + 0x90, 0x09, 0x28, 0x1e, 0xd0, 0x5f, 0x85, 0x05, 0x26, 0x33, 0x51, 0xf3, 0x6c, 0x5a, 0xcd, 0xc3, + 0x29, 0xf8, 0x12, 0x9e, 0x44, 0x4c, 0xe0, 0x05, 0x96, 0xf7, 0x2f, 0x7b, 0x9e, 0x60, 0x32, 0x66, + 0x39, 0x94, 0x1f, 0x94, 0x3f, 0x07, 0xf6, 0x4a, 0x1b, 0x7f, 0x3b, 0x0e, 0x58, 0x3d, 0x27, 0xd4, + 0xef, 0x5a, 0x26, 0xc5, 0xdf, 0x46, 0x30, 0xc3, 0x44, 0xe3, 0x97, 0x86, 0x1d, 0x4b, 0xee, 0xaf, + 0x95, 0xe9, 0x5d, 0x84, 0x99, 0x34, 0x7d, 0xe9, 0xad, 0xbf, 0xfe, 0xe3, 0x3b, 0xb9, 0x45, 0x7c, + 0x88, 0xbf, 0x70, 0x75, 0x2f, 0xa8, 0xaf, 0x4d, 0x01, 0x7e, 0x1b, 0x01, 0x16, 0x75, 0x90, 0xf2, + 0x86, 0x80, 0xcf, 0x0e, 0x83, 0x38, 0xe0, 0xad, 0xa1, 0xf2, 0x92, 0x92, 0x55, 0x6a, 0xa6, 0xeb, + 0x53, 0x96, 0x43, 0xf8, 0x04, 0x0e, 0x60, 0x85, 0x03, 0x38, 0x81, 0xf5, 0x41, 0x00, 0xea, 0x8f, + 0x99, 0x45, 0x9f, 0xd4, 0x69, 0x24, 0xf7, 0x5d, 0x04, 0x85, 0x07, 0xfc, 0x0e, 0x31, 0xc2, 0x48, + 0x9b, 0x53, 0x33, 0x12, 0x17, 0xc7, 0xd1, 0xea, 0xc7, 0x39, 0xd2, 0x97, 0xf0, 0x11, 0x89, 0x34, + 0x08, 0x7d, 0x4a, 0xda, 0x29, 0xc0, 0xe7, 0x11, 0x7e, 0x0f, 0x41, 0x31, 0x6a, 0x1e, 0xe3, 0x93, + 0xc3, 0x50, 0xa6, 0x9a, 0xcb, 0x95, 0xe9, 0x75, 0x62, 0xf5, 0x33, 0x1c, 0xe3, 0x71, 0x7d, 0xe0, + 0x76, 0xae, 0xa5, 0xfa, 0xb4, 0xef, 0x20, 0xc8, 0xdf, 0xa0, 0x23, 0xfd, 0x6d, 0x8a, 0xe0, 0xfa, + 0x0c, 0x38, 0x60, 0xab, 0xf1, 0x8f, 0x11, 0xbc, 0x78, 0x83, 0x86, 0x83, 0xd3, 0x23, 0x5e, 0x1e, + 0x9d, 0xb3, 0x84, 0xdb, 0x9d, 0x1d, 0x63, 0x66, 0x9c, 0x17, 0xea, 0x1c, 0xd9, 0x19, 0x7c, 0x3a, + 0xcb, 0x09, 0x83, 0x5d, 0xc7, 0x7c, 0x24, 0x70, 0xfc, 0x09, 0xc1, 0x81, 0xde, 0xb7, 0x3e, 0x9c, + 0x4e, 0xa8, 0x03, 0x9f, 0x02, 0x2b, 0x77, 0x26, 0x8d, 0xb2, 0x69, 0xa6, 0xfa, 0x65, 0x8e, 0xfc, + 0x15, 0xfc, 0x72, 0x16, 0xf2, 0xb8, 0x13, 0x57, 0x7f, 0x2c, 0x3f, 0x9f, 0xf0, 0x77, 0x69, 0x0e, + 0xfb, 0xcf, 0x08, 0x0e, 0x49, 0xbe, 0xeb, 0xdb, 0xc4, 0x0f, 0xaf, 0x52, 0x56, 0x43, 0x07, 0x63, + 0xe9, 0x33, 0x61, 0xd6, 0x50, 0xe5, 0xe9, 0xd7, 0xb8, 0x2e, 0x9f, 0xc2, 0xaf, 0xed, 0x59, 0x17, + 0x93, 0xb1, 0x69, 0x0a, 0xd8, 0x6f, 0x21, 0x98, 0xbf, 0x41, 0xc3, 0xdb, 0x71, 0x37, 0xf8, 0xe4, + 0x58, 0x2f, 0x4c, 0x95, 0xa5, 0x9a, 0xf2, 0x1c, 0x2e, 0x7f, 0x8a, 0x5d, 0x64, 0x95, 0x83, 0x3b, + 0x8d, 0x4f, 0x66, 0x81, 0x4b, 0x3a, 0xd0, 0xef, 0x22, 0x38, 0xac, 0x82, 0x48, 0x5e, 0xe6, 0x3e, + 0xb1, 0xb7, 0xf7, 0x2e, 0xf1, 0x6a, 0x36, 0x02, 0x5d, 0x83, 0xa3, 0x3b, 0xa7, 0x0f, 0x76, 0xe0, + 0x76, 0x1f, 0x8a, 0x35, 0xb4, 0xb2, 0x8c, 0xf0, 0xef, 0x11, 0x14, 0xa3, 0x66, 0xec, 0x70, 0x1b, + 0xa5, 0x5e, 0x92, 0xa6, 0x19, 0x0d, 0xc4, 0x6e, 0x57, 0xce, 0x0f, 0x36, 0xa8, 0xba, 0x5e, 0xba, + 0x6a, 0x8d, 0x5b, 0x39, 0x1d, 0xc6, 0x7e, 0x85, 0x00, 0x92, 0x86, 0x32, 0x3e, 0x93, 0xad, 0x87, + 0xd2, 0x74, 0xae, 0x4c, 0xb7, 0xa5, 0xac, 0xd7, 0xb8, 0x3e, 0xcb, 0x95, 0x6a, 0x66, 0x0c, 0xf1, + 0xa8, 0xb9, 0x16, 0x35, 0x9f, 0x7f, 0x84, 0xa0, 0xc0, 0xfb, 0x78, 0xf8, 0xc4, 0x30, 0xcc, 0x6a, + 0x9b, 0x6f, 0x9a, 0xa6, 0x3f, 0xc5, 0xa1, 0x56, 0x1b, 0x59, 0x81, 0x78, 0x0d, 0xad, 0xe0, 0x2e, + 0x14, 0xa3, 0xce, 0xd9, 0x70, 0xf7, 0x48, 0x75, 0xd6, 0x2a, 0xd5, 0x8c, 0xc2, 0x20, 0x72, 0x54, + 0x91, 0x03, 0x56, 0x46, 0xe5, 0x80, 0x19, 0x16, 0xa6, 0xf1, 0xf1, 0xac, 0x20, 0xfe, 0x7f, 0x30, + 0xcc, 0x59, 0x8e, 0xee, 0xa4, 0x5e, 0x1d, 0x95, 0x07, 0x98, 0x75, 0xbe, 0x8b, 0xe0, 0x40, 0x6f, + 0x71, 0x8d, 0x8f, 0xf4, 0xc4, 0x4c, 0xf5, 0xae, 0x51, 0x49, 0x5b, 0x71, 0x58, 0x61, 0xae, 0x7f, + 0x9a, 0xa3, 0x58, 0xc3, 0x97, 0x46, 0x9e, 0x8c, 0x3b, 0x32, 0xea, 0x30, 0x46, 0xab, 0xc9, 0xeb, + 0xd8, 0xaf, 0x11, 0xcc, 0x4b, 0xbe, 0xf7, 0x7c, 0x4a, 0xb3, 0x61, 0x4d, 0xef, 0x20, 0x30, 0x59, + 0xfa, 0xab, 0x1c, 0xfe, 0x27, 0xf1, 0xc5, 0x31, 0xe1, 0x4b, 0xd8, 0xab, 0x21, 0x43, 0xfa, 0x07, + 0x04, 0x07, 0x1f, 0x44, 0x7e, 0xff, 0x21, 0xe1, 0x5f, 0xe7, 0xf8, 0x5f, 0xc3, 0xaf, 0x64, 0xd4, + 0x79, 0xa3, 0xd4, 0x38, 0x8f, 0xf0, 0x2f, 0x10, 0x94, 0xe4, 0xab, 0x0a, 0x3e, 0x3d, 0xf4, 0x60, + 0xa4, 0xdf, 0x5d, 0xa6, 0xe9, 0xcc, 0xa2, 0xa8, 0xd1, 0x4f, 0x64, 0xa6, 0x53, 0x21, 0x9f, 0x39, + 0xf4, 0x3b, 0x08, 0x70, 0x7c, 0x67, 0x8e, 0x6f, 0xd1, 0xf8, 0x54, 0x4a, 0xd4, 0xd0, 0xc6, 0x4c, + 0xe5, 0xf4, 0xc8, 0x79, 0xe9, 0x54, 0xba, 0x92, 0x99, 0x4a, 0xdd, 0x58, 0xfe, 0x37, 0x10, 0x94, + 0x6f, 0xd0, 0xf8, 0x0e, 0x92, 0x61, 0xcb, 0xf4, 0xa3, 0x50, 0x65, 0x79, 0xf4, 0x44, 0x81, 0xe8, + 0x1c, 0x47, 0x74, 0x0a, 0x67, 0x9b, 0x4a, 0x02, 0xf8, 0x3e, 0x82, 0x85, 0xbb, 0xaa, 0x8b, 0xe2, + 0x73, 0xa3, 0x24, 0xa5, 0x22, 0xf9, 0xf8, 0xb8, 0x3e, 0xce, 0x71, 0xad, 0xea, 0x63, 0xe1, 0x5a, + 0x13, 0xef, 0x2b, 0x3f, 0x40, 0xd1, 0x25, 0xb6, 0xa7, 0x9f, 0xfd, 0xbf, 0xda, 0x2d, 0xa3, 0x2d, + 0xae, 0x5f, 0xe4, 0xf8, 0x6a, 0xf8, 0xdc, 0x38, 0xf8, 0xea, 0xa2, 0xc9, 0x8d, 0xbf, 0x87, 0xe0, + 0x20, 0x7f, 0x6b, 0x50, 0x19, 0xf7, 0xa4, 0x98, 0x61, 0x2f, 0x13, 0x63, 0xa4, 0x18, 0x11, 0x7f, + 0xf4, 0x3d, 0x81, 0x5a, 0x93, 0xef, 0x08, 0xdf, 0x44, 0xb0, 0x4f, 0x26, 0x35, 0xb1, 0xbb, 0xab, + 0xa3, 0x0c, 0xb7, 0xd7, 0x24, 0x28, 0xdc, 0x6d, 0x65, 0x3c, 0x77, 0x7b, 0x0f, 0xc1, 0xac, 0xe8, + 0xe6, 0x67, 0x94, 0x0a, 0x4a, 0xbb, 0xbf, 0xd2, 0xd3, 0xe3, 0x10, 0xcd, 0x60, 0xfd, 0x8b, 0x5c, + 0xec, 0x7d, 0x5c, 0xcf, 0x12, 0xeb, 0xb9, 0xcd, 0xa0, 0xfe, 0x58, 0x74, 0x62, 0x9f, 0xd4, 0x6d, + 0xb7, 0x15, 0xbc, 0xa1, 0xe3, 0xcc, 0x84, 0xc8, 0xe6, 0x9c, 0x47, 0x38, 0x84, 0x39, 0xe6, 0x1c, + 0xbc, 0x71, 0x82, 0xab, 0x3d, 0x6d, 0x96, 0xbe, 0x9e, 0x4a, 0xa5, 0xd2, 0xd7, 0x88, 0x49, 0x32, + 0xa0, 0xb8, 0xc6, 0xe2, 0x63, 0x99, 0x62, 0xb9, 0xa0, 0xb7, 0x11, 0x1c, 0x54, 0xbd, 0x3d, 0x12, + 0x3f, 0xb6, 0xaf, 0x67, 0xa1, 0x10, 0x45, 0x35, 0x5e, 0x19, 0xcb, 0x91, 0x38, 0x9c, 0x2b, 0xd7, + 0xff, 0xf8, 0xec, 0x28, 0x7a, 0xff, 0xd9, 0x51, 0xf4, 0xf7, 0x67, 0x47, 0xd1, 0x1b, 0x97, 0xc6, + 0xfb, 0x8f, 0xaf, 0x69, 0x5b, 0xd4, 0x09, 0x55, 0xf6, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x57, + 0x9a, 0x85, 0xd1, 0xc9, 0x2c, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -4393,16 +4373,6 @@ func (m *RevisionMetadataQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.VersionId != nil { - i = encodeVarintApplication(dAtA, i, uint64(*m.VersionId)) - i-- - dAtA[i] = 0x30 - } - if m.SourceIndex != nil { - i = encodeVarintApplication(dAtA, i, uint64(*m.SourceIndex)) - i-- - dAtA[i] = 0x28 - } if m.Project != nil { i -= len(*m.Project) copy(dAtA[i:], *m.Project) @@ -6744,12 +6714,6 @@ func (m *RevisionMetadataQuery) Size() (n int) { l = len(*m.Project) n += 1 + l + sovApplication(uint64(l)) } - if m.SourceIndex != nil { - n += 1 + sovApplication(uint64(*m.SourceIndex)) - } - if m.VersionId != nil { - n += 1 + sovApplication(uint64(*m.VersionId)) - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -8368,46 +8332,6 @@ func (m *RevisionMetadataQuery) Unmarshal(dAtA []byte) error { s := string(dAtA[iNdEx:postIndex]) m.Project = &s iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SourceIndex", wireType) - } - var v int32 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplication - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.SourceIndex = &v - case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field VersionId", wireType) - } - var v int32 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplication - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.VersionId = &v default: iNdEx = preIndex skippy, err := skipApplication(dAtA[iNdEx:]) diff --git a/pkg/apiclient/applicationset/applicationset.pb.go b/pkg/apiclient/applicationset/applicationset.pb.go index b15e27f3ebc10..8f717d1f6920f 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.go +++ b/pkg/apiclient/applicationset/applicationset.pb.go @@ -214,7 +214,6 @@ func (m *ApplicationSetResponse) GetApplicationset() *v1alpha1.ApplicationSet { type ApplicationSetCreateRequest struct { Applicationset *v1alpha1.ApplicationSet `protobuf:"bytes,1,opt,name=applicationset,proto3" json:"applicationset,omitempty"` Upsert bool `protobuf:"varint,2,opt,name=upsert,proto3" json:"upsert,omitempty"` - DryRun bool `protobuf:"varint,3,opt,name=dryRun,proto3" json:"dryRun,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -267,13 +266,6 @@ func (m *ApplicationSetCreateRequest) GetUpsert() bool { return false } -func (m *ApplicationSetCreateRequest) GetDryRun() bool { - if m != nil { - return m.DryRun - } - return false -} - type ApplicationSetDeleteRequest struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The application set namespace. Default empty is argocd control plane namespace @@ -330,69 +322,12 @@ func (m *ApplicationSetDeleteRequest) GetAppsetNamespace() string { return "" } -type ApplicationSetTreeQuery struct { - Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` - // The application set namespace. Default empty is argocd control plane namespace - AppsetNamespace string `protobuf:"bytes,2,opt,name=appsetNamespace,proto3" json:"appsetNamespace,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *ApplicationSetTreeQuery) Reset() { *m = ApplicationSetTreeQuery{} } -func (m *ApplicationSetTreeQuery) String() string { return proto.CompactTextString(m) } -func (*ApplicationSetTreeQuery) ProtoMessage() {} -func (*ApplicationSetTreeQuery) Descriptor() ([]byte, []int) { - return fileDescriptor_eacb9df0ce5738fa, []int{5} -} -func (m *ApplicationSetTreeQuery) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ApplicationSetTreeQuery) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_ApplicationSetTreeQuery.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *ApplicationSetTreeQuery) XXX_Merge(src proto.Message) { - xxx_messageInfo_ApplicationSetTreeQuery.Merge(m, src) -} -func (m *ApplicationSetTreeQuery) XXX_Size() int { - return m.Size() -} -func (m *ApplicationSetTreeQuery) XXX_DiscardUnknown() { - xxx_messageInfo_ApplicationSetTreeQuery.DiscardUnknown(m) -} - -var xxx_messageInfo_ApplicationSetTreeQuery proto.InternalMessageInfo - -func (m *ApplicationSetTreeQuery) GetName() string { - if m != nil { - return m.Name - } - return "" -} - -func (m *ApplicationSetTreeQuery) GetAppsetNamespace() string { - if m != nil { - return m.AppsetNamespace - } - return "" -} - func init() { proto.RegisterType((*ApplicationSetGetQuery)(nil), "applicationset.ApplicationSetGetQuery") proto.RegisterType((*ApplicationSetListQuery)(nil), "applicationset.ApplicationSetListQuery") proto.RegisterType((*ApplicationSetResponse)(nil), "applicationset.ApplicationSetResponse") proto.RegisterType((*ApplicationSetCreateRequest)(nil), "applicationset.ApplicationSetCreateRequest") proto.RegisterType((*ApplicationSetDeleteRequest)(nil), "applicationset.ApplicationSetDeleteRequest") - proto.RegisterType((*ApplicationSetTreeQuery)(nil), "applicationset.ApplicationSetTreeQuery") } func init() { @@ -400,44 +335,40 @@ func init() { } var fileDescriptor_eacb9df0ce5738fa = []byte{ - // 586 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x95, 0xcd, 0x8a, 0x13, 0x41, - 0x10, 0xc7, 0xe9, 0xcd, 0x12, 0xb3, 0xad, 0x28, 0x34, 0xb8, 0x1b, 0x47, 0x89, 0x61, 0x0e, 0x6b, - 0x5c, 0xdd, 0x1e, 0x12, 0x3d, 0xe9, 0xc9, 0x0f, 0x58, 0x84, 0x20, 0x3a, 0x2b, 0x0a, 0x7a, 0x90, - 0xde, 0x49, 0x31, 0x3b, 0xee, 0x64, 0xa6, 0xed, 0xee, 0x19, 0x58, 0x16, 0x2f, 0x82, 0x4f, 0xe0, - 0x1b, 0xe8, 0xc5, 0x07, 0xf0, 0xee, 0xc1, 0x8b, 0x47, 0xc1, 0x17, 0x90, 0xe8, 0x83, 0x48, 0xf7, - 0x4c, 0x92, 0x9d, 0x26, 0x9b, 0x08, 0xc6, 0xdb, 0x54, 0x77, 0x4f, 0xd5, 0xaf, 0xaa, 0xfe, 0xd5, - 0x8d, 0xb7, 0x24, 0x88, 0x1c, 0x84, 0xc7, 0x38, 0x8f, 0xa3, 0x80, 0xa9, 0x28, 0x4d, 0x24, 0x28, - 0xcb, 0xa4, 0x5c, 0xa4, 0x2a, 0x25, 0x67, 0xab, 0xab, 0xce, 0xa5, 0x30, 0x4d, 0xc3, 0x18, 0x3c, - 0xc6, 0x23, 0x8f, 0x25, 0x49, 0xaa, 0x8a, 0x9d, 0xe2, 0xb4, 0xd3, 0x0f, 0x23, 0xb5, 0x9f, 0xed, - 0xd1, 0x20, 0x1d, 0x7a, 0x4c, 0x84, 0x29, 0x17, 0xe9, 0x2b, 0xf3, 0xb1, 0x1d, 0x0c, 0xbc, 0xbc, - 0xe7, 0xf1, 0x83, 0x50, 0xff, 0x29, 0x8f, 0xc7, 0xf2, 0xf2, 0x2e, 0x8b, 0xf9, 0x3e, 0xeb, 0x7a, - 0x21, 0x24, 0x20, 0x98, 0x82, 0x41, 0xe1, 0xcd, 0x7d, 0x8a, 0xd7, 0xef, 0x4c, 0xcf, 0xed, 0x82, - 0xda, 0x01, 0xf5, 0x38, 0x03, 0x71, 0x48, 0x08, 0x5e, 0x4d, 0xd8, 0x10, 0x9a, 0xa8, 0x8d, 0x3a, - 0x6b, 0xbe, 0xf9, 0x26, 0x1d, 0x7c, 0x8e, 0x71, 0x2e, 0x41, 0x3d, 0x64, 0x43, 0x90, 0x9c, 0x05, - 0xd0, 0x5c, 0x31, 0xdb, 0xf6, 0xb2, 0x7b, 0x84, 0x37, 0xaa, 0x7e, 0xfb, 0x91, 0x2c, 0x1d, 0x3b, - 0xb8, 0xa1, 0x99, 0x21, 0x50, 0xb2, 0x89, 0xda, 0xb5, 0xce, 0x9a, 0x3f, 0xb1, 0xf5, 0x9e, 0x84, - 0x18, 0x02, 0x95, 0x8a, 0xd2, 0xf3, 0xc4, 0x9e, 0x15, 0xbc, 0x36, 0x3b, 0xf8, 0x27, 0x64, 0x67, - 0xe5, 0x83, 0xe4, 0xba, 0xb8, 0xa4, 0x89, 0x4f, 0x95, 0xc1, 0xca, 0xc4, 0xc6, 0x26, 0x51, 0xd8, - 0xea, 0x83, 0x01, 0x38, 0xdd, 0xeb, 0xd3, 0x69, 0xc1, 0xe9, 0xb8, 0xe0, 0xe6, 0xe3, 0x65, 0x30, - 0xa0, 0x79, 0x8f, 0xf2, 0x83, 0x90, 0xea, 0x82, 0xd3, 0x63, 0xbf, 0xd3, 0x71, 0xc1, 0xa9, 0xc5, - 0x61, 0xc5, 0x70, 0xbf, 0x22, 0x7c, 0xb1, 0x7a, 0xe4, 0x9e, 0x00, 0xa6, 0xc0, 0x87, 0xd7, 0x19, - 0xc8, 0x59, 0x54, 0xe8, 0xff, 0x53, 0x91, 0x75, 0x5c, 0xcf, 0xb8, 0x04, 0x51, 0xd4, 0xa0, 0xe1, - 0x97, 0x96, 0x5e, 0x1f, 0x88, 0x43, 0x3f, 0x4b, 0x4c, 0xe5, 0x1b, 0x7e, 0x69, 0xb9, 0x2f, 0xec, - 0x24, 0xee, 0x43, 0x0c, 0xd3, 0x24, 0xfe, 0x4d, 0x4a, 0xcf, 0x6c, 0x29, 0x3d, 0x11, 0x00, 0x4b, - 0xd0, 0x68, 0xef, 0x57, 0x1d, 0x9f, 0xaf, 0x7a, 0xde, 0x05, 0x91, 0x47, 0x01, 0x90, 0x8f, 0x08, - 0xd7, 0x76, 0x40, 0x91, 0x4d, 0x6a, 0x0d, 0xec, 0xec, 0x59, 0x71, 0x96, 0xda, 0x0d, 0x77, 0xf3, - 0xed, 0x8f, 0xdf, 0xef, 0x57, 0xda, 0xa4, 0x65, 0x6e, 0x80, 0xbc, 0x6b, 0xdd, 0x1a, 0xd2, 0x3b, - 0xd2, 0x89, 0xbe, 0x21, 0x1f, 0x10, 0x5e, 0xd5, 0x63, 0x45, 0xae, 0xcc, 0xc7, 0x9c, 0x8c, 0x9e, - 0xf3, 0x68, 0x99, 0x9c, 0xda, 0xad, 0x7b, 0xd9, 0xb0, 0x5e, 0x20, 0x1b, 0x27, 0xb0, 0x92, 0xcf, - 0x08, 0xd7, 0x0b, 0x49, 0x93, 0x6b, 0xf3, 0x31, 0x2b, 0xc2, 0x5f, 0x72, 0x49, 0x3d, 0x83, 0x79, - 0xd5, 0x3d, 0x09, 0xf3, 0x96, 0x3d, 0x01, 0xef, 0x10, 0xae, 0x17, 0x22, 0x5e, 0x84, 0x5d, 0x91, - 0xba, 0xb3, 0x40, 0x31, 0xe3, 0x7b, 0x68, 0xdc, 0xe3, 0xad, 0x45, 0x3d, 0xfe, 0x82, 0xf0, 0x19, - 0x1f, 0x64, 0x9a, 0x89, 0x00, 0xb4, 0xee, 0x17, 0xf5, 0x7a, 0x32, 0x1b, 0xcb, 0xed, 0xb5, 0x76, - 0xeb, 0xde, 0x34, 0xcc, 0x94, 0x5c, 0x9f, 0xcf, 0xec, 0x89, 0x92, 0x77, 0x5b, 0x09, 0x80, 0xbb, - 0x0f, 0xbe, 0x8d, 0x5a, 0xe8, 0xfb, 0xa8, 0x85, 0x7e, 0x8e, 0x5a, 0xe8, 0xf9, 0xed, 0xbf, 0x7b, - 0xbd, 0x82, 0x38, 0x82, 0xc4, 0x7e, 0x2e, 0xf7, 0xea, 0xe6, 0xcd, 0xba, 0xf1, 0x27, 0x00, 0x00, - 0xff, 0xff, 0xd5, 0xe2, 0xa9, 0xbf, 0x5d, 0x07, 0x00, 0x00, + // 526 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x94, 0xdf, 0x8a, 0x13, 0x31, + 0x14, 0xc6, 0xc9, 0x76, 0xad, 0xbb, 0x11, 0x14, 0x02, 0xee, 0xd6, 0x51, 0x6a, 0x99, 0x8b, 0xb5, + 0xae, 0x98, 0xd0, 0x7a, 0xa7, 0x57, 0xfe, 0x81, 0x45, 0x28, 0xa2, 0xb3, 0xe0, 0x85, 0x5e, 0x48, + 0x76, 0x7a, 0x98, 0x1d, 0x77, 0x3a, 0x89, 0x49, 0x3a, 0x20, 0x8b, 0x37, 0x82, 0x4f, 0xe0, 0x13, + 0xa8, 0x37, 0x82, 0xb7, 0x3e, 0x84, 0x97, 0x82, 0x2f, 0x20, 0xc5, 0x07, 0x91, 0xc9, 0xcc, 0xb4, + 0x3b, 0xa1, 0xdb, 0x0a, 0x76, 0xef, 0x72, 0x26, 0x99, 0x73, 0x7e, 0xf9, 0xf2, 0x9d, 0x83, 0x77, + 0x35, 0xa8, 0x0c, 0x14, 0xe3, 0x52, 0x26, 0x71, 0xc8, 0x4d, 0x2c, 0x52, 0x0d, 0xc6, 0x09, 0xa9, + 0x54, 0xc2, 0x08, 0x72, 0xb1, 0xfe, 0xd5, 0xbb, 0x16, 0x09, 0x11, 0x25, 0xc0, 0xb8, 0x8c, 0x19, + 0x4f, 0x53, 0x61, 0x8a, 0x9d, 0xe2, 0xb4, 0x37, 0x88, 0x62, 0x73, 0x38, 0x3e, 0xa0, 0xa1, 0x18, + 0x31, 0xae, 0x22, 0x21, 0x95, 0x78, 0x6d, 0x17, 0xb7, 0xc3, 0x21, 0xcb, 0xfa, 0x4c, 0x1e, 0x45, + 0xf9, 0x9f, 0xfa, 0x64, 0x2d, 0x96, 0xf5, 0x78, 0x22, 0x0f, 0x79, 0x8f, 0x45, 0x90, 0x82, 0xe2, + 0x06, 0x86, 0x45, 0x36, 0xff, 0x39, 0xde, 0xba, 0x3f, 0x3b, 0xb7, 0x0f, 0x66, 0x0f, 0xcc, 0xb3, + 0x31, 0xa8, 0xb7, 0x84, 0xe0, 0xf5, 0x94, 0x8f, 0xa0, 0x85, 0x3a, 0xa8, 0xbb, 0x19, 0xd8, 0x35, + 0xe9, 0xe2, 0x4b, 0x5c, 0x4a, 0x0d, 0xe6, 0x09, 0x1f, 0x81, 0x96, 0x3c, 0x84, 0xd6, 0x9a, 0xdd, + 0x76, 0x3f, 0xfb, 0xc7, 0x78, 0xbb, 0x9e, 0x77, 0x10, 0xeb, 0x32, 0xb1, 0x87, 0x37, 0x72, 0x66, + 0x08, 0x8d, 0x6e, 0xa1, 0x4e, 0xa3, 0xbb, 0x19, 0x4c, 0xe3, 0x7c, 0x4f, 0x43, 0x02, 0xa1, 0x11, + 0xaa, 0xcc, 0x3c, 0x8d, 0xe7, 0x15, 0x6f, 0xcc, 0x2f, 0xfe, 0x15, 0xb9, 0xb7, 0x0a, 0x40, 0xcb, + 0x5c, 0x5c, 0xd2, 0xc2, 0xe7, 0xcb, 0x62, 0xe5, 0xc5, 0xaa, 0x90, 0x18, 0xec, 0xbc, 0x83, 0x05, + 0xb8, 0xd0, 0x1f, 0xd0, 0x99, 0xe0, 0xb4, 0x12, 0xdc, 0x2e, 0x5e, 0x85, 0x43, 0x9a, 0xf5, 0xa9, + 0x3c, 0x8a, 0x68, 0x2e, 0x38, 0x3d, 0xf1, 0x3b, 0xad, 0x04, 0xa7, 0x0e, 0x87, 0x53, 0xc3, 0xff, + 0x86, 0xf0, 0xd5, 0xfa, 0x91, 0x87, 0x0a, 0xb8, 0x81, 0x00, 0xde, 0x8c, 0x41, 0xcf, 0xa3, 0x42, + 0x67, 0x4f, 0x45, 0xb6, 0x70, 0x73, 0x2c, 0x35, 0xa8, 0x42, 0x83, 0x8d, 0xa0, 0x8c, 0xfc, 0x97, + 0x2e, 0xec, 0x23, 0x48, 0x60, 0x06, 0xfb, 0x5f, 0x96, 0xe9, 0x7f, 0x3a, 0x87, 0x2f, 0xd7, 0xb3, + 0xef, 0x83, 0xca, 0xe2, 0x10, 0xc8, 0x17, 0x84, 0x1b, 0x7b, 0x60, 0xc8, 0x0e, 0x75, 0xfa, 0x67, + 0xbe, 0x75, 0xbd, 0x95, 0x8a, 0xe3, 0xef, 0xbc, 0xff, 0xf5, 0xe7, 0xe3, 0x5a, 0x87, 0xb4, 0x6d, + 0x43, 0x66, 0x3d, 0xa7, 0x89, 0x35, 0x3b, 0xce, 0x2f, 0xfa, 0x8e, 0x7c, 0x46, 0x78, 0x3d, 0x77, + 0x39, 0xb9, 0xb1, 0x18, 0x73, 0xda, 0x09, 0xde, 0xd3, 0x55, 0x72, 0xe6, 0x69, 0xfd, 0xeb, 0x96, + 0xf5, 0x0a, 0xd9, 0x3e, 0x85, 0x95, 0x7c, 0x47, 0xb8, 0x59, 0x38, 0x8c, 0xdc, 0x5a, 0x8c, 0x59, + 0xf3, 0xe1, 0x8a, 0x25, 0x65, 0x16, 0xf3, 0xa6, 0x7f, 0x1a, 0xe6, 0x5d, 0xd7, 0x90, 0x1f, 0x10, + 0x6e, 0x16, 0x5e, 0x5b, 0x86, 0x5d, 0x73, 0xa4, 0xb7, 0xc4, 0x31, 0xd5, 0x58, 0xa8, 0xde, 0x78, + 0x77, 0xc9, 0x1b, 0x3f, 0x78, 0xfc, 0x63, 0xd2, 0x46, 0x3f, 0x27, 0x6d, 0xf4, 0x7b, 0xd2, 0x46, + 0x2f, 0xee, 0xfd, 0xdb, 0x28, 0x0e, 0x93, 0x18, 0x52, 0x77, 0xf6, 0x1f, 0x34, 0xed, 0x00, 0xbe, + 0xf3, 0x37, 0x00, 0x00, 0xff, 0xff, 0x96, 0x3f, 0x16, 0xa7, 0x2a, 0x06, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -460,8 +391,6 @@ type ApplicationSetServiceClient interface { Create(ctx context.Context, in *ApplicationSetCreateRequest, opts ...grpc.CallOption) (*v1alpha1.ApplicationSet, error) // Delete deletes an application set Delete(ctx context.Context, in *ApplicationSetDeleteRequest, opts ...grpc.CallOption) (*ApplicationSetResponse, error) - // ResourceTree returns resource tree - ResourceTree(ctx context.Context, in *ApplicationSetTreeQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetTree, error) } type applicationSetServiceClient struct { @@ -508,15 +437,6 @@ func (c *applicationSetServiceClient) Delete(ctx context.Context, in *Applicatio return out, nil } -func (c *applicationSetServiceClient) ResourceTree(ctx context.Context, in *ApplicationSetTreeQuery, opts ...grpc.CallOption) (*v1alpha1.ApplicationSetTree, error) { - out := new(v1alpha1.ApplicationSetTree) - err := c.cc.Invoke(ctx, "/applicationset.ApplicationSetService/ResourceTree", in, out, opts...) - if err != nil { - return nil, err - } - return out, nil -} - // ApplicationSetServiceServer is the server API for ApplicationSetService service. type ApplicationSetServiceServer interface { // Get returns an applicationset by name @@ -527,8 +447,6 @@ type ApplicationSetServiceServer interface { Create(context.Context, *ApplicationSetCreateRequest) (*v1alpha1.ApplicationSet, error) // Delete deletes an application set Delete(context.Context, *ApplicationSetDeleteRequest) (*ApplicationSetResponse, error) - // ResourceTree returns resource tree - ResourceTree(context.Context, *ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) } // UnimplementedApplicationSetServiceServer can be embedded to have forward compatible implementations. @@ -547,9 +465,6 @@ func (*UnimplementedApplicationSetServiceServer) Create(ctx context.Context, req func (*UnimplementedApplicationSetServiceServer) Delete(ctx context.Context, req *ApplicationSetDeleteRequest) (*ApplicationSetResponse, error) { return nil, status.Errorf(codes.Unimplemented, "method Delete not implemented") } -func (*UnimplementedApplicationSetServiceServer) ResourceTree(ctx context.Context, req *ApplicationSetTreeQuery) (*v1alpha1.ApplicationSetTree, error) { - return nil, status.Errorf(codes.Unimplemented, "method ResourceTree not implemented") -} func RegisterApplicationSetServiceServer(s *grpc.Server, srv ApplicationSetServiceServer) { s.RegisterService(&_ApplicationSetService_serviceDesc, srv) @@ -627,24 +542,6 @@ func _ApplicationSetService_Delete_Handler(srv interface{}, ctx context.Context, return interceptor(ctx, in, info, handler) } -func _ApplicationSetService_ResourceTree_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { - in := new(ApplicationSetTreeQuery) - if err := dec(in); err != nil { - return nil, err - } - if interceptor == nil { - return srv.(ApplicationSetServiceServer).ResourceTree(ctx, in) - } - info := &grpc.UnaryServerInfo{ - Server: srv, - FullMethod: "/applicationset.ApplicationSetService/ResourceTree", - } - handler := func(ctx context.Context, req interface{}) (interface{}, error) { - return srv.(ApplicationSetServiceServer).ResourceTree(ctx, req.(*ApplicationSetTreeQuery)) - } - return interceptor(ctx, in, info, handler) -} - var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ ServiceName: "applicationset.ApplicationSetService", HandlerType: (*ApplicationSetServiceServer)(nil), @@ -665,10 +562,6 @@ var _ApplicationSetService_serviceDesc = grpc.ServiceDesc{ MethodName: "Delete", Handler: _ApplicationSetService_Delete_Handler, }, - { - MethodName: "ResourceTree", - Handler: _ApplicationSetService_ResourceTree_Handler, - }, }, Streams: []grpc.StreamDesc{}, Metadata: "server/applicationset/applicationset.proto", @@ -835,16 +728,6 @@ func (m *ApplicationSetCreateRequest) MarshalToSizedBuffer(dAtA []byte) (int, er i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.DryRun { - i-- - if m.DryRun { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x18 - } if m.Upsert { i-- if m.Upsert { @@ -911,47 +794,6 @@ func (m *ApplicationSetDeleteRequest) MarshalToSizedBuffer(dAtA []byte) (int, er return len(dAtA) - i, nil } -func (m *ApplicationSetTreeQuery) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ApplicationSetTreeQuery) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ApplicationSetTreeQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.AppsetNamespace) > 0 { - i -= len(m.AppsetNamespace) - copy(dAtA[i:], m.AppsetNamespace) - i = encodeVarintApplicationset(dAtA, i, uint64(len(m.AppsetNamespace))) - i-- - dAtA[i] = 0x12 - } - if len(m.Name) > 0 { - i -= len(m.Name) - copy(dAtA[i:], m.Name) - i = encodeVarintApplicationset(dAtA, i, uint64(len(m.Name))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil -} - func encodeVarintApplicationset(dAtA []byte, offset int, v uint64) int { offset -= sovApplicationset(v) base := offset @@ -1042,9 +884,6 @@ func (m *ApplicationSetCreateRequest) Size() (n int) { if m.Upsert { n += 2 } - if m.DryRun { - n += 2 - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -1071,26 +910,6 @@ func (m *ApplicationSetDeleteRequest) Size() (n int) { return n } -func (m *ApplicationSetTreeQuery) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Name) - if l > 0 { - n += 1 + l + sovApplicationset(uint64(l)) - } - l = len(m.AppsetNamespace) - if l > 0 { - n += 1 + l + sovApplicationset(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - func sovApplicationset(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -1563,26 +1382,6 @@ func (m *ApplicationSetCreateRequest) Unmarshal(dAtA []byte) error { } } m.Upsert = bool(v != 0) - case 3: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field DryRun", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.DryRun = bool(v != 0) default: iNdEx = preIndex skippy, err := skipApplicationset(dAtA[iNdEx:]) @@ -1720,121 +1519,6 @@ func (m *ApplicationSetDeleteRequest) Unmarshal(dAtA []byte) error { } return nil } -func (m *ApplicationSetTreeQuery) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSetTreeQuery: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSetTreeQuery: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthApplicationset - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthApplicationset - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Name = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppsetNamespace", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApplicationset - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthApplicationset - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthApplicationset - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AppsetNamespace = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipApplicationset(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthApplicationset - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func skipApplicationset(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apiclient/applicationset/applicationset.pb.gw.go b/pkg/apiclient/applicationset/applicationset.pb.gw.go index daad3043c52ca..5e4c73f7add3b 100644 --- a/pkg/apiclient/applicationset/applicationset.pb.gw.go +++ b/pkg/apiclient/applicationset/applicationset.pb.gw.go @@ -265,78 +265,6 @@ func local_request_ApplicationSetService_Delete_0(ctx context.Context, marshaler } -var ( - filter_ApplicationSetService_ResourceTree_0 = &utilities.DoubleArray{Encoding: map[string]int{"name": 0}, Base: []int{1, 1, 0}, Check: []int{0, 1, 2}} -) - -func request_ApplicationSetService_ResourceTree_0(ctx context.Context, marshaler runtime.Marshaler, client ApplicationSetServiceClient, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq ApplicationSetTreeQuery - var metadata runtime.ServerMetadata - - var ( - val string - ok bool - err error - _ = err - ) - - val, ok = pathParams["name"] - if !ok { - return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") - } - - protoReq.Name, err = runtime.String(val) - - if err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) - } - - if err := req.ParseForm(); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_ResourceTree_0); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := client.ResourceTree(ctx, &protoReq, grpc.Header(&metadata.HeaderMD), grpc.Trailer(&metadata.TrailerMD)) - return msg, metadata, err - -} - -func local_request_ApplicationSetService_ResourceTree_0(ctx context.Context, marshaler runtime.Marshaler, server ApplicationSetServiceServer, req *http.Request, pathParams map[string]string) (proto.Message, runtime.ServerMetadata, error) { - var protoReq ApplicationSetTreeQuery - var metadata runtime.ServerMetadata - - var ( - val string - ok bool - err error - _ = err - ) - - val, ok = pathParams["name"] - if !ok { - return nil, metadata, status.Errorf(codes.InvalidArgument, "missing parameter %s", "name") - } - - protoReq.Name, err = runtime.String(val) - - if err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "type mismatch, parameter: %s, error: %v", "name", err) - } - - if err := req.ParseForm(); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - if err := runtime.PopulateQueryParameters(&protoReq, req.Form, filter_ApplicationSetService_ResourceTree_0); err != nil { - return nil, metadata, status.Errorf(codes.InvalidArgument, "%v", err) - } - - msg, err := server.ResourceTree(ctx, &protoReq) - return msg, metadata, err - -} - // RegisterApplicationSetServiceHandlerServer registers the http handlers for service ApplicationSetService to "mux". // UnaryRPC :call ApplicationSetServiceServer directly. // StreamingRPC :currently unsupported pending https://github.com/grpc/grpc-go/issues/906. @@ -435,29 +363,6 @@ func RegisterApplicationSetServiceHandlerServer(ctx context.Context, mux *runtim }) - mux.Handle("GET", pattern_ApplicationSetService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - var stream runtime.ServerTransportStream - ctx = grpc.NewContextWithServerTransportStream(ctx, &stream) - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateIncomingContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := local_request_ApplicationSetService_ResourceTree_0(rctx, inboundMarshaler, server, req, pathParams) - md.HeaderMD, md.TrailerMD = metadata.Join(md.HeaderMD, stream.Header()), metadata.Join(md.TrailerMD, stream.Trailer()) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_ApplicationSetService_ResourceTree_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - return nil } @@ -579,26 +484,6 @@ func RegisterApplicationSetServiceHandlerClient(ctx context.Context, mux *runtim }) - mux.Handle("GET", pattern_ApplicationSetService_ResourceTree_0, func(w http.ResponseWriter, req *http.Request, pathParams map[string]string) { - ctx, cancel := context.WithCancel(req.Context()) - defer cancel() - inboundMarshaler, outboundMarshaler := runtime.MarshalerForRequest(mux, req) - rctx, err := runtime.AnnotateContext(ctx, mux, req) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - resp, md, err := request_ApplicationSetService_ResourceTree_0(rctx, inboundMarshaler, client, req, pathParams) - ctx = runtime.NewServerMetadataContext(ctx, md) - if err != nil { - runtime.HTTPError(ctx, mux, outboundMarshaler, w, req, err) - return - } - - forward_ApplicationSetService_ResourceTree_0(ctx, mux, outboundMarshaler, w, req, resp, mux.GetForwardResponseOptions()...) - - }) - return nil } @@ -610,8 +495,6 @@ var ( pattern_ApplicationSetService_Create_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2}, []string{"api", "v1", "applicationsets"}, "", runtime.AssumeColonVerbOpt(true))) pattern_ApplicationSetService_Delete_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3}, []string{"api", "v1", "applicationsets", "name"}, "", runtime.AssumeColonVerbOpt(true))) - - pattern_ApplicationSetService_ResourceTree_0 = runtime.MustPattern(runtime.NewPattern(1, []int{2, 0, 2, 1, 2, 2, 1, 0, 4, 1, 5, 3, 2, 4}, []string{"api", "v1", "applicationsets", "name", "resource-tree"}, "", runtime.AssumeColonVerbOpt(true))) ) var ( @@ -622,6 +505,4 @@ var ( forward_ApplicationSetService_Create_0 = runtime.ForwardResponseMessage forward_ApplicationSetService_Delete_0 = runtime.ForwardResponseMessage - - forward_ApplicationSetService_ResourceTree_0 = runtime.ForwardResponseMessage ) diff --git a/pkg/apiclient/cluster/mocks/ClusterServiceServer.go b/pkg/apiclient/cluster/mocks/ClusterServiceServer.go index 27e33721be747..f6118b7a43f95 100644 --- a/pkg/apiclient/cluster/mocks/ClusterServiceServer.go +++ b/pkg/apiclient/cluster/mocks/ClusterServiceServer.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. +// Code generated by mockery v1.0.0. DO NOT EDIT. package mocks @@ -21,15 +21,7 @@ type ClusterServiceServer struct { func (_m *ClusterServiceServer) Create(_a0 context.Context, _a1 *cluster.ClusterCreateRequest) (*v1alpha1.Cluster, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for Create") - } - var r0 *v1alpha1.Cluster - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterCreateRequest) (*v1alpha1.Cluster, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterCreateRequest) *v1alpha1.Cluster); ok { r0 = rf(_a0, _a1) } else { @@ -38,6 +30,7 @@ func (_m *ClusterServiceServer) Create(_a0 context.Context, _a1 *cluster.Cluster } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterCreateRequest) error); ok { r1 = rf(_a0, _a1) } else { @@ -51,15 +44,7 @@ func (_m *ClusterServiceServer) Create(_a0 context.Context, _a1 *cluster.Cluster func (_m *ClusterServiceServer) Delete(_a0 context.Context, _a1 *cluster.ClusterQuery) (*cluster.ClusterResponse, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for Delete") - } - var r0 *cluster.ClusterResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*cluster.ClusterResponse, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *cluster.ClusterResponse); ok { r0 = rf(_a0, _a1) } else { @@ -68,6 +53,7 @@ func (_m *ClusterServiceServer) Delete(_a0 context.Context, _a1 *cluster.Cluster } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { r1 = rf(_a0, _a1) } else { @@ -81,15 +67,7 @@ func (_m *ClusterServiceServer) Delete(_a0 context.Context, _a1 *cluster.Cluster func (_m *ClusterServiceServer) Get(_a0 context.Context, _a1 *cluster.ClusterQuery) (*v1alpha1.Cluster, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for Get") - } - var r0 *v1alpha1.Cluster - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*v1alpha1.Cluster, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *v1alpha1.Cluster); ok { r0 = rf(_a0, _a1) } else { @@ -98,36 +76,7 @@ func (_m *ClusterServiceServer) Get(_a0 context.Context, _a1 *cluster.ClusterQue } } - if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// InvalidateCache provides a mock function with given fields: _a0, _a1 -func (_m *ClusterServiceServer) InvalidateCache(_a0 context.Context, _a1 *cluster.ClusterQuery) (*v1alpha1.Cluster, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for InvalidateCache") - } - - var r0 *v1alpha1.Cluster var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*v1alpha1.Cluster, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *v1alpha1.Cluster); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*v1alpha1.Cluster) - } - } - if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { r1 = rf(_a0, _a1) } else { @@ -141,15 +90,7 @@ func (_m *ClusterServiceServer) InvalidateCache(_a0 context.Context, _a1 *cluste func (_m *ClusterServiceServer) List(_a0 context.Context, _a1 *cluster.ClusterQuery) (*v1alpha1.ClusterList, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for List") - } - var r0 *v1alpha1.ClusterList - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*v1alpha1.ClusterList, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *v1alpha1.ClusterList); ok { r0 = rf(_a0, _a1) } else { @@ -158,36 +99,7 @@ func (_m *ClusterServiceServer) List(_a0 context.Context, _a1 *cluster.ClusterQu } } - if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// RotateAuth provides a mock function with given fields: _a0, _a1 -func (_m *ClusterServiceServer) RotateAuth(_a0 context.Context, _a1 *cluster.ClusterQuery) (*cluster.ClusterResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for RotateAuth") - } - - var r0 *cluster.ClusterResponse var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) (*cluster.ClusterResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterQuery) *cluster.ClusterResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*cluster.ClusterResponse) - } - } - if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterQuery) error); ok { r1 = rf(_a0, _a1) } else { @@ -201,15 +113,7 @@ func (_m *ClusterServiceServer) RotateAuth(_a0 context.Context, _a1 *cluster.Clu func (_m *ClusterServiceServer) Update(_a0 context.Context, _a1 *cluster.ClusterUpdateRequest) (*v1alpha1.Cluster, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for Update") - } - var r0 *v1alpha1.Cluster - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterUpdateRequest) (*v1alpha1.Cluster, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, *cluster.ClusterUpdateRequest) *v1alpha1.Cluster); ok { r0 = rf(_a0, _a1) } else { @@ -218,6 +122,7 @@ func (_m *ClusterServiceServer) Update(_a0 context.Context, _a1 *cluster.Cluster } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, *cluster.ClusterUpdateRequest) error); ok { r1 = rf(_a0, _a1) } else { @@ -226,17 +131,3 @@ func (_m *ClusterServiceServer) Update(_a0 context.Context, _a1 *cluster.Cluster return r0, r1 } - -// NewClusterServiceServer creates a new instance of ClusterServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewClusterServiceServer(t interface { - mock.TestingT - Cleanup(func()) -}) *ClusterServiceServer { - mock := &ClusterServiceServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/apiclient/grpcproxy.go b/pkg/apiclient/grpcproxy.go index b426db178a2ac..72fea42efee3f 100644 --- a/pkg/apiclient/grpcproxy.go +++ b/pkg/apiclient/grpcproxy.go @@ -3,7 +3,6 @@ package apiclient import ( "bytes" "encoding/binary" - "errors" "fmt" "io" "net" @@ -66,6 +65,7 @@ func (c *client) executeRequest(fullMethodName string, msg []byte, md metadata.M requestURL = fmt.Sprintf("%s://%s%s", schema, c.ServerAddr, fullMethodName) } req, err := http.NewRequest(http.MethodPost, requestURL, bytes.NewReader(toFrame(msg))) + if err != nil { return nil, err } @@ -108,6 +108,7 @@ func (c *client) startGRPCProxy() (*grpc.Server, net.Listener, error) { } serverAddr := fmt.Sprintf("%s/argocd-%s.sock", os.TempDir(), randSuffix) ln, err := net.Listen("unix", serverAddr) + if err != nil { return nil, nil, err } @@ -131,6 +132,7 @@ func (c *client) startGRPCProxy() (*grpc.Server, net.Listener, error) { md, _ := metadata.FromIncomingContext(stream.Context()) headersMD, err := parseGRPCHeaders(c.Headers) + if err != nil { return err } @@ -152,7 +154,7 @@ func (c *client) startGRPCProxy() (*grpc.Server, net.Listener, error) { for { header := make([]byte, frameHeaderLength) if _, err := io.ReadAtLeast(resp.Body, header, frameHeaderLength); err != nil { - if errors.Is(err, io.EOF) { + if err == io.EOF { err = io.ErrUnexpectedEOF } return err @@ -165,7 +167,7 @@ func (c *client) startGRPCProxy() (*grpc.Server, net.Listener, error) { data := make([]byte, length) if read, err := io.ReadAtLeast(resp.Body, data, length); err != nil { - if !errors.Is(err, io.EOF) { + if err != io.EOF { return err } else if read < length { return io.ErrUnexpectedEOF @@ -177,6 +179,7 @@ func (c *client) startGRPCProxy() (*grpc.Server, net.Listener, error) { if err := stream.SendMsg(data); err != nil { return err } + } })) go func() { diff --git a/pkg/apiclient/repository/repository.pb.go b/pkg/apiclient/repository/repository.pb.go index 8dbb20ce7bc70..5540580c21f45 100644 --- a/pkg/apiclient/repository/repository.pb.go +++ b/pkg/apiclient/repository/repository.pb.go @@ -163,16 +163,12 @@ func (m *AppInfo) GetPath() string { // RepoAppDetailsQuery contains query information for app details request type RepoAppDetailsQuery struct { - Source *v1alpha1.ApplicationSource `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"` - AppName string `protobuf:"bytes,2,opt,name=appName,proto3" json:"appName,omitempty"` - AppProject string `protobuf:"bytes,3,opt,name=appProject,proto3" json:"appProject,omitempty"` - // source index (for multi source apps) - SourceIndex int32 `protobuf:"varint,4,opt,name=sourceIndex,proto3" json:"sourceIndex,omitempty"` - // versionId from historical data (for multi source apps) - VersionId int32 `protobuf:"varint,5,opt,name=versionId,proto3" json:"versionId,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` + Source *v1alpha1.ApplicationSource `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"` + AppName string `protobuf:"bytes,2,opt,name=appName,proto3" json:"appName,omitempty"` + AppProject string `protobuf:"bytes,3,opt,name=appProject,proto3" json:"appProject,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` } func (m *RepoAppDetailsQuery) Reset() { *m = RepoAppDetailsQuery{} } @@ -229,20 +225,6 @@ func (m *RepoAppDetailsQuery) GetAppProject() string { return "" } -func (m *RepoAppDetailsQuery) GetSourceIndex() int32 { - if m != nil { - return m.SourceIndex - } - return 0 -} - -func (m *RepoAppDetailsQuery) GetVersionId() int32 { - if m != nil { - return m.VersionId - } - return 0 -} - // RepoAppsResponse contains applications of specified repository type RepoAppsResponse struct { Items []*AppInfo `protobuf:"bytes,1,rep,name=items,proto3" json:"items,omitempty"` @@ -296,9 +278,7 @@ type RepoQuery struct { // Repo URL for query Repo string `protobuf:"bytes,1,opt,name=repo,proto3" json:"repo,omitempty"` // Whether to force a cache refresh on repo's connection state - ForceRefresh bool `protobuf:"varint,2,opt,name=forceRefresh,proto3" json:"forceRefresh,omitempty"` - // App project for query - AppProject string `protobuf:"bytes,3,opt,name=appProject,proto3" json:"appProject,omitempty"` + ForceRefresh bool `protobuf:"varint,2,opt,name=forceRefresh,proto3" json:"forceRefresh,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -351,13 +331,6 @@ func (m *RepoQuery) GetForceRefresh() bool { return false } -func (m *RepoQuery) GetAppProject() string { - if m != nil { - return m.AppProject - } - return "" -} - // RepoAccessQuery is a query for checking access to a repo type RepoAccessQuery struct { // The URL to the repo @@ -730,81 +703,79 @@ func init() { } var fileDescriptor_8d38260443475705 = []byte{ - // 1178 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x5d, 0x6f, 0x1b, 0x45, - 0x17, 0xd6, 0x26, 0x8d, 0x93, 0x9c, 0x7c, 0xd4, 0x99, 0xe4, 0xed, 0xbb, 0xb8, 0x6e, 0x1a, 0x6d, - 0x4b, 0x15, 0xa2, 0xb2, 0x6e, 0x8c, 0x10, 0xa8, 0x08, 0x24, 0xe7, 0x43, 0x4d, 0x44, 0x44, 0xca, - 0x56, 0xe1, 0x02, 0x81, 0xd0, 0x64, 0x7d, 0x62, 0x6f, 0xbb, 0xde, 0x9d, 0xce, 0x8c, 0x4d, 0xad, - 0xaa, 0x37, 0x5c, 0x21, 0xc1, 0x0d, 0x42, 0x48, 0xdc, 0x21, 0x24, 0x24, 0x2e, 0xf8, 0x23, 0x5c, - 0x22, 0xf1, 0x07, 0x50, 0xc4, 0x8f, 0xe0, 0x0a, 0xa1, 0x99, 0x59, 0xef, 0xae, 0x13, 0xdb, 0x49, - 0x45, 0xc8, 0xdd, 0xcc, 0x73, 0xce, 0x9e, 0xf3, 0xcc, 0xb3, 0xe7, 0x9c, 0x9d, 0x05, 0x47, 0x20, - 0xef, 0x20, 0xaf, 0x70, 0x64, 0xb1, 0x08, 0x64, 0xcc, 0xbb, 0xb9, 0xa5, 0xcb, 0x78, 0x2c, 0x63, - 0x02, 0x19, 0x52, 0x2a, 0x37, 0xe2, 0xb8, 0x11, 0x62, 0x85, 0xb2, 0xa0, 0x42, 0xa3, 0x28, 0x96, - 0x54, 0x06, 0x71, 0x24, 0x8c, 0x67, 0x69, 0xaf, 0x11, 0xc8, 0x66, 0xfb, 0xd0, 0xf5, 0xe3, 0x56, - 0x85, 0xf2, 0x46, 0xcc, 0x78, 0xfc, 0x58, 0x2f, 0x5e, 0xf7, 0xeb, 0x95, 0x4e, 0xb5, 0xc2, 0x9e, - 0x34, 0xd4, 0x93, 0xa2, 0x42, 0x19, 0x0b, 0x03, 0x5f, 0x3f, 0x5b, 0xe9, 0xac, 0xd3, 0x90, 0x35, - 0xe9, 0x7a, 0xa5, 0x81, 0x11, 0x72, 0x2a, 0xb1, 0x9e, 0x44, 0xdb, 0x3e, 0x23, 0x9a, 0xa6, 0x75, - 0x26, 0x7d, 0xa7, 0x0b, 0x73, 0x1e, 0xb2, 0xb8, 0xc6, 0x98, 0xf8, 0xb0, 0x8d, 0xbc, 0x4b, 0x08, - 0x5c, 0x51, 0x4e, 0xb6, 0xb5, 0x62, 0xad, 0x4e, 0x7b, 0x7a, 0x4d, 0x4a, 0x30, 0xc5, 0xb1, 0x13, - 0x88, 0x20, 0x8e, 0xec, 0x31, 0x8d, 0xa7, 0x7b, 0x62, 0xc3, 0x24, 0x65, 0xec, 0x03, 0xda, 0x42, - 0x7b, 0x5c, 0x9b, 0x7a, 0x5b, 0xb2, 0x0c, 0x40, 0x19, 0x7b, 0xc8, 0xe3, 0xc7, 0xe8, 0x4b, 0xfb, - 0x8a, 0x36, 0xe6, 0x10, 0x67, 0x1d, 0x26, 0x6b, 0x8c, 0xed, 0x46, 0x47, 0xb1, 0x4a, 0x2a, 0xbb, - 0x0c, 0x7b, 0x49, 0xd5, 0x5a, 0x61, 0x8c, 0xca, 0x66, 0x92, 0x50, 0xaf, 0x9d, 0xbf, 0x2c, 0x58, - 0x4c, 0xe8, 0x6e, 0xa1, 0xa4, 0x41, 0x98, 0x90, 0x6e, 0x40, 0x41, 0xc4, 0x6d, 0xee, 0x9b, 0x08, - 0x33, 0xd5, 0x7d, 0x37, 0x53, 0xc7, 0xed, 0xa9, 0xa3, 0x17, 0x9f, 0xf9, 0x75, 0xb7, 0x53, 0x75, - 0xd9, 0x93, 0x86, 0xab, 0xb4, 0x76, 0x73, 0x5a, 0xbb, 0x3d, 0xad, 0xdd, 0x5a, 0x06, 0x3e, 0xd2, - 0x61, 0xbd, 0x24, 0x7c, 0xfe, 0xb4, 0x63, 0xa3, 0x4e, 0x3b, 0x7e, 0xf2, 0xb4, 0x64, 0x05, 0x66, - 0x4c, 0x8c, 0xdd, 0xa8, 0x8e, 0xcf, 0xb4, 0x1c, 0x13, 0x5e, 0x1e, 0x22, 0x65, 0x98, 0xee, 0x20, - 0x57, 0xa2, 0xee, 0xd6, 0xed, 0x09, 0x6d, 0xcf, 0x00, 0xe7, 0x5d, 0x28, 0xf6, 0x5e, 0x94, 0x87, - 0x82, 0xc5, 0x91, 0x40, 0xf2, 0x1a, 0x4c, 0x04, 0x12, 0x5b, 0xc2, 0xb6, 0x56, 0xc6, 0x57, 0x67, - 0xaa, 0x8b, 0x6e, 0xee, 0xf5, 0x26, 0xd2, 0x7a, 0xc6, 0xc3, 0xf1, 0x61, 0x5a, 0x3d, 0x3e, 0xfc, - 0x1d, 0x3b, 0x30, 0x7b, 0x14, 0xab, 0xa3, 0xe2, 0x11, 0x47, 0x61, 0x64, 0x9f, 0xf2, 0xfa, 0xb0, - 0xb3, 0xce, 0xe8, 0xfc, 0x38, 0x01, 0x57, 0x35, 0x49, 0xdf, 0x47, 0x31, 0xba, 0x9e, 0xda, 0x02, - 0x79, 0x94, 0xc9, 0x98, 0xee, 0x95, 0x8d, 0x51, 0x21, 0x3e, 0x8f, 0x79, 0x3d, 0xc9, 0x90, 0xee, - 0xc9, 0x6d, 0x98, 0x13, 0xa2, 0xf9, 0x90, 0x07, 0x1d, 0x2a, 0xf1, 0x7d, 0xec, 0x26, 0x45, 0xd5, - 0x0f, 0xaa, 0x08, 0x41, 0x24, 0xd0, 0x6f, 0x73, 0xd4, 0x32, 0x4e, 0x79, 0xe9, 0x9e, 0xdc, 0x85, - 0x05, 0x19, 0x8a, 0xcd, 0x30, 0xc0, 0x48, 0x6e, 0x22, 0x97, 0x5b, 0x54, 0x52, 0xbb, 0xa0, 0xa3, - 0x9c, 0x36, 0x90, 0x35, 0x28, 0xf6, 0x81, 0x2a, 0xe5, 0xa4, 0x76, 0x3e, 0x85, 0xa7, 0x25, 0x3c, - 0xdd, 0x5f, 0xc2, 0xfa, 0x8c, 0x60, 0x30, 0x7d, 0xbe, 0x32, 0x4c, 0x63, 0x44, 0x0f, 0x43, 0xdc, - 0xf7, 0x03, 0x7b, 0x46, 0xd3, 0xcb, 0x00, 0x72, 0x0f, 0x16, 0x4d, 0xe5, 0xd6, 0x94, 0xaa, 0xe9, - 0x39, 0x67, 0x75, 0x80, 0x41, 0x26, 0x55, 0x57, 0x29, 0xbc, 0xbb, 0x65, 0xcf, 0xad, 0x58, 0xab, - 0xe3, 0x5e, 0x1e, 0x22, 0x6f, 0xc3, 0xff, 0xb3, 0x6d, 0x24, 0x24, 0x0d, 0x43, 0x5d, 0xda, 0xbb, - 0x5b, 0xf6, 0xbc, 0xf6, 0x1e, 0x66, 0x26, 0xef, 0x41, 0x29, 0x35, 0x6d, 0x47, 0x12, 0x39, 0xe3, - 0x81, 0xc0, 0x0d, 0x2a, 0xf0, 0x80, 0x87, 0xf6, 0x55, 0x4d, 0x6a, 0x84, 0x07, 0x59, 0x82, 0x09, - 0xc6, 0xe3, 0x67, 0x5d, 0xbb, 0xa8, 0x5d, 0xcd, 0x46, 0xf5, 0x10, 0x4b, 0x4a, 0x68, 0xc1, 0xf4, - 0x50, 0xb2, 0x25, 0x55, 0x58, 0x6a, 0xf8, 0xec, 0x11, 0xf2, 0x4e, 0xe0, 0x63, 0xcd, 0xf7, 0xe3, - 0x76, 0xa4, 0x35, 0x27, 0xda, 0x6d, 0xa0, 0x8d, 0xb8, 0x40, 0x74, 0x8d, 0xee, 0x48, 0xc9, 0x36, - 0xa8, 0x08, 0xfc, 0x5a, 0x5b, 0x36, 0xed, 0x45, 0x2d, 0xec, 0x00, 0x8b, 0x33, 0x0f, 0xb3, 0xaa, - 0x44, 0x7b, 0x3d, 0xe4, 0xfc, 0x6c, 0xc1, 0x82, 0x02, 0x36, 0x39, 0x52, 0x89, 0x1e, 0x3e, 0x6d, - 0xa3, 0x90, 0xe4, 0x93, 0x5c, 0xd5, 0xce, 0x54, 0x77, 0xfe, 0xdd, 0x38, 0xf1, 0xd2, 0xae, 0x4c, - 0xea, 0xff, 0x1a, 0x14, 0xda, 0x4c, 0x20, 0x97, 0x49, 0x97, 0x25, 0x3b, 0x55, 0x1b, 0x3e, 0xc7, - 0xba, 0xd8, 0x8f, 0xc2, 0xae, 0x2e, 0xfe, 0x29, 0x2f, 0x03, 0x9c, 0xa7, 0x86, 0xe8, 0x01, 0xab, - 0x5f, 0x16, 0xd1, 0xea, 0xdf, 0xf3, 0x26, 0xa7, 0x01, 0x13, 0xf1, 0xc9, 0xd7, 0x16, 0x5c, 0xd9, - 0x0b, 0x84, 0x24, 0xff, 0xcb, 0x0f, 0x9c, 0x74, 0xbc, 0x94, 0xf6, 0x2e, 0x8a, 0x85, 0x4a, 0xe2, - 0xdc, 0xfc, 0xe2, 0xf7, 0x3f, 0xbf, 0x1d, 0xbb, 0x46, 0x96, 0xf4, 0x67, 0xb5, 0xb3, 0x9e, 0x7d, - 0xc3, 0x02, 0x14, 0x5f, 0x8e, 0x59, 0xe4, 0x2b, 0x0b, 0xc6, 0x1f, 0xe0, 0x50, 0x36, 0x17, 0xa6, - 0x89, 0x73, 0x4b, 0x33, 0xb9, 0x41, 0xae, 0x0f, 0x62, 0x52, 0x79, 0xae, 0x76, 0x2f, 0xc8, 0x77, - 0x16, 0x14, 0x15, 0x6f, 0x2f, 0x67, 0xbb, 0x1c, 0xa1, 0xca, 0xa3, 0x84, 0x22, 0x9f, 0xc2, 0x94, - 0xa1, 0x75, 0x34, 0x94, 0x4e, 0xb1, 0x1f, 0x3e, 0x12, 0xce, 0xaa, 0x0e, 0xe9, 0x90, 0x95, 0x11, - 0x27, 0xae, 0x70, 0x15, 0xb2, 0x65, 0xc2, 0xab, 0xcf, 0x13, 0x79, 0xe5, 0x64, 0xf8, 0xf4, 0x76, - 0x51, 0x2a, 0x0f, 0x32, 0xa5, 0xbd, 0x78, 0xae, 0x74, 0x54, 0xa5, 0xf8, 0xc6, 0x82, 0xb9, 0x07, - 0x28, 0xb3, 0x7b, 0x00, 0xb9, 0x39, 0x20, 0x72, 0xfe, 0x8e, 0x50, 0x72, 0x86, 0x3b, 0xa4, 0x04, - 0xde, 0xd1, 0x04, 0xde, 0x74, 0xee, 0x0d, 0x26, 0x60, 0xbe, 0xd6, 0x3a, 0xce, 0x81, 0xb7, 0xa7, - 0xa9, 0xd4, 0x4d, 0x84, 0xfb, 0xd6, 0x1a, 0xe9, 0x68, 0x4a, 0x3b, 0x18, 0xb6, 0x36, 0x9b, 0x94, - 0xcb, 0xa1, 0x32, 0x2f, 0xe7, 0xe1, 0xcc, 0x3d, 0x25, 0xe1, 0x6a, 0x12, 0xab, 0xe4, 0xce, 0x28, - 0x15, 0x9a, 0x18, 0xb6, 0x7c, 0x93, 0xe6, 0x7b, 0x0b, 0x0a, 0x66, 0x7a, 0x91, 0x1b, 0x27, 0x33, - 0xf6, 0x4d, 0xb5, 0x0b, 0x6c, 0x85, 0x57, 0x35, 0xc7, 0xb2, 0x33, 0xb0, 0xd6, 0xee, 0xeb, 0xe1, - 0xa1, 0x5a, 0xf3, 0x07, 0x0b, 0x8a, 0x3d, 0x0a, 0xbd, 0x67, 0x2f, 0x8f, 0xa4, 0x73, 0x36, 0x49, - 0xf2, 0x93, 0x05, 0x05, 0x33, 0x51, 0x4f, 0xf3, 0xea, 0x9b, 0xb4, 0x17, 0xc8, 0x6b, 0xdd, 0xbc, - 0xe0, 0xd2, 0x88, 0x32, 0xd7, 0x54, 0x5e, 0x64, 0x42, 0xfe, 0x62, 0x41, 0xb1, 0x47, 0x67, 0xb8, - 0x90, 0xff, 0x15, 0x61, 0xf7, 0xe5, 0x08, 0x13, 0x0a, 0x85, 0x2d, 0x0c, 0x51, 0xe2, 0xb0, 0x16, - 0xb0, 0x4f, 0xc2, 0x69, 0xf1, 0xdf, 0x31, 0x33, 0x76, 0x6d, 0xd4, 0x8c, 0x55, 0x82, 0x34, 0xa1, - 0x68, 0x52, 0xe4, 0xf4, 0x78, 0xe9, 0x64, 0xb7, 0xce, 0x91, 0x8c, 0x3c, 0x87, 0xf9, 0x8f, 0x68, - 0x18, 0x28, 0x65, 0xcd, 0xbd, 0x96, 0x5c, 0x3f, 0x35, 0x49, 0xb2, 0xfb, 0xee, 0x88, 0x6c, 0x55, - 0x9d, 0xed, 0xae, 0x73, 0x7b, 0x54, 0x5f, 0x77, 0x92, 0x54, 0x46, 0xc9, 0x8d, 0xed, 0x5f, 0x8f, - 0x97, 0xad, 0xdf, 0x8e, 0x97, 0xad, 0x3f, 0x8e, 0x97, 0xad, 0x8f, 0xdf, 0x3a, 0xdf, 0x1f, 0xa4, - 0xaf, 0x2f, 0xa6, 0xb9, 0x7f, 0xbd, 0xc3, 0x82, 0xfe, 0xd9, 0x7b, 0xe3, 0x9f, 0x00, 0x00, 0x00, - 0xff, 0xff, 0x56, 0xc6, 0x8e, 0x59, 0xd1, 0x0e, 0x00, 0x00, + // 1146 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x57, 0x5f, 0x6f, 0x1b, 0x45, + 0x10, 0xd7, 0x25, 0x8d, 0x9b, 0x4c, 0x9a, 0xd4, 0xd9, 0x84, 0x72, 0xb8, 0x69, 0x1a, 0x5d, 0x4b, + 0x15, 0xa2, 0x72, 0xd7, 0x18, 0x21, 0x50, 0x11, 0x48, 0xce, 0x1f, 0x35, 0x11, 0x11, 0x29, 0x57, + 0x85, 0x07, 0x04, 0x42, 0x9b, 0xf3, 0xc4, 0xbe, 0xf6, 0x7c, 0xb7, 0xdd, 0x5d, 0x1b, 0xac, 0xaa, + 0x2f, 0x3c, 0x21, 0xc1, 0x0b, 0x42, 0x48, 0xbc, 0x21, 0x24, 0x24, 0x1e, 0xf8, 0x02, 0x7c, 0x04, + 0x1e, 0x91, 0xf8, 0x02, 0x28, 0xe2, 0x73, 0x20, 0xb4, 0xbb, 0xe7, 0xbb, 0x73, 0x62, 0x3b, 0xa9, + 0x08, 0x79, 0xdb, 0xf9, 0xcd, 0xdc, 0xcc, 0x6f, 0x7f, 0x3b, 0x3b, 0x6b, 0x83, 0x23, 0x90, 0x77, + 0x90, 0x7b, 0x1c, 0x59, 0x22, 0x42, 0x99, 0xf0, 0x6e, 0x61, 0xe9, 0x32, 0x9e, 0xc8, 0x84, 0x40, + 0x8e, 0x54, 0x16, 0x1b, 0x49, 0xd2, 0x88, 0xd0, 0xa3, 0x2c, 0xf4, 0x68, 0x1c, 0x27, 0x92, 0xca, + 0x30, 0x89, 0x85, 0x89, 0xac, 0xec, 0x36, 0x42, 0xd9, 0x6c, 0x1f, 0xb8, 0x41, 0xd2, 0xf2, 0x28, + 0x6f, 0x24, 0x8c, 0x27, 0x8f, 0xf5, 0xe2, 0xf5, 0xa0, 0xee, 0x75, 0xaa, 0x1e, 0x7b, 0xd2, 0x50, + 0x5f, 0x0a, 0x8f, 0x32, 0x16, 0x85, 0x81, 0xfe, 0xd6, 0xeb, 0xac, 0xd1, 0x88, 0x35, 0xe9, 0x9a, + 0xd7, 0xc0, 0x18, 0x39, 0x95, 0x58, 0x4f, 0xb3, 0x6d, 0x9d, 0x92, 0x4d, 0xd3, 0x3a, 0x95, 0xbe, + 0xd3, 0x85, 0x19, 0x1f, 0x59, 0x52, 0x63, 0x4c, 0x7c, 0xd8, 0x46, 0xde, 0x25, 0x04, 0x2e, 0xa9, + 0x20, 0xdb, 0x5a, 0xb6, 0x56, 0xa6, 0x7c, 0xbd, 0x26, 0x15, 0x98, 0xe4, 0xd8, 0x09, 0x45, 0x98, + 0xc4, 0xf6, 0x98, 0xc6, 0x33, 0x9b, 0xd8, 0x70, 0x99, 0x32, 0xf6, 0x01, 0x6d, 0xa1, 0x3d, 0xae, + 0x5d, 0x3d, 0x93, 0x2c, 0x01, 0x50, 0xc6, 0x1e, 0xf2, 0xe4, 0x31, 0x06, 0xd2, 0xbe, 0xa4, 0x9d, + 0x05, 0xc4, 0x59, 0x83, 0xcb, 0x35, 0xc6, 0x76, 0xe2, 0xc3, 0x44, 0x15, 0x95, 0x5d, 0x86, 0xbd, + 0xa2, 0x6a, 0xad, 0x30, 0x46, 0x65, 0x33, 0x2d, 0xa8, 0xd7, 0xce, 0x6f, 0x16, 0xcc, 0xa7, 0x74, + 0x37, 0x51, 0xd2, 0x30, 0x4a, 0x49, 0x37, 0xa0, 0x24, 0x92, 0x36, 0x0f, 0x4c, 0x86, 0xe9, 0xea, + 0x9e, 0x9b, 0xab, 0xe3, 0xf6, 0xd4, 0xd1, 0x8b, 0xcf, 0x82, 0xba, 0xdb, 0xa9, 0xba, 0xec, 0x49, + 0xc3, 0x55, 0x5a, 0xbb, 0x05, 0xad, 0xdd, 0x9e, 0xd6, 0x6e, 0x2d, 0x07, 0x1f, 0xe9, 0xb4, 0x7e, + 0x9a, 0xbe, 0xb8, 0xdb, 0xb1, 0x51, 0xbb, 0x1d, 0x3f, 0xb1, 0xdb, 0x77, 0xa1, 0xdc, 0x13, 0xda, + 0x47, 0xc1, 0x92, 0x58, 0x20, 0x79, 0x0d, 0x26, 0x42, 0x89, 0x2d, 0x61, 0x5b, 0xcb, 0xe3, 0x2b, + 0xd3, 0xd5, 0x79, 0xb7, 0x70, 0x3c, 0xa9, 0x34, 0xbe, 0x89, 0x70, 0x36, 0x60, 0x4a, 0x7d, 0x3e, + 0xfc, 0x8c, 0x1c, 0xb8, 0x72, 0x98, 0x28, 0xaa, 0x78, 0xc8, 0x51, 0x18, 0xd9, 0x26, 0xfd, 0x3e, + 0xcc, 0xf9, 0x69, 0x02, 0xae, 0x6a, 0x12, 0x41, 0x80, 0x62, 0xf4, 0x79, 0xb7, 0x05, 0xf2, 0x38, + 0xdf, 0x66, 0x66, 0x2b, 0x1f, 0xa3, 0x42, 0x7c, 0x9e, 0xf0, 0x7a, 0xba, 0xcb, 0xcc, 0x26, 0xb7, + 0x61, 0x46, 0x88, 0xe6, 0x43, 0x1e, 0x76, 0xa8, 0xc4, 0xf7, 0xb1, 0x9b, 0x1e, 0x7a, 0x3f, 0xa8, + 0x32, 0x84, 0xb1, 0xc0, 0xa0, 0xcd, 0xd1, 0x9e, 0xd0, 0x2c, 0x33, 0x9b, 0xdc, 0x85, 0x39, 0x19, + 0x89, 0x8d, 0x28, 0xc4, 0x58, 0x6e, 0x20, 0x97, 0x9b, 0x54, 0x52, 0xbb, 0xa4, 0xb3, 0x9c, 0x74, + 0x90, 0x55, 0x28, 0xf7, 0x81, 0xaa, 0xe4, 0x65, 0x1d, 0x7c, 0x02, 0xcf, 0x5a, 0x6c, 0xaa, 0xbf, + 0xc5, 0xf4, 0x1e, 0xc1, 0x60, 0x7a, 0x7f, 0x8b, 0x30, 0x85, 0x31, 0x3d, 0x88, 0x70, 0x2f, 0x08, + 0xed, 0x69, 0x4d, 0x2f, 0x07, 0xc8, 0x3d, 0x98, 0x37, 0x9d, 0x55, 0x53, 0x27, 0x9b, 0xed, 0xf3, + 0x8a, 0x4e, 0x30, 0xc8, 0x45, 0x96, 0x61, 0x3a, 0x83, 0x77, 0x36, 0xed, 0x99, 0x65, 0x6b, 0x65, + 0xdc, 0x2f, 0x42, 0xe4, 0x6d, 0x78, 0x39, 0x37, 0x63, 0x21, 0x69, 0x14, 0xe9, 0xd6, 0xdb, 0xd9, + 0xb4, 0x67, 0x75, 0xf4, 0x30, 0x37, 0x79, 0x0f, 0x2a, 0x99, 0x6b, 0x2b, 0x96, 0xc8, 0x19, 0x0f, + 0x05, 0xae, 0x53, 0x81, 0xfb, 0x3c, 0xb2, 0xaf, 0x6a, 0x52, 0x23, 0x22, 0xc8, 0x02, 0x4c, 0x30, + 0x9e, 0x7c, 0xd1, 0xb5, 0xcb, 0x3a, 0xd4, 0x18, 0xaa, 0xc7, 0x59, 0xda, 0xc6, 0x73, 0xa6, 0xc7, + 0x53, 0x93, 0x54, 0x61, 0xa1, 0x11, 0xb0, 0x47, 0xc8, 0x3b, 0x61, 0x80, 0xb5, 0x20, 0x48, 0xda, + 0xb1, 0xd6, 0x9c, 0xe8, 0xb0, 0x81, 0x3e, 0xe2, 0x02, 0xd1, 0x3d, 0xb8, 0x2d, 0x25, 0x5b, 0xa7, + 0x22, 0x0c, 0x6a, 0x6d, 0xd9, 0xb4, 0xe7, 0xb5, 0xb0, 0x03, 0x3c, 0xce, 0x2c, 0x5c, 0x51, 0x2d, + 0xda, 0xbb, 0x23, 0xce, 0x2f, 0x16, 0xcc, 0x29, 0x60, 0x83, 0x23, 0x95, 0xe8, 0xe3, 0xd3, 0x36, + 0x0a, 0x49, 0x3e, 0x29, 0x74, 0xed, 0x74, 0x75, 0xfb, 0xbf, 0x5d, 0x77, 0x3f, 0xbb, 0x75, 0x69, + 0xff, 0x5f, 0x83, 0x52, 0x9b, 0x09, 0xe4, 0x32, 0xbd, 0x45, 0xa9, 0xa5, 0x7a, 0x23, 0xe0, 0x58, + 0x17, 0x7b, 0x71, 0xd4, 0xd5, 0xcd, 0x3f, 0xe9, 0xe7, 0x80, 0xf3, 0xd4, 0x10, 0xdd, 0x67, 0xf5, + 0x8b, 0x22, 0x5a, 0xfd, 0x67, 0xd6, 0xd4, 0x34, 0x60, 0x2a, 0x3e, 0xf9, 0xc6, 0x82, 0x4b, 0xbb, + 0xa1, 0x90, 0xe4, 0xa5, 0xe2, 0x40, 0xc9, 0xc6, 0x47, 0x65, 0xf7, 0xbc, 0x58, 0xa8, 0x22, 0xce, + 0xcd, 0x2f, 0xff, 0xfc, 0xfb, 0xbb, 0xb1, 0x6b, 0x64, 0x41, 0x3f, 0x7b, 0x9d, 0xb5, 0xfc, 0x8d, + 0x09, 0x51, 0x7c, 0x35, 0x66, 0x91, 0xaf, 0x2d, 0x18, 0x7f, 0x80, 0x43, 0xd9, 0x9c, 0x9b, 0x26, + 0xce, 0x2d, 0xcd, 0xe4, 0x06, 0xb9, 0x3e, 0x88, 0x89, 0xf7, 0x4c, 0x59, 0xcf, 0xc9, 0xf7, 0x16, + 0x94, 0x15, 0x6f, 0xbf, 0xe0, 0xbb, 0x18, 0xa1, 0x16, 0x47, 0x09, 0x45, 0x3e, 0x85, 0x49, 0x43, + 0xeb, 0x70, 0x28, 0x9d, 0x72, 0x3f, 0x7c, 0x28, 0x9c, 0x15, 0x9d, 0xd2, 0x21, 0xcb, 0x23, 0x76, + 0xec, 0x71, 0x95, 0xb2, 0x65, 0xd2, 0xab, 0xe7, 0x87, 0xbc, 0x72, 0x3c, 0x7d, 0xf6, 0xfa, 0x57, + 0x16, 0x07, 0xb9, 0xb2, 0xbb, 0x78, 0xa6, 0x72, 0x54, 0x95, 0xf8, 0xd6, 0x82, 0x99, 0x07, 0x28, + 0xf3, 0x77, 0x9a, 0xdc, 0x1c, 0x90, 0xb9, 0xf8, 0x86, 0x57, 0x9c, 0xe1, 0x01, 0x19, 0x81, 0x77, + 0x34, 0x81, 0x37, 0x9d, 0x7b, 0x83, 0x09, 0x98, 0x47, 0x5a, 0xe7, 0xd9, 0xf7, 0x77, 0x35, 0x95, + 0xba, 0xc9, 0x70, 0xdf, 0x5a, 0x25, 0x1d, 0x4d, 0x69, 0x1b, 0xa3, 0xd6, 0x46, 0x93, 0x72, 0x39, + 0x54, 0xe6, 0xa5, 0x22, 0x9c, 0x87, 0x67, 0x24, 0x5c, 0x4d, 0x62, 0x85, 0xdc, 0x19, 0xa5, 0x42, + 0x13, 0xa3, 0x56, 0x60, 0xca, 0xfc, 0x60, 0x41, 0xc9, 0x4c, 0x2f, 0x72, 0xe3, 0x78, 0xc5, 0xbe, + 0xa9, 0x76, 0x8e, 0x57, 0xe1, 0x55, 0xcd, 0x71, 0xd1, 0x19, 0xd8, 0x6b, 0xf7, 0xf5, 0xf0, 0x50, + 0x57, 0xf3, 0x47, 0x0b, 0xca, 0x3d, 0x0a, 0xbd, 0x6f, 0x2f, 0x8e, 0xa4, 0x73, 0x3a, 0x49, 0xf2, + 0xb3, 0x05, 0x25, 0x33, 0x51, 0x4f, 0xf2, 0xea, 0x9b, 0xb4, 0xe7, 0xc8, 0x6b, 0xcd, 0x1c, 0x70, + 0x65, 0x44, 0x9b, 0x6b, 0x2a, 0xcf, 0x73, 0x21, 0x7f, 0xb5, 0xa0, 0xdc, 0xa3, 0x33, 0x5c, 0xc8, + 0xff, 0x8b, 0xb0, 0xfb, 0x62, 0x84, 0x09, 0x85, 0xd2, 0x26, 0x46, 0x28, 0x71, 0xd8, 0x15, 0xb0, + 0x8f, 0xc3, 0x59, 0xf3, 0xdf, 0x31, 0x33, 0x76, 0x75, 0xd4, 0x8c, 0x55, 0x82, 0x34, 0xa1, 0x6c, + 0x4a, 0x14, 0xf4, 0x78, 0xe1, 0x62, 0xb7, 0xce, 0x50, 0x8c, 0x3c, 0x83, 0xd9, 0x8f, 0x68, 0x14, + 0x2a, 0x65, 0xcd, 0xef, 0x5a, 0x72, 0xfd, 0xc4, 0x24, 0xc9, 0x7f, 0xef, 0x8e, 0xa8, 0x56, 0xd5, + 0xd5, 0xee, 0x3a, 0xb7, 0x47, 0xdd, 0xeb, 0x4e, 0x5a, 0xca, 0x28, 0xb9, 0xbe, 0xf5, 0xfb, 0xd1, + 0x92, 0xf5, 0xc7, 0xd1, 0x92, 0xf5, 0xd7, 0xd1, 0x92, 0xf5, 0xf1, 0x5b, 0x67, 0xfb, 0x87, 0x17, + 0xe8, 0x1f, 0xa6, 0x85, 0xff, 0x62, 0x07, 0x25, 0xfd, 0x67, 0xec, 0x8d, 0x7f, 0x03, 0x00, 0x00, + 0xff, 0xff, 0x52, 0xa9, 0xe9, 0x17, 0x71, 0x0e, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -1505,16 +1476,6 @@ func (m *RepoAppDetailsQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.VersionId != 0 { - i = encodeVarintRepository(dAtA, i, uint64(m.VersionId)) - i-- - dAtA[i] = 0x28 - } - if m.SourceIndex != 0 { - i = encodeVarintRepository(dAtA, i, uint64(m.SourceIndex)) - i-- - dAtA[i] = 0x20 - } if len(m.AppProject) > 0 { i -= len(m.AppProject) copy(dAtA[i:], m.AppProject) @@ -1609,13 +1570,6 @@ func (m *RepoQuery) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.AppProject) > 0 { - i -= len(m.AppProject) - copy(dAtA[i:], m.AppProject) - i = encodeVarintRepository(dAtA, i, uint64(len(m.AppProject))) - i-- - dAtA[i] = 0x1a - } if m.ForceRefresh { i-- if m.ForceRefresh { @@ -2004,12 +1958,6 @@ func (m *RepoAppDetailsQuery) Size() (n int) { if l > 0 { n += 1 + l + sovRepository(uint64(l)) } - if m.SourceIndex != 0 { - n += 1 + sovRepository(uint64(m.SourceIndex)) - } - if m.VersionId != 0 { - n += 1 + sovRepository(uint64(m.VersionId)) - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2047,10 +1995,6 @@ func (m *RepoQuery) Size() (n int) { if m.ForceRefresh { n += 2 } - l = len(m.AppProject) - if l > 0 { - n += 1 + l + sovRepository(uint64(l)) - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -2615,44 +2559,6 @@ func (m *RepoAppDetailsQuery) Unmarshal(dAtA []byte) error { } m.AppProject = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field SourceIndex", wireType) - } - m.SourceIndex = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.SourceIndex |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field VersionId", wireType) - } - m.VersionId = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.VersionId |= int32(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) @@ -2841,38 +2747,6 @@ func (m *RepoQuery) Unmarshal(dAtA []byte) error { } } m.ForceRefresh = bool(v != 0) - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AppProject", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthRepository - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthRepository - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AppProject = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/pkg/apiclient/session/mocks/SessionServiceClient.go b/pkg/apiclient/session/mocks/SessionServiceClient.go index 9505a424619d9..16a3692d86600 100644 --- a/pkg/apiclient/session/mocks/SessionServiceClient.go +++ b/pkg/apiclient/session/mocks/SessionServiceClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. +// Code generated by mockery v1.0.0. DO NOT EDIT. package mocks @@ -28,15 +28,7 @@ func (_m *SessionServiceClient) Create(ctx context.Context, in *session.SessionC _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for Create") - } - var r0 *session.SessionResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *session.SessionCreateRequest, ...grpc.CallOption) (*session.SessionResponse, error)); ok { - return rf(ctx, in, opts...) - } if rf, ok := ret.Get(0).(func(context.Context, *session.SessionCreateRequest, ...grpc.CallOption) *session.SessionResponse); ok { r0 = rf(ctx, in, opts...) } else { @@ -45,6 +37,7 @@ func (_m *SessionServiceClient) Create(ctx context.Context, in *session.SessionC } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, *session.SessionCreateRequest, ...grpc.CallOption) error); ok { r1 = rf(ctx, in, opts...) } else { @@ -65,15 +58,7 @@ func (_m *SessionServiceClient) Delete(ctx context.Context, in *session.SessionD _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for Delete") - } - var r0 *session.SessionResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *session.SessionDeleteRequest, ...grpc.CallOption) (*session.SessionResponse, error)); ok { - return rf(ctx, in, opts...) - } if rf, ok := ret.Get(0).(func(context.Context, *session.SessionDeleteRequest, ...grpc.CallOption) *session.SessionResponse); ok { r0 = rf(ctx, in, opts...) } else { @@ -82,44 +67,8 @@ func (_m *SessionServiceClient) Delete(ctx context.Context, in *session.SessionD } } - if rf, ok := ret.Get(1).(func(context.Context, *session.SessionDeleteRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// GetUserInfo provides a mock function with given fields: ctx, in, opts -func (_m *SessionServiceClient) GetUserInfo(ctx context.Context, in *session.GetUserInfoRequest, opts ...grpc.CallOption) (*session.GetUserInfoResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for GetUserInfo") - } - - var r0 *session.GetUserInfoResponse var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *session.GetUserInfoRequest, ...grpc.CallOption) (*session.GetUserInfoResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *session.GetUserInfoRequest, ...grpc.CallOption) *session.GetUserInfoResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*session.GetUserInfoResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *session.GetUserInfoRequest, ...grpc.CallOption) error); ok { + if rf, ok := ret.Get(1).(func(context.Context, *session.SessionDeleteRequest, ...grpc.CallOption) error); ok { r1 = rf(ctx, in, opts...) } else { r1 = ret.Error(1) @@ -127,17 +76,3 @@ func (_m *SessionServiceClient) GetUserInfo(ctx context.Context, in *session.Get return r0, r1 } - -// NewSessionServiceClient creates a new instance of SessionServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewSessionServiceClient(t interface { - mock.TestingT - Cleanup(func()) -}) *SessionServiceClient { - mock := &SessionServiceClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/apiclient/session/mocks/SessionServiceServer.go b/pkg/apiclient/session/mocks/SessionServiceServer.go index 710176a62ed23..f518fbc75a9f8 100644 --- a/pkg/apiclient/session/mocks/SessionServiceServer.go +++ b/pkg/apiclient/session/mocks/SessionServiceServer.go @@ -1,12 +1,13 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. +// Code generated by mockery v1.0.0. DO NOT EDIT. package mocks import ( context "context" - session "github.com/argoproj/argo-cd/v2/pkg/apiclient/session" mock "github.com/stretchr/testify/mock" + + session "github.com/argoproj/argo-cd/v2/pkg/apiclient/session" ) // SessionServiceServer is an autogenerated mock type for the SessionServiceServer type @@ -18,15 +19,7 @@ type SessionServiceServer struct { func (_m *SessionServiceServer) Create(_a0 context.Context, _a1 *session.SessionCreateRequest) (*session.SessionResponse, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for Create") - } - var r0 *session.SessionResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *session.SessionCreateRequest) (*session.SessionResponse, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, *session.SessionCreateRequest) *session.SessionResponse); ok { r0 = rf(_a0, _a1) } else { @@ -35,6 +28,7 @@ func (_m *SessionServiceServer) Create(_a0 context.Context, _a1 *session.Session } } + var r1 error if rf, ok := ret.Get(1).(func(context.Context, *session.SessionCreateRequest) error); ok { r1 = rf(_a0, _a1) } else { @@ -48,15 +42,7 @@ func (_m *SessionServiceServer) Create(_a0 context.Context, _a1 *session.Session func (_m *SessionServiceServer) Delete(_a0 context.Context, _a1 *session.SessionDeleteRequest) (*session.SessionResponse, error) { ret := _m.Called(_a0, _a1) - if len(ret) == 0 { - panic("no return value specified for Delete") - } - var r0 *session.SessionResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *session.SessionDeleteRequest) (*session.SessionResponse, error)); ok { - return rf(_a0, _a1) - } if rf, ok := ret.Get(0).(func(context.Context, *session.SessionDeleteRequest) *session.SessionResponse); ok { r0 = rf(_a0, _a1) } else { @@ -65,37 +51,8 @@ func (_m *SessionServiceServer) Delete(_a0 context.Context, _a1 *session.Session } } - if rf, ok := ret.Get(1).(func(context.Context, *session.SessionDeleteRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// GetUserInfo provides a mock function with given fields: _a0, _a1 -func (_m *SessionServiceServer) GetUserInfo(_a0 context.Context, _a1 *session.GetUserInfoRequest) (*session.GetUserInfoResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for GetUserInfo") - } - - var r0 *session.GetUserInfoResponse var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *session.GetUserInfoRequest) (*session.GetUserInfoResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *session.GetUserInfoRequest) *session.GetUserInfoResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*session.GetUserInfoResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *session.GetUserInfoRequest) error); ok { + if rf, ok := ret.Get(1).(func(context.Context, *session.SessionDeleteRequest) error); ok { r1 = rf(_a0, _a1) } else { r1 = ret.Error(1) @@ -103,17 +60,3 @@ func (_m *SessionServiceServer) GetUserInfo(_a0 context.Context, _a1 *session.Ge return r0, r1 } - -// NewSessionServiceServer creates a new instance of SessionServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewSessionServiceServer(t interface { - mock.TestingT - Cleanup(func()) -}) *SessionServiceServer { - mock := &SessionServiceServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/apis/api-rules/violation_exceptions.list b/pkg/apis/api-rules/violation_exceptions.list index 0992ad394ccfa..5630d8d4bceb2 100644 --- a/pkg/apis/api-rules/violation_exceptions.list +++ b/pkg/apis/api-rules/violation_exceptions.list @@ -10,7 +10,6 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationMatchExpression,Values API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationPreservedFields,Annotations API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationPreservedFields,Labels -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetApplicationStatus,TargetRevisions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetResourceIgnoreDifferences,JQPathExpressions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetResourceIgnoreDifferences,JSONPointers API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetRolloutStep,MatchExpressions @@ -19,9 +18,7 @@ API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/ap API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetSpec,GoTemplateOptions API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,ApplicationStatus API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Conditions -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetStatus,Resources API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTemplateMeta,Finalizers -API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSetTree,Nodes API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,FileParameters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,Parameters API rule violation: list_type_missing,github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1,ApplicationSourceHelm,ValueFiles diff --git a/pkg/apis/application/v1alpha1/app_project_types.go b/pkg/apis/application/v1alpha1/app_project_types.go index 48a90d5a8233a..81f95ab624a0d 100644 --- a/pkg/apis/application/v1alpha1/app_project_types.go +++ b/pkg/apis/application/v1alpha1/app_project_types.go @@ -112,6 +112,7 @@ func (p *AppProject) GetJWTToken(roleName string, issuedAt int64, id string) (*J return &token, i, nil } } + } if issuedAt != -1 { @@ -143,10 +144,10 @@ func (p AppProject) RemoveJWTToken(roleIndex int, issuedAt int64, id string) err } if err1 == nil || err2 == nil { - // If we find this token from either places, we can say there are no error + //If we find this token from either places, we can say there are no error return nil } else { - // If we could not locate this taken from either places, we can return any of the errors + //If we could not locate this taken from either places, we can return any of the errors return err2 } } @@ -427,7 +428,7 @@ func (proj AppProject) IsDestinationPermitted(dst ApplicationDestination, projec if destinationMatched && proj.Spec.PermitOnlyProjectScopedClusters { clusters, err := projectClusters(proj.Name) if err != nil { - return false, fmt.Errorf("could not retrieve project clusters: %w", err) + return false, fmt.Errorf("could not retrieve project clusters: %s", err) } for _, cluster := range clusters { diff --git a/pkg/apis/application/v1alpha1/applicationset_types.go b/pkg/apis/application/v1alpha1/applicationset_types.go index 6c2b629dfdaa9..389f421fed400 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types.go +++ b/pkg/apis/application/v1alpha1/applicationset_types.go @@ -759,11 +759,9 @@ type ApplicationSetStatus struct { // Important: Run "make" to regenerate code after modifying this file Conditions []ApplicationSetCondition `json:"conditions,omitempty" protobuf:"bytes,1,name=conditions"` ApplicationStatus []ApplicationSetApplicationStatus `json:"applicationStatus,omitempty" protobuf:"bytes,2,name=applicationStatus"` - // Resources is a list of Applications resources managed by this application set. - Resources []ResourceStatus `json:"resources,omitempty" protobuf:"bytes,3,opt,name=resources"` } -// ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning +// ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning type ApplicationSetCondition struct { // Type is an applicationset condition type Type ApplicationSetConditionType `json:"type" protobuf:"bytes,1,opt,name=type"` @@ -773,7 +771,7 @@ type ApplicationSetCondition struct { LastTransitionTime *metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,3,opt,name=lastTransitionTime"` // True/False/Unknown Status ApplicationSetConditionStatus `json:"status" protobuf:"bytes,4,opt,name=status"` - // Single word camelcase representing the reason for the status eg ErrorOccurred + //Single word camelcase representing the reason for the status eg ErrorOccurred Reason string `json:"reason" protobuf:"bytes,5,opt,name=reason"` } @@ -835,8 +833,6 @@ type ApplicationSetApplicationStatus struct { Status string `json:"status" protobuf:"bytes,4,opt,name=status"` // Step tracks which step this Application should be updated in Step string `json:"step" protobuf:"bytes,5,opt,name=step"` - // TargetRevision tracks the desired revisions the Application should be synced to. - TargetRevisions []string `json:"targetRevisions" protobuf:"bytes,6,opt,name=targetrevisions"` } // ApplicationSetList contains a list of ApplicationSet @@ -848,21 +844,6 @@ type ApplicationSetList struct { Items []ApplicationSet `json:"items" protobuf:"bytes,2,rep,name=items"` } -// ApplicationSetTree holds nodes which belongs to the application -// Used to build a tree of an ApplicationSet and its children -type ApplicationSetTree struct { - // Nodes contains list of nodes which are directly managed by the applicationset - Nodes []ResourceNode `json:"nodes,omitempty" protobuf:"bytes,1,rep,name=nodes"` -} - -// Normalize sorts applicationset tree nodes. The persistent order allows to -// effectively compare previously cached app tree and allows to unnecessary Redis requests. -func (t *ApplicationSetTree) Normalize() { - sort.Slice(t.Nodes, func(i, j int) bool { - return t.Nodes[i].FullName() < t.Nodes[j].FullName() - }) -} - // func init() { // SchemeBuilder.Register(&ApplicationSet{}, &ApplicationSetList{}) // } diff --git a/pkg/apis/application/v1alpha1/applicationset_types_test.go b/pkg/apis/application/v1alpha1/applicationset_types_test.go index 867024578f76e..282cc1ca9a423 100644 --- a/pkg/apis/application/v1alpha1/applicationset_types_test.go +++ b/pkg/apis/application/v1alpha1/applicationset_types_test.go @@ -6,7 +6,7 @@ import ( "github.com/stretchr/testify/assert" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" ) func testAppSetCond(t ApplicationSetConditionType, msg string, lastTransitionTime *metav1.Time, status ApplicationSetConditionStatus, reason string) ApplicationSetCondition { @@ -72,6 +72,7 @@ func TestApplicationSetRBACName(t *testing.T) { a.Spec.Template.Spec.Project = "test" assert.Equal(t, "test/test-appset", a.RBACName("argocd")) }) + } func TestApplicationSetSetConditions(t *testing.T) { @@ -172,9 +173,9 @@ func TestSCMProviderGeneratorGitlab_WillIncludeSharedProjects(t *testing.T) { settings := SCMProviderGeneratorGitlab{} assert.True(t, settings.WillIncludeSharedProjects()) - settings.IncludeSharedProjects = ptr.To(false) + settings.IncludeSharedProjects = pointer.Bool(false) assert.False(t, settings.WillIncludeSharedProjects()) - settings.IncludeSharedProjects = ptr.To(true) + settings.IncludeSharedProjects = pointer.Bool(true) assert.True(t, settings.WillIncludeSharedProjects()) } diff --git a/pkg/apis/application/v1alpha1/generated.pb.go b/pkg/apis/application/v1alpha1/generated.pb.go index 46f72d9eab6ef..aed1ef619b350 100644 --- a/pkg/apis/application/v1alpha1/generated.pb.go +++ b/pkg/apis/application/v1alpha1/generated.pb.go @@ -797,38 +797,10 @@ func (m *ApplicationSetTerminalGenerator) XXX_DiscardUnknown() { var xxx_messageInfo_ApplicationSetTerminalGenerator proto.InternalMessageInfo -func (m *ApplicationSetTree) Reset() { *m = ApplicationSetTree{} } -func (*ApplicationSetTree) ProtoMessage() {} -func (*ApplicationSetTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{27} -} -func (m *ApplicationSetTree) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *ApplicationSetTree) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil -} -func (m *ApplicationSetTree) XXX_Merge(src proto.Message) { - xxx_messageInfo_ApplicationSetTree.Merge(m, src) -} -func (m *ApplicationSetTree) XXX_Size() int { - return m.Size() -} -func (m *ApplicationSetTree) XXX_DiscardUnknown() { - xxx_messageInfo_ApplicationSetTree.DiscardUnknown(m) -} - -var xxx_messageInfo_ApplicationSetTree proto.InternalMessageInfo - func (m *ApplicationSource) Reset() { *m = ApplicationSource{} } func (*ApplicationSource) ProtoMessage() {} func (*ApplicationSource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{28} + return fileDescriptor_030104ce3b95bcac, []int{27} } func (m *ApplicationSource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -856,7 +828,7 @@ var xxx_messageInfo_ApplicationSource proto.InternalMessageInfo func (m *ApplicationSourceDirectory) Reset() { *m = ApplicationSourceDirectory{} } func (*ApplicationSourceDirectory) ProtoMessage() {} func (*ApplicationSourceDirectory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{29} + return fileDescriptor_030104ce3b95bcac, []int{28} } func (m *ApplicationSourceDirectory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -884,7 +856,7 @@ var xxx_messageInfo_ApplicationSourceDirectory proto.InternalMessageInfo func (m *ApplicationSourceHelm) Reset() { *m = ApplicationSourceHelm{} } func (*ApplicationSourceHelm) ProtoMessage() {} func (*ApplicationSourceHelm) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{30} + return fileDescriptor_030104ce3b95bcac, []int{29} } func (m *ApplicationSourceHelm) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -912,7 +884,7 @@ var xxx_messageInfo_ApplicationSourceHelm proto.InternalMessageInfo func (m *ApplicationSourceJsonnet) Reset() { *m = ApplicationSourceJsonnet{} } func (*ApplicationSourceJsonnet) ProtoMessage() {} func (*ApplicationSourceJsonnet) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{31} + return fileDescriptor_030104ce3b95bcac, []int{30} } func (m *ApplicationSourceJsonnet) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -940,7 +912,7 @@ var xxx_messageInfo_ApplicationSourceJsonnet proto.InternalMessageInfo func (m *ApplicationSourceKustomize) Reset() { *m = ApplicationSourceKustomize{} } func (*ApplicationSourceKustomize) ProtoMessage() {} func (*ApplicationSourceKustomize) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{32} + return fileDescriptor_030104ce3b95bcac, []int{31} } func (m *ApplicationSourceKustomize) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -968,7 +940,7 @@ var xxx_messageInfo_ApplicationSourceKustomize proto.InternalMessageInfo func (m *ApplicationSourcePlugin) Reset() { *m = ApplicationSourcePlugin{} } func (*ApplicationSourcePlugin) ProtoMessage() {} func (*ApplicationSourcePlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{33} + return fileDescriptor_030104ce3b95bcac, []int{32} } func (m *ApplicationSourcePlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -996,7 +968,7 @@ var xxx_messageInfo_ApplicationSourcePlugin proto.InternalMessageInfo func (m *ApplicationSourcePluginParameter) Reset() { *m = ApplicationSourcePluginParameter{} } func (*ApplicationSourcePluginParameter) ProtoMessage() {} func (*ApplicationSourcePluginParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{34} + return fileDescriptor_030104ce3b95bcac, []int{33} } func (m *ApplicationSourcePluginParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1024,7 +996,7 @@ var xxx_messageInfo_ApplicationSourcePluginParameter proto.InternalMessageInfo func (m *ApplicationSpec) Reset() { *m = ApplicationSpec{} } func (*ApplicationSpec) ProtoMessage() {} func (*ApplicationSpec) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{35} + return fileDescriptor_030104ce3b95bcac, []int{34} } func (m *ApplicationSpec) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1052,7 +1024,7 @@ var xxx_messageInfo_ApplicationSpec proto.InternalMessageInfo func (m *ApplicationStatus) Reset() { *m = ApplicationStatus{} } func (*ApplicationStatus) ProtoMessage() {} func (*ApplicationStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{36} + return fileDescriptor_030104ce3b95bcac, []int{35} } func (m *ApplicationStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1080,7 +1052,7 @@ var xxx_messageInfo_ApplicationStatus proto.InternalMessageInfo func (m *ApplicationSummary) Reset() { *m = ApplicationSummary{} } func (*ApplicationSummary) ProtoMessage() {} func (*ApplicationSummary) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{37} + return fileDescriptor_030104ce3b95bcac, []int{36} } func (m *ApplicationSummary) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1108,7 +1080,7 @@ var xxx_messageInfo_ApplicationSummary proto.InternalMessageInfo func (m *ApplicationTree) Reset() { *m = ApplicationTree{} } func (*ApplicationTree) ProtoMessage() {} func (*ApplicationTree) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{38} + return fileDescriptor_030104ce3b95bcac, []int{37} } func (m *ApplicationTree) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1136,7 +1108,7 @@ var xxx_messageInfo_ApplicationTree proto.InternalMessageInfo func (m *ApplicationWatchEvent) Reset() { *m = ApplicationWatchEvent{} } func (*ApplicationWatchEvent) ProtoMessage() {} func (*ApplicationWatchEvent) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{39} + return fileDescriptor_030104ce3b95bcac, []int{38} } func (m *ApplicationWatchEvent) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1164,7 +1136,7 @@ var xxx_messageInfo_ApplicationWatchEvent proto.InternalMessageInfo func (m *Backoff) Reset() { *m = Backoff{} } func (*Backoff) ProtoMessage() {} func (*Backoff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{40} + return fileDescriptor_030104ce3b95bcac, []int{39} } func (m *Backoff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1192,7 +1164,7 @@ var xxx_messageInfo_Backoff proto.InternalMessageInfo func (m *BasicAuthBitbucketServer) Reset() { *m = BasicAuthBitbucketServer{} } func (*BasicAuthBitbucketServer) ProtoMessage() {} func (*BasicAuthBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{41} + return fileDescriptor_030104ce3b95bcac, []int{40} } func (m *BasicAuthBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1220,7 +1192,7 @@ var xxx_messageInfo_BasicAuthBitbucketServer proto.InternalMessageInfo func (m *BearerTokenBitbucketCloud) Reset() { *m = BearerTokenBitbucketCloud{} } func (*BearerTokenBitbucketCloud) ProtoMessage() {} func (*BearerTokenBitbucketCloud) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{42} + return fileDescriptor_030104ce3b95bcac, []int{41} } func (m *BearerTokenBitbucketCloud) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1248,7 +1220,7 @@ var xxx_messageInfo_BearerTokenBitbucketCloud proto.InternalMessageInfo func (m *ChartDetails) Reset() { *m = ChartDetails{} } func (*ChartDetails) ProtoMessage() {} func (*ChartDetails) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{43} + return fileDescriptor_030104ce3b95bcac, []int{42} } func (m *ChartDetails) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1276,7 +1248,7 @@ var xxx_messageInfo_ChartDetails proto.InternalMessageInfo func (m *Cluster) Reset() { *m = Cluster{} } func (*Cluster) ProtoMessage() {} func (*Cluster) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{44} + return fileDescriptor_030104ce3b95bcac, []int{43} } func (m *Cluster) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1304,7 +1276,7 @@ var xxx_messageInfo_Cluster proto.InternalMessageInfo func (m *ClusterCacheInfo) Reset() { *m = ClusterCacheInfo{} } func (*ClusterCacheInfo) ProtoMessage() {} func (*ClusterCacheInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{45} + return fileDescriptor_030104ce3b95bcac, []int{44} } func (m *ClusterCacheInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1332,7 +1304,7 @@ var xxx_messageInfo_ClusterCacheInfo proto.InternalMessageInfo func (m *ClusterConfig) Reset() { *m = ClusterConfig{} } func (*ClusterConfig) ProtoMessage() {} func (*ClusterConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{46} + return fileDescriptor_030104ce3b95bcac, []int{45} } func (m *ClusterConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1360,7 +1332,7 @@ var xxx_messageInfo_ClusterConfig proto.InternalMessageInfo func (m *ClusterGenerator) Reset() { *m = ClusterGenerator{} } func (*ClusterGenerator) ProtoMessage() {} func (*ClusterGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{47} + return fileDescriptor_030104ce3b95bcac, []int{46} } func (m *ClusterGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1388,7 +1360,7 @@ var xxx_messageInfo_ClusterGenerator proto.InternalMessageInfo func (m *ClusterInfo) Reset() { *m = ClusterInfo{} } func (*ClusterInfo) ProtoMessage() {} func (*ClusterInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{48} + return fileDescriptor_030104ce3b95bcac, []int{47} } func (m *ClusterInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1416,7 +1388,7 @@ var xxx_messageInfo_ClusterInfo proto.InternalMessageInfo func (m *ClusterList) Reset() { *m = ClusterList{} } func (*ClusterList) ProtoMessage() {} func (*ClusterList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{49} + return fileDescriptor_030104ce3b95bcac, []int{48} } func (m *ClusterList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1444,7 +1416,7 @@ var xxx_messageInfo_ClusterList proto.InternalMessageInfo func (m *Command) Reset() { *m = Command{} } func (*Command) ProtoMessage() {} func (*Command) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{50} + return fileDescriptor_030104ce3b95bcac, []int{49} } func (m *Command) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1472,7 +1444,7 @@ var xxx_messageInfo_Command proto.InternalMessageInfo func (m *ComparedTo) Reset() { *m = ComparedTo{} } func (*ComparedTo) ProtoMessage() {} func (*ComparedTo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{51} + return fileDescriptor_030104ce3b95bcac, []int{50} } func (m *ComparedTo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1500,7 +1472,7 @@ var xxx_messageInfo_ComparedTo proto.InternalMessageInfo func (m *ComponentParameter) Reset() { *m = ComponentParameter{} } func (*ComponentParameter) ProtoMessage() {} func (*ComponentParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{52} + return fileDescriptor_030104ce3b95bcac, []int{51} } func (m *ComponentParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1528,7 +1500,7 @@ var xxx_messageInfo_ComponentParameter proto.InternalMessageInfo func (m *ConfigManagementPlugin) Reset() { *m = ConfigManagementPlugin{} } func (*ConfigManagementPlugin) ProtoMessage() {} func (*ConfigManagementPlugin) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{53} + return fileDescriptor_030104ce3b95bcac, []int{52} } func (m *ConfigManagementPlugin) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1556,7 +1528,7 @@ var xxx_messageInfo_ConfigManagementPlugin proto.InternalMessageInfo func (m *ConnectionState) Reset() { *m = ConnectionState{} } func (*ConnectionState) ProtoMessage() {} func (*ConnectionState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{54} + return fileDescriptor_030104ce3b95bcac, []int{53} } func (m *ConnectionState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1584,7 +1556,7 @@ var xxx_messageInfo_ConnectionState proto.InternalMessageInfo func (m *DuckTypeGenerator) Reset() { *m = DuckTypeGenerator{} } func (*DuckTypeGenerator) ProtoMessage() {} func (*DuckTypeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{55} + return fileDescriptor_030104ce3b95bcac, []int{54} } func (m *DuckTypeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1612,7 +1584,7 @@ var xxx_messageInfo_DuckTypeGenerator proto.InternalMessageInfo func (m *EnvEntry) Reset() { *m = EnvEntry{} } func (*EnvEntry) ProtoMessage() {} func (*EnvEntry) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{56} + return fileDescriptor_030104ce3b95bcac, []int{55} } func (m *EnvEntry) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1640,7 +1612,7 @@ var xxx_messageInfo_EnvEntry proto.InternalMessageInfo func (m *ErrApplicationNotAllowedToUseProject) Reset() { *m = ErrApplicationNotAllowedToUseProject{} } func (*ErrApplicationNotAllowedToUseProject) ProtoMessage() {} func (*ErrApplicationNotAllowedToUseProject) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{57} + return fileDescriptor_030104ce3b95bcac, []int{56} } func (m *ErrApplicationNotAllowedToUseProject) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1668,7 +1640,7 @@ var xxx_messageInfo_ErrApplicationNotAllowedToUseProject proto.InternalMessageIn func (m *ExecProviderConfig) Reset() { *m = ExecProviderConfig{} } func (*ExecProviderConfig) ProtoMessage() {} func (*ExecProviderConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{58} + return fileDescriptor_030104ce3b95bcac, []int{57} } func (m *ExecProviderConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1696,7 +1668,7 @@ var xxx_messageInfo_ExecProviderConfig proto.InternalMessageInfo func (m *GitDirectoryGeneratorItem) Reset() { *m = GitDirectoryGeneratorItem{} } func (*GitDirectoryGeneratorItem) ProtoMessage() {} func (*GitDirectoryGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{59} + return fileDescriptor_030104ce3b95bcac, []int{58} } func (m *GitDirectoryGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1724,7 +1696,7 @@ var xxx_messageInfo_GitDirectoryGeneratorItem proto.InternalMessageInfo func (m *GitFileGeneratorItem) Reset() { *m = GitFileGeneratorItem{} } func (*GitFileGeneratorItem) ProtoMessage() {} func (*GitFileGeneratorItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{60} + return fileDescriptor_030104ce3b95bcac, []int{59} } func (m *GitFileGeneratorItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1752,7 +1724,7 @@ var xxx_messageInfo_GitFileGeneratorItem proto.InternalMessageInfo func (m *GitGenerator) Reset() { *m = GitGenerator{} } func (*GitGenerator) ProtoMessage() {} func (*GitGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{61} + return fileDescriptor_030104ce3b95bcac, []int{60} } func (m *GitGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1780,7 +1752,7 @@ var xxx_messageInfo_GitGenerator proto.InternalMessageInfo func (m *GnuPGPublicKey) Reset() { *m = GnuPGPublicKey{} } func (*GnuPGPublicKey) ProtoMessage() {} func (*GnuPGPublicKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{62} + return fileDescriptor_030104ce3b95bcac, []int{61} } func (m *GnuPGPublicKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1808,7 +1780,7 @@ var xxx_messageInfo_GnuPGPublicKey proto.InternalMessageInfo func (m *GnuPGPublicKeyList) Reset() { *m = GnuPGPublicKeyList{} } func (*GnuPGPublicKeyList) ProtoMessage() {} func (*GnuPGPublicKeyList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{63} + return fileDescriptor_030104ce3b95bcac, []int{62} } func (m *GnuPGPublicKeyList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1836,7 +1808,7 @@ var xxx_messageInfo_GnuPGPublicKeyList proto.InternalMessageInfo func (m *HealthStatus) Reset() { *m = HealthStatus{} } func (*HealthStatus) ProtoMessage() {} func (*HealthStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{64} + return fileDescriptor_030104ce3b95bcac, []int{63} } func (m *HealthStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1864,7 +1836,7 @@ var xxx_messageInfo_HealthStatus proto.InternalMessageInfo func (m *HelmFileParameter) Reset() { *m = HelmFileParameter{} } func (*HelmFileParameter) ProtoMessage() {} func (*HelmFileParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{65} + return fileDescriptor_030104ce3b95bcac, []int{64} } func (m *HelmFileParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1892,7 +1864,7 @@ var xxx_messageInfo_HelmFileParameter proto.InternalMessageInfo func (m *HelmOptions) Reset() { *m = HelmOptions{} } func (*HelmOptions) ProtoMessage() {} func (*HelmOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{66} + return fileDescriptor_030104ce3b95bcac, []int{65} } func (m *HelmOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1920,7 +1892,7 @@ var xxx_messageInfo_HelmOptions proto.InternalMessageInfo func (m *HelmParameter) Reset() { *m = HelmParameter{} } func (*HelmParameter) ProtoMessage() {} func (*HelmParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{67} + return fileDescriptor_030104ce3b95bcac, []int{66} } func (m *HelmParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1948,7 +1920,7 @@ var xxx_messageInfo_HelmParameter proto.InternalMessageInfo func (m *HostInfo) Reset() { *m = HostInfo{} } func (*HostInfo) ProtoMessage() {} func (*HostInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{68} + return fileDescriptor_030104ce3b95bcac, []int{67} } func (m *HostInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1976,7 +1948,7 @@ var xxx_messageInfo_HostInfo proto.InternalMessageInfo func (m *HostResourceInfo) Reset() { *m = HostResourceInfo{} } func (*HostResourceInfo) ProtoMessage() {} func (*HostResourceInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{69} + return fileDescriptor_030104ce3b95bcac, []int{68} } func (m *HostResourceInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2004,7 +1976,7 @@ var xxx_messageInfo_HostResourceInfo proto.InternalMessageInfo func (m *Info) Reset() { *m = Info{} } func (*Info) ProtoMessage() {} func (*Info) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{70} + return fileDescriptor_030104ce3b95bcac, []int{69} } func (m *Info) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2032,7 +2004,7 @@ var xxx_messageInfo_Info proto.InternalMessageInfo func (m *InfoItem) Reset() { *m = InfoItem{} } func (*InfoItem) ProtoMessage() {} func (*InfoItem) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{71} + return fileDescriptor_030104ce3b95bcac, []int{70} } func (m *InfoItem) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2060,7 +2032,7 @@ var xxx_messageInfo_InfoItem proto.InternalMessageInfo func (m *JWTToken) Reset() { *m = JWTToken{} } func (*JWTToken) ProtoMessage() {} func (*JWTToken) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{72} + return fileDescriptor_030104ce3b95bcac, []int{71} } func (m *JWTToken) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2088,7 +2060,7 @@ var xxx_messageInfo_JWTToken proto.InternalMessageInfo func (m *JWTTokens) Reset() { *m = JWTTokens{} } func (*JWTTokens) ProtoMessage() {} func (*JWTTokens) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{73} + return fileDescriptor_030104ce3b95bcac, []int{72} } func (m *JWTTokens) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2116,7 +2088,7 @@ var xxx_messageInfo_JWTTokens proto.InternalMessageInfo func (m *JsonnetVar) Reset() { *m = JsonnetVar{} } func (*JsonnetVar) ProtoMessage() {} func (*JsonnetVar) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{74} + return fileDescriptor_030104ce3b95bcac, []int{73} } func (m *JsonnetVar) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2144,7 +2116,7 @@ var xxx_messageInfo_JsonnetVar proto.InternalMessageInfo func (m *KnownTypeField) Reset() { *m = KnownTypeField{} } func (*KnownTypeField) ProtoMessage() {} func (*KnownTypeField) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{75} + return fileDescriptor_030104ce3b95bcac, []int{74} } func (m *KnownTypeField) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2172,7 +2144,7 @@ var xxx_messageInfo_KnownTypeField proto.InternalMessageInfo func (m *KustomizeGvk) Reset() { *m = KustomizeGvk{} } func (*KustomizeGvk) ProtoMessage() {} func (*KustomizeGvk) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{76} + return fileDescriptor_030104ce3b95bcac, []int{75} } func (m *KustomizeGvk) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2200,7 +2172,7 @@ var xxx_messageInfo_KustomizeGvk proto.InternalMessageInfo func (m *KustomizeOptions) Reset() { *m = KustomizeOptions{} } func (*KustomizeOptions) ProtoMessage() {} func (*KustomizeOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{77} + return fileDescriptor_030104ce3b95bcac, []int{76} } func (m *KustomizeOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2228,7 +2200,7 @@ var xxx_messageInfo_KustomizeOptions proto.InternalMessageInfo func (m *KustomizePatch) Reset() { *m = KustomizePatch{} } func (*KustomizePatch) ProtoMessage() {} func (*KustomizePatch) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{78} + return fileDescriptor_030104ce3b95bcac, []int{77} } func (m *KustomizePatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2256,7 +2228,7 @@ var xxx_messageInfo_KustomizePatch proto.InternalMessageInfo func (m *KustomizeReplica) Reset() { *m = KustomizeReplica{} } func (*KustomizeReplica) ProtoMessage() {} func (*KustomizeReplica) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{79} + return fileDescriptor_030104ce3b95bcac, []int{78} } func (m *KustomizeReplica) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2284,7 +2256,7 @@ var xxx_messageInfo_KustomizeReplica proto.InternalMessageInfo func (m *KustomizeResId) Reset() { *m = KustomizeResId{} } func (*KustomizeResId) ProtoMessage() {} func (*KustomizeResId) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{80} + return fileDescriptor_030104ce3b95bcac, []int{79} } func (m *KustomizeResId) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2312,7 +2284,7 @@ var xxx_messageInfo_KustomizeResId proto.InternalMessageInfo func (m *KustomizeSelector) Reset() { *m = KustomizeSelector{} } func (*KustomizeSelector) ProtoMessage() {} func (*KustomizeSelector) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{81} + return fileDescriptor_030104ce3b95bcac, []int{80} } func (m *KustomizeSelector) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2340,7 +2312,7 @@ var xxx_messageInfo_KustomizeSelector proto.InternalMessageInfo func (m *ListGenerator) Reset() { *m = ListGenerator{} } func (*ListGenerator) ProtoMessage() {} func (*ListGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{82} + return fileDescriptor_030104ce3b95bcac, []int{81} } func (m *ListGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2368,7 +2340,7 @@ var xxx_messageInfo_ListGenerator proto.InternalMessageInfo func (m *ManagedNamespaceMetadata) Reset() { *m = ManagedNamespaceMetadata{} } func (*ManagedNamespaceMetadata) ProtoMessage() {} func (*ManagedNamespaceMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{83} + return fileDescriptor_030104ce3b95bcac, []int{82} } func (m *ManagedNamespaceMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2396,7 +2368,7 @@ var xxx_messageInfo_ManagedNamespaceMetadata proto.InternalMessageInfo func (m *MatrixGenerator) Reset() { *m = MatrixGenerator{} } func (*MatrixGenerator) ProtoMessage() {} func (*MatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{84} + return fileDescriptor_030104ce3b95bcac, []int{83} } func (m *MatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2424,7 +2396,7 @@ var xxx_messageInfo_MatrixGenerator proto.InternalMessageInfo func (m *MergeGenerator) Reset() { *m = MergeGenerator{} } func (*MergeGenerator) ProtoMessage() {} func (*MergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{85} + return fileDescriptor_030104ce3b95bcac, []int{84} } func (m *MergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2452,7 +2424,7 @@ var xxx_messageInfo_MergeGenerator proto.InternalMessageInfo func (m *NestedMatrixGenerator) Reset() { *m = NestedMatrixGenerator{} } func (*NestedMatrixGenerator) ProtoMessage() {} func (*NestedMatrixGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{86} + return fileDescriptor_030104ce3b95bcac, []int{85} } func (m *NestedMatrixGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2480,7 +2452,7 @@ var xxx_messageInfo_NestedMatrixGenerator proto.InternalMessageInfo func (m *NestedMergeGenerator) Reset() { *m = NestedMergeGenerator{} } func (*NestedMergeGenerator) ProtoMessage() {} func (*NestedMergeGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{87} + return fileDescriptor_030104ce3b95bcac, []int{86} } func (m *NestedMergeGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2508,7 +2480,7 @@ var xxx_messageInfo_NestedMergeGenerator proto.InternalMessageInfo func (m *Operation) Reset() { *m = Operation{} } func (*Operation) ProtoMessage() {} func (*Operation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{88} + return fileDescriptor_030104ce3b95bcac, []int{87} } func (m *Operation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2536,7 +2508,7 @@ var xxx_messageInfo_Operation proto.InternalMessageInfo func (m *OperationInitiator) Reset() { *m = OperationInitiator{} } func (*OperationInitiator) ProtoMessage() {} func (*OperationInitiator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{89} + return fileDescriptor_030104ce3b95bcac, []int{88} } func (m *OperationInitiator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2564,7 +2536,7 @@ var xxx_messageInfo_OperationInitiator proto.InternalMessageInfo func (m *OperationState) Reset() { *m = OperationState{} } func (*OperationState) ProtoMessage() {} func (*OperationState) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{90} + return fileDescriptor_030104ce3b95bcac, []int{89} } func (m *OperationState) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2592,7 +2564,7 @@ var xxx_messageInfo_OperationState proto.InternalMessageInfo func (m *OptionalArray) Reset() { *m = OptionalArray{} } func (*OptionalArray) ProtoMessage() {} func (*OptionalArray) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{91} + return fileDescriptor_030104ce3b95bcac, []int{90} } func (m *OptionalArray) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2620,7 +2592,7 @@ var xxx_messageInfo_OptionalArray proto.InternalMessageInfo func (m *OptionalMap) Reset() { *m = OptionalMap{} } func (*OptionalMap) ProtoMessage() {} func (*OptionalMap) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{92} + return fileDescriptor_030104ce3b95bcac, []int{91} } func (m *OptionalMap) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2648,7 +2620,7 @@ var xxx_messageInfo_OptionalMap proto.InternalMessageInfo func (m *OrphanedResourceKey) Reset() { *m = OrphanedResourceKey{} } func (*OrphanedResourceKey) ProtoMessage() {} func (*OrphanedResourceKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{93} + return fileDescriptor_030104ce3b95bcac, []int{92} } func (m *OrphanedResourceKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2676,7 +2648,7 @@ var xxx_messageInfo_OrphanedResourceKey proto.InternalMessageInfo func (m *OrphanedResourcesMonitorSettings) Reset() { *m = OrphanedResourcesMonitorSettings{} } func (*OrphanedResourcesMonitorSettings) ProtoMessage() {} func (*OrphanedResourcesMonitorSettings) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{94} + return fileDescriptor_030104ce3b95bcac, []int{93} } func (m *OrphanedResourcesMonitorSettings) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2704,7 +2676,7 @@ var xxx_messageInfo_OrphanedResourcesMonitorSettings proto.InternalMessageInfo func (m *OverrideIgnoreDiff) Reset() { *m = OverrideIgnoreDiff{} } func (*OverrideIgnoreDiff) ProtoMessage() {} func (*OverrideIgnoreDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{95} + return fileDescriptor_030104ce3b95bcac, []int{94} } func (m *OverrideIgnoreDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2732,7 +2704,7 @@ var xxx_messageInfo_OverrideIgnoreDiff proto.InternalMessageInfo func (m *PluginConfigMapRef) Reset() { *m = PluginConfigMapRef{} } func (*PluginConfigMapRef) ProtoMessage() {} func (*PluginConfigMapRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{96} + return fileDescriptor_030104ce3b95bcac, []int{95} } func (m *PluginConfigMapRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2760,7 +2732,7 @@ var xxx_messageInfo_PluginConfigMapRef proto.InternalMessageInfo func (m *PluginGenerator) Reset() { *m = PluginGenerator{} } func (*PluginGenerator) ProtoMessage() {} func (*PluginGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{97} + return fileDescriptor_030104ce3b95bcac, []int{96} } func (m *PluginGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2788,7 +2760,7 @@ var xxx_messageInfo_PluginGenerator proto.InternalMessageInfo func (m *PluginInput) Reset() { *m = PluginInput{} } func (*PluginInput) ProtoMessage() {} func (*PluginInput) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{98} + return fileDescriptor_030104ce3b95bcac, []int{97} } func (m *PluginInput) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2816,7 +2788,7 @@ var xxx_messageInfo_PluginInput proto.InternalMessageInfo func (m *ProjectRole) Reset() { *m = ProjectRole{} } func (*ProjectRole) ProtoMessage() {} func (*ProjectRole) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{99} + return fileDescriptor_030104ce3b95bcac, []int{98} } func (m *ProjectRole) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2844,7 +2816,7 @@ var xxx_messageInfo_ProjectRole proto.InternalMessageInfo func (m *PullRequestGenerator) Reset() { *m = PullRequestGenerator{} } func (*PullRequestGenerator) ProtoMessage() {} func (*PullRequestGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{100} + return fileDescriptor_030104ce3b95bcac, []int{99} } func (m *PullRequestGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2872,7 +2844,7 @@ var xxx_messageInfo_PullRequestGenerator proto.InternalMessageInfo func (m *PullRequestGeneratorAzureDevOps) Reset() { *m = PullRequestGeneratorAzureDevOps{} } func (*PullRequestGeneratorAzureDevOps) ProtoMessage() {} func (*PullRequestGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{101} + return fileDescriptor_030104ce3b95bcac, []int{100} } func (m *PullRequestGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2900,7 +2872,7 @@ var xxx_messageInfo_PullRequestGeneratorAzureDevOps proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucket) Reset() { *m = PullRequestGeneratorBitbucket{} } func (*PullRequestGeneratorBitbucket) ProtoMessage() {} func (*PullRequestGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{102} + return fileDescriptor_030104ce3b95bcac, []int{101} } func (m *PullRequestGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2928,7 +2900,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucket proto.InternalMessageInfo func (m *PullRequestGeneratorBitbucketServer) Reset() { *m = PullRequestGeneratorBitbucketServer{} } func (*PullRequestGeneratorBitbucketServer) ProtoMessage() {} func (*PullRequestGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{103} + return fileDescriptor_030104ce3b95bcac, []int{102} } func (m *PullRequestGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2956,7 +2928,7 @@ var xxx_messageInfo_PullRequestGeneratorBitbucketServer proto.InternalMessageInf func (m *PullRequestGeneratorFilter) Reset() { *m = PullRequestGeneratorFilter{} } func (*PullRequestGeneratorFilter) ProtoMessage() {} func (*PullRequestGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{104} + return fileDescriptor_030104ce3b95bcac, []int{103} } func (m *PullRequestGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -2984,7 +2956,7 @@ var xxx_messageInfo_PullRequestGeneratorFilter proto.InternalMessageInfo func (m *PullRequestGeneratorGitLab) Reset() { *m = PullRequestGeneratorGitLab{} } func (*PullRequestGeneratorGitLab) ProtoMessage() {} func (*PullRequestGeneratorGitLab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{105} + return fileDescriptor_030104ce3b95bcac, []int{104} } func (m *PullRequestGeneratorGitLab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3012,7 +2984,7 @@ var xxx_messageInfo_PullRequestGeneratorGitLab proto.InternalMessageInfo func (m *PullRequestGeneratorGitea) Reset() { *m = PullRequestGeneratorGitea{} } func (*PullRequestGeneratorGitea) ProtoMessage() {} func (*PullRequestGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{106} + return fileDescriptor_030104ce3b95bcac, []int{105} } func (m *PullRequestGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3040,7 +3012,7 @@ var xxx_messageInfo_PullRequestGeneratorGitea proto.InternalMessageInfo func (m *PullRequestGeneratorGithub) Reset() { *m = PullRequestGeneratorGithub{} } func (*PullRequestGeneratorGithub) ProtoMessage() {} func (*PullRequestGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{107} + return fileDescriptor_030104ce3b95bcac, []int{106} } func (m *PullRequestGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3068,7 +3040,7 @@ var xxx_messageInfo_PullRequestGeneratorGithub proto.InternalMessageInfo func (m *RefTarget) Reset() { *m = RefTarget{} } func (*RefTarget) ProtoMessage() {} func (*RefTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{108} + return fileDescriptor_030104ce3b95bcac, []int{107} } func (m *RefTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3096,7 +3068,7 @@ var xxx_messageInfo_RefTarget proto.InternalMessageInfo func (m *RepoCreds) Reset() { *m = RepoCreds{} } func (*RepoCreds) ProtoMessage() {} func (*RepoCreds) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{109} + return fileDescriptor_030104ce3b95bcac, []int{108} } func (m *RepoCreds) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3124,7 +3096,7 @@ var xxx_messageInfo_RepoCreds proto.InternalMessageInfo func (m *RepoCredsList) Reset() { *m = RepoCredsList{} } func (*RepoCredsList) ProtoMessage() {} func (*RepoCredsList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{110} + return fileDescriptor_030104ce3b95bcac, []int{109} } func (m *RepoCredsList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3152,7 +3124,7 @@ var xxx_messageInfo_RepoCredsList proto.InternalMessageInfo func (m *Repository) Reset() { *m = Repository{} } func (*Repository) ProtoMessage() {} func (*Repository) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{111} + return fileDescriptor_030104ce3b95bcac, []int{110} } func (m *Repository) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3180,7 +3152,7 @@ var xxx_messageInfo_Repository proto.InternalMessageInfo func (m *RepositoryCertificate) Reset() { *m = RepositoryCertificate{} } func (*RepositoryCertificate) ProtoMessage() {} func (*RepositoryCertificate) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{112} + return fileDescriptor_030104ce3b95bcac, []int{111} } func (m *RepositoryCertificate) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3208,7 +3180,7 @@ var xxx_messageInfo_RepositoryCertificate proto.InternalMessageInfo func (m *RepositoryCertificateList) Reset() { *m = RepositoryCertificateList{} } func (*RepositoryCertificateList) ProtoMessage() {} func (*RepositoryCertificateList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{113} + return fileDescriptor_030104ce3b95bcac, []int{112} } func (m *RepositoryCertificateList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3236,7 +3208,7 @@ var xxx_messageInfo_RepositoryCertificateList proto.InternalMessageInfo func (m *RepositoryList) Reset() { *m = RepositoryList{} } func (*RepositoryList) ProtoMessage() {} func (*RepositoryList) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{114} + return fileDescriptor_030104ce3b95bcac, []int{113} } func (m *RepositoryList) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3264,7 +3236,7 @@ var xxx_messageInfo_RepositoryList proto.InternalMessageInfo func (m *ResourceAction) Reset() { *m = ResourceAction{} } func (*ResourceAction) ProtoMessage() {} func (*ResourceAction) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{115} + return fileDescriptor_030104ce3b95bcac, []int{114} } func (m *ResourceAction) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3292,7 +3264,7 @@ var xxx_messageInfo_ResourceAction proto.InternalMessageInfo func (m *ResourceActionDefinition) Reset() { *m = ResourceActionDefinition{} } func (*ResourceActionDefinition) ProtoMessage() {} func (*ResourceActionDefinition) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{116} + return fileDescriptor_030104ce3b95bcac, []int{115} } func (m *ResourceActionDefinition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3320,7 +3292,7 @@ var xxx_messageInfo_ResourceActionDefinition proto.InternalMessageInfo func (m *ResourceActionParam) Reset() { *m = ResourceActionParam{} } func (*ResourceActionParam) ProtoMessage() {} func (*ResourceActionParam) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{117} + return fileDescriptor_030104ce3b95bcac, []int{116} } func (m *ResourceActionParam) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3348,7 +3320,7 @@ var xxx_messageInfo_ResourceActionParam proto.InternalMessageInfo func (m *ResourceActions) Reset() { *m = ResourceActions{} } func (*ResourceActions) ProtoMessage() {} func (*ResourceActions) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{118} + return fileDescriptor_030104ce3b95bcac, []int{117} } func (m *ResourceActions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3376,7 +3348,7 @@ var xxx_messageInfo_ResourceActions proto.InternalMessageInfo func (m *ResourceDiff) Reset() { *m = ResourceDiff{} } func (*ResourceDiff) ProtoMessage() {} func (*ResourceDiff) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{119} + return fileDescriptor_030104ce3b95bcac, []int{118} } func (m *ResourceDiff) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3404,7 +3376,7 @@ var xxx_messageInfo_ResourceDiff proto.InternalMessageInfo func (m *ResourceIgnoreDifferences) Reset() { *m = ResourceIgnoreDifferences{} } func (*ResourceIgnoreDifferences) ProtoMessage() {} func (*ResourceIgnoreDifferences) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{120} + return fileDescriptor_030104ce3b95bcac, []int{119} } func (m *ResourceIgnoreDifferences) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3432,7 +3404,7 @@ var xxx_messageInfo_ResourceIgnoreDifferences proto.InternalMessageInfo func (m *ResourceNetworkingInfo) Reset() { *m = ResourceNetworkingInfo{} } func (*ResourceNetworkingInfo) ProtoMessage() {} func (*ResourceNetworkingInfo) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{121} + return fileDescriptor_030104ce3b95bcac, []int{120} } func (m *ResourceNetworkingInfo) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3460,7 +3432,7 @@ var xxx_messageInfo_ResourceNetworkingInfo proto.InternalMessageInfo func (m *ResourceNode) Reset() { *m = ResourceNode{} } func (*ResourceNode) ProtoMessage() {} func (*ResourceNode) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{122} + return fileDescriptor_030104ce3b95bcac, []int{121} } func (m *ResourceNode) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3488,7 +3460,7 @@ var xxx_messageInfo_ResourceNode proto.InternalMessageInfo func (m *ResourceOverride) Reset() { *m = ResourceOverride{} } func (*ResourceOverride) ProtoMessage() {} func (*ResourceOverride) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{123} + return fileDescriptor_030104ce3b95bcac, []int{122} } func (m *ResourceOverride) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3516,7 +3488,7 @@ var xxx_messageInfo_ResourceOverride proto.InternalMessageInfo func (m *ResourceRef) Reset() { *m = ResourceRef{} } func (*ResourceRef) ProtoMessage() {} func (*ResourceRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{124} + return fileDescriptor_030104ce3b95bcac, []int{123} } func (m *ResourceRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3544,7 +3516,7 @@ var xxx_messageInfo_ResourceRef proto.InternalMessageInfo func (m *ResourceResult) Reset() { *m = ResourceResult{} } func (*ResourceResult) ProtoMessage() {} func (*ResourceResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{125} + return fileDescriptor_030104ce3b95bcac, []int{124} } func (m *ResourceResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3572,7 +3544,7 @@ var xxx_messageInfo_ResourceResult proto.InternalMessageInfo func (m *ResourceStatus) Reset() { *m = ResourceStatus{} } func (*ResourceStatus) ProtoMessage() {} func (*ResourceStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{126} + return fileDescriptor_030104ce3b95bcac, []int{125} } func (m *ResourceStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3600,7 +3572,7 @@ var xxx_messageInfo_ResourceStatus proto.InternalMessageInfo func (m *RetryStrategy) Reset() { *m = RetryStrategy{} } func (*RetryStrategy) ProtoMessage() {} func (*RetryStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{127} + return fileDescriptor_030104ce3b95bcac, []int{126} } func (m *RetryStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3628,7 +3600,7 @@ var xxx_messageInfo_RetryStrategy proto.InternalMessageInfo func (m *RevisionHistory) Reset() { *m = RevisionHistory{} } func (*RevisionHistory) ProtoMessage() {} func (*RevisionHistory) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{128} + return fileDescriptor_030104ce3b95bcac, []int{127} } func (m *RevisionHistory) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3656,7 +3628,7 @@ var xxx_messageInfo_RevisionHistory proto.InternalMessageInfo func (m *RevisionMetadata) Reset() { *m = RevisionMetadata{} } func (*RevisionMetadata) ProtoMessage() {} func (*RevisionMetadata) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{129} + return fileDescriptor_030104ce3b95bcac, []int{128} } func (m *RevisionMetadata) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3684,7 +3656,7 @@ var xxx_messageInfo_RevisionMetadata proto.InternalMessageInfo func (m *SCMProviderGenerator) Reset() { *m = SCMProviderGenerator{} } func (*SCMProviderGenerator) ProtoMessage() {} func (*SCMProviderGenerator) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{130} + return fileDescriptor_030104ce3b95bcac, []int{129} } func (m *SCMProviderGenerator) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3712,7 +3684,7 @@ var xxx_messageInfo_SCMProviderGenerator proto.InternalMessageInfo func (m *SCMProviderGeneratorAWSCodeCommit) Reset() { *m = SCMProviderGeneratorAWSCodeCommit{} } func (*SCMProviderGeneratorAWSCodeCommit) ProtoMessage() {} func (*SCMProviderGeneratorAWSCodeCommit) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{131} + return fileDescriptor_030104ce3b95bcac, []int{130} } func (m *SCMProviderGeneratorAWSCodeCommit) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3740,7 +3712,7 @@ var xxx_messageInfo_SCMProviderGeneratorAWSCodeCommit proto.InternalMessageInfo func (m *SCMProviderGeneratorAzureDevOps) Reset() { *m = SCMProviderGeneratorAzureDevOps{} } func (*SCMProviderGeneratorAzureDevOps) ProtoMessage() {} func (*SCMProviderGeneratorAzureDevOps) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{132} + return fileDescriptor_030104ce3b95bcac, []int{131} } func (m *SCMProviderGeneratorAzureDevOps) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3768,7 +3740,7 @@ var xxx_messageInfo_SCMProviderGeneratorAzureDevOps proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucket) Reset() { *m = SCMProviderGeneratorBitbucket{} } func (*SCMProviderGeneratorBitbucket) ProtoMessage() {} func (*SCMProviderGeneratorBitbucket) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{133} + return fileDescriptor_030104ce3b95bcac, []int{132} } func (m *SCMProviderGeneratorBitbucket) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3796,7 +3768,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucket proto.InternalMessageInfo func (m *SCMProviderGeneratorBitbucketServer) Reset() { *m = SCMProviderGeneratorBitbucketServer{} } func (*SCMProviderGeneratorBitbucketServer) ProtoMessage() {} func (*SCMProviderGeneratorBitbucketServer) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{134} + return fileDescriptor_030104ce3b95bcac, []int{133} } func (m *SCMProviderGeneratorBitbucketServer) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3824,7 +3796,7 @@ var xxx_messageInfo_SCMProviderGeneratorBitbucketServer proto.InternalMessageInf func (m *SCMProviderGeneratorFilter) Reset() { *m = SCMProviderGeneratorFilter{} } func (*SCMProviderGeneratorFilter) ProtoMessage() {} func (*SCMProviderGeneratorFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{135} + return fileDescriptor_030104ce3b95bcac, []int{134} } func (m *SCMProviderGeneratorFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3852,7 +3824,7 @@ var xxx_messageInfo_SCMProviderGeneratorFilter proto.InternalMessageInfo func (m *SCMProviderGeneratorGitea) Reset() { *m = SCMProviderGeneratorGitea{} } func (*SCMProviderGeneratorGitea) ProtoMessage() {} func (*SCMProviderGeneratorGitea) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{136} + return fileDescriptor_030104ce3b95bcac, []int{135} } func (m *SCMProviderGeneratorGitea) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3880,7 +3852,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitea proto.InternalMessageInfo func (m *SCMProviderGeneratorGithub) Reset() { *m = SCMProviderGeneratorGithub{} } func (*SCMProviderGeneratorGithub) ProtoMessage() {} func (*SCMProviderGeneratorGithub) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{137} + return fileDescriptor_030104ce3b95bcac, []int{136} } func (m *SCMProviderGeneratorGithub) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3908,7 +3880,7 @@ var xxx_messageInfo_SCMProviderGeneratorGithub proto.InternalMessageInfo func (m *SCMProviderGeneratorGitlab) Reset() { *m = SCMProviderGeneratorGitlab{} } func (*SCMProviderGeneratorGitlab) ProtoMessage() {} func (*SCMProviderGeneratorGitlab) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{138} + return fileDescriptor_030104ce3b95bcac, []int{137} } func (m *SCMProviderGeneratorGitlab) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3936,7 +3908,7 @@ var xxx_messageInfo_SCMProviderGeneratorGitlab proto.InternalMessageInfo func (m *SecretRef) Reset() { *m = SecretRef{} } func (*SecretRef) ProtoMessage() {} func (*SecretRef) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{139} + return fileDescriptor_030104ce3b95bcac, []int{138} } func (m *SecretRef) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3964,7 +3936,7 @@ var xxx_messageInfo_SecretRef proto.InternalMessageInfo func (m *SignatureKey) Reset() { *m = SignatureKey{} } func (*SignatureKey) ProtoMessage() {} func (*SignatureKey) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{140} + return fileDescriptor_030104ce3b95bcac, []int{139} } func (m *SignatureKey) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -3992,7 +3964,7 @@ var xxx_messageInfo_SignatureKey proto.InternalMessageInfo func (m *SyncOperation) Reset() { *m = SyncOperation{} } func (*SyncOperation) ProtoMessage() {} func (*SyncOperation) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{141} + return fileDescriptor_030104ce3b95bcac, []int{140} } func (m *SyncOperation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4020,7 +3992,7 @@ var xxx_messageInfo_SyncOperation proto.InternalMessageInfo func (m *SyncOperationResource) Reset() { *m = SyncOperationResource{} } func (*SyncOperationResource) ProtoMessage() {} func (*SyncOperationResource) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{142} + return fileDescriptor_030104ce3b95bcac, []int{141} } func (m *SyncOperationResource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4048,7 +4020,7 @@ var xxx_messageInfo_SyncOperationResource proto.InternalMessageInfo func (m *SyncOperationResult) Reset() { *m = SyncOperationResult{} } func (*SyncOperationResult) ProtoMessage() {} func (*SyncOperationResult) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{143} + return fileDescriptor_030104ce3b95bcac, []int{142} } func (m *SyncOperationResult) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4076,7 +4048,7 @@ var xxx_messageInfo_SyncOperationResult proto.InternalMessageInfo func (m *SyncPolicy) Reset() { *m = SyncPolicy{} } func (*SyncPolicy) ProtoMessage() {} func (*SyncPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{144} + return fileDescriptor_030104ce3b95bcac, []int{143} } func (m *SyncPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4104,7 +4076,7 @@ var xxx_messageInfo_SyncPolicy proto.InternalMessageInfo func (m *SyncPolicyAutomated) Reset() { *m = SyncPolicyAutomated{} } func (*SyncPolicyAutomated) ProtoMessage() {} func (*SyncPolicyAutomated) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{145} + return fileDescriptor_030104ce3b95bcac, []int{144} } func (m *SyncPolicyAutomated) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4132,7 +4104,7 @@ var xxx_messageInfo_SyncPolicyAutomated proto.InternalMessageInfo func (m *SyncStatus) Reset() { *m = SyncStatus{} } func (*SyncStatus) ProtoMessage() {} func (*SyncStatus) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{146} + return fileDescriptor_030104ce3b95bcac, []int{145} } func (m *SyncStatus) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4160,7 +4132,7 @@ var xxx_messageInfo_SyncStatus proto.InternalMessageInfo func (m *SyncStrategy) Reset() { *m = SyncStrategy{} } func (*SyncStrategy) ProtoMessage() {} func (*SyncStrategy) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{147} + return fileDescriptor_030104ce3b95bcac, []int{146} } func (m *SyncStrategy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4188,7 +4160,7 @@ var xxx_messageInfo_SyncStrategy proto.InternalMessageInfo func (m *SyncStrategyApply) Reset() { *m = SyncStrategyApply{} } func (*SyncStrategyApply) ProtoMessage() {} func (*SyncStrategyApply) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{148} + return fileDescriptor_030104ce3b95bcac, []int{147} } func (m *SyncStrategyApply) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4216,7 +4188,7 @@ var xxx_messageInfo_SyncStrategyApply proto.InternalMessageInfo func (m *SyncStrategyHook) Reset() { *m = SyncStrategyHook{} } func (*SyncStrategyHook) ProtoMessage() {} func (*SyncStrategyHook) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{149} + return fileDescriptor_030104ce3b95bcac, []int{148} } func (m *SyncStrategyHook) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4244,7 +4216,7 @@ var xxx_messageInfo_SyncStrategyHook proto.InternalMessageInfo func (m *SyncWindow) Reset() { *m = SyncWindow{} } func (*SyncWindow) ProtoMessage() {} func (*SyncWindow) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{150} + return fileDescriptor_030104ce3b95bcac, []int{149} } func (m *SyncWindow) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4272,7 +4244,7 @@ var xxx_messageInfo_SyncWindow proto.InternalMessageInfo func (m *TLSClientConfig) Reset() { *m = TLSClientConfig{} } func (*TLSClientConfig) ProtoMessage() {} func (*TLSClientConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{151} + return fileDescriptor_030104ce3b95bcac, []int{150} } func (m *TLSClientConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4300,7 +4272,7 @@ var xxx_messageInfo_TLSClientConfig proto.InternalMessageInfo func (m *TagFilter) Reset() { *m = TagFilter{} } func (*TagFilter) ProtoMessage() {} func (*TagFilter) Descriptor() ([]byte, []int) { - return fileDescriptor_030104ce3b95bcac, []int{152} + return fileDescriptor_030104ce3b95bcac, []int{151} } func (m *TagFilter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -4356,7 +4328,6 @@ func init() { proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTemplateMeta.AnnotationsEntry") proto.RegisterMapType((map[string]string)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTemplateMeta.LabelsEntry") proto.RegisterType((*ApplicationSetTerminalGenerator)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTerminalGenerator") - proto.RegisterType((*ApplicationSetTree)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSetTree") proto.RegisterType((*ApplicationSource)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSource") proto.RegisterType((*ApplicationSourceDirectory)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSourceDirectory") proto.RegisterType((*ApplicationSourceHelm)(nil), "github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSourceHelm") @@ -4506,701 +4477,698 @@ func init() { } var fileDescriptor_030104ce3b95bcac = []byte{ - // 11095 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0xbd, 0x6f, 0x70, 0x24, 0xc7, - 0x75, 0x18, 0xae, 0xd9, 0xc5, 0x02, 0xbb, 0x0f, 0x7f, 0xee, 0xae, 0xef, 0x8e, 0x04, 0x4f, 0x24, - 0x71, 0x1e, 0xda, 0x14, 0xf5, 0x13, 0x09, 0x98, 0x27, 0x52, 0xe6, 0x4f, 0xb4, 0x24, 0x63, 0x81, - 0x3b, 0x1c, 0xee, 0x80, 0x03, 0xd8, 0xc0, 0xdd, 0x49, 0x94, 0x29, 0x6a, 0xb0, 0xdb, 0x58, 0xcc, - 0x61, 0x76, 0x66, 0x38, 0x33, 0x8b, 0x03, 0x68, 0x49, 0x96, 0x2c, 0xc9, 0x56, 0xa2, 0x3f, 0x54, - 0xa4, 0xa4, 0x4c, 0x27, 0x96, 0x22, 0x5b, 0x4e, 0x2a, 0xae, 0x44, 0x15, 0x27, 0xf9, 0x10, 0x27, - 0x4e, 0xca, 0x15, 0x3b, 0x95, 0x52, 0xe2, 0xa4, 0xec, 0x72, 0xb9, 0x2c, 0x27, 0xb1, 0x11, 0xe9, - 0x52, 0xa9, 0xa4, 0x52, 0x15, 0x57, 0x39, 0xf1, 0x87, 0xe4, 0x92, 0x0f, 0xa9, 0xfe, 0xdf, 0x33, - 0x3b, 0x0b, 0x2c, 0x80, 0xc1, 0xdd, 0x49, 0xe1, 0xb7, 0xdd, 0x7e, 0x6f, 0xde, 0xeb, 0xe9, 0xe9, - 0x7e, 0xef, 0xf5, 0xeb, 0xf7, 0x5e, 0xc3, 0x42, 0xcb, 0x4d, 0x36, 0x3a, 0x6b, 0x93, 0x8d, 0xa0, - 0x3d, 0xe5, 0x44, 0xad, 0x20, 0x8c, 0x82, 0x5b, 0xec, 0xc7, 0x33, 0x8d, 0xe6, 0xd4, 0xd6, 0x85, - 0xa9, 0x70, 0xb3, 0x35, 0xe5, 0x84, 0x6e, 0x3c, 0xe5, 0x84, 0xa1, 0xe7, 0x36, 0x9c, 0xc4, 0x0d, - 0xfc, 0xa9, 0xad, 0x67, 0x1d, 0x2f, 0xdc, 0x70, 0x9e, 0x9d, 0x6a, 0x11, 0x9f, 0x44, 0x4e, 0x42, - 0x9a, 0x93, 0x61, 0x14, 0x24, 0x01, 0xfa, 0x71, 0x4d, 0x6d, 0x52, 0x52, 0x63, 0x3f, 0x5e, 0x6d, - 0x34, 0x27, 0xb7, 0x2e, 0x4c, 0x86, 0x9b, 0xad, 0x49, 0x4a, 0x6d, 0xd2, 0xa0, 0x36, 0x29, 0xa9, - 0x9d, 0x7b, 0xc6, 0xe8, 0x4b, 0x2b, 0x68, 0x05, 0x53, 0x8c, 0xe8, 0x5a, 0x67, 0x9d, 0xfd, 0x63, - 0x7f, 0xd8, 0x2f, 0xce, 0xec, 0x9c, 0xbd, 0xf9, 0x42, 0x3c, 0xe9, 0x06, 0xb4, 0x7b, 0x53, 0x8d, - 0x20, 0x22, 0x53, 0x5b, 0x5d, 0x1d, 0x3a, 0x77, 0x59, 0xe3, 0x90, 0xed, 0x84, 0xf8, 0xb1, 0x1b, - 0xf8, 0xf1, 0x33, 0xb4, 0x0b, 0x24, 0xda, 0x22, 0x91, 0xf9, 0x7a, 0x06, 0x42, 0x1e, 0xa5, 0xe7, - 0x34, 0xa5, 0xb6, 0xd3, 0xd8, 0x70, 0x7d, 0x12, 0xed, 0xe8, 0xc7, 0xdb, 0x24, 0x71, 0xf2, 0x9e, - 0x9a, 0xea, 0xf5, 0x54, 0xd4, 0xf1, 0x13, 0xb7, 0x4d, 0xba, 0x1e, 0x78, 0xcf, 0x7e, 0x0f, 0xc4, - 0x8d, 0x0d, 0xd2, 0x76, 0xba, 0x9e, 0x7b, 0x77, 0xaf, 0xe7, 0x3a, 0x89, 0xeb, 0x4d, 0xb9, 0x7e, - 0x12, 0x27, 0x51, 0xf6, 0x21, 0xfb, 0x17, 0x2d, 0x18, 0x9d, 0xbe, 0xb9, 0x32, 0xdd, 0x49, 0x36, - 0x66, 0x02, 0x7f, 0xdd, 0x6d, 0xa1, 0xe7, 0x61, 0xb8, 0xe1, 0x75, 0xe2, 0x84, 0x44, 0xd7, 0x9c, - 0x36, 0x19, 0xb7, 0xce, 0x5b, 0x4f, 0xd5, 0xea, 0xa7, 0xbf, 0xbd, 0x3b, 0xf1, 0xb6, 0x3b, 0xbb, - 0x13, 0xc3, 0x33, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x4e, 0x18, 0x8a, 0x02, 0x8f, 0x4c, 0xe3, 0x6b, - 0xe3, 0x25, 0xf6, 0xc8, 0x09, 0xf1, 0xc8, 0x10, 0xe6, 0xcd, 0x58, 0xc2, 0x29, 0x6a, 0x18, 0x05, - 0xeb, 0xae, 0x47, 0xc6, 0xcb, 0x69, 0xd4, 0x65, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0xc3, 0x12, 0xc0, - 0x74, 0x18, 0x2e, 0x47, 0xc1, 0x2d, 0xd2, 0x48, 0xd0, 0x47, 0xa1, 0x4a, 0x87, 0xb9, 0xe9, 0x24, - 0x0e, 0xeb, 0xd8, 0xf0, 0x85, 0x1f, 0x9d, 0xe4, 0x6f, 0x3d, 0x69, 0xbe, 0xb5, 0x9e, 0x64, 0x14, - 0x7b, 0x72, 0xeb, 0xd9, 0xc9, 0xa5, 0x35, 0xfa, 0xfc, 0x22, 0x49, 0x9c, 0x3a, 0x12, 0xcc, 0x40, - 0xb7, 0x61, 0x45, 0x15, 0xf9, 0x30, 0x10, 0x87, 0xa4, 0xc1, 0xde, 0x61, 0xf8, 0xc2, 0xc2, 0xe4, - 0x51, 0x66, 0xf3, 0xa4, 0xee, 0xf9, 0x4a, 0x48, 0x1a, 0xf5, 0x11, 0xc1, 0x79, 0x80, 0xfe, 0xc3, - 0x8c, 0x0f, 0xda, 0x82, 0xc1, 0x38, 0x71, 0x92, 0x4e, 0xcc, 0x86, 0x62, 0xf8, 0xc2, 0xb5, 0xc2, - 0x38, 0x32, 0xaa, 0xf5, 0x31, 0xc1, 0x73, 0x90, 0xff, 0xc7, 0x82, 0x9b, 0xfd, 0x27, 0x16, 0x8c, - 0x69, 0xe4, 0x05, 0x37, 0x4e, 0xd0, 0x4f, 0x76, 0x0d, 0xee, 0x64, 0x7f, 0x83, 0x4b, 0x9f, 0x66, - 0x43, 0x7b, 0x52, 0x30, 0xab, 0xca, 0x16, 0x63, 0x60, 0xdb, 0x50, 0x71, 0x13, 0xd2, 0x8e, 0xc7, - 0x4b, 0xe7, 0xcb, 0x4f, 0x0d, 0x5f, 0xb8, 0x5c, 0xd4, 0x7b, 0xd6, 0x47, 0x05, 0xd3, 0xca, 0x3c, - 0x25, 0x8f, 0x39, 0x17, 0xfb, 0x57, 0x47, 0xcc, 0xf7, 0xa3, 0x03, 0x8e, 0x9e, 0x85, 0xe1, 0x38, - 0xe8, 0x44, 0x0d, 0x82, 0x49, 0x18, 0xc4, 0xe3, 0xd6, 0xf9, 0x32, 0x9d, 0x7a, 0x74, 0x52, 0xaf, - 0xe8, 0x66, 0x6c, 0xe2, 0xa0, 0x2f, 0x59, 0x30, 0xd2, 0x24, 0x71, 0xe2, 0xfa, 0x8c, 0xbf, 0xec, - 0xfc, 0xea, 0x91, 0x3b, 0x2f, 0x1b, 0x67, 0x35, 0xf1, 0xfa, 0x19, 0xf1, 0x22, 0x23, 0x46, 0x63, - 0x8c, 0x53, 0xfc, 0xe9, 0xe2, 0x6c, 0x92, 0xb8, 0x11, 0xb9, 0x21, 0xfd, 0x2f, 0x96, 0x8f, 0x5a, - 0x9c, 0xb3, 0x1a, 0x84, 0x4d, 0x3c, 0xe4, 0x43, 0x85, 0x2e, 0xbe, 0x78, 0x7c, 0x80, 0xf5, 0x7f, - 0xfe, 0x68, 0xfd, 0x17, 0x83, 0x4a, 0xd7, 0xb5, 0x1e, 0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, - 0xa2, 0x05, 0xe3, 0x42, 0x38, 0x60, 0xc2, 0x07, 0xf4, 0xe6, 0x86, 0x9b, 0x10, 0xcf, 0x8d, 0x93, - 0xf1, 0x0a, 0xeb, 0xc3, 0x54, 0x7f, 0x73, 0x6b, 0x2e, 0x0a, 0x3a, 0xe1, 0x55, 0xd7, 0x6f, 0xd6, - 0xcf, 0x0b, 0x4e, 0xe3, 0x33, 0x3d, 0x08, 0xe3, 0x9e, 0x2c, 0xd1, 0x57, 0x2d, 0x38, 0xe7, 0x3b, - 0x6d, 0x12, 0x87, 0x0e, 0xfd, 0xb4, 0x1c, 0x5c, 0xf7, 0x9c, 0xc6, 0x26, 0xeb, 0xd1, 0xe0, 0xe1, - 0x7a, 0x64, 0x8b, 0x1e, 0x9d, 0xbb, 0xd6, 0x93, 0x34, 0xde, 0x83, 0x2d, 0xfa, 0xa6, 0x05, 0xa7, - 0x82, 0x28, 0xdc, 0x70, 0x7c, 0xd2, 0x94, 0xd0, 0x78, 0x7c, 0x88, 0x2d, 0xbd, 0x8f, 0x1c, 0xed, - 0x13, 0x2d, 0x65, 0xc9, 0x2e, 0x06, 0xbe, 0x9b, 0x04, 0xd1, 0x0a, 0x49, 0x12, 0xd7, 0x6f, 0xc5, - 0xf5, 0xb3, 0x77, 0x76, 0x27, 0x4e, 0x75, 0x61, 0xe1, 0xee, 0xfe, 0xa0, 0x9f, 0x82, 0xe1, 0x78, - 0xc7, 0x6f, 0xdc, 0x74, 0xfd, 0x66, 0x70, 0x3b, 0x1e, 0xaf, 0x16, 0xb1, 0x7c, 0x57, 0x14, 0x41, - 0xb1, 0x00, 0x35, 0x03, 0x6c, 0x72, 0xcb, 0xff, 0x70, 0x7a, 0x2a, 0xd5, 0x8a, 0xfe, 0x70, 0x7a, - 0x32, 0xed, 0xc1, 0x16, 0xfd, 0x9c, 0x05, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x91, 0xab, - 0x64, 0x27, 0x1e, 0x07, 0xd6, 0x91, 0x2b, 0x47, 0x1c, 0x15, 0x83, 0x64, 0xfd, 0xac, 0xe8, 0xe3, - 0xa8, 0xd9, 0x1a, 0xe3, 0x34, 0xdf, 0xbc, 0x85, 0xa6, 0xa7, 0xf5, 0x70, 0xb1, 0x0b, 0x4d, 0x4f, - 0xea, 0x9e, 0x2c, 0xd1, 0x4f, 0xc0, 0x49, 0xde, 0xa4, 0x46, 0x36, 0x1e, 0x1f, 0x61, 0x82, 0xf6, - 0xcc, 0x9d, 0xdd, 0x89, 0x93, 0x2b, 0x19, 0x18, 0xee, 0xc2, 0x46, 0xaf, 0xc1, 0x44, 0x48, 0xa2, - 0xb6, 0x9b, 0x2c, 0xf9, 0xde, 0x8e, 0x14, 0xdf, 0x8d, 0x20, 0x24, 0x4d, 0xd1, 0x9d, 0x78, 0x7c, - 0xf4, 0xbc, 0xf5, 0x54, 0xb5, 0xfe, 0x0e, 0xd1, 0xcd, 0x89, 0xe5, 0xbd, 0xd1, 0xf1, 0x7e, 0xf4, - 0xec, 0x7f, 0x59, 0x82, 0x93, 0x59, 0xc5, 0x89, 0xfe, 0xa6, 0x05, 0x27, 0x6e, 0xdd, 0x4e, 0x56, - 0x83, 0x4d, 0xe2, 0xc7, 0xf5, 0x1d, 0x2a, 0xde, 0x98, 0xca, 0x18, 0xbe, 0xd0, 0x28, 0x56, 0x45, - 0x4f, 0x5e, 0x49, 0x73, 0xb9, 0xe8, 0x27, 0xd1, 0x4e, 0xfd, 0x61, 0xf1, 0x76, 0x27, 0xae, 0xdc, - 0x5c, 0x35, 0xa1, 0x38, 0xdb, 0xa9, 0x73, 0x9f, 0xb7, 0xe0, 0x4c, 0x1e, 0x09, 0x74, 0x12, 0xca, - 0x9b, 0x64, 0x87, 0x1b, 0x70, 0x98, 0xfe, 0x44, 0xaf, 0x40, 0x65, 0xcb, 0xf1, 0x3a, 0x44, 0x58, - 0x37, 0x73, 0x47, 0x7b, 0x11, 0xd5, 0x33, 0xcc, 0xa9, 0xbe, 0xb7, 0xf4, 0x82, 0x65, 0xff, 0x6e, - 0x19, 0x86, 0x0d, 0xfd, 0x76, 0x0f, 0x2c, 0xb6, 0x20, 0x65, 0xb1, 0x2d, 0x16, 0xa6, 0x9a, 0x7b, - 0x9a, 0x6c, 0xb7, 0x33, 0x26, 0xdb, 0x52, 0x71, 0x2c, 0xf7, 0xb4, 0xd9, 0x50, 0x02, 0xb5, 0x20, - 0xa4, 0xd6, 0x3b, 0x55, 0xfd, 0x03, 0x45, 0x7c, 0xc2, 0x25, 0x49, 0xae, 0x3e, 0x7a, 0x67, 0x77, - 0xa2, 0xa6, 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0x8e, 0x05, 0x67, 0x8c, 0x3e, 0xce, 0x04, 0x7e, 0xd3, - 0x65, 0x9f, 0xf6, 0x3c, 0x0c, 0x24, 0x3b, 0xa1, 0xdc, 0x21, 0xa8, 0x91, 0x5a, 0xdd, 0x09, 0x09, - 0x66, 0x10, 0x6a, 0xe8, 0xb7, 0x49, 0x1c, 0x3b, 0x2d, 0x92, 0xdd, 0x13, 0x2c, 0xf2, 0x66, 0x2c, - 0xe1, 0x28, 0x02, 0xe4, 0x39, 0x71, 0xb2, 0x1a, 0x39, 0x7e, 0xcc, 0xc8, 0xaf, 0xba, 0x6d, 0x22, - 0x06, 0xf8, 0xff, 0xeb, 0x6f, 0xc6, 0xd0, 0x27, 0xea, 0x0f, 0xdd, 0xd9, 0x9d, 0x40, 0x0b, 0x5d, - 0x94, 0x70, 0x0e, 0x75, 0xfb, 0xab, 0x16, 0x3c, 0x94, 0x6f, 0x8b, 0xa1, 0x27, 0x61, 0x90, 0x6f, - 0x0f, 0xc5, 0xdb, 0xe9, 0x4f, 0xc2, 0x5a, 0xb1, 0x80, 0xa2, 0x29, 0xa8, 0x29, 0x3d, 0x21, 0xde, - 0xf1, 0x94, 0x40, 0xad, 0x69, 0xe5, 0xa2, 0x71, 0xe8, 0xa0, 0xd1, 0x3f, 0xc2, 0x72, 0x53, 0x83, - 0xc6, 0xf6, 0x53, 0x0c, 0x62, 0xff, 0x07, 0x0b, 0x4e, 0x18, 0xbd, 0xba, 0x07, 0xa6, 0xb9, 0x9f, - 0x36, 0xcd, 0xe7, 0x0b, 0x9b, 0xcf, 0x3d, 0x6c, 0xf3, 0x2f, 0x5a, 0x70, 0xce, 0xc0, 0x5a, 0x74, - 0x92, 0xc6, 0xc6, 0xc5, 0xed, 0x30, 0x22, 0x31, 0xdd, 0x7a, 0xa3, 0xc7, 0x0c, 0xb9, 0x55, 0x1f, - 0x16, 0x14, 0xca, 0x57, 0xc9, 0x0e, 0x17, 0x62, 0x4f, 0x43, 0x95, 0x4f, 0xce, 0x20, 0x12, 0x23, - 0xae, 0xde, 0x6d, 0x49, 0xb4, 0x63, 0x85, 0x81, 0x6c, 0x18, 0x64, 0xc2, 0x89, 0x2e, 0x56, 0xaa, - 0x86, 0x80, 0x7e, 0xc4, 0x1b, 0xac, 0x05, 0x0b, 0x88, 0x1d, 0xa7, 0xba, 0xb3, 0x1c, 0x11, 0xf6, - 0x71, 0x9b, 0x97, 0x5c, 0xe2, 0x35, 0x63, 0xba, 0x6d, 0x70, 0x7c, 0x3f, 0x48, 0xc4, 0x0e, 0xc0, - 0xd8, 0x36, 0x4c, 0xeb, 0x66, 0x6c, 0xe2, 0x50, 0xa6, 0x9e, 0xb3, 0x46, 0x3c, 0x3e, 0xa2, 0x82, - 0xe9, 0x02, 0x6b, 0xc1, 0x02, 0x62, 0xdf, 0x29, 0xb1, 0x0d, 0x8a, 0x5a, 0xfa, 0xe4, 0x5e, 0xec, - 0x6e, 0xa3, 0x94, 0xac, 0x5c, 0x2e, 0x4e, 0x70, 0x91, 0xde, 0x3b, 0xdc, 0xd7, 0x33, 0xe2, 0x12, - 0x17, 0xca, 0x75, 0xef, 0x5d, 0xee, 0x27, 0xcb, 0x30, 0x91, 0x7e, 0xa0, 0x4b, 0xda, 0xd2, 0x2d, - 0x95, 0xc1, 0x28, 0xeb, 0xef, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x60, 0x95, 0x8e, 0x53, 0x60, - 0x99, 0xf2, 0xb4, 0xbc, 0x8f, 0x3c, 0x7d, 0x52, 0x8d, 0xfa, 0x40, 0x46, 0x80, 0xa5, 0x75, 0xca, - 0x79, 0x18, 0x88, 0x13, 0x12, 0x8e, 0x57, 0xd2, 0xf2, 0x68, 0x25, 0x21, 0x21, 0x66, 0x10, 0xf4, - 0x3e, 0x38, 0x91, 0x38, 0x51, 0x8b, 0x24, 0x11, 0xd9, 0x72, 0x99, 0x6f, 0x8c, 0xed, 0x97, 0x6a, - 0xf5, 0xd3, 0xd4, 0x3c, 0x59, 0x65, 0x20, 0x2c, 0x41, 0x38, 0x8b, 0x6b, 0xff, 0xd7, 0x12, 0x3c, - 0x9c, 0xfe, 0x04, 0x5a, 0x83, 0x7c, 0x20, 0xa5, 0x41, 0xde, 0x65, 0x6a, 0x90, 0xbb, 0xbb, 0x13, - 0x6f, 0xef, 0xf1, 0xd8, 0xf7, 0x8d, 0x82, 0x41, 0x73, 0x99, 0x8f, 0x30, 0x95, 0xfe, 0x08, 0x77, - 0x77, 0x27, 0x1e, 0xeb, 0xf1, 0x8e, 0x99, 0xaf, 0xf4, 0x24, 0x0c, 0x46, 0xc4, 0x89, 0x03, 0x5f, - 0x7c, 0x27, 0xf5, 0x35, 0x31, 0x6b, 0xc5, 0x02, 0x6a, 0xff, 0x7e, 0x2d, 0x3b, 0xd8, 0x73, 0xdc, - 0xdf, 0x17, 0x44, 0xc8, 0x85, 0x01, 0xb6, 0x2b, 0xe0, 0x92, 0xe5, 0xea, 0xd1, 0x56, 0x21, 0xd5, - 0x22, 0x8a, 0x74, 0xbd, 0x4a, 0xbf, 0x1a, 0x6d, 0xc2, 0x8c, 0x05, 0xda, 0x86, 0x6a, 0x43, 0x1a, - 0xeb, 0xa5, 0x22, 0xdc, 0x5a, 0xc2, 0x54, 0xd7, 0x1c, 0x47, 0xa8, 0xb8, 0x57, 0x16, 0xbe, 0xe2, - 0x86, 0x08, 0x94, 0x5b, 0x6e, 0x22, 0x3e, 0xeb, 0x11, 0xb7, 0x63, 0x73, 0xae, 0xf1, 0x8a, 0x43, - 0x54, 0x07, 0xcd, 0xb9, 0x09, 0xa6, 0xf4, 0xd1, 0x67, 0x2d, 0x18, 0x8e, 0x1b, 0xed, 0xe5, 0x28, - 0xd8, 0x72, 0x9b, 0x24, 0x12, 0xc6, 0xd8, 0x11, 0x25, 0xdb, 0xca, 0xcc, 0xa2, 0x24, 0xa8, 0xf9, - 0xf2, 0xed, 0xb1, 0x86, 0x60, 0x93, 0x2f, 0xdd, 0xa4, 0x3c, 0x2c, 0xde, 0x7d, 0x96, 0x34, 0xd8, - 0x8a, 0x93, 0x7b, 0x32, 0x36, 0x53, 0x8e, 0x6c, 0x9c, 0xce, 0x76, 0x1a, 0x9b, 0x74, 0xbd, 0xe9, - 0x0e, 0xbd, 0xfd, 0xce, 0xee, 0xc4, 0xc3, 0x33, 0xf9, 0x3c, 0x71, 0xaf, 0xce, 0xb0, 0x01, 0x0b, - 0x3b, 0x9e, 0x87, 0xc9, 0x6b, 0x1d, 0xc2, 0x3c, 0x2e, 0x05, 0x0c, 0xd8, 0xb2, 0x26, 0x98, 0x19, - 0x30, 0x03, 0x82, 0x4d, 0xbe, 0xe8, 0x35, 0x18, 0x6c, 0x3b, 0x49, 0xe4, 0x6e, 0x0b, 0x37, 0xcb, - 0x11, 0xb7, 0x0b, 0x8b, 0x8c, 0x96, 0x66, 0xce, 0x14, 0x3d, 0x6f, 0xc4, 0x82, 0x11, 0x6a, 0x43, - 0xa5, 0x4d, 0xa2, 0x16, 0x19, 0xaf, 0x16, 0xe1, 0x52, 0x5e, 0xa4, 0xa4, 0x34, 0xc3, 0x1a, 0x35, - 0xae, 0x58, 0x1b, 0xe6, 0x5c, 0xd0, 0x2b, 0x50, 0x8d, 0x89, 0x47, 0x1a, 0xd4, 0x3c, 0xaa, 0x31, - 0x8e, 0xef, 0xee, 0xd3, 0x54, 0xa4, 0x76, 0xc9, 0x8a, 0x78, 0x94, 0x2f, 0x30, 0xf9, 0x0f, 0x2b, - 0x92, 0x74, 0x00, 0x43, 0xaf, 0xd3, 0x72, 0xfd, 0x71, 0x28, 0x62, 0x00, 0x97, 0x19, 0xad, 0xcc, - 0x00, 0xf2, 0x46, 0x2c, 0x18, 0xd9, 0xff, 0xc9, 0x02, 0x94, 0x16, 0x6a, 0xf7, 0xc0, 0x26, 0x7e, - 0x2d, 0x6d, 0x13, 0x2f, 0x14, 0x69, 0xb4, 0xf4, 0x30, 0x8b, 0x7f, 0xa3, 0x06, 0x19, 0x75, 0x70, - 0x8d, 0xc4, 0x09, 0x69, 0xbe, 0x25, 0xc2, 0xdf, 0x12, 0xe1, 0x6f, 0x89, 0x70, 0x25, 0xc2, 0xd7, - 0x32, 0x22, 0xfc, 0xfd, 0xc6, 0xaa, 0xd7, 0xe7, 0xb7, 0xaf, 0xaa, 0x03, 0x5e, 0xb3, 0x07, 0x06, - 0x02, 0x95, 0x04, 0x57, 0x56, 0x96, 0xae, 0xe5, 0xca, 0xec, 0x57, 0xd3, 0x32, 0xfb, 0xa8, 0x2c, - 0xfe, 0x5f, 0x90, 0xd2, 0xff, 0xc2, 0x82, 0x77, 0xa4, 0xa5, 0x97, 0x9c, 0x39, 0xf3, 0x2d, 0x3f, - 0x88, 0xc8, 0xac, 0xbb, 0xbe, 0x4e, 0x22, 0xe2, 0x37, 0x48, 0xac, 0x9c, 0x20, 0x56, 0x2f, 0x27, - 0x08, 0x7a, 0x0e, 0x46, 0x6e, 0xc5, 0x81, 0xbf, 0x1c, 0xb8, 0xbe, 0x10, 0x41, 0x74, 0xc7, 0x71, - 0xf2, 0xce, 0xee, 0xc4, 0x08, 0x1d, 0x51, 0xd9, 0x8e, 0x53, 0x58, 0x68, 0x06, 0x4e, 0xdd, 0x7a, - 0x6d, 0xd9, 0x49, 0x0c, 0x6f, 0x82, 0xdc, 0xf7, 0xb3, 0xf3, 0x8e, 0x2b, 0x2f, 0x65, 0x80, 0xb8, - 0x1b, 0xdf, 0xfe, 0x6b, 0x25, 0x78, 0x24, 0xf3, 0x22, 0x81, 0xe7, 0x05, 0x9d, 0x84, 0xee, 0x89, - 0xd0, 0xd7, 0x2d, 0x38, 0xd9, 0x4e, 0x3b, 0x2c, 0x62, 0xe1, 0x17, 0xfe, 0x60, 0x61, 0x3a, 0x22, - 0xe3, 0x11, 0xa9, 0x8f, 0x8b, 0x11, 0x3a, 0x99, 0x01, 0xc4, 0xb8, 0xab, 0x2f, 0xe8, 0x15, 0xa8, - 0xb5, 0x9d, 0xed, 0xeb, 0x61, 0xd3, 0x49, 0xe4, 0x76, 0xb4, 0xb7, 0x17, 0xa1, 0x93, 0xb8, 0xde, - 0x24, 0x8f, 0x0c, 0x98, 0x9c, 0xf7, 0x93, 0xa5, 0x68, 0x25, 0x89, 0x5c, 0xbf, 0xc5, 0xbd, 0x81, - 0x8b, 0x92, 0x0c, 0xd6, 0x14, 0xed, 0xaf, 0x59, 0x59, 0x25, 0xa5, 0x46, 0x27, 0x72, 0x12, 0xd2, - 0xda, 0x41, 0x1f, 0x83, 0x0a, 0xdd, 0x37, 0xca, 0x51, 0xb9, 0x59, 0xa4, 0xe6, 0x34, 0xbe, 0x84, - 0x56, 0xa2, 0xf4, 0x5f, 0x8c, 0x39, 0x53, 0xfb, 0xeb, 0xb5, 0xac, 0xb1, 0xc0, 0xce, 0x7e, 0x2f, - 0x00, 0xb4, 0x82, 0x55, 0xd2, 0x0e, 0x3d, 0x3a, 0x2c, 0x16, 0x3b, 0x40, 0x50, 0xae, 0x92, 0x39, - 0x05, 0xc1, 0x06, 0x16, 0xfa, 0x0b, 0x16, 0x40, 0x4b, 0xce, 0x79, 0x69, 0x08, 0x5c, 0x2f, 0xf2, - 0x75, 0xf4, 0x8a, 0xd2, 0x7d, 0x51, 0x0c, 0xb1, 0xc1, 0x1c, 0xfd, 0x8c, 0x05, 0xd5, 0x44, 0x76, - 0x9f, 0xab, 0xc6, 0xd5, 0x22, 0x7b, 0x22, 0x5f, 0x5a, 0xdb, 0x44, 0x6a, 0x48, 0x14, 0x5f, 0xf4, - 0xb3, 0x16, 0x40, 0xbc, 0xe3, 0x37, 0x96, 0x03, 0xcf, 0x6d, 0xec, 0x08, 0x8d, 0x79, 0xa3, 0x50, - 0x77, 0x8e, 0xa2, 0x5e, 0x1f, 0xa3, 0xa3, 0xa1, 0xff, 0x63, 0x83, 0x33, 0xfa, 0x04, 0x54, 0x63, - 0x31, 0xdd, 0x84, 0x8e, 0x5c, 0x2d, 0xd6, 0xa9, 0xc4, 0x69, 0x0b, 0xf1, 0x2a, 0xfe, 0x61, 0xc5, - 0x13, 0xfd, 0xbc, 0x05, 0x27, 0xc2, 0xb4, 0x9b, 0x50, 0xa8, 0xc3, 0xe2, 0x64, 0x40, 0xc6, 0x0d, - 0xc9, 0xbd, 0x2d, 0x99, 0x46, 0x9c, 0xed, 0x05, 0x95, 0x80, 0x7a, 0x06, 0x2f, 0x85, 0xdc, 0x65, - 0x39, 0xa4, 0x25, 0xe0, 0x5c, 0x16, 0x88, 0xbb, 0xf1, 0xd1, 0x32, 0x9c, 0xa1, 0xbd, 0xdb, 0xe1, - 0xe6, 0xa7, 0x54, 0x2f, 0x31, 0x53, 0x86, 0xd5, 0xfa, 0xa3, 0x62, 0x86, 0xb0, 0x43, 0x81, 0x2c, - 0x0e, 0xce, 0x7d, 0x12, 0xfd, 0xae, 0x05, 0x8f, 0xba, 0x4c, 0x0d, 0x98, 0xfe, 0x76, 0xad, 0x11, - 0xc4, 0x41, 0x2e, 0x29, 0x54, 0x56, 0xf4, 0x52, 0x3f, 0xf5, 0x1f, 0x16, 0x6f, 0xf0, 0xe8, 0xfc, - 0x1e, 0x5d, 0xc2, 0x7b, 0x76, 0x18, 0xfd, 0x18, 0x8c, 0xca, 0x75, 0xb1, 0x4c, 0x45, 0x30, 0x53, - 0xb4, 0xb5, 0xfa, 0xa9, 0x3b, 0xbb, 0x13, 0xa3, 0xab, 0x26, 0x00, 0xa7, 0xf1, 0xec, 0x7f, 0x55, - 0x4e, 0x1d, 0xa7, 0x28, 0x1f, 0x26, 0x13, 0x37, 0x0d, 0xe9, 0xff, 0x91, 0xd2, 0xb3, 0x50, 0x71, - 0xa3, 0xbc, 0x4b, 0x5a, 0xdc, 0xa8, 0xa6, 0x18, 0x1b, 0xcc, 0xa9, 0x51, 0x7a, 0xca, 0xc9, 0x7a, - 0x4a, 0x85, 0x04, 0x7c, 0xa5, 0xc8, 0x2e, 0x75, 0x1f, 0x7e, 0x3d, 0x22, 0xba, 0x76, 0xaa, 0x0b, - 0x84, 0xbb, 0xbb, 0x84, 0x3e, 0x0e, 0xb5, 0x48, 0x45, 0x4e, 0x94, 0x8b, 0xd8, 0xaa, 0xc9, 0x69, - 0x23, 0xba, 0xa3, 0x4e, 0x73, 0x74, 0x8c, 0x84, 0xe6, 0x68, 0xff, 0x4e, 0xfa, 0x04, 0xc9, 0x90, - 0x1d, 0x7d, 0x9c, 0x8e, 0x7d, 0xc9, 0x82, 0xe1, 0x28, 0xf0, 0x3c, 0xd7, 0x6f, 0x51, 0x39, 0x27, - 0x94, 0xf5, 0x87, 0x8f, 0x45, 0x5f, 0x0a, 0x81, 0xc6, 0x2c, 0x6b, 0xac, 0x79, 0x62, 0xb3, 0x03, - 0xf6, 0x9f, 0x58, 0x30, 0xde, 0x4b, 0x1e, 0x23, 0x02, 0x6f, 0x97, 0xc2, 0x46, 0x0d, 0xc5, 0x92, - 0x3f, 0x4b, 0x3c, 0xa2, 0xdc, 0xe6, 0xd5, 0xfa, 0x13, 0xe2, 0x35, 0xdf, 0xbe, 0xdc, 0x1b, 0x15, - 0xef, 0x45, 0x07, 0xbd, 0x0c, 0x27, 0x8d, 0xf7, 0x8a, 0xd5, 0xc0, 0xd4, 0xea, 0x93, 0xd4, 0x00, - 0x9a, 0xce, 0xc0, 0xee, 0xee, 0x4e, 0x3c, 0x94, 0x6d, 0x13, 0x0a, 0xa3, 0x8b, 0x8e, 0xfd, 0x2b, - 0xa5, 0xec, 0xd7, 0x52, 0xba, 0xfe, 0x4d, 0xab, 0xcb, 0x9b, 0xf0, 0xc1, 0xe3, 0xd0, 0xaf, 0xcc, - 0xef, 0xa0, 0xc2, 0x4f, 0x7a, 0xe3, 0xdc, 0xc7, 0xf3, 0x6d, 0xfb, 0x5f, 0x0f, 0xc0, 0x1e, 0x3d, - 0xeb, 0xc3, 0x78, 0x3f, 0xf0, 0xa1, 0xe8, 0x17, 0x2c, 0x75, 0x60, 0xc6, 0xd7, 0x70, 0xf3, 0xb8, - 0xc6, 0x9e, 0xef, 0x9f, 0x62, 0x1e, 0x63, 0xa1, 0xbc, 0xe8, 0xe9, 0xa3, 0x39, 0xf4, 0x0d, 0x2b, - 0x7d, 0xe4, 0xc7, 0x83, 0xe6, 0xdc, 0x63, 0xeb, 0x93, 0x71, 0x8e, 0xc8, 0x3b, 0xa6, 0x4f, 0x9f, - 0x7a, 0x9d, 0x30, 0x4e, 0x02, 0xac, 0xbb, 0xbe, 0xe3, 0xb9, 0xaf, 0xd3, 0xdd, 0x51, 0x85, 0x29, - 0x78, 0x66, 0x31, 0x5d, 0x52, 0xad, 0xd8, 0xc0, 0x38, 0xf7, 0xff, 0xc3, 0xb0, 0xf1, 0xe6, 0x39, - 0xa1, 0x21, 0x67, 0xcc, 0xd0, 0x90, 0x9a, 0x11, 0xd1, 0x71, 0xee, 0xfd, 0x70, 0x32, 0xdb, 0xc1, - 0x83, 0x3c, 0x6f, 0xff, 0xcf, 0xa1, 0xec, 0x19, 0xdc, 0x2a, 0x89, 0xda, 0xb4, 0x6b, 0x6f, 0x39, - 0xb6, 0xde, 0x72, 0x6c, 0xbd, 0xe5, 0xd8, 0x32, 0xcf, 0x26, 0x84, 0xd3, 0x66, 0xe8, 0x1e, 0x39, - 0x6d, 0x52, 0x6e, 0xa8, 0x6a, 0xe1, 0x6e, 0x28, 0xfb, 0xb3, 0x5d, 0x9e, 0xfb, 0xd5, 0x88, 0x10, - 0x14, 0x40, 0xc5, 0x0f, 0x9a, 0x44, 0xda, 0xb8, 0x57, 0x8a, 0x31, 0xd8, 0xae, 0x05, 0x4d, 0x23, - 0x1c, 0x99, 0xfe, 0x8b, 0x31, 0xe7, 0x63, 0xdf, 0xa9, 0x40, 0xca, 0x9c, 0xe4, 0xdf, 0xfd, 0x9d, - 0x30, 0x14, 0x91, 0x30, 0xb8, 0x8e, 0x17, 0x84, 0x2e, 0xd3, 0x19, 0x0b, 0xbc, 0x19, 0x4b, 0x38, - 0xd5, 0x79, 0xa1, 0x93, 0x6c, 0x08, 0x65, 0xa6, 0x74, 0xde, 0xb2, 0x93, 0x6c, 0x60, 0x06, 0x41, - 0xef, 0x87, 0xb1, 0x24, 0x75, 0x14, 0x2e, 0x8e, 0x7c, 0x1f, 0x12, 0xb8, 0x63, 0xe9, 0x83, 0x72, - 0x9c, 0xc1, 0x46, 0xaf, 0xc1, 0xc0, 0x06, 0xf1, 0xda, 0xe2, 0xd3, 0xaf, 0x14, 0xa7, 0x6b, 0xd8, - 0xbb, 0x5e, 0x26, 0x5e, 0x9b, 0x4b, 0x42, 0xfa, 0x0b, 0x33, 0x56, 0x74, 0xde, 0xd7, 0x36, 0x3b, - 0x71, 0x12, 0xb4, 0xdd, 0xd7, 0xa5, 0xa7, 0xf3, 0x83, 0x05, 0x33, 0xbe, 0x2a, 0xe9, 0x73, 0x97, - 0x92, 0xfa, 0x8b, 0x35, 0x67, 0xd6, 0x8f, 0xa6, 0x1b, 0xb1, 0x29, 0xb3, 0x23, 0x1c, 0x96, 0x45, - 0xf7, 0x63, 0x56, 0xd2, 0xe7, 0xfd, 0x50, 0x7f, 0xb1, 0xe6, 0x8c, 0x76, 0xd4, 0xfa, 0x1b, 0x66, - 0x7d, 0xb8, 0x5e, 0x70, 0x1f, 0xf8, 0xda, 0xcb, 0x5d, 0x87, 0x4f, 0x40, 0xa5, 0xb1, 0xe1, 0x44, - 0xc9, 0xf8, 0x08, 0x9b, 0x34, 0x6a, 0x16, 0xcf, 0xd0, 0x46, 0xcc, 0x61, 0xe8, 0x31, 0x28, 0x47, - 0x64, 0x9d, 0x45, 0xbf, 0x1a, 0x71, 0x51, 0x98, 0xac, 0x63, 0xda, 0x6e, 0xff, 0x52, 0x29, 0x6d, - 0xb6, 0xa5, 0xdf, 0x9b, 0xcf, 0xf6, 0x46, 0x27, 0x8a, 0xa5, 0xfb, 0xcb, 0x98, 0xed, 0xac, 0x19, - 0x4b, 0x38, 0xfa, 0x94, 0x05, 0x43, 0xb7, 0xe2, 0xc0, 0xf7, 0x49, 0x22, 0x54, 0xe4, 0x8d, 0x82, - 0x87, 0xe2, 0x0a, 0xa7, 0xae, 0xfb, 0x20, 0x1a, 0xb0, 0xe4, 0x4b, 0xbb, 0x4b, 0xb6, 0x1b, 0x5e, - 0xa7, 0xd9, 0x15, 0xea, 0x72, 0x91, 0x37, 0x63, 0x09, 0xa7, 0xa8, 0xae, 0xcf, 0x51, 0x07, 0xd2, - 0xa8, 0xf3, 0xbe, 0x40, 0x15, 0x70, 0xfb, 0xaf, 0x0c, 0xc2, 0xd9, 0xdc, 0xc5, 0x41, 0x0d, 0x2a, - 0x66, 0xb2, 0x5c, 0x72, 0x3d, 0x22, 0x83, 0xbc, 0x98, 0x41, 0x75, 0x43, 0xb5, 0x62, 0x03, 0x03, - 0xfd, 0x34, 0x40, 0xe8, 0x44, 0x4e, 0x9b, 0x28, 0xf7, 0xf4, 0x91, 0xed, 0x16, 0xda, 0x8f, 0x65, - 0x49, 0x53, 0x6f, 0xd1, 0x55, 0x53, 0x8c, 0x0d, 0x96, 0xe8, 0x79, 0x18, 0x8e, 0x88, 0x47, 0x9c, - 0x98, 0x05, 0x4f, 0x67, 0x33, 0x41, 0xb0, 0x06, 0x61, 0x13, 0x0f, 0x3d, 0xa9, 0xe2, 0xe1, 0x32, - 0x71, 0x41, 0xe9, 0x98, 0x38, 0xf4, 0x86, 0x05, 0x63, 0xeb, 0xae, 0x47, 0x34, 0x77, 0x91, 0xb7, - 0xb1, 0x74, 0xf4, 0x97, 0xbc, 0x64, 0xd2, 0xd5, 0x12, 0x32, 0xd5, 0x1c, 0xe3, 0x0c, 0x7b, 0xfa, - 0x99, 0xb7, 0x48, 0xc4, 0x44, 0xeb, 0x60, 0xfa, 0x33, 0xdf, 0xe0, 0xcd, 0x58, 0xc2, 0xd1, 0x34, - 0x9c, 0x08, 0x9d, 0x38, 0x9e, 0x89, 0x48, 0x93, 0xf8, 0x89, 0xeb, 0x78, 0x3c, 0xab, 0xa2, 0xaa, - 0xa3, 0xaa, 0x97, 0xd3, 0x60, 0x9c, 0xc5, 0x47, 0x1f, 0x82, 0x87, 0xb9, 0xff, 0x67, 0xd1, 0x8d, - 0x63, 0xd7, 0x6f, 0xe9, 0x69, 0x20, 0xdc, 0x60, 0x13, 0x82, 0xd4, 0xc3, 0xf3, 0xf9, 0x68, 0xb8, - 0xd7, 0xf3, 0xe8, 0x69, 0xa8, 0xc6, 0x9b, 0x6e, 0x38, 0x13, 0x35, 0x63, 0x76, 0xf6, 0x53, 0xd5, - 0x4e, 0xd7, 0x15, 0xd1, 0x8e, 0x15, 0x06, 0x6a, 0xc0, 0x08, 0xff, 0x24, 0x3c, 0xa0, 0x4f, 0xc8, - 0xc7, 0x67, 0x7a, 0xaa, 0x69, 0x91, 0x24, 0x38, 0x89, 0x9d, 0xdb, 0x17, 0xe5, 0x49, 0x14, 0x3f, - 0x38, 0xb9, 0x61, 0x90, 0xc1, 0x29, 0xa2, 0xf6, 0x2f, 0x94, 0xd2, 0x3b, 0x7f, 0x73, 0x91, 0xa2, - 0x98, 0x2e, 0xc5, 0xe4, 0x86, 0x13, 0x49, 0x85, 0x7d, 0xc4, 0xe4, 0x0f, 0x41, 0xf7, 0x86, 0x13, - 0x99, 0x8b, 0x9a, 0x31, 0xc0, 0x92, 0x13, 0xba, 0x05, 0x03, 0x89, 0xe7, 0x14, 0x94, 0x2d, 0x66, - 0x70, 0xd4, 0x8e, 0x98, 0x85, 0xe9, 0x18, 0x33, 0x1e, 0xe8, 0x51, 0xba, 0xfb, 0x58, 0x93, 0x27, - 0x45, 0x62, 0xc3, 0xb0, 0x16, 0x63, 0xd6, 0x6a, 0xdf, 0x85, 0x1c, 0xb9, 0xaa, 0x14, 0x19, 0xba, - 0x00, 0x40, 0x37, 0xb2, 0xcb, 0x11, 0x59, 0x77, 0xb7, 0x85, 0x21, 0xa1, 0xd6, 0xee, 0x35, 0x05, - 0xc1, 0x06, 0x96, 0x7c, 0x66, 0xa5, 0xb3, 0x4e, 0x9f, 0x29, 0x75, 0x3f, 0xc3, 0x21, 0xd8, 0xc0, - 0x42, 0xcf, 0xc1, 0xa0, 0xdb, 0x76, 0x5a, 0x2a, 0x90, 0xf5, 0x51, 0xba, 0x68, 0xe7, 0x59, 0xcb, - 0xdd, 0xdd, 0x89, 0x31, 0xd5, 0x21, 0xd6, 0x84, 0x05, 0x2e, 0xfa, 0x15, 0x0b, 0x46, 0x1a, 0x41, - 0xbb, 0x1d, 0xf8, 0x7c, 0xfb, 0x27, 0xf6, 0xb2, 0xb7, 0x8e, 0x4b, 0xcd, 0x4f, 0xce, 0x18, 0xcc, - 0xf8, 0x66, 0x56, 0xa5, 0xb5, 0x99, 0x20, 0x9c, 0xea, 0x95, 0xb9, 0xb6, 0x2b, 0xfb, 0xac, 0xed, - 0x5f, 0xb7, 0xe0, 0x14, 0x7f, 0xd6, 0xd8, 0x95, 0x8a, 0x0c, 0xae, 0xe0, 0x98, 0x5f, 0xab, 0x6b, - 0xa3, 0xae, 0x9c, 0x95, 0x5d, 0x70, 0xdc, 0xdd, 0x49, 0x34, 0x07, 0xa7, 0xd6, 0x83, 0xa8, 0x41, - 0xcc, 0x81, 0x10, 0x82, 0x49, 0x11, 0xba, 0x94, 0x45, 0xc0, 0xdd, 0xcf, 0xa0, 0x1b, 0xf0, 0x90, - 0xd1, 0x68, 0x8e, 0x03, 0x97, 0x4d, 0x8f, 0x0b, 0x6a, 0x0f, 0x5d, 0xca, 0xc5, 0xc2, 0x3d, 0x9e, - 0x4e, 0x3b, 0x6e, 0x6a, 0x7d, 0x38, 0x6e, 0x5e, 0x85, 0x47, 0x1a, 0xdd, 0x23, 0xb3, 0x15, 0x77, - 0xd6, 0x62, 0x2e, 0xa9, 0xaa, 0xf5, 0x1f, 0x12, 0x04, 0x1e, 0x99, 0xe9, 0x85, 0x88, 0x7b, 0xd3, - 0x40, 0x1f, 0x83, 0x6a, 0x44, 0xd8, 0x57, 0x89, 0x45, 0x3a, 0xd3, 0x11, 0x77, 0xeb, 0xda, 0x02, - 0xe5, 0x64, 0xb5, 0xec, 0x15, 0x0d, 0x31, 0x56, 0x1c, 0xd1, 0x6d, 0x18, 0x0a, 0x9d, 0xa4, 0xb1, - 0x21, 0x92, 0x98, 0x8e, 0xec, 0x5b, 0x56, 0xcc, 0xd9, 0x51, 0x80, 0x91, 0xf6, 0xcc, 0x99, 0x60, - 0xc9, 0x8d, 0x5a, 0x23, 0x8d, 0xa0, 0x1d, 0x06, 0x3e, 0xf1, 0x93, 0x78, 0x7c, 0x54, 0x5b, 0x23, - 0x33, 0xaa, 0x15, 0x1b, 0x18, 0x68, 0x19, 0xce, 0x30, 0xdf, 0xd5, 0x4d, 0x37, 0xd9, 0x08, 0x3a, - 0x89, 0xdc, 0x8a, 0x8d, 0x8f, 0xa5, 0x4f, 0x6c, 0x16, 0x72, 0x70, 0x70, 0xee, 0x93, 0xe7, 0x3e, - 0x00, 0xa7, 0xba, 0x96, 0xf2, 0x81, 0xdc, 0x46, 0xb3, 0xf0, 0x50, 0xfe, 0xa2, 0x39, 0x90, 0xf3, - 0xe8, 0x1f, 0x64, 0xa2, 0x87, 0x0d, 0x43, 0xba, 0x0f, 0x47, 0xa4, 0x03, 0x65, 0xe2, 0x6f, 0x09, - 0x1d, 0x72, 0xe9, 0x68, 0xdf, 0xee, 0xa2, 0xbf, 0xc5, 0xd7, 0x3c, 0xf3, 0xb6, 0x5c, 0xf4, 0xb7, - 0x30, 0xa5, 0x8d, 0xbe, 0x62, 0xa5, 0x0c, 0x41, 0xee, 0xbe, 0xfc, 0xc8, 0xb1, 0xec, 0x1c, 0xfa, - 0xb6, 0x0d, 0xed, 0x7f, 0x53, 0x82, 0xf3, 0xfb, 0x11, 0xe9, 0x63, 0xf8, 0x9e, 0x80, 0xc1, 0x98, - 0xc5, 0x03, 0x08, 0xa1, 0x3c, 0x4c, 0xe7, 0x2a, 0x8f, 0x10, 0x78, 0x15, 0x0b, 0x10, 0xf2, 0xa0, - 0xdc, 0x76, 0x42, 0xe1, 0xd5, 0x9a, 0x3f, 0x6a, 0x3a, 0x12, 0xfd, 0xef, 0x78, 0x8b, 0x4e, 0xc8, - 0x7d, 0x25, 0x46, 0x03, 0xa6, 0x6c, 0x50, 0x02, 0x15, 0x27, 0x8a, 0x1c, 0x79, 0xf8, 0x7c, 0xb5, - 0x18, 0x7e, 0xd3, 0x94, 0x24, 0x3f, 0xbb, 0x4b, 0x35, 0x61, 0xce, 0xcc, 0xfe, 0xc2, 0x50, 0x2a, - 0x25, 0x87, 0x45, 0x14, 0xc4, 0x30, 0x28, 0x9c, 0x59, 0x56, 0xd1, 0x59, 0x60, 0x3c, 0xa7, 0x92, - 0xed, 0x13, 0x45, 0x66, 0xba, 0x60, 0x85, 0x3e, 0x6f, 0xb1, 0xfc, 0x6f, 0x99, 0xa6, 0x24, 0x76, - 0x67, 0xc7, 0x93, 0x8e, 0x6e, 0x66, 0x95, 0xcb, 0x46, 0x6c, 0x72, 0x17, 0x75, 0x1c, 0x98, 0x55, - 0xda, 0x5d, 0xc7, 0x81, 0x59, 0x99, 0x12, 0x8e, 0xb6, 0x73, 0x22, 0x07, 0x0a, 0xc8, 0x21, 0xee, - 0x23, 0x56, 0xe0, 0x1b, 0x16, 0x9c, 0x72, 0xb3, 0x47, 0xc0, 0x62, 0x2f, 0x73, 0xb3, 0x18, 0xcf, - 0x53, 0xf7, 0x09, 0xb3, 0x52, 0xe7, 0x5d, 0x20, 0xdc, 0xdd, 0x19, 0xd4, 0x84, 0x01, 0xd7, 0x5f, - 0x0f, 0x84, 0x11, 0x53, 0x3f, 0x5a, 0xa7, 0xe6, 0xfd, 0xf5, 0x40, 0xaf, 0x66, 0xfa, 0x0f, 0x33, - 0xea, 0x68, 0x01, 0xce, 0xc8, 0xac, 0x8c, 0xcb, 0x6e, 0x9c, 0x04, 0xd1, 0xce, 0x82, 0xdb, 0x76, - 0x13, 0x66, 0x80, 0x94, 0xeb, 0xe3, 0x54, 0x3f, 0xe0, 0x1c, 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x0e, - 0x43, 0xf2, 0xd8, 0xb5, 0x5a, 0xc4, 0xbe, 0xb0, 0x7b, 0xfe, 0xab, 0xc9, 0xb4, 0x22, 0xce, 0x5d, - 0x25, 0x43, 0xfb, 0x8d, 0x61, 0xe8, 0x3e, 0x1d, 0x4e, 0x1f, 0x05, 0x5b, 0xf7, 0xfa, 0x28, 0x98, - 0x6e, 0x58, 0x62, 0x7d, 0x8a, 0x5b, 0xc0, 0xdc, 0x16, 0x5c, 0xf5, 0x09, 0xdd, 0x8e, 0xdf, 0xc0, - 0x8c, 0x07, 0x8a, 0x60, 0x70, 0x83, 0x38, 0x5e, 0xb2, 0x51, 0xcc, 0x61, 0xc2, 0x65, 0x46, 0x2b, - 0x9b, 0x4a, 0xc5, 0x5b, 0xb1, 0xe0, 0x84, 0xb6, 0x61, 0x68, 0x83, 0x4f, 0x00, 0xb1, 0x87, 0x58, - 0x3c, 0xea, 0xe0, 0xa6, 0x66, 0x95, 0xfe, 0xdc, 0xa2, 0x01, 0x4b, 0x76, 0x2c, 0xec, 0xc8, 0x08, - 0x8c, 0xe0, 0x4b, 0xb7, 0xb8, 0x2c, 0xb2, 0xfe, 0xa3, 0x22, 0x3e, 0x0a, 0x23, 0x11, 0x69, 0x04, - 0x7e, 0xc3, 0xf5, 0x48, 0x73, 0x5a, 0x1e, 0x14, 0x1c, 0x24, 0x79, 0x88, 0xed, 0xc3, 0xb1, 0x41, - 0x03, 0xa7, 0x28, 0xa2, 0xcf, 0x59, 0x30, 0xa6, 0x32, 0x6f, 0xe9, 0x07, 0x21, 0xc2, 0x21, 0xbc, - 0x50, 0x50, 0x9e, 0x2f, 0xa3, 0x59, 0x47, 0x77, 0x76, 0x27, 0xc6, 0xd2, 0x6d, 0x38, 0xc3, 0x17, - 0xbd, 0x0c, 0x10, 0xac, 0xf1, 0xd8, 0xa2, 0xe9, 0x44, 0x78, 0x87, 0x0f, 0xf2, 0xaa, 0x63, 0x3c, - 0x09, 0x51, 0x52, 0xc0, 0x06, 0x35, 0x74, 0x15, 0x80, 0x2f, 0x9b, 0xd5, 0x9d, 0x50, 0x6e, 0x34, - 0x64, 0xf6, 0x17, 0xac, 0x28, 0xc8, 0xdd, 0xdd, 0x89, 0x6e, 0x6f, 0x1d, 0x0b, 0xa0, 0x30, 0x1e, - 0x47, 0x3f, 0x05, 0x43, 0x71, 0xa7, 0xdd, 0x76, 0x94, 0xef, 0xb8, 0xc0, 0xb4, 0x46, 0x4e, 0xd7, - 0x10, 0x45, 0xbc, 0x01, 0x4b, 0x8e, 0xe8, 0x16, 0x15, 0xaa, 0xb1, 0x70, 0x23, 0xb2, 0x55, 0xc4, - 0x6d, 0x82, 0x61, 0xf6, 0x4e, 0xef, 0x91, 0x86, 0x37, 0xce, 0xc1, 0xb9, 0xbb, 0x3b, 0xf1, 0x50, - 0xba, 0x7d, 0x21, 0x10, 0x89, 0x86, 0xb9, 0x34, 0xd1, 0x15, 0x59, 0xbf, 0x86, 0xbe, 0xb6, 0x2c, - 0xab, 0xf0, 0x94, 0xae, 0x5f, 0xc3, 0x9a, 0x7b, 0x8f, 0x99, 0xf9, 0x30, 0x5a, 0x84, 0xd3, 0x8d, - 0xc0, 0x4f, 0xa2, 0xc0, 0xf3, 0x78, 0xfd, 0x26, 0xbe, 0xe7, 0xe3, 0xbe, 0xe5, 0xb7, 0x8b, 0x6e, - 0x9f, 0x9e, 0xe9, 0x46, 0xc1, 0x79, 0xcf, 0xd9, 0x7e, 0xfa, 0x9c, 0x47, 0x0c, 0xce, 0x73, 0x30, - 0x42, 0xb6, 0x13, 0x12, 0xf9, 0x8e, 0x77, 0x1d, 0x2f, 0x48, 0xaf, 0x2a, 0x5b, 0x03, 0x17, 0x8d, - 0x76, 0x9c, 0xc2, 0x42, 0xb6, 0x72, 0x74, 0x18, 0xc9, 0xb3, 0xdc, 0xd1, 0x21, 0xdd, 0x1a, 0xf6, - 0xff, 0x2a, 0xa5, 0x0c, 0xb2, 0xfb, 0x72, 0xaa, 0xc4, 0xaa, 0x80, 0xc8, 0x72, 0x29, 0x0c, 0x20, - 0x36, 0x1a, 0x45, 0x72, 0x56, 0x55, 0x40, 0x96, 0x4c, 0x46, 0x38, 0xcd, 0x17, 0x6d, 0x42, 0x65, - 0x23, 0x88, 0x13, 0xb9, 0xfd, 0x38, 0xe2, 0x4e, 0xe7, 0x72, 0x10, 0x27, 0xcc, 0x8a, 0x50, 0xaf, - 0x4d, 0x5b, 0x62, 0xcc, 0x79, 0xd8, 0xff, 0xd9, 0x4a, 0xf9, 0xd0, 0x6f, 0xb2, 0x00, 0xe4, 0x2d, - 0xe2, 0xd3, 0x65, 0x6d, 0x86, 0x3c, 0xfd, 0x58, 0x26, 0x9d, 0xf3, 0x1d, 0xbd, 0xca, 0x93, 0xdd, - 0xa6, 0x14, 0x26, 0x19, 0x09, 0x23, 0x3a, 0xea, 0x93, 0x56, 0x3a, 0x2f, 0xb7, 0x54, 0xc4, 0x06, - 0xc3, 0xcc, 0x4d, 0xdf, 0x37, 0xc5, 0xd7, 0xfe, 0x8a, 0x05, 0x43, 0x75, 0xa7, 0xb1, 0x19, 0xac, - 0xaf, 0xa3, 0xa7, 0xa1, 0xda, 0xec, 0x44, 0x66, 0x8a, 0xb0, 0x72, 0x1c, 0xcc, 0x8a, 0x76, 0xac, - 0x30, 0xe8, 0x1c, 0x5e, 0x77, 0x1a, 0x32, 0x43, 0xbd, 0xcc, 0xe7, 0xf0, 0x25, 0xd6, 0x82, 0x05, - 0x04, 0x3d, 0x0f, 0xc3, 0x6d, 0x67, 0x5b, 0x3e, 0x9c, 0x75, 0xe0, 0x2f, 0x6a, 0x10, 0x36, 0xf1, - 0xec, 0x7f, 0x6e, 0xc1, 0x78, 0xdd, 0x89, 0xdd, 0xc6, 0x74, 0x27, 0xd9, 0xa8, 0xbb, 0xc9, 0x5a, - 0xa7, 0xb1, 0x49, 0x12, 0x5e, 0x96, 0x80, 0xf6, 0xb2, 0x13, 0xd3, 0xa5, 0xa4, 0xf6, 0x75, 0xaa, - 0x97, 0xd7, 0x45, 0x3b, 0x56, 0x18, 0xe8, 0x75, 0x18, 0x0e, 0x9d, 0x38, 0xbe, 0x1d, 0x44, 0x4d, - 0x4c, 0xd6, 0x8b, 0x29, 0x0a, 0xb2, 0x42, 0x1a, 0x11, 0x49, 0x30, 0x59, 0x17, 0x87, 0xdd, 0x9a, - 0x3e, 0x36, 0x99, 0xd9, 0x5f, 0xb2, 0xe0, 0x91, 0x3a, 0x71, 0x22, 0x12, 0xb1, 0x1a, 0x22, 0xea, - 0x45, 0x66, 0xbc, 0xa0, 0xd3, 0x44, 0xaf, 0x41, 0x35, 0xa1, 0xcd, 0xb4, 0x5b, 0x56, 0xb1, 0xdd, - 0x62, 0x67, 0xd5, 0xab, 0x82, 0x38, 0x56, 0x6c, 0xec, 0xbf, 0x6a, 0xc1, 0x08, 0x3b, 0x6e, 0x9b, - 0x25, 0x89, 0xe3, 0x7a, 0x5d, 0xa5, 0xb6, 0xac, 0x3e, 0x4b, 0x6d, 0x9d, 0x87, 0x81, 0x8d, 0xa0, - 0x4d, 0xb2, 0x47, 0xc5, 0x97, 0x03, 0xba, 0xad, 0xa6, 0x10, 0xf4, 0x2c, 0xfd, 0xf0, 0xae, 0x9f, - 0x38, 0x74, 0x09, 0x48, 0x77, 0xee, 0x09, 0xfe, 0xd1, 0x55, 0x33, 0x36, 0x71, 0xec, 0x7f, 0x56, - 0x83, 0x21, 0x11, 0xd7, 0xd0, 0x77, 0x69, 0x0a, 0xb9, 0xbf, 0x2f, 0xf5, 0xdc, 0xdf, 0xc7, 0x30, - 0xd8, 0x60, 0x35, 0xff, 0x84, 0x19, 0x79, 0xb5, 0x90, 0x40, 0x18, 0x5e, 0x46, 0x50, 0x77, 0x8b, - 0xff, 0xc7, 0x82, 0x15, 0xfa, 0xb2, 0x05, 0x27, 0x1a, 0x81, 0xef, 0x93, 0x86, 0xb6, 0x71, 0x06, - 0x8a, 0x88, 0x77, 0x98, 0x49, 0x13, 0xd5, 0x67, 0x3d, 0x19, 0x00, 0xce, 0xb2, 0x47, 0x2f, 0xc2, - 0x28, 0x1f, 0xb3, 0x1b, 0x29, 0x1f, 0xb4, 0xae, 0xc0, 0x64, 0x02, 0x71, 0x1a, 0x17, 0x4d, 0x72, - 0x5f, 0xbe, 0xa8, 0x75, 0x34, 0xa8, 0x5d, 0x75, 0x46, 0x95, 0x23, 0x03, 0x03, 0x45, 0x80, 0x22, - 0xb2, 0x1e, 0x91, 0x78, 0x43, 0xc4, 0x7d, 0x30, 0xfb, 0x6a, 0xe8, 0x70, 0x79, 0xe8, 0xb8, 0x8b, - 0x12, 0xce, 0xa1, 0x8e, 0x36, 0xc5, 0x06, 0xb3, 0x5a, 0x84, 0x0c, 0x15, 0x9f, 0xb9, 0xe7, 0x3e, - 0x73, 0x02, 0x2a, 0xf1, 0x86, 0x13, 0x35, 0x99, 0x5d, 0x57, 0xe6, 0xb9, 0x4f, 0x2b, 0xb4, 0x01, - 0xf3, 0x76, 0x34, 0x0b, 0x27, 0x33, 0xf5, 0xa3, 0x62, 0xe1, 0x2b, 0x56, 0x79, 0x2e, 0x99, 0xca, - 0x53, 0x31, 0xee, 0x7a, 0xc2, 0x74, 0x3e, 0x0c, 0xef, 0xe3, 0x7c, 0xd8, 0x51, 0xd1, 0x85, 0xdc, - 0x8b, 0xfb, 0x52, 0x21, 0x03, 0xd0, 0x57, 0x28, 0xe1, 0x17, 0x33, 0xa1, 0x84, 0xa3, 0xac, 0x03, - 0x37, 0x8a, 0xe9, 0xc0, 0xc1, 0xe3, 0x06, 0xef, 0x67, 0x1c, 0xe0, 0x9f, 0x5b, 0x20, 0xbf, 0xeb, - 0x8c, 0xd3, 0xd8, 0x20, 0x74, 0xca, 0xa0, 0xf7, 0xc3, 0x98, 0xda, 0x42, 0xcf, 0x04, 0x1d, 0x9f, - 0x87, 0x00, 0x96, 0xf5, 0xa1, 0x30, 0x4e, 0x41, 0x71, 0x06, 0x1b, 0x4d, 0x41, 0x8d, 0x8e, 0x13, - 0x7f, 0x94, 0xeb, 0x5a, 0xb5, 0x4d, 0x9f, 0x5e, 0x9e, 0x17, 0x4f, 0x69, 0x1c, 0x14, 0xc0, 0x29, - 0xcf, 0x89, 0x13, 0xd6, 0x03, 0xba, 0xa3, 0x3e, 0x64, 0x15, 0x08, 0x96, 0x4c, 0xb1, 0x90, 0x25, - 0x84, 0xbb, 0x69, 0xdb, 0xdf, 0x19, 0x80, 0xd1, 0x94, 0x64, 0x3c, 0xa0, 0x92, 0x7e, 0x1a, 0xaa, - 0x52, 0x6f, 0x66, 0xcb, 0xdd, 0x28, 0xe5, 0xaa, 0x30, 0xa8, 0xd2, 0x5a, 0xd3, 0x5a, 0x35, 0x6b, - 0x54, 0x18, 0x0a, 0x17, 0x9b, 0x78, 0x4c, 0x28, 0x27, 0x5e, 0x3c, 0xe3, 0xb9, 0xc4, 0x4f, 0x78, - 0x37, 0x8b, 0x11, 0xca, 0xab, 0x0b, 0x2b, 0x26, 0x51, 0x2d, 0x94, 0x33, 0x00, 0x9c, 0x65, 0x8f, - 0x3e, 0x63, 0xc1, 0xa8, 0x73, 0x3b, 0xd6, 0x85, 0x69, 0x45, 0xd0, 0xe0, 0x11, 0x95, 0x54, 0xaa, - 0xd6, 0x2d, 0x77, 0xf9, 0xa6, 0x9a, 0x70, 0x9a, 0x29, 0x7a, 0xd3, 0x02, 0x44, 0xb6, 0x49, 0x43, - 0x86, 0x35, 0x8a, 0xbe, 0x0c, 0x16, 0xb1, 0xd3, 0xbc, 0xd8, 0x45, 0x97, 0x4b, 0xf5, 0xee, 0x76, - 0x9c, 0xd3, 0x07, 0xfb, 0x1f, 0x97, 0xd5, 0x82, 0xd2, 0x91, 0xb4, 0x8e, 0x11, 0xd1, 0x67, 0x1d, - 0x3e, 0xa2, 0x4f, 0x47, 0x24, 0x74, 0x27, 0x97, 0xa6, 0x72, 0xd1, 0x4a, 0xf7, 0x29, 0x17, 0xed, - 0x67, 0xac, 0x54, 0x61, 0xa7, 0xe1, 0x0b, 0x2f, 0x17, 0x1b, 0xc5, 0x3b, 0xc9, 0xa3, 0x25, 0x32, - 0xd2, 0x3d, 0x1d, 0x24, 0x43, 0xa5, 0xa9, 0x81, 0x76, 0x20, 0x69, 0xf8, 0xef, 0xca, 0x30, 0x6c, - 0x68, 0xd2, 0x5c, 0xb3, 0xc8, 0x7a, 0xc0, 0xcc, 0xa2, 0xd2, 0x01, 0xcc, 0xa2, 0x9f, 0x86, 0x5a, - 0x43, 0x4a, 0xf9, 0x62, 0x4a, 0x1b, 0x67, 0x75, 0x87, 0x16, 0xf4, 0xaa, 0x09, 0x6b, 0x9e, 0x68, - 0x2e, 0x95, 0xc1, 0x24, 0x34, 0xc4, 0x00, 0xd3, 0x10, 0x79, 0x29, 0x46, 0x42, 0x53, 0x74, 0x3f, - 0xc3, 0xea, 0x7f, 0x85, 0xae, 0x78, 0x2f, 0x19, 0x6b, 0xcf, 0xeb, 0x7f, 0x2d, 0xcf, 0xcb, 0x66, - 0x6c, 0xe2, 0xd8, 0xdf, 0xb1, 0xd4, 0xc7, 0xbd, 0x07, 0xa5, 0x2a, 0x6e, 0xa5, 0x4b, 0x55, 0x5c, - 0x2c, 0x64, 0x98, 0x7b, 0xd4, 0xa8, 0xb8, 0x06, 0x43, 0x33, 0x41, 0xbb, 0xed, 0xf8, 0x4d, 0xf4, - 0x23, 0x30, 0xd4, 0xe0, 0x3f, 0x85, 0x63, 0x87, 0x1d, 0x0f, 0x0a, 0x28, 0x96, 0x30, 0xf4, 0x28, - 0x0c, 0x38, 0x51, 0x4b, 0x3a, 0x73, 0x58, 0x70, 0xcd, 0x74, 0xd4, 0x8a, 0x31, 0x6b, 0xb5, 0xff, - 0xfe, 0x00, 0xb0, 0x33, 0x6d, 0x27, 0x22, 0xcd, 0xd5, 0x80, 0x95, 0x56, 0x3c, 0xd6, 0x43, 0x35, - 0xbd, 0x59, 0x7a, 0x90, 0x0f, 0xd6, 0x8c, 0xc3, 0x95, 0xf2, 0x3d, 0x3e, 0x5c, 0xe9, 0x71, 0x5e, - 0x36, 0xf0, 0x00, 0x9d, 0x97, 0xd9, 0x5f, 0xb0, 0x00, 0xa9, 0x40, 0x08, 0x7d, 0xa0, 0x3d, 0x05, - 0x35, 0x15, 0x12, 0x21, 0x0c, 0x2b, 0x2d, 0x22, 0x24, 0x00, 0x6b, 0x9c, 0x3e, 0x76, 0xc8, 0x4f, - 0x48, 0xf9, 0x5d, 0x4e, 0xc7, 0xe5, 0x32, 0xa9, 0x2f, 0xc4, 0xb9, 0xfd, 0x5b, 0x25, 0x78, 0x88, - 0xab, 0xe4, 0x45, 0xc7, 0x77, 0x5a, 0xa4, 0x4d, 0x7b, 0xd5, 0x6f, 0x88, 0x42, 0x83, 0x6e, 0xcd, - 0x5c, 0x19, 0x67, 0x7b, 0xd4, 0xb5, 0xcb, 0xd7, 0x1c, 0x5f, 0x65, 0xf3, 0xbe, 0x9b, 0x60, 0x46, - 0x1c, 0xc5, 0x50, 0x95, 0x75, 0xff, 0x85, 0x2c, 0x2e, 0x88, 0x91, 0x12, 0x4b, 0x42, 0x6f, 0x12, - 0xac, 0x18, 0x51, 0xc3, 0xd5, 0x0b, 0x1a, 0x9b, 0x98, 0x84, 0x01, 0x93, 0xbb, 0x46, 0x98, 0xe3, - 0x82, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0x2d, 0x0b, 0xb2, 0x1a, 0xc9, 0xa8, 0x61, 0x67, 0xed, 0x59, - 0xc3, 0xee, 0x00, 0x55, 0xe0, 0x7e, 0x12, 0x86, 0x9d, 0x84, 0x1a, 0x11, 0x7c, 0xdb, 0x5d, 0x3e, - 0xdc, 0xb1, 0xc6, 0x62, 0xd0, 0x74, 0xd7, 0x5d, 0xb6, 0xdd, 0x36, 0xc9, 0xd9, 0xff, 0x7d, 0x00, - 0x4e, 0x75, 0x65, 0xa5, 0xa0, 0x17, 0x60, 0xa4, 0x21, 0xa6, 0x47, 0x28, 0x1d, 0x5a, 0x35, 0x33, - 0x2c, 0x4e, 0xc3, 0x70, 0x0a, 0xb3, 0x8f, 0x09, 0x3a, 0x0f, 0xa7, 0x23, 0xba, 0xd1, 0xef, 0x90, - 0xe9, 0xf5, 0x84, 0x44, 0x2b, 0xa4, 0x11, 0xf8, 0x4d, 0x5e, 0x69, 0xb1, 0x5c, 0x7f, 0xf8, 0xce, - 0xee, 0xc4, 0x69, 0xdc, 0x0d, 0xc6, 0x79, 0xcf, 0xa0, 0x10, 0x46, 0x3d, 0xd3, 0x06, 0x14, 0x1b, - 0x80, 0x43, 0x99, 0x8f, 0xca, 0x46, 0x48, 0x35, 0xe3, 0x34, 0x83, 0xb4, 0x21, 0x59, 0xb9, 0x4f, - 0x86, 0xe4, 0xa7, 0xb5, 0x21, 0xc9, 0xcf, 0xdf, 0x3f, 0x5c, 0x70, 0x56, 0xd2, 0x71, 0x5b, 0x92, - 0x2f, 0x41, 0x55, 0xc6, 0x26, 0xf5, 0x15, 0xd3, 0x63, 0xd2, 0xe9, 0x21, 0xd1, 0x9e, 0x84, 0x1f, - 0xbe, 0x18, 0x45, 0xc6, 0x60, 0x5e, 0x0b, 0x92, 0x69, 0xcf, 0x0b, 0x6e, 0x53, 0x25, 0x7d, 0x3d, - 0x26, 0xc2, 0xc3, 0x62, 0xdf, 0x2d, 0x41, 0xce, 0x66, 0x85, 0xae, 0x47, 0x6d, 0x19, 0xa4, 0xd6, - 0xe3, 0xc1, 0xac, 0x03, 0xb4, 0xcd, 0xe3, 0xb7, 0xb8, 0x0e, 0xfc, 0x50, 0xd1, 0x9b, 0x2d, 0x1d, - 0xd2, 0xa5, 0x92, 0x29, 0x54, 0x58, 0xd7, 0x05, 0x00, 0x6d, 0xd0, 0x89, 0x50, 0x79, 0x75, 0x3c, - 0xac, 0xed, 0x3e, 0x6c, 0x60, 0xd1, 0xbd, 0xb7, 0xeb, 0xc7, 0x89, 0xe3, 0x79, 0x97, 0x5d, 0x3f, - 0x11, 0x4e, 0x44, 0xa5, 0xec, 0xe7, 0x35, 0x08, 0x9b, 0x78, 0xe7, 0xde, 0x63, 0x7c, 0xbf, 0x83, - 0x7c, 0xf7, 0x0d, 0x78, 0x64, 0xce, 0x4d, 0x54, 0x82, 0x87, 0x9a, 0x6f, 0xd4, 0x5e, 0x53, 0x09, - 0x4b, 0x56, 0xcf, 0x84, 0x25, 0x23, 0xc1, 0xa2, 0x94, 0xce, 0x07, 0xc9, 0x26, 0x58, 0xd8, 0x2f, - 0xc0, 0x99, 0x39, 0x37, 0xb9, 0xe4, 0x7a, 0xe4, 0x80, 0x4c, 0xec, 0xdf, 0x1c, 0x84, 0x11, 0x33, - 0x55, 0xf1, 0x20, 0x39, 0x57, 0x5f, 0xa2, 0x26, 0x99, 0x78, 0x3b, 0x57, 0x1d, 0xae, 0xdd, 0x3c, - 0x72, 0xde, 0x64, 0xfe, 0x88, 0x19, 0x56, 0x99, 0xe6, 0x89, 0xcd, 0x0e, 0xa0, 0xdb, 0x50, 0x59, - 0x67, 0x09, 0x00, 0xe5, 0x22, 0x22, 0x10, 0xf2, 0x46, 0x54, 0x2f, 0x47, 0x9e, 0x42, 0xc0, 0xf9, - 0x51, 0x4d, 0x1a, 0xa5, 0xb3, 0xca, 0x8c, 0xa0, 0x55, 0x91, 0x4f, 0xa6, 0x30, 0x7a, 0xa9, 0x84, - 0xca, 0x21, 0x54, 0x42, 0x4a, 0x40, 0x0f, 0xde, 0x27, 0x01, 0xcd, 0x92, 0x39, 0x92, 0x0d, 0x66, - 0xe7, 0x89, 0x28, 0xfb, 0x21, 0x36, 0x08, 0x46, 0x32, 0x47, 0x0a, 0x8c, 0xb3, 0xf8, 0xe8, 0x13, - 0x4a, 0xc4, 0x57, 0x8b, 0xf0, 0xbf, 0x9a, 0x33, 0xfa, 0xb8, 0xa5, 0xfb, 0x17, 0x4a, 0x30, 0x36, - 0xe7, 0x77, 0x96, 0xe7, 0x96, 0x3b, 0x6b, 0x9e, 0xdb, 0xb8, 0x4a, 0x76, 0xa8, 0x08, 0xdf, 0x24, - 0x3b, 0xf3, 0xb3, 0x62, 0x05, 0xa9, 0x39, 0x73, 0x95, 0x36, 0x62, 0x0e, 0xa3, 0xc2, 0x68, 0xdd, - 0xf5, 0x5b, 0x24, 0x0a, 0x23, 0x57, 0xb8, 0x46, 0x0d, 0x61, 0x74, 0x49, 0x83, 0xb0, 0x89, 0x47, - 0x69, 0x07, 0xb7, 0x7d, 0x12, 0x65, 0x0d, 0xde, 0x25, 0xda, 0x88, 0x39, 0x8c, 0x22, 0x25, 0x51, - 0x27, 0x4e, 0xc4, 0x64, 0x54, 0x48, 0xab, 0xb4, 0x11, 0x73, 0x18, 0x5d, 0xe9, 0x71, 0x67, 0x8d, - 0x05, 0x78, 0x64, 0x42, 0xfa, 0x57, 0x78, 0x33, 0x96, 0x70, 0x8a, 0xba, 0x49, 0x76, 0x66, 0xe9, - 0xee, 0x38, 0x93, 0xd9, 0x73, 0x95, 0x37, 0x63, 0x09, 0x67, 0xb5, 0x20, 0xd3, 0xc3, 0xf1, 0x7d, - 0x57, 0x0b, 0x32, 0xdd, 0xfd, 0x1e, 0xfb, 0xec, 0x5f, 0xb6, 0x60, 0xc4, 0x0c, 0xcb, 0x42, 0xad, - 0x8c, 0x2d, 0xbc, 0xd4, 0x55, 0x4a, 0xf8, 0x7d, 0x79, 0xd7, 0xb8, 0xb5, 0xdc, 0x24, 0x08, 0xe3, - 0x67, 0x88, 0xdf, 0x72, 0x7d, 0xc2, 0x4e, 0xdb, 0x79, 0x38, 0x57, 0x2a, 0xe6, 0x6b, 0x26, 0x68, - 0x92, 0x43, 0x18, 0xd3, 0xf6, 0x4d, 0x38, 0xd5, 0x95, 0xce, 0xd5, 0x87, 0x09, 0xb2, 0x6f, 0x32, - 0xad, 0x8d, 0x61, 0x98, 0x12, 0x96, 0xf5, 0x88, 0x66, 0xe0, 0x14, 0x5f, 0x48, 0x94, 0xd3, 0x4a, - 0x63, 0x83, 0xb4, 0x55, 0x8a, 0x1e, 0xf3, 0xc3, 0xdf, 0xc8, 0x02, 0x71, 0x37, 0xbe, 0xfd, 0x45, - 0x0b, 0x46, 0x53, 0x19, 0x76, 0x05, 0x19, 0x4b, 0x6c, 0xa5, 0x05, 0x2c, 0x4a, 0x90, 0x85, 0x4a, - 0x97, 0x99, 0x32, 0xd5, 0x2b, 0x4d, 0x83, 0xb0, 0x89, 0x67, 0x7f, 0xa5, 0x04, 0x55, 0x19, 0x69, - 0xd1, 0x47, 0x57, 0x3e, 0x6f, 0xc1, 0xa8, 0x3a, 0xfb, 0x60, 0x4e, 0xb5, 0x52, 0x11, 0xe9, 0x10, - 0xb4, 0x07, 0x6a, 0x5b, 0xee, 0xaf, 0x07, 0xda, 0x72, 0xc7, 0x26, 0x33, 0x9c, 0xe6, 0x8d, 0x6e, - 0x00, 0xc4, 0x3b, 0x71, 0x42, 0xda, 0x86, 0x7b, 0xcf, 0x36, 0x56, 0xdc, 0x64, 0x23, 0x88, 0x08, - 0x5d, 0x5f, 0xd7, 0x82, 0x26, 0x59, 0x51, 0x98, 0xda, 0x84, 0xd2, 0x6d, 0xd8, 0xa0, 0x64, 0xff, - 0xdd, 0x12, 0x9c, 0xcc, 0x76, 0x09, 0x7d, 0x18, 0x46, 0x24, 0x77, 0xe3, 0x46, 0x3a, 0x19, 0x5e, - 0x32, 0x82, 0x0d, 0xd8, 0xdd, 0xdd, 0x89, 0x89, 0xee, 0x2b, 0x01, 0x27, 0x4d, 0x14, 0x9c, 0x22, - 0xc6, 0x0f, 0xa0, 0xc4, 0x49, 0x69, 0x7d, 0x67, 0x3a, 0x0c, 0xc5, 0x29, 0x92, 0x71, 0x00, 0x65, - 0x42, 0x71, 0x06, 0x1b, 0x2d, 0xc3, 0x19, 0xa3, 0xe5, 0x1a, 0x71, 0x5b, 0x1b, 0x6b, 0x41, 0x24, - 0x77, 0x60, 0x8f, 0xea, 0x00, 0xb0, 0x6e, 0x1c, 0x9c, 0xfb, 0x24, 0xd5, 0xf6, 0x0d, 0x27, 0x74, - 0x1a, 0x6e, 0xb2, 0x23, 0xfc, 0x95, 0x4a, 0x36, 0xcd, 0x88, 0x76, 0xac, 0x30, 0xec, 0x45, 0x18, - 0xe8, 0x73, 0x06, 0xf5, 0x65, 0xf9, 0xbf, 0x04, 0x55, 0x4a, 0x4e, 0x9a, 0x77, 0x45, 0x90, 0x0c, - 0xa0, 0x2a, 0x6f, 0x8a, 0x41, 0x36, 0x94, 0x5d, 0x47, 0x9e, 0xf1, 0xa9, 0xd7, 0x9a, 0x8f, 0xe3, - 0x0e, 0xdb, 0x4c, 0x53, 0x20, 0x7a, 0x02, 0xca, 0x64, 0x3b, 0xcc, 0x1e, 0xe6, 0x5d, 0xdc, 0x0e, - 0xdd, 0x88, 0xc4, 0x14, 0x89, 0x6c, 0x87, 0xe8, 0x1c, 0x94, 0xdc, 0xa6, 0x50, 0x52, 0x20, 0x70, - 0x4a, 0xf3, 0xb3, 0xb8, 0xe4, 0x36, 0xed, 0x6d, 0xa8, 0xa9, 0xab, 0x69, 0xd0, 0xa6, 0x94, 0xdd, - 0x56, 0x11, 0xa1, 0x51, 0x92, 0x6e, 0x0f, 0xa9, 0xdd, 0x01, 0xd0, 0xa9, 0x86, 0x45, 0xc9, 0x97, - 0xf3, 0x30, 0xd0, 0x08, 0x44, 0x1a, 0x74, 0x55, 0x93, 0x61, 0x42, 0x9b, 0x41, 0xec, 0x9b, 0x30, - 0x76, 0xd5, 0x0f, 0x6e, 0xb3, 0xc2, 0xf8, 0xac, 0x0e, 0x1c, 0x25, 0xbc, 0x4e, 0x7f, 0x64, 0x4d, - 0x04, 0x06, 0xc5, 0x1c, 0xa6, 0x2a, 0x54, 0x95, 0x7a, 0x55, 0xa8, 0xb2, 0x3f, 0x69, 0xc1, 0x88, - 0xca, 0x59, 0x9a, 0xdb, 0xda, 0xa4, 0x74, 0x5b, 0x51, 0xd0, 0x09, 0xb3, 0x74, 0xd9, 0xe5, 0x51, - 0x98, 0xc3, 0xcc, 0x64, 0xbe, 0xd2, 0x3e, 0xc9, 0x7c, 0xe7, 0x61, 0x60, 0xd3, 0xf5, 0x9b, 0xd9, - 0xdb, 0x50, 0xae, 0xba, 0x7e, 0x13, 0x33, 0x08, 0xed, 0xc2, 0x49, 0xd5, 0x05, 0xa9, 0x10, 0x5e, - 0x80, 0x91, 0xb5, 0x8e, 0xeb, 0x35, 0x65, 0x81, 0xbb, 0x8c, 0x47, 0xa5, 0x6e, 0xc0, 0x70, 0x0a, - 0x93, 0xee, 0xeb, 0xd6, 0x5c, 0xdf, 0x89, 0x76, 0x96, 0xb5, 0x06, 0x52, 0x42, 0xa9, 0xae, 0x20, - 0xd8, 0xc0, 0xb2, 0xdf, 0x28, 0xc3, 0x58, 0x3a, 0x73, 0xab, 0x8f, 0xed, 0xd5, 0x13, 0x50, 0x61, - 0xc9, 0x5c, 0xd9, 0x4f, 0xcb, 0x6b, 0xc2, 0x71, 0x18, 0x8a, 0x61, 0x90, 0x97, 0x81, 0x28, 0xe6, - 0x26, 0x21, 0xd5, 0x49, 0xe5, 0x87, 0x61, 0x71, 0x67, 0xa2, 0xf2, 0x84, 0x60, 0x85, 0x3e, 0x63, - 0xc1, 0x50, 0x10, 0x9a, 0x95, 0x8d, 0x3e, 0x54, 0x64, 0x56, 0x9b, 0x48, 0xaa, 0x11, 0x16, 0xb1, - 0xfa, 0xf4, 0xf2, 0x73, 0x48, 0xd6, 0xe7, 0xde, 0x0b, 0x23, 0x26, 0xe6, 0x7e, 0x46, 0x71, 0xd5, - 0x34, 0x8a, 0x3f, 0x6f, 0x4e, 0x0a, 0x91, 0xb7, 0xd7, 0xc7, 0x72, 0xbb, 0x0e, 0x95, 0x86, 0x0a, - 0x14, 0x38, 0x54, 0x59, 0x54, 0x55, 0x97, 0x81, 0x1d, 0x16, 0x71, 0x6a, 0xf6, 0x77, 0x2c, 0x63, - 0x7e, 0x60, 0x12, 0xcf, 0x37, 0x51, 0x04, 0xe5, 0xd6, 0xd6, 0xa6, 0x30, 0x45, 0xaf, 0x14, 0x34, - 0xbc, 0x73, 0x5b, 0x9b, 0x7a, 0x8e, 0x9b, 0xad, 0x98, 0x32, 0xeb, 0xc3, 0x59, 0x98, 0x4a, 0xef, - 0x2c, 0xef, 0x9f, 0xde, 0x69, 0xbf, 0x59, 0x82, 0x53, 0x5d, 0x93, 0x0a, 0xbd, 0x0e, 0x95, 0x88, - 0xbe, 0xa5, 0x78, 0xbd, 0x85, 0xc2, 0x12, 0x32, 0xe3, 0xf9, 0xa6, 0xd6, 0xbb, 0xe9, 0x76, 0xcc, - 0x59, 0xa2, 0x2b, 0x80, 0x74, 0x38, 0x8b, 0xf2, 0x54, 0xf2, 0x57, 0x3e, 0x27, 0x1e, 0x45, 0xd3, - 0x5d, 0x18, 0x38, 0xe7, 0x29, 0xf4, 0x62, 0xd6, 0xe1, 0x59, 0x4e, 0x9f, 0x6f, 0xee, 0xe5, 0xbb, - 0xb4, 0xff, 0x49, 0x09, 0x46, 0x53, 0x85, 0xa6, 0x90, 0x07, 0x55, 0xe2, 0x31, 0xe7, 0xbf, 0x54, - 0x36, 0x47, 0x2d, 0x1b, 0xad, 0x14, 0xe4, 0x45, 0x41, 0x17, 0x2b, 0x0e, 0x0f, 0xc6, 0x21, 0xfc, - 0x0b, 0x30, 0x22, 0x3b, 0xf4, 0x21, 0xa7, 0xed, 0x89, 0x01, 0x54, 0x73, 0xf4, 0xa2, 0x01, 0xc3, - 0x29, 0x4c, 0xfb, 0xb7, 0xcb, 0x30, 0xce, 0x4f, 0x4b, 0x9a, 0x6a, 0xe6, 0x2d, 0xca, 0xfd, 0xd6, - 0x5f, 0xd4, 0xe5, 0xe0, 0xf8, 0x40, 0xae, 0x1d, 0xf5, 0x96, 0x86, 0x7c, 0x46, 0x7d, 0x45, 0x70, - 0x7d, 0x3d, 0x13, 0xc1, 0xc5, 0xcd, 0xee, 0xd6, 0x31, 0xf5, 0xe8, 0xfb, 0x2b, 0xa4, 0xeb, 0x6f, - 0x95, 0xe0, 0x44, 0xe6, 0x0a, 0x0c, 0xf4, 0x46, 0xba, 0x6a, 0xb2, 0x55, 0x84, 0x4f, 0x7d, 0xcf, - 0x5b, 0x11, 0x0e, 0x56, 0x3b, 0xf9, 0x3e, 0x2d, 0x15, 0xfb, 0x0f, 0x4a, 0x30, 0x96, 0xbe, 0xbb, - 0xe3, 0x01, 0x1c, 0xa9, 0x77, 0x41, 0x8d, 0x95, 0xa7, 0x67, 0x57, 0x9a, 0x72, 0x97, 0x3c, 0xaf, - 0x04, 0x2e, 0x1b, 0xb1, 0x86, 0x3f, 0x10, 0x25, 0xa9, 0xed, 0xbf, 0x6d, 0xc1, 0x59, 0xfe, 0x96, - 0xd9, 0x79, 0xf8, 0x97, 0xf2, 0x46, 0xf7, 0x95, 0x62, 0x3b, 0x98, 0x29, 0x63, 0xb8, 0xdf, 0xf8, - 0xb2, 0xab, 0x14, 0x45, 0x6f, 0xd3, 0x53, 0xe1, 0x01, 0xec, 0xec, 0x81, 0x26, 0x83, 0xfd, 0x07, - 0x65, 0xd0, 0xb7, 0x47, 0x22, 0x57, 0xe4, 0x42, 0x16, 0x52, 0xce, 0x71, 0x65, 0xc7, 0x6f, 0xe8, - 0x7b, 0x2a, 0xab, 0x99, 0x54, 0xc8, 0x9f, 0xb3, 0x60, 0xd8, 0xf5, 0xdd, 0xc4, 0x75, 0xd8, 0x36, - 0xba, 0x98, 0x9b, 0xed, 0x14, 0xbb, 0x79, 0x4e, 0x39, 0x88, 0xcc, 0x73, 0x1c, 0xc5, 0x0c, 0x9b, - 0x9c, 0xd1, 0x47, 0x45, 0x90, 0x75, 0xb9, 0xb0, 0x2c, 0xde, 0x6a, 0x26, 0xb2, 0x3a, 0xa4, 0x86, - 0x57, 0x12, 0x15, 0x94, 0xfc, 0x8e, 0x29, 0x29, 0x55, 0x19, 0x58, 0xdf, 0xe3, 0x4d, 0x9b, 0x31, - 0x67, 0x64, 0xc7, 0x80, 0xba, 0xc7, 0xe2, 0x80, 0x01, 0xac, 0x53, 0x50, 0x73, 0x3a, 0x49, 0xd0, - 0xa6, 0xc3, 0x24, 0x8e, 0x9a, 0x74, 0x88, 0xae, 0x04, 0x60, 0x8d, 0x63, 0xbf, 0x51, 0x81, 0x4c, - 0x72, 0x22, 0xda, 0x36, 0x6f, 0x3e, 0xb5, 0x8a, 0xbd, 0xf9, 0x54, 0x75, 0x26, 0xef, 0xf6, 0x53, - 0xd4, 0x82, 0x4a, 0xb8, 0xe1, 0xc4, 0xd2, 0xac, 0x7e, 0x49, 0xed, 0xe3, 0x68, 0xe3, 0xdd, 0xdd, - 0x89, 0x9f, 0xe8, 0xcf, 0xeb, 0x4a, 0xe7, 0xea, 0x14, 0x2f, 0x73, 0xa2, 0x59, 0x33, 0x1a, 0x98, - 0xd3, 0x3f, 0xc8, 0xdd, 0x7e, 0x9f, 0x12, 0x75, 0xf8, 0x31, 0x89, 0x3b, 0x5e, 0x22, 0x66, 0xc3, - 0x4b, 0x05, 0xae, 0x32, 0x4e, 0x58, 0xa7, 0xd5, 0xf3, 0xff, 0xd8, 0x60, 0x8a, 0x3e, 0x0c, 0xb5, - 0x38, 0x71, 0xa2, 0xe4, 0x90, 0x89, 0xb0, 0x6a, 0xd0, 0x57, 0x24, 0x11, 0xac, 0xe9, 0xa1, 0x97, - 0x59, 0x75, 0x5b, 0x37, 0xde, 0x38, 0x64, 0x6e, 0x84, 0xac, 0x84, 0x2b, 0x28, 0x60, 0x83, 0x1a, - 0xba, 0x00, 0xc0, 0xe6, 0x36, 0x0f, 0x08, 0xac, 0x32, 0x2f, 0x93, 0x12, 0x85, 0x58, 0x41, 0xb0, - 0x81, 0x65, 0xff, 0x28, 0xa4, 0xeb, 0x42, 0xa0, 0x09, 0x59, 0x86, 0x82, 0x7b, 0xa1, 0x59, 0x8e, - 0x43, 0xaa, 0x62, 0xc4, 0xaf, 0x5b, 0x60, 0x16, 0xaf, 0x40, 0xaf, 0xf1, 0x2a, 0x19, 0x56, 0x11, - 0x27, 0x87, 0x06, 0xdd, 0xc9, 0x45, 0x27, 0xcc, 0x1c, 0x61, 0xcb, 0x52, 0x19, 0xe7, 0xde, 0x03, - 0x55, 0x09, 0x3d, 0x90, 0x51, 0xf7, 0x09, 0x38, 0x9d, 0xbd, 0x17, 0x5e, 0x9c, 0x3a, 0xed, 0xef, - 0xfa, 0x91, 0xfe, 0x9c, 0x52, 0x2f, 0x7f, 0x4e, 0x1f, 0xf7, 0xdf, 0xfe, 0x86, 0x05, 0xe7, 0xf7, - 0xbb, 0xbe, 0x1e, 0x3d, 0x0a, 0x03, 0xb7, 0x9d, 0x48, 0x96, 0x1d, 0x67, 0x82, 0xf2, 0xa6, 0x13, - 0xf9, 0x98, 0xb5, 0xa2, 0x1d, 0x18, 0xe4, 0x51, 0x63, 0xc2, 0x5a, 0x7f, 0xa9, 0xd8, 0xcb, 0xf4, - 0xaf, 0x12, 0x63, 0xbb, 0xc0, 0x23, 0xd6, 0xb0, 0x60, 0x68, 0x7f, 0xd7, 0x02, 0xb4, 0xb4, 0x45, - 0xa2, 0xc8, 0x6d, 0x1a, 0x71, 0x6e, 0xec, 0x3e, 0x1b, 0xe3, 0xde, 0x1a, 0x33, 0x15, 0x36, 0x73, - 0x9f, 0x8d, 0xf1, 0x2f, 0xff, 0x3e, 0x9b, 0xd2, 0xc1, 0xee, 0xb3, 0x41, 0x4b, 0x70, 0xb6, 0xcd, - 0xb7, 0x1b, 0xfc, 0x8e, 0x08, 0xbe, 0xf7, 0x50, 0x89, 0x67, 0x8f, 0xdc, 0xd9, 0x9d, 0x38, 0xbb, - 0x98, 0x87, 0x80, 0xf3, 0x9f, 0xb3, 0xdf, 0x03, 0x88, 0x87, 0xb7, 0xcd, 0xe4, 0xc5, 0x2a, 0xf5, - 0x74, 0xbf, 0xd8, 0x5f, 0xab, 0xc0, 0x89, 0x4c, 0x51, 0x5a, 0xba, 0xd5, 0xeb, 0x0e, 0x8e, 0x3a, - 0xb2, 0xfe, 0xee, 0xee, 0x5e, 0x5f, 0xe1, 0x56, 0x3e, 0x54, 0x5c, 0x3f, 0xec, 0x24, 0xc5, 0xe4, - 0x9a, 0xf2, 0x4e, 0xcc, 0x53, 0x82, 0x86, 0xbb, 0x98, 0xfe, 0xc5, 0x9c, 0x4d, 0x91, 0xc1, 0x5b, - 0x29, 0x63, 0x7c, 0xe0, 0x3e, 0xb9, 0x03, 0x3e, 0xa5, 0x43, 0xa9, 0x2a, 0x45, 0x38, 0x16, 0x33, - 0x93, 0xe5, 0xb8, 0x8f, 0xda, 0x7f, 0xad, 0x04, 0xc3, 0xc6, 0x47, 0x43, 0xbf, 0x94, 0x2e, 0xed, - 0x64, 0x15, 0xf7, 0x4a, 0x8c, 0xfe, 0xa4, 0x2e, 0xde, 0xc4, 0x5f, 0xe9, 0xc9, 0xee, 0xaa, 0x4e, - 0x77, 0x77, 0x27, 0x4e, 0x66, 0xea, 0x36, 0xa5, 0x2a, 0x3d, 0x9d, 0xfb, 0x38, 0x9c, 0xc8, 0x90, - 0xc9, 0x79, 0xe5, 0xd5, 0xf4, 0xb5, 0xff, 0x47, 0x74, 0x4b, 0x99, 0x43, 0xf6, 0x2d, 0x3a, 0x64, - 0x22, 0xdd, 0x2e, 0xf0, 0x48, 0x1f, 0x3e, 0xd8, 0x4c, 0x56, 0x6d, 0xa9, 0xcf, 0xac, 0xda, 0xa7, - 0xa0, 0x1a, 0x06, 0x9e, 0xdb, 0x70, 0x55, 0xfd, 0x43, 0x96, 0xc7, 0xbb, 0x2c, 0xda, 0xb0, 0x82, - 0xa2, 0xdb, 0x50, 0xbb, 0x75, 0x3b, 0xe1, 0xa7, 0x3f, 0xc2, 0xbf, 0x5d, 0xd4, 0xa1, 0x8f, 0x32, - 0x5a, 0xd4, 0xf1, 0x12, 0xd6, 0xbc, 0x90, 0x0d, 0x83, 0x4c, 0x09, 0xca, 0x14, 0x01, 0xe6, 0x7b, - 0x67, 0xda, 0x31, 0xc6, 0x02, 0x62, 0x7f, 0xb3, 0x06, 0x67, 0xf2, 0x2a, 0x83, 0xa3, 0x8f, 0xc1, - 0x20, 0xef, 0x63, 0x31, 0x97, 0x4f, 0xe4, 0xf1, 0x98, 0x63, 0x04, 0x45, 0xb7, 0xd8, 0x6f, 0x2c, - 0x78, 0x0a, 0xee, 0x9e, 0xb3, 0x26, 0x66, 0xc8, 0xf1, 0x70, 0x5f, 0x70, 0x34, 0xf7, 0x05, 0x87, - 0x73, 0xf7, 0x9c, 0x35, 0xb4, 0x0d, 0x95, 0x96, 0x9b, 0x10, 0x47, 0x38, 0x11, 0x6e, 0x1e, 0x0b, - 0x73, 0xe2, 0x70, 0x2b, 0x8d, 0xfd, 0xc4, 0x9c, 0x21, 0xfa, 0x86, 0x05, 0x27, 0xd6, 0xd2, 0x29, - 0xf4, 0x42, 0x78, 0x3a, 0xc7, 0x50, 0xfd, 0x3d, 0xcd, 0x88, 0x5f, 0xe8, 0x94, 0x69, 0xc4, 0xd9, - 0xee, 0xa0, 0x4f, 0x5b, 0x30, 0xb4, 0xee, 0x7a, 0x46, 0x01, 0xde, 0x63, 0xf8, 0x38, 0x97, 0x18, - 0x03, 0xbd, 0xe3, 0xe0, 0xff, 0x63, 0x2c, 0x39, 0xf7, 0xd2, 0x54, 0x83, 0x47, 0xd5, 0x54, 0x43, - 0xf7, 0x49, 0x53, 0x7d, 0xce, 0x82, 0x9a, 0x1a, 0x69, 0x91, 0x16, 0xfd, 0xe1, 0x63, 0xfc, 0xe4, - 0xdc, 0x73, 0xa2, 0xfe, 0x62, 0xcd, 0x1c, 0x7d, 0xd9, 0x82, 0x61, 0xe7, 0xf5, 0x4e, 0x44, 0x9a, - 0x64, 0x2b, 0x08, 0x63, 0x71, 0x1b, 0xe4, 0x2b, 0xc5, 0x77, 0x66, 0x9a, 0x32, 0x99, 0x25, 0x5b, - 0x4b, 0x61, 0x2c, 0xd2, 0x97, 0x74, 0x03, 0x36, 0xbb, 0x60, 0xef, 0x96, 0x60, 0x62, 0x1f, 0x0a, - 0xe8, 0x05, 0x18, 0x09, 0xa2, 0x96, 0xe3, 0xbb, 0xaf, 0x9b, 0x35, 0x31, 0x94, 0x95, 0xb5, 0x64, - 0xc0, 0x70, 0x0a, 0xd3, 0x4c, 0xdc, 0x2e, 0xed, 0x93, 0xb8, 0x7d, 0x1e, 0x06, 0x22, 0x12, 0x06, - 0xd9, 0xcd, 0x02, 0x4b, 0x1d, 0x60, 0x10, 0xf4, 0x18, 0x94, 0x9d, 0xd0, 0x15, 0x81, 0x68, 0x6a, - 0x0f, 0x34, 0xbd, 0x3c, 0x8f, 0x69, 0x7b, 0xaa, 0x8e, 0x44, 0xe5, 0x9e, 0xd4, 0x91, 0xa0, 0x6a, - 0x40, 0x9c, 0x5d, 0x0c, 0x6a, 0x35, 0x90, 0x3e, 0x53, 0xb0, 0xdf, 0x2c, 0xc3, 0x63, 0x7b, 0xce, - 0x17, 0x1d, 0x87, 0x67, 0xed, 0x11, 0x87, 0x27, 0x87, 0xa7, 0xb4, 0xdf, 0xf0, 0x94, 0x7b, 0x0c, - 0xcf, 0xa7, 0xe9, 0x32, 0x90, 0xb5, 0x44, 0x8a, 0xb9, 0xcf, 0xaf, 0x57, 0x69, 0x12, 0xb1, 0x02, - 0x24, 0x14, 0x6b, 0xbe, 0x74, 0x0f, 0x90, 0x4a, 0x5a, 0xae, 0x14, 0xa1, 0x06, 0x7a, 0xd6, 0x16, - 0xe1, 0x73, 0xbf, 0x57, 0x26, 0xb4, 0xfd, 0xf3, 0x25, 0x78, 0xa2, 0x0f, 0xe9, 0x6d, 0xce, 0x62, - 0xab, 0xcf, 0x59, 0xfc, 0xfd, 0xfd, 0x99, 0xec, 0xbf, 0x6c, 0xc1, 0xb9, 0xde, 0xca, 0x03, 0x3d, - 0x0b, 0xc3, 0x6b, 0x91, 0xe3, 0x37, 0x36, 0xd8, 0x1d, 0xa5, 0x72, 0x50, 0xd8, 0x58, 0xeb, 0x66, - 0x6c, 0xe2, 0xd0, 0xed, 0x2d, 0x8f, 0x49, 0x30, 0x30, 0x64, 0x92, 0x29, 0xdd, 0xde, 0xae, 0x66, - 0x81, 0xb8, 0x1b, 0xdf, 0xfe, 0xb3, 0x52, 0x7e, 0xb7, 0xb8, 0x91, 0x71, 0x90, 0xef, 0x24, 0xbe, - 0x42, 0xa9, 0x0f, 0x59, 0x52, 0xbe, 0xd7, 0xb2, 0x64, 0xa0, 0x97, 0x2c, 0x41, 0xb3, 0x70, 0xd2, - 0xb8, 0x44, 0x86, 0x27, 0x0e, 0xf3, 0x80, 0x5b, 0x55, 0x4d, 0x63, 0x39, 0x03, 0xc7, 0x5d, 0x4f, - 0xa0, 0xa7, 0xa1, 0xea, 0xfa, 0x31, 0x69, 0x74, 0x22, 0x1e, 0xe8, 0x6d, 0x24, 0x6b, 0xcd, 0x8b, - 0x76, 0xac, 0x30, 0xec, 0x5f, 0x2e, 0xc1, 0x23, 0x3d, 0xed, 0xac, 0x7b, 0x24, 0xbb, 0xcc, 0xcf, - 0x31, 0x70, 0x6f, 0x3e, 0x87, 0x39, 0x48, 0x95, 0x7d, 0x07, 0xe9, 0x0f, 0x7b, 0x4f, 0x4c, 0x6a, - 0x73, 0xff, 0xc0, 0x8e, 0xd2, 0x8b, 0x30, 0xea, 0x84, 0x21, 0xc7, 0x63, 0xf1, 0x9a, 0x99, 0x6a, - 0x3a, 0xd3, 0x26, 0x10, 0xa7, 0x71, 0xfb, 0xd2, 0x9e, 0x7f, 0x6c, 0x41, 0x0d, 0x93, 0x75, 0x2e, - 0x1d, 0xd0, 0x2d, 0x31, 0x44, 0x56, 0x11, 0x75, 0x37, 0xe9, 0xc0, 0xc6, 0x2e, 0xab, 0x47, 0x99, - 0x37, 0xd8, 0xdd, 0x97, 0xfc, 0x94, 0x0e, 0x74, 0xc9, 0x8f, 0xba, 0xe6, 0xa5, 0xdc, 0xfb, 0x9a, - 0x17, 0xfb, 0x5b, 0x43, 0xf4, 0xf5, 0xc2, 0x60, 0x26, 0x22, 0xcd, 0x98, 0x7e, 0xdf, 0x4e, 0xe4, - 0x89, 0x49, 0xa2, 0xbe, 0xef, 0x75, 0xbc, 0x80, 0x69, 0x7b, 0xea, 0x28, 0xa6, 0x74, 0xa0, 0x5a, - 0x22, 0xe5, 0x7d, 0x6b, 0x89, 0xbc, 0x08, 0xa3, 0x71, 0xbc, 0xb1, 0x1c, 0xb9, 0x5b, 0x4e, 0x42, - 0xae, 0x92, 0x1d, 0x61, 0x65, 0xe9, 0xfc, 0xff, 0x95, 0xcb, 0x1a, 0x88, 0xd3, 0xb8, 0x68, 0x0e, - 0x4e, 0xe9, 0x8a, 0x1e, 0x24, 0x4a, 0x58, 0x74, 0x3f, 0x9f, 0x09, 0x2a, 0xd9, 0x57, 0xd7, 0x00, - 0x11, 0x08, 0xb8, 0xfb, 0x19, 0x2a, 0xdf, 0x52, 0x8d, 0xb4, 0x23, 0x83, 0x69, 0xf9, 0x96, 0xa2, - 0x43, 0xfb, 0xd2, 0xf5, 0x04, 0x5a, 0x84, 0xd3, 0x7c, 0x62, 0x4c, 0x87, 0xa1, 0xf1, 0x46, 0x43, - 0xe9, 0x7a, 0x87, 0x73, 0xdd, 0x28, 0x38, 0xef, 0x39, 0xf4, 0x3c, 0x0c, 0xab, 0xe6, 0xf9, 0x59, - 0x71, 0x8a, 0xa0, 0xbc, 0x18, 0x8a, 0xcc, 0x7c, 0x13, 0x9b, 0x78, 0xe8, 0x43, 0xf0, 0xb0, 0xfe, - 0xcb, 0x53, 0xc0, 0xf8, 0xd1, 0xda, 0xac, 0x28, 0x96, 0xa4, 0x2e, 0x15, 0x99, 0xcb, 0x45, 0x6b, - 0xe2, 0x5e, 0xcf, 0xa3, 0x35, 0x38, 0xa7, 0x40, 0x17, 0xfd, 0x84, 0xe5, 0x73, 0xc4, 0xa4, 0xee, - 0xc4, 0xe4, 0x7a, 0xe4, 0x89, 0xcb, 0x69, 0xd5, 0xbd, 0x93, 0x73, 0x6e, 0x72, 0x39, 0x0f, 0x13, - 0x2f, 0xe0, 0x3d, 0xa8, 0xa0, 0x29, 0xa8, 0x11, 0xdf, 0x59, 0xf3, 0xc8, 0xd2, 0xcc, 0x3c, 0x2b, - 0xba, 0x64, 0x9c, 0xe4, 0x5d, 0x94, 0x00, 0xac, 0x71, 0x54, 0x84, 0xe9, 0x48, 0xcf, 0x3b, 0x50, - 0x97, 0xe1, 0x4c, 0xab, 0x11, 0x52, 0xdb, 0xc3, 0x6d, 0x90, 0xe9, 0x06, 0x0b, 0xa8, 0xa3, 0x1f, - 0x86, 0x17, 0xa2, 0x54, 0xe1, 0xd3, 0x73, 0x33, 0xcb, 0x5d, 0x38, 0x38, 0xf7, 0x49, 0x16, 0x78, - 0x19, 0x05, 0xdb, 0x3b, 0xe3, 0xa7, 0x33, 0x81, 0x97, 0xb4, 0x11, 0x73, 0x18, 0xba, 0x02, 0x88, - 0xc5, 0xe2, 0x5f, 0x4e, 0x92, 0x50, 0x19, 0x3b, 0xe3, 0x67, 0xd8, 0x2b, 0xa9, 0x30, 0xb2, 0x4b, - 0x5d, 0x18, 0x38, 0xe7, 0x29, 0xfb, 0xdf, 0x5b, 0x30, 0xaa, 0xd6, 0xeb, 0x3d, 0xc8, 0x46, 0xf1, - 0xd2, 0xd9, 0x28, 0x73, 0x47, 0x97, 0x78, 0xac, 0xe7, 0x3d, 0x42, 0x9a, 0x3f, 0x3b, 0x0c, 0xa0, - 0xa5, 0xa2, 0x52, 0x48, 0x56, 0x4f, 0x85, 0xf4, 0xc0, 0x4a, 0xa4, 0xbc, 0x0a, 0x2b, 0x95, 0xfb, - 0x5b, 0x61, 0x65, 0x05, 0xce, 0x4a, 0x73, 0x81, 0x9f, 0x15, 0x5d, 0x0e, 0x62, 0x25, 0xe0, 0xaa, - 0xf5, 0xc7, 0x04, 0xa1, 0xb3, 0xf3, 0x79, 0x48, 0x38, 0xff, 0xd9, 0x94, 0x95, 0x32, 0xb4, 0x9f, - 0x95, 0xa2, 0xd7, 0xf4, 0xc2, 0xba, 0xbc, 0x3d, 0x24, 0xb3, 0xa6, 0x17, 0x2e, 0xad, 0x60, 0x8d, - 0x93, 0x2f, 0xd8, 0x6b, 0x05, 0x09, 0x76, 0x38, 0xb0, 0x60, 0x97, 0x22, 0x66, 0xb8, 0xa7, 0x88, - 0x91, 0x3e, 0xe9, 0x91, 0x9e, 0x3e, 0xe9, 0xf7, 0xc3, 0x98, 0xeb, 0x6f, 0x90, 0xc8, 0x4d, 0x48, - 0x93, 0xad, 0x05, 0x26, 0x7e, 0xaa, 0x5a, 0xad, 0xcf, 0xa7, 0xa0, 0x38, 0x83, 0x9d, 0x96, 0x8b, - 0x63, 0x7d, 0xc8, 0xc5, 0x1e, 0xda, 0xe8, 0x44, 0x31, 0xda, 0xe8, 0xe4, 0xd1, 0xb5, 0xd1, 0xa9, - 0x63, 0xd5, 0x46, 0xa8, 0x10, 0x6d, 0xd4, 0x97, 0xa0, 0x37, 0xb6, 0x7f, 0x67, 0xf6, 0xd9, 0xfe, - 0xf5, 0x52, 0x45, 0x67, 0x0f, 0xad, 0x8a, 0xf2, 0xb5, 0xcc, 0x43, 0x87, 0xd2, 0x32, 0x9f, 0x2b, - 0xc1, 0x59, 0x2d, 0x87, 0xe9, 0xec, 0x77, 0xd7, 0xa9, 0x24, 0x62, 0x17, 0x50, 0xf1, 0x73, 0x1b, - 0x23, 0x39, 0x4a, 0xe7, 0x59, 0x29, 0x08, 0x36, 0xb0, 0x58, 0x8e, 0x11, 0x89, 0x58, 0xb9, 0xdd, - 0xac, 0x90, 0x9e, 0x11, 0xed, 0x58, 0x61, 0xd0, 0xf9, 0x45, 0x7f, 0x8b, 0xbc, 0xcd, 0x6c, 0x51, - 0xb9, 0x19, 0x0d, 0xc2, 0x26, 0x1e, 0x7a, 0x8a, 0x33, 0x61, 0x02, 0x82, 0x0a, 0xea, 0x11, 0x71, - 0x33, 0xae, 0x94, 0x09, 0x0a, 0x2a, 0xbb, 0xc3, 0x92, 0xc9, 0x2a, 0xdd, 0xdd, 0x61, 0x21, 0x50, - 0x0a, 0xc3, 0xfe, 0x1f, 0x16, 0x3c, 0x92, 0x3b, 0x14, 0xf7, 0x40, 0xf9, 0x6e, 0xa7, 0x95, 0xef, - 0x4a, 0x51, 0xdb, 0x0d, 0xe3, 0x2d, 0x7a, 0x28, 0xe2, 0x7f, 0x6b, 0xc1, 0x98, 0xc6, 0xbf, 0x07, - 0xaf, 0xea, 0xa6, 0x5f, 0xb5, 0xb8, 0x9d, 0x55, 0xad, 0xeb, 0xdd, 0x7e, 0xbb, 0x04, 0xaa, 0xd0, - 0xe3, 0x74, 0x43, 0x96, 0xd1, 0xdd, 0xe7, 0x24, 0x71, 0x07, 0x06, 0xd9, 0x41, 0x68, 0x5c, 0x4c, - 0x90, 0x47, 0x9a, 0x3f, 0x3b, 0x54, 0xd5, 0x87, 0xcc, 0xec, 0x6f, 0x8c, 0x05, 0x43, 0x56, 0x0c, - 0xda, 0x8d, 0xa9, 0x34, 0x6f, 0x8a, 0xb4, 0x2c, 0x5d, 0x0c, 0x5a, 0xb4, 0x63, 0x85, 0x41, 0xd5, - 0x83, 0xdb, 0x08, 0xfc, 0x19, 0xcf, 0x89, 0xe5, 0xad, 0x8b, 0x4a, 0x3d, 0xcc, 0x4b, 0x00, 0xd6, - 0x38, 0xec, 0x8c, 0xd4, 0x8d, 0x43, 0xcf, 0xd9, 0x31, 0xf6, 0xcf, 0x46, 0x7d, 0x02, 0x05, 0xc2, - 0x26, 0x9e, 0xdd, 0x86, 0xf1, 0xf4, 0x4b, 0xcc, 0x92, 0x75, 0x16, 0xa0, 0xd8, 0xd7, 0x70, 0x4e, - 0x41, 0xcd, 0x61, 0x4f, 0x2d, 0x74, 0x9c, 0xec, 0xa5, 0xed, 0xd3, 0x12, 0x80, 0x35, 0x8e, 0xfd, - 0xab, 0x16, 0x9c, 0xce, 0x19, 0xb4, 0x02, 0xd3, 0xde, 0x12, 0x2d, 0x6d, 0xf2, 0x14, 0xfb, 0x3b, - 0x61, 0xa8, 0x49, 0xd6, 0x1d, 0x19, 0x02, 0x67, 0xc8, 0xf6, 0x59, 0xde, 0x8c, 0x25, 0xdc, 0xfe, - 0x6f, 0x16, 0x9c, 0x48, 0xf7, 0x35, 0x66, 0xa9, 0x24, 0x7c, 0x98, 0xdc, 0xb8, 0x11, 0x6c, 0x91, - 0x68, 0x87, 0xbe, 0xb9, 0x95, 0x49, 0x25, 0xe9, 0xc2, 0xc0, 0x39, 0x4f, 0xb1, 0x32, 0xaf, 0x4d, - 0x35, 0xda, 0x72, 0x46, 0xde, 0x28, 0x72, 0x46, 0xea, 0x8f, 0x69, 0x1e, 0x97, 0x2b, 0x96, 0xd8, - 0xe4, 0x6f, 0x7f, 0x77, 0x00, 0x54, 0x5e, 0x2c, 0x8b, 0x3f, 0x2a, 0x28, 0x7a, 0xeb, 0xa0, 0x19, - 0x44, 0x6a, 0x32, 0x0c, 0xec, 0x15, 0x10, 0xc0, 0xbd, 0x24, 0xa6, 0xeb, 0x52, 0xbd, 0xe1, 0xaa, - 0x06, 0x61, 0x13, 0x8f, 0xf6, 0xc4, 0x73, 0xb7, 0x08, 0x7f, 0x68, 0x30, 0xdd, 0x93, 0x05, 0x09, - 0xc0, 0x1a, 0x87, 0xf6, 0xa4, 0xe9, 0xae, 0xaf, 0x8b, 0x2d, 0xbf, 0xea, 0x09, 0x1d, 0x1d, 0xcc, - 0x20, 0xbc, 0x72, 0x77, 0xb0, 0x29, 0xac, 0x60, 0xa3, 0x72, 0x77, 0xb0, 0x89, 0x19, 0x84, 0xda, - 0x6d, 0x7e, 0x10, 0xb5, 0xd9, 0xa5, 0xfa, 0x4d, 0xc5, 0x45, 0x58, 0xbf, 0xca, 0x6e, 0xbb, 0xd6, - 0x8d, 0x82, 0xf3, 0x9e, 0xa3, 0x33, 0x30, 0x8c, 0x48, 0xd3, 0x6d, 0x24, 0x26, 0x35, 0x48, 0xcf, - 0xc0, 0xe5, 0x2e, 0x0c, 0x9c, 0xf3, 0x14, 0x9a, 0x86, 0x13, 0x32, 0xaf, 0x59, 0x56, 0xad, 0x19, - 0x4e, 0x57, 0xc9, 0xc0, 0x69, 0x30, 0xce, 0xe2, 0x53, 0xa9, 0xd6, 0x16, 0x85, 0xad, 0x98, 0xb1, - 0x6c, 0x48, 0x35, 0x59, 0xf0, 0x0a, 0x2b, 0x0c, 0xfb, 0x53, 0x65, 0xaa, 0x85, 0x7b, 0x14, 0x74, - 0xbb, 0x67, 0xd1, 0x82, 0xe9, 0x19, 0x39, 0xd0, 0xc7, 0x8c, 0x7c, 0x0e, 0x46, 0x6e, 0xc5, 0x81, - 0xaf, 0x22, 0xf1, 0x2a, 0x3d, 0x23, 0xf1, 0x0c, 0xac, 0xfc, 0x48, 0xbc, 0xc1, 0xa2, 0x22, 0xf1, - 0x86, 0x0e, 0x19, 0x89, 0xf7, 0x3b, 0x15, 0x50, 0x57, 0x88, 0x5c, 0x23, 0xc9, 0xed, 0x20, 0xda, - 0x74, 0xfd, 0x16, 0xcb, 0x07, 0xff, 0x86, 0x05, 0x23, 0x7c, 0xbd, 0x2c, 0x98, 0x99, 0x54, 0xeb, - 0x05, 0xdd, 0x4d, 0x91, 0x62, 0x36, 0xb9, 0x6a, 0x30, 0xca, 0x5c, 0xfa, 0x69, 0x82, 0x70, 0xaa, - 0x47, 0xe8, 0xe3, 0x00, 0xd2, 0x3f, 0xba, 0x2e, 0x45, 0xe6, 0x7c, 0x31, 0xfd, 0xc3, 0x64, 0x5d, - 0xdb, 0xc0, 0xab, 0x8a, 0x09, 0x36, 0x18, 0xa2, 0xcf, 0xe9, 0x2c, 0x33, 0x1e, 0xb2, 0xff, 0xd1, - 0x63, 0x19, 0x9b, 0x7e, 0x72, 0xcc, 0x30, 0x0c, 0xb9, 0x7e, 0x8b, 0xce, 0x13, 0x11, 0xb1, 0xf4, - 0x8e, 0xbc, 0x5a, 0x0a, 0x0b, 0x81, 0xd3, 0xac, 0x3b, 0x9e, 0xe3, 0x37, 0x48, 0x34, 0xcf, 0xd1, - 0xcd, 0xab, 0xae, 0x59, 0x03, 0x96, 0x84, 0xba, 0x2e, 0x5f, 0xa9, 0xf4, 0x73, 0xf9, 0xca, 0xb9, - 0x0f, 0xc0, 0xa9, 0xae, 0x8f, 0x79, 0xa0, 0x94, 0xb2, 0xc3, 0x67, 0xa3, 0xd9, 0xff, 0x74, 0x50, - 0x2b, 0xad, 0x6b, 0x41, 0x93, 0x5f, 0x01, 0x12, 0xe9, 0x2f, 0x2a, 0x6c, 0xdc, 0x02, 0xa7, 0x88, - 0x71, 0x5d, 0xb6, 0x6a, 0xc4, 0x26, 0x4b, 0x3a, 0x47, 0x43, 0x27, 0x22, 0xfe, 0x71, 0xcf, 0xd1, - 0x65, 0xc5, 0x04, 0x1b, 0x0c, 0xd1, 0x46, 0x2a, 0xa7, 0xe4, 0xd2, 0xd1, 0x73, 0x4a, 0x58, 0x95, - 0xa9, 0xbc, 0xaa, 0xfd, 0x5f, 0xb6, 0x60, 0xcc, 0x4f, 0xcd, 0xdc, 0x62, 0xc2, 0x48, 0xf3, 0x57, - 0x05, 0xbf, 0x81, 0x2a, 0xdd, 0x86, 0x33, 0xfc, 0xf3, 0x54, 0x5a, 0xe5, 0x80, 0x2a, 0x4d, 0xdf, - 0x25, 0x34, 0xd8, 0xeb, 0x2e, 0x21, 0xe4, 0xab, 0xcb, 0xd4, 0x86, 0x0a, 0xbf, 0x4c, 0x0d, 0x72, - 0x2e, 0x52, 0xbb, 0x09, 0xb5, 0x46, 0x44, 0x9c, 0xe4, 0x90, 0xf7, 0x6a, 0xb1, 0x03, 0xfa, 0x19, - 0x49, 0x00, 0x6b, 0x5a, 0xf6, 0xff, 0x1e, 0x80, 0x93, 0x72, 0x44, 0x64, 0x08, 0x3a, 0xd5, 0x8f, - 0x9c, 0xaf, 0x36, 0x6e, 0x95, 0x7e, 0xbc, 0x2c, 0x01, 0x58, 0xe3, 0x50, 0x7b, 0xac, 0x13, 0x93, - 0xa5, 0x90, 0xf8, 0x0b, 0xee, 0x5a, 0x2c, 0xce, 0x39, 0xd5, 0x42, 0xb9, 0xae, 0x41, 0xd8, 0xc4, - 0xa3, 0xc6, 0x38, 0xb7, 0x8b, 0xe3, 0x6c, 0xfa, 0x8a, 0xb0, 0xb7, 0xb1, 0x84, 0xa3, 0x5f, 0xc8, - 0xad, 0x30, 0x5b, 0x4c, 0xe2, 0x56, 0x57, 0xe4, 0xfd, 0x01, 0xaf, 0x62, 0xfc, 0x1b, 0x16, 0x9c, - 0xe5, 0xad, 0x72, 0x24, 0xaf, 0x87, 0x4d, 0x27, 0x21, 0x71, 0x31, 0x15, 0xdf, 0x73, 0xfa, 0xa7, - 0x9d, 0xbc, 0x79, 0x6c, 0x71, 0x7e, 0x6f, 0xd0, 0x1b, 0x16, 0x9c, 0xd8, 0x4c, 0xd5, 0xfc, 0x90, - 0xaa, 0xe3, 0xa8, 0xe9, 0xf8, 0x29, 0xa2, 0x7a, 0xa9, 0xa5, 0xdb, 0x63, 0x9c, 0xe5, 0x6e, 0xff, - 0x99, 0x05, 0xa6, 0x18, 0xbd, 0xf7, 0xa5, 0x42, 0x0e, 0x6e, 0x0a, 0x4a, 0xeb, 0xb2, 0xd2, 0xd3, - 0xba, 0x7c, 0x0c, 0xca, 0x1d, 0xb7, 0x29, 0xf6, 0x17, 0xfa, 0xf4, 0x75, 0x7e, 0x16, 0xd3, 0x76, - 0xfb, 0x1f, 0x55, 0xb4, 0xdf, 0x42, 0xe4, 0x45, 0xfd, 0x40, 0xbc, 0xf6, 0xba, 0x2a, 0x36, 0xc6, - 0xdf, 0xfc, 0x5a, 0x57, 0xb1, 0xb1, 0x1f, 0x3f, 0x78, 0xda, 0x1b, 0x1f, 0xa0, 0x5e, 0xb5, 0xc6, - 0x86, 0xf6, 0xc9, 0x79, 0xbb, 0x05, 0x55, 0xba, 0x05, 0x63, 0x0e, 0xc8, 0x6a, 0xaa, 0x53, 0xd5, - 0xcb, 0xa2, 0xfd, 0xee, 0xee, 0xc4, 0x7b, 0x0f, 0xde, 0x2d, 0xf9, 0x34, 0x56, 0xf4, 0x51, 0x0c, - 0x35, 0xfa, 0x9b, 0xa5, 0xe7, 0x89, 0xcd, 0xdd, 0x75, 0x25, 0x33, 0x25, 0xa0, 0x90, 0xdc, 0x3f, - 0xcd, 0x07, 0xf9, 0x50, 0x63, 0xb7, 0xd6, 0x32, 0xa6, 0x7c, 0x0f, 0xb8, 0xac, 0x92, 0xe4, 0x24, - 0xe0, 0xee, 0xee, 0xc4, 0x8b, 0x07, 0x67, 0xaa, 0x1e, 0xc7, 0x9a, 0x85, 0xfd, 0x95, 0x01, 0x3d, - 0x77, 0x45, 0x8d, 0xb9, 0x1f, 0x88, 0xb9, 0xfb, 0x42, 0x66, 0xee, 0x9e, 0xef, 0x9a, 0xbb, 0x63, - 0xfa, 0x76, 0xd5, 0xd4, 0x6c, 0xbc, 0xd7, 0x86, 0xc0, 0xfe, 0xfe, 0x06, 0x66, 0x01, 0xbd, 0xd6, - 0x71, 0x23, 0x12, 0x2f, 0x47, 0x1d, 0xdf, 0xf5, 0x5b, 0x6c, 0x3a, 0x56, 0x4d, 0x0b, 0x28, 0x05, - 0xc6, 0x59, 0x7c, 0xba, 0xa9, 0xa7, 0xdf, 0xfc, 0xa6, 0xb3, 0xc5, 0x67, 0x95, 0x51, 0x76, 0x6b, - 0x45, 0xb4, 0x63, 0x85, 0x61, 0x7f, 0x8b, 0x9d, 0x65, 0x1b, 0x79, 0xc1, 0x74, 0x4e, 0x78, 0xec, - 0x9a, 0x60, 0x5e, 0xb3, 0x4b, 0xcd, 0x09, 0x7e, 0x37, 0x30, 0x87, 0xa1, 0xdb, 0x30, 0xb4, 0xc6, - 0xef, 0xc9, 0x2b, 0xa6, 0x8e, 0xb9, 0xb8, 0x74, 0x8f, 0xdd, 0x86, 0x22, 0x6f, 0xe0, 0xbb, 0xab, - 0x7f, 0x62, 0xc9, 0xcd, 0xfe, 0xfd, 0x0a, 0x9c, 0xc8, 0x5c, 0x24, 0x9b, 0xaa, 0x96, 0x5a, 0xda, - 0xb7, 0x5a, 0xea, 0x47, 0x00, 0x9a, 0x24, 0xf4, 0x82, 0x1d, 0x66, 0x8e, 0x0d, 0x1c, 0xd8, 0x1c, - 0x53, 0x16, 0xfc, 0xac, 0xa2, 0x82, 0x0d, 0x8a, 0xa2, 0x50, 0x19, 0x2f, 0xbe, 0x9a, 0x29, 0x54, - 0x66, 0xdc, 0x76, 0x30, 0x78, 0x6f, 0x6f, 0x3b, 0x70, 0xe1, 0x04, 0xef, 0xa2, 0xca, 0xbe, 0x3d, - 0x44, 0x92, 0x2d, 0xcb, 0x5f, 0x98, 0x4d, 0x93, 0xc1, 0x59, 0xba, 0xf7, 0xf3, 0x9e, 0x68, 0xf4, - 0x2e, 0xa8, 0xc9, 0xef, 0x1c, 0x8f, 0xd7, 0x74, 0x05, 0x03, 0x39, 0x0d, 0xd8, 0xfd, 0xcd, 0xe2, - 0x67, 0x57, 0x21, 0x01, 0xb8, 0x5f, 0x85, 0x04, 0xec, 0x2f, 0x95, 0xa8, 0x1d, 0xcf, 0xfb, 0xa5, - 0x6a, 0xe2, 0x3c, 0x09, 0x83, 0x4e, 0x27, 0xd9, 0x08, 0xba, 0x6e, 0xfd, 0x9b, 0x66, 0xad, 0x58, - 0x40, 0xd1, 0x02, 0x0c, 0x34, 0x75, 0x9d, 0x93, 0x83, 0x7c, 0x4f, 0xed, 0x12, 0x75, 0x12, 0x82, - 0x19, 0x15, 0xf4, 0x28, 0x0c, 0x24, 0x4e, 0x4b, 0xa6, 0x5c, 0xb1, 0x34, 0xdb, 0x55, 0xa7, 0x15, - 0x63, 0xd6, 0x6a, 0xaa, 0xef, 0x81, 0x7d, 0xd4, 0xf7, 0x8b, 0x30, 0x1a, 0xbb, 0x2d, 0xdf, 0x49, - 0x3a, 0x11, 0x31, 0x8e, 0xf9, 0x74, 0xe4, 0x86, 0x09, 0xc4, 0x69, 0x5c, 0xfb, 0x37, 0x47, 0xe0, - 0xcc, 0xca, 0xcc, 0xa2, 0xac, 0xde, 0x7d, 0x6c, 0x59, 0x53, 0x79, 0x3c, 0xee, 0x5d, 0xd6, 0x54, - 0x0f, 0xee, 0x9e, 0x91, 0x35, 0xe5, 0x19, 0x59, 0x53, 0xe9, 0x14, 0x96, 0x72, 0x11, 0x29, 0x2c, - 0x79, 0x3d, 0xe8, 0x27, 0x85, 0xe5, 0xd8, 0xd2, 0xa8, 0xf6, 0xec, 0xd0, 0x81, 0xd2, 0xa8, 0x54, - 0x8e, 0x59, 0x21, 0xc9, 0x05, 0x3d, 0x3e, 0x55, 0x6e, 0x8e, 0x99, 0xca, 0xef, 0xe1, 0x89, 0x33, - 0x42, 0xd4, 0xbf, 0x52, 0x7c, 0x07, 0xfa, 0xc8, 0xef, 0x11, 0xb9, 0x3b, 0x66, 0x4e, 0xd9, 0x50, - 0x11, 0x39, 0x65, 0x79, 0xdd, 0xd9, 0x37, 0xa7, 0xec, 0x45, 0x18, 0x6d, 0x78, 0x81, 0x4f, 0x96, - 0xa3, 0x20, 0x09, 0x1a, 0x81, 0x27, 0xcc, 0x7a, 0x25, 0x12, 0x66, 0x4c, 0x20, 0x4e, 0xe3, 0xf6, - 0x4a, 0x48, 0xab, 0x1d, 0x35, 0x21, 0x0d, 0xee, 0x53, 0x42, 0xda, 0xcf, 0xea, 0xd4, 0xe9, 0x61, - 0xf6, 0x45, 0x3e, 0x52, 0xfc, 0x17, 0xe9, 0x27, 0x7f, 0x1a, 0xbd, 0xc9, 0xaf, 0xdd, 0xa3, 0x86, - 0xf1, 0x4c, 0xd0, 0xa6, 0x86, 0xdf, 0x08, 0x1b, 0x92, 0x57, 0x8f, 0x61, 0xc2, 0xde, 0x5c, 0xd1, - 0x6c, 0xd4, 0x55, 0x7c, 0xba, 0x09, 0xa7, 0x3b, 0x72, 0x94, 0xd4, 0xee, 0xaf, 0x95, 0xe0, 0x87, - 0xf6, 0xed, 0x02, 0xba, 0x0d, 0x90, 0x38, 0x2d, 0x31, 0x51, 0xc5, 0x81, 0xc9, 0x11, 0xc3, 0x2b, - 0x57, 0x25, 0x3d, 0x5e, 0x93, 0x44, 0xfd, 0x65, 0x47, 0x11, 0xf2, 0x37, 0x8b, 0xaa, 0x0c, 0xbc, - 0xae, 0xd2, 0x8d, 0x38, 0xf0, 0x08, 0x66, 0x10, 0xaa, 0xfe, 0x23, 0xd2, 0xd2, 0xf7, 0x44, 0xab, - 0xcf, 0x87, 0x59, 0x2b, 0x16, 0x50, 0xf4, 0x3c, 0x0c, 0x3b, 0x9e, 0xc7, 0xf3, 0x63, 0x48, 0x2c, - 0xee, 0xdd, 0xd1, 0x35, 0xe4, 0x34, 0x08, 0x9b, 0x78, 0xf6, 0x9f, 0x96, 0x60, 0x62, 0x1f, 0x99, - 0xd2, 0x95, 0xf1, 0x57, 0xe9, 0x3b, 0xe3, 0x4f, 0xe4, 0x28, 0x0c, 0xf6, 0xc8, 0x51, 0x78, 0x1e, - 0x86, 0x13, 0xe2, 0xb4, 0x45, 0x40, 0x96, 0xf0, 0x04, 0xe8, 0x13, 0x60, 0x0d, 0xc2, 0x26, 0x1e, - 0x95, 0x62, 0x63, 0x4e, 0xa3, 0x41, 0xe2, 0x58, 0x26, 0x21, 0x08, 0x6f, 0x6a, 0x61, 0x19, 0x0e, - 0xcc, 0x49, 0x3d, 0x9d, 0x62, 0x81, 0x33, 0x2c, 0xb3, 0x03, 0x5e, 0xeb, 0x73, 0xc0, 0xbf, 0x59, - 0x82, 0xc7, 0xf6, 0xd4, 0x6e, 0x7d, 0xe7, 0x87, 0x74, 0x62, 0x12, 0x65, 0x27, 0xce, 0xf5, 0x98, - 0x44, 0x98, 0x41, 0xf8, 0x28, 0x85, 0xa1, 0x71, 0x0f, 0x77, 0xd1, 0xc9, 0x4b, 0x7c, 0x94, 0x52, - 0x2c, 0x70, 0x86, 0xe5, 0x61, 0xa7, 0xe5, 0xdf, 0x29, 0xc1, 0x13, 0x7d, 0xd8, 0x00, 0x05, 0x26, - 0x79, 0xa5, 0x53, 0xed, 0xca, 0xf7, 0x29, 0x23, 0xf2, 0x90, 0xc3, 0xf5, 0xad, 0x12, 0x9c, 0xeb, - 0xad, 0x8a, 0xd1, 0xfb, 0xe0, 0x44, 0xa4, 0xa2, 0xb0, 0xcc, 0x2c, 0xbd, 0xd3, 0xdc, 0x93, 0x90, - 0x02, 0xe1, 0x2c, 0x2e, 0x9a, 0x04, 0x08, 0x9d, 0x64, 0x23, 0xbe, 0xb8, 0xed, 0xc6, 0x89, 0xa8, - 0x42, 0x33, 0xc6, 0xcf, 0xae, 0x64, 0x2b, 0x36, 0x30, 0x28, 0x3b, 0xf6, 0x6f, 0x36, 0xb8, 0x16, - 0x24, 0xfc, 0x21, 0xbe, 0x8d, 0x38, 0x2d, 0xef, 0xec, 0x30, 0x40, 0x38, 0x8b, 0x4b, 0xd9, 0xb1, - 0xd3, 0x51, 0xde, 0x51, 0xbe, 0xbf, 0x60, 0xec, 0x16, 0x54, 0x2b, 0x36, 0x30, 0xb2, 0xf9, 0x87, - 0x95, 0xfd, 0xf3, 0x0f, 0xed, 0x7f, 0x58, 0x82, 0x47, 0x7a, 0x9a, 0x72, 0xfd, 0x2d, 0xc0, 0x07, - 0x2f, 0x67, 0xf0, 0x70, 0x73, 0xe7, 0x80, 0xb9, 0x6d, 0x7f, 0xdc, 0x63, 0xa6, 0x89, 0xdc, 0xb6, - 0xc3, 0x27, 0x87, 0x3f, 0x78, 0xe3, 0xd9, 0x95, 0xce, 0x36, 0x70, 0x80, 0x74, 0xb6, 0xcc, 0xc7, - 0xa8, 0xf4, 0xb9, 0x90, 0xff, 0xbc, 0xdc, 0x73, 0x78, 0xe9, 0xd6, 0xaf, 0x2f, 0x3f, 0xed, 0x2c, - 0x9c, 0x74, 0x7d, 0x76, 0x7f, 0xd3, 0x4a, 0x67, 0x4d, 0x14, 0x26, 0x29, 0xa5, 0x6f, 0x59, 0x9f, - 0xcf, 0xc0, 0x71, 0xd7, 0x13, 0x0f, 0x60, 0x7a, 0xe1, 0xe1, 0x86, 0xf4, 0x60, 0x09, 0xae, 0x68, - 0x09, 0xce, 0xca, 0xa1, 0xd8, 0x70, 0x22, 0xd2, 0x14, 0x6a, 0x24, 0x16, 0x09, 0x15, 0x8f, 0xf0, - 0xa4, 0x8c, 0x1c, 0x04, 0x9c, 0xff, 0x1c, 0xbb, 0x32, 0x27, 0x08, 0xdd, 0x86, 0xd8, 0xe4, 0xe8, - 0x2b, 0x73, 0x68, 0x23, 0xe6, 0x30, 0xfb, 0x23, 0x50, 0x53, 0xef, 0xcf, 0xc3, 0xba, 0xd5, 0xa4, - 0xeb, 0x0a, 0xeb, 0x56, 0x33, 0xce, 0xc0, 0xa2, 0x5f, 0x8b, 0x9a, 0xc4, 0x99, 0xd5, 0x73, 0x95, - 0xec, 0x30, 0xfb, 0xd8, 0x7e, 0x37, 0x8c, 0x28, 0x3f, 0x4b, 0xbf, 0x17, 0x09, 0xd9, 0x5f, 0x19, - 0x84, 0xd1, 0x54, 0x71, 0xc0, 0x94, 0x83, 0xd5, 0xda, 0xd7, 0xc1, 0xca, 0xc2, 0xf4, 0x3b, 0xbe, - 0xbc, 0x65, 0xcc, 0x08, 0xd3, 0xef, 0xf8, 0x04, 0x73, 0x18, 0x35, 0x6f, 0x9b, 0xd1, 0x0e, 0xee, - 0xf8, 0x22, 0x9c, 0x56, 0x99, 0xb7, 0xb3, 0xac, 0x15, 0x0b, 0x28, 0xfa, 0xa4, 0x05, 0x23, 0x31, - 0xf3, 0xde, 0x73, 0xf7, 0xb4, 0x98, 0x74, 0x57, 0x8e, 0x5e, 0xfb, 0x50, 0x15, 0xc2, 0x64, 0x11, - 0x32, 0x66, 0x0b, 0x4e, 0x71, 0x44, 0x9f, 0xb1, 0xa0, 0xa6, 0x2e, 0x43, 0x11, 0x57, 0x06, 0xae, - 0x14, 0x5b, 0x7b, 0x91, 0xfb, 0x35, 0xd5, 0x41, 0x88, 0x2a, 0x82, 0x87, 0x35, 0x63, 0x14, 0x2b, - 0xdf, 0xf1, 0xd0, 0xf1, 0xf8, 0x8e, 0x21, 0xc7, 0x6f, 0xfc, 0x2e, 0xa8, 0xb5, 0x1d, 0xdf, 0x5d, - 0x27, 0x71, 0xc2, 0xdd, 0xb9, 0xb2, 0x24, 0xac, 0x6c, 0xc4, 0x1a, 0x4e, 0x15, 0x72, 0xcc, 0x5e, - 0x2c, 0x31, 0xfc, 0xaf, 0x4c, 0x21, 0xaf, 0xe8, 0x66, 0x6c, 0xe2, 0x98, 0xce, 0x62, 0xb8, 0xaf, - 0xce, 0xe2, 0xe1, 0xbd, 0x9d, 0xc5, 0xf6, 0xdf, 0xb3, 0xe0, 0x6c, 0xee, 0x57, 0x7b, 0x70, 0x03, - 0x1f, 0xed, 0xaf, 0x56, 0xe0, 0x74, 0x4e, 0x95, 0x4f, 0xb4, 0x63, 0xce, 0x67, 0xab, 0x88, 0x18, - 0x82, 0xf4, 0x91, 0xb8, 0x1c, 0xc6, 0x9c, 0x49, 0x7c, 0xb0, 0xa3, 0x1a, 0x7d, 0x5c, 0x52, 0xbe, - 0xb7, 0xc7, 0x25, 0xc6, 0xb4, 0x1c, 0xb8, 0xaf, 0xd3, 0xb2, 0xb2, 0xcf, 0x19, 0xc6, 0xaf, 0x59, - 0x30, 0xde, 0xee, 0x51, 0x5a, 0x5e, 0x38, 0x1e, 0x6f, 0x1c, 0x4f, 0xe1, 0xfa, 0xfa, 0xa3, 0x77, - 0x76, 0x27, 0x7a, 0x56, 0xf4, 0xc7, 0x3d, 0x7b, 0x65, 0x7f, 0xb7, 0x0c, 0xac, 0xc4, 0x2c, 0xab, - 0xe4, 0xb6, 0x83, 0x3e, 0x61, 0x16, 0x0b, 0xb6, 0x8a, 0x2a, 0x6c, 0xcb, 0x89, 0xab, 0x62, 0xc3, - 0x7c, 0x04, 0xf3, 0x6a, 0x0f, 0x67, 0x85, 0x56, 0xa9, 0x0f, 0xa1, 0xe5, 0xc9, 0xaa, 0xcc, 0xe5, - 0xe2, 0xab, 0x32, 0xd7, 0xb2, 0x15, 0x99, 0xf7, 0xfe, 0xc4, 0x03, 0x0f, 0xe4, 0x27, 0xfe, 0x45, - 0x8b, 0x0b, 0x9e, 0xcc, 0x57, 0xd0, 0x96, 0x81, 0xb5, 0x87, 0x65, 0xf0, 0x34, 0x54, 0x63, 0xe2, - 0xad, 0x5f, 0x26, 0x8e, 0x27, 0x2c, 0x08, 0x7d, 0x7e, 0x2d, 0xda, 0xb1, 0xc2, 0x60, 0xd7, 0xb6, - 0x7a, 0x5e, 0x70, 0xfb, 0x62, 0x3b, 0x4c, 0x76, 0x84, 0x2d, 0xa1, 0xaf, 0x6d, 0x55, 0x10, 0x6c, - 0x60, 0xd9, 0x7f, 0xbd, 0xc4, 0x67, 0xa0, 0x08, 0x82, 0x78, 0x21, 0x73, 0xd1, 0x5e, 0xff, 0xf1, - 0x03, 0x1f, 0x03, 0x68, 0xa8, 0xab, 0xec, 0xc5, 0x99, 0xd0, 0xe5, 0x23, 0xdf, 0xb3, 0x2d, 0xe8, - 0xe9, 0xd7, 0xd0, 0x6d, 0xd8, 0xe0, 0x97, 0x92, 0xa5, 0xe5, 0x7d, 0x65, 0x69, 0x4a, 0xac, 0x0c, - 0xec, 0xa3, 0xed, 0xfe, 0xd4, 0x82, 0x94, 0x45, 0x84, 0x42, 0xa8, 0xd0, 0xee, 0xee, 0x14, 0x73, - 0x4b, 0xbf, 0x49, 0x9a, 0x8a, 0x46, 0x31, 0xed, 0xd9, 0x4f, 0xcc, 0x19, 0x21, 0x4f, 0xc4, 0x4a, - 0xf0, 0x51, 0xbd, 0x56, 0x1c, 0xc3, 0xcb, 0x41, 0xb0, 0xc9, 0x0f, 0x36, 0x75, 0xdc, 0x85, 0xfd, - 0x02, 0x9c, 0xea, 0xea, 0x14, 0xbb, 0x53, 0x2b, 0xa0, 0xda, 0x27, 0x33, 0x5d, 0x59, 0x02, 0x27, - 0xe6, 0x30, 0xfb, 0x5b, 0x16, 0x9c, 0xcc, 0x92, 0x47, 0x6f, 0x5a, 0x70, 0x2a, 0xce, 0xd2, 0x3b, - 0xae, 0xb1, 0x53, 0xf1, 0x8e, 0x5d, 0x20, 0xdc, 0xdd, 0x09, 0xfb, 0xff, 0x88, 0xc9, 0x7f, 0xd3, - 0xf5, 0x9b, 0xc1, 0x6d, 0x65, 0x98, 0x58, 0x3d, 0x0d, 0x13, 0xba, 0x1e, 0x1b, 0x1b, 0xa4, 0xd9, - 0xf1, 0xba, 0x32, 0x47, 0x57, 0x44, 0x3b, 0x56, 0x18, 0x2c, 0x51, 0xae, 0x23, 0xca, 0xb6, 0x67, - 0x26, 0xe5, 0xac, 0x68, 0xc7, 0x0a, 0x03, 0x3d, 0x07, 0x23, 0xc6, 0x4b, 0xca, 0x79, 0xc9, 0x0c, - 0x72, 0x43, 0x65, 0xc6, 0x38, 0x85, 0x85, 0x26, 0x01, 0x94, 0x91, 0x23, 0x55, 0x24, 0x73, 0x14, - 0x29, 0x49, 0x14, 0x63, 0x03, 0x83, 0xa5, 0xa5, 0x7a, 0x9d, 0x98, 0xf9, 0xf8, 0x07, 0x75, 0x29, - 0xd1, 0x19, 0xd1, 0x86, 0x15, 0x94, 0x4a, 0x93, 0xb6, 0xe3, 0x77, 0x1c, 0x8f, 0x8e, 0x90, 0xd8, - 0xfa, 0xa9, 0x65, 0xb8, 0xa8, 0x20, 0xd8, 0xc0, 0xa2, 0x6f, 0x9c, 0xb8, 0x6d, 0xf2, 0x72, 0xe0, - 0xcb, 0x38, 0x35, 0x7d, 0xec, 0x23, 0xda, 0xb1, 0xc2, 0xb0, 0xff, 0x8b, 0x05, 0x27, 0x74, 0x92, - 0x3b, 0xbf, 0x3d, 0xdb, 0xdc, 0xa9, 0x5a, 0xfb, 0xee, 0x54, 0xd3, 0xd9, 0xbf, 0xa5, 0xbe, 0xb2, - 0x7f, 0xcd, 0xc4, 0xdc, 0xf2, 0x9e, 0x89, 0xb9, 0x3f, 0xa2, 0x6f, 0x66, 0xe5, 0x19, 0xbc, 0xc3, - 0x79, 0xb7, 0xb2, 0x22, 0x1b, 0x06, 0x1b, 0x8e, 0xaa, 0xf0, 0x32, 0xc2, 0xf7, 0x0e, 0x33, 0xd3, - 0x0c, 0x49, 0x40, 0xec, 0x25, 0xa8, 0xa9, 0xd3, 0x0f, 0xb9, 0x51, 0xb5, 0xf2, 0x37, 0xaa, 0x7d, - 0x25, 0x08, 0xd6, 0xd7, 0xbe, 0xfd, 0xbd, 0xc7, 0xdf, 0xf6, 0x7b, 0xdf, 0x7b, 0xfc, 0x6d, 0x7f, - 0xf4, 0xbd, 0xc7, 0xdf, 0xf6, 0xc9, 0x3b, 0x8f, 0x5b, 0xdf, 0xbe, 0xf3, 0xb8, 0xf5, 0x7b, 0x77, - 0x1e, 0xb7, 0xfe, 0xe8, 0xce, 0xe3, 0xd6, 0x77, 0xef, 0x3c, 0x6e, 0x7d, 0xf9, 0x3f, 0x3e, 0xfe, - 0xb6, 0x97, 0x73, 0x03, 0x15, 0xe9, 0x8f, 0x67, 0x1a, 0xcd, 0xa9, 0xad, 0x0b, 0x2c, 0x56, 0x8e, - 0x2e, 0xaf, 0x29, 0x63, 0x4e, 0x4d, 0xc9, 0xe5, 0xf5, 0x7f, 0x03, 0x00, 0x00, 0xff, 0xff, 0x9f, - 0x9a, 0x22, 0xa4, 0x1b, 0xe3, 0x00, 0x00, + // 11054 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x7d, 0x6d, 0x70, 0x24, 0xc7, + 0x75, 0x98, 0x66, 0x17, 0x0b, 0xec, 0x3e, 0x7c, 0xdc, 0x5d, 0xdf, 0x1d, 0x09, 0x9e, 0x48, 0xe2, + 0x3c, 0xb4, 0x29, 0x2a, 0x22, 0x01, 0xf3, 0x44, 0xca, 0x8c, 0x68, 0x4b, 0xc6, 0x02, 0x77, 0x38, + 0xdc, 0x01, 0x07, 0xb0, 0x81, 0xbb, 0x93, 0x28, 0x53, 0xd4, 0x60, 0xb7, 0xb1, 0x98, 0xc3, 0xec, + 0xcc, 0x70, 0x66, 0x16, 0x07, 0xd0, 0x92, 0x2c, 0x59, 0xb2, 0xad, 0x44, 0x1f, 0x54, 0xa4, 0xa4, + 0x4c, 0x27, 0x96, 0x22, 0x5b, 0x4e, 0x2a, 0xae, 0x44, 0x15, 0x27, 0xf9, 0x11, 0x27, 0x4e, 0xca, + 0x65, 0x3b, 0x95, 0x52, 0x4a, 0x49, 0xd9, 0xe5, 0x72, 0x59, 0x4e, 0x62, 0x23, 0xd2, 0xa5, 0x52, + 0x49, 0xa5, 0x2a, 0xae, 0x72, 0xe2, 0x1f, 0xc9, 0x25, 0x3f, 0x52, 0xfd, 0xdd, 0x33, 0x3b, 0x0b, + 0x2c, 0x80, 0xc1, 0xdd, 0x49, 0xe6, 0xbf, 0xdd, 0x7e, 0x6f, 0xde, 0xeb, 0xe9, 0xe9, 0x7e, 0xef, + 0xf5, 0xeb, 0xf7, 0x5e, 0xc3, 0x42, 0xcb, 0x4d, 0x36, 0x3a, 0x6b, 0x93, 0x8d, 0xa0, 0x3d, 0xe5, + 0x44, 0xad, 0x20, 0x8c, 0x82, 0x5b, 0xec, 0xc7, 0x33, 0x8d, 0xe6, 0xd4, 0xd6, 0x85, 0xa9, 0x70, + 0xb3, 0x35, 0xe5, 0x84, 0x6e, 0x3c, 0xe5, 0x84, 0xa1, 0xe7, 0x36, 0x9c, 0xc4, 0x0d, 0xfc, 0xa9, + 0xad, 0x67, 0x1d, 0x2f, 0xdc, 0x70, 0x9e, 0x9d, 0x6a, 0x11, 0x9f, 0x44, 0x4e, 0x42, 0x9a, 0x93, + 0x61, 0x14, 0x24, 0x01, 0xfa, 0x51, 0x4d, 0x6d, 0x52, 0x52, 0x63, 0x3f, 0x5e, 0x6d, 0x34, 0x27, + 0xb7, 0x2e, 0x4c, 0x86, 0x9b, 0xad, 0x49, 0x4a, 0x6d, 0xd2, 0xa0, 0x36, 0x29, 0xa9, 0x9d, 0x7b, + 0xc6, 0xe8, 0x4b, 0x2b, 0x68, 0x05, 0x53, 0x8c, 0xe8, 0x5a, 0x67, 0x9d, 0xfd, 0x63, 0x7f, 0xd8, + 0x2f, 0xce, 0xec, 0x9c, 0xbd, 0xf9, 0x42, 0x3c, 0xe9, 0x06, 0xb4, 0x7b, 0x53, 0x8d, 0x20, 0x22, + 0x53, 0x5b, 0x5d, 0x1d, 0x3a, 0x77, 0x59, 0xe3, 0x90, 0xed, 0x84, 0xf8, 0xb1, 0x1b, 0xf8, 0xf1, + 0x33, 0xb4, 0x0b, 0x24, 0xda, 0x22, 0x91, 0xf9, 0x7a, 0x06, 0x42, 0x1e, 0xa5, 0xe7, 0x34, 0xa5, + 0xb6, 0xd3, 0xd8, 0x70, 0x7d, 0x12, 0xed, 0xe8, 0xc7, 0xdb, 0x24, 0x71, 0xf2, 0x9e, 0x9a, 0xea, + 0xf5, 0x54, 0xd4, 0xf1, 0x13, 0xb7, 0x4d, 0xba, 0x1e, 0x78, 0xcf, 0x7e, 0x0f, 0xc4, 0x8d, 0x0d, + 0xd2, 0x76, 0xba, 0x9e, 0x7b, 0x77, 0xaf, 0xe7, 0x3a, 0x89, 0xeb, 0x4d, 0xb9, 0x7e, 0x12, 0x27, + 0x51, 0xf6, 0x21, 0xfb, 0x17, 0x2d, 0x18, 0x9d, 0xbe, 0xb9, 0x32, 0xdd, 0x49, 0x36, 0x66, 0x02, + 0x7f, 0xdd, 0x6d, 0xa1, 0xe7, 0x61, 0xb8, 0xe1, 0x75, 0xe2, 0x84, 0x44, 0xd7, 0x9c, 0x36, 0x19, + 0xb7, 0xce, 0x5b, 0x4f, 0xd5, 0xea, 0xa7, 0xbf, 0xb9, 0x3b, 0xf1, 0xb6, 0x3b, 0xbb, 0x13, 0xc3, + 0x33, 0x1a, 0x84, 0x4d, 0x3c, 0xf4, 0x4e, 0x18, 0x8a, 0x02, 0x8f, 0x4c, 0xe3, 0x6b, 0xe3, 0x25, + 0xf6, 0xc8, 0x09, 0xf1, 0xc8, 0x10, 0xe6, 0xcd, 0x58, 0xc2, 0x29, 0x6a, 0x18, 0x05, 0xeb, 0xae, + 0x47, 0xc6, 0xcb, 0x69, 0xd4, 0x65, 0xde, 0x8c, 0x25, 0xdc, 0xfe, 0xc3, 0x12, 0xc0, 0x74, 0x18, + 0x2e, 0x47, 0xc1, 0x2d, 0xd2, 0x48, 0xd0, 0x47, 0xa0, 0x4a, 0x87, 0xb9, 0xe9, 0x24, 0x0e, 0xeb, + 0xd8, 0xf0, 0x85, 0x1f, 0x9e, 0xe4, 0x6f, 0x3d, 0x69, 0xbe, 0xb5, 0x9e, 0x64, 0x14, 0x7b, 0x72, + 0xeb, 0xd9, 0xc9, 0xa5, 0x35, 0xfa, 0xfc, 0x22, 0x49, 0x9c, 0x3a, 0x12, 0xcc, 0x40, 0xb7, 0x61, + 0x45, 0x15, 0xf9, 0x30, 0x10, 0x87, 0xa4, 0xc1, 0xde, 0x61, 0xf8, 0xc2, 0xc2, 0xe4, 0x51, 0x66, + 0xf3, 0xa4, 0xee, 0xf9, 0x4a, 0x48, 0x1a, 0xf5, 0x11, 0xc1, 0x79, 0x80, 0xfe, 0xc3, 0x8c, 0x0f, + 0xda, 0x82, 0xc1, 0x38, 0x71, 0x92, 0x4e, 0xcc, 0x86, 0x62, 0xf8, 0xc2, 0xb5, 0xc2, 0x38, 0x32, + 0xaa, 0xf5, 0x31, 0xc1, 0x73, 0x90, 0xff, 0xc7, 0x82, 0x9b, 0xfd, 0x27, 0x16, 0x8c, 0x69, 0xe4, + 0x05, 0x37, 0x4e, 0xd0, 0x4f, 0x74, 0x0d, 0xee, 0x64, 0x7f, 0x83, 0x4b, 0x9f, 0x66, 0x43, 0x7b, + 0x52, 0x30, 0xab, 0xca, 0x16, 0x63, 0x60, 0xdb, 0x50, 0x71, 0x13, 0xd2, 0x8e, 0xc7, 0x4b, 0xe7, + 0xcb, 0x4f, 0x0d, 0x5f, 0xb8, 0x5c, 0xd4, 0x7b, 0xd6, 0x47, 0x05, 0xd3, 0xca, 0x3c, 0x25, 0x8f, + 0x39, 0x17, 0xfb, 0x57, 0x47, 0xcc, 0xf7, 0xa3, 0x03, 0x8e, 0x9e, 0x85, 0xe1, 0x38, 0xe8, 0x44, + 0x0d, 0x82, 0x49, 0x18, 0xc4, 0xe3, 0xd6, 0xf9, 0x32, 0x9d, 0x7a, 0x74, 0x52, 0xaf, 0xe8, 0x66, + 0x6c, 0xe2, 0xa0, 0x2f, 0x58, 0x30, 0xd2, 0x24, 0x71, 0xe2, 0xfa, 0x8c, 0xbf, 0xec, 0xfc, 0xea, + 0x91, 0x3b, 0x2f, 0x1b, 0x67, 0x35, 0xf1, 0xfa, 0x19, 0xf1, 0x22, 0x23, 0x46, 0x63, 0x8c, 0x53, + 0xfc, 0xe9, 0xe2, 0x6c, 0x92, 0xb8, 0x11, 0xb9, 0x21, 0xfd, 0x2f, 0x96, 0x8f, 0x5a, 0x9c, 0xb3, + 0x1a, 0x84, 0x4d, 0x3c, 0xe4, 0x43, 0x85, 0x2e, 0xbe, 0x78, 0x7c, 0x80, 0xf5, 0x7f, 0xfe, 0x68, + 0xfd, 0x17, 0x83, 0x4a, 0xd7, 0xb5, 0x1e, 0x7d, 0xfa, 0x2f, 0xc6, 0x9c, 0x0d, 0xfa, 0xbc, 0x05, + 0xe3, 0x42, 0x38, 0x60, 0xc2, 0x07, 0xf4, 0xe6, 0x86, 0x9b, 0x10, 0xcf, 0x8d, 0x93, 0xf1, 0x0a, + 0xeb, 0xc3, 0x54, 0x7f, 0x73, 0x6b, 0x2e, 0x0a, 0x3a, 0xe1, 0x55, 0xd7, 0x6f, 0xd6, 0xcf, 0x0b, + 0x4e, 0xe3, 0x33, 0x3d, 0x08, 0xe3, 0x9e, 0x2c, 0xd1, 0x97, 0x2d, 0x38, 0xe7, 0x3b, 0x6d, 0x12, + 0x87, 0x0e, 0xfd, 0xb4, 0x1c, 0x5c, 0xf7, 0x9c, 0xc6, 0x26, 0xeb, 0xd1, 0xe0, 0xe1, 0x7a, 0x64, + 0x8b, 0x1e, 0x9d, 0xbb, 0xd6, 0x93, 0x34, 0xde, 0x83, 0x2d, 0xfa, 0xba, 0x05, 0xa7, 0x82, 0x28, + 0xdc, 0x70, 0x7c, 0xd2, 0x94, 0xd0, 0x78, 0x7c, 0x88, 0x2d, 0xbd, 0x0f, 0x1f, 0xed, 0x13, 0x2d, + 0x65, 0xc9, 0x2e, 0x06, 0xbe, 0x9b, 0x04, 0xd1, 0x0a, 0x49, 0x12, 0xd7, 0x6f, 0xc5, 0xf5, 0xb3, + 0x77, 0x76, 0x27, 0x4e, 0x75, 0x61, 0xe1, 0xee, 0xfe, 0xa0, 0x9f, 0x84, 0xe1, 0x78, 0xc7, 0x6f, + 0xdc, 0x74, 0xfd, 0x66, 0x70, 0x3b, 0x1e, 0xaf, 0x16, 0xb1, 0x7c, 0x57, 0x14, 0x41, 0xb1, 0x00, + 0x35, 0x03, 0x6c, 0x72, 0xcb, 0xff, 0x70, 0x7a, 0x2a, 0xd5, 0x8a, 0xfe, 0x70, 0x7a, 0x32, 0xed, + 0xc1, 0x16, 0xfd, 0x9c, 0x05, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x91, 0xab, 0x64, 0x27, + 0x1e, 0x07, 0xd6, 0x91, 0x2b, 0x47, 0x1c, 0x15, 0x83, 0x64, 0xfd, 0xac, 0xe8, 0xe3, 0xa8, 0xd9, + 0x1a, 0xe3, 0x34, 0xdf, 0xbc, 0x85, 0xa6, 0xa7, 0xf5, 0x70, 0xb1, 0x0b, 0x4d, 0x4f, 0xea, 0x9e, + 0x2c, 0xd1, 0x8f, 0xc3, 0x49, 0xde, 0xa4, 0x46, 0x36, 0x1e, 0x1f, 0x61, 0x82, 0xf6, 0xcc, 0x9d, + 0xdd, 0x89, 0x93, 0x2b, 0x19, 0x18, 0xee, 0xc2, 0x46, 0xaf, 0xc1, 0x44, 0x48, 0xa2, 0xb6, 0x9b, + 0x2c, 0xf9, 0xde, 0x8e, 0x14, 0xdf, 0x8d, 0x20, 0x24, 0x4d, 0xd1, 0x9d, 0x78, 0x7c, 0xf4, 0xbc, + 0xf5, 0x54, 0xb5, 0xfe, 0x0e, 0xd1, 0xcd, 0x89, 0xe5, 0xbd, 0xd1, 0xf1, 0x7e, 0xf4, 0xec, 0x7f, + 0x53, 0x82, 0x93, 0x59, 0xc5, 0x89, 0xfe, 0xae, 0x05, 0x27, 0x6e, 0xdd, 0x4e, 0x56, 0x83, 0x4d, + 0xe2, 0xc7, 0xf5, 0x1d, 0x2a, 0xde, 0x98, 0xca, 0x18, 0xbe, 0xd0, 0x28, 0x56, 0x45, 0x4f, 0x5e, + 0x49, 0x73, 0xb9, 0xe8, 0x27, 0xd1, 0x4e, 0xfd, 0x61, 0xf1, 0x76, 0x27, 0xae, 0xdc, 0x5c, 0x35, + 0xa1, 0x38, 0xdb, 0xa9, 0x73, 0x9f, 0xb5, 0xe0, 0x4c, 0x1e, 0x09, 0x74, 0x12, 0xca, 0x9b, 0x64, + 0x87, 0x1b, 0x70, 0x98, 0xfe, 0x44, 0xaf, 0x40, 0x65, 0xcb, 0xf1, 0x3a, 0x44, 0x58, 0x37, 0x73, + 0x47, 0x7b, 0x11, 0xd5, 0x33, 0xcc, 0xa9, 0xbe, 0xb7, 0xf4, 0x82, 0x65, 0xff, 0x6e, 0x19, 0x86, + 0x0d, 0xfd, 0x76, 0x0f, 0x2c, 0xb6, 0x20, 0x65, 0xb1, 0x2d, 0x16, 0xa6, 0x9a, 0x7b, 0x9a, 0x6c, + 0xb7, 0x33, 0x26, 0xdb, 0x52, 0x71, 0x2c, 0xf7, 0xb4, 0xd9, 0x50, 0x02, 0xb5, 0x20, 0xa4, 0xd6, + 0x3b, 0x55, 0xfd, 0x03, 0x45, 0x7c, 0xc2, 0x25, 0x49, 0xae, 0x3e, 0x7a, 0x67, 0x77, 0xa2, 0xa6, + 0xfe, 0x62, 0xcd, 0xc8, 0xfe, 0xb6, 0x05, 0x67, 0x8c, 0x3e, 0xce, 0x04, 0x7e, 0xd3, 0x65, 0x9f, + 0xf6, 0x3c, 0x0c, 0x24, 0x3b, 0xa1, 0xdc, 0x21, 0xa8, 0x91, 0x5a, 0xdd, 0x09, 0x09, 0x66, 0x10, + 0x6a, 0xe8, 0xb7, 0x49, 0x1c, 0x3b, 0x2d, 0x92, 0xdd, 0x13, 0x2c, 0xf2, 0x66, 0x2c, 0xe1, 0x28, + 0x02, 0xe4, 0x39, 0x71, 0xb2, 0x1a, 0x39, 0x7e, 0xcc, 0xc8, 0xaf, 0xba, 0x6d, 0x22, 0x06, 0xf8, + 0x2f, 0xf5, 0x37, 0x63, 0xe8, 0x13, 0xf5, 0x87, 0xee, 0xec, 0x4e, 0xa0, 0x85, 0x2e, 0x4a, 0x38, + 0x87, 0xba, 0xfd, 0x65, 0x0b, 0x1e, 0xca, 0xb7, 0xc5, 0xd0, 0x93, 0x30, 0xc8, 0xb7, 0x87, 0xe2, + 0xed, 0xf4, 0x27, 0x61, 0xad, 0x58, 0x40, 0xd1, 0x14, 0xd4, 0x94, 0x9e, 0x10, 0xef, 0x78, 0x4a, + 0xa0, 0xd6, 0xb4, 0x72, 0xd1, 0x38, 0x74, 0xd0, 0xe8, 0x1f, 0x61, 0xb9, 0xa9, 0x41, 0x63, 0xfb, + 0x29, 0x06, 0xb1, 0xff, 0x93, 0x05, 0x27, 0x8c, 0x5e, 0xdd, 0x03, 0xd3, 0xdc, 0x4f, 0x9b, 0xe6, + 0xf3, 0x85, 0xcd, 0xe7, 0x1e, 0xb6, 0xf9, 0xe7, 0x2d, 0x38, 0x67, 0x60, 0x2d, 0x3a, 0x49, 0x63, + 0xe3, 0xe2, 0x76, 0x18, 0x91, 0x98, 0x6e, 0xbd, 0xd1, 0x63, 0x86, 0xdc, 0xaa, 0x0f, 0x0b, 0x0a, + 0xe5, 0xab, 0x64, 0x87, 0x0b, 0xb1, 0xa7, 0xa1, 0xca, 0x27, 0x67, 0x10, 0x89, 0x11, 0x57, 0xef, + 0xb6, 0x24, 0xda, 0xb1, 0xc2, 0x40, 0x36, 0x0c, 0x32, 0xe1, 0x44, 0x17, 0x2b, 0x55, 0x43, 0x40, + 0x3f, 0xe2, 0x0d, 0xd6, 0x82, 0x05, 0xc4, 0x8e, 0x53, 0xdd, 0x59, 0x8e, 0x08, 0xfb, 0xb8, 0xcd, + 0x4b, 0x2e, 0xf1, 0x9a, 0x31, 0xdd, 0x36, 0x38, 0xbe, 0x1f, 0x24, 0x62, 0x07, 0x60, 0x6c, 0x1b, + 0xa6, 0x75, 0x33, 0x36, 0x71, 0x28, 0x53, 0xcf, 0x59, 0x23, 0x1e, 0x1f, 0x51, 0xc1, 0x74, 0x81, + 0xb5, 0x60, 0x01, 0xb1, 0xef, 0x94, 0xd8, 0x06, 0x45, 0x2d, 0x7d, 0x72, 0x2f, 0x76, 0xb7, 0x51, + 0x4a, 0x56, 0x2e, 0x17, 0x27, 0xb8, 0x48, 0xef, 0x1d, 0xee, 0xeb, 0x19, 0x71, 0x89, 0x0b, 0xe5, + 0xba, 0xf7, 0x2e, 0xf7, 0xb7, 0x4a, 0x30, 0x91, 0x7e, 0xa0, 0x4b, 0xda, 0xd2, 0x2d, 0x95, 0xc1, + 0x28, 0xeb, 0xef, 0x30, 0xf0, 0xb1, 0x89, 0xd7, 0x43, 0x60, 0x95, 0x8e, 0x53, 0x60, 0x99, 0xf2, + 0xb4, 0xbc, 0x8f, 0x3c, 0x7d, 0x52, 0x8d, 0xfa, 0x40, 0x46, 0x80, 0xa5, 0x75, 0xca, 0x79, 0x18, + 0x88, 0x13, 0x12, 0x8e, 0x57, 0xd2, 0xf2, 0x68, 0x25, 0x21, 0x21, 0x66, 0x10, 0xfb, 0xbf, 0x97, + 0xe0, 0xe1, 0xf4, 0x18, 0x6a, 0x15, 0xf0, 0xfe, 0x94, 0x0a, 0x78, 0x97, 0xa9, 0x02, 0xee, 0xee, + 0x4e, 0xbc, 0xbd, 0xc7, 0x63, 0xdf, 0x33, 0x1a, 0x02, 0xcd, 0x65, 0x46, 0x71, 0x2a, 0x3d, 0x8a, + 0x77, 0x77, 0x27, 0x1e, 0xeb, 0xf1, 0x8e, 0x99, 0x61, 0x7e, 0x12, 0x06, 0x23, 0xe2, 0xc4, 0x81, + 0x2f, 0x06, 0x5a, 0x7d, 0x0e, 0xcc, 0x5a, 0xb1, 0x80, 0xda, 0xbf, 0x5f, 0xcb, 0x0e, 0xf6, 0x1c, + 0x77, 0xd8, 0x05, 0x11, 0x72, 0x61, 0x80, 0x99, 0xf5, 0x5c, 0x34, 0x5c, 0x3d, 0xda, 0x32, 0xa2, + 0x6a, 0x40, 0x91, 0xae, 0x57, 0xe9, 0x57, 0xa3, 0x4d, 0x98, 0xb1, 0x40, 0xdb, 0x50, 0x6d, 0x48, + 0x6b, 0xbb, 0x54, 0x84, 0x5f, 0x4a, 0xd8, 0xda, 0x9a, 0xe3, 0x08, 0x95, 0xd7, 0xca, 0x44, 0x57, + 0xdc, 0x10, 0x81, 0x72, 0xcb, 0x4d, 0xc4, 0x67, 0x3d, 0xe2, 0x7e, 0x6a, 0xce, 0x35, 0x5e, 0x71, + 0x88, 0x2a, 0x91, 0x39, 0x37, 0xc1, 0x94, 0x3e, 0xfa, 0x19, 0x0b, 0x86, 0xe3, 0x46, 0x7b, 0x39, + 0x0a, 0xb6, 0xdc, 0x26, 0x89, 0x84, 0x35, 0x75, 0x44, 0xd1, 0xb4, 0x32, 0xb3, 0x28, 0x09, 0x6a, + 0xbe, 0x7c, 0x7f, 0xab, 0x21, 0xd8, 0xe4, 0x4b, 0x77, 0x19, 0x0f, 0x8b, 0x77, 0x9f, 0x25, 0x0d, + 0x97, 0xea, 0x3f, 0xb9, 0xa9, 0x62, 0x33, 0xe5, 0xc8, 0xd6, 0xe5, 0x6c, 0xa7, 0xb1, 0x49, 0xd7, + 0x9b, 0xee, 0xd0, 0xdb, 0xef, 0xec, 0x4e, 0x3c, 0x3c, 0x93, 0xcf, 0x13, 0xf7, 0xea, 0x0c, 0x1b, + 0xb0, 0xb0, 0xe3, 0x79, 0x98, 0xbc, 0xd6, 0x21, 0xcc, 0x65, 0x52, 0xc0, 0x80, 0x2d, 0x6b, 0x82, + 0x99, 0x01, 0x33, 0x20, 0xd8, 0xe4, 0x8b, 0x5e, 0x83, 0xc1, 0xb6, 0x93, 0x44, 0xee, 0xb6, 0xf0, + 0x93, 0x1c, 0xd1, 0xde, 0x5f, 0x64, 0xb4, 0x34, 0x73, 0xa6, 0xa9, 0x79, 0x23, 0x16, 0x8c, 0x50, + 0x1b, 0x2a, 0x6d, 0x12, 0xb5, 0xc8, 0x78, 0xb5, 0x08, 0x9f, 0xf0, 0x22, 0x25, 0xa5, 0x19, 0xd6, + 0xa8, 0x75, 0xc4, 0xda, 0x30, 0xe7, 0x82, 0x5e, 0x81, 0x6a, 0x4c, 0x3c, 0xd2, 0xa0, 0xf6, 0x4d, + 0x8d, 0x71, 0x7c, 0x77, 0x9f, 0xb6, 0x1e, 0x35, 0x2c, 0x56, 0xc4, 0xa3, 0x7c, 0x81, 0xc9, 0x7f, + 0x58, 0x91, 0xa4, 0x03, 0x18, 0x7a, 0x9d, 0x96, 0xeb, 0x8f, 0x43, 0x11, 0x03, 0xb8, 0xcc, 0x68, + 0x65, 0x06, 0x90, 0x37, 0x62, 0xc1, 0xc8, 0xfe, 0x2f, 0x16, 0xa0, 0xb4, 0x50, 0xbb, 0x07, 0x46, + 0xed, 0x6b, 0x69, 0xa3, 0x76, 0xa1, 0x48, 0xab, 0xa3, 0x87, 0x5d, 0xfb, 0x1b, 0x35, 0xc8, 0xa8, + 0x83, 0x6b, 0x24, 0x4e, 0x48, 0xf3, 0x2d, 0x11, 0xfe, 0x96, 0x08, 0x7f, 0x4b, 0x84, 0x2b, 0x11, + 0xbe, 0x96, 0x11, 0xe1, 0xef, 0x33, 0x56, 0xbd, 0x3e, 0x80, 0x7d, 0x55, 0x9d, 0xd0, 0x9a, 0x3d, + 0x30, 0x10, 0xa8, 0x24, 0xb8, 0xb2, 0xb2, 0x74, 0x2d, 0x57, 0x66, 0xbf, 0x9a, 0x96, 0xd9, 0x47, + 0x65, 0xf1, 0x17, 0x41, 0x4a, 0xff, 0x6b, 0x0b, 0xde, 0x91, 0x96, 0x5e, 0x72, 0xe6, 0xcc, 0xb7, + 0xfc, 0x20, 0x22, 0xb3, 0xee, 0xfa, 0x3a, 0x89, 0x88, 0xdf, 0x20, 0xb1, 0xf2, 0x62, 0x58, 0xbd, + 0xbc, 0x18, 0xe8, 0x39, 0x18, 0xb9, 0x15, 0x07, 0xfe, 0x72, 0xe0, 0xfa, 0x42, 0x04, 0xd1, 0x8d, + 0xf0, 0xc9, 0x3b, 0xbb, 0x13, 0x23, 0x74, 0x44, 0x65, 0x3b, 0x4e, 0x61, 0xa1, 0x19, 0x38, 0x75, + 0xeb, 0xb5, 0x65, 0x27, 0x31, 0xdc, 0x01, 0x72, 0xe3, 0xce, 0x0e, 0x2c, 0xae, 0xbc, 0x94, 0x01, + 0xe2, 0x6e, 0x7c, 0xfb, 0x6f, 0x95, 0xe0, 0x91, 0xcc, 0x8b, 0x04, 0x9e, 0x17, 0x74, 0x12, 0xba, + 0xa9, 0x41, 0x5f, 0xb5, 0xe0, 0x64, 0x3b, 0xed, 0x71, 0x88, 0x85, 0x63, 0xf7, 0x03, 0x85, 0xe9, + 0x88, 0x8c, 0x4b, 0xa3, 0x3e, 0x2e, 0x46, 0xe8, 0x64, 0x06, 0x10, 0xe3, 0xae, 0xbe, 0xa0, 0x57, + 0xa0, 0xd6, 0x76, 0xb6, 0xaf, 0x87, 0x4d, 0x27, 0x91, 0xfb, 0xc9, 0xde, 0x6e, 0x80, 0x4e, 0xe2, + 0x7a, 0x93, 0xfc, 0x68, 0x7f, 0x72, 0xde, 0x4f, 0x96, 0xa2, 0x95, 0x24, 0x72, 0xfd, 0x16, 0x77, + 0xe7, 0x2d, 0x4a, 0x32, 0x58, 0x53, 0xb4, 0xbf, 0x62, 0x65, 0x95, 0x94, 0x1a, 0x9d, 0xc8, 0x49, + 0x48, 0x6b, 0x07, 0x7d, 0x14, 0x2a, 0x74, 0xe3, 0x27, 0x47, 0xe5, 0x66, 0x91, 0x9a, 0xd3, 0xf8, + 0x12, 0x5a, 0x89, 0xd2, 0x7f, 0x31, 0xe6, 0x4c, 0xed, 0xaf, 0xd6, 0xb2, 0xc6, 0x02, 0x3b, 0xbc, + 0xbd, 0x00, 0xd0, 0x0a, 0x56, 0x49, 0x3b, 0xf4, 0xe8, 0xb0, 0x58, 0xec, 0x04, 0x40, 0xf9, 0x3a, + 0xe6, 0x14, 0x04, 0x1b, 0x58, 0xe8, 0xaf, 0x58, 0x00, 0x2d, 0x39, 0xe7, 0xa5, 0x21, 0x70, 0xbd, + 0xc8, 0xd7, 0xd1, 0x2b, 0x4a, 0xf7, 0x45, 0x31, 0xc4, 0x06, 0x73, 0xf4, 0xd3, 0x16, 0x54, 0x13, + 0xd9, 0x7d, 0xae, 0x1a, 0x57, 0x8b, 0xec, 0x89, 0x7c, 0x69, 0x6d, 0x13, 0xa9, 0x21, 0x51, 0x7c, + 0xd1, 0xcf, 0x5a, 0x00, 0xf1, 0x8e, 0xdf, 0x58, 0x0e, 0x3c, 0xb7, 0xb1, 0x23, 0x34, 0xe6, 0x8d, + 0x42, 0xfd, 0x31, 0x8a, 0x7a, 0x7d, 0x8c, 0x8e, 0x86, 0xfe, 0x8f, 0x0d, 0xce, 0xe8, 0xe3, 0x50, + 0x8d, 0xc5, 0x74, 0x13, 0x3a, 0x72, 0xb5, 0x58, 0xaf, 0x10, 0xa7, 0x2d, 0xc4, 0xab, 0xf8, 0x87, + 0x15, 0x4f, 0xf4, 0xf3, 0x16, 0x9c, 0x08, 0xd3, 0x7e, 0x3e, 0xa1, 0x0e, 0x8b, 0x93, 0x01, 0x19, + 0x3f, 0x62, 0xfd, 0xf4, 0x9d, 0xdd, 0x89, 0x13, 0x99, 0x46, 0x9c, 0xed, 0x05, 0x95, 0x80, 0x7a, + 0x06, 0x2f, 0x85, 0xdc, 0xe7, 0x38, 0xa4, 0x25, 0xe0, 0x5c, 0x16, 0x88, 0xbb, 0xf1, 0xd1, 0x32, + 0x9c, 0xa1, 0xbd, 0xdb, 0xe1, 0xe6, 0xa7, 0x54, 0x2f, 0x31, 0x53, 0x86, 0xd5, 0xfa, 0xa3, 0x62, + 0x86, 0x30, 0xaf, 0x7e, 0x16, 0x07, 0xe7, 0x3e, 0x89, 0x7e, 0xd7, 0x82, 0x47, 0x5d, 0xa6, 0x06, + 0x4c, 0x87, 0xb9, 0xd6, 0x08, 0xe2, 0x24, 0x96, 0x14, 0x2a, 0x2b, 0x7a, 0xa9, 0x9f, 0xfa, 0x0f, + 0x8a, 0x37, 0x78, 0x74, 0x7e, 0x8f, 0x2e, 0xe1, 0x3d, 0x3b, 0x8c, 0x7e, 0x04, 0x46, 0xe5, 0xba, + 0x58, 0xa6, 0x22, 0x98, 0x29, 0xda, 0x5a, 0xfd, 0xd4, 0x9d, 0xdd, 0x89, 0xd1, 0x55, 0x13, 0x80, + 0xd3, 0x78, 0xf6, 0xb7, 0x4a, 0xa9, 0xf3, 0x10, 0xe5, 0x84, 0x64, 0xe2, 0xa6, 0x21, 0xfd, 0x3f, + 0x52, 0x7a, 0x16, 0x2a, 0x6e, 0x94, 0x77, 0x49, 0x8b, 0x1b, 0xd5, 0x14, 0x63, 0x83, 0x39, 0x35, + 0x4a, 0x4f, 0x39, 0x59, 0x57, 0xa7, 0x90, 0x80, 0xaf, 0x14, 0xd9, 0xa5, 0xee, 0xd3, 0xab, 0x47, + 0x44, 0xd7, 0x4e, 0x75, 0x81, 0x70, 0x77, 0x97, 0xec, 0x6f, 0xa5, 0xcf, 0x60, 0x8c, 0xc5, 0xdb, + 0xc7, 0xf9, 0xd2, 0x17, 0x2c, 0x18, 0x8e, 0x02, 0xcf, 0x73, 0xfd, 0x16, 0x15, 0x34, 0x42, 0x5b, + 0x7e, 0xe8, 0x58, 0x14, 0x96, 0x90, 0x28, 0xcc, 0xb4, 0xc5, 0x9a, 0x27, 0x36, 0x3b, 0x60, 0xff, + 0x89, 0x05, 0xe3, 0xbd, 0x04, 0x22, 0x22, 0xf0, 0x76, 0xb9, 0xda, 0x55, 0x74, 0xc5, 0x92, 0x3f, + 0x4b, 0x3c, 0xa2, 0x1c, 0xcf, 0xd5, 0xfa, 0x13, 0xe2, 0x35, 0xdf, 0xbe, 0xdc, 0x1b, 0x15, 0xef, + 0x45, 0x07, 0xbd, 0x0c, 0x27, 0x8d, 0xf7, 0x8a, 0xd5, 0xc0, 0xd4, 0xea, 0x93, 0xd4, 0x02, 0x99, + 0xce, 0xc0, 0xee, 0xee, 0x4e, 0x3c, 0x94, 0x6d, 0x13, 0x12, 0xbb, 0x8b, 0x8e, 0xfd, 0x2b, 0xa5, + 0xec, 0xd7, 0x52, 0xca, 0xf6, 0x4d, 0xab, 0x6b, 0x3b, 0xff, 0x81, 0xe3, 0x50, 0x70, 0x6c, 0xe3, + 0xaf, 0x02, 0x38, 0x7a, 0xe3, 0xdc, 0xc7, 0x13, 0x62, 0xfb, 0xdf, 0x0e, 0xc0, 0x1e, 0x3d, 0xeb, + 0xc3, 0x7a, 0x3e, 0xf0, 0xb1, 0xe2, 0xe7, 0x2c, 0x75, 0xe4, 0x54, 0x66, 0x8b, 0xbc, 0x79, 0x5c, + 0x63, 0xcf, 0x37, 0x30, 0x31, 0x8f, 0x52, 0x50, 0x6e, 0xec, 0xf4, 0xe1, 0x16, 0xfa, 0x9a, 0x95, + 0x3e, 0x34, 0xe3, 0x61, 0x67, 0xee, 0xb1, 0xf5, 0xc9, 0x38, 0x89, 0xe3, 0x1d, 0xd3, 0xe7, 0x37, + 0xbd, 0xce, 0xe8, 0x26, 0x01, 0xd6, 0x5d, 0xdf, 0xf1, 0xdc, 0xd7, 0xe9, 0xf6, 0xa4, 0xc2, 0x34, + 0x2c, 0x33, 0x59, 0x2e, 0xa9, 0x56, 0x6c, 0x60, 0x9c, 0xfb, 0xcb, 0x30, 0x6c, 0xbc, 0x79, 0x4e, + 0x70, 0xc5, 0x19, 0x33, 0xb8, 0xa2, 0x66, 0xc4, 0x44, 0x9c, 0x7b, 0x1f, 0x9c, 0xcc, 0x76, 0xf0, + 0x20, 0xcf, 0xdb, 0xff, 0x7b, 0x28, 0x7b, 0x8a, 0xb5, 0x4a, 0xa2, 0x36, 0xed, 0xda, 0x5b, 0x9e, + 0xa5, 0xb7, 0x3c, 0x4b, 0x6f, 0x79, 0x96, 0xcc, 0xc3, 0x01, 0xe1, 0x35, 0x19, 0xba, 0x47, 0x5e, + 0x93, 0x94, 0x1f, 0xa8, 0x5a, 0xb8, 0x1f, 0xc8, 0xbe, 0x53, 0x81, 0x94, 0x1d, 0xc5, 0xc7, 0xfb, + 0x9d, 0x30, 0x14, 0x91, 0x30, 0xb8, 0x8e, 0x17, 0x84, 0x0e, 0xd1, 0xb1, 0xf6, 0xbc, 0x19, 0x4b, + 0x38, 0xd5, 0x35, 0xa1, 0x93, 0x6c, 0x08, 0x25, 0xa2, 0x74, 0xcd, 0xb2, 0x93, 0x6c, 0x60, 0x06, + 0x41, 0xef, 0x83, 0xb1, 0xc4, 0x89, 0x5a, 0xd4, 0xde, 0xde, 0x62, 0x9f, 0x55, 0x9c, 0x75, 0x3e, + 0x24, 0x70, 0xc7, 0x56, 0x53, 0x50, 0x9c, 0xc1, 0x46, 0xaf, 0xc1, 0xc0, 0x06, 0xf1, 0xda, 0x62, + 0xc8, 0x57, 0x8a, 0x93, 0xf1, 0xec, 0x5d, 0x2f, 0x13, 0xaf, 0xcd, 0x25, 0x10, 0xfd, 0x85, 0x19, + 0x2b, 0x3a, 0xdf, 0x6a, 0x9b, 0x9d, 0x38, 0x09, 0xda, 0xee, 0xeb, 0xd2, 0xc5, 0xf7, 0x81, 0x82, + 0x19, 0x5f, 0x95, 0xf4, 0xb9, 0x2f, 0x45, 0xfd, 0xc5, 0x9a, 0x33, 0xeb, 0x47, 0xd3, 0x8d, 0xd8, + 0xa7, 0xda, 0x11, 0x9e, 0xba, 0xa2, 0xfb, 0x31, 0x2b, 0xe9, 0xf3, 0x7e, 0xa8, 0xbf, 0x58, 0x73, + 0x46, 0x3b, 0x6a, 0xde, 0x0f, 0xb3, 0x3e, 0x5c, 0x2f, 0xb8, 0x0f, 0x7c, 0xce, 0xe7, 0xce, 0xff, + 0x27, 0xa0, 0xd2, 0xd8, 0x70, 0xa2, 0x64, 0x7c, 0x84, 0x4d, 0x1a, 0xe5, 0xd3, 0x99, 0xa1, 0x8d, + 0x98, 0xc3, 0xd0, 0x63, 0x50, 0x8e, 0xc8, 0x3a, 0x8b, 0xdb, 0x34, 0x22, 0x7a, 0x30, 0x59, 0xc7, + 0xb4, 0xdd, 0xfe, 0xa5, 0x52, 0xda, 0x5c, 0x4a, 0xbf, 0x37, 0x9f, 0xed, 0x8d, 0x4e, 0x14, 0x4b, + 0xbf, 0x8f, 0x31, 0xdb, 0x59, 0x33, 0x96, 0x70, 0xf4, 0x49, 0x0b, 0x86, 0x6e, 0xc5, 0x81, 0xef, + 0x93, 0x44, 0xa8, 0xa6, 0x1b, 0x05, 0x0f, 0xc5, 0x15, 0x4e, 0x5d, 0xf7, 0x41, 0x34, 0x60, 0xc9, + 0x97, 0x76, 0x97, 0x6c, 0x37, 0xbc, 0x4e, 0xb3, 0x2b, 0x48, 0xe3, 0x22, 0x6f, 0xc6, 0x12, 0x4e, + 0x51, 0x5d, 0x9f, 0xa3, 0x0e, 0xa4, 0x51, 0xe7, 0x7d, 0x81, 0x2a, 0xe0, 0xf6, 0xdf, 0x18, 0x84, + 0xb3, 0xb9, 0x8b, 0x83, 0x1a, 0x32, 0xcc, 0x54, 0xb8, 0xe4, 0x7a, 0x44, 0x86, 0x27, 0x31, 0x43, + 0xe6, 0x86, 0x6a, 0xc5, 0x06, 0x06, 0xfa, 0x29, 0x80, 0xd0, 0x89, 0x9c, 0x36, 0x51, 0x7e, 0xd9, + 0x23, 0xdb, 0x0b, 0xb4, 0x1f, 0xcb, 0x92, 0xa6, 0xde, 0x9b, 0xaa, 0xa6, 0x18, 0x1b, 0x2c, 0xd1, + 0xf3, 0x30, 0x1c, 0x11, 0x8f, 0x38, 0x31, 0x0b, 0xfb, 0xcd, 0xe6, 0x30, 0x60, 0x0d, 0xc2, 0x26, + 0x1e, 0x7a, 0x52, 0x45, 0x72, 0x65, 0x22, 0x5a, 0xd2, 0xd1, 0x5c, 0xe8, 0x0d, 0x0b, 0xc6, 0xd6, + 0x5d, 0x8f, 0x68, 0xee, 0x22, 0xe3, 0x60, 0xe9, 0xe8, 0x2f, 0x79, 0xc9, 0xa4, 0xab, 0x25, 0x64, + 0xaa, 0x39, 0xc6, 0x19, 0xf6, 0xf4, 0x33, 0x6f, 0x91, 0x88, 0x89, 0xd6, 0xc1, 0xf4, 0x67, 0xbe, + 0xc1, 0x9b, 0xb1, 0x84, 0xa3, 0x69, 0x38, 0x11, 0x3a, 0x71, 0x3c, 0x13, 0x91, 0x26, 0xf1, 0x13, + 0xd7, 0xf1, 0x78, 0x3e, 0x40, 0x55, 0xc7, 0x03, 0x2f, 0xa7, 0xc1, 0x38, 0x8b, 0x8f, 0x3e, 0x08, + 0x0f, 0x73, 0xc7, 0xc7, 0xa2, 0x1b, 0xc7, 0xae, 0xdf, 0xd2, 0xd3, 0x40, 0xf8, 0x7f, 0x26, 0x04, + 0xa9, 0x87, 0xe7, 0xf3, 0xd1, 0x70, 0xaf, 0xe7, 0xd1, 0xd3, 0x50, 0x8d, 0x37, 0xdd, 0x70, 0x26, + 0x6a, 0xc6, 0xec, 0xd0, 0xa3, 0xaa, 0xbd, 0x8d, 0x2b, 0xa2, 0x1d, 0x2b, 0x0c, 0xd4, 0x80, 0x11, + 0xfe, 0x49, 0x78, 0x28, 0x9a, 0x90, 0x8f, 0xcf, 0xf4, 0x54, 0x8f, 0x22, 0xbd, 0x6d, 0x12, 0x3b, + 0xb7, 0x2f, 0xca, 0x23, 0x18, 0x7e, 0x62, 0x70, 0xc3, 0x20, 0x83, 0x53, 0x44, 0xed, 0x5f, 0x28, + 0xa5, 0x77, 0xdc, 0xe6, 0x22, 0x45, 0x31, 0x5d, 0x8a, 0xc9, 0x0d, 0x27, 0x92, 0xde, 0x98, 0x23, + 0xa6, 0x2d, 0x08, 0xba, 0x37, 0x9c, 0xc8, 0x5c, 0xd4, 0x8c, 0x01, 0x96, 0x9c, 0xd0, 0x2d, 0x18, + 0x48, 0x3c, 0xa7, 0xa0, 0x3c, 0x27, 0x83, 0xa3, 0x76, 0x80, 0x2c, 0x4c, 0xc7, 0x98, 0xf1, 0x40, + 0x8f, 0x52, 0xab, 0x7f, 0x4d, 0x1e, 0x91, 0x08, 0x43, 0x7d, 0x2d, 0xc6, 0xac, 0xd5, 0xbe, 0x0b, + 0x39, 0x72, 0x55, 0x29, 0x32, 0x74, 0x01, 0x80, 0x6e, 0x20, 0x97, 0x23, 0xb2, 0xee, 0x6e, 0x0b, + 0x43, 0x42, 0xad, 0xdd, 0x6b, 0x0a, 0x82, 0x0d, 0x2c, 0xf9, 0xcc, 0x4a, 0x67, 0x9d, 0x3e, 0x53, + 0xea, 0x7e, 0x86, 0x43, 0xb0, 0x81, 0x85, 0x9e, 0x83, 0x41, 0xb7, 0xed, 0xb4, 0x54, 0x08, 0xe6, + 0xa3, 0x74, 0xd1, 0xce, 0xb3, 0x96, 0xbb, 0xbb, 0x13, 0x63, 0xaa, 0x43, 0xac, 0x09, 0x0b, 0x5c, + 0xf4, 0x2b, 0x16, 0x8c, 0x34, 0x82, 0x76, 0x3b, 0xf0, 0xf9, 0xb6, 0x4b, 0xec, 0x21, 0x6f, 0x1d, + 0x97, 0x9a, 0x9f, 0x9c, 0x31, 0x98, 0xf1, 0x4d, 0xa4, 0x4a, 0xc8, 0x32, 0x41, 0x38, 0xd5, 0x2b, + 0x73, 0x6d, 0x57, 0xf6, 0x59, 0xdb, 0xbf, 0x6e, 0xc1, 0x29, 0xfe, 0xac, 0xb1, 0x1b, 0x14, 0xb9, + 0x47, 0xc1, 0x31, 0xbf, 0x56, 0xd7, 0x06, 0x59, 0x79, 0xe9, 0xba, 0xe0, 0xb8, 0xbb, 0x93, 0x68, + 0x0e, 0x4e, 0xad, 0x07, 0x51, 0x83, 0x98, 0x03, 0x21, 0x04, 0x93, 0x22, 0x74, 0x29, 0x8b, 0x80, + 0xbb, 0x9f, 0x41, 0x37, 0xe0, 0x21, 0xa3, 0xd1, 0x1c, 0x07, 0x2e, 0x9b, 0x1e, 0x17, 0xd4, 0x1e, + 0xba, 0x94, 0x8b, 0x85, 0x7b, 0x3c, 0x9d, 0x76, 0x98, 0xd4, 0xfa, 0x70, 0x98, 0xbc, 0x0a, 0x8f, + 0x34, 0xba, 0x47, 0x66, 0x2b, 0xee, 0xac, 0xc5, 0x5c, 0x52, 0x55, 0xeb, 0x3f, 0x20, 0x08, 0x3c, + 0x32, 0xd3, 0x0b, 0x11, 0xf7, 0xa6, 0x81, 0x3e, 0x0a, 0xd5, 0x88, 0xb0, 0xaf, 0x12, 0x8b, 0x44, + 0x9c, 0x23, 0xee, 0x92, 0xb5, 0x05, 0xca, 0xc9, 0x6a, 0xd9, 0x2b, 0x1a, 0x62, 0xac, 0x38, 0xa2, + 0xdb, 0x30, 0x14, 0x3a, 0x49, 0x63, 0x43, 0xa4, 0xdf, 0x1c, 0x39, 0xfe, 0x45, 0x31, 0x67, 0x3e, + 0x70, 0x23, 0x61, 0x97, 0x33, 0xc1, 0x92, 0x1b, 0xb5, 0x46, 0x1a, 0x41, 0x3b, 0x0c, 0x7c, 0xe2, + 0x27, 0xf1, 0xf8, 0xa8, 0xb6, 0x46, 0x66, 0x54, 0x2b, 0x36, 0x30, 0xd0, 0x32, 0x9c, 0x61, 0x3e, + 0xa3, 0x9b, 0x6e, 0xb2, 0x11, 0x74, 0x12, 0xb9, 0x05, 0x1a, 0x1f, 0x4b, 0x1f, 0x55, 0x2c, 0xe4, + 0xe0, 0xe0, 0xdc, 0x27, 0xcf, 0xbd, 0x1f, 0x4e, 0x75, 0x2d, 0xe5, 0x03, 0xb9, 0x6b, 0x66, 0xe1, + 0xa1, 0xfc, 0x45, 0x73, 0x20, 0xa7, 0xcd, 0x3f, 0xc9, 0x84, 0xcd, 0x1a, 0x86, 0x74, 0x1f, 0x0e, + 0x40, 0x07, 0xca, 0xc4, 0xdf, 0x12, 0x3a, 0xe4, 0xd2, 0xd1, 0xbe, 0xdd, 0x45, 0x7f, 0x8b, 0xaf, + 0x79, 0xe6, 0xe5, 0xb8, 0xe8, 0x6f, 0x61, 0x4a, 0x1b, 0x7d, 0xc9, 0x4a, 0x19, 0x82, 0xdc, 0x6d, + 0xf8, 0xe1, 0x63, 0xd9, 0x39, 0xf4, 0x6d, 0x1b, 0xda, 0xff, 0xae, 0x04, 0xe7, 0xf7, 0x23, 0xd2, + 0xc7, 0xf0, 0x3d, 0x01, 0x83, 0x31, 0x3b, 0x08, 0x17, 0x42, 0x79, 0x98, 0xce, 0x55, 0x7e, 0x34, + 0xfe, 0x2a, 0x16, 0x20, 0xe4, 0x41, 0xb9, 0xed, 0x84, 0xc2, 0x9b, 0x34, 0x7f, 0xd4, 0x44, 0x1a, + 0xfa, 0xdf, 0xf1, 0x16, 0x9d, 0x90, 0xfb, 0x28, 0x8c, 0x06, 0x4c, 0xd9, 0xa0, 0x04, 0x2a, 0x4e, + 0x14, 0x39, 0xf2, 0xd4, 0xf5, 0x6a, 0x31, 0xfc, 0xa6, 0x29, 0x49, 0x7e, 0x68, 0x95, 0x6a, 0xc2, + 0x9c, 0x99, 0xfd, 0xb9, 0xa1, 0x54, 0x32, 0x09, 0x3b, 0x4a, 0x8f, 0x61, 0x50, 0x38, 0x91, 0xac, + 0xa2, 0xf3, 0x97, 0x78, 0x36, 0x20, 0xdb, 0x27, 0x8a, 0x9c, 0x6a, 0xc1, 0x0a, 0x7d, 0xd6, 0x62, + 0x99, 0xcb, 0x32, 0xc1, 0x46, 0xec, 0xce, 0x8e, 0x27, 0x91, 0xda, 0xcc, 0x87, 0x96, 0x8d, 0xd8, + 0xe4, 0x2e, 0x2a, 0x10, 0x30, 0xab, 0xb4, 0xbb, 0x02, 0x01, 0xb3, 0x32, 0x25, 0x1c, 0x6d, 0xe7, + 0x1c, 0x99, 0x17, 0x90, 0xfd, 0xda, 0xc7, 0x21, 0xf9, 0xd7, 0x2c, 0x38, 0xe5, 0x66, 0xcf, 0x3e, + 0xc5, 0x5e, 0xe6, 0x88, 0x41, 0x19, 0xbd, 0x8f, 0x56, 0x95, 0x3a, 0xef, 0x02, 0xe1, 0xee, 0xce, + 0xa0, 0x26, 0x0c, 0xb8, 0xfe, 0x7a, 0x20, 0x8c, 0x98, 0xfa, 0xd1, 0x3a, 0x35, 0xef, 0xaf, 0x07, + 0x7a, 0x35, 0xd3, 0x7f, 0x98, 0x51, 0x47, 0x0b, 0x70, 0x26, 0x12, 0xde, 0xa6, 0xcb, 0x6e, 0x9c, + 0x04, 0xd1, 0xce, 0x82, 0xdb, 0x76, 0x13, 0x66, 0x80, 0x94, 0xeb, 0xe3, 0x54, 0x3f, 0xe0, 0x1c, + 0x38, 0xce, 0x7d, 0x0a, 0xbd, 0x0e, 0x43, 0x32, 0xd5, 0xba, 0x5a, 0xc4, 0xbe, 0xb0, 0x7b, 0xfe, + 0xab, 0xc9, 0xb4, 0x22, 0xb2, 0xaa, 0x25, 0x43, 0xfb, 0x8d, 0x61, 0xe8, 0x3e, 0x16, 0x45, 0x1f, + 0x83, 0x5a, 0xa4, 0xd2, 0xbf, 0xad, 0x22, 0xd4, 0xb5, 0xfc, 0xbe, 0xe2, 0x48, 0x56, 0x99, 0x42, + 0x3a, 0xd1, 0x5b, 0x73, 0xa4, 0x1b, 0x96, 0x58, 0x9f, 0x9e, 0x16, 0x30, 0xb7, 0x05, 0x57, 0x7d, + 0x32, 0xb6, 0xe3, 0x37, 0x30, 0xe3, 0x81, 0x22, 0x18, 0xdc, 0x20, 0x8e, 0x97, 0x6c, 0x14, 0xe3, + 0xc4, 0xbf, 0xcc, 0x68, 0x65, 0x93, 0x80, 0x78, 0x2b, 0x16, 0x9c, 0xd0, 0x36, 0x0c, 0x6d, 0xf0, + 0x09, 0x20, 0xf6, 0x10, 0x8b, 0x47, 0x1d, 0xdc, 0xd4, 0xac, 0xd2, 0x9f, 0x5b, 0x34, 0x60, 0xc9, + 0x8e, 0xc5, 0xdb, 0x18, 0x11, 0x01, 0x7c, 0xe9, 0x16, 0x97, 0xff, 0xd4, 0x7f, 0x38, 0xc0, 0x47, + 0x60, 0x24, 0x22, 0x8d, 0xc0, 0x6f, 0xb8, 0x1e, 0x69, 0x4e, 0x4b, 0x07, 0xfd, 0x41, 0xb2, 0x66, + 0xd8, 0x3e, 0x1c, 0x1b, 0x34, 0x70, 0x8a, 0x22, 0xfa, 0x8c, 0x05, 0x63, 0x2a, 0x67, 0x94, 0x7e, + 0x10, 0x22, 0x1c, 0xc2, 0x0b, 0x05, 0x65, 0xa8, 0x32, 0x9a, 0x75, 0x74, 0x67, 0x77, 0x62, 0x2c, + 0xdd, 0x86, 0x33, 0x7c, 0xd1, 0xcb, 0x00, 0xc1, 0x1a, 0x0f, 0xaa, 0x99, 0x4e, 0x84, 0x77, 0xf8, + 0x20, 0xaf, 0x3a, 0xc6, 0xd3, 0xe7, 0x24, 0x05, 0x6c, 0x50, 0x43, 0x57, 0x01, 0xf8, 0xb2, 0x59, + 0xdd, 0x09, 0xe5, 0x46, 0x43, 0xa6, 0x3d, 0xc1, 0x8a, 0x82, 0xdc, 0xdd, 0x9d, 0xe8, 0xf6, 0xd6, + 0xb1, 0xc0, 0x05, 0xe3, 0x71, 0xf4, 0x93, 0x30, 0x14, 0x77, 0xda, 0x6d, 0x47, 0xf9, 0x8e, 0x0b, + 0x4c, 0xc8, 0xe3, 0x74, 0x0d, 0x51, 0xc4, 0x1b, 0xb0, 0xe4, 0x88, 0x6e, 0x51, 0xa1, 0x1a, 0x0b, + 0x37, 0x22, 0x5b, 0x45, 0xdc, 0x26, 0x18, 0x66, 0xef, 0xf4, 0x1e, 0x69, 0x78, 0xe3, 0x1c, 0x9c, + 0xbb, 0xbb, 0x13, 0x0f, 0xa5, 0xdb, 0x17, 0x02, 0x91, 0x22, 0x97, 0x4b, 0x13, 0x5d, 0x91, 0x95, + 0x57, 0xe8, 0x6b, 0xcb, 0x82, 0x00, 0x4f, 0xe9, 0xca, 0x2b, 0xac, 0xb9, 0xf7, 0x98, 0x99, 0x0f, + 0xa3, 0x45, 0x38, 0xdd, 0x08, 0xfc, 0x24, 0x0a, 0x3c, 0x8f, 0x57, 0x1e, 0xe2, 0x7b, 0x3e, 0xee, + 0x5b, 0x7e, 0xbb, 0xe8, 0xf6, 0xe9, 0x99, 0x6e, 0x14, 0x9c, 0xf7, 0x9c, 0xed, 0xa7, 0xa3, 0x0d, + 0xc5, 0xe0, 0x3c, 0x07, 0x23, 0x64, 0x3b, 0x21, 0x91, 0xef, 0x78, 0xd7, 0xf1, 0x82, 0xf4, 0xaa, + 0xb2, 0x35, 0x70, 0xd1, 0x68, 0xc7, 0x29, 0x2c, 0x64, 0x2b, 0x47, 0x87, 0x91, 0xf6, 0xc9, 0x1d, + 0x1d, 0xd2, 0xad, 0x61, 0xff, 0x9f, 0x52, 0xca, 0x20, 0x5b, 0x8d, 0x08, 0x41, 0x01, 0x54, 0xfc, + 0xa0, 0xa9, 0x64, 0xff, 0x95, 0x62, 0x64, 0xff, 0xb5, 0xa0, 0x69, 0x94, 0x67, 0xa1, 0xff, 0x62, + 0xcc, 0xf9, 0xb0, 0xfa, 0x15, 0xb2, 0xd0, 0x07, 0x03, 0x88, 0x8d, 0x46, 0x91, 0x9c, 0x55, 0xfd, + 0x8a, 0x25, 0x93, 0x11, 0x4e, 0xf3, 0x45, 0x9b, 0x50, 0xd9, 0x08, 0xe2, 0x44, 0x6e, 0x3f, 0x8e, + 0xb8, 0xd3, 0xb9, 0x1c, 0xc4, 0x09, 0xb3, 0x22, 0xd4, 0x6b, 0xd3, 0x96, 0x18, 0x73, 0x1e, 0xf6, + 0x7f, 0xb5, 0x52, 0x3e, 0xf4, 0x9b, 0x2c, 0xf2, 0x76, 0x8b, 0xf8, 0x74, 0x59, 0x9b, 0xa1, 0x46, + 0x3f, 0x92, 0xc9, 0x63, 0x7c, 0x47, 0xaf, 0xc2, 0x5a, 0xb7, 0x29, 0x85, 0x49, 0x46, 0xc2, 0x88, + 0x4a, 0xfa, 0x84, 0x95, 0xce, 0x28, 0x2d, 0x15, 0xb1, 0xc1, 0x30, 0xb3, 0xaa, 0xf7, 0x4d, 0x4e, + 0xb5, 0xbf, 0x64, 0xc1, 0x50, 0xdd, 0x69, 0x6c, 0x06, 0xeb, 0xeb, 0xe8, 0x69, 0xa8, 0x36, 0x3b, + 0x91, 0x99, 0xdc, 0xaa, 0x1c, 0x07, 0xb3, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0x87, 0xd7, 0x9d, 0x86, + 0xcc, 0xad, 0x2e, 0xf3, 0x39, 0x7c, 0x89, 0xb5, 0x60, 0x01, 0x41, 0xcf, 0xc3, 0x70, 0xdb, 0xd9, + 0x96, 0x0f, 0x67, 0x1d, 0xf8, 0x8b, 0x1a, 0x84, 0x4d, 0x3c, 0xfb, 0x5f, 0x59, 0x30, 0x5e, 0x77, + 0x62, 0xb7, 0x31, 0xdd, 0x49, 0x36, 0xea, 0x6e, 0xb2, 0xd6, 0x69, 0x6c, 0x92, 0x84, 0x27, 0xd4, + 0xd3, 0x5e, 0x76, 0x62, 0xba, 0x94, 0xd4, 0xbe, 0x4e, 0xf5, 0xf2, 0xba, 0x68, 0xc7, 0x0a, 0x03, + 0xbd, 0x0e, 0xc3, 0xa1, 0x13, 0xc7, 0xb7, 0x83, 0xa8, 0x89, 0xc9, 0x7a, 0x31, 0xe5, 0x2c, 0x56, + 0x48, 0x23, 0x22, 0x09, 0x26, 0xeb, 0xe2, 0x90, 0x59, 0xd3, 0xc7, 0x26, 0x33, 0xfb, 0x0b, 0x16, + 0x3c, 0x52, 0x27, 0x4e, 0x44, 0x22, 0x56, 0xfd, 0x42, 0xbd, 0xc8, 0x8c, 0x17, 0x74, 0x9a, 0xe8, + 0x35, 0xa8, 0x26, 0xb4, 0x99, 0x76, 0xcb, 0x2a, 0xb6, 0x5b, 0xec, 0x8c, 0x78, 0x55, 0x10, 0xc7, + 0x8a, 0x8d, 0xfd, 0x37, 0x2d, 0x18, 0x61, 0xc7, 0x6d, 0xb3, 0x24, 0x71, 0x5c, 0xaf, 0xab, 0x48, + 0x94, 0xd5, 0x67, 0x91, 0xa8, 0xf3, 0x30, 0xb0, 0x11, 0xb4, 0x49, 0xf6, 0xa8, 0xf8, 0x72, 0x40, + 0xb7, 0xd5, 0x14, 0x82, 0x9e, 0xa5, 0x1f, 0xde, 0xf5, 0x13, 0x87, 0x2e, 0x01, 0xe9, 0xce, 0x3d, + 0xc1, 0x3f, 0xba, 0x6a, 0xc6, 0x26, 0x8e, 0xfd, 0x5b, 0x35, 0x18, 0x12, 0xf1, 0x04, 0x7d, 0x17, + 0x55, 0x90, 0xfb, 0xfb, 0x52, 0xcf, 0xfd, 0x7d, 0x0c, 0x83, 0x0d, 0x56, 0xad, 0x4e, 0x98, 0x91, + 0x57, 0x0b, 0x09, 0x40, 0xe1, 0x05, 0xf0, 0x74, 0xb7, 0xf8, 0x7f, 0x2c, 0x58, 0xa1, 0x2f, 0x5a, + 0x70, 0xa2, 0x11, 0xf8, 0x3e, 0x69, 0x68, 0x1b, 0x67, 0xa0, 0x88, 0x38, 0x83, 0x99, 0x34, 0x51, + 0x7d, 0xd6, 0x93, 0x01, 0xe0, 0x2c, 0x7b, 0xf4, 0x22, 0x8c, 0xf2, 0x31, 0xbb, 0x91, 0xf2, 0x41, + 0xeb, 0xda, 0x41, 0x26, 0x10, 0xa7, 0x71, 0xd1, 0x24, 0xf7, 0xe5, 0x8b, 0x2a, 0x3d, 0x83, 0xda, + 0x55, 0x67, 0xd4, 0xe7, 0x31, 0x30, 0x50, 0x04, 0x28, 0x22, 0xeb, 0x11, 0x89, 0x37, 0x44, 0xbc, + 0x05, 0xb3, 0xaf, 0x86, 0x0e, 0x97, 0x80, 0x8d, 0xbb, 0x28, 0xe1, 0x1c, 0xea, 0x68, 0x53, 0x6c, + 0x30, 0xab, 0x45, 0xc8, 0x50, 0xf1, 0x99, 0x7b, 0xee, 0x33, 0x27, 0xa0, 0x12, 0x6f, 0x38, 0x51, + 0x93, 0xd9, 0x75, 0x65, 0x9e, 0xf4, 0xb3, 0x42, 0x1b, 0x30, 0x6f, 0x47, 0xb3, 0x70, 0x32, 0x53, + 0xf9, 0x28, 0x16, 0xbe, 0x62, 0x95, 0xe0, 0x91, 0xa9, 0x99, 0x14, 0xe3, 0xae, 0x27, 0x4c, 0xe7, + 0xc3, 0xf0, 0x3e, 0xce, 0x87, 0x1d, 0x15, 0xd5, 0xc7, 0xbd, 0xb8, 0x2f, 0x15, 0x32, 0x00, 0x7d, + 0x85, 0xf0, 0x7d, 0x3e, 0x13, 0xc2, 0x37, 0xca, 0x3a, 0x70, 0xa3, 0x98, 0x0e, 0x1c, 0x3c, 0x5e, + 0xef, 0x7e, 0xc6, 0xdf, 0xfd, 0xb9, 0x05, 0xf2, 0xbb, 0xce, 0x38, 0x8d, 0x0d, 0x42, 0xa7, 0x0c, + 0x7a, 0x1f, 0x8c, 0xa9, 0x2d, 0xf4, 0x4c, 0xd0, 0xf1, 0x79, 0xe8, 0x5d, 0x59, 0x1f, 0x0a, 0xe3, + 0x14, 0x14, 0x67, 0xb0, 0xd1, 0x14, 0xd4, 0xe8, 0x38, 0xf1, 0x47, 0xb9, 0xae, 0x55, 0xdb, 0xf4, + 0xe9, 0xe5, 0x79, 0xf1, 0x94, 0xc6, 0x41, 0x01, 0x9c, 0xf2, 0x9c, 0x38, 0x61, 0x3d, 0xa0, 0x3b, + 0xea, 0x43, 0x96, 0x3f, 0x60, 0x59, 0x04, 0x0b, 0x59, 0x42, 0xb8, 0x9b, 0xb6, 0xfd, 0xed, 0x01, + 0x18, 0x4d, 0x49, 0xc6, 0x03, 0x2a, 0xe9, 0xa7, 0xa1, 0x2a, 0xf5, 0x66, 0xb6, 0x50, 0x8b, 0x52, + 0xae, 0x0a, 0x83, 0x2a, 0xad, 0x35, 0xad, 0x55, 0xb3, 0x46, 0x85, 0xa1, 0x70, 0xb1, 0x89, 0xc7, + 0x84, 0x72, 0xe2, 0xc5, 0x33, 0x9e, 0x4b, 0xfc, 0x84, 0x77, 0xb3, 0x18, 0xa1, 0xbc, 0xba, 0xb0, + 0x62, 0x12, 0xd5, 0x42, 0x39, 0x03, 0xc0, 0x59, 0xf6, 0xe8, 0xd3, 0x16, 0x8c, 0x3a, 0xb7, 0x63, + 0x5d, 0x52, 0x55, 0x04, 0xeb, 0x1d, 0x51, 0x49, 0xa5, 0xaa, 0xb4, 0x72, 0x97, 0x6f, 0xaa, 0x09, + 0xa7, 0x99, 0xa2, 0x37, 0x2d, 0x40, 0x64, 0x9b, 0x34, 0x64, 0x38, 0xa1, 0xe8, 0xcb, 0x60, 0x11, + 0x3b, 0xcd, 0x8b, 0x5d, 0x74, 0xb9, 0x54, 0xef, 0x6e, 0xc7, 0x39, 0x7d, 0xb0, 0xff, 0x79, 0x59, + 0x2d, 0x28, 0x1d, 0xc1, 0xea, 0x18, 0x91, 0x74, 0xd6, 0xe1, 0x23, 0xe9, 0x74, 0x44, 0x42, 0x77, + 0x56, 0x65, 0x2a, 0x09, 0xab, 0x74, 0x9f, 0x92, 0xb0, 0x7e, 0xda, 0x4a, 0x95, 0x24, 0x1a, 0xbe, + 0xf0, 0x72, 0xb1, 0xd1, 0xb3, 0x93, 0x3c, 0x5a, 0x22, 0x23, 0xdd, 0xd3, 0x41, 0x32, 0x54, 0x9a, + 0x1a, 0x68, 0x07, 0x92, 0x86, 0xff, 0xa1, 0x0c, 0xc3, 0x86, 0x26, 0xcd, 0x35, 0x8b, 0xac, 0x07, + 0xcc, 0x2c, 0x2a, 0x1d, 0xc0, 0x2c, 0xfa, 0x29, 0xa8, 0x35, 0xa4, 0x94, 0x2f, 0xa6, 0x28, 0x6f, + 0x56, 0x77, 0x68, 0x41, 0xaf, 0x9a, 0xb0, 0xe6, 0x89, 0xe6, 0x52, 0xa9, 0x3b, 0x42, 0x43, 0x0c, + 0x30, 0x0d, 0x91, 0x97, 0x5b, 0x23, 0x34, 0x45, 0xf7, 0x33, 0xac, 0x72, 0x55, 0xe8, 0x8a, 0xf7, + 0x92, 0x31, 0xee, 0xbc, 0x72, 0xd5, 0xf2, 0xbc, 0x6c, 0xc6, 0x26, 0x8e, 0xfd, 0x6d, 0x4b, 0x7d, + 0xdc, 0x7b, 0x50, 0xa3, 0xe1, 0x56, 0xba, 0x46, 0xc3, 0xc5, 0x42, 0x86, 0xb9, 0x47, 0x71, 0x86, + 0x6b, 0x30, 0x34, 0x13, 0xb4, 0xdb, 0x8e, 0xdf, 0x44, 0x3f, 0x04, 0x43, 0x0d, 0xfe, 0x53, 0x38, + 0x76, 0xd8, 0xf1, 0xa0, 0x80, 0x62, 0x09, 0x43, 0x8f, 0xc2, 0x80, 0x13, 0xb5, 0xa4, 0x33, 0x87, + 0x05, 0xd7, 0x4c, 0x47, 0xad, 0x18, 0xb3, 0x56, 0xfb, 0x1f, 0x0f, 0x00, 0x3b, 0xd3, 0x76, 0x22, + 0xd2, 0x5c, 0x0d, 0x58, 0x51, 0xc0, 0x63, 0x3d, 0x54, 0xd3, 0x9b, 0xa5, 0x07, 0xf9, 0x60, 0xcd, + 0x38, 0x5c, 0x29, 0xdf, 0xe3, 0xc3, 0x95, 0x1e, 0xe7, 0x65, 0x03, 0x0f, 0xd0, 0x79, 0x99, 0xfd, + 0x39, 0x0b, 0x90, 0x0a, 0x84, 0xd0, 0x07, 0xda, 0x53, 0x50, 0x53, 0x21, 0x11, 0xc2, 0xb0, 0xd2, + 0x22, 0x42, 0x02, 0xb0, 0xc6, 0xe9, 0x63, 0x87, 0xfc, 0x84, 0x94, 0xdf, 0xe5, 0x74, 0x5c, 0x2e, + 0x93, 0xfa, 0x42, 0x9c, 0xdb, 0xbf, 0x5d, 0x82, 0x87, 0xb8, 0x4a, 0x5e, 0x74, 0x7c, 0xa7, 0x45, + 0xda, 0xb4, 0x57, 0xfd, 0x86, 0x28, 0x34, 0xe8, 0xd6, 0xcc, 0x95, 0x71, 0xb6, 0x47, 0x5d, 0xbb, + 0x7c, 0xcd, 0xf1, 0x55, 0x36, 0xef, 0xbb, 0x09, 0x66, 0xc4, 0x51, 0x0c, 0x55, 0x59, 0xb1, 0x5e, + 0xc8, 0xe2, 0x82, 0x18, 0x29, 0xb1, 0x24, 0xf4, 0x26, 0xc1, 0x8a, 0x11, 0x35, 0x5c, 0xbd, 0xa0, + 0xb1, 0x89, 0x49, 0x18, 0x30, 0xb9, 0x6b, 0x84, 0x39, 0x2e, 0x88, 0x76, 0xac, 0x30, 0xec, 0xdf, + 0xb6, 0x20, 0xab, 0x91, 0x8c, 0xea, 0x6b, 0xd6, 0x9e, 0xd5, 0xd7, 0x0e, 0x50, 0xfe, 0xec, 0x27, + 0x60, 0xd8, 0x49, 0xa8, 0x11, 0xc1, 0xb7, 0xdd, 0xe5, 0xc3, 0x1d, 0x6b, 0x2c, 0x06, 0x4d, 0x77, + 0xdd, 0x65, 0xdb, 0x6d, 0x93, 0x9c, 0xfd, 0x3f, 0x07, 0xe0, 0x54, 0x57, 0x36, 0x08, 0x7a, 0x01, + 0x46, 0x1a, 0x62, 0x7a, 0x84, 0xd2, 0xa1, 0x55, 0x33, 0xc3, 0xe2, 0x34, 0x0c, 0xa7, 0x30, 0xfb, + 0x98, 0xa0, 0xf3, 0x70, 0x3a, 0xa2, 0x1b, 0xfd, 0x0e, 0x99, 0x5e, 0x4f, 0x48, 0xb4, 0x42, 0x1a, + 0x81, 0xdf, 0xe4, 0x35, 0x02, 0xcb, 0xf5, 0x87, 0xef, 0xec, 0x4e, 0x9c, 0xc6, 0xdd, 0x60, 0x9c, + 0xf7, 0x0c, 0x0a, 0x61, 0xd4, 0x33, 0x6d, 0x40, 0xb1, 0x01, 0x38, 0x94, 0xf9, 0xa8, 0x6c, 0x84, + 0x54, 0x33, 0x4e, 0x33, 0x48, 0x1b, 0x92, 0x95, 0xfb, 0x64, 0x48, 0x7e, 0x4a, 0x1b, 0x92, 0xfc, + 0xfc, 0xfd, 0x43, 0x05, 0x67, 0x03, 0x1d, 0xb7, 0x25, 0xf9, 0x12, 0x54, 0x65, 0x6c, 0x52, 0x5f, + 0x31, 0x3d, 0x26, 0x9d, 0x1e, 0x12, 0xed, 0x49, 0xf8, 0xc1, 0x8b, 0x51, 0x64, 0x0c, 0xe6, 0xb5, + 0x20, 0x99, 0xf6, 0xbc, 0xe0, 0x36, 0x55, 0xd2, 0xd7, 0x63, 0x22, 0x3c, 0x2c, 0xf6, 0xdd, 0x12, + 0xe4, 0x6c, 0x56, 0xe8, 0x7a, 0xd4, 0x96, 0x41, 0x6a, 0x3d, 0x1e, 0xcc, 0x3a, 0x40, 0xdb, 0x3c, + 0x7e, 0x8b, 0xeb, 0xc0, 0x0f, 0x16, 0xbd, 0xd9, 0xd2, 0x21, 0x5d, 0x2a, 0x99, 0x42, 0x85, 0x75, + 0x5d, 0x00, 0xd0, 0x06, 0x9d, 0x08, 0x95, 0x57, 0xc7, 0xc3, 0xda, 0xee, 0xc3, 0x06, 0x16, 0xdd, + 0x7b, 0xbb, 0x7e, 0x9c, 0x38, 0x9e, 0x77, 0xd9, 0xf5, 0x13, 0xe1, 0x44, 0x54, 0xca, 0x7e, 0x5e, + 0x83, 0xb0, 0x89, 0x77, 0xee, 0x3d, 0xc6, 0xf7, 0x3b, 0xc8, 0x77, 0xdf, 0x80, 0x47, 0xe6, 0xdc, + 0x44, 0x25, 0x78, 0xa8, 0xf9, 0x46, 0xed, 0x35, 0x95, 0xb0, 0x64, 0xf5, 0x4c, 0x58, 0x32, 0x12, + 0x2c, 0x4a, 0xe9, 0x7c, 0x90, 0x6c, 0x82, 0x85, 0xfd, 0x02, 0x9c, 0x99, 0x73, 0x93, 0x4b, 0xae, + 0x47, 0x0e, 0xc8, 0xc4, 0xfe, 0xcd, 0x41, 0x18, 0x31, 0x53, 0x04, 0x0f, 0x92, 0x73, 0xf5, 0x05, + 0x6a, 0x92, 0x89, 0xb7, 0x73, 0xd5, 0xe1, 0xda, 0xcd, 0x23, 0xe7, 0x2b, 0xe6, 0x8f, 0x98, 0x61, + 0x95, 0x69, 0x9e, 0xd8, 0xec, 0x00, 0xba, 0x0d, 0x95, 0x75, 0x96, 0x00, 0x50, 0x2e, 0x22, 0x02, + 0x21, 0x6f, 0x44, 0xf5, 0x72, 0xe4, 0x29, 0x04, 0x9c, 0x1f, 0xd5, 0xa4, 0x51, 0x3a, 0xab, 0xcc, + 0x08, 0x5a, 0x15, 0xf9, 0x64, 0x0a, 0xa3, 0x97, 0x4a, 0xa8, 0x1c, 0x42, 0x25, 0xa4, 0x04, 0xf4, + 0xe0, 0x7d, 0x12, 0xd0, 0x2c, 0x99, 0x23, 0xd9, 0x60, 0x76, 0x9e, 0x88, 0xb2, 0x1f, 0x62, 0x83, + 0x60, 0x24, 0x73, 0xa4, 0xc0, 0x38, 0x8b, 0x8f, 0x3e, 0xae, 0x44, 0x7c, 0xb5, 0x08, 0xff, 0xab, + 0x39, 0xa3, 0x8f, 0x5b, 0xba, 0x7f, 0xae, 0x04, 0x63, 0x73, 0x7e, 0x67, 0x79, 0x6e, 0xb9, 0xb3, + 0xe6, 0xb9, 0x8d, 0xab, 0x64, 0x87, 0x8a, 0xf0, 0x4d, 0xb2, 0x33, 0x3f, 0x2b, 0x56, 0x90, 0x9a, + 0x33, 0x57, 0x69, 0x23, 0xe6, 0x30, 0x2a, 0x8c, 0xd6, 0x5d, 0xbf, 0x45, 0xa2, 0x30, 0x72, 0x85, + 0x6b, 0xd4, 0x10, 0x46, 0x97, 0x34, 0x08, 0x9b, 0x78, 0x94, 0x76, 0x70, 0xdb, 0x27, 0x51, 0xd6, + 0xe0, 0x5d, 0xa2, 0x8d, 0x98, 0xc3, 0x28, 0x52, 0x12, 0x75, 0xe2, 0x44, 0x4c, 0x46, 0x85, 0xb4, + 0x4a, 0x1b, 0x31, 0x87, 0xd1, 0x95, 0x1e, 0x77, 0xd6, 0x58, 0x80, 0x47, 0x26, 0xa4, 0x7f, 0x85, + 0x37, 0x63, 0x09, 0xa7, 0xa8, 0x9b, 0x64, 0x67, 0x96, 0xee, 0x8e, 0x33, 0x99, 0x3d, 0x57, 0x79, + 0x33, 0x96, 0x70, 0x56, 0x04, 0x31, 0x3d, 0x1c, 0xdf, 0x73, 0x45, 0x10, 0xd3, 0xdd, 0xef, 0xb1, + 0xcf, 0xfe, 0x65, 0x0b, 0x46, 0xcc, 0xb0, 0x2c, 0xd4, 0xca, 0xd8, 0xc2, 0x4b, 0x5d, 0x35, 0x74, + 0x7f, 0x2c, 0xef, 0x02, 0xb2, 0x96, 0x9b, 0x04, 0x61, 0xfc, 0x0c, 0xf1, 0x5b, 0xae, 0x4f, 0xd8, + 0x69, 0x3b, 0x0f, 0xe7, 0x4a, 0xc5, 0x7c, 0xcd, 0x04, 0x4d, 0x72, 0x08, 0x63, 0xda, 0xbe, 0x09, + 0xa7, 0xba, 0xd2, 0xb9, 0xfa, 0x30, 0x41, 0xf6, 0x4d, 0xa6, 0xb5, 0x31, 0x0c, 0x53, 0xc2, 0xb2, + 0x10, 0xcf, 0x0c, 0x9c, 0xe2, 0x0b, 0x89, 0x72, 0x5a, 0x69, 0x6c, 0x90, 0xb6, 0x4a, 0xd1, 0x63, + 0x7e, 0xf8, 0x1b, 0x59, 0x20, 0xee, 0xc6, 0xb7, 0x3f, 0x6f, 0xc1, 0x68, 0x2a, 0xc3, 0xae, 0x20, + 0x63, 0x89, 0xad, 0xb4, 0x80, 0x45, 0x09, 0xb2, 0x50, 0xe9, 0x32, 0x53, 0xa6, 0x7a, 0xa5, 0x69, + 0x10, 0x36, 0xf1, 0xec, 0x2f, 0x95, 0xa0, 0x2a, 0x23, 0x2d, 0xfa, 0xe8, 0xca, 0x67, 0x2d, 0x18, + 0x55, 0x67, 0x1f, 0xcc, 0xa9, 0x56, 0x2a, 0x22, 0x1d, 0x82, 0xf6, 0x40, 0x6d, 0xcb, 0xfd, 0xf5, + 0x40, 0x5b, 0xee, 0xd8, 0x64, 0x86, 0xd3, 0xbc, 0xd1, 0x0d, 0x80, 0x78, 0x27, 0x4e, 0x48, 0xdb, + 0x70, 0xef, 0xd9, 0xc6, 0x8a, 0x9b, 0x6c, 0x04, 0x11, 0xa1, 0xeb, 0xeb, 0x5a, 0xd0, 0x24, 0x2b, + 0x0a, 0x53, 0x9b, 0x50, 0xba, 0x0d, 0x1b, 0x94, 0xec, 0x7f, 0x58, 0x82, 0x93, 0xd9, 0x2e, 0xa1, + 0x0f, 0xc1, 0x88, 0xe4, 0x6e, 0xdc, 0xa5, 0x26, 0xc3, 0x4b, 0x46, 0xb0, 0x01, 0xbb, 0xbb, 0x3b, + 0x31, 0xd1, 0x7d, 0x99, 0xdd, 0xa4, 0x89, 0x82, 0x53, 0xc4, 0xf8, 0x01, 0x94, 0x38, 0x29, 0xad, + 0xef, 0x4c, 0x87, 0xa1, 0x38, 0x45, 0x32, 0x0e, 0xa0, 0x4c, 0x28, 0xce, 0x60, 0xa3, 0x65, 0x38, + 0x63, 0xb4, 0x5c, 0x23, 0x6e, 0x6b, 0x63, 0x2d, 0x88, 0xe4, 0x0e, 0xec, 0x51, 0x1d, 0x00, 0xd6, + 0x8d, 0x83, 0x73, 0x9f, 0xa4, 0xda, 0xbe, 0xe1, 0x84, 0x4e, 0xc3, 0x4d, 0x76, 0x84, 0xbf, 0x52, + 0xc9, 0xa6, 0x19, 0xd1, 0x8e, 0x15, 0x86, 0xbd, 0x08, 0x03, 0x7d, 0xce, 0xa0, 0xbe, 0x2c, 0xff, + 0x97, 0xa0, 0x4a, 0xc9, 0x49, 0xf3, 0xae, 0x08, 0x92, 0x01, 0x54, 0xe5, 0x1d, 0x27, 0xc8, 0x86, + 0xb2, 0xeb, 0xc8, 0x33, 0x3e, 0xf5, 0x5a, 0xf3, 0x71, 0xdc, 0x61, 0x9b, 0x69, 0x0a, 0x44, 0x4f, + 0x40, 0x99, 0x6c, 0x87, 0xd9, 0xc3, 0xbc, 0x8b, 0xdb, 0xa1, 0x1b, 0x91, 0x98, 0x22, 0x91, 0xed, + 0x10, 0x9d, 0x83, 0x92, 0xdb, 0x14, 0x4a, 0x0a, 0x04, 0x4e, 0x69, 0x7e, 0x16, 0x97, 0xdc, 0xa6, + 0xbd, 0x0d, 0x35, 0x75, 0xa9, 0x0a, 0xda, 0x94, 0xb2, 0xdb, 0x2a, 0x22, 0x34, 0x4a, 0xd2, 0xed, + 0x21, 0xb5, 0x3b, 0x00, 0x3a, 0xd5, 0xb0, 0x28, 0xf9, 0x72, 0x1e, 0x06, 0x1a, 0x81, 0x48, 0x83, + 0xae, 0x6a, 0x32, 0x4c, 0x68, 0x33, 0x88, 0x7d, 0x13, 0xc6, 0xae, 0xfa, 0xc1, 0x6d, 0x56, 0x11, + 0x9e, 0x15, 0x40, 0xa3, 0x84, 0xd7, 0xe9, 0x8f, 0xac, 0x89, 0xc0, 0xa0, 0x98, 0xc3, 0x54, 0x65, + 0xa8, 0x52, 0xaf, 0xca, 0x50, 0xf6, 0x27, 0x2c, 0x18, 0x51, 0x39, 0x4b, 0x73, 0x5b, 0x9b, 0x94, + 0x6e, 0x2b, 0x0a, 0x3a, 0x61, 0x96, 0x2e, 0xbb, 0xf6, 0x08, 0x73, 0x98, 0x99, 0xcc, 0x57, 0xda, + 0x27, 0x99, 0xef, 0x3c, 0x0c, 0x6c, 0xba, 0x7e, 0x33, 0x7b, 0x8f, 0xc7, 0x55, 0xd7, 0x6f, 0x62, + 0x06, 0xa1, 0x5d, 0x38, 0xa9, 0xba, 0x20, 0x15, 0xc2, 0x0b, 0x30, 0xb2, 0xd6, 0x71, 0xbd, 0xa6, + 0xac, 0xec, 0x96, 0xf1, 0xa8, 0xd4, 0x0d, 0x18, 0x4e, 0x61, 0xd2, 0x7d, 0xdd, 0x9a, 0xeb, 0x3b, + 0xd1, 0xce, 0xb2, 0xd6, 0x40, 0x4a, 0x28, 0xd5, 0x15, 0x04, 0x1b, 0x58, 0xf6, 0x1b, 0x65, 0x18, + 0x4b, 0x67, 0x6e, 0xf5, 0xb1, 0xbd, 0x7a, 0x02, 0x2a, 0x2c, 0x99, 0x2b, 0xfb, 0x69, 0x79, 0x31, + 0x34, 0x0e, 0x43, 0x31, 0x0c, 0xf2, 0x32, 0x10, 0xc5, 0xdc, 0x81, 0xa3, 0x3a, 0xa9, 0xfc, 0x30, + 0x2c, 0xee, 0x4c, 0x54, 0x9e, 0x10, 0xac, 0xd0, 0xa7, 0x2d, 0x18, 0x0a, 0x42, 0xb3, 0xa2, 0xd0, + 0x07, 0x8b, 0xcc, 0x6a, 0x13, 0x49, 0x35, 0xc2, 0x22, 0x56, 0x9f, 0x5e, 0x7e, 0x0e, 0xc9, 0xfa, + 0xdc, 0x7b, 0x61, 0xc4, 0xc4, 0xdc, 0xcf, 0x28, 0xae, 0x9a, 0x46, 0xf1, 0x67, 0xcd, 0x49, 0x21, + 0xf2, 0xf6, 0xfa, 0x58, 0x6e, 0xd7, 0xa1, 0xd2, 0x50, 0x81, 0x02, 0x87, 0xaa, 0x07, 0xaa, 0xea, + 0x32, 0xb0, 0xc3, 0x22, 0x4e, 0xcd, 0xfe, 0xb6, 0x65, 0xcc, 0x0f, 0x4c, 0xe2, 0xf9, 0x26, 0x8a, + 0xa0, 0xdc, 0xda, 0xda, 0x14, 0xa6, 0xe8, 0x95, 0x82, 0x86, 0x77, 0x6e, 0x6b, 0x53, 0xcf, 0x71, + 0xb3, 0x15, 0x53, 0x66, 0x7d, 0x38, 0x0b, 0x53, 0xe9, 0x9d, 0xe5, 0xfd, 0xd3, 0x3b, 0xed, 0x37, + 0x4b, 0x70, 0xaa, 0x6b, 0x52, 0xa1, 0xd7, 0xa1, 0x12, 0xd1, 0xb7, 0x14, 0xaf, 0xb7, 0x50, 0x58, + 0x42, 0x66, 0x3c, 0xdf, 0xd4, 0x7a, 0x37, 0xdd, 0x8e, 0x39, 0x4b, 0x74, 0x05, 0x90, 0x0e, 0x67, + 0x51, 0x9e, 0x4a, 0xfe, 0xca, 0xe7, 0xc4, 0xa3, 0x68, 0xba, 0x0b, 0x03, 0xe7, 0x3c, 0x85, 0x5e, + 0xcc, 0x3a, 0x3c, 0xcb, 0xe9, 0xf3, 0xcd, 0xbd, 0x7c, 0x97, 0xf6, 0xbf, 0x28, 0xc1, 0x68, 0xaa, + 0xc0, 0x13, 0xf2, 0xa0, 0x4a, 0x3c, 0xe6, 0xfc, 0x97, 0xca, 0xe6, 0xa8, 0xf5, 0x92, 0x95, 0x82, + 0xbc, 0x28, 0xe8, 0x62, 0xc5, 0xe1, 0xc1, 0x38, 0x84, 0x7f, 0x01, 0x46, 0x64, 0x87, 0x3e, 0xe8, + 0xb4, 0x3d, 0x31, 0x80, 0x6a, 0x8e, 0x5e, 0x34, 0x60, 0x38, 0x85, 0x69, 0xff, 0x4e, 0x19, 0xc6, + 0xf9, 0x69, 0x49, 0x53, 0xcd, 0xbc, 0x45, 0xb9, 0xdf, 0xfa, 0xab, 0xba, 0x0c, 0x1b, 0x1f, 0xc8, + 0xb5, 0xa3, 0x5e, 0x4f, 0x90, 0xcf, 0xa8, 0xaf, 0x08, 0xae, 0xaf, 0x66, 0x22, 0xb8, 0xb8, 0xd9, + 0xdd, 0x3a, 0xa6, 0x1e, 0x7d, 0x6f, 0x85, 0x74, 0xfd, 0xbd, 0x12, 0x9c, 0xc8, 0xdc, 0xfd, 0x80, + 0xde, 0x48, 0x97, 0x0b, 0xb6, 0x8a, 0xf0, 0xa9, 0xef, 0x79, 0x1d, 0xc0, 0xc1, 0x8a, 0x06, 0xdf, + 0xa7, 0xa5, 0x62, 0xff, 0x41, 0x09, 0xc6, 0xd2, 0x97, 0x56, 0x3c, 0x80, 0x23, 0xf5, 0x2e, 0xa8, + 0xb1, 0xba, 0xec, 0xec, 0x32, 0x4e, 0xee, 0x92, 0xe7, 0x25, 0xb0, 0x65, 0x23, 0xd6, 0xf0, 0x07, + 0xa2, 0x16, 0xb3, 0xfd, 0xf7, 0x2d, 0x38, 0xcb, 0xdf, 0x32, 0x3b, 0x0f, 0xff, 0x5a, 0xde, 0xe8, + 0xbe, 0x52, 0x6c, 0x07, 0x33, 0xe5, 0x03, 0xf7, 0x1b, 0x5f, 0x76, 0x09, 0xa0, 0xe8, 0x6d, 0x7a, + 0x2a, 0x3c, 0x80, 0x9d, 0x3d, 0xd0, 0x64, 0xb0, 0xff, 0xa0, 0x0c, 0xfa, 0xde, 0x43, 0xe4, 0x8a, + 0x5c, 0xc8, 0x42, 0xca, 0x28, 0xae, 0xec, 0xf8, 0x0d, 0x7d, 0xc3, 0x62, 0x35, 0x93, 0x0a, 0xf9, + 0x73, 0x16, 0x0c, 0xbb, 0xbe, 0x9b, 0xb8, 0x0e, 0xdb, 0x46, 0x17, 0x73, 0x27, 0x9b, 0x62, 0x37, + 0xcf, 0x29, 0x07, 0x91, 0x79, 0x8e, 0xa3, 0x98, 0x61, 0x93, 0x33, 0xfa, 0x88, 0x08, 0xb2, 0x2e, + 0x17, 0x96, 0xc5, 0x5b, 0xcd, 0x44, 0x56, 0x87, 0xd4, 0xf0, 0x4a, 0xa2, 0x82, 0x92, 0xdf, 0x31, + 0x25, 0xa5, 0x2a, 0xf2, 0xea, 0x1b, 0xa8, 0x69, 0x33, 0xe6, 0x8c, 0xec, 0x18, 0x50, 0xf7, 0x58, + 0x1c, 0x30, 0x80, 0x75, 0x0a, 0x6a, 0x4e, 0x27, 0x09, 0xda, 0x74, 0x98, 0xc4, 0x51, 0x93, 0x0e, + 0xd1, 0x95, 0x00, 0xac, 0x71, 0xec, 0x37, 0x2a, 0x90, 0x49, 0x4e, 0x44, 0xdb, 0xe6, 0x9d, 0x9d, + 0x56, 0xb1, 0x77, 0x76, 0xaa, 0xce, 0xe4, 0xdd, 0xdb, 0x89, 0x5a, 0x50, 0x09, 0x37, 0x9c, 0x58, + 0x9a, 0xd5, 0x2f, 0xa9, 0x7d, 0x1c, 0x6d, 0xbc, 0xbb, 0x3b, 0xf1, 0xe3, 0xfd, 0x79, 0x5d, 0xe9, + 0x5c, 0x9d, 0xe2, 0x65, 0x4e, 0x34, 0x6b, 0x46, 0x03, 0x73, 0xfa, 0x07, 0xb9, 0x95, 0xee, 0x93, + 0xa2, 0x00, 0x3d, 0x26, 0x71, 0xc7, 0x4b, 0xc4, 0x6c, 0x78, 0xa9, 0xc0, 0x55, 0xc6, 0x09, 0xeb, + 0xb4, 0x7a, 0xfe, 0x1f, 0x1b, 0x4c, 0xd1, 0x87, 0xa0, 0x16, 0x27, 0x4e, 0x94, 0x1c, 0x32, 0x11, + 0x56, 0x0d, 0xfa, 0x8a, 0x24, 0x82, 0x35, 0x3d, 0xf4, 0x32, 0xab, 0x2a, 0xeb, 0xc6, 0x1b, 0x87, + 0xcc, 0x8d, 0x90, 0x15, 0x68, 0x05, 0x05, 0x6c, 0x50, 0x43, 0x17, 0x00, 0xd8, 0xdc, 0xe6, 0x01, + 0x81, 0x55, 0xe6, 0x65, 0x52, 0xa2, 0x10, 0x2b, 0x08, 0x36, 0xb0, 0xec, 0x1f, 0x86, 0x74, 0x5d, + 0x08, 0x34, 0x21, 0xcb, 0x50, 0x70, 0x2f, 0x34, 0xcb, 0x71, 0x48, 0x55, 0x8c, 0xf8, 0x75, 0x0b, + 0xcc, 0xe2, 0x15, 0xe8, 0x35, 0x5e, 0x25, 0xc3, 0x2a, 0xe2, 0xe4, 0xd0, 0xa0, 0x3b, 0xb9, 0xe8, + 0x84, 0x99, 0x23, 0x6c, 0x59, 0x2a, 0xe3, 0xdc, 0x7b, 0xa0, 0x2a, 0xa1, 0x07, 0x32, 0xea, 0x3e, + 0x0e, 0xa7, 0xb3, 0x37, 0x9a, 0x8b, 0x53, 0xa7, 0xfd, 0x5d, 0x3f, 0xd2, 0x9f, 0x53, 0xea, 0xe5, + 0xcf, 0xe9, 0xe3, 0xe6, 0xd6, 0xdf, 0xb0, 0xe0, 0xfc, 0x7e, 0x17, 0xaf, 0xa3, 0x47, 0x61, 0xe0, + 0xb6, 0x13, 0xc9, 0x72, 0xdf, 0x4c, 0x50, 0xde, 0x74, 0x22, 0x1f, 0xb3, 0x56, 0xb4, 0x03, 0x83, + 0x3c, 0x6a, 0x4c, 0x58, 0xeb, 0x2f, 0x15, 0x7b, 0x0d, 0xfc, 0x55, 0x62, 0x6c, 0x17, 0x78, 0xc4, + 0x1a, 0x16, 0x0c, 0xed, 0xef, 0x58, 0x80, 0x96, 0xb6, 0x48, 0x14, 0xb9, 0x4d, 0x23, 0xce, 0x8d, + 0x5d, 0xe4, 0x62, 0x5c, 0xd8, 0x62, 0xa6, 0xc2, 0x66, 0x2e, 0x72, 0x31, 0xfe, 0xe5, 0x5f, 0xe4, + 0x52, 0x3a, 0xd8, 0x45, 0x2e, 0x68, 0x09, 0xce, 0xb6, 0xf9, 0x76, 0x83, 0x5f, 0x8e, 0xc0, 0xf7, + 0x1e, 0x2a, 0xf1, 0xec, 0x91, 0x3b, 0xbb, 0x13, 0x67, 0x17, 0xf3, 0x10, 0x70, 0xfe, 0x73, 0xf6, + 0x7b, 0x00, 0xf1, 0xf0, 0xb6, 0x99, 0xbc, 0x58, 0xa5, 0x9e, 0xee, 0x17, 0xfb, 0x2b, 0x15, 0x38, + 0x91, 0x29, 0x06, 0x4b, 0xb7, 0x7a, 0xdd, 0xc1, 0x51, 0x47, 0xd6, 0xdf, 0xdd, 0xdd, 0xeb, 0x2b, + 0xdc, 0xca, 0x87, 0x8a, 0xeb, 0x87, 0x9d, 0xa4, 0x98, 0x5c, 0x53, 0xde, 0x89, 0x79, 0x4a, 0xd0, + 0x70, 0x17, 0xd3, 0xbf, 0x98, 0xb3, 0x29, 0x32, 0x78, 0x2b, 0x65, 0x8c, 0x0f, 0xdc, 0x27, 0x77, + 0xc0, 0x27, 0x75, 0x28, 0x55, 0xa5, 0x08, 0xc7, 0x62, 0x66, 0xb2, 0x1c, 0xf7, 0x51, 0xfb, 0xaf, + 0x95, 0x60, 0xd8, 0xf8, 0x68, 0xe8, 0x97, 0xd2, 0xa5, 0x9d, 0xac, 0xe2, 0x5e, 0x89, 0xd1, 0x9f, + 0xd4, 0xc5, 0x9b, 0xf8, 0x2b, 0x3d, 0xd9, 0x5d, 0xd5, 0xe9, 0xee, 0xee, 0xc4, 0xc9, 0x4c, 0xdd, + 0xa6, 0x54, 0xa5, 0xa7, 0x73, 0x1f, 0x83, 0x13, 0x19, 0x32, 0x39, 0xaf, 0xbc, 0x9a, 0xbe, 0xb0, + 0xfe, 0x88, 0x6e, 0x29, 0x73, 0xc8, 0xbe, 0x41, 0x87, 0x4c, 0xa4, 0xdb, 0x05, 0x1e, 0xe9, 0xc3, + 0x07, 0x9b, 0xc9, 0xaa, 0x2d, 0xf5, 0x99, 0x55, 0xfb, 0x14, 0x54, 0xc3, 0xc0, 0x73, 0x1b, 0xae, + 0xaa, 0x7f, 0xc8, 0xf2, 0x78, 0x97, 0x45, 0x1b, 0x56, 0x50, 0x74, 0x1b, 0x6a, 0xea, 0x6e, 0x7f, + 0xe1, 0xdf, 0x2e, 0xea, 0xd0, 0x47, 0x19, 0x2d, 0xfa, 0xce, 0x7e, 0xcd, 0x0b, 0xd9, 0x30, 0xc8, + 0x94, 0xa0, 0x4c, 0x11, 0x60, 0xbe, 0x77, 0xa6, 0x1d, 0x63, 0x2c, 0x20, 0xf6, 0xd7, 0x6b, 0x70, + 0x26, 0xaf, 0x22, 0x37, 0xfa, 0x28, 0x0c, 0xf2, 0x3e, 0x16, 0x73, 0xe9, 0x43, 0x1e, 0x8f, 0x39, + 0x46, 0x50, 0x74, 0x8b, 0xfd, 0xc6, 0x82, 0xa7, 0xe0, 0xee, 0x39, 0x6b, 0x62, 0x86, 0x1c, 0x0f, + 0xf7, 0x05, 0x47, 0x73, 0x5f, 0x70, 0x38, 0x77, 0xcf, 0x59, 0x43, 0xdb, 0x50, 0x69, 0xb9, 0x09, + 0x71, 0x84, 0x13, 0xe1, 0xe6, 0xb1, 0x30, 0x27, 0x0e, 0xb7, 0xd2, 0xd8, 0x4f, 0xcc, 0x19, 0xa2, + 0xaf, 0x59, 0x70, 0x62, 0x2d, 0x9d, 0x42, 0x2f, 0x84, 0xa7, 0x73, 0x0c, 0x55, 0xd7, 0xd3, 0x8c, + 0xf8, 0x4d, 0x46, 0x99, 0x46, 0x9c, 0xed, 0x0e, 0xfa, 0x94, 0x05, 0x43, 0xeb, 0xae, 0x67, 0x14, + 0xe0, 0x3d, 0x86, 0x8f, 0x73, 0x89, 0x31, 0xd0, 0x3b, 0x0e, 0xfe, 0x3f, 0xc6, 0x92, 0x73, 0x2f, + 0x4d, 0x35, 0x78, 0x54, 0x4d, 0x35, 0x74, 0x9f, 0x34, 0xd5, 0x67, 0x2c, 0xa8, 0xa9, 0x91, 0x16, + 0x69, 0xd1, 0x1f, 0x3a, 0xc6, 0x4f, 0xce, 0x3d, 0x27, 0xea, 0x2f, 0xd6, 0xcc, 0xd1, 0x17, 0x2d, + 0x18, 0x76, 0x5e, 0xef, 0x44, 0xa4, 0x49, 0xb6, 0x82, 0x30, 0x16, 0xd7, 0x20, 0xbe, 0x52, 0x7c, + 0x67, 0xa6, 0x29, 0x93, 0x59, 0xb2, 0xb5, 0x14, 0xc6, 0x22, 0x7d, 0x49, 0x37, 0x60, 0xb3, 0x0b, + 0xf6, 0x6e, 0x09, 0x26, 0xf6, 0xa1, 0x80, 0x5e, 0x80, 0x91, 0x20, 0x6a, 0x39, 0xbe, 0xfb, 0xba, + 0x59, 0x13, 0x43, 0x59, 0x59, 0x4b, 0x06, 0x0c, 0xa7, 0x30, 0xcd, 0xc4, 0xed, 0xd2, 0x3e, 0x89, + 0xdb, 0xe7, 0x61, 0x20, 0x22, 0x61, 0x90, 0xdd, 0x2c, 0xb0, 0xd4, 0x01, 0x06, 0x41, 0x8f, 0x41, + 0xd9, 0x09, 0x5d, 0x11, 0x88, 0xa6, 0xf6, 0x40, 0xd3, 0xcb, 0xf3, 0x98, 0xb6, 0xa7, 0xea, 0x48, + 0x54, 0xee, 0x49, 0x1d, 0x09, 0xaa, 0x06, 0xc4, 0xd9, 0xc5, 0xa0, 0x56, 0x03, 0xe9, 0x33, 0x05, + 0xfb, 0xcd, 0x32, 0x3c, 0xb6, 0xe7, 0x7c, 0xd1, 0x71, 0x78, 0xd6, 0x1e, 0x71, 0x78, 0x72, 0x78, + 0x4a, 0xfb, 0x0d, 0x4f, 0xb9, 0xc7, 0xf0, 0x7c, 0x8a, 0x2e, 0x03, 0x59, 0x4b, 0xa4, 0x98, 0x8b, + 0xec, 0x7a, 0x95, 0x26, 0x11, 0x2b, 0x40, 0x42, 0xb1, 0xe6, 0x4b, 0xf7, 0x00, 0xa9, 0xa4, 0xe5, + 0x4a, 0x11, 0x6a, 0xa0, 0x67, 0x6d, 0x11, 0x3e, 0xf7, 0x7b, 0x65, 0x42, 0xdb, 0x3f, 0x5f, 0x82, + 0x27, 0xfa, 0x90, 0xde, 0xe6, 0x2c, 0xb6, 0xfa, 0x9c, 0xc5, 0xdf, 0xdb, 0x9f, 0xc9, 0xfe, 0xeb, + 0x16, 0x9c, 0xeb, 0xad, 0x3c, 0xd0, 0xb3, 0x30, 0xbc, 0x16, 0x39, 0x7e, 0x63, 0x83, 0x5d, 0xce, + 0x29, 0x07, 0x85, 0x8d, 0xb5, 0x6e, 0xc6, 0x26, 0x0e, 0xdd, 0xde, 0xf2, 0x98, 0x04, 0x03, 0x43, + 0x26, 0x99, 0xd2, 0xed, 0xed, 0x6a, 0x16, 0x88, 0xbb, 0xf1, 0xed, 0x3f, 0x2b, 0xe5, 0x77, 0x8b, + 0x1b, 0x19, 0x07, 0xf9, 0x4e, 0xe2, 0x2b, 0x94, 0xfa, 0x90, 0x25, 0xe5, 0x7b, 0x2d, 0x4b, 0x06, + 0x7a, 0xc9, 0x12, 0x34, 0x0b, 0x27, 0x8d, 0xcb, 0x5b, 0x78, 0xe2, 0x30, 0x0f, 0xb8, 0x55, 0xd5, + 0x34, 0x96, 0x33, 0x70, 0xdc, 0xf5, 0x04, 0x7a, 0x1a, 0xaa, 0xae, 0x1f, 0x93, 0x46, 0x27, 0xe2, + 0x81, 0xde, 0x46, 0xb2, 0xd6, 0xbc, 0x68, 0xc7, 0x0a, 0xc3, 0xfe, 0xe5, 0x12, 0x3c, 0xd2, 0xd3, + 0xce, 0xba, 0x47, 0xb2, 0xcb, 0xfc, 0x1c, 0x03, 0xf7, 0xe6, 0x73, 0x98, 0x83, 0x54, 0xd9, 0x77, + 0x90, 0xfe, 0xb0, 0xf7, 0xc4, 0xa4, 0x36, 0xf7, 0xf7, 0xed, 0x28, 0xbd, 0x08, 0xa3, 0x4e, 0x18, + 0x72, 0x3c, 0x16, 0xaf, 0x99, 0xa9, 0xa6, 0x33, 0x6d, 0x02, 0x71, 0x1a, 0xb7, 0x2f, 0xed, 0xf9, + 0xc7, 0x16, 0xd4, 0x30, 0x59, 0xe7, 0xd2, 0x01, 0xdd, 0x12, 0x43, 0x64, 0x15, 0x51, 0x77, 0x93, + 0x0e, 0x6c, 0xec, 0xb2, 0x7a, 0x94, 0x79, 0x83, 0xdd, 0x7d, 0xc9, 0x4f, 0xe9, 0x40, 0x97, 0xfc, + 0xa8, 0x6b, 0x5e, 0xca, 0xbd, 0xaf, 0x79, 0xb1, 0xbf, 0x31, 0x44, 0x5f, 0x2f, 0x0c, 0x66, 0x22, + 0xd2, 0x8c, 0xe9, 0xf7, 0xed, 0x44, 0x9e, 0x98, 0x24, 0xea, 0xfb, 0x5e, 0xc7, 0x0b, 0x98, 0xb6, + 0xa7, 0x8e, 0x62, 0x4a, 0x07, 0xaa, 0x25, 0x52, 0xde, 0xb7, 0x96, 0xc8, 0x8b, 0x30, 0x1a, 0xc7, + 0x1b, 0xcb, 0x91, 0xbb, 0xe5, 0x24, 0xe4, 0x2a, 0xd9, 0x11, 0x56, 0x96, 0xce, 0xff, 0x5f, 0xb9, + 0xac, 0x81, 0x38, 0x8d, 0x8b, 0xe6, 0xe0, 0x94, 0xae, 0xe8, 0x41, 0xa2, 0x84, 0x45, 0xf7, 0xf3, + 0x99, 0xa0, 0x92, 0x7d, 0x75, 0x0d, 0x10, 0x81, 0x80, 0xbb, 0x9f, 0xa1, 0xf2, 0x2d, 0xd5, 0x48, + 0x3b, 0x32, 0x98, 0x96, 0x6f, 0x29, 0x3a, 0xb4, 0x2f, 0x5d, 0x4f, 0xa0, 0x45, 0x38, 0xcd, 0x27, + 0xc6, 0x74, 0x18, 0x1a, 0x6f, 0x34, 0x94, 0xae, 0x77, 0x38, 0xd7, 0x8d, 0x82, 0xf3, 0x9e, 0x43, + 0xcf, 0xc3, 0xb0, 0x6a, 0x9e, 0x9f, 0x15, 0xa7, 0x08, 0xca, 0x8b, 0xa1, 0xc8, 0xcc, 0x37, 0xb1, + 0x89, 0x87, 0x3e, 0x08, 0x0f, 0xeb, 0xbf, 0x3c, 0x05, 0x8c, 0x1f, 0xad, 0xcd, 0x8a, 0x62, 0x49, + 0xea, 0x52, 0x91, 0xb9, 0x5c, 0xb4, 0x26, 0xee, 0xf5, 0x3c, 0x5a, 0x83, 0x73, 0x0a, 0x74, 0xd1, + 0x4f, 0x58, 0x3e, 0x47, 0x4c, 0xea, 0x4e, 0x4c, 0xae, 0x47, 0x9e, 0xb8, 0x95, 0x55, 0xdd, 0xf7, + 0x38, 0xe7, 0x26, 0x97, 0xf3, 0x30, 0xf1, 0x02, 0xde, 0x83, 0x0a, 0x9a, 0x82, 0x1a, 0xf1, 0x9d, + 0x35, 0x8f, 0x2c, 0xcd, 0xcc, 0xb3, 0xa2, 0x4b, 0xc6, 0x49, 0xde, 0x45, 0x09, 0xc0, 0x1a, 0x47, + 0x45, 0x98, 0x8e, 0xf4, 0xbc, 0x7b, 0x74, 0x19, 0xce, 0xb4, 0x1a, 0x21, 0xb5, 0x3d, 0xdc, 0x06, + 0x99, 0x6e, 0xb0, 0x80, 0x3a, 0xfa, 0x61, 0x78, 0x21, 0x4a, 0x15, 0x3e, 0x3d, 0x37, 0xb3, 0xdc, + 0x85, 0x83, 0x73, 0x9f, 0x64, 0x81, 0x97, 0x51, 0xb0, 0xbd, 0x33, 0x7e, 0x3a, 0x13, 0x78, 0x49, + 0x1b, 0x31, 0x87, 0xa1, 0x2b, 0x80, 0x58, 0x2c, 0xfe, 0xe5, 0x24, 0x09, 0x95, 0xb1, 0x33, 0x7e, + 0x86, 0xbd, 0x92, 0x0a, 0x23, 0xbb, 0xd4, 0x85, 0x81, 0x73, 0x9e, 0xb2, 0xff, 0xa3, 0x05, 0xa3, + 0x6a, 0xbd, 0xde, 0x83, 0x6c, 0x14, 0x2f, 0x9d, 0x8d, 0x32, 0x77, 0x74, 0x89, 0xc7, 0x7a, 0xde, + 0x23, 0xa4, 0xf9, 0x67, 0x86, 0x01, 0xb4, 0x54, 0x54, 0x0a, 0xc9, 0xea, 0xa9, 0x90, 0x1e, 0x58, + 0x89, 0x94, 0x57, 0x61, 0xa5, 0x72, 0x7f, 0x2b, 0xac, 0xac, 0xc0, 0x59, 0x69, 0x2e, 0xf0, 0xb3, + 0xa2, 0xcb, 0x41, 0xac, 0x04, 0x5c, 0xb5, 0xfe, 0x98, 0x20, 0x74, 0x76, 0x3e, 0x0f, 0x09, 0xe7, + 0x3f, 0x9b, 0xb2, 0x52, 0x86, 0xf6, 0xb3, 0x52, 0xf4, 0x9a, 0x5e, 0x58, 0x97, 0xb7, 0x87, 0x64, + 0xd6, 0xf4, 0xc2, 0xa5, 0x15, 0xac, 0x71, 0xf2, 0x05, 0x7b, 0xad, 0x20, 0xc1, 0x0e, 0x07, 0x16, + 0xec, 0x52, 0xc4, 0x0c, 0xf7, 0x14, 0x31, 0xd2, 0x27, 0x3d, 0xd2, 0xd3, 0x27, 0xfd, 0x3e, 0x18, + 0x73, 0xfd, 0x0d, 0x12, 0xb9, 0x09, 0x69, 0xb2, 0xb5, 0xc0, 0xc4, 0x4f, 0x55, 0xab, 0xf5, 0xf9, + 0x14, 0x14, 0x67, 0xb0, 0xd3, 0x72, 0x71, 0xac, 0x0f, 0xb9, 0xd8, 0x43, 0x1b, 0x9d, 0x28, 0x46, + 0x1b, 0x9d, 0x3c, 0xba, 0x36, 0x3a, 0x75, 0xac, 0xda, 0x08, 0x15, 0xa2, 0x8d, 0xfa, 0x12, 0xf4, + 0xc6, 0xf6, 0xef, 0xcc, 0x3e, 0xdb, 0xbf, 0x5e, 0xaa, 0xe8, 0xec, 0xa1, 0x55, 0x51, 0xbe, 0x96, + 0x79, 0xe8, 0x50, 0x5a, 0xe6, 0x33, 0x25, 0x38, 0xab, 0xe5, 0x30, 0x9d, 0xfd, 0xee, 0x3a, 0x95, + 0x44, 0xec, 0x02, 0x2a, 0x7e, 0x6e, 0x63, 0x24, 0x47, 0xe9, 0x3c, 0x2b, 0x05, 0xc1, 0x06, 0x16, + 0xcb, 0x31, 0x22, 0x11, 0x2b, 0xb7, 0x9b, 0x15, 0xd2, 0x33, 0xa2, 0x1d, 0x2b, 0x0c, 0x3a, 0xbf, + 0xe8, 0x6f, 0x91, 0xb7, 0x99, 0x2d, 0x2a, 0x37, 0xa3, 0x41, 0xd8, 0xc4, 0x43, 0x4f, 0x71, 0x26, + 0x4c, 0x40, 0x50, 0x41, 0x3d, 0x22, 0x6e, 0xa4, 0x95, 0x32, 0x41, 0x41, 0x65, 0x77, 0x58, 0x32, + 0x59, 0xa5, 0xbb, 0x3b, 0x2c, 0x04, 0x4a, 0x61, 0xd8, 0xff, 0xcb, 0x82, 0x47, 0x72, 0x87, 0xe2, + 0x1e, 0x28, 0xdf, 0xed, 0xb4, 0xf2, 0x5d, 0x29, 0x6a, 0xbb, 0x61, 0xbc, 0x45, 0x0f, 0x45, 0xfc, + 0xef, 0x2d, 0x18, 0xd3, 0xf8, 0xf7, 0xe0, 0x55, 0xdd, 0xf4, 0xab, 0x16, 0xb7, 0xb3, 0xaa, 0x75, + 0xbd, 0xdb, 0xef, 0x94, 0x40, 0x15, 0x7a, 0x9c, 0x6e, 0xc8, 0x32, 0xba, 0xfb, 0x9c, 0x24, 0xee, + 0xc0, 0x20, 0x3b, 0x08, 0x8d, 0x8b, 0x09, 0xf2, 0x48, 0xf3, 0x67, 0x87, 0xaa, 0xfa, 0x90, 0x99, + 0xfd, 0x8d, 0xb1, 0x60, 0xc8, 0x8a, 0x41, 0xbb, 0x31, 0x95, 0xe6, 0x4d, 0x91, 0x96, 0xa5, 0x8b, + 0x41, 0x8b, 0x76, 0xac, 0x30, 0xa8, 0x7a, 0x70, 0x1b, 0x81, 0x3f, 0xe3, 0x39, 0xb1, 0xbc, 0x75, + 0x51, 0xa9, 0x87, 0x79, 0x09, 0xc0, 0x1a, 0x87, 0x9d, 0x91, 0xba, 0x71, 0xe8, 0x39, 0x3b, 0xc6, + 0xfe, 0xd9, 0xa8, 0x4f, 0xa0, 0x40, 0xd8, 0xc4, 0xb3, 0xdb, 0x30, 0x9e, 0x7e, 0x89, 0x59, 0xb2, + 0xce, 0x02, 0x14, 0xfb, 0x1a, 0xce, 0x29, 0xa8, 0x39, 0xec, 0xa9, 0x85, 0x8e, 0x93, 0xbd, 0x2c, + 0x7d, 0x5a, 0x02, 0xb0, 0xc6, 0xb1, 0x7f, 0xd5, 0x82, 0xd3, 0x39, 0x83, 0x56, 0x60, 0xda, 0x5b, + 0xa2, 0xa5, 0x4d, 0x9e, 0x62, 0x7f, 0x27, 0x0c, 0x35, 0xc9, 0xba, 0x23, 0x43, 0xe0, 0x0c, 0xd9, + 0x3e, 0xcb, 0x9b, 0xb1, 0x84, 0xdb, 0xff, 0xc3, 0x82, 0x13, 0xe9, 0xbe, 0xc6, 0x2c, 0x95, 0x84, + 0x0f, 0x93, 0x1b, 0x37, 0x82, 0x2d, 0x12, 0xed, 0xd0, 0x37, 0xb7, 0x32, 0xa9, 0x24, 0x5d, 0x18, + 0x38, 0xe7, 0x29, 0x56, 0xe6, 0xb5, 0xa9, 0x46, 0x5b, 0xce, 0xc8, 0x1b, 0x45, 0xce, 0x48, 0xfd, + 0x31, 0xcd, 0xe3, 0x72, 0xc5, 0x12, 0x9b, 0xfc, 0xed, 0xef, 0x0c, 0x80, 0xca, 0x8b, 0x65, 0xf1, + 0x47, 0x05, 0x45, 0x6f, 0x1d, 0x34, 0x83, 0x48, 0x4d, 0x86, 0x81, 0xbd, 0x02, 0x02, 0xb8, 0x97, + 0xc4, 0x74, 0x5d, 0xaa, 0x37, 0x5c, 0xd5, 0x20, 0x6c, 0xe2, 0xd1, 0x9e, 0x78, 0xee, 0x16, 0xe1, + 0x0f, 0x0d, 0xa6, 0x7b, 0xb2, 0x20, 0x01, 0x58, 0xe3, 0xd0, 0x9e, 0x34, 0xdd, 0xf5, 0x75, 0xb1, + 0xe5, 0x57, 0x3d, 0xa1, 0xa3, 0x83, 0x19, 0x84, 0x57, 0xee, 0x0e, 0x36, 0x85, 0x15, 0x6c, 0x54, + 0xee, 0x0e, 0x36, 0x31, 0x83, 0x50, 0xbb, 0xcd, 0x0f, 0xa2, 0x36, 0xbb, 0xcc, 0xbe, 0xa9, 0xb8, + 0x08, 0xeb, 0x57, 0xd9, 0x6d, 0xd7, 0xba, 0x51, 0x70, 0xde, 0x73, 0x74, 0x06, 0x86, 0x11, 0x69, + 0xba, 0x8d, 0xc4, 0xa4, 0x06, 0xe9, 0x19, 0xb8, 0xdc, 0x85, 0x81, 0x73, 0x9e, 0x42, 0xd3, 0x70, + 0x42, 0xe6, 0x35, 0xcb, 0xaa, 0x35, 0xc3, 0xe9, 0x2a, 0x19, 0x38, 0x0d, 0xc6, 0x59, 0x7c, 0x2a, + 0xd5, 0xda, 0xa2, 0xb0, 0x15, 0x33, 0x96, 0x0d, 0xa9, 0x26, 0x0b, 0x5e, 0x61, 0x85, 0x61, 0x7f, + 0xb2, 0x4c, 0xb5, 0x70, 0x8f, 0x82, 0x6e, 0xf7, 0x2c, 0x5a, 0x30, 0x3d, 0x23, 0x07, 0xfa, 0x98, + 0x91, 0xcf, 0xc1, 0xc8, 0xad, 0x38, 0xf0, 0x55, 0x24, 0x5e, 0xa5, 0x67, 0x24, 0x9e, 0x81, 0x95, + 0x1f, 0x89, 0x37, 0x58, 0x54, 0x24, 0xde, 0xd0, 0x21, 0x23, 0xf1, 0xbe, 0x55, 0x01, 0x75, 0x85, + 0xc8, 0x35, 0x92, 0xdc, 0x0e, 0xa2, 0x4d, 0xd7, 0x6f, 0xb1, 0x7c, 0xf0, 0xaf, 0x59, 0x30, 0xc2, + 0xd7, 0xcb, 0x82, 0x99, 0x49, 0xb5, 0x5e, 0xd0, 0xdd, 0x14, 0x29, 0x66, 0x93, 0xab, 0x06, 0xa3, + 0xcc, 0xa5, 0x9f, 0x26, 0x08, 0xa7, 0x7a, 0x84, 0x3e, 0x06, 0x20, 0xfd, 0xa3, 0xeb, 0x52, 0x64, + 0xce, 0x17, 0xd3, 0x3f, 0x4c, 0xd6, 0xb5, 0x0d, 0xbc, 0xaa, 0x98, 0x60, 0x83, 0x21, 0xfa, 0x8c, + 0xce, 0x32, 0xe3, 0x21, 0xfb, 0x1f, 0x39, 0x96, 0xb1, 0xe9, 0x27, 0xc7, 0x0c, 0xc3, 0x90, 0xeb, + 0xb7, 0xe8, 0x3c, 0x11, 0x11, 0x4b, 0xef, 0xc8, 0xab, 0xa5, 0xb0, 0x10, 0x38, 0xcd, 0xba, 0xe3, + 0x39, 0x7e, 0x83, 0x44, 0xf3, 0x1c, 0xdd, 0xbc, 0xea, 0x9a, 0x35, 0x60, 0x49, 0xa8, 0xeb, 0xf2, + 0x95, 0x4a, 0x3f, 0x97, 0xaf, 0x9c, 0x7b, 0x3f, 0x9c, 0xea, 0xfa, 0x98, 0x07, 0x4a, 0x29, 0x3b, + 0x7c, 0x36, 0x9a, 0xfd, 0x2f, 0x07, 0xb5, 0xd2, 0xba, 0x16, 0x34, 0xf9, 0x15, 0x20, 0x91, 0xfe, + 0xa2, 0xc2, 0xc6, 0x2d, 0x70, 0x8a, 0x18, 0xd7, 0x65, 0xab, 0x46, 0x6c, 0xb2, 0xa4, 0x73, 0x34, + 0x74, 0x22, 0xe2, 0x1f, 0xf7, 0x1c, 0x5d, 0x56, 0x4c, 0xb0, 0xc1, 0x10, 0x6d, 0xa4, 0x72, 0x4a, + 0x2e, 0x1d, 0x3d, 0xa7, 0x84, 0x55, 0x99, 0xca, 0xab, 0xda, 0xff, 0x45, 0x0b, 0xc6, 0xfc, 0xd4, + 0xcc, 0x2d, 0x26, 0x8c, 0x34, 0x7f, 0x55, 0xf0, 0x1b, 0xa8, 0xd2, 0x6d, 0x38, 0xc3, 0x3f, 0x4f, + 0xa5, 0x55, 0x0e, 0xa8, 0xd2, 0xf4, 0x5d, 0x42, 0x83, 0xbd, 0xee, 0x12, 0x42, 0xbe, 0xba, 0x4c, + 0x6d, 0xa8, 0xf0, 0xcb, 0xd4, 0x20, 0xe7, 0x22, 0xb5, 0x9b, 0x50, 0x6b, 0x44, 0xc4, 0x49, 0x0e, + 0x79, 0xaf, 0x16, 0x3b, 0xa0, 0x9f, 0x91, 0x04, 0xb0, 0xa6, 0x65, 0xff, 0xdf, 0x01, 0x38, 0x29, + 0x47, 0x44, 0x86, 0xa0, 0x53, 0xfd, 0xc8, 0xf9, 0x6a, 0xe3, 0x56, 0xe9, 0xc7, 0xcb, 0x12, 0x80, + 0x35, 0x0e, 0xb5, 0xc7, 0x3a, 0x31, 0x59, 0x0a, 0x89, 0xbf, 0xe0, 0xae, 0xc5, 0xe2, 0x9c, 0x53, + 0x2d, 0x94, 0xeb, 0x1a, 0x84, 0x4d, 0x3c, 0x6a, 0x8c, 0x73, 0xbb, 0x38, 0xce, 0xa6, 0xaf, 0x08, + 0x7b, 0x1b, 0x4b, 0x38, 0xfa, 0x85, 0xdc, 0x0a, 0xb3, 0xc5, 0x24, 0x6e, 0x75, 0x45, 0xde, 0x1f, + 0xf0, 0x2a, 0xc6, 0xbf, 0x63, 0xc1, 0x59, 0xde, 0x2a, 0x47, 0xf2, 0x7a, 0xd8, 0x74, 0x12, 0x12, + 0x17, 0x53, 0xf1, 0x3d, 0xa7, 0x7f, 0xda, 0xc9, 0x9b, 0xc7, 0x16, 0xe7, 0xf7, 0x06, 0xbd, 0x61, + 0xc1, 0x89, 0xcd, 0x54, 0xcd, 0x0f, 0xa9, 0x3a, 0x8e, 0x9a, 0x8e, 0x9f, 0x22, 0xaa, 0x97, 0x5a, + 0xba, 0x3d, 0xc6, 0x59, 0xee, 0xf6, 0x9f, 0x59, 0x60, 0x8a, 0xd1, 0x7b, 0x5f, 0x2a, 0xe4, 0xe0, + 0xa6, 0xa0, 0xb4, 0x2e, 0x2b, 0x3d, 0xad, 0xcb, 0xc7, 0xa0, 0xdc, 0x71, 0x9b, 0x62, 0x7f, 0xa1, + 0x4f, 0x5f, 0xe7, 0x67, 0x31, 0x6d, 0xb7, 0xff, 0x59, 0x45, 0xfb, 0x2d, 0x44, 0x5e, 0xd4, 0xf7, + 0xc5, 0x6b, 0xaf, 0xab, 0x62, 0x63, 0xfc, 0xcd, 0xaf, 0x75, 0x15, 0x1b, 0xfb, 0xd1, 0x83, 0xa7, + 0xbd, 0xf1, 0x01, 0xea, 0x55, 0x6b, 0x6c, 0x68, 0x9f, 0x9c, 0xb7, 0x5b, 0x50, 0xa5, 0x5b, 0x30, + 0xe6, 0x80, 0xac, 0xa6, 0x3a, 0x55, 0xbd, 0x2c, 0xda, 0xef, 0xee, 0x4e, 0xbc, 0xf7, 0xe0, 0xdd, + 0x92, 0x4f, 0x63, 0x45, 0x1f, 0xc5, 0x50, 0xa3, 0xbf, 0x59, 0x7a, 0x9e, 0xd8, 0xdc, 0x5d, 0x57, + 0x32, 0x53, 0x02, 0x0a, 0xc9, 0xfd, 0xd3, 0x7c, 0x90, 0x0f, 0x35, 0x76, 0x6b, 0x2d, 0x63, 0xca, + 0xf7, 0x80, 0xcb, 0x2a, 0x49, 0x4e, 0x02, 0xee, 0xee, 0x4e, 0xbc, 0x78, 0x70, 0xa6, 0xea, 0x71, + 0xac, 0x59, 0xd8, 0x5f, 0x1a, 0xd0, 0x73, 0x57, 0xd4, 0x98, 0xfb, 0xbe, 0x98, 0xbb, 0x2f, 0x64, + 0xe6, 0xee, 0xf9, 0xae, 0xb9, 0x3b, 0xa6, 0x6f, 0x57, 0x4d, 0xcd, 0xc6, 0x7b, 0x6d, 0x08, 0xec, + 0xef, 0x6f, 0x60, 0x16, 0xd0, 0x6b, 0x1d, 0x37, 0x22, 0xf1, 0x72, 0xd4, 0xf1, 0x5d, 0xbf, 0xc5, + 0xa6, 0x63, 0xd5, 0xb4, 0x80, 0x52, 0x60, 0x9c, 0xc5, 0xa7, 0x9b, 0x7a, 0xfa, 0xcd, 0x6f, 0x3a, + 0x5b, 0x7c, 0x56, 0x19, 0x65, 0xb7, 0x56, 0x44, 0x3b, 0x56, 0x18, 0xf6, 0x37, 0xd8, 0x59, 0xb6, + 0x91, 0x17, 0x4c, 0xe7, 0x84, 0xc7, 0xae, 0x09, 0xe6, 0x35, 0xbb, 0xd4, 0x9c, 0xe0, 0x77, 0x03, + 0x73, 0x18, 0xba, 0x0d, 0x43, 0x6b, 0xfc, 0x9e, 0xbc, 0x62, 0xea, 0x98, 0x8b, 0x4b, 0xf7, 0xd8, + 0x6d, 0x28, 0xf2, 0x06, 0xbe, 0xbb, 0xfa, 0x27, 0x96, 0xdc, 0xec, 0xdf, 0xaf, 0xc0, 0x89, 0xcc, + 0x45, 0xb2, 0xa9, 0x6a, 0xa9, 0xa5, 0x7d, 0xab, 0xa5, 0x7e, 0x18, 0xa0, 0x49, 0x42, 0x2f, 0xd8, + 0x61, 0xe6, 0xd8, 0xc0, 0x81, 0xcd, 0x31, 0x65, 0xc1, 0xcf, 0x2a, 0x2a, 0xd8, 0xa0, 0x28, 0x0a, + 0x95, 0xf1, 0xe2, 0xab, 0x99, 0x42, 0x65, 0xc6, 0x6d, 0x07, 0x83, 0xf7, 0xf6, 0xb6, 0x03, 0x17, + 0x4e, 0xf0, 0x2e, 0xaa, 0xec, 0xdb, 0x43, 0x24, 0xd9, 0xb2, 0xfc, 0x85, 0xd9, 0x34, 0x19, 0x9c, + 0xa5, 0x7b, 0x3f, 0xef, 0x89, 0x46, 0xef, 0x82, 0x9a, 0xfc, 0xce, 0xf1, 0x78, 0x4d, 0x57, 0x30, + 0x90, 0xd3, 0x80, 0xdd, 0xdf, 0x2c, 0x7e, 0x76, 0x15, 0x12, 0x80, 0xfb, 0x55, 0x48, 0xc0, 0xfe, + 0x42, 0x89, 0xda, 0xf1, 0xbc, 0x5f, 0xaa, 0x26, 0xce, 0x93, 0x30, 0xe8, 0x74, 0x92, 0x8d, 0xa0, + 0xeb, 0xd6, 0xbf, 0x69, 0xd6, 0x8a, 0x05, 0x14, 0x2d, 0xc0, 0x40, 0x53, 0xd7, 0x39, 0x39, 0xc8, + 0xf7, 0xd4, 0x2e, 0x51, 0x27, 0x21, 0x98, 0x51, 0x41, 0x8f, 0xc2, 0x40, 0xe2, 0xb4, 0x64, 0xca, + 0x15, 0x4b, 0xb3, 0x5d, 0x75, 0x5a, 0x31, 0x66, 0xad, 0xa6, 0xfa, 0x1e, 0xd8, 0x47, 0x7d, 0xbf, + 0x08, 0xa3, 0xb1, 0xdb, 0xf2, 0x9d, 0xa4, 0x13, 0x11, 0xe3, 0x98, 0x4f, 0x47, 0x6e, 0x98, 0x40, + 0x9c, 0xc6, 0xb5, 0x7f, 0x73, 0x04, 0xce, 0xac, 0xcc, 0x2c, 0xca, 0xea, 0xdd, 0xc7, 0x96, 0x35, + 0x95, 0xc7, 0xe3, 0xde, 0x65, 0x4d, 0xf5, 0xe0, 0xee, 0x19, 0x59, 0x53, 0x9e, 0x91, 0x35, 0x95, + 0x4e, 0x61, 0x29, 0x17, 0x91, 0xc2, 0x92, 0xd7, 0x83, 0x7e, 0x52, 0x58, 0x8e, 0x2d, 0x8d, 0x6a, + 0xcf, 0x0e, 0x1d, 0x28, 0x8d, 0x4a, 0xe5, 0x98, 0x15, 0x92, 0x5c, 0xd0, 0xe3, 0x53, 0xe5, 0xe6, + 0x98, 0xa9, 0xfc, 0x1e, 0x9e, 0x38, 0x23, 0x44, 0xfd, 0x2b, 0xc5, 0x77, 0xa0, 0x8f, 0xfc, 0x1e, + 0x91, 0xbb, 0x63, 0xe6, 0x94, 0x0d, 0x15, 0x91, 0x53, 0x96, 0xd7, 0x9d, 0x7d, 0x73, 0xca, 0x5e, + 0x84, 0xd1, 0x86, 0x17, 0xf8, 0x64, 0x39, 0x0a, 0x92, 0xa0, 0x11, 0x78, 0xc2, 0xac, 0x57, 0x22, + 0x61, 0xc6, 0x04, 0xe2, 0x34, 0x6e, 0xaf, 0x84, 0xb4, 0xda, 0x51, 0x13, 0xd2, 0xe0, 0x3e, 0x25, + 0xa4, 0xfd, 0xac, 0x4e, 0x9d, 0x1e, 0x66, 0x5f, 0xe4, 0xc3, 0xc5, 0x7f, 0x91, 0x7e, 0xf2, 0xa7, + 0xd1, 0x9b, 0xfc, 0xda, 0x3d, 0x6a, 0x18, 0xcf, 0x04, 0x6d, 0x6a, 0xf8, 0x8d, 0xb0, 0x21, 0x79, + 0xf5, 0x18, 0x26, 0xec, 0xcd, 0x15, 0xcd, 0x46, 0x5d, 0xc5, 0xa7, 0x9b, 0x70, 0xba, 0x23, 0x47, + 0x49, 0xed, 0xfe, 0x4a, 0x09, 0x7e, 0x60, 0xdf, 0x2e, 0xa0, 0xdb, 0x00, 0x89, 0xd3, 0x12, 0x13, + 0x55, 0x1c, 0x98, 0x1c, 0x31, 0xbc, 0x72, 0x55, 0xd2, 0xe3, 0x35, 0x49, 0xd4, 0x5f, 0x76, 0x14, + 0x21, 0x7f, 0xb3, 0xa8, 0xca, 0xc0, 0xeb, 0x2a, 0xdd, 0x88, 0x03, 0x8f, 0x60, 0x06, 0xa1, 0xea, + 0x3f, 0x22, 0x2d, 0x7d, 0x4f, 0xb4, 0xfa, 0x7c, 0x98, 0xb5, 0x62, 0x01, 0x45, 0xcf, 0xc3, 0xb0, + 0xe3, 0x79, 0x3c, 0x3f, 0x86, 0xc4, 0xe2, 0xde, 0x1d, 0x5d, 0x43, 0x4e, 0x83, 0xb0, 0x89, 0x67, + 0xff, 0x69, 0x09, 0x26, 0xf6, 0x91, 0x29, 0x5d, 0x19, 0x7f, 0x95, 0xbe, 0x33, 0xfe, 0x44, 0x8e, + 0xc2, 0x60, 0x8f, 0x1c, 0x85, 0xe7, 0x61, 0x38, 0x21, 0x4e, 0x5b, 0x04, 0x64, 0x09, 0x4f, 0x80, + 0x3e, 0x01, 0xd6, 0x20, 0x6c, 0xe2, 0x51, 0x29, 0x36, 0xe6, 0x34, 0x1a, 0x24, 0x8e, 0x65, 0x12, + 0x82, 0xf0, 0xa6, 0x16, 0x96, 0xe1, 0xc0, 0x9c, 0xd4, 0xd3, 0x29, 0x16, 0x38, 0xc3, 0x32, 0x3b, + 0xe0, 0xb5, 0x3e, 0x07, 0xfc, 0xeb, 0x25, 0x78, 0x6c, 0x4f, 0xed, 0xd6, 0x77, 0x7e, 0x48, 0x27, + 0x26, 0x51, 0x76, 0xe2, 0x5c, 0x8f, 0x49, 0x84, 0x19, 0x84, 0x8f, 0x52, 0x18, 0x1a, 0xf7, 0x70, + 0x17, 0x9d, 0xbc, 0xc4, 0x47, 0x29, 0xc5, 0x02, 0x67, 0x58, 0x1e, 0x76, 0x5a, 0xfe, 0x83, 0x12, + 0x3c, 0xd1, 0x87, 0x0d, 0x50, 0x60, 0x92, 0x57, 0x3a, 0xd5, 0xae, 0x7c, 0x9f, 0x32, 0x22, 0x0f, + 0x39, 0x5c, 0xdf, 0x28, 0xc1, 0xb9, 0xde, 0xaa, 0x18, 0xfd, 0x18, 0x9c, 0x88, 0x54, 0x14, 0x96, + 0x99, 0xa5, 0x77, 0x9a, 0x7b, 0x12, 0x52, 0x20, 0x9c, 0xc5, 0x45, 0x93, 0x00, 0xa1, 0x93, 0x6c, + 0xc4, 0x17, 0xb7, 0xdd, 0x38, 0x11, 0x55, 0x68, 0xc6, 0xf8, 0xd9, 0x95, 0x6c, 0xc5, 0x06, 0x06, + 0x65, 0xc7, 0xfe, 0xcd, 0x06, 0xd7, 0x82, 0x84, 0x3f, 0xc4, 0xb7, 0x11, 0xa7, 0xe5, 0x9d, 0x1d, + 0x06, 0x08, 0x67, 0x71, 0x29, 0x3b, 0x76, 0x3a, 0xca, 0x3b, 0xca, 0xf7, 0x17, 0x8c, 0xdd, 0x82, + 0x6a, 0xc5, 0x06, 0x46, 0x36, 0xff, 0xb0, 0xb2, 0x7f, 0xfe, 0xa1, 0xfd, 0x4f, 0x4b, 0xf0, 0x48, + 0x4f, 0x53, 0xae, 0xbf, 0x05, 0xf8, 0xe0, 0xe5, 0x0c, 0x1e, 0x6e, 0xee, 0x1c, 0x30, 0xb7, 0xed, + 0x8f, 0x7b, 0xcc, 0x34, 0x91, 0xdb, 0x76, 0xf8, 0xe4, 0xf0, 0x07, 0x6f, 0x3c, 0xbb, 0xd2, 0xd9, + 0x06, 0x0e, 0x90, 0xce, 0x96, 0xf9, 0x18, 0x95, 0x3e, 0x17, 0xf2, 0x9f, 0x97, 0x7b, 0x0e, 0x2f, + 0xdd, 0xfa, 0xf5, 0xe5, 0xa7, 0x9d, 0x85, 0x93, 0xae, 0xcf, 0xee, 0x6f, 0x5a, 0xe9, 0xac, 0x89, + 0xc2, 0x24, 0xa5, 0xf4, 0x2d, 0xeb, 0xf3, 0x19, 0x38, 0xee, 0x7a, 0xe2, 0x01, 0x4c, 0x2f, 0x3c, + 0xdc, 0x90, 0x1e, 0x2c, 0xc1, 0x15, 0x2d, 0xc1, 0x59, 0x39, 0x14, 0x1b, 0x4e, 0x44, 0x9a, 0x42, + 0x8d, 0xc4, 0x22, 0xa1, 0xe2, 0x11, 0x9e, 0x94, 0x91, 0x83, 0x80, 0xf3, 0x9f, 0x63, 0x57, 0xe6, + 0x04, 0xa1, 0xdb, 0x10, 0x9b, 0x1c, 0x7d, 0x65, 0x0e, 0x6d, 0xc4, 0x1c, 0x66, 0x7f, 0x18, 0x6a, + 0xea, 0xfd, 0x79, 0x58, 0xb7, 0x9a, 0x74, 0x5d, 0x61, 0xdd, 0x6a, 0xc6, 0x19, 0x58, 0xf4, 0x6b, + 0x51, 0x93, 0x38, 0xb3, 0x7a, 0xae, 0x92, 0x1d, 0x66, 0x1f, 0xdb, 0xef, 0x86, 0x11, 0xe5, 0x67, + 0xe9, 0xf7, 0x22, 0x21, 0xfb, 0x4b, 0x83, 0x30, 0x9a, 0x2a, 0x0e, 0x98, 0x72, 0xb0, 0x5a, 0xfb, + 0x3a, 0x58, 0x59, 0x98, 0x7e, 0xc7, 0x97, 0xb7, 0x8c, 0x19, 0x61, 0xfa, 0x1d, 0x9f, 0x60, 0x0e, + 0xa3, 0xe6, 0x6d, 0x33, 0xda, 0xc1, 0x1d, 0x5f, 0x84, 0xd3, 0x2a, 0xf3, 0x76, 0x96, 0xb5, 0x62, + 0x01, 0x45, 0x9f, 0xb0, 0x60, 0x24, 0x66, 0xde, 0x7b, 0xee, 0x9e, 0x16, 0x93, 0xee, 0xca, 0xd1, + 0x6b, 0x1f, 0xaa, 0x42, 0x98, 0x2c, 0x42, 0xc6, 0x6c, 0xc1, 0x29, 0x8e, 0xe8, 0xd3, 0x16, 0xd4, + 0xd4, 0x65, 0x28, 0xe2, 0xca, 0xc0, 0x95, 0x62, 0x6b, 0x2f, 0x72, 0xbf, 0xa6, 0x3a, 0x08, 0x51, + 0x45, 0xf0, 0xb0, 0x66, 0x8c, 0x62, 0xe5, 0x3b, 0x1e, 0x3a, 0x1e, 0xdf, 0x31, 0xe4, 0xf8, 0x8d, + 0xdf, 0x05, 0xb5, 0xb6, 0xe3, 0xbb, 0xeb, 0x24, 0x4e, 0xb8, 0x3b, 0x57, 0x96, 0x84, 0x95, 0x8d, + 0x58, 0xc3, 0xa9, 0x42, 0x8e, 0xd9, 0x8b, 0x25, 0x86, 0xff, 0x95, 0x29, 0xe4, 0x15, 0xdd, 0x8c, + 0x4d, 0x1c, 0xd3, 0x59, 0x0c, 0xf7, 0xd5, 0x59, 0x3c, 0xbc, 0xb7, 0xb3, 0xd8, 0xfe, 0x47, 0x16, + 0x9c, 0xcd, 0xfd, 0x6a, 0x0f, 0x6e, 0xe0, 0xa3, 0xfd, 0xe5, 0x0a, 0x9c, 0xce, 0xa9, 0xf2, 0x89, + 0x76, 0xcc, 0xf9, 0x6c, 0x15, 0x11, 0x43, 0x90, 0x3e, 0x12, 0x97, 0xc3, 0x98, 0x33, 0x89, 0x0f, + 0x76, 0x54, 0xa3, 0x8f, 0x4b, 0xca, 0xf7, 0xf6, 0xb8, 0xc4, 0x98, 0x96, 0x03, 0xf7, 0x75, 0x5a, + 0x56, 0xf6, 0x39, 0xc3, 0xf8, 0x35, 0x0b, 0xc6, 0xdb, 0x3d, 0x4a, 0xcb, 0x0b, 0xc7, 0xe3, 0x8d, + 0xe3, 0x29, 0x5c, 0x5f, 0x7f, 0xf4, 0xce, 0xee, 0x44, 0xcf, 0x8a, 0xfe, 0xb8, 0x67, 0xaf, 0xec, + 0xef, 0x94, 0x81, 0x95, 0x98, 0x65, 0x95, 0xdc, 0x76, 0xd0, 0xc7, 0xcd, 0x62, 0xc1, 0x56, 0x51, + 0x85, 0x6d, 0x39, 0x71, 0x55, 0x6c, 0x98, 0x8f, 0x60, 0x5e, 0xed, 0xe1, 0xac, 0xd0, 0x2a, 0xf5, + 0x21, 0xb4, 0x3c, 0x59, 0x95, 0xb9, 0x5c, 0x7c, 0x55, 0xe6, 0x5a, 0xb6, 0x22, 0xf3, 0xde, 0x9f, + 0x78, 0xe0, 0x81, 0xfc, 0xc4, 0xbf, 0x68, 0x71, 0xc1, 0x93, 0xf9, 0x0a, 0xda, 0x32, 0xb0, 0xf6, + 0xb0, 0x0c, 0x9e, 0x86, 0x6a, 0x4c, 0xbc, 0xf5, 0xcb, 0xc4, 0xf1, 0x84, 0x05, 0xa1, 0xcf, 0xaf, + 0x45, 0x3b, 0x56, 0x18, 0xec, 0xda, 0x56, 0xcf, 0x0b, 0x6e, 0x5f, 0x6c, 0x87, 0xc9, 0x8e, 0xb0, + 0x25, 0xf4, 0xb5, 0xad, 0x0a, 0x82, 0x0d, 0x2c, 0xfb, 0x6f, 0x97, 0xf8, 0x0c, 0x14, 0x41, 0x10, + 0x2f, 0x64, 0x2e, 0xda, 0xeb, 0x3f, 0x7e, 0xe0, 0xa3, 0x00, 0x0d, 0x75, 0x95, 0xbd, 0x38, 0x13, + 0xba, 0x7c, 0xe4, 0x7b, 0xb6, 0x05, 0x3d, 0xfd, 0x1a, 0xba, 0x0d, 0x1b, 0xfc, 0x52, 0xb2, 0xb4, + 0xbc, 0xaf, 0x2c, 0x4d, 0x89, 0x95, 0x81, 0x7d, 0xb4, 0xdd, 0x9f, 0x5a, 0x90, 0xb2, 0x88, 0x50, + 0x08, 0x15, 0xda, 0xdd, 0x9d, 0x62, 0x6e, 0xe9, 0x37, 0x49, 0x53, 0xd1, 0x28, 0xa6, 0x3d, 0xfb, + 0x89, 0x39, 0x23, 0xe4, 0x89, 0x58, 0x09, 0x3e, 0xaa, 0xd7, 0x8a, 0x63, 0x78, 0x39, 0x08, 0x36, + 0xf9, 0xc1, 0xa6, 0x8e, 0xbb, 0xb0, 0x5f, 0x80, 0x53, 0x5d, 0x9d, 0x62, 0x77, 0x6a, 0x05, 0x54, + 0xfb, 0x64, 0xa6, 0x2b, 0x4b, 0xe0, 0xc4, 0x1c, 0x66, 0x7f, 0xc3, 0x82, 0x93, 0x59, 0xf2, 0xe8, + 0x4d, 0x0b, 0x4e, 0xc5, 0x59, 0x7a, 0xc7, 0x35, 0x76, 0x2a, 0xde, 0xb1, 0x0b, 0x84, 0xbb, 0x3b, + 0x61, 0xff, 0x3f, 0x31, 0xf9, 0x6f, 0xba, 0x7e, 0x33, 0xb8, 0xad, 0x0c, 0x13, 0xab, 0xa7, 0x61, + 0x42, 0xd7, 0x63, 0x63, 0x83, 0x34, 0x3b, 0x5e, 0x57, 0xe6, 0xe8, 0x8a, 0x68, 0xc7, 0x0a, 0x83, + 0x25, 0xca, 0x75, 0x44, 0xd9, 0xf6, 0xcc, 0xa4, 0x9c, 0x15, 0xed, 0x58, 0x61, 0xa0, 0xe7, 0x60, + 0xc4, 0x78, 0x49, 0x39, 0x2f, 0x99, 0x41, 0x6e, 0xa8, 0xcc, 0x18, 0xa7, 0xb0, 0xd0, 0x24, 0x80, + 0x32, 0x72, 0xa4, 0x8a, 0x64, 0x8e, 0x22, 0x25, 0x89, 0x62, 0x6c, 0x60, 0xb0, 0xb4, 0x54, 0xaf, + 0x13, 0x33, 0x1f, 0xff, 0xa0, 0x2e, 0x25, 0x3a, 0x23, 0xda, 0xb0, 0x82, 0x52, 0x69, 0xd2, 0x76, + 0xfc, 0x8e, 0xe3, 0xd1, 0x11, 0x12, 0x5b, 0x3f, 0xb5, 0x0c, 0x17, 0x15, 0x04, 0x1b, 0x58, 0xf4, + 0x8d, 0x13, 0xb7, 0x4d, 0x5e, 0x0e, 0x7c, 0x19, 0xa7, 0xa6, 0x8f, 0x7d, 0x44, 0x3b, 0x56, 0x18, + 0xf6, 0x7f, 0xb3, 0xe0, 0x84, 0x4e, 0x72, 0xe7, 0xb7, 0x67, 0x9b, 0x3b, 0x55, 0x6b, 0xdf, 0x9d, + 0x6a, 0x3a, 0xfb, 0xb7, 0xd4, 0x57, 0xf6, 0xaf, 0x99, 0x98, 0x5b, 0xde, 0x33, 0x31, 0xf7, 0x87, + 0xf4, 0xcd, 0xac, 0x3c, 0x83, 0x77, 0x38, 0xef, 0x56, 0x56, 0x64, 0xc3, 0x60, 0xc3, 0x51, 0x15, + 0x5e, 0x46, 0xf8, 0xde, 0x61, 0x66, 0x9a, 0x21, 0x09, 0x88, 0xbd, 0x04, 0x35, 0x75, 0xfa, 0x21, + 0x37, 0xaa, 0x56, 0xfe, 0x46, 0xb5, 0xaf, 0x04, 0xc1, 0xfa, 0xda, 0x37, 0xbf, 0xfb, 0xf8, 0xdb, + 0x7e, 0xef, 0xbb, 0x8f, 0xbf, 0xed, 0x8f, 0xbe, 0xfb, 0xf8, 0xdb, 0x3e, 0x71, 0xe7, 0x71, 0xeb, + 0x9b, 0x77, 0x1e, 0xb7, 0x7e, 0xef, 0xce, 0xe3, 0xd6, 0x1f, 0xdd, 0x79, 0xdc, 0xfa, 0xce, 0x9d, + 0xc7, 0xad, 0x2f, 0xfe, 0xe7, 0xc7, 0xdf, 0xf6, 0x72, 0x6e, 0xa0, 0x22, 0xfd, 0xf1, 0x4c, 0xa3, + 0x39, 0xb5, 0x75, 0x81, 0xc5, 0xca, 0xd1, 0xe5, 0x35, 0x65, 0xcc, 0xa9, 0x29, 0xb9, 0xbc, 0xfe, + 0x7f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xb2, 0x18, 0x73, 0x0d, 0xd5, 0xe1, 0x00, 0x00, } func (m *AWSAuthConfig) Marshal() (dAtA []byte, err error) { @@ -5922,15 +5890,6 @@ func (m *ApplicationSetApplicationStatus) MarshalToSizedBuffer(dAtA []byte) (int _ = i var l int _ = l - if len(m.TargetRevisions) > 0 { - for iNdEx := len(m.TargetRevisions) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.TargetRevisions[iNdEx]) - copy(dAtA[i:], m.TargetRevisions[iNdEx]) - i = encodeVarintGenerated(dAtA, i, uint64(len(m.TargetRevisions[iNdEx]))) - i-- - dAtA[i] = 0x32 - } - } i -= len(m.Step) copy(dAtA[i:], m.Step) i = encodeVarintGenerated(dAtA, i, uint64(len(m.Step))) @@ -6635,20 +6594,6 @@ func (m *ApplicationSetStatus) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l - if len(m.Resources) > 0 { - for iNdEx := len(m.Resources) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Resources[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x1a - } - } if len(m.ApplicationStatus) > 0 { for iNdEx := len(m.ApplicationStatus) - 1; iNdEx >= 0; iNdEx-- { { @@ -7010,43 +6955,6 @@ func (m *ApplicationSetTerminalGenerator) MarshalToSizedBuffer(dAtA []byte) (int return len(dAtA) - i, nil } -func (m *ApplicationSetTree) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *ApplicationSetTree) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *ApplicationSetTree) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.Nodes) > 0 { - for iNdEx := len(m.Nodes) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.Nodes[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintGenerated(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0xa - } - } - return len(dAtA) - i, nil -} - func (m *ApplicationSource) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -14790,12 +14698,6 @@ func (m *ApplicationSetApplicationStatus) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) l = len(m.Step) n += 1 + l + sovGenerated(uint64(l)) - if len(m.TargetRevisions) > 0 { - for _, s := range m.TargetRevisions { - l = len(s) - n += 1 + l + sovGenerated(uint64(l)) - } - } return n } @@ -15057,12 +14959,6 @@ func (m *ApplicationSetStatus) Size() (n int) { n += 1 + l + sovGenerated(uint64(l)) } } - if len(m.Resources) > 0 { - for _, e := range m.Resources { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } return n } @@ -15184,21 +15080,6 @@ func (m *ApplicationSetTerminalGenerator) Size() (n int) { return n } -func (m *ApplicationSetTree) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if len(m.Nodes) > 0 { - for _, e := range m.Nodes { - l = e.Size() - n += 1 + l + sovGenerated(uint64(l)) - } - } - return n -} - func (m *ApplicationSource) Size() (n int) { if m == nil { return 0 @@ -18219,7 +18100,6 @@ func (this *ApplicationSetApplicationStatus) String() string { `Message:` + fmt.Sprintf("%v", this.Message) + `,`, `Status:` + fmt.Sprintf("%v", this.Status) + `,`, `Step:` + fmt.Sprintf("%v", this.Step) + `,`, - `TargetRevisions:` + fmt.Sprintf("%v", this.TargetRevisions) + `,`, `}`, }, "") return s @@ -18378,15 +18258,9 @@ func (this *ApplicationSetStatus) String() string { repeatedStringForApplicationStatus += strings.Replace(strings.Replace(f.String(), "ApplicationSetApplicationStatus", "ApplicationSetApplicationStatus", 1), `&`, ``, 1) + "," } repeatedStringForApplicationStatus += "}" - repeatedStringForResources := "[]ResourceStatus{" - for _, f := range this.Resources { - repeatedStringForResources += strings.Replace(strings.Replace(f.String(), "ResourceStatus", "ResourceStatus", 1), `&`, ``, 1) + "," - } - repeatedStringForResources += "}" s := strings.Join([]string{`&ApplicationSetStatus{`, `Conditions:` + repeatedStringForConditions + `,`, `ApplicationStatus:` + repeatedStringForApplicationStatus + `,`, - `Resources:` + repeatedStringForResources + `,`, `}`, }, "") return s @@ -18475,21 +18349,6 @@ func (this *ApplicationSetTerminalGenerator) String() string { }, "") return s } -func (this *ApplicationSetTree) String() string { - if this == nil { - return "nil" - } - repeatedStringForNodes := "[]ResourceNode{" - for _, f := range this.Nodes { - repeatedStringForNodes += strings.Replace(strings.Replace(f.String(), "ResourceNode", "ResourceNode", 1), `&`, ``, 1) + "," - } - repeatedStringForNodes += "}" - s := strings.Join([]string{`&ApplicationSetTree{`, - `Nodes:` + repeatedStringForNodes + `,`, - `}`, - }, "") - return s -} func (this *ApplicationSource) String() string { if this == nil { return "nil" @@ -22861,38 +22720,6 @@ func (m *ApplicationSetApplicationStatus) Unmarshal(dAtA []byte) error { } m.Step = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 6: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TargetRevisions", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.TargetRevisions = append(m.TargetRevisions, string(dAtA[iNdEx:postIndex])) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -24876,40 +24703,6 @@ func (m *ApplicationSetStatus) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Resources", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Resources = append(m.Resources, ResourceStatus{}) - if err := m.Resources[len(m.Resources)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGenerated(dAtA[iNdEx:]) @@ -26006,90 +25799,6 @@ func (m *ApplicationSetTerminalGenerator) Unmarshal(dAtA []byte) error { } return nil } -func (m *ApplicationSetTree) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: ApplicationSetTree: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: ApplicationSetTree: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Nodes", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGenerated - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGenerated - } - postIndex := iNdEx + msglen - if postIndex < 0 { - return ErrInvalidLengthGenerated - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Nodes = append(m.Nodes, ResourceNode{}) - if err := m.Nodes[len(m.Nodes)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGenerated(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthGenerated - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func (m *ApplicationSource) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/pkg/apis/application/v1alpha1/generated.proto b/pkg/apis/application/v1alpha1/generated.proto index bc162dca1fc3f..bde433c406540 100644 --- a/pkg/apis/application/v1alpha1/generated.proto +++ b/pkg/apis/application/v1alpha1/generated.proto @@ -109,7 +109,6 @@ message AppProjectStatus { // +kubebuilder:printcolumn:name="Sync Status",type=string,JSONPath=`.status.sync.status` // +kubebuilder:printcolumn:name="Health Status",type=string,JSONPath=`.status.health.status` // +kubebuilder:printcolumn:name="Revision",type=string,JSONPath=`.status.sync.revision`,priority=10 -// +kubebuilder:printcolumn:name="Project",type=string,JSONPath=`.spec.project`,priority=10 message Application { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; @@ -197,12 +196,9 @@ message ApplicationSetApplicationStatus { // Step tracks which step this Application should be updated in optional string step = 5; - - // TargetRevision tracks the desired revisions the Application should be synced to. - repeated string targetrevisions = 6; } -// ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning +// ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning message ApplicationSetCondition { // Type is an applicationset condition type optional string type = 1; @@ -334,9 +330,6 @@ message ApplicationSetStatus { repeated ApplicationSetCondition conditions = 1; repeated ApplicationSetApplicationStatus applicationStatus = 2; - - // Resources is a list of Applications resources managed by this application set. - repeated ResourceStatus resources = 3; } // ApplicationSetStrategy configures how generated Applications are updated in sequence. @@ -402,13 +395,6 @@ message ApplicationSetTerminalGenerator { optional k8s.io.apimachinery.pkg.apis.meta.v1.LabelSelector selector = 8; } -// ApplicationSetTree holds nodes which belongs to the application -// Used to build a tree of an ApplicationSet and its children -message ApplicationSetTree { - // Nodes contains list of nodes which are directly managed by the applicationset - repeated ResourceNode nodes = 1; -} - // ApplicationSource contains all required information about the source of an application message ApplicationSource { // RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -729,11 +715,11 @@ message Cluster { // Config holds cluster information for connecting to a cluster optional ClusterConfig config = 3; - // Deprecated: use Info.ConnectionState field instead. + // DEPRECATED: use Info.ConnectionState field instead. // ConnectionState contains information about cluster connection state optional ConnectionState connectionState = 4; - // Deprecated: use Info.ServerVersion field instead. + // DEPRECATED: use Info.ServerVersion field instead. // The server version optional string serverVersion = 5; @@ -1513,7 +1499,7 @@ message RefTarget { // RepoCreds holds the definition for repository credentials message RepoCreds { - // URL is the URL to which these credentials match + // URL is the URL that this credentials matches to optional string url = 1; // Username for authenticating at the repo server @@ -1626,7 +1612,7 @@ message Repository { // Proxy specifies the HTTP/HTTPS proxy used to access the repo optional string proxy = 19; - // Reference between project and repository that allows it to be automatically added as an item inside SourceRepos project entity + // Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity optional string project = 20; // GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos diff --git a/pkg/apis/application/v1alpha1/openapi_generated.go b/pkg/apis/application/v1alpha1/openapi_generated.go index 2fcbbb94edb0b..c5a41de677314 100644 --- a/pkg/apis/application/v1alpha1/openapi_generated.go +++ b/pkg/apis/application/v1alpha1/openapi_generated.go @@ -41,7 +41,6 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplate": schema_pkg_apis_application_v1alpha1_ApplicationSetTemplate(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTemplateMeta": schema_pkg_apis_application_v1alpha1_ApplicationSetTemplateMeta(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTerminalGenerator": schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref), - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetTree": schema_pkg_apis_application_v1alpha1_ApplicationSetTree(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSource": schema_pkg_apis_application_v1alpha1_ApplicationSource(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourceDirectory": schema_pkg_apis_application_v1alpha1_ApplicationSourceDirectory(ref), "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSourceHelm": schema_pkg_apis_application_v1alpha1_ApplicationSourceHelm(ref), @@ -854,23 +853,8 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetApplicationStatus(ref co Format: "", }, }, - "targetRevisions": { - SchemaProps: spec.SchemaProps{ - Description: "TargetRevision tracks the desired revisions the Application should be synced to.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - }, - }, }, - Required: []string{"application", "message", "status", "step", "targetRevisions"}, + Required: []string{"application", "message", "status", "step"}, }, }, Dependencies: []string{ @@ -882,7 +866,7 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetCondition(ref common.Ref return common.OpenAPIDefinition{ Schema: spec.Schema{ SchemaProps: spec.SchemaProps{ - Description: "ApplicationSetCondition contains details about an applicationset condition, which is usually an error or warning", + Description: "ApplicationSetCondition contains details about an applicationset condition, which is usally an error or warning", Type: []string{"object"}, Properties: map[string]spec.Schema{ "type": { @@ -1354,25 +1338,11 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetStatus(ref common.Refere }, }, }, - "resources": { - SchemaProps: spec.SchemaProps{ - Description: "Resources is a list of Applications resources managed by this application set.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus"), - }, - }, - }, - }, - }, }, }, }, Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceStatus"}, + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetApplicationStatus", "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ApplicationSetCondition"}, } } @@ -1582,35 +1552,6 @@ func schema_pkg_apis_application_v1alpha1_ApplicationSetTerminalGenerator(ref co } } -func schema_pkg_apis_application_v1alpha1_ApplicationSetTree(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "ApplicationSetTree holds nodes which belongs to the application Used to build a tree of an ApplicationSet and its children", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "nodes": { - SchemaProps: spec.SchemaProps{ - Description: "Nodes contains list of nodes which are directly managed by the applicationset", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceNode"), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ResourceNode"}, - } -} - func schema_pkg_apis_application_v1alpha1_ApplicationSource(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -2645,14 +2586,14 @@ func schema_pkg_apis_application_v1alpha1_Cluster(ref common.ReferenceCallback) }, "connectionState": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: use Info.ConnectionState field instead. ConnectionState contains information about cluster connection state", + Description: "DEPRECATED: use Info.ConnectionState field instead. ConnectionState contains information about cluster connection state", Default: map[string]interface{}{}, Ref: ref("github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1.ConnectionState"), }, }, "serverVersion": { SchemaProps: spec.SchemaProps{ - Description: "Deprecated: use Info.ServerVersion field instead. The server version", + Description: "DEPRECATED: use Info.ServerVersion field instead. The server version", Type: []string{"string"}, Format: "", }, @@ -4096,6 +4037,7 @@ func schema_pkg_apis_application_v1alpha1_KustomizeReplica(ref common.ReferenceC "count": { SchemaProps: spec.SchemaProps{ Description: "Number of replicas", + Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/util/intstr.IntOrString"), }, }, @@ -4217,7 +4159,8 @@ func schema_pkg_apis_application_v1alpha1_ListGenerator(ref common.ReferenceCall Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), }, }, }, @@ -4555,6 +4498,7 @@ func schema_pkg_apis_application_v1alpha1_OperationState(ref common.ReferenceCal "startedAt": { SchemaProps: spec.SchemaProps{ Description: "StartedAt contains time of operation start", + Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -4853,7 +4797,8 @@ func schema_pkg_apis_application_v1alpha1_PluginInput(ref common.ReferenceCallba Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), }, }, }, @@ -5436,7 +5381,7 @@ func schema_pkg_apis_application_v1alpha1_RepoCreds(ref common.ReferenceCallback Properties: map[string]spec.Schema{ "url": { SchemaProps: spec.SchemaProps{ - Description: "URL is the URL to which these credentials match", + Description: "URL is the URL that this credentials matches to", Default: "", Type: []string{"string"}, Format: "", @@ -5725,7 +5670,7 @@ func schema_pkg_apis_application_v1alpha1_Repository(ref common.ReferenceCallbac }, "project": { SchemaProps: spec.SchemaProps{ - Description: "Reference between project and repository that allows it to be automatically added as an item inside SourceRepos project entity", + Description: "Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity", Type: []string{"string"}, Format: "", }, @@ -6712,6 +6657,7 @@ func schema_pkg_apis_application_v1alpha1_RevisionHistory(ref common.ReferenceCa "deployedAt": { SchemaProps: spec.SchemaProps{ Description: "DeployedAt holds the time the sync operation completed", + Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -6798,6 +6744,7 @@ func schema_pkg_apis_application_v1alpha1_RevisionMetadata(ref common.ReferenceC "date": { SchemaProps: spec.SchemaProps{ Description: "Date specifies when the revision was authored", + Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, diff --git a/pkg/apis/application/v1alpha1/repository_types.go b/pkg/apis/application/v1alpha1/repository_types.go index 665c1f3c2afc9..3a557813d87c6 100644 --- a/pkg/apis/application/v1alpha1/repository_types.go +++ b/pkg/apis/application/v1alpha1/repository_types.go @@ -14,7 +14,7 @@ import ( // RepoCreds holds the definition for repository credentials type RepoCreds struct { - // URL is the URL to which these credentials match + // URL is the URL that this credentials matches to URL string `json:"url" protobuf:"bytes,1,opt,name=url"` // Username for authenticating at the repo server Username string `json:"username,omitempty" protobuf:"bytes,2,opt,name=username"` @@ -87,7 +87,7 @@ type Repository struct { GitHubAppEnterpriseBaseURL string `json:"githubAppEnterpriseBaseUrl,omitempty" protobuf:"bytes,18,opt,name=githubAppEnterpriseBaseUrl"` // Proxy specifies the HTTP/HTTPS proxy used to access the repo Proxy string `json:"proxy,omitempty" protobuf:"bytes,19,opt,name=proxy"` - // Reference between project and repository that allows it to be automatically added as an item inside SourceRepos project entity + // Reference between project and repository that allow you automatically to be added as item inside SourceRepos project entity Project string `json:"project,omitempty" protobuf:"bytes,20,opt,name=project"` // GCPServiceAccountKey specifies the service account key in JSON format to be used for getting credentials to Google Cloud Source repos GCPServiceAccountKey string `json:"gcpServiceAccountKey,omitempty" protobuf:"bytes,21,opt,name=gcpServiceAccountKey"` diff --git a/pkg/apis/application/v1alpha1/types.go b/pkg/apis/application/v1alpha1/types.go index f31ae025e452a..1ea2277e30599 100644 --- a/pkg/apis/application/v1alpha1/types.go +++ b/pkg/apis/application/v1alpha1/types.go @@ -51,7 +51,6 @@ import ( // +kubebuilder:printcolumn:name="Sync Status",type=string,JSONPath=`.status.sync.status` // +kubebuilder:printcolumn:name="Health Status",type=string,JSONPath=`.status.health.status` // +kubebuilder:printcolumn:name="Revision",type=string,JSONPath=`.status.sync.revision`,priority=10 -// +kubebuilder:printcolumn:name="Project",type=string,JSONPath=`.spec.project`,priority=10 type Application struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata" protobuf:"bytes,1,opt,name=metadata"` @@ -206,11 +205,6 @@ func (s ApplicationSources) Equals(other ApplicationSources) bool { return true } -// IsZero returns true if the application source is considered empty -func (a ApplicationSources) IsZero() bool { - return len(a) == 0 -} - func (a *ApplicationSpec) GetSource() ApplicationSource { // if Application has multiple sources, return the first source in sources if a.HasMultipleSources() { @@ -262,11 +256,6 @@ func (a *ApplicationSource) AllowsConcurrentProcessing() bool { return true } -// IsRef returns true when the application source is of type Ref -func (a *ApplicationSource) IsRef() bool { - return a.Ref != "" -} - // IsHelm returns true when the application source is of type Helm func (a *ApplicationSource) IsHelm() bool { return a.Chart != "" @@ -488,7 +477,7 @@ type ApplicationSourceKustomize struct { Patches KustomizePatches `json:"patches,omitempty" protobuf:"bytes,12,opt,name=patches"` // Components specifies a list of kustomize components to add to the kustomization before building Components []string `json:"components,omitempty" protobuf:"bytes,13,rep,name=components"` - // LabelWithoutSelector specifies whether to apply common labels to resource selectors or not + //LabelWithoutSelector specifies whether to apply common labels to resource selectors or not LabelWithoutSelector bool `json:"labelWithoutSelector,omitempty" protobuf:"bytes,14,opt,name=labelWithoutSelector"` } @@ -1238,6 +1227,7 @@ func (r *RetryStrategy) NextRetryAt(lastAttempt time.Time, retryCounts int64) (t if r.Backoff.Factor != nil { factor = *r.Backoff.Factor } + } // Formula: timeToWait = duration * factor^retry_number // Note that timeToWait should equal to duration for the first retry attempt. @@ -1704,7 +1694,7 @@ type ResourceStatus struct { SyncWave int64 `json:"syncWave,omitempty" protobuf:"bytes,10,opt,name=syncWave"` } -// GroupVersionKind returns the GVK schema type for given resource status +// GroupKindVersion returns the GVK schema type for given resource status func (r *ResourceStatus) GroupVersionKind() schema.GroupVersionKind { return schema.GroupVersionKind{Group: r.Group, Version: r.Version, Kind: r.Kind} } @@ -1770,10 +1760,10 @@ type Cluster struct { Name string `json:"name" protobuf:"bytes,2,opt,name=name"` // Config holds cluster information for connecting to a cluster Config ClusterConfig `json:"config" protobuf:"bytes,3,opt,name=config"` - // Deprecated: use Info.ConnectionState field instead. + // DEPRECATED: use Info.ConnectionState field instead. // ConnectionState contains information about cluster connection state ConnectionState ConnectionState `json:"connectionState,omitempty" protobuf:"bytes,4,opt,name=connectionState"` - // Deprecated: use Info.ServerVersion field instead. + // DEPRECATED: use Info.ServerVersion field instead. // The server version ServerVersion string `json:"serverVersion,omitempty" protobuf:"bytes,5,opt,name=serverVersion"` // Holds list of namespaces which are accessible in that cluster. Cluster level resources will be ignored if namespace list is not empty. @@ -2100,12 +2090,6 @@ func isValidResource(resource string) bool { return validResources[resource] } -func isValidObject(proj string, object string) bool { - // match against [/]/ - objectRegexp, err := regexp.Compile(fmt.Sprintf(`^%s(/[*\w-.]+)?/[*\w-.]+$`, regexp.QuoteMeta(proj))) - return objectRegexp.MatchString(object) && err == nil -} - func validatePolicy(proj string, role string, policy string) error { policyComponents := strings.Split(policy, ",") if len(policyComponents) != 6 || strings.Trim(policyComponents[0], " ") != "p" { @@ -2129,8 +2113,9 @@ func validatePolicy(proj string, role string, policy string) error { } // object object := strings.Trim(policyComponents[4], " ") - if !isValidObject(proj, object) { - return status.Errorf(codes.InvalidArgument, "invalid policy rule '%s': object must be of form '%s/*', '%s[/]/' or '%s/', not '%s'", policy, proj, proj, proj, object) + objectRegexp, err := regexp.Compile(fmt.Sprintf(`^%s/[*\w-.]+$`, regexp.QuoteMeta(proj))) + if err != nil || !objectRegexp.MatchString(object) { + return status.Errorf(codes.InvalidArgument, "invalid policy rule '%s': object must be of form '%s/*' or '%s/', not '%s'", policy, proj, proj, object) } // effect effect := strings.Trim(policyComponents[5], " ") @@ -2265,6 +2250,7 @@ func (s *SyncWindows) Active() *SyncWindows { } func (s *SyncWindows) active(currentTime time.Time) *SyncWindows { + // If SyncWindows.Active() is called outside of a UTC locale, it should be // first converted to UTC before we scan through the SyncWindows. currentTime = currentTime.In(time.UTC) @@ -2298,6 +2284,7 @@ func (s *SyncWindows) InactiveAllows() *SyncWindows { } func (s *SyncWindows) inactiveAllows(currentTime time.Time) *SyncWindows { + // If SyncWindows.InactiveAllows() is called outside of a UTC locale, it should be // first converted to UTC before we scan through the SyncWindows. currentTime = currentTime.In(time.UTC) @@ -2339,6 +2326,7 @@ func (w *SyncWindow) scheduleOffsetByTimeZone() time.Duration { func (s *AppProjectSpec) AddWindow(knd string, sch string, dur string, app []string, ns []string, cl []string, ms bool, timeZone string) error { if len(knd) == 0 || len(sch) == 0 || len(dur) == 0 { return fmt.Errorf("cannot create window: require kind, schedule, duration and one or more of applications, namespaces and clusters") + } window := &SyncWindow{ @@ -2367,6 +2355,7 @@ func (s *AppProjectSpec) AddWindow(knd string, sch string, dur string, app []str s.SyncWindows = append(s.SyncWindows, window) return nil + } // DeleteWindow deletes a sync window with the given id from the AppProject @@ -2472,8 +2461,10 @@ func (w *SyncWindows) hasDeny() (bool, bool) { if a.Kind == "deny" { if !denyFound { manualEnabled = a.ManualSync - } else if manualEnabled { - manualEnabled = a.ManualSync + } else { + if manualEnabled { + manualEnabled = a.ManualSync + } } denyFound = true } @@ -2515,6 +2506,7 @@ func (w SyncWindow) Active() bool { } func (w SyncWindow) active(currentTime time.Time) bool { + // If SyncWindow.Active() is called outside of a UTC locale, it should be // first converted to UTC before search currentTime = currentTime.UTC() @@ -2532,6 +2524,7 @@ func (w SyncWindow) active(currentTime time.Time) bool { // Update updates a sync window's settings with the given parameter func (w *SyncWindow) Update(s string, d string, a []string, n []string, c []string, tz string) error { + if len(s) == 0 && len(d) == 0 && len(a) == 0 && len(n) == 0 && len(c) == 0 { return fmt.Errorf("cannot update: require one or more of schedule, duration, application, namespace, or cluster") } @@ -2562,6 +2555,7 @@ func (w *SyncWindow) Update(s string, d string, a []string, n []string, c []stri // Validate checks whether a sync window has valid configuration. The error returned indicates any problems that has been found. func (w *SyncWindow) Validate() error { + // Default timeZone to UTC if timeZone is not specified if w.TimeZone == "" { w.TimeZone = "UTC" @@ -2577,11 +2571,11 @@ func (w *SyncWindow) Validate() error { specParser := cron.NewParser(cron.Minute | cron.Hour | cron.Dom | cron.Month | cron.Dow) _, err := specParser.Parse(w.Schedule) if err != nil { - return fmt.Errorf("cannot parse schedule '%s': %w", w.Schedule, err) + return fmt.Errorf("cannot parse schedule '%s': %s", w.Schedule, err) } _, err = time.ParseDuration(w.Duration) if err != nil { - return fmt.Errorf("cannot parse duration '%s': %w", w.Duration, err) + return fmt.Errorf("cannot parse duration '%s': %s", w.Duration, err) } return nil } @@ -3096,6 +3090,7 @@ func (r ResourceDiff) TargetObject() (*unstructured.Unstructured, error) { // SetInferredServer sets the Server field of the destination. See IsServerInferred() for details. func (d *ApplicationDestination) SetInferredServer(server string) { + d.isServerInferred = true d.Server = server } diff --git a/pkg/apis/application/v1alpha1/types_test.go b/pkg/apis/application/v1alpha1/types_test.go index 2c1c5859efd99..817003b06a0ea 100644 --- a/pkg/apis/application/v1alpha1/types_test.go +++ b/pkg/apis/application/v1alpha1/types_test.go @@ -15,7 +15,7 @@ import ( "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" argocdcommon "github.com/argoproj/argo-cd/v2/common" @@ -115,85 +115,74 @@ func TestAppProject_IsDestinationPermitted(t *testing.T) { projDest []ApplicationDestination appDest ApplicationDestination isPermitted bool - }{ - { - projDest: []ApplicationDestination{{ - Server: "https://kubernetes.default.svc", Namespace: "default", - }}, - appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"}, - isPermitted: true, - }, - { - projDest: []ApplicationDestination{{ - Server: "https://kubernetes.default.svc", Namespace: "default", - }}, - appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "kube-system"}, - isPermitted: false, - }, - { - projDest: []ApplicationDestination{{ - Server: "https://my-cluster", Namespace: "default", - }}, - appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"}, - isPermitted: false, - }, - { - projDest: []ApplicationDestination{{ - Server: "https://kubernetes.default.svc", Namespace: "*", - }}, - appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "kube-system"}, - isPermitted: true, - }, - { - projDest: []ApplicationDestination{{ - Server: "https://*.default.svc", Namespace: "default", - }}, - appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"}, - isPermitted: true, - }, - { - projDest: []ApplicationDestination{{ - Server: "https://team1-*", Namespace: "default", - }}, - appDest: ApplicationDestination{Server: "https://test2-dev-cluster", Namespace: "default"}, - isPermitted: false, - }, - { - projDest: []ApplicationDestination{{ - Server: "https://kubernetes.default.svc", Namespace: "test-*", - }}, - appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test-foo"}, - isPermitted: true, - }, - { - projDest: []ApplicationDestination{{ - Server: "https://kubernetes.default.svc", Namespace: "test-*", - }}, - appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test"}, - isPermitted: false, - }, - { - projDest: []ApplicationDestination{{ - Server: "*", Namespace: "*", - }}, - appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test"}, - isPermitted: true, - }, + }{{ + projDest: []ApplicationDestination{{ + Server: "https://kubernetes.default.svc", Namespace: "default", + }}, + appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"}, + isPermitted: true, + }, { + projDest: []ApplicationDestination{{ + Server: "https://kubernetes.default.svc", Namespace: "default", + }}, + appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "kube-system"}, + isPermitted: false, + }, { + projDest: []ApplicationDestination{{ + Server: "https://my-cluster", Namespace: "default", + }}, + appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"}, + isPermitted: false, + }, { + projDest: []ApplicationDestination{{ + Server: "https://kubernetes.default.svc", Namespace: "*", + }}, + appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "kube-system"}, + isPermitted: true, + }, { + projDest: []ApplicationDestination{{ + Server: "https://*.default.svc", Namespace: "default", + }}, + appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "default"}, + isPermitted: true, + }, { + projDest: []ApplicationDestination{{ + Server: "https://team1-*", Namespace: "default", + }}, + appDest: ApplicationDestination{Server: "https://test2-dev-cluster", Namespace: "default"}, + isPermitted: false, + }, { + projDest: []ApplicationDestination{{ + Server: "https://kubernetes.default.svc", Namespace: "test-*", + }}, + appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test-foo"}, + isPermitted: true, + }, { + projDest: []ApplicationDestination{{ + Server: "https://kubernetes.default.svc", Namespace: "test-*", + }}, + appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test"}, + isPermitted: false, + }, { + projDest: []ApplicationDestination{{ + Server: "*", Namespace: "*", + }}, + appDest: ApplicationDestination{Server: "https://kubernetes.default.svc", Namespace: "test"}, + isPermitted: true, + }, { projDest: []ApplicationDestination{{ Server: "", Namespace: "*", Name: "test", }}, appDest: ApplicationDestination{Name: "test", Namespace: "test"}, isPermitted: true, - }, - { + }, { projDest: []ApplicationDestination{{ Server: "", Namespace: "*", Name: "test2", }}, appDest: ApplicationDestination{Name: "test", Namespace: "test"}, isPermitted: false, - }, - } + }} for _, data := range testData { proj := AppProject{ @@ -442,7 +431,7 @@ func TestAppProject_IsDestinationPermitted_PermitOnlyProjectScopedClusters(t *te _, err := proj.IsDestinationPermitted(ApplicationDestination{Server: "https://my-cluster.123.com", Namespace: "default"}, func(_ string) ([]*Cluster, error) { return nil, errors.New("some error") }) - require.Error(t, err) + assert.NotNil(t, err) assert.True(t, strings.Contains(err.Error(), "could not retrieve project clusters")) } @@ -501,14 +490,14 @@ func TestAppProject_GetRoleByName(t *testing.T) { t.Run("NotExists", func(t *testing.T) { p := &AppProject{} role, i, err := p.GetRoleByName("test-role") - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, -1, i) assert.Nil(t, role) }) t.Run("NotExists", func(t *testing.T) { p := AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role"}}}} role, i, err := p.GetRoleByName("test-role") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, 0, i) assert.Equal(t, &ProjectRole{Name: "test-role"}, role) }) @@ -518,20 +507,20 @@ func TestAppProject_AddGroupToRole(t *testing.T) { t.Run("NoRole", func(t *testing.T) { p := &AppProject{} got, err := p.AddGroupToRole("test-role", "test-group") - require.Error(t, err) + assert.Error(t, err) assert.False(t, got) }) t.Run("NoGroup", func(t *testing.T) { p := &AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", Groups: []string{}}}}} got, err := p.AddGroupToRole("test-role", "test-group") - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, got) assert.Len(t, p.Spec.Roles[0].Groups, 1) }) t.Run("Exists", func(t *testing.T) { p := &AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", Groups: []string{"test-group"}}}}} got, err := p.AddGroupToRole("test-role", "test-group") - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, got) }) } @@ -540,21 +529,21 @@ func TestAppProject_RemoveGroupFromRole(t *testing.T) { t.Run("NoRole", func(t *testing.T) { p := &AppProject{} got, err := p.RemoveGroupFromRole("test-role", "test-group") - require.Error(t, err) + assert.Error(t, err) assert.False(t, got) }) t.Run("NoGroup", func(t *testing.T) { p := &AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", Groups: []string{}}}}} got, err := p.RemoveGroupFromRole("test-role", "test-group") - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, got) }) t.Run("Exists", func(t *testing.T) { p := &AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", Groups: []string{"test-group"}}}}} got, err := p.RemoveGroupFromRole("test-role", "test-group") - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, got) - assert.Empty(t, p.Spec.Roles[0].Groups) + assert.Len(t, p.Spec.Roles[0].Groups, 0) }) } @@ -570,14 +559,14 @@ func newTestProject() *AppProject { func TestAppProject_ValidateSources(t *testing.T) { p := newTestProject() err := p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) badSources := []string{ "!*", } for _, badName := range badSources { p.Spec.SourceRepos = []string{badName} err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) } duplicateSources := []string{ @@ -586,21 +575,21 @@ func TestAppProject_ValidateSources(t *testing.T) { } p.Spec.SourceRepos = duplicateSources err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) } // TestAppProject_ValidateDestinations tests for an invalid destination func TestAppProject_ValidateDestinations(t *testing.T) { p := newTestProject() err := p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) badNamespaces := []string{ "!*", } for _, badName := range badNamespaces { p.Spec.Destinations[0].Namespace = badName err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) } goodNamespaces := []string{ @@ -610,7 +599,7 @@ func TestAppProject_ValidateDestinations(t *testing.T) { for _, goodNamespace := range goodNamespaces { p.Spec.Destinations[0].Namespace = goodNamespace err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) } badServers := []string{ @@ -619,7 +608,7 @@ func TestAppProject_ValidateDestinations(t *testing.T) { for _, badServer := range badServers { p.Spec.Destinations[0].Server = badServer err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) } goodServers := []string{ @@ -629,7 +618,7 @@ func TestAppProject_ValidateDestinations(t *testing.T) { for _, badName := range goodServers { p.Spec.Destinations[0].Server = badName err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) } badNames := []string{ @@ -638,7 +627,7 @@ func TestAppProject_ValidateDestinations(t *testing.T) { for _, badName := range badNames { p.Spec.Destinations[0].Name = badName err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) } goodNames := []string{ @@ -648,7 +637,7 @@ func TestAppProject_ValidateDestinations(t *testing.T) { for _, goodName := range goodNames { p.Spec.Destinations[0].Name = goodName err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) } validDestination := ApplicationDestination{ @@ -658,12 +647,12 @@ func TestAppProject_ValidateDestinations(t *testing.T) { p.Spec.Destinations[0] = validDestination err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) // no duplicates allowed p.Spec.Destinations = []ApplicationDestination{validDestination, validDestination} err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) cluster1Destination := ApplicationDestination{ Name: "cluster1", @@ -676,12 +665,12 @@ func TestAppProject_ValidateDestinations(t *testing.T) { // allow multiple destinations with blank server, same namespace but unique cluster name p.Spec.Destinations = []ApplicationDestination{cluster1Destination, cluster2Destination} err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) t.Run("must reject duplicate source namespaces", func(t *testing.T) { p.Spec.SourceNamespaces = []string{"argocd", "argocd"} err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) }) } @@ -689,7 +678,7 @@ func TestAppProject_ValidateDestinations(t *testing.T) { func TestAppProject_ValidateRoleName(t *testing.T) { p := newTestProject() err := p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) badRoleNames := []string{ "", " ", @@ -705,7 +694,7 @@ func TestAppProject_ValidateRoleName(t *testing.T) { for _, badName := range badRoleNames { p.Spec.Roles[0].Name = badName err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) } goodRoleNames := []string{ "MY-ROLE", @@ -714,7 +703,7 @@ func TestAppProject_ValidateRoleName(t *testing.T) { for _, goodName := range goodRoleNames { p.Spec.Roles[0].Name = goodName err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) } } @@ -722,10 +711,10 @@ func TestAppProject_ValidateRoleName(t *testing.T) { func TestAppProject_ValidateGroupName(t *testing.T) { p := newTestProject() err := p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) p.Spec.Roles[0].Groups = []string{"mygroup"} err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) badGroupNames := []string{ "", " ", @@ -739,7 +728,7 @@ func TestAppProject_ValidateGroupName(t *testing.T) { for _, badName := range badGroupNames { p.Spec.Roles[0].Groups = []string{badName} err = p.ValidateProject() - require.Error(t, err) + assert.Error(t, err) } goodGroupNames := []string{ "my:group", @@ -747,7 +736,7 @@ func TestAppProject_ValidateGroupName(t *testing.T) { for _, goodName := range goodGroupNames { p.Spec.Roles[0].Groups = []string{goodName} err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) } } @@ -755,15 +744,15 @@ func TestAppProject_ValidateSyncWindowList(t *testing.T) { t.Run("WorkingSyncWindow", func(t *testing.T) { p := newTestProjectWithSyncWindows() err := p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("HasNilSyncWindow", func(t *testing.T) { p := newTestProjectWithSyncWindows() err := p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) p.Spec.SyncWindows = append(p.Spec.SyncWindows, nil) err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -771,7 +760,7 @@ func TestAppProject_ValidateSyncWindowList(t *testing.T) { func TestAppProject_InvalidPolicyRules(t *testing.T) { p := newTestProject() err := p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) type badPolicy struct { policy string errmsg string @@ -805,8 +794,9 @@ func TestAppProject_InvalidPolicyRules(t *testing.T) { for _, bad := range badPolicies { p.Spec.Roles[0].Policies = []string{bad.policy} err = p.ValidateProject() - require.Error(t, err) - assert.Contains(t, err.Error(), bad.errmsg) + if assert.Error(t, err) { + assert.Contains(t, err.Error(), bad.errmsg) + } } } @@ -814,7 +804,7 @@ func TestAppProject_InvalidPolicyRules(t *testing.T) { func TestAppProject_ValidPolicyRules(t *testing.T) { p := newTestProject() err := p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) goodPolicies := []string{ "p,proj:my-proj:my-role,applications,get,my-proj/*,allow", "p, proj:my-proj:my-role, applications, get, my-proj/*, allow", @@ -835,7 +825,7 @@ func TestAppProject_ValidPolicyRules(t *testing.T) { for _, good := range goodPolicies { p.Spec.Roles[0].Policies = []string{good} err = p.ValidateProject() - require.NoError(t, err) + assert.NoError(t, err) } } @@ -849,7 +839,7 @@ func TestExplicitType(t *testing.T) { }, } explicitType, err := src.ExplicitType() - require.Error(t, err) + assert.NotNil(t, err) assert.Nil(t, explicitType) src = ApplicationSource{ Helm: &ApplicationSourceHelm{ @@ -858,8 +848,8 @@ func TestExplicitType(t *testing.T) { } explicitType, err = src.ExplicitType() - require.NoError(t, err) - assert.Equal(t, ApplicationSourceTypeHelm, *explicitType) + assert.Nil(t, err) + assert.Equal(t, *explicitType, ApplicationSourceTypeHelm) } func TestExplicitTypeWithDirectory(t *testing.T) { @@ -868,7 +858,7 @@ func TestExplicitTypeWithDirectory(t *testing.T) { Directory: &ApplicationSourceDirectory{}, } _, err := src.ExplicitType() - require.Error(t, err, "cannot add directory with any other types") + assert.NotNil(t, err, "cannot add directory with any other types") } func TestAppSourceEquality(t *testing.T) { @@ -937,6 +927,7 @@ func TestAppProjectSpec_DestinationClusters(t *testing.T) { } func TestRepository_HasCredentials(t *testing.T) { + tests := []struct { name string repo Repository @@ -1291,6 +1282,7 @@ func TestApplicationSourceHelm_AddParameter(t *testing.T) { t.Run("Add", func(t *testing.T) { src.AddParameter(HelmParameter{Value: "bar"}) assert.ElementsMatch(t, []HelmParameter{{Value: "bar"}}, src.Parameters) + }) t.Run("Replace", func(t *testing.T) { src.AddParameter(HelmParameter{Value: "baz"}) @@ -1303,6 +1295,7 @@ func TestApplicationSourceHelm_AddFileParameter(t *testing.T) { t.Run("Add", func(t *testing.T) { src.AddFileParameter(HelmFileParameter{Name: "foo", Path: "bar"}) assert.ElementsMatch(t, []HelmFileParameter{{Name: "foo", Path: "bar"}}, src.FileParameters) + }) t.Run("Replace", func(t *testing.T) { src.AddFileParameter(HelmFileParameter{Name: "foo", Path: "baz"}) @@ -1313,16 +1306,16 @@ func TestApplicationSourceHelm_AddFileParameter(t *testing.T) { func TestNewHelmParameter(t *testing.T) { t.Run("Invalid", func(t *testing.T) { _, err := NewHelmParameter("garbage", false) - require.EqualError(t, err, "Expected helm parameter of the form: param=value. Received: garbage") + assert.EqualError(t, err, "Expected helm parameter of the form: param=value. Received: garbage") }) t.Run("NonString", func(t *testing.T) { p, err := NewHelmParameter("foo=bar", false) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, &HelmParameter{Name: "foo", Value: "bar"}, p) }) t.Run("String", func(t *testing.T) { p, err := NewHelmParameter("foo=bar", true) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, &HelmParameter{Name: "foo", Value: "bar", ForceString: true}, p) }) } @@ -1330,16 +1323,16 @@ func TestNewHelmParameter(t *testing.T) { func TestNewKustomizeReplica(t *testing.T) { t.Run("Valid", func(t *testing.T) { r, err := NewKustomizeReplica("my-deployment=2") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, &KustomizeReplica{Name: "my-deployment", Count: intstr.Parse("2")}, r) }) t.Run("InvalidFormat", func(t *testing.T) { _, err := NewKustomizeReplica("garbage") - require.EqualError(t, err, "expected parameter of the form: name=count. Received: garbage") + assert.EqualError(t, err, "expected parameter of the form: name=count. Received: garbage") }) t.Run("InvalidCount", func(t *testing.T) { _, err := NewKustomizeReplica("my-deployment=garbage") - require.EqualError(t, err, "expected integer value for count. Received: garbage") + assert.EqualError(t, err, "expected integer value for count. Received: garbage") }) } @@ -1350,7 +1343,7 @@ func TestKustomizeReplica_GetIntCount(t *testing.T) { Count: intstr.FromString("2"), } count, err := kr.GetIntCount() - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, 2, count) }) t.Run("String which cannot be converted to integer", func(t *testing.T) { @@ -1359,7 +1352,7 @@ func TestKustomizeReplica_GetIntCount(t *testing.T) { Count: intstr.FromString("garbage"), } count, err := kr.GetIntCount() - require.EqualError(t, err, "expected integer value for count. Received: garbage") + assert.EqualError(t, err, "expected integer value for count. Received: garbage") assert.Equal(t, 0, count) }) t.Run("Integer", func(t *testing.T) { @@ -1368,7 +1361,7 @@ func TestKustomizeReplica_GetIntCount(t *testing.T) { Count: intstr.FromInt(2), } count, err := kr.GetIntCount() - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, 2, count) }) } @@ -1390,12 +1383,11 @@ func TestApplicationSourceKustomize_MergeReplica(t *testing.T) { t.Run("Replace", func(t *testing.T) { k := ApplicationSourceKustomize{Replicas: KustomizeReplicas{r1}} k.MergeReplica(r2) - assert.Len(t, k.Replicas, 1) + assert.Equal(t, 1, len(k.Replicas)) assert.Equal(t, k.Replicas[0].Name, r2.Name) assert.Equal(t, k.Replicas[0].Count, r2.Count) }) } - func TestApplicationSourceKustomize_FindByName(t *testing.T) { r1 := KustomizeReplica{ Name: "my-deployment", @@ -1497,6 +1489,7 @@ func TestApplicationSourceDirectory_IsZero(t *testing.T) { } func TestApplicationSourcePlugin_IsZero(t *testing.T) { + tests := []struct { name string source *ApplicationSourcePlugin @@ -1622,7 +1615,7 @@ func TestSyncWindows_HasWindows(t *testing.T) { t.Run("False", func(t *testing.T) { proj := newTestProjectWithSyncWindows() err := proj.Spec.DeleteWindow(0) - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, proj.Spec.SyncWindows.HasWindows()) }) } @@ -1630,7 +1623,7 @@ func TestSyncWindows_HasWindows(t *testing.T) { func TestSyncWindows_Active(t *testing.T) { t.Run("WithTestProject", func(t *testing.T) { proj := newTestProjectWithSyncWindows() - assert.Len(t, *proj.Spec.SyncWindows.Active(), 1) + assert.Equal(t, 1, len(*proj.Spec.SyncWindows.Active())) }) syncWindow := func(kind string, schedule string, duration string, timeZone string) *SyncWindow { @@ -1768,24 +1761,27 @@ func TestSyncWindows_Active(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + result := tt.syncWindow.active(tt.currentTime) if result == nil { result = &SyncWindows{} } - assert.Len(t, *result, tt.expectedLength) + assert.Equal(t, tt.expectedLength, len(*result)) if len(*result) == 1 { assert.Equal(t, tt.syncWindow[tt.matchingIndex], (*result)[0]) } + }) } + } func TestSyncWindows_InactiveAllows(t *testing.T) { t.Run("WithTestProject", func(t *testing.T) { proj := newTestProjectWithSyncWindows() proj.Spec.SyncWindows[0].Schedule = "0 0 1 1 1" - assert.Len(t, *proj.Spec.SyncWindows.InactiveAllows(), 1) + assert.Equal(t, 1, len(*proj.Spec.SyncWindows.InactiveAllows())) }) syncWindow := func(kind string, schedule string, duration string, timeZone string) *SyncWindow { @@ -1941,17 +1937,20 @@ func TestSyncWindows_InactiveAllows(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + result := tt.syncWindow.inactiveAllows(tt.currentTime) if result == nil { result = &SyncWindows{} } - assert.Len(t, *result, tt.expectedLength) + assert.Equal(t, tt.expectedLength, len(*result)) if len(*result) == 1 { assert.Equal(t, tt.syncWindow[tt.matchingIndex], (*result)[0]) } + }) } + } func TestAppProjectSpec_AddWindow(t *testing.T) { @@ -1981,12 +1980,13 @@ func TestAppProjectSpec_AddWindow(t *testing.T) { t.Run(tt.name, func(t *testing.T) { switch tt.want { case "error": - require.Error(t, tt.p.Spec.AddWindow(tt.k, tt.s, tt.d, tt.a, tt.n, tt.c, tt.m, tt.t)) + assert.Error(t, tt.p.Spec.AddWindow(tt.k, tt.s, tt.d, tt.a, tt.n, tt.c, tt.m, tt.t)) case "noError": - require.NoError(t, tt.p.Spec.AddWindow(tt.k, tt.s, tt.d, tt.a, tt.n, tt.c, tt.m, tt.t)) - require.NoError(t, tt.p.Spec.DeleteWindow(0)) + assert.NoError(t, tt.p.Spec.AddWindow(tt.k, tt.s, tt.d, tt.a, tt.n, tt.c, tt.m, tt.t)) + assert.NoError(t, tt.p.Spec.DeleteWindow(0)) } }) + } } @@ -1996,13 +1996,13 @@ func TestAppProjectSpec_DeleteWindow(t *testing.T) { proj.Spec.SyncWindows = append(proj.Spec.SyncWindows, window2) t.Run("CannotFind", func(t *testing.T) { err := proj.Spec.DeleteWindow(3) - require.Error(t, err) - assert.Len(t, proj.Spec.SyncWindows, 2) + assert.Error(t, err) + assert.Equal(t, 2, len(proj.Spec.SyncWindows)) }) t.Run("Delete", func(t *testing.T) { err := proj.Spec.DeleteWindow(0) - require.NoError(t, err) - assert.Len(t, proj.Spec.SyncWindows, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(proj.Spec.SyncWindows)) }) } @@ -2012,31 +2012,31 @@ func TestSyncWindows_Matches(t *testing.T) { t.Run("MatchNamespace", func(t *testing.T) { proj.Spec.SyncWindows[0].Namespaces = []string{"default"} windows := proj.Spec.SyncWindows.Matches(app) - assert.Len(t, *windows, 1) + assert.Equal(t, 1, len(*windows)) proj.Spec.SyncWindows[0].Namespaces = nil }) t.Run("MatchCluster", func(t *testing.T) { proj.Spec.SyncWindows[0].Clusters = []string{"cluster1"} windows := proj.Spec.SyncWindows.Matches(app) - assert.Len(t, *windows, 1) + assert.Equal(t, 1, len(*windows)) proj.Spec.SyncWindows[0].Clusters = nil }) t.Run("MatchClusterName", func(t *testing.T) { proj.Spec.SyncWindows[0].Clusters = []string{"clusterName"} windows := proj.Spec.SyncWindows.Matches(app) - assert.Len(t, *windows, 1) + assert.Equal(t, 1, len(*windows)) proj.Spec.SyncWindows[0].Clusters = nil }) t.Run("MatchAppName", func(t *testing.T) { proj.Spec.SyncWindows[0].Applications = []string{"test-app"} windows := proj.Spec.SyncWindows.Matches(app) - assert.Len(t, *windows, 1) + assert.Equal(t, 1, len(*windows)) proj.Spec.SyncWindows[0].Applications = nil }) t.Run("MatchWildcardAppName", func(t *testing.T) { proj.Spec.SyncWindows[0].Applications = []string{"test-*"} windows := proj.Spec.SyncWindows.Matches(app) - assert.Len(t, *windows, 1) + assert.Equal(t, 1, len(*windows)) proj.Spec.SyncWindows[0].Applications = nil }) t.Run("NoMatch", func(t *testing.T) { @@ -2387,12 +2387,14 @@ func TestSyncWindows_hasDeny(t *testing.T) { hasDeny, manualEnabled := proj.Spec.SyncWindows.hasDeny() assert.True(t, hasDeny) assert.True(t, manualEnabled) + }) t.Run("False", func(t *testing.T) { proj := newTestProjectWithSyncWindows() hasDeny, manualEnabled := proj.Spec.SyncWindows.hasDeny() assert.False(t, hasDeny) assert.False(t, manualEnabled) + }) } @@ -2495,41 +2497,44 @@ func TestSyncWindow_Active(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { + result := tt.syncWindow.active(tt.currentTime) - assert.Equal(t, tt.expectedResult, result) + assert.Equal(t, result, tt.expectedResult) + }) } + } func TestSyncWindow_Update(t *testing.T) { e := SyncWindow{Kind: "allow", Schedule: "* * * * *", Duration: "1h", Applications: []string{"app1"}} t.Run("AddApplication", func(t *testing.T) { err := e.Update("", "", []string{"app1", "app2"}, []string{}, []string{}, "") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, []string{"app1", "app2"}, e.Applications) }) t.Run("AddNamespace", func(t *testing.T) { err := e.Update("", "", []string{}, []string{"namespace1"}, []string{}, "") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, []string{"namespace1"}, e.Namespaces) }) t.Run("AddCluster", func(t *testing.T) { err := e.Update("", "", []string{}, []string{}, []string{"cluster1"}, "") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, []string{"cluster1"}, e.Clusters) }) t.Run("MissingConfig", func(t *testing.T) { err := e.Update("", "", []string{}, []string{}, []string{}, "") - require.EqualError(t, err, "cannot update: require one or more of schedule, duration, application, namespace, or cluster") + assert.EqualError(t, err, "cannot update: require one or more of schedule, duration, application, namespace, or cluster") }) t.Run("ChangeDuration", func(t *testing.T) { err := e.Update("", "10h", []string{}, []string{}, []string{}, "") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "10h", e.Duration) }) t.Run("ChangeSchedule", func(t *testing.T) { err := e.Update("* 1 0 0 *", "", []string{}, []string{}, []string{}, "") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "* 1 0 0 *", e.Schedule) }) } @@ -2537,22 +2542,22 @@ func TestSyncWindow_Update(t *testing.T) { func TestSyncWindow_Validate(t *testing.T) { window := &SyncWindow{Kind: "allow", Schedule: "* * * * *", Duration: "1h"} t.Run("Validates", func(t *testing.T) { - require.NoError(t, window.Validate()) + assert.NoError(t, window.Validate()) }) t.Run("IncorrectKind", func(t *testing.T) { window.Kind = "wrong" - require.Error(t, window.Validate()) + assert.Error(t, window.Validate()) }) t.Run("IncorrectSchedule", func(t *testing.T) { window.Kind = "allow" window.Schedule = "* * *" - require.Error(t, window.Validate()) + assert.Error(t, window.Validate()) }) t.Run("IncorrectDuration", func(t *testing.T) { window.Kind = "allow" window.Schedule = "* * * * *" window.Duration = "1000days" - require.Error(t, window.Validate()) + assert.Error(t, window.Validate()) }) } @@ -2853,12 +2858,12 @@ func TestSyncOptions_AddOption(t *testing.T) { func TestSyncOptions_RemoveOption(t *testing.T) { options := SyncOptions{"a=1"} - assert.Empty(t, options.RemoveOption("a=1")) - assert.Empty(t, options.RemoveOption("a=1").RemoveOption("a=1")) + assert.Len(t, options.RemoveOption("a=1"), 0) + assert.Len(t, options.RemoveOption("a=1").RemoveOption("a=1"), 0) } func TestRevisionHistories_Trunc(t *testing.T) { - assert.Empty(t, RevisionHistories{}.Trunc(1)) + assert.Len(t, RevisionHistories{}.Trunc(1), 0) assert.Len(t, RevisionHistories{{}}.Trunc(1), 1) assert.Len(t, RevisionHistories{{}, {}}.Trunc(1), 1) // keep the last element, even with longer list @@ -2904,28 +2909,22 @@ func TestProjectNormalize(t *testing.T) { assert.ElementsMatch(t, p.Spec.Roles[0].JWTTokens, p.Status.JWTTokensByRole["test-role"].Items) }) t.Run("SpecRolesEmpty-StatusRolesToken", func(t *testing.T) { - p := AppProject{ - Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role"}}}, - Status: AppProjectStatus{JWTTokensByRole: tokensByRole}, - } + p := AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role"}}}, + Status: AppProjectStatus{JWTTokensByRole: tokensByRole}} needNormalize := p.NormalizeJWTTokens() assert.True(t, needNormalize) assert.ElementsMatch(t, p.Spec.Roles[0].JWTTokens, p.Status.JWTTokensByRole["test-role"].Items) }) t.Run("SpecRolesToken-StatusRolesToken-Same", func(t *testing.T) { - p := AppProject{ - Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", JWTTokens: testTokens}}}, - Status: AppProjectStatus{JWTTokensByRole: tokensByRole}, - } + p := AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", JWTTokens: testTokens}}}, + Status: AppProjectStatus{JWTTokensByRole: tokensByRole}} needNormalize := p.NormalizeJWTTokens() assert.False(t, needNormalize) assert.ElementsMatch(t, p.Spec.Roles[0].JWTTokens, p.Status.JWTTokensByRole["test-role"].Items) }) t.Run("SpecRolesToken-StatusRolesToken-DifferentToken", func(t *testing.T) { - p := AppProject{ - Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", JWTTokens: testTokens2}}}, - Status: AppProjectStatus{JWTTokensByRole: tokensByRole}, - } + p := AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", JWTTokens: testTokens2}}}, + Status: AppProjectStatus{JWTTokensByRole: tokensByRole}} needNormalize := p.NormalizeJWTTokens() assert.True(t, needNormalize) assert.ElementsMatch(t, p.Spec.Roles[0].JWTTokens, p.Status.JWTTokensByRole["test-role"].Items) @@ -2933,14 +2932,10 @@ func TestProjectNormalize(t *testing.T) { t.Run("SpecRolesToken-StatusRolesToken-DifferentRole", func(t *testing.T) { jwtTokens0 := []JWTToken{{IssuedAt: issuedAt}} jwtTokens1 := []JWTToken{{IssuedAt: issuedAt}, {IssuedAt: secondIssuedAt}} - p := AppProject{ - Spec: AppProjectSpec{Roles: []ProjectRole{ - {Name: "test-role", JWTTokens: jwtTokens0}, - {Name: "test-role1", JWTTokens: jwtTokens1}, - {Name: "test-role2"}, - }}, - Status: AppProjectStatus{JWTTokensByRole: tokensByRole}, - } + p := AppProject{Spec: AppProjectSpec{Roles: []ProjectRole{{Name: "test-role", JWTTokens: jwtTokens0}, + {Name: "test-role1", JWTTokens: jwtTokens1}, + {Name: "test-role2"}}}, + Status: AppProjectStatus{JWTTokensByRole: tokensByRole}} needNormalize := p.NormalizeJWTTokens() assert.True(t, needNormalize) assert.ElementsMatch(t, p.Spec.Roles[0].JWTTokens, p.Status.JWTTokensByRole["test-role"].Items) @@ -2964,16 +2959,17 @@ func TestRetryStrategy_NextRetryAtDefaultBackoff(t *testing.T) { for i, expected := range expectedTimes { retryAt, err := retry.NextRetryAt(now, int64(i)) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expected.Format(time.RFC850), retryAt.Format(time.RFC850)) } + } func TestRetryStrategy_NextRetryAtCustomBackoff(t *testing.T) { retry := RetryStrategy{ Backoff: &Backoff{ Duration: "2s", - Factor: ptr.To(int64(3)), + Factor: pointer.Int64(3), MaxDuration: "1m", }, } @@ -2988,7 +2984,7 @@ func TestRetryStrategy_NextRetryAtCustomBackoff(t *testing.T) { for i, expected := range expectedTimes { retryAt, err := retry.NextRetryAt(now, int64(i)) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expected.Format(time.RFC850), retryAt.Format(time.RFC850)) } } @@ -3048,7 +3044,7 @@ func TestRemoveEnvEntry(t *testing.T) { &EnvEntry{"gamma", "delta"}, }, } - require.NoError(t, plugins.RemoveEnvEntry("alpha")) + assert.NoError(t, plugins.RemoveEnvEntry("alpha")) want := Env{&EnvEntry{"foo", "bar"}, &EnvEntry{"gamma", "delta"}} assert.Equal(t, want, plugins.Env) }) @@ -3057,7 +3053,7 @@ func TestRemoveEnvEntry(t *testing.T) { Name: "test", Env: Env{&EnvEntry{"foo", "bar"}}, } - require.NoError(t, plugins.RemoveEnvEntry("foo")) + assert.NoError(t, plugins.RemoveEnvEntry("foo")) assert.Equal(t, Env{}, plugins.Env) }) t.Run("Remove unknown element from the list", func(t *testing.T) { @@ -3066,15 +3062,15 @@ func TestRemoveEnvEntry(t *testing.T) { Env: Env{&EnvEntry{"foo", "bar"}}, } err := plugins.RemoveEnvEntry("key") - require.EqualError(t, err, `unable to find env variable with key "key" for plugin "test"`) + assert.EqualError(t, err, `unable to find env variable with key "key" for plugin "test"`) err = plugins.RemoveEnvEntry("bar") - require.EqualError(t, err, `unable to find env variable with key "bar" for plugin "test"`) + assert.EqualError(t, err, `unable to find env variable with key "bar" for plugin "test"`) assert.Equal(t, Env{&EnvEntry{"foo", "bar"}}, plugins.Env) }) t.Run("Remove element from an empty list", func(t *testing.T) { plugins := &ApplicationSourcePlugin{Name: "test"} err := plugins.RemoveEnvEntry("key") - require.EqualError(t, err, `unable to find env variable with key "key" for plugin "test"`) + assert.EqualError(t, err, `unable to find env variable with key "key" for plugin "test"`) }) } @@ -3082,101 +3078,39 @@ func TestOrphanedResourcesMonitorSettings_IsWarn(t *testing.T) { settings := OrphanedResourcesMonitorSettings{} assert.False(t, settings.IsWarn()) - settings.Warn = ptr.To(false) + settings.Warn = pointer.Bool(false) assert.False(t, settings.IsWarn()) - settings.Warn = ptr.To(true) + settings.Warn = pointer.Bool(true) assert.True(t, settings.IsWarn()) } -func Test_isValidPolicy(t *testing.T) { - policyTests := []struct { - name string - policy string - isValid bool - }{ - { - name: "policy with full wildcard", - policy: "some-project/*", - isValid: true, - }, - { - name: "policy with specified project and application", - policy: "some-project/some-application", - isValid: true, - }, - { - name: "policy with full wildcard namespace and application", - policy: "some-project/*/*", - isValid: true, - }, - { - name: "policy with wildcard namespace and specified application", - policy: "some-project/*/some-application", - isValid: true, - }, - { - name: "policy with specified namespace and wildcard application", - policy: "some-project/some-namespace/*", - isValid: true, - }, - { - name: "policy with wildcard prefix namespace and specified application", - policy: "some-project/some-name*/some-application", - isValid: true, - }, - { - name: "policy with specified namespace and wildcard prefixed application", - policy: "some-project/some-namespace/some-app*", - isValid: true, - }, - { - name: "policy with valid namespace and application", - policy: "some-project/some-namespace/some-application", - isValid: true, - }, - { - name: "policy with invalid namespace character", - policy: "some-project/some~namespace/some-application", - isValid: false, - }, - { - name: "policy with invalid application character", - policy: "some-project/some-namespace/some^application", - isValid: false, - }, - } - - for _, policyTest := range policyTests { - assert.Equal(t, policyTest.isValid, isValidObject("some-project", policyTest.policy), policyTest.name) - } -} - func Test_validatePolicy_projIsNotRegex(t *testing.T) { // Make sure the "." in "some.project" isn't treated as the regex wildcard. err := validatePolicy("some.project", "org-admin", "p, proj:some.project:org-admin, applications, *, some-project/*, allow") - require.Error(t, err) + assert.Error(t, err) err = validatePolicy("some.project", "org-admin", "p, proj:some.project:org-admin, applications, *, some.project/*, allow") - require.NoError(t, err) + assert.NoError(t, err) err = validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, applications, *, some-project/*, allow") - require.NoError(t, err) + assert.NoError(t, err) } func Test_validatePolicy_ValidResource(t *testing.T) { err := validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, applications, *, some-project/*, allow") - require.NoError(t, err) + assert.NoError(t, err) err = validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, repositories, *, some-project/*, allow") - require.NoError(t, err) + assert.NoError(t, err) err = validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, clusters, *, some-project/*, allow") - require.NoError(t, err) + assert.NoError(t, err) err = validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, exec, *, some-project/*, allow") - require.NoError(t, err) + assert.NoError(t, err) err = validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, logs, *, some-project/*, allow") - require.NoError(t, err) + assert.NoError(t, err) err = validatePolicy("some-project", "org-admin", "p, proj:some-project:org-admin, unknown, *, some-project/*, allow") - require.Error(t, err) + assert.Error(t, err) + } func TestEnvsubst(t *testing.T) { @@ -3216,21 +3150,22 @@ func Test_validateGroupName(t *testing.T) { t.Run(tt.name, func(t *testing.T) { err := validateGroupName(tt.groupname) if tt.isvalid { - require.NoError(t, err) + assert.NoError(t, err) } else { - require.Error(t, err) + assert.Error(t, err) } }) } } func TestGetCAPath(t *testing.T) { + temppath := t.TempDir() cert, err := os.ReadFile("../../../../test/fixture/certs/argocd-test-server.crt") if err != nil { panic(err) } - err = os.WriteFile(path.Join(temppath, "foo.example.com"), cert, 0o666) + err = os.WriteFile(path.Join(temppath, "foo.example.com"), cert, 0666) if err != nil { panic(err) } @@ -3379,6 +3314,7 @@ func TestAppProjectIsSourceNamespacePermitted(t *testing.T) { // app7 is installed to someotherns, controller running in argocd assert.False(t, proj.IsAppNamespacePermitted(app7, "argocd")) }) + } func Test_RBACName(t *testing.T) { @@ -3424,7 +3360,7 @@ func TestGetSummary(t *testing.T) { app := newTestApp() summary := tree.GetSummary(app) - assert.Empty(t, summary.ExternalURLs) + assert.Equal(t, len(summary.ExternalURLs), 0) const annotationName = argocdcommon.AnnotationKeyLinkPrefix + "/my-link" const url = "https://example.com" @@ -3432,15 +3368,15 @@ func TestGetSummary(t *testing.T) { app.Annotations[annotationName] = url summary = tree.GetSummary(app) - assert.Len(t, summary.ExternalURLs, 1) - assert.Equal(t, url, summary.ExternalURLs[0]) + assert.Equal(t, len(summary.ExternalURLs), 1) + assert.Equal(t, summary.ExternalURLs[0], url) } func TestApplicationSourcePluginParameters_Environ_string(t *testing.T) { params := ApplicationSourcePluginParameters{ { Name: "version", - String_: ptr.To("1.2.3"), + String_: pointer.String("1.2.3"), }, } environ, err := params.Environ() @@ -3497,7 +3433,7 @@ func TestApplicationSourcePluginParameters_Environ_all(t *testing.T) { params := ApplicationSourcePluginParameters{ { Name: "some-name", - String_: ptr.To("1.2.3"), + String_: pointer.String("1.2.3"), OptionalArray: &OptionalArray{ Array: []string{"redis", "minio"}, }, diff --git a/pkg/apis/application/v1alpha1/values.go b/pkg/apis/application/v1alpha1/values.go index 1c0d6b76de703..942e2a651cf71 100644 --- a/pkg/apis/application/v1alpha1/values.go +++ b/pkg/apis/application/v1alpha1/values.go @@ -19,11 +19,11 @@ func (h *ApplicationSourceHelm) SetValuesString(value string) error { } else { data, err := yaml.YAMLToJSON([]byte(value)) if err != nil { - return fmt.Errorf("failed converting yaml to json: %w", err) + return fmt.Errorf("failed converting yaml to json: %v", err) } var v interface{} if err := json.Unmarshal(data, &v); err != nil { - return fmt.Errorf("failed to unmarshal json: %w", err) + return fmt.Errorf("failed to unmarshal json: %v", err) } switch v.(type) { case string: diff --git a/pkg/apis/application/v1alpha1/values_test.go b/pkg/apis/application/v1alpha1/values_test.go index 6c2c5676f3f62..f21f17168a2e8 100644 --- a/pkg/apis/application/v1alpha1/values_test.go +++ b/pkg/apis/application/v1alpha1/values_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestValues_SetString(t *testing.T) { @@ -70,12 +69,12 @@ func TestValues_SetString(t *testing.T) { if !testCase.expectError { assert.Equal(t, testCase.expectValue, source.ValuesString()) data, err := source.ValuesObject.MarshalJSON() - require.NoError(t, err) + assert.NoError(t, err) err = source.ValuesObject.UnmarshalJSON(data) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testCase.expectValue, source.ValuesString()) } else { - require.Error(t, err) + assert.Error(t, err) } }) } diff --git a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go index a6de15dd7a265..d61af65785b95 100644 --- a/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/application/v1alpha1/zz_generated.deepcopy.go @@ -376,11 +376,6 @@ func (in *ApplicationSetApplicationStatus) DeepCopyInto(out *ApplicationSetAppli in, out := &in.LastTransitionTime, &out.LastTransitionTime *out = (*in).DeepCopy() } - if in.TargetRevisions != nil { - in, out := &in.TargetRevisions, &out.TargetRevisions - *out = make([]string, len(*in)) - copy(*out, *in) - } return } @@ -773,13 +768,6 @@ func (in *ApplicationSetStatus) DeepCopyInto(out *ApplicationSetStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - if in.Resources != nil { - in, out := &in.Resources, &out.Resources - *out = make([]ResourceStatus, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } return } @@ -966,29 +954,6 @@ func (in ApplicationSetTerminalGenerators) DeepCopy() ApplicationSetTerminalGene return *out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ApplicationSetTree) DeepCopyInto(out *ApplicationSetTree) { - *out = *in - if in.Nodes != nil { - in, out := &in.Nodes, &out.Nodes - *out = make([]ResourceNode, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ApplicationSetTree. -func (in *ApplicationSetTree) DeepCopy() *ApplicationSetTree { - if in == nil { - return nil - } - out := new(ApplicationSetTree) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ApplicationSource) DeepCopyInto(out *ApplicationSource) { *out = *in diff --git a/reposerver/apiclient/clientset.go b/reposerver/apiclient/clientset.go index 210b8141e7cec..417dc758ef5bd 100644 --- a/reposerver/apiclient/clientset.go +++ b/reposerver/apiclient/clientset.go @@ -4,12 +4,8 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "math" "time" - "github.com/argoproj/argo-cd/v2/common" - "github.com/argoproj/argo-cd/v2/util/env" - grpc_middleware "github.com/grpc-ecosystem/go-grpc-middleware" grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" log "github.com/sirupsen/logrus" @@ -21,8 +17,12 @@ import ( "github.com/argoproj/argo-cd/v2/util/io" ) -// MaxGRPCMessageSize contains max grpc message size -var MaxGRPCMessageSize = env.ParseNumFromEnv(common.EnvGRPCMaxSizeMB, 100, 0, math.MaxInt32) * 1024 * 1024 +//go:generate go run github.com/vektra/mockery/v2@v2.15.0 --name=RepoServerServiceClient + +const ( + // MaxGRPCMessageSize contains max grpc message size + MaxGRPCMessageSize = 100 * 1024 * 1024 +) // TLSConfiguration describes parameters for TLS configuration to be used by a repo server API client type TLSConfiguration struct { diff --git a/reposerver/apiclient/clientset_test.go b/reposerver/apiclient/clientset_test.go index c0966b799de50..617cbbd0796e5 100644 --- a/reposerver/apiclient/clientset_test.go +++ b/reposerver/apiclient/clientset_test.go @@ -3,21 +3,20 @@ package apiclient_test import ( "testing" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" + "github.com/stretchr/testify/assert" ) func TestNewRepoServerClient_CorrectClientReturned(t *testing.T) { + mockClientset := &mocks.Clientset{ RepoServerServiceClient: &mocks.RepoServerServiceClient{}, } closer, client, err := mockClientset.NewRepoServerClient() - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, closer) assert.NotNil(t, client) assert.Equal(t, mockClientset.RepoServerServiceClient, client) @@ -60,7 +59,7 @@ func TestNewConnection_TLSWithStrictValidation(t *testing.T) { conn, err := apiclient.NewConnection("example.com:443", 10, &tlsConfig) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, conn) } @@ -73,7 +72,7 @@ func TestNewConnection_TLSWithStrictValidationAndCertificates(t *testing.T) { conn, err := apiclient.NewConnection("example.com:443", 10, &tlsConfig) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, conn) } @@ -87,6 +86,6 @@ func TestNewConnection_InsecureConnection(t *testing.T) { conn, err := apiclient.NewConnection("example.com:80", 10, &tlsConfig) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, conn) } diff --git a/reposerver/apiclient/mocks/RepoServerServiceClient.go b/reposerver/apiclient/mocks/RepoServerServiceClient.go index 056747e5b28be..1939dcfe140d7 100644 --- a/reposerver/apiclient/mocks/RepoServerServiceClient.go +++ b/reposerver/apiclient/mocks/RepoServerServiceClient.go @@ -1,4 +1,4 @@ -// Code generated by mockery v2.43.2. DO NOT EDIT. +// Code generated by mockery v2.32.4. DO NOT EDIT. package mocks @@ -32,10 +32,6 @@ func (_m *RepoServerServiceClient) GenerateManifest(ctx context.Context, in *api _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for GenerateManifest") - } - var r0 *apiclient.ManifestResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.ManifestRequest, ...grpc.CallOption) (*apiclient.ManifestResponse, error)); ok { @@ -69,10 +65,6 @@ func (_m *RepoServerServiceClient) GenerateManifestWithFiles(ctx context.Context _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for GenerateManifestWithFiles") - } - var r0 apiclient.RepoServerService_GenerateManifestWithFilesClient var r1 error if rf, ok := ret.Get(0).(func(context.Context, ...grpc.CallOption) (apiclient.RepoServerService_GenerateManifestWithFilesClient, error)); ok { @@ -106,10 +98,6 @@ func (_m *RepoServerServiceClient) GetAppDetails(ctx context.Context, in *apicli _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for GetAppDetails") - } - var r0 *apiclient.RepoAppDetailsResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.RepoServerAppDetailsQuery, ...grpc.CallOption) (*apiclient.RepoAppDetailsResponse, error)); ok { @@ -143,10 +131,6 @@ func (_m *RepoServerServiceClient) GetGitDirectories(ctx context.Context, in *ap _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for GetGitDirectories") - } - var r0 *apiclient.GitDirectoriesResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.GitDirectoriesRequest, ...grpc.CallOption) (*apiclient.GitDirectoriesResponse, error)); ok { @@ -180,10 +164,6 @@ func (_m *RepoServerServiceClient) GetGitFiles(ctx context.Context, in *apiclien _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for GetGitFiles") - } - var r0 *apiclient.GitFilesResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.GitFilesRequest, ...grpc.CallOption) (*apiclient.GitFilesResponse, error)); ok { @@ -217,10 +197,6 @@ func (_m *RepoServerServiceClient) GetHelmCharts(ctx context.Context, in *apicli _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for GetHelmCharts") - } - var r0 *apiclient.HelmChartsResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.HelmChartsRequest, ...grpc.CallOption) (*apiclient.HelmChartsResponse, error)); ok { @@ -254,10 +230,6 @@ func (_m *RepoServerServiceClient) GetRevisionChartDetails(ctx context.Context, _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for GetRevisionChartDetails") - } - var r0 *v1alpha1.ChartDetails var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.RepoServerRevisionChartDetailsRequest, ...grpc.CallOption) (*v1alpha1.ChartDetails, error)); ok { @@ -291,10 +263,6 @@ func (_m *RepoServerServiceClient) GetRevisionMetadata(ctx context.Context, in * _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for GetRevisionMetadata") - } - var r0 *v1alpha1.RevisionMetadata var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.RepoServerRevisionMetadataRequest, ...grpc.CallOption) (*v1alpha1.RevisionMetadata, error)); ok { @@ -328,10 +296,6 @@ func (_m *RepoServerServiceClient) ListApps(ctx context.Context, in *apiclient.L _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for ListApps") - } - var r0 *apiclient.AppList var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.ListAppsRequest, ...grpc.CallOption) (*apiclient.AppList, error)); ok { @@ -365,10 +329,6 @@ func (_m *RepoServerServiceClient) ListPlugins(ctx context.Context, in *emptypb. _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for ListPlugins") - } - var r0 *apiclient.PluginList var r1 error if rf, ok := ret.Get(0).(func(context.Context, *emptypb.Empty, ...grpc.CallOption) (*apiclient.PluginList, error)); ok { @@ -402,10 +362,6 @@ func (_m *RepoServerServiceClient) ListRefs(ctx context.Context, in *apiclient.L _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for ListRefs") - } - var r0 *apiclient.Refs var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.ListRefsRequest, ...grpc.CallOption) (*apiclient.Refs, error)); ok { @@ -439,10 +395,6 @@ func (_m *RepoServerServiceClient) ResolveRevision(ctx context.Context, in *apic _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for ResolveRevision") - } - var r0 *apiclient.ResolveRevisionResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.ResolveRevisionRequest, ...grpc.CallOption) (*apiclient.ResolveRevisionResponse, error)); ok { @@ -476,10 +428,6 @@ func (_m *RepoServerServiceClient) TestRepository(ctx context.Context, in *apicl _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for TestRepository") - } - var r0 *apiclient.TestRepositoryResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.TestRepositoryRequest, ...grpc.CallOption) (*apiclient.TestRepositoryResponse, error)); ok { @@ -513,10 +461,6 @@ func (_m *RepoServerServiceClient) UpdateRevisionForPaths(ctx context.Context, i _ca = append(_ca, _va...) ret := _m.Called(_ca...) - if len(ret) == 0 { - panic("no return value specified for UpdateRevisionForPaths") - } - var r0 *apiclient.UpdateRevisionForPathsResponse var r1 error if rf, ok := ret.Get(0).(func(context.Context, *apiclient.UpdateRevisionForPathsRequest, ...grpc.CallOption) (*apiclient.UpdateRevisionForPathsResponse, error)); ok { diff --git a/reposerver/apiclient/repository.pb.go b/reposerver/apiclient/repository.pb.go index 549137a342809..19ddddf2111dc 100644 --- a/reposerver/apiclient/repository.pb.go +++ b/reposerver/apiclient/repository.pb.go @@ -1919,7 +1919,6 @@ type GitFilesRequest struct { Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` NewGitFileGlobbingEnabled bool `protobuf:"varint,5,opt,name=NewGitFileGlobbingEnabled,proto3" json:"NewGitFileGlobbingEnabled,omitempty"` NoRevisionCache bool `protobuf:"varint,6,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` - VerifyCommit bool `protobuf:"varint,7,opt,name=verifyCommit,proto3" json:"verifyCommit,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2000,13 +1999,6 @@ func (m *GitFilesRequest) GetNoRevisionCache() bool { return false } -func (m *GitFilesRequest) GetVerifyCommit() bool { - if m != nil { - return m.VerifyCommit - } - return false -} - type GitFilesResponse struct { // Map consisting of path of the path to its contents in bytes Map map[string][]byte `protobuf:"bytes,1,rep,name=map,proto3" json:"map,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` @@ -2060,7 +2052,6 @@ type GitDirectoriesRequest struct { SubmoduleEnabled bool `protobuf:"varint,2,opt,name=submoduleEnabled,proto3" json:"submoduleEnabled,omitempty"` Revision string `protobuf:"bytes,3,opt,name=revision,proto3" json:"revision,omitempty"` NoRevisionCache bool `protobuf:"varint,4,opt,name=noRevisionCache,proto3" json:"noRevisionCache,omitempty"` - VerifyCommit bool `protobuf:"varint,5,opt,name=verifyCommit,proto3" json:"verifyCommit,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2127,13 +2118,6 @@ func (m *GitDirectoriesRequest) GetNoRevisionCache() bool { return false } -func (m *GitDirectoriesRequest) GetVerifyCommit() bool { - if m != nil { - return m.VerifyCommit - } - return false -} - type GitDirectoriesResponse struct { // A set of directory paths Paths []string `protobuf:"bytes,1,rep,name=paths,proto3" json:"paths,omitempty"` @@ -2326,6 +2310,7 @@ func (m *UpdateRevisionForPathsRequest) GetPaths() []string { } type UpdateRevisionForPathsResponse struct { + Changes bool `protobuf:"varint,1,opt,name=changes,proto3" json:"changes,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -2364,6 +2349,13 @@ func (m *UpdateRevisionForPathsResponse) XXX_DiscardUnknown() { var xxx_messageInfo_UpdateRevisionForPathsResponse proto.InternalMessageInfo +func (m *UpdateRevisionForPathsResponse) GetChanges() bool { + if m != nil { + return m.Changes + } + return false +} + func init() { proto.RegisterType((*ManifestRequest)(nil), "repository.ManifestRequest") proto.RegisterMapType((map[string]bool)(nil), "repository.ManifestRequest.EnabledSourceTypesEntry") @@ -2415,150 +2407,150 @@ func init() { var fileDescriptor_dd8723cfcc820480 = []byte{ // 2298 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0xcd, 0x73, 0x1c, 0x47, - 0x15, 0xd7, 0x7e, 0x6a, 0xf7, 0x49, 0xd6, 0x47, 0xdb, 0x96, 0xc7, 0x1b, 0x5b, 0xa5, 0x0c, 0xd8, - 0xe5, 0xd8, 0xc9, 0x6e, 0x59, 0xae, 0xc4, 0xe0, 0x84, 0x50, 0x8a, 0x62, 0x4b, 0x8e, 0x2d, 0x5b, - 0x8c, 0x1d, 0x28, 0x83, 0x81, 0xea, 0x9d, 0xed, 0xdd, 0x9d, 0xec, 0x7c, 0xb4, 0x67, 0x7a, 0x14, - 0xd6, 0x55, 0x9c, 0xa0, 0xb8, 0x70, 0xe7, 0xc0, 0x95, 0x7f, 0x80, 0x0b, 0xc5, 0x91, 0x03, 0xc5, - 0xc7, 0x91, 0xe2, 0xc2, 0x11, 0xca, 0x47, 0xfe, 0x0a, 0xaa, 0x3f, 0xe6, 0x73, 0x67, 0xd7, 0x0a, - 0x6b, 0x2b, 0x90, 0x8b, 0x34, 0xfd, 0xba, 0xfb, 0xbd, 0xd7, 0xaf, 0xdf, 0x7b, 0xfd, 0x7b, 0xdd, - 0x0b, 0x97, 0x7d, 0x42, 0xbd, 0x80, 0xf8, 0x47, 0xc4, 0xef, 0x88, 0x4f, 0x8b, 0x79, 0xfe, 0x38, - 0xf5, 0xd9, 0xa6, 0xbe, 0xc7, 0x3c, 0x04, 0x09, 0xa5, 0x75, 0x7f, 0x60, 0xb1, 0x61, 0xd8, 0x6d, - 0x9b, 0x9e, 0xd3, 0xc1, 0xfe, 0xc0, 0xa3, 0xbe, 0xf7, 0x99, 0xf8, 0x78, 0xc7, 0xec, 0x75, 0x8e, - 0xb6, 0x3b, 0x74, 0x34, 0xe8, 0x60, 0x6a, 0x05, 0x1d, 0x4c, 0xa9, 0x6d, 0x99, 0x98, 0x59, 0x9e, - 0xdb, 0x39, 0xba, 0x8e, 0x6d, 0x3a, 0xc4, 0xd7, 0x3b, 0x03, 0xe2, 0x12, 0x1f, 0x33, 0xd2, 0x93, - 0x9c, 0x5b, 0x6f, 0x0c, 0x3c, 0x6f, 0x60, 0x93, 0x8e, 0x68, 0x75, 0xc3, 0x7e, 0x87, 0x38, 0x94, - 0x29, 0xb1, 0xfa, 0xbf, 0x97, 0x61, 0xf5, 0x00, 0xbb, 0x56, 0x9f, 0x04, 0xcc, 0x20, 0xcf, 0x42, - 0x12, 0x30, 0xf4, 0x14, 0xaa, 0x5c, 0x19, 0xad, 0xb4, 0x55, 0xba, 0xb2, 0xb4, 0xbd, 0xdf, 0x4e, - 0xb4, 0x69, 0x47, 0xda, 0x88, 0x8f, 0x1f, 0x9b, 0xbd, 0xf6, 0xd1, 0x76, 0x9b, 0x8e, 0x06, 0x6d, - 0xae, 0x4d, 0x3b, 0xa5, 0x4d, 0x3b, 0xd2, 0xa6, 0x6d, 0xc4, 0xcb, 0x32, 0x04, 0x57, 0xd4, 0x82, - 0x86, 0x4f, 0x8e, 0xac, 0xc0, 0xf2, 0x5c, 0xad, 0xbc, 0x55, 0xba, 0xd2, 0x34, 0xe2, 0x36, 0xd2, - 0x60, 0xd1, 0xf5, 0x76, 0xb1, 0x39, 0x24, 0x5a, 0x65, 0xab, 0x74, 0xa5, 0x61, 0x44, 0x4d, 0xb4, - 0x05, 0x4b, 0x98, 0xd2, 0xfb, 0xb8, 0x4b, 0xec, 0x7b, 0x64, 0xac, 0x55, 0xc5, 0xc4, 0x34, 0x89, - 0xcf, 0xc5, 0x94, 0x3e, 0xc0, 0x0e, 0xd1, 0x6a, 0xa2, 0x37, 0x6a, 0xa2, 0x0b, 0xd0, 0x74, 0xb1, - 0x43, 0x02, 0x8a, 0x4d, 0xa2, 0x35, 0x44, 0x5f, 0x42, 0x40, 0x3f, 0x85, 0xf5, 0x94, 0xe2, 0x8f, - 0xbc, 0xd0, 0x37, 0x89, 0x06, 0x62, 0xe9, 0x0f, 0xe7, 0x5b, 0xfa, 0x4e, 0x9e, 0xad, 0x31, 0x29, - 0x09, 0xfd, 0x08, 0x6a, 0x62, 0xe7, 0xb5, 0xa5, 0xad, 0xca, 0x2b, 0xb5, 0xb6, 0x64, 0x8b, 0x5c, - 0x58, 0xa4, 0x76, 0x38, 0xb0, 0xdc, 0x40, 0x5b, 0x16, 0x12, 0x1e, 0xcf, 0x27, 0x61, 0xd7, 0x73, - 0xfb, 0xd6, 0xe0, 0x00, 0xbb, 0x78, 0x40, 0x1c, 0xe2, 0xb2, 0x43, 0xc1, 0xdc, 0x88, 0x84, 0xa0, - 0xe7, 0xb0, 0x36, 0x0a, 0x03, 0xe6, 0x39, 0xd6, 0x73, 0xf2, 0x90, 0xf2, 0xb9, 0x81, 0x76, 0x4a, - 0x58, 0xf3, 0xc1, 0x7c, 0x82, 0xef, 0xe5, 0xb8, 0x1a, 0x13, 0x72, 0xb8, 0x93, 0x8c, 0xc2, 0x2e, - 0xf9, 0x2e, 0xf1, 0x85, 0x77, 0xad, 0x48, 0x27, 0x49, 0x91, 0xa4, 0x1b, 0x59, 0xaa, 0x15, 0x68, - 0xab, 0x5b, 0x15, 0xe9, 0x46, 0x31, 0x09, 0x5d, 0x81, 0xd5, 0x23, 0xe2, 0x5b, 0xfd, 0xf1, 0x23, - 0x6b, 0xe0, 0x62, 0x16, 0xfa, 0x44, 0x5b, 0x13, 0xae, 0x98, 0x27, 0x23, 0x07, 0x4e, 0x0d, 0x89, - 0xed, 0x70, 0x93, 0xef, 0xfa, 0xa4, 0x17, 0x68, 0xeb, 0xc2, 0xbe, 0x7b, 0xf3, 0xef, 0xa0, 0x60, - 0x67, 0x64, 0xb9, 0x73, 0xc5, 0x5c, 0xcf, 0x50, 0x91, 0x22, 0x63, 0x04, 0x49, 0xc5, 0x72, 0x64, - 0x74, 0x19, 0x56, 0x98, 0x8f, 0xcd, 0x91, 0xe5, 0x0e, 0x0e, 0x08, 0x1b, 0x7a, 0x3d, 0xed, 0xb4, - 0xb0, 0x44, 0x8e, 0x8a, 0x4c, 0x40, 0xc4, 0xc5, 0x5d, 0x9b, 0xf4, 0xa4, 0x2f, 0x3e, 0x1e, 0x53, - 0x12, 0x68, 0x67, 0xc4, 0x2a, 0x6e, 0xb4, 0x53, 0x19, 0x2a, 0x97, 0x20, 0xda, 0xb7, 0x27, 0x66, - 0xdd, 0x76, 0x99, 0x3f, 0x36, 0x0a, 0xd8, 0xa1, 0x11, 0x2c, 0xf1, 0x75, 0x44, 0xae, 0x70, 0x56, - 0xb8, 0xc2, 0xdd, 0xf9, 0x6c, 0xb4, 0x9f, 0x30, 0x34, 0xd2, 0xdc, 0x51, 0x1b, 0xd0, 0x10, 0x07, - 0x07, 0xa1, 0xcd, 0x2c, 0x6a, 0x13, 0xa9, 0x46, 0xa0, 0x6d, 0x08, 0x33, 0x15, 0xf4, 0xa0, 0x7b, - 0x00, 0x3e, 0xe9, 0x47, 0xe3, 0xce, 0x89, 0x95, 0x5f, 0x9b, 0xb5, 0x72, 0x23, 0x1e, 0x2d, 0x57, - 0x9c, 0x9a, 0xce, 0x85, 0xf3, 0x65, 0x10, 0x93, 0xa9, 0x68, 0x17, 0x61, 0xad, 0x09, 0x17, 0x2b, - 0xe8, 0xe1, 0xbe, 0xa8, 0xa8, 0x22, 0x69, 0x9d, 0x97, 0xde, 0x9a, 0x22, 0xb5, 0x6e, 0xc3, 0xb9, - 0x29, 0xa6, 0x46, 0x6b, 0x50, 0x19, 0x91, 0xb1, 0x48, 0xd1, 0x4d, 0x83, 0x7f, 0xa2, 0x33, 0x50, - 0x3b, 0xc2, 0x76, 0x48, 0x44, 0x52, 0x6d, 0x18, 0xb2, 0x71, 0xab, 0xfc, 0x8d, 0x52, 0xeb, 0x17, - 0x25, 0x58, 0xcd, 0x29, 0x5e, 0x30, 0xff, 0x87, 0xe9, 0xf9, 0xaf, 0xc0, 0x8d, 0xfb, 0x8f, 0xb1, - 0x3f, 0x20, 0x2c, 0xa5, 0x88, 0xfe, 0xf7, 0x12, 0x68, 0x39, 0x8b, 0x7e, 0xcf, 0x62, 0xc3, 0x3b, - 0x96, 0x4d, 0x02, 0x74, 0x13, 0x16, 0x7d, 0x49, 0x53, 0x07, 0xcf, 0x1b, 0x33, 0x36, 0x62, 0x7f, - 0xc1, 0x88, 0x46, 0xa3, 0x0f, 0xa1, 0xe1, 0x10, 0x86, 0x7b, 0x98, 0x61, 0xa5, 0xfb, 0x56, 0xd1, - 0x4c, 0x2e, 0xe5, 0x40, 0x8d, 0xdb, 0x5f, 0x30, 0xe2, 0x39, 0xe8, 0x5d, 0xa8, 0x99, 0xc3, 0xd0, - 0x1d, 0x89, 0x23, 0x67, 0x69, 0xfb, 0xe2, 0xb4, 0xc9, 0xbb, 0x7c, 0xd0, 0xfe, 0x82, 0x21, 0x47, - 0x7f, 0x54, 0x87, 0x2a, 0xc5, 0x3e, 0xd3, 0xef, 0xc0, 0x99, 0x22, 0x11, 0xfc, 0x9c, 0x33, 0x87, - 0xc4, 0x1c, 0x05, 0xa1, 0xa3, 0xcc, 0x1c, 0xb7, 0x11, 0x82, 0x6a, 0x60, 0x3d, 0x97, 0xa6, 0xae, - 0x18, 0xe2, 0x5b, 0x7f, 0x0b, 0xd6, 0x27, 0xa4, 0xf1, 0x4d, 0x95, 0xba, 0x71, 0x0e, 0xcb, 0x4a, - 0xb4, 0x1e, 0xc2, 0xd9, 0xc7, 0xc2, 0x16, 0x71, 0xb2, 0x3f, 0x89, 0x93, 0x5b, 0xdf, 0x87, 0x8d, - 0xbc, 0xd8, 0x80, 0x7a, 0x6e, 0x40, 0xb8, 0xeb, 0x8b, 0xec, 0x68, 0x91, 0x5e, 0xd2, 0x2b, 0xb4, - 0x68, 0x18, 0x05, 0x3d, 0xfa, 0x6f, 0xca, 0xb0, 0x61, 0x90, 0xc0, 0xb3, 0x8f, 0x48, 0x94, 0xba, - 0x4e, 0x06, 0x7c, 0xfc, 0x00, 0x2a, 0x98, 0x52, 0xe5, 0x26, 0x77, 0x5f, 0xd9, 0xf1, 0x6e, 0x70, - 0xae, 0xe8, 0x6d, 0x58, 0xc7, 0x4e, 0xd7, 0x1a, 0x84, 0x5e, 0x18, 0x44, 0xcb, 0x12, 0x4e, 0xd5, - 0x34, 0x26, 0x3b, 0x78, 0xf8, 0x07, 0x22, 0x22, 0xef, 0xba, 0x3d, 0xf2, 0x13, 0x81, 0x68, 0x2a, - 0x46, 0x9a, 0xa4, 0x9b, 0x70, 0x6e, 0xc2, 0x48, 0xca, 0xe0, 0x69, 0x10, 0x55, 0xca, 0x81, 0xa8, - 0x42, 0x35, 0xca, 0x53, 0xd4, 0xd0, 0xff, 0x5c, 0x82, 0xb5, 0x24, 0xb8, 0x14, 0xfb, 0x0b, 0xd0, - 0x74, 0x14, 0x2d, 0xd0, 0x4a, 0x22, 0x83, 0x25, 0x84, 0x2c, 0x9e, 0x2a, 0xe7, 0xf1, 0xd4, 0x06, - 0xd4, 0x25, 0xdc, 0x55, 0x4b, 0x57, 0xad, 0x8c, 0xca, 0xd5, 0x9c, 0xca, 0x9b, 0x00, 0x41, 0x9c, - 0xe1, 0xb4, 0xba, 0xe8, 0x4d, 0x51, 0x90, 0x0e, 0xcb, 0xf2, 0xf4, 0x35, 0x48, 0x10, 0xda, 0x4c, - 0x5b, 0x14, 0x23, 0x32, 0x34, 0xdd, 0x83, 0xd5, 0xfb, 0x16, 0x5f, 0x43, 0x3f, 0x38, 0x99, 0x70, - 0x78, 0x0f, 0xaa, 0x5c, 0x18, 0x5f, 0x58, 0xd7, 0xc7, 0xae, 0x39, 0x24, 0x91, 0xad, 0xe2, 0x36, - 0x0f, 0x74, 0x86, 0x07, 0x81, 0x56, 0x16, 0x74, 0xf1, 0xad, 0xff, 0xbe, 0x2c, 0x35, 0xdd, 0xa1, - 0x34, 0xf8, 0xf2, 0x21, 0x77, 0x31, 0x08, 0xa8, 0x4c, 0x82, 0x80, 0x9c, 0xca, 0x5f, 0x04, 0x04, - 0xbc, 0xa2, 0x83, 0x4c, 0x0f, 0x61, 0x71, 0x87, 0x52, 0xae, 0x08, 0xba, 0x0e, 0x55, 0x4c, 0xa9, - 0x34, 0x78, 0x2e, 0x67, 0xab, 0x21, 0xfc, 0xbf, 0x52, 0x49, 0x0c, 0x6d, 0xdd, 0x84, 0x66, 0x4c, - 0x7a, 0x99, 0xd8, 0x66, 0x5a, 0xec, 0x16, 0x80, 0x44, 0xb9, 0x77, 0xdd, 0xbe, 0xc7, 0xb7, 0x94, - 0x3b, 0xbb, 0x9a, 0x2a, 0xbe, 0xf5, 0x5b, 0xd1, 0x08, 0xa1, 0xdb, 0xdb, 0x50, 0xb3, 0x18, 0x71, - 0x22, 0xe5, 0x36, 0xd2, 0xca, 0x25, 0x8c, 0x0c, 0x39, 0x48, 0xff, 0x4b, 0x03, 0xce, 0xf3, 0x1d, - 0x7b, 0x24, 0xc2, 0x64, 0x87, 0xd2, 0x8f, 0x09, 0xc3, 0x96, 0x1d, 0x7c, 0x27, 0x24, 0xfe, 0xf8, - 0x35, 0x3b, 0xc6, 0x00, 0xea, 0x32, 0xca, 0x54, 0x46, 0x7c, 0xe5, 0x05, 0x8f, 0x62, 0x9f, 0x54, - 0x39, 0x95, 0xd7, 0x53, 0xe5, 0x14, 0x55, 0x1d, 0xd5, 0x13, 0xaa, 0x3a, 0xa6, 0x17, 0x9e, 0xa9, - 0x72, 0xb6, 0x9e, 0x2d, 0x67, 0x0b, 0xc0, 0xfc, 0xe2, 0x71, 0xc1, 0x7c, 0xa3, 0x10, 0xcc, 0x3b, - 0x85, 0x71, 0xdc, 0x14, 0xe6, 0xfe, 0x56, 0xda, 0x03, 0xa7, 0xfa, 0xda, 0x3c, 0xb0, 0x1e, 0x5e, - 0x2b, 0xac, 0xff, 0x34, 0x03, 0xd3, 0x65, 0xa1, 0xfc, 0xee, 0xf1, 0xd6, 0x34, 0x03, 0xb0, 0x7f, - 0xe5, 0xe0, 0xf5, 0xcf, 0x05, 0xaa, 0xa2, 0x5e, 0x62, 0x83, 0xf8, 0x40, 0xe7, 0xe7, 0x10, 0x3f, - 0x5a, 0x55, 0xd2, 0xe2, 0xdf, 0xe8, 0x1a, 0x54, 0xb9, 0x91, 0x15, 0xec, 0x3d, 0x97, 0xb6, 0x27, - 0xdf, 0x89, 0x1d, 0x4a, 0x1f, 0x51, 0x62, 0x1a, 0x62, 0x10, 0xba, 0x05, 0xcd, 0xd8, 0xf1, 0x55, - 0x64, 0x5d, 0x48, 0xcf, 0x88, 0xe3, 0x24, 0x9a, 0x96, 0x0c, 0xe7, 0x73, 0x7b, 0x96, 0x4f, 0x4c, - 0x01, 0x0a, 0x6b, 0x93, 0x73, 0x3f, 0x8e, 0x3a, 0xe3, 0xb9, 0xf1, 0x70, 0x74, 0x1d, 0xea, 0xf2, - 0x66, 0x41, 0x44, 0xd0, 0xd2, 0xf6, 0xf9, 0xc9, 0x64, 0x1a, 0xcd, 0x52, 0x03, 0xf5, 0x3f, 0x95, - 0xe0, 0xcd, 0xc4, 0x21, 0xa2, 0x68, 0x8a, 0x70, 0xf9, 0x97, 0x7f, 0xe2, 0x5e, 0x86, 0x15, 0x51, - 0x08, 0x24, 0x17, 0x0c, 0xf2, 0xae, 0x2b, 0x47, 0xd5, 0x7f, 0x57, 0x82, 0x4b, 0x93, 0xeb, 0xd8, - 0x1d, 0x62, 0x9f, 0xc5, 0xdb, 0x7b, 0x12, 0x6b, 0x89, 0x0e, 0xbc, 0x72, 0x72, 0xe0, 0x65, 0xd6, - 0x57, 0xc9, 0xae, 0x4f, 0xff, 0x43, 0x19, 0x96, 0x52, 0x0e, 0x54, 0x74, 0x60, 0x72, 0xc0, 0x27, - 0xfc, 0x56, 0x94, 0x7e, 0xe2, 0x50, 0x68, 0x1a, 0x29, 0x0a, 0x1a, 0x01, 0x50, 0xec, 0x63, 0x87, - 0x30, 0xe2, 0xf3, 0x4c, 0xce, 0x23, 0xfe, 0xde, 0xfc, 0xd9, 0xe5, 0x30, 0xe2, 0x69, 0xa4, 0xd8, - 0x73, 0xc4, 0x2a, 0x44, 0x07, 0x2a, 0x7f, 0xab, 0x16, 0xfa, 0x1c, 0x56, 0xfa, 0x96, 0x4d, 0x0e, - 0x13, 0x45, 0xea, 0x42, 0x91, 0x87, 0xf3, 0x2b, 0x72, 0x27, 0xcd, 0xd7, 0xc8, 0x89, 0xd1, 0xaf, - 0xc2, 0x5a, 0x3e, 0x9e, 0xb8, 0x92, 0x96, 0x83, 0x07, 0xb1, 0xb5, 0x54, 0x4b, 0x47, 0xb0, 0x96, - 0x8f, 0x1f, 0xfd, 0x9f, 0x65, 0x38, 0x1b, 0xb3, 0xdb, 0x71, 0x5d, 0x2f, 0x74, 0x4d, 0x71, 0x59, - 0x57, 0xb8, 0x17, 0x67, 0xa0, 0xc6, 0x2c, 0x66, 0xc7, 0xc0, 0x47, 0x34, 0xf8, 0xd9, 0xc5, 0x3c, - 0xcf, 0x66, 0x16, 0x55, 0x1b, 0x1c, 0x35, 0xe5, 0xde, 0x3f, 0x0b, 0x2d, 0x9f, 0xf4, 0x44, 0x26, - 0x68, 0x18, 0x71, 0x9b, 0xf7, 0x71, 0x54, 0x23, 0x60, 0xbc, 0x34, 0x66, 0xdc, 0x16, 0x7e, 0xef, - 0xd9, 0x36, 0x31, 0xb9, 0x39, 0x52, 0x40, 0x3f, 0x47, 0x15, 0x05, 0x04, 0xf3, 0x2d, 0x77, 0xa0, - 0x60, 0xbe, 0x6a, 0x71, 0x3d, 0xb1, 0xef, 0xe3, 0xb1, 0xd6, 0x10, 0x06, 0x90, 0x0d, 0xf4, 0x01, - 0x54, 0x1c, 0x4c, 0xd5, 0x41, 0x77, 0x35, 0x93, 0x1d, 0x8a, 0x2c, 0xd0, 0x3e, 0xc0, 0x54, 0x9e, - 0x04, 0x7c, 0x5a, 0xeb, 0x3d, 0x68, 0x44, 0x84, 0x2f, 0x04, 0x09, 0x3f, 0x83, 0x53, 0x99, 0xe4, - 0x83, 0x9e, 0xc0, 0x46, 0xe2, 0x51, 0x69, 0x81, 0x0a, 0x04, 0xbe, 0xf9, 0x52, 0xcd, 0x8c, 0x29, - 0x0c, 0xf4, 0x67, 0xb0, 0xce, 0x5d, 0x46, 0x04, 0xfe, 0x09, 0x95, 0x36, 0xef, 0x43, 0x33, 0x16, - 0x59, 0xe8, 0x33, 0x2d, 0x68, 0x1c, 0x45, 0x97, 0xa8, 0xb2, 0xb6, 0x89, 0xdb, 0xfa, 0x0e, 0xa0, - 0xb4, 0xbe, 0xea, 0x04, 0xba, 0x96, 0x05, 0xc5, 0x67, 0xf3, 0xc7, 0x8d, 0x18, 0x1e, 0x61, 0xe2, - 0x7f, 0x94, 0x61, 0x75, 0xcf, 0x12, 0xf7, 0x20, 0x27, 0x94, 0xe4, 0xae, 0xc2, 0x5a, 0x10, 0x76, - 0x1d, 0xaf, 0x17, 0xda, 0x44, 0x81, 0x02, 0x75, 0xd2, 0x4f, 0xd0, 0x67, 0x25, 0x3f, 0x6e, 0x2c, - 0x8a, 0xd9, 0x50, 0x55, 0xb8, 0xe2, 0x1b, 0x7d, 0x00, 0xe7, 0x1f, 0x90, 0xcf, 0xd5, 0x7a, 0xf6, - 0x6c, 0xaf, 0xdb, 0xb5, 0xdc, 0x41, 0x24, 0xa4, 0x26, 0x84, 0x4c, 0x1f, 0x50, 0x04, 0x15, 0xeb, - 0xc5, 0x50, 0x31, 0xae, 0x92, 0x77, 0x3d, 0xc7, 0xb1, 0x98, 0x42, 0x94, 0x19, 0x9a, 0xfe, 0xb3, - 0x12, 0xac, 0x25, 0x96, 0x55, 0x7b, 0x73, 0x53, 0xc6, 0x90, 0xdc, 0x99, 0x4b, 0xe9, 0x9d, 0xc9, - 0x0f, 0xfd, 0xef, 0xc3, 0x67, 0x39, 0x1d, 0x3e, 0xbf, 0x2c, 0xc3, 0xd9, 0x3d, 0x8b, 0x45, 0x89, - 0xcb, 0xfa, 0x7f, 0xdb, 0xe5, 0x82, 0x3d, 0xa9, 0x1e, 0x6f, 0x4f, 0x6a, 0x05, 0x7b, 0xd2, 0x86, - 0x8d, 0xbc, 0x31, 0xd4, 0xc6, 0x9c, 0x81, 0x1a, 0xf7, 0xa0, 0xe8, 0x5e, 0x41, 0x36, 0xf4, 0xdf, - 0xd6, 0xe1, 0xe2, 0xa7, 0xb4, 0x87, 0x59, 0x7c, 0x2f, 0x74, 0xc7, 0xf3, 0x0f, 0x79, 0xd7, 0xc9, - 0x58, 0x31, 0xf7, 0x16, 0x57, 0x9e, 0xf9, 0x16, 0x57, 0x99, 0xf1, 0x16, 0x57, 0x3d, 0xd6, 0x5b, - 0x5c, 0xed, 0xc4, 0xde, 0xe2, 0x26, 0x6b, 0xad, 0x7a, 0x61, 0xad, 0xf5, 0x24, 0x53, 0x8f, 0x2c, - 0x8a, 0xb0, 0xf9, 0x66, 0x3a, 0x6c, 0x66, 0xee, 0xce, 0xcc, 0x47, 0x84, 0xdc, 0x13, 0x56, 0xe3, - 0xa5, 0x4f, 0x58, 0xcd, 0xc9, 0x27, 0xac, 0xe2, 0x57, 0x10, 0x98, 0xfa, 0x0a, 0x72, 0x19, 0x56, - 0x82, 0xb1, 0x6b, 0x92, 0x5e, 0x7c, 0x5b, 0xb8, 0x24, 0x97, 0x9d, 0xa5, 0x66, 0x22, 0x62, 0x39, - 0x17, 0x11, 0xb1, 0xa7, 0x9e, 0x4a, 0x79, 0xea, 0xff, 0x4e, 0x69, 0xb4, 0x05, 0x9b, 0xd3, 0xf6, - 0x44, 0x86, 0xda, 0xf6, 0x1f, 0x01, 0xd6, 0x13, 0xb4, 0xcd, 0xff, 0x5a, 0x26, 0x41, 0x0f, 0x61, - 0x6d, 0x4f, 0x3d, 0xa7, 0x47, 0x97, 0xa4, 0x68, 0xd6, 0xbb, 0x44, 0xeb, 0x42, 0x71, 0xa7, 0x14, - 0xa2, 0x2f, 0x20, 0x13, 0xce, 0xe7, 0x19, 0x26, 0x4f, 0x20, 0x5f, 0x9f, 0xc1, 0x39, 0x1e, 0xf5, - 0x32, 0x11, 0x57, 0x4a, 0xe8, 0x09, 0xac, 0x64, 0x2f, 0xea, 0x51, 0x06, 0x7e, 0x14, 0xbe, 0x1d, - 0xb4, 0xf4, 0x59, 0x43, 0x62, 0xfd, 0x9f, 0xf2, 0x0d, 0xcd, 0xdc, 0x49, 0x23, 0x3d, 0x5b, 0x89, - 0x17, 0xdd, 0xea, 0xb7, 0xbe, 0x36, 0x73, 0x4c, 0xcc, 0xfd, 0x7d, 0x68, 0x44, 0x77, 0xb8, 0x59, - 0x33, 0xe7, 0x6e, 0x76, 0x5b, 0x6b, 0x59, 0x7e, 0xfd, 0x40, 0x5f, 0x40, 0x1f, 0xca, 0xc9, 0x3b, - 0x94, 0x16, 0x4c, 0x4e, 0xdd, 0x5c, 0xb6, 0x4e, 0x17, 0xdc, 0x16, 0xea, 0x0b, 0xe8, 0xdb, 0xb0, - 0xc4, 0xbf, 0x0e, 0xd5, 0x43, 0xf6, 0x46, 0x5b, 0xfe, 0x6e, 0xa2, 0x1d, 0xfd, 0x6e, 0xa2, 0x7d, - 0xdb, 0xa1, 0x6c, 0xdc, 0x2a, 0xb8, 0xce, 0x53, 0x0c, 0x9e, 0xc2, 0xa9, 0x3d, 0xc2, 0x92, 0xea, - 0x1b, 0x5d, 0x3a, 0xd6, 0x1d, 0x45, 0x4b, 0xcf, 0x0f, 0x9b, 0x2c, 0xe0, 0xf5, 0x05, 0xf4, 0xab, - 0x12, 0x9c, 0xde, 0x23, 0x2c, 0x5f, 0xcf, 0xa2, 0x77, 0x8a, 0x85, 0x4c, 0xa9, 0x7b, 0x5b, 0x0f, - 0xe6, 0x8d, 0xae, 0x2c, 0x5b, 0x7d, 0x01, 0xfd, 0xba, 0x04, 0xe7, 0x52, 0x8a, 0xa5, 0x0b, 0x54, - 0x74, 0x7d, 0xb6, 0x72, 0x05, 0xc5, 0x6c, 0xeb, 0x93, 0x39, 0x7f, 0x9f, 0x90, 0x62, 0xa9, 0x2f, - 0xa0, 0x43, 0xb1, 0x27, 0x09, 0x1e, 0x45, 0x17, 0x0b, 0x81, 0x67, 0x2c, 0x7d, 0x73, 0x5a, 0x77, - 0xbc, 0x0f, 0x9f, 0xc0, 0xd2, 0x1e, 0x61, 0x11, 0x30, 0xca, 0x7a, 0x5a, 0x0e, 0xb3, 0x66, 0x43, - 0x35, 0x8f, 0xa5, 0x84, 0xc7, 0xac, 0x4b, 0x5e, 0xa9, 0xc3, 0x3f, 0x1b, 0xab, 0x85, 0x28, 0x29, - 0xeb, 0x31, 0xc5, 0xd8, 0x41, 0x5f, 0x40, 0xcf, 0x60, 0xa3, 0x38, 0xe9, 0xa1, 0xb7, 0x8e, 0x7d, - 0x58, 0xb5, 0xae, 0x1e, 0x67, 0x68, 0x24, 0xf2, 0xa3, 0x9d, 0xbf, 0xbe, 0xd8, 0x2c, 0xfd, 0xed, - 0xc5, 0x66, 0xe9, 0x5f, 0x2f, 0x36, 0x4b, 0xdf, 0xbf, 0xf1, 0x92, 0xdf, 0x31, 0xa5, 0x7e, 0x1a, - 0x85, 0xa9, 0x65, 0xda, 0x16, 0x71, 0x59, 0xb7, 0x2e, 0xe2, 0xed, 0xc6, 0x7f, 0x02, 0x00, 0x00, - 0xff, 0xff, 0xb7, 0x8d, 0xc3, 0x0e, 0x39, 0x25, 0x00, 0x00, + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xdc, 0x5a, 0x5f, 0x73, 0x1b, 0x49, + 0x11, 0xf7, 0xea, 0x9f, 0xa5, 0x96, 0x63, 0xcb, 0x93, 0xc4, 0xd9, 0xe8, 0x12, 0x97, 0x6f, 0x21, + 0xa9, 0x5c, 0x72, 0x27, 0x55, 0x9c, 0xba, 0x0b, 0xe4, 0x8e, 0xa3, 0x7c, 0xb9, 0xc4, 0xce, 0x25, + 0x4e, 0xcc, 0x26, 0x07, 0x15, 0x08, 0x50, 0xa3, 0xd5, 0x68, 0xb5, 0xa7, 0xd5, 0xee, 0x64, 0x77, + 0xd6, 0x87, 0x52, 0xc5, 0x13, 0x14, 0x1f, 0x81, 0x07, 0x5e, 0xf9, 0x02, 0x54, 0x51, 0x14, 0x8f, + 0x3c, 0x50, 0xfc, 0x79, 0xa4, 0xf8, 0x02, 0x50, 0x79, 0xa1, 0x8a, 0x4f, 0x41, 0xcd, 0xec, 0xec, + 0x5f, 0xad, 0x14, 0x1f, 0x72, 0x7c, 0x70, 0x2f, 0xf6, 0x4e, 0xcf, 0x4c, 0x77, 0x4f, 0x4f, 0x77, + 0xcf, 0xaf, 0x67, 0x04, 0x97, 0x3d, 0x42, 0x5d, 0x9f, 0x78, 0x87, 0xc4, 0xeb, 0x8a, 0x4f, 0x8b, + 0xb9, 0xde, 0x24, 0xf5, 0xd9, 0xa1, 0x9e, 0xcb, 0x5c, 0x04, 0x09, 0xa5, 0xfd, 0xc0, 0xb4, 0xd8, + 0x30, 0xe8, 0x75, 0x0c, 0x77, 0xdc, 0xc5, 0x9e, 0xe9, 0x52, 0xcf, 0xfd, 0x4c, 0x7c, 0xbc, 0x63, + 0xf4, 0xbb, 0x87, 0xdb, 0x5d, 0x3a, 0x32, 0xbb, 0x98, 0x5a, 0x7e, 0x17, 0x53, 0x6a, 0x5b, 0x06, + 0x66, 0x96, 0xeb, 0x74, 0x0f, 0xaf, 0x63, 0x9b, 0x0e, 0xf1, 0xf5, 0xae, 0x49, 0x1c, 0xe2, 0x61, + 0x46, 0xfa, 0x21, 0xe7, 0xf6, 0x1b, 0xa6, 0xeb, 0x9a, 0x36, 0xe9, 0x8a, 0x56, 0x2f, 0x18, 0x74, + 0xc9, 0x98, 0x32, 0x29, 0x56, 0xfb, 0xf7, 0x0a, 0xac, 0xed, 0x63, 0xc7, 0x1a, 0x10, 0x9f, 0xe9, + 0xe4, 0x79, 0x40, 0x7c, 0x86, 0x9e, 0x41, 0x85, 0x2b, 0xa3, 0x2a, 0x5b, 0xca, 0x95, 0xe6, 0xf6, + 0x5e, 0x27, 0xd1, 0xa6, 0x13, 0x69, 0x23, 0x3e, 0x7e, 0x6c, 0xf4, 0x3b, 0x87, 0xdb, 0x1d, 0x3a, + 0x32, 0x3b, 0x5c, 0x9b, 0x4e, 0x4a, 0x9b, 0x4e, 0xa4, 0x4d, 0x47, 0x8f, 0x97, 0xa5, 0x0b, 0xae, + 0xa8, 0x0d, 0x75, 0x8f, 0x1c, 0x5a, 0xbe, 0xe5, 0x3a, 0x6a, 0x69, 0x4b, 0xb9, 0xd2, 0xd0, 0xe3, + 0x36, 0x52, 0x61, 0xd9, 0x71, 0x6f, 0x63, 0x63, 0x48, 0xd4, 0xf2, 0x96, 0x72, 0xa5, 0xae, 0x47, + 0x4d, 0xb4, 0x05, 0x4d, 0x4c, 0xe9, 0x03, 0xdc, 0x23, 0xf6, 0x7d, 0x32, 0x51, 0x2b, 0x62, 0x62, + 0x9a, 0xc4, 0xe7, 0x62, 0x4a, 0x1f, 0xe2, 0x31, 0x51, 0xab, 0xa2, 0x37, 0x6a, 0xa2, 0x0b, 0xd0, + 0x70, 0xf0, 0x98, 0xf8, 0x14, 0x1b, 0x44, 0xad, 0x8b, 0xbe, 0x84, 0x80, 0x7e, 0x0a, 0xeb, 0x29, + 0xc5, 0x1f, 0xbb, 0x81, 0x67, 0x10, 0x15, 0xc4, 0xd2, 0x1f, 0x2d, 0xb6, 0xf4, 0x9d, 0x3c, 0x5b, + 0x7d, 0x5a, 0x12, 0xfa, 0x11, 0x54, 0xc5, 0xce, 0xab, 0xcd, 0xad, 0xf2, 0xb1, 0x5a, 0x3b, 0x64, + 0x8b, 0x1c, 0x58, 0xa6, 0x76, 0x60, 0x5a, 0x8e, 0xaf, 0xae, 0x08, 0x09, 0x4f, 0x16, 0x93, 0x70, + 0xdb, 0x75, 0x06, 0x96, 0xb9, 0x8f, 0x1d, 0x6c, 0x92, 0x31, 0x71, 0xd8, 0x81, 0x60, 0xae, 0x47, + 0x42, 0xd0, 0x0b, 0x68, 0x8d, 0x02, 0x9f, 0xb9, 0x63, 0xeb, 0x05, 0x79, 0x44, 0xf9, 0x5c, 0x5f, + 0x3d, 0x25, 0xac, 0xf9, 0x70, 0x31, 0xc1, 0xf7, 0x73, 0x5c, 0xf5, 0x29, 0x39, 0xdc, 0x49, 0x46, + 0x41, 0x8f, 0x7c, 0x97, 0x78, 0xc2, 0xbb, 0x56, 0x43, 0x27, 0x49, 0x91, 0x42, 0x37, 0xb2, 0x64, + 0xcb, 0x57, 0xd7, 0xb6, 0xca, 0xa1, 0x1b, 0xc5, 0x24, 0x74, 0x05, 0xd6, 0x0e, 0x89, 0x67, 0x0d, + 0x26, 0x8f, 0x2d, 0xd3, 0xc1, 0x2c, 0xf0, 0x88, 0xda, 0x12, 0xae, 0x98, 0x27, 0xa3, 0x31, 0x9c, + 0x1a, 0x12, 0x7b, 0xcc, 0x4d, 0x7e, 0xdb, 0x23, 0x7d, 0x5f, 0x5d, 0x17, 0xf6, 0xdd, 0x5d, 0x7c, + 0x07, 0x05, 0x3b, 0x3d, 0xcb, 0x9d, 0x2b, 0xe6, 0xb8, 0xba, 0x8c, 0x94, 0x30, 0x46, 0x50, 0xa8, + 0x58, 0x8e, 0x8c, 0x2e, 0xc3, 0x2a, 0xf3, 0xb0, 0x31, 0xb2, 0x1c, 0x73, 0x9f, 0xb0, 0xa1, 0xdb, + 0x57, 0x4f, 0x0b, 0x4b, 0xe4, 0xa8, 0xc8, 0x00, 0x44, 0x1c, 0xdc, 0xb3, 0x49, 0x3f, 0xf4, 0xc5, + 0x27, 0x13, 0x4a, 0x7c, 0xf5, 0x8c, 0x58, 0xc5, 0x8d, 0x4e, 0x2a, 0x43, 0xe5, 0x12, 0x44, 0xe7, + 0xce, 0xd4, 0xac, 0x3b, 0x0e, 0xf3, 0x26, 0x7a, 0x01, 0x3b, 0x34, 0x82, 0x26, 0x5f, 0x47, 0xe4, + 0x0a, 0x67, 0x85, 0x2b, 0xdc, 0x5b, 0xcc, 0x46, 0x7b, 0x09, 0x43, 0x3d, 0xcd, 0x1d, 0x75, 0x00, + 0x0d, 0xb1, 0xbf, 0x1f, 0xd8, 0xcc, 0xa2, 0x36, 0x09, 0xd5, 0xf0, 0xd5, 0x0d, 0x61, 0xa6, 0x82, + 0x1e, 0x74, 0x1f, 0xc0, 0x23, 0x83, 0x68, 0xdc, 0x39, 0xb1, 0xf2, 0x6b, 0xf3, 0x56, 0xae, 0xc7, + 0xa3, 0xc3, 0x15, 0xa7, 0xa6, 0x73, 0xe1, 0x7c, 0x19, 0xc4, 0x60, 0x32, 0xda, 0x45, 0x58, 0xab, + 0xc2, 0xc5, 0x0a, 0x7a, 0xb8, 0x2f, 0x4a, 0xaa, 0x48, 0x5a, 0xe7, 0x43, 0x6f, 0x4d, 0x91, 0xda, + 0x77, 0xe0, 0xdc, 0x0c, 0x53, 0xa3, 0x16, 0x94, 0x47, 0x64, 0x22, 0x52, 0x74, 0x43, 0xe7, 0x9f, + 0xe8, 0x0c, 0x54, 0x0f, 0xb1, 0x1d, 0x10, 0x91, 0x54, 0xeb, 0x7a, 0xd8, 0xb8, 0x55, 0xfa, 0x86, + 0xd2, 0xfe, 0x85, 0x02, 0x6b, 0x39, 0xc5, 0x0b, 0xe6, 0xff, 0x30, 0x3d, 0xff, 0x18, 0xdc, 0x78, + 0xf0, 0x04, 0x7b, 0x26, 0x61, 0x29, 0x45, 0xb4, 0xbf, 0x2b, 0xa0, 0xe6, 0x2c, 0xfa, 0x3d, 0x8b, + 0x0d, 0xef, 0x5a, 0x36, 0xf1, 0xd1, 0x4d, 0x58, 0xf6, 0x42, 0x9a, 0x3c, 0x78, 0xde, 0x98, 0xb3, + 0x11, 0x7b, 0x4b, 0x7a, 0x34, 0x1a, 0x7d, 0x08, 0xf5, 0x31, 0x61, 0xb8, 0x8f, 0x19, 0x96, 0xba, + 0x6f, 0x15, 0xcd, 0xe4, 0x52, 0xf6, 0xe5, 0xb8, 0xbd, 0x25, 0x3d, 0x9e, 0x83, 0xde, 0x85, 0xaa, + 0x31, 0x0c, 0x9c, 0x91, 0x38, 0x72, 0x9a, 0xdb, 0x17, 0x67, 0x4d, 0xbe, 0xcd, 0x07, 0xed, 0x2d, + 0xe9, 0xe1, 0xe8, 0x8f, 0x6a, 0x50, 0xa1, 0xd8, 0x63, 0xda, 0x5d, 0x38, 0x53, 0x24, 0x82, 0x9f, + 0x73, 0xc6, 0x90, 0x18, 0x23, 0x3f, 0x18, 0x4b, 0x33, 0xc7, 0x6d, 0x84, 0xa0, 0xe2, 0x5b, 0x2f, + 0x42, 0x53, 0x97, 0x75, 0xf1, 0xad, 0xbd, 0x05, 0xeb, 0x53, 0xd2, 0xf8, 0xa6, 0x86, 0xba, 0x71, + 0x0e, 0x2b, 0x52, 0xb4, 0x16, 0xc0, 0xd9, 0x27, 0xc2, 0x16, 0x71, 0xb2, 0x3f, 0x89, 0x93, 0x5b, + 0xdb, 0x83, 0x8d, 0xbc, 0x58, 0x9f, 0xba, 0x8e, 0x4f, 0xb8, 0xeb, 0x8b, 0xec, 0x68, 0x91, 0x7e, + 0xd2, 0x2b, 0xb4, 0xa8, 0xeb, 0x05, 0x3d, 0xda, 0xaf, 0x4b, 0xb0, 0xa1, 0x13, 0xdf, 0xb5, 0x0f, + 0x49, 0x94, 0xba, 0x4e, 0x06, 0x7c, 0xfc, 0x00, 0xca, 0x98, 0x52, 0xe9, 0x26, 0xf7, 0x8e, 0xed, + 0x78, 0xd7, 0x39, 0x57, 0xf4, 0x36, 0xac, 0xe3, 0x71, 0xcf, 0x32, 0x03, 0x37, 0xf0, 0xa3, 0x65, + 0x09, 0xa7, 0x6a, 0xe8, 0xd3, 0x1d, 0x3c, 0xfc, 0x7d, 0x11, 0x91, 0xf7, 0x9c, 0x3e, 0xf9, 0x89, + 0x40, 0x34, 0x65, 0x3d, 0x4d, 0xd2, 0x0c, 0x38, 0x37, 0x65, 0x24, 0x69, 0xf0, 0x34, 0x88, 0x52, + 0x72, 0x20, 0xaa, 0x50, 0x8d, 0xd2, 0x0c, 0x35, 0xb4, 0x3f, 0x2b, 0xd0, 0x4a, 0x82, 0x4b, 0xb2, + 0xbf, 0x00, 0x8d, 0xb1, 0xa4, 0xf9, 0xaa, 0x22, 0x32, 0x58, 0x42, 0xc8, 0xe2, 0xa9, 0x52, 0x1e, + 0x4f, 0x6d, 0x40, 0x2d, 0x84, 0xbb, 0x72, 0xe9, 0xb2, 0x95, 0x51, 0xb9, 0x92, 0x53, 0x79, 0x13, + 0xc0, 0x8f, 0x33, 0x9c, 0x5a, 0x13, 0xbd, 0x29, 0x0a, 0xd2, 0x60, 0x25, 0x3c, 0x7d, 0x75, 0xe2, + 0x07, 0x36, 0x53, 0x97, 0xc5, 0x88, 0x0c, 0x4d, 0x73, 0x61, 0xed, 0x81, 0xc5, 0xd7, 0x30, 0xf0, + 0x4f, 0x26, 0x1c, 0xde, 0x83, 0x0a, 0x17, 0xc6, 0x17, 0xd6, 0xf3, 0xb0, 0x63, 0x0c, 0x49, 0x64, + 0xab, 0xb8, 0xcd, 0x03, 0x9d, 0x61, 0xd3, 0x57, 0x4b, 0x82, 0x2e, 0xbe, 0xb5, 0xdf, 0x97, 0x42, + 0x4d, 0x77, 0x28, 0xf5, 0xbf, 0x7c, 0xc8, 0x5d, 0x0c, 0x02, 0xca, 0xd3, 0x20, 0x20, 0xa7, 0xf2, + 0x17, 0x01, 0x01, 0xc7, 0x74, 0x90, 0x69, 0x01, 0x2c, 0xef, 0x50, 0xca, 0x15, 0x41, 0xd7, 0xa1, + 0x82, 0x29, 0x0d, 0x0d, 0x9e, 0xcb, 0xd9, 0x72, 0x08, 0xff, 0x2f, 0x55, 0x12, 0x43, 0xdb, 0x37, + 0xa1, 0x11, 0x93, 0x5e, 0x25, 0xb6, 0x91, 0x16, 0xbb, 0x05, 0x10, 0xa2, 0xdc, 0x7b, 0xce, 0xc0, + 0xe5, 0x5b, 0xca, 0x9d, 0x5d, 0x4e, 0x15, 0xdf, 0xda, 0xad, 0x68, 0x84, 0xd0, 0xed, 0x6d, 0xa8, + 0x5a, 0x8c, 0x8c, 0x23, 0xe5, 0x36, 0xd2, 0xca, 0x25, 0x8c, 0xf4, 0x70, 0x90, 0xf6, 0x97, 0x3a, + 0x9c, 0xe7, 0x3b, 0xf6, 0x58, 0x84, 0xc9, 0x0e, 0xa5, 0x1f, 0x13, 0x86, 0x2d, 0xdb, 0xff, 0x4e, + 0x40, 0xbc, 0xc9, 0x6b, 0x76, 0x0c, 0x13, 0x6a, 0x61, 0x94, 0xc9, 0x8c, 0x78, 0xec, 0x05, 0x8f, + 0x64, 0x9f, 0x54, 0x39, 0xe5, 0xd7, 0x53, 0xe5, 0x14, 0x55, 0x1d, 0x95, 0x13, 0xaa, 0x3a, 0x66, + 0x17, 0x9e, 0xa9, 0x72, 0xb6, 0x96, 0x2d, 0x67, 0x0b, 0xc0, 0xfc, 0xf2, 0x51, 0xc1, 0x7c, 0xbd, + 0x10, 0xcc, 0x8f, 0x0b, 0xe3, 0xb8, 0x21, 0xcc, 0xfd, 0xad, 0xb4, 0x07, 0xce, 0xf4, 0xb5, 0x45, + 0x60, 0x3d, 0xbc, 0x56, 0x58, 0xff, 0x69, 0x06, 0xa6, 0x87, 0x85, 0xf2, 0xbb, 0x47, 0x5b, 0xd3, + 0x1c, 0xc0, 0xfe, 0x95, 0x83, 0xd7, 0x3f, 0x17, 0xa8, 0x8a, 0xba, 0x89, 0x0d, 0xe2, 0x03, 0x9d, + 0x9f, 0x43, 0xfc, 0x68, 0x95, 0x49, 0x8b, 0x7f, 0xa3, 0x6b, 0x50, 0xe1, 0x46, 0x96, 0xb0, 0xf7, + 0x5c, 0xda, 0x9e, 0x7c, 0x27, 0x76, 0x28, 0x7d, 0x4c, 0x89, 0xa1, 0x8b, 0x41, 0xe8, 0x16, 0x34, + 0x62, 0xc7, 0x97, 0x91, 0x75, 0x21, 0x3d, 0x23, 0x8e, 0x93, 0x68, 0x5a, 0x32, 0x9c, 0xcf, 0xed, + 0x5b, 0x1e, 0x31, 0x04, 0x28, 0xac, 0x4e, 0xcf, 0xfd, 0x38, 0xea, 0x8c, 0xe7, 0xc6, 0xc3, 0xd1, + 0x75, 0xa8, 0x85, 0x37, 0x0b, 0x22, 0x82, 0x9a, 0xdb, 0xe7, 0xa7, 0x93, 0x69, 0x34, 0x4b, 0x0e, + 0xd4, 0xfe, 0xa4, 0xc0, 0x9b, 0x89, 0x43, 0x44, 0xd1, 0x14, 0xe1, 0xf2, 0x2f, 0xff, 0xc4, 0xbd, + 0x0c, 0xab, 0xa2, 0x10, 0x48, 0x2e, 0x18, 0xc2, 0xbb, 0xae, 0x1c, 0x55, 0xfb, 0x9d, 0x02, 0x97, + 0xa6, 0xd7, 0x71, 0x7b, 0x88, 0x3d, 0x16, 0x6f, 0xef, 0x49, 0xac, 0x25, 0x3a, 0xf0, 0x4a, 0xc9, + 0x81, 0x97, 0x59, 0x5f, 0x39, 0xbb, 0x3e, 0xed, 0x0f, 0x25, 0x68, 0xa6, 0x1c, 0xa8, 0xe8, 0xc0, + 0xe4, 0x80, 0x4f, 0xf8, 0xad, 0x28, 0xfd, 0xc4, 0xa1, 0xd0, 0xd0, 0x53, 0x14, 0x34, 0x02, 0xa0, + 0xd8, 0xc3, 0x63, 0xc2, 0x88, 0xc7, 0x33, 0x39, 0x8f, 0xf8, 0xfb, 0x8b, 0x67, 0x97, 0x83, 0x88, + 0xa7, 0x9e, 0x62, 0xcf, 0x11, 0xab, 0x10, 0xed, 0xcb, 0xfc, 0x2d, 0x5b, 0xe8, 0x73, 0x58, 0x1d, + 0x58, 0x36, 0x39, 0x48, 0x14, 0xa9, 0x09, 0x45, 0x1e, 0x2d, 0xae, 0xc8, 0xdd, 0x34, 0x5f, 0x3d, + 0x27, 0x46, 0xbb, 0x0a, 0xad, 0x7c, 0x3c, 0x71, 0x25, 0xad, 0x31, 0x36, 0x63, 0x6b, 0xc9, 0x96, + 0x86, 0xa0, 0x95, 0x8f, 0x1f, 0xed, 0x1f, 0x25, 0x38, 0x1b, 0xb3, 0xdb, 0x71, 0x1c, 0x37, 0x70, + 0x0c, 0x71, 0x59, 0x57, 0xb8, 0x17, 0x67, 0xa0, 0xca, 0x2c, 0x66, 0xc7, 0xc0, 0x47, 0x34, 0xf8, + 0xd9, 0xc5, 0x5c, 0xd7, 0x66, 0x16, 0x95, 0x1b, 0x1c, 0x35, 0xc3, 0xbd, 0x7f, 0x1e, 0x58, 0x1e, + 0xe9, 0x8b, 0x4c, 0x50, 0xd7, 0xe3, 0x36, 0xef, 0xe3, 0xa8, 0x46, 0xc0, 0xf8, 0xd0, 0x98, 0x71, + 0x5b, 0xf8, 0xbd, 0x6b, 0xdb, 0xc4, 0xe0, 0xe6, 0x48, 0x01, 0xfd, 0x1c, 0x55, 0x14, 0x10, 0xcc, + 0xb3, 0x1c, 0x53, 0xc2, 0x7c, 0xd9, 0xe2, 0x7a, 0x62, 0xcf, 0xc3, 0x13, 0xb5, 0x2e, 0x0c, 0x10, + 0x36, 0xd0, 0x07, 0x50, 0x1e, 0x63, 0x2a, 0x0f, 0xba, 0xab, 0x99, 0xec, 0x50, 0x64, 0x81, 0xce, + 0x3e, 0xa6, 0xe1, 0x49, 0xc0, 0xa7, 0xb5, 0xdf, 0x83, 0x7a, 0x44, 0xf8, 0x42, 0x90, 0xf0, 0x33, + 0x38, 0x95, 0x49, 0x3e, 0xe8, 0x29, 0x6c, 0x24, 0x1e, 0x95, 0x16, 0x28, 0x41, 0xe0, 0x9b, 0xaf, + 0xd4, 0x4c, 0x9f, 0xc1, 0x40, 0x7b, 0x0e, 0xeb, 0xdc, 0x65, 0x44, 0xe0, 0x9f, 0x50, 0x69, 0xf3, + 0x3e, 0x34, 0x62, 0x91, 0x85, 0x3e, 0xd3, 0x86, 0xfa, 0x61, 0x74, 0x89, 0x1a, 0xd6, 0x36, 0x71, + 0x5b, 0xdb, 0x01, 0x94, 0xd6, 0x57, 0x9e, 0x40, 0xd7, 0xb2, 0xa0, 0xf8, 0x6c, 0xfe, 0xb8, 0x11, + 0xc3, 0x23, 0x4c, 0xfc, 0xdb, 0x12, 0xac, 0xed, 0x5a, 0xe2, 0x1e, 0xe4, 0x84, 0x92, 0xdc, 0x55, + 0x68, 0xf9, 0x41, 0x6f, 0xec, 0xf6, 0x03, 0x9b, 0x48, 0x50, 0x20, 0x4f, 0xfa, 0x29, 0xfa, 0xbc, + 0xe4, 0xc7, 0x8d, 0x45, 0x31, 0x1b, 0xca, 0x0a, 0x57, 0x7c, 0xa3, 0x0f, 0xe0, 0xfc, 0x43, 0xf2, + 0xb9, 0x5c, 0xcf, 0xae, 0xed, 0xf6, 0x7a, 0x96, 0x63, 0x46, 0x42, 0xaa, 0x42, 0xc8, 0xec, 0x01, + 0x45, 0x50, 0xb1, 0x56, 0x08, 0x15, 0xb5, 0x9f, 0x29, 0xd0, 0x4a, 0xac, 0x26, 0xed, 0x7e, 0x33, + 0x8c, 0x8f, 0xd0, 0xea, 0x97, 0xd2, 0x56, 0xcf, 0x0f, 0xfd, 0xef, 0x43, 0x63, 0x25, 0x1d, 0x1a, + 0xff, 0x52, 0xe0, 0xec, 0xae, 0xc5, 0xa2, 0xa4, 0x64, 0xfd, 0xbf, 0xed, 0x60, 0x81, 0xbd, 0x2b, + 0xc5, 0xf6, 0xee, 0xc0, 0x46, 0x7e, 0xa1, 0xd2, 0xe8, 0x67, 0xa0, 0xca, 0x77, 0x3e, 0xba, 0x0f, + 0x08, 0x1b, 0xda, 0x6f, 0x6a, 0x70, 0xf1, 0x53, 0xda, 0xc7, 0x2c, 0xbe, 0xcf, 0xb9, 0xeb, 0x7a, + 0x07, 0xbc, 0xeb, 0x64, 0x2c, 0x94, 0x7b, 0x43, 0x2b, 0xcd, 0x7d, 0x43, 0x2b, 0xcf, 0x79, 0x43, + 0xab, 0x1c, 0xe9, 0x0d, 0xad, 0x7a, 0x62, 0x6f, 0x68, 0xd3, 0x35, 0x52, 0xad, 0xb0, 0x46, 0x7a, + 0x9a, 0xa9, 0x23, 0x96, 0x45, 0x48, 0x7c, 0x33, 0x1d, 0x12, 0x73, 0x77, 0x67, 0xee, 0xe5, 0x7f, + 0xee, 0xe9, 0xa9, 0xfe, 0xca, 0xa7, 0xa7, 0xc6, 0xf4, 0xd3, 0x53, 0xf1, 0xeb, 0x05, 0xcc, 0x7c, + 0xbd, 0xb8, 0x0c, 0xab, 0xfe, 0xc4, 0x31, 0x48, 0x3f, 0xbe, 0xe5, 0x6b, 0x86, 0xcb, 0xce, 0x52, + 0x33, 0xde, 0xbe, 0x92, 0xf3, 0xf6, 0xd8, 0x53, 0x4f, 0xa5, 0x3c, 0xf5, 0x7f, 0xa7, 0xa4, 0xb9, + 0x05, 0x9b, 0xb3, 0xf6, 0x44, 0x86, 0x9a, 0x0a, 0xcb, 0xc6, 0x10, 0x3b, 0xa6, 0xb8, 0x7c, 0x13, + 0x35, 0xb6, 0x6c, 0x6e, 0xff, 0x11, 0x60, 0x3d, 0xc1, 0xcf, 0xfc, 0xaf, 0x65, 0x10, 0xf4, 0x08, + 0x5a, 0xbb, 0xf2, 0x81, 0x3c, 0xba, 0xf6, 0x44, 0xf3, 0x5e, 0x1a, 0xda, 0x17, 0x8a, 0x3b, 0x43, + 0xf1, 0xda, 0x12, 0x32, 0xe0, 0x7c, 0x9e, 0x61, 0xf2, 0xa8, 0xf1, 0xf5, 0x39, 0x9c, 0xe3, 0x51, + 0xaf, 0x12, 0x71, 0x45, 0x41, 0x4f, 0x61, 0x35, 0x7b, 0xf5, 0x8e, 0x32, 0x80, 0xa2, 0xf0, 0x35, + 0xa0, 0xad, 0xcd, 0x1b, 0x12, 0xeb, 0xff, 0x8c, 0x6f, 0x75, 0xe6, 0x96, 0x19, 0x69, 0xd9, 0xda, + 0xba, 0xe8, 0x9e, 0xbe, 0xfd, 0xb5, 0xb9, 0x63, 0x62, 0xee, 0xef, 0x43, 0x3d, 0xba, 0x95, 0xcd, + 0x9a, 0x39, 0x77, 0x57, 0xdb, 0x6e, 0x65, 0xf9, 0x0d, 0x7c, 0x6d, 0x09, 0x7d, 0x18, 0x4e, 0xde, + 0xa1, 0xb4, 0x60, 0x72, 0xea, 0x2e, 0xb2, 0x7d, 0xba, 0xe0, 0xfe, 0x4f, 0x5b, 0x42, 0xdf, 0x86, + 0x26, 0xff, 0x3a, 0x90, 0x4f, 0xd3, 0x1b, 0x9d, 0xf0, 0x97, 0x10, 0x9d, 0xe8, 0x97, 0x10, 0x9d, + 0x3b, 0x63, 0xca, 0x26, 0xed, 0x82, 0x0b, 0x3a, 0xc9, 0xe0, 0x19, 0x9c, 0xda, 0x25, 0x2c, 0xa9, + 0xa7, 0xd1, 0xa5, 0x23, 0xdd, 0x3a, 0xb4, 0xb5, 0xfc, 0xb0, 0xe9, 0x92, 0x5c, 0x5b, 0x42, 0xbf, + 0x54, 0xe0, 0xf4, 0x2e, 0x61, 0xf9, 0x0a, 0x15, 0xbd, 0x53, 0x2c, 0x64, 0x46, 0x25, 0xdb, 0x7e, + 0xb8, 0x68, 0xdc, 0x65, 0xd9, 0x6a, 0x4b, 0xe8, 0x57, 0x0a, 0x9c, 0x4b, 0x29, 0x96, 0x2e, 0x39, + 0xd1, 0xf5, 0xf9, 0xca, 0x15, 0x94, 0xa7, 0xed, 0x4f, 0x16, 0xfc, 0xc5, 0x41, 0x8a, 0xa5, 0xb6, + 0x84, 0x0e, 0xc4, 0x9e, 0x24, 0x08, 0x13, 0x5d, 0x2c, 0x84, 0x92, 0xb1, 0xf4, 0xcd, 0x59, 0xdd, + 0xf1, 0x3e, 0x7c, 0x02, 0xcd, 0x5d, 0xc2, 0x22, 0x38, 0x94, 0xf5, 0xb4, 0x1c, 0x0a, 0xcd, 0x86, + 0x6a, 0x1e, 0x41, 0x09, 0x8f, 0x59, 0x0f, 0x79, 0xa5, 0x60, 0x41, 0x36, 0x56, 0x0b, 0xb1, 0x51, + 0xd6, 0x63, 0x8a, 0x51, 0x85, 0xb6, 0x84, 0x9e, 0xc3, 0x46, 0x71, 0x3a, 0x44, 0x6f, 0x1d, 0xf9, + 0x18, 0x6b, 0x5f, 0x3d, 0xca, 0xd0, 0x48, 0xe4, 0x47, 0x3b, 0x7f, 0x7d, 0xb9, 0xa9, 0xfc, 0xed, + 0xe5, 0xa6, 0xf2, 0xcf, 0x97, 0x9b, 0xca, 0xf7, 0x6f, 0xbc, 0xe2, 0x97, 0x49, 0xa9, 0x1f, 0x3b, + 0x61, 0x6a, 0x19, 0xb6, 0x45, 0x1c, 0xd6, 0xab, 0x89, 0x78, 0xbb, 0xf1, 0x9f, 0x00, 0x00, 0x00, + 0xff, 0xff, 0xe7, 0xa3, 0xda, 0xab, 0x0b, 0x25, 0x00, 0x00, } // Reference imports to suppress errors if they are not otherwise used. @@ -4958,16 +4950,6 @@ func (m *GitFilesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.VerifyCommit { - i-- - if m.VerifyCommit { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x38 - } if m.NoRevisionCache { i-- if m.NoRevisionCache { @@ -5099,16 +5081,6 @@ func (m *GitDirectoriesRequest) MarshalToSizedBuffer(dAtA []byte) (int, error) { i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if m.VerifyCommit { - i-- - if m.VerifyCommit { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x28 - } if m.NoRevisionCache { i-- if m.NoRevisionCache { @@ -5365,6 +5337,16 @@ func (m *UpdateRevisionForPathsResponse) MarshalToSizedBuffer(dAtA []byte) (int, i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } + if m.Changes { + i-- + if m.Changes { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x8 + } return len(dAtA) - i, nil } @@ -6192,9 +6174,6 @@ func (m *GitFilesRequest) Size() (n int) { if m.NoRevisionCache { n += 2 } - if m.VerifyCommit { - n += 2 - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6245,9 +6224,6 @@ func (m *GitDirectoriesRequest) Size() (n int) { if m.NoRevisionCache { n += 2 } - if m.VerifyCommit { - n += 2 - } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -6354,6 +6330,9 @@ func (m *UpdateRevisionForPathsResponse) Size() (n int) { } var l int _ = l + if m.Changes { + n += 2 + } if m.XXX_unrecognized != nil { n += len(m.XXX_unrecognized) } @@ -11516,26 +11495,6 @@ func (m *GitFilesRequest) Unmarshal(dAtA []byte) error { } } m.NoRevisionCache = bool(v != 0) - case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field VerifyCommit", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.VerifyCommit = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) @@ -11874,26 +11833,6 @@ func (m *GitDirectoriesRequest) Unmarshal(dAtA []byte) error { } } m.NoRevisionCache = bool(v != 0) - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field VerifyCommit", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowRepository - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.VerifyCommit = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) @@ -12588,6 +12527,26 @@ func (m *UpdateRevisionForPathsResponse) Unmarshal(dAtA []byte) error { return fmt.Errorf("proto: UpdateRevisionForPathsResponse: illegal tag %d (wire type %d)", fieldNum, wire) } switch fieldNum { + case 1: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Changes", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowRepository + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Changes = bool(v != 0) default: iNdEx = preIndex skippy, err := skipRepository(dAtA[iNdEx:]) diff --git a/reposerver/askpass/common.go b/reposerver/askpass/common.go index 8af7e79245fa3..b4cadb2470214 100644 --- a/reposerver/askpass/common.go +++ b/reposerver/askpass/common.go @@ -4,7 +4,9 @@ import ( "github.com/argoproj/argo-cd/v2/util/env" ) -var SocketPath = "/tmp/reposerver-ask-pass.sock" +var ( + SocketPath = "/tmp/reposerver-ask-pass.sock" +) func init() { SocketPath = env.StringFromEnv("ARGOCD_ASK_PASS_SOCK", SocketPath) diff --git a/reposerver/cache/cache.go b/reposerver/cache/cache.go index fde5a81748ab0..71b8b69a718a7 100644 --- a/reposerver/cache/cache.go +++ b/reposerver/cache/cache.go @@ -3,7 +3,6 @@ package cache import ( "encoding/base64" "encoding/json" - "errors" "fmt" "hash/fnv" "math" @@ -24,10 +23,8 @@ import ( "github.com/argoproj/argo-cd/v2/util/hash" ) -var ( - ErrCacheMiss = cacheutil.ErrCacheMiss - ErrCacheKeyLocked = cacheutil.ErrCacheKeyLocked -) +var ErrCacheMiss = cacheutil.ErrCacheMiss +var ErrCacheKeyLocked = cacheutil.ErrCacheKeyLocked type Cache struct { cache *cacheutil.Cache @@ -157,8 +154,7 @@ func (c *Cache) SetApps(repoUrl, revision string, apps map[string]string) error apps, &cacheutil.CacheActionOpts{ Expiration: c.repoCacheExpiration, - Delete: apps == nil, - }) + Delete: apps == nil}) } func helmIndexRefsKey(repo string) string { @@ -215,8 +211,7 @@ func (c *Cache) TryLockGitRefCache(repo string, lockId string, references *[]*pl // leads to duplicate requests err := c.cache.SetItem(gitRefsKey(repo), [][2]string{{cacheutil.CacheLockedValue, lockId}}, &cacheutil.CacheActionOpts{ Expiration: c.revisionCacheLockTimeout, - DisableOverwrite: true, - }) + DisableOverwrite: true}) if err != nil { // Log but ignore this error since we'll want to retry, failing to obtain the lock should not throw an error log.Errorf("Error attempting to acquire git references cache lock: %v", err) @@ -231,7 +226,7 @@ func (c *Cache) GetGitReferences(repo string, references *[]*plumbing.Reference) valueExists := len(input) > 0 && len(input[0]) > 0 switch { // Unexpected Error - case err != nil && !errors.Is(err, ErrCacheMiss): + case err != nil && err != ErrCacheMiss: log.Errorf("Error attempting to retrieve git references from cache: %v", err) return "", err // Value is set @@ -331,13 +326,14 @@ func (c *Cache) SetNewRevisionManifests(newRevision string, revision string, app func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace string, trackingMethod string, appLabelKey string, appName string, res *CachedManifestResponse, refSourceCommitSHAs ResolvedRevisions) error { err := c.cache.GetItem(manifestCacheKey(revision, appSrc, srcRefs, namespace, trackingMethod, appLabelKey, appName, clusterInfo, refSourceCommitSHAs), res) + if err != nil { return err } hash, err := res.generateCacheEntryHash() if err != nil { - return fmt.Errorf("Unable to generate hash value: %w", err) + return fmt.Errorf("Unable to generate hash value: %s", err) } // If cached result does not have manifests or the expected hash of the cache entry does not match the actual hash value... @@ -348,7 +344,7 @@ func (c *Cache) GetManifests(revision string, appSrc *appv1.ApplicationSource, s err = c.DeleteManifests(revision, appSrc, srcRefs, clusterInfo, namespace, trackingMethod, appLabelKey, appName, refSourceCommitSHAs) if err != nil { - return fmt.Errorf("Unable to delete manifest after hash mismatch, %w", err) + return fmt.Errorf("Unable to delete manifest after hash mismatch, %v", err) } // Treat hash mismatches as cache misses, so that the underlying resource is reacquired @@ -372,7 +368,7 @@ func (c *Cache) SetManifests(revision string, appSrc *appv1.ApplicationSource, s res = res.shallowCopy() hash, err := res.generateCacheEntryHash() if err != nil { - return fmt.Errorf("Unable to generate hash value: %w", err) + return fmt.Errorf("Unable to generate hash value: %s", err) } res.CacheEntryHash = hash } @@ -382,8 +378,7 @@ func (c *Cache) SetManifests(revision string, appSrc *appv1.ApplicationSource, s res, &cacheutil.CacheActionOpts{ Expiration: c.repoCacheExpiration, - Delete: res == nil, - }) + Delete: res == nil}) } func (c *Cache) DeleteManifests(revision string, appSrc *appv1.ApplicationSource, srcRefs appv1.RefTargetRevisionMapping, clusterInfo ClusterRuntimeInfo, namespace, trackingMethod, appLabelKey, appName string, refSourceCommitSHAs ResolvedRevisions) error { @@ -410,8 +405,7 @@ func (c *Cache) SetAppDetails(revision string, appSrc *appv1.ApplicationSource, res, &cacheutil.CacheActionOpts{ Expiration: c.repoCacheExpiration, - Delete: res == nil, - }) + Delete: res == nil}) } func revisionMetadataKey(repoURL, revision string) string { @@ -494,6 +488,7 @@ func (cmr *CachedManifestResponse) shallowCopy() *CachedManifestResponse { } func (cmr *CachedManifestResponse) generateCacheEntryHash() (string, error) { + // Copy, then remove the old hash copy := cmr.shallowCopy() copy.CacheEntryHash = "" @@ -510,11 +505,13 @@ func (cmr *CachedManifestResponse) generateCacheEntryHash() (string, error) { } fnvHash := h.Sum(nil) return base64.URLEncoding.EncodeToString(fnvHash), nil + } // CachedManifestResponse represents a cached result of a previous manifest generation operation, including the caching // of a manifest generation error, plus additional information on previous failures type CachedManifestResponse struct { + // NOTE: When adding fields to this struct, you MUST also update shallowCopy() CacheEntryHash string `json:"cacheEntryHash"` diff --git a/reposerver/cache/cache_test.go b/reposerver/cache/cache_test.go index fd802127bfad4..e1df3138daa08 100644 --- a/reposerver/cache/cache_test.go +++ b/reposerver/cache/cache_test.go @@ -8,17 +8,15 @@ import ( "testing" "time" - "github.com/go-git/go-git/v5/plumbing" - "github.com/spf13/cobra" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" "github.com/argoproj/argo-cd/v2/reposerver/cache/mocks" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" + "github.com/go-git/go-git/v5/plumbing" + "github.com/spf13/cobra" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" ) type MockedCache struct { @@ -49,7 +47,7 @@ func TestCache_GetRevisionMetadata(t *testing.T) { mockCache.RedisClient.AssertCalled(t, "Get", mock.Anything, mock.Anything) // populate cache err = cache.SetRevisionMetadata("my-repo-url", "my-revision", &RevisionMetadata{Message: "my-message"}) - require.NoError(t, err) + assert.NoError(t, err) // cache miss _, err = cache.GetRevisionMetadata("other-repo-url", "my-revision") assert.Equal(t, ErrCacheMiss, err) @@ -58,7 +56,7 @@ func TestCache_GetRevisionMetadata(t *testing.T) { assert.Equal(t, ErrCacheMiss, err) // cache hit value, err := cache.GetRevisionMetadata("my-repo-url", "my-revision") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, &RevisionMetadata{Message: "my-message"}, value) mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 4}) } @@ -73,7 +71,7 @@ func TestCache_ListApps(t *testing.T) { assert.Equal(t, ErrCacheMiss, err) // populate cache err = cache.SetApps("my-repo-url", "my-revision", map[string]string{"foo": "bar"}) - require.NoError(t, err) + assert.NoError(t, err) // cache miss _, err = cache.ListApps("other-repo-url", "my-revision") assert.Equal(t, ErrCacheMiss, err) @@ -82,7 +80,7 @@ func TestCache_ListApps(t *testing.T) { assert.Equal(t, ErrCacheMiss, err) // cache hit value, err := cache.ListApps("my-repo-url", "my-revision") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, map[string]string{"foo": "bar"}, value) mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 4}) } @@ -100,7 +98,7 @@ func TestCache_GetManifests(t *testing.T) { // populate cache res := &CachedManifestResponse{ManifestResponse: &apiclient.ManifestResponse{SourceType: "my-source-type"}} err = cache.SetManifests("my-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", res, nil) - require.NoError(t, err) + assert.NoError(t, err) t.Run("expect cache miss because of changed revision", func(t *testing.T) { err = cache.GetManifests("other-revision", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) assert.Equal(t, ErrCacheMiss, err) @@ -129,10 +127,10 @@ func TestCache_GetManifests(t *testing.T) { err = cache.SetManifests( "my-revision1", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", &CachedManifestResponse{ManifestResponse: &apiclient.ManifestResponse{SourceType: "my-source-type", Revision: "my-revision2"}}, nil) - require.NoError(t, err) + assert.NoError(t, err) err = cache.GetManifests("my-revision1", &ApplicationSource{}, q.RefSources, q, "my-namespace", "", "my-app-label-key", "my-app-label-value", value, nil) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "my-source-type", value.ManifestResponse.SourceType) assert.Equal(t, "my-revision1", value.ManifestResponse.Revision) @@ -152,27 +150,28 @@ func TestCache_GetAppDetails(t *testing.T) { assert.Equal(t, ErrCacheMiss, err) res := &apiclient.RepoAppDetailsResponse{Type: "my-type"} err = cache.SetAppDetails("my-revision", &ApplicationSource{}, emptyRefSources, res, "", nil) - require.NoError(t, err) - // cache miss + assert.NoError(t, err) + //cache miss err = cache.GetAppDetails("other-revision", &ApplicationSource{}, emptyRefSources, value, "", nil) assert.Equal(t, ErrCacheMiss, err) - // cache miss + //cache miss err = cache.GetAppDetails("my-revision", &ApplicationSource{Path: "other-path"}, emptyRefSources, value, "", nil) assert.Equal(t, ErrCacheMiss, err) // cache hit err = cache.GetAppDetails("my-revision", &ApplicationSource{}, emptyRefSources, value, "", nil) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, &apiclient.RepoAppDetailsResponse{Type: "my-type"}, value) mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 4}) } func TestAddCacheFlagsToCmd(t *testing.T) { cache, err := AddCacheFlagsToCmd(&cobra.Command{})() - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, 24*time.Hour, cache.repoCacheExpiration) } func TestCachedManifestResponse_HashBehavior(t *testing.T) { + inMemCache := cacheutil.NewInMemoryCache(1 * time.Hour) repoCache := NewCache( @@ -209,9 +208,10 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { var cacheKey string var cmr *CachedManifestResponse { + items := getInMemoryCacheContents(t, inMemCache) - assert.Len(t, items, 1) + assert.Equal(t, len(items), 1) for key, val := range items { cmr = val @@ -248,17 +248,19 @@ func TestCachedManifestResponse_HashBehavior(t *testing.T) { if err != nil { t.Fatal(err) } + } // Retrieve the value using GetManifests and confirm it returns a cache miss retrievedVal = &CachedManifestResponse{} err = repoCache.GetManifests(response.Revision, appSrc, q.RefSources, q, response.Namespace, "", appKey, appValue, retrievedVal, nil) - assert.Equal(t, err, cacheutil.ErrCacheMiss) + assert.True(t, err == cacheutil.ErrCacheMiss) // Verify that the hash mismatch item has been deleted items := getInMemoryCacheContents(t, inMemCache) - assert.Empty(t, items) + assert.Equal(t, len(items), 0) + } func getInMemoryCacheContents(t *testing.T, inMemCache *cacheutil.InMemoryCache) map[string]*CachedManifestResponse { @@ -281,6 +283,7 @@ func getInMemoryCacheContents(t *testing.T, inMemCache *cacheutil.InMemoryCache) } func TestCachedManifestResponse_ShallowCopy(t *testing.T) { + pre := &CachedManifestResponse{ CacheEntryHash: "value", FirstFailureTimestamp: 1, @@ -309,6 +312,7 @@ func TestCachedManifestResponse_ShallowCopy(t *testing.T) { } func TestCachedManifestResponse_ShallowCopyExpectedFields(t *testing.T) { + // Attempt to ensure that the developer updated CachedManifestResponse.shallowCopy(), by doing a sanity test of the structure here val := &CachedManifestResponse{} @@ -326,10 +330,8 @@ func TestCachedManifestResponse_ShallowCopyExpectedFields(t *testing.T) { return } - expectedFields := []string{ - "cacheEntryHash", "manifestResponse", "mostRecentError", "firstFailureTimestamp", - "numberOfConsecutiveFailures", "numberOfCachedResponsesReturned", - } + expectedFields := []string{"cacheEntryHash", "manifestResponse", "mostRecentError", "firstFailureTimestamp", + "numberOfConsecutiveFailures", "numberOfCachedResponsesReturned"} assert.Equal(t, len(jsonMap), len(expectedFields)) @@ -339,6 +341,7 @@ func TestCachedManifestResponse_ShallowCopyExpectedFields(t *testing.T) { for _, expectedField := range expectedFields { assert.Truef(t, strings.Contains(string(str), "\""+expectedField+"\""), "Missing field: %s", expectedField) } + } func TestGetGitReferences(t *testing.T) { @@ -348,7 +351,7 @@ func TestGetGitReferences(t *testing.T) { cache := fixtures.cache var references []*plumbing.Reference lockOwner, err := cache.GetGitReferences("test-repo", &references) - require.NoError(t, err, "Error is cache miss handled inside function") + assert.NoError(t, err, "Error is cache miss handled inside function") assert.Equal(t, "", lockOwner, "Lock owner should be empty") assert.Nil(t, references) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) @@ -360,7 +363,7 @@ func TestGetGitReferences(t *testing.T) { cache := fixtures.cache var references []*plumbing.Reference lockOwner, err := cache.GetGitReferences("test-repo", &references) - require.NoError(t, err, "Error is cache miss handled inside function") + assert.NoError(t, err, "Error is cache miss handled inside function") assert.Equal(t, "", lockOwner, "Lock owner should be empty") assert.Nil(t, references) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) @@ -371,12 +374,12 @@ func TestGetGitReferences(t *testing.T) { t.Cleanup(fixtures.mockCache.StopRedisCallback) cache := fixtures.cache err := cache.SetGitReferences("test-repo", *GitRefCacheItemToReferences([][2]string{{"test-repo", "ref: test"}})) - require.NoError(t, err) + assert.NoError(t, err) var references []*plumbing.Reference lockOwner, err := cache.GetGitReferences("test-repo", &references) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "", lockOwner, "Lock owner should be empty") - assert.Len(t, references, 1) + assert.Equal(t, 1, len(references)) assert.Equal(t, "test", (references)[0].Target().String()) assert.Equal(t, "test-repo", (references)[0].Name().String()) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 1}) @@ -390,30 +393,31 @@ func TestGetGitReferences(t *testing.T) { fixtures.mockCache.RedisClient.On("Get", mock.Anything, mock.Anything).Return(errors.New("test cache error")) var references []*plumbing.Reference lockOwner, err := cache.GetGitReferences("test-repo", &references) - require.ErrorContains(t, err, "test cache error", "Error should be propagated") + assert.ErrorContains(t, err, "test cache error", "Error should be propagated") assert.Equal(t, "", lockOwner, "Lock owner should be empty") assert.Nil(t, references) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) }) + } func TestGitRefCacheItemToReferences_DataChecks(t *testing.T) { references := *GitRefCacheItemToReferences(nil) - assert.Empty(t, references, "No data should be handled gracefully by returning an empty slice") + assert.Equal(t, 0, len(references), "No data should be handled gracefully by returning an empty slice") references = *GitRefCacheItemToReferences([][2]string{{"", ""}}) - assert.Empty(t, references, "Empty data should be discarded") + assert.Equal(t, 0, len(references), "Empty data should be discarded") references = *GitRefCacheItemToReferences([][2]string{{"test", ""}}) - assert.Len(t, references, 1, "Just the key being set should not be discarded") + assert.Equal(t, 1, len(references), "Just the key being set should not be discarded") assert.Equal(t, "test", references[0].Name().String(), "Name should be set and equal test") references = *GitRefCacheItemToReferences([][2]string{{"", "ref: test1"}}) - assert.Len(t, references, 1, "Just the value being set should not be discarded") + assert.Equal(t, 1, len(references), "Just the value being set should not be discarded") assert.Equal(t, "test1", references[0].Target().String(), "Target should be set and equal test1") references = *GitRefCacheItemToReferences([][2]string{{"test2", "ref: test2"}}) - assert.Len(t, references, 1, "Valid data is should be preserved") + assert.Equal(t, 1, len(references), "Valid data is should be preserved") assert.Equal(t, "test2", references[0].Name().String(), "Name should be set and equal test2") assert.Equal(t, "test2", references[0].Target().String(), "Target should be set and equal test2") references = *GitRefCacheItemToReferences([][2]string{{"test3", "ref: test3"}, {"test4", "ref: test4"}}) - assert.Len(t, references, 2, "Valid data is should be preserved") + assert.Equal(t, 2, len(references), "Valid data is should be preserved") assert.Equal(t, "test3", references[0].Name().String(), "Name should be set and equal test3") assert.Equal(t, "test3", references[0].Target().String(), "Target should be set and equal test3") assert.Equal(t, "test4", references[1].Name().String(), "Name should be set and equal test4") @@ -429,32 +433,32 @@ func TestTryLockGitRefCache_OwnershipFlows(t *testing.T) { // Test setting the lock _, err := cache.TryLockGitRefCache("my-repo-url", "my-lock-id", &references) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 1}) - require.NoError(t, err) + assert.NoError(t, err) var output [][2]string key := fmt.Sprintf("git-refs|%s", "my-repo-url") err = utilCache.GetItem(key, &output) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 2}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "locked", output[0][0], "The lock should be set") assert.Equal(t, "my-lock-id", output[0][1], "The lock should be set to the provided lock id") // Test not being able to overwrite the lock _, err = cache.TryLockGitRefCache("my-repo-url", "other-lock-id", &references) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 2, ExternalGets: 3}) - require.NoError(t, err) + assert.NoError(t, err) err = utilCache.GetItem(key, &output) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 2, ExternalGets: 4}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "locked", output[0][0], "The lock should not have changed") assert.Equal(t, "my-lock-id", output[0][1], "The lock should not have changed") // Test can overwrite once there is nothing set err = utilCache.SetItem(key, [][2]string{}, &cacheutil.CacheActionOpts{Expiration: 0, Delete: true}) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 2, ExternalGets: 4, ExternalDeletes: 1}) - require.NoError(t, err) + assert.NoError(t, err) _, err = cache.TryLockGitRefCache("my-repo-url", "other-lock-id", &references) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 3, ExternalGets: 5, ExternalDeletes: 1}) - require.NoError(t, err) + assert.NoError(t, err) err = utilCache.GetItem(key, &output) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "locked", output[0][0], "The lock should be set") assert.Equal(t, "other-lock-id", output[0][1], "The lock id should have changed to other-lock-id") fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 3, ExternalGets: 6, ExternalDeletes: 1}) @@ -467,8 +471,8 @@ func TestGetOrLockGitReferences(t *testing.T) { cache := fixtures.cache var references []*plumbing.Reference lockId, err := cache.GetOrLockGitReferences("test-repo", "test-lock-id", &references) - require.NoError(t, err) - assert.Equal(t, "test-lock-id", lockId) + assert.NoError(t, err) + assert.Equal(t, lockId, "test-lock-id") assert.NotEqual(t, "", lockId, "Lock id should be set") fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1, ExternalGets: 2}) }) @@ -478,11 +482,11 @@ func TestGetOrLockGitReferences(t *testing.T) { t.Cleanup(fixtures.mockCache.StopRedisCallback) cache := fixtures.cache err := cache.SetGitReferences("test-repo", *GitRefCacheItemToReferences([][2]string{{"test-repo", "ref: test"}})) - require.NoError(t, err) + assert.NoError(t, err) var references []*plumbing.Reference lockId, err := cache.GetOrLockGitReferences("test-repo", "test-lock-id", &references) - require.NoError(t, err) - assert.NotEqual(t, "test-lock-id", lockId) + assert.NoError(t, err) + assert.NotEqual(t, lockId, "test-lock-id") assert.Equal(t, "", lockId, "Lock id should not be set") assert.Equal(t, "test-repo", references[0].Name().String()) assert.Equal(t, "test", references[0].Target().String()) @@ -497,13 +501,12 @@ func TestGetOrLockGitReferences(t *testing.T) { "git-refs|test-repo", [][2]string{{"test-repo", "ref: test"}}, &cacheutil.CacheActionOpts{ - Expiration: 30 * time.Second, - }) - require.NoError(t, err) + Expiration: 30 * time.Second}) + assert.NoError(t, err) var references []*plumbing.Reference lockId, err := cache.GetOrLockGitReferences("test-repo", "test-lock-id", &references) - require.NoError(t, err) - assert.NotEqual(t, "test-lock-id", lockId) + assert.NoError(t, err) + assert.NotEqual(t, lockId, "test-lock-id") assert.Equal(t, "", lockId, "Lock id should not be set") assert.Equal(t, "test-repo", references[0].Name().String()) assert.Equal(t, "test", references[0].Target().String()) @@ -519,12 +522,12 @@ func TestGetOrLockGitReferences(t *testing.T) { fixtures.mockCache.RedisClient.On("Get", mock.Anything, mock.Anything).Unset() fixtures.mockCache.RedisClient.On("Get", mock.Anything, mock.Anything).Return(cacheutil.ErrCacheMiss).Once().Run(func(args mock.Arguments) { err := cache.SetGitReferences("test-repo", *GitRefCacheItemToReferences([][2]string{{"test-repo", "ref: test"}})) - require.NoError(t, err) + assert.NoError(t, err) }).On("Get", mock.Anything, mock.Anything).Return(nil) var references []*plumbing.Reference lockId, err := cache.GetOrLockGitReferences("test-repo", "test-lock-id", &references) - require.NoError(t, err) - assert.NotEqual(t, "test-lock-id", lockId) + assert.NoError(t, err) + assert.NotEqual(t, lockId, "test-lock-id") assert.Equal(t, "", lockId, "Lock id should not be set") fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 2, ExternalGets: 2}) }) @@ -535,12 +538,12 @@ func TestGetOrLockGitReferences(t *testing.T) { cache := fixtures.cache // Create conditions for cache hit, which would result in false on updateCache if we weren't reaching the timeout err := cache.SetGitReferences("test-repo", *GitRefCacheItemToReferences([][2]string{{"test-repo", "ref: test"}})) - require.NoError(t, err) + assert.NoError(t, err) cache.revisionCacheLockTimeout = -1 * time.Second var references []*plumbing.Reference lockId, err := cache.GetOrLockGitReferences("test-repo", "test-lock-id", &references) - require.NoError(t, err) - assert.Equal(t, "test-lock-id", lockId) + assert.NoError(t, err) + assert.Equal(t, lockId, "test-lock-id") assert.NotEqual(t, "", lockId, "Lock id should be set") cache.revisionCacheLockTimeout = 10 * time.Second fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1}) @@ -556,8 +559,8 @@ func TestGetOrLockGitReferences(t *testing.T) { On("Set", mock.Anything).Return(nil) var references []*plumbing.Reference lockId, err := cache.GetOrLockGitReferences("test-repo", "test-lock-id", &references) - require.NoError(t, err) - assert.Equal(t, "test-lock-id", lockId) + assert.NoError(t, err) + assert.Equal(t, lockId, "test-lock-id") assert.NotEqual(t, "", lockId, "Lock id should be set") fixtures.mockCache.RedisClient.AssertNumberOfCalls(t, "Set", 2) fixtures.mockCache.RedisClient.AssertNumberOfCalls(t, "Get", 4) @@ -571,7 +574,7 @@ func TestUnlockGitReferences(t *testing.T) { t.Run("Test not locked", func(t *testing.T) { err := cache.UnlockGitReferences("test-repo", "") - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "key is missing") }) @@ -579,12 +582,12 @@ func TestUnlockGitReferences(t *testing.T) { // Get lock var references []*plumbing.Reference lockId, err := cache.GetOrLockGitReferences("test-repo", "test-lock-id", &references) - require.NoError(t, err) - assert.Equal(t, "test-lock-id", lockId) + assert.NoError(t, err) + assert.Equal(t, lockId, "test-lock-id") assert.NotEqual(t, "", lockId, "Lock id should be set") // Release lock err = cache.UnlockGitReferences("test-repo", lockId) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -593,17 +596,17 @@ func TestSetHelmIndex(t *testing.T) { fixtures := newFixtures() t.Cleanup(fixtures.mockCache.StopRedisCallback) err := fixtures.cache.SetHelmIndex("test-repo", []byte("test-data")) - require.NoError(t, err) + assert.NoError(t, err) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalSets: 1}) }) t.Run("SetHelmIndex with nil", func(t *testing.T) { fixtures := newFixtures() t.Cleanup(fixtures.mockCache.StopRedisCallback) err := fixtures.cache.SetHelmIndex("test-repo", nil) - require.Error(t, err, "nil data should not be cached") + assert.Error(t, err, "nil data should not be cached") var indexData []byte err = fixtures.cache.GetHelmIndex("test-repo", &indexData) - require.Error(t, err) + assert.Error(t, err) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) }) } @@ -613,7 +616,7 @@ func TestRevisionChartDetails(t *testing.T) { fixtures := newFixtures() t.Cleanup(fixtures.mockCache.StopRedisCallback) details, err := fixtures.cache.GetRevisionChartDetails("test-repo", "test-revision", "v1.0.0") - require.ErrorIs(t, err, ErrCacheMiss) + assert.ErrorAs(t, err, &ErrCacheMiss) assert.Equal(t, &appv1.ChartDetails{}, details) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) }) @@ -630,9 +633,9 @@ func TestRevisionChartDetails(t *testing.T) { revisionChartDetailsKey("test-repo", "test-revision", "v1.0.0"), expectedItem, &cacheutil.CacheActionOpts{Expiration: 30 * time.Second}) - require.NoError(t, err) + assert.NoError(t, err) details, err := fixtures.cache.GetRevisionChartDetails("test-repo", "test-revision", "v1.0.0") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedItem, details) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1, ExternalSets: 1}) }) @@ -650,9 +653,9 @@ func TestRevisionChartDetails(t *testing.T) { revisionChartDetailsKey("test-repo", "test-revision", "v1.0.0"), expectedItem, &cacheutil.CacheActionOpts{Expiration: 30 * time.Second}) - require.NoError(t, err) + assert.NoError(t, err) details, err := fixtures.cache.GetRevisionChartDetails("test-repo", "test-revision", "v1.0.0") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedItem, details) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1, ExternalSets: 1}) }) @@ -666,12 +669,13 @@ func TestRevisionChartDetails(t *testing.T) { Maintainers: []string{"test-maintainer"}, } err := fixtures.cache.SetRevisionChartDetails("test-repo", "test-revision", "v1.0.0", expectedItem) - require.NoError(t, err) + assert.NoError(t, err) details, err := fixtures.cache.GetRevisionChartDetails("test-repo", "test-revision", "v1.0.0") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedItem, details) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1, ExternalSets: 1}) }) + } func TestGetGitDirectories(t *testing.T) { @@ -679,8 +683,8 @@ func TestGetGitDirectories(t *testing.T) { fixtures := newFixtures() t.Cleanup(fixtures.mockCache.StopRedisCallback) directories, err := fixtures.cache.GetGitDirectories("test-repo", "test-revision") - require.ErrorIs(t, err, ErrCacheMiss) - assert.Empty(t, directories) + assert.ErrorAs(t, err, &ErrCacheMiss) + assert.Equal(t, 0, len(directories)) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) }) t.Run("GetGitDirectories cache miss local", func(t *testing.T) { @@ -692,9 +696,9 @@ func TestGetGitDirectories(t *testing.T) { gitDirectoriesKey("test-repo", "test-revision"), expectedItem, &cacheutil.CacheActionOpts{Expiration: 30 * time.Second}) - require.NoError(t, err) + assert.NoError(t, err) directories, err := fixtures.cache.GetGitDirectories("test-repo", "test-revision") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedItem, directories) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1, ExternalSets: 1}) }) @@ -708,9 +712,9 @@ func TestGetGitDirectories(t *testing.T) { gitDirectoriesKey("test-repo", "test-revision"), expectedItem, &cacheutil.CacheActionOpts{Expiration: 30 * time.Second}) - require.NoError(t, err) + assert.NoError(t, err) directories, err := fixtures.cache.GetGitDirectories("test-repo", "test-revision") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedItem, directories) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1, ExternalSets: 1}) }) @@ -720,12 +724,13 @@ func TestGetGitDirectories(t *testing.T) { t.Cleanup(fixtures.mockCache.StopRedisCallback) expectedItem := []string{"test/dir", "test/dir2"} err := fixtures.cache.SetGitDirectories("test-repo", "test-revision", expectedItem) - require.NoError(t, err) + assert.NoError(t, err) directories, err := fixtures.cache.GetGitDirectories("test-repo", "test-revision") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedItem, directories) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1, ExternalSets: 1}) }) + } func TestGetGitFiles(t *testing.T) { @@ -733,8 +738,8 @@ func TestGetGitFiles(t *testing.T) { fixtures := newFixtures() t.Cleanup(fixtures.mockCache.StopRedisCallback) directories, err := fixtures.cache.GetGitFiles("test-repo", "test-revision", "*.json") - require.ErrorIs(t, err, ErrCacheMiss) - assert.Empty(t, directories) + assert.ErrorAs(t, err, &ErrCacheMiss) + assert.Equal(t, 0, len(directories)) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1}) }) t.Run("GetGitFiles cache hit", func(t *testing.T) { @@ -746,9 +751,9 @@ func TestGetGitFiles(t *testing.T) { gitFilesKey("test-repo", "test-revision", "*.json"), expectedItem, &cacheutil.CacheActionOpts{Expiration: 30 * time.Second}) - require.NoError(t, err) + assert.NoError(t, err) files, err := fixtures.cache.GetGitFiles("test-repo", "test-revision", "*.json") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedItem, files) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1, ExternalSets: 1}) }) @@ -758,10 +763,11 @@ func TestGetGitFiles(t *testing.T) { t.Cleanup(fixtures.mockCache.StopRedisCallback) expectedItem := map[string][]byte{"test/file.json": []byte("\"test\":\"contents\""), "test/file1.json": []byte("\"test1\":\"contents1\"")} err := fixtures.cache.SetGitFiles("test-repo", "test-revision", "*.json", expectedItem) - require.NoError(t, err) + assert.NoError(t, err) files, err := fixtures.cache.GetGitFiles("test-repo", "test-revision", "*.json") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedItem, files) fixtures.mockCache.AssertCacheCalledTimes(t, &mocks.CacheCallCounts{ExternalGets: 1, ExternalSets: 1}) }) + } diff --git a/reposerver/cache/mocks/reposervercache.go b/reposerver/cache/mocks/reposervercache.go index f26bd8bccac43..440cb5ed53d97 100644 --- a/reposerver/cache/mocks/reposervercache.go +++ b/reposerver/cache/mocks/reposervercache.go @@ -5,11 +5,10 @@ import ( "time" "github.com/alicebob/miniredis/v2" - "github.com/redis/go-redis/v9" - "github.com/stretchr/testify/mock" - cacheutil "github.com/argoproj/argo-cd/v2/util/cache" cacheutilmocks "github.com/argoproj/argo-cd/v2/util/cache/mocks" + "github.com/redis/go-redis/v9" + "github.com/stretchr/testify/mock" ) type MockCacheType int @@ -68,8 +67,7 @@ func NewMockRepoCache(cacheOpts *MockCacheOptions) *MockRepoCache { redisCacheClient := &cacheutilmocks.MockCacheClient{ ReadDelay: cacheOpts.ReadDelay, WriteDelay: cacheOpts.WriteDelay, - BaseCache: cacheutil.NewRedisCache(redisClient, cacheOpts.RepoCacheExpiration, cacheutil.RedisCompressionNone), - } + BaseCache: cacheutil.NewRedisCache(redisClient, cacheOpts.RepoCacheExpiration, cacheutil.RedisCompressionNone)} newMockCache := &MockRepoCache{RedisClient: redisCacheClient, StopRedisCallback: stopRedis} newMockCache.ConfigureDefaultCallbacks() return newMockCache diff --git a/reposerver/metrics/metrics.go b/reposerver/metrics/metrics.go index 4fd9cde3ba60a..44f3dbd01e1bb 100644 --- a/reposerver/metrics/metrics.go +++ b/reposerver/metrics/metrics.go @@ -13,7 +13,6 @@ import ( type MetricsServer struct { handler http.Handler gitFetchFailCounter *prometheus.CounterVec - gitLsRemoteFailCounter *prometheus.CounterVec gitRequestCounter *prometheus.CounterVec gitRequestHistogram *prometheus.HistogramVec repoPendingRequestsGauge *prometheus.GaugeVec @@ -43,15 +42,6 @@ func NewMetricsServer() *MetricsServer { ) registry.MustRegister(gitFetchFailCounter) - gitLsRemoteFailCounter := prometheus.NewCounterVec( - prometheus.CounterOpts{ - Name: "argocd_git_lsremote_fail_total", - Help: "Number of git ls-remote requests failures by repo server", - }, - []string{"repo", "revision"}, - ) - registry.MustRegister(gitLsRemoteFailCounter) - gitRequestCounter := prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "argocd_git_request_total", @@ -102,7 +92,6 @@ func NewMetricsServer() *MetricsServer { return &MetricsServer{ handler: promhttp.HandlerFor(registry, promhttp.HandlerOpts{}), gitFetchFailCounter: gitFetchFailCounter, - gitLsRemoteFailCounter: gitLsRemoteFailCounter, gitRequestCounter: gitRequestCounter, gitRequestHistogram: gitRequestHistogram, repoPendingRequestsGauge: repoPendingRequestsGauge, @@ -119,10 +108,6 @@ func (m *MetricsServer) IncGitFetchFail(repo string, revision string) { m.gitFetchFailCounter.WithLabelValues(repo, revision).Inc() } -func (m *MetricsServer) IncGitLsRemoteFail(repo string, revision string) { - m.gitLsRemoteFailCounter.WithLabelValues(repo, revision).Inc() -} - // IncGitRequest increments the git requests counter func (m *MetricsServer) IncGitRequest(repo string, requestType GitRequestType) { m.gitRequestCounter.WithLabelValues(repo, string(requestType)).Inc() diff --git a/reposerver/repository/chart.go b/reposerver/repository/chart.go index c1ad7855049d3..f4bcf48fba569 100644 --- a/reposerver/repository/chart.go +++ b/reposerver/repository/chart.go @@ -4,9 +4,8 @@ import ( "fmt" "strings" - "sigs.k8s.io/yaml" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" + "sigs.k8s.io/yaml" ) func getChartDetails(chartYAML string) (*v1alpha1.ChartDetails, error) { diff --git a/reposerver/repository/chart_test.go b/reposerver/repository/chart_test.go index 3e1bccfa46a07..b22e7c21bede5 100644 --- a/reposerver/repository/chart_test.go +++ b/reposerver/repository/chart_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func Test_getChartDetailsNotSet(t *testing.T) { @@ -13,10 +12,10 @@ name: mychart version: 0.0.0` cd, err := getChartDetails(chart1) - require.NoError(t, err) - assert.Equal(t, "", cd.Description) + assert.NoError(t, err) + assert.Equal(t, cd.Description, "") assert.Equal(t, cd.Maintainers, []string(nil)) - assert.Equal(t, "", cd.Home) + assert.Equal(t, cd.Home, "") } func Test_getChartDetailsSet(t *testing.T) { @@ -31,10 +30,10 @@ maintainers: ` cd, err := getChartDetails(chart1) - require.NoError(t, err) - assert.Equal(t, "a good chart", cd.Description) - assert.Equal(t, []string{"alex "}, cd.Maintainers) - assert.Equal(t, "https://example.com", cd.Home) + assert.NoError(t, err) + assert.Equal(t, cd.Description, "a good chart") + assert.Equal(t, cd.Maintainers, []string{"alex "}) + assert.Equal(t, cd.Home, "https://example.com") chart1 = `apiVersion: v3 name: mychart @@ -45,8 +44,8 @@ maintainers: - name: alex ` cd, err = getChartDetails(chart1) - require.NoError(t, err) - assert.Equal(t, []string{"alex"}, cd.Maintainers) + assert.NoError(t, err) + assert.Equal(t, cd.Maintainers, []string{"alex"}) } func Test_getChartDetailsBad(t *testing.T) { @@ -59,6 +58,6 @@ maintainers: alex ` cd, err := getChartDetails(chart1) - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, cd) } diff --git a/reposerver/repository/repository.go b/reposerver/repository/repository.go index 0b8f08c97b2ee..c300047e5b25f 100644 --- a/reposerver/repository/repository.go +++ b/reposerver/repository/repository.go @@ -112,7 +112,6 @@ type RepoServerInitConstants struct { HelmManifestMaxExtractedSize int64 HelmRegistryMaxIndexSize int64 DisableHelmManifestMaxExtractedSize bool - IncludeHiddenDirectories bool } // NewService returns a new instance of the Manifest service @@ -147,11 +146,11 @@ func NewService(metricsServer *metrics.MetricsServer, cache *cache.Cache, initCo func (s *Service) Init() error { _, err := os.Stat(s.rootDir) if os.IsNotExist(err) { - return os.MkdirAll(s.rootDir, 0o300) + return os.MkdirAll(s.rootDir, 0300) } if err == nil { // give itself read permissions to list previously written directories - err = os.Chmod(s.rootDir, 0o700) + err = os.Chmod(s.rootDir, 0700) } var dirEntries []fs.DirEntry if err == nil { @@ -176,7 +175,7 @@ func (s *Service) Init() error { io.Close(closer) } // remove read permissions since no-one should be able to list the directories - return os.Chmod(s.rootDir, 0o300) + return os.Chmod(s.rootDir, 0300) } // ListRefs List a subset of the refs (currently, branches and tags) of a git repo @@ -219,6 +218,7 @@ func (s *Service) ListApps(ctx context.Context, q *apiclient.ListAppsRequest) (* closer, err := s.repoLock.Lock(gitClient.Root(), commitSHA, true, func() (goio.Closer, error) { return s.checkoutRevision(gitClient, commitSHA, s.initConstants.SubmoduleEnabled) }) + if err != nil { return nil, fmt.Errorf("error acquiring repository lock: %w", err) } @@ -266,6 +266,7 @@ type operationSettings struct { // operationContext contains request values which are generated by runRepoOperation (on demand) by a call to the // provided operationContextSrc function. type operationContext struct { + // application path or helm chart path appPath string @@ -293,8 +294,8 @@ func (s *Service) runRepoOperation( operation func(repoRoot, commitSHA, cacheKey string, ctxSrc operationContextSrc) error, settings operationSettings, hasMultipleSources bool, - refSources map[string]*v1alpha1.RefTarget, -) error { + refSources map[string]*v1alpha1.RefTarget) error { + if sanitizer, ok := grpc.SanitizerFromContext(ctx); ok { // make sure a randomized path replaced with '.' in the error message sanitizer.AddRegexReplacement(getRepoSanitizerRegex(s.rootDir), "") @@ -342,7 +343,7 @@ func (s *Service) runRepoOperation( if source.IsHelm() { if settings.noCache { - err = helmClient.CleanChartCache(source.Chart, revision, repo.Project) + err = helmClient.CleanChartCache(source.Chart, revision) if err != nil { return err } @@ -351,7 +352,7 @@ func (s *Service) runRepoOperation( if source.Helm != nil { helmPassCredentials = source.Helm.PassCredentials } - chartPath, closer, err := helmClient.ExtractChart(source.Chart, revision, repo.Project, helmPassCredentials, s.initConstants.HelmManifestMaxExtractedSize, s.initConstants.DisableHelmManifestMaxExtractedSize) + chartPath, closer, err := helmClient.ExtractChart(source.Chart, revision, helmPassCredentials, s.initConstants.HelmManifestMaxExtractedSize, s.initConstants.DisableHelmManifestMaxExtractedSize) if err != nil { return err } @@ -380,6 +381,7 @@ func (s *Service) runRepoOperation( closer, err := s.repoLock.Lock(gitClient.Root(), revision, settings.allowConcurrent, func() (goio.Closer, error) { return s.checkoutRevision(gitClient, revision, s.initConstants.SubmoduleEnabled) }) + if err != nil { return err } @@ -511,7 +513,7 @@ func (s *Service) GenerateManifest(ctx context.Context, q *apiclient.ManifestReq var err error // Skip this path for ref only sources - if q.HasMultipleSources && q.ApplicationSource.Path == "" && !q.ApplicationSource.IsHelm() && q.ApplicationSource.IsRef() { + if q.HasMultipleSources && q.ApplicationSource.Path == "" && q.ApplicationSource.Chart == "" && q.ApplicationSource.Ref != "" { log.Debugf("Skipping manifest generation for ref only source for application: %s and ref %s", q.AppName, q.ApplicationSource.Ref) _, revision, err := s.newClientResolveRevision(q.Repo, q.Revision, git.WithCache(s.cache, !q.NoRevisionCache && !q.NoCache)) res = &apiclient.ManifestResponse{ @@ -590,6 +592,7 @@ func (s *Service) GenerateManifestWithFiles(stream apiclient.RepoServerService_G }() req, metadata, err := manifeststream.ReceiveManifestFileStream(stream.Context(), stream, workDir, s.initConstants.StreamedManifestMaxTarSize, s.initConstants.StreamedManifestMaxExtractedSize) + if err != nil { return fmt.Errorf("error receiving manifest file stream: %w", err) } @@ -669,6 +672,7 @@ type generateManifestCh struct { // - or, NoCache is true // Returns a ManifestResponse, or an error, but not both func (s *Service) runManifestGen(ctx context.Context, repoRoot, commitSHA, cacheKey string, opContextSrc operationContextSrc, q *apiclient.ManifestRequest) *ManifestResponsePromise { + responseCh := make(chan *apiclient.ManifestResponse) tarDoneCh := make(chan bool) errCh := make(chan error) @@ -710,6 +714,7 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, // check whether they should be replicated in resolveReferencedSources. if q.HasMultipleSources { if q.ApplicationSource.Helm != nil { + // Checkout every one of the referenced sources to the target revision before generating Manifests for _, valueFile := range q.ApplicationSource.Helm.ValueFiles { if strings.HasPrefix(valueFile, "$") { @@ -815,7 +820,7 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, // rather than a copy of the cache that occurred before (a potentially lengthy) manifest generation. innerRes := &cache.CachedManifestResponse{} cacheErr := s.cache.GetManifests(cacheKey, appSourceCopy, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, innerRes, refSourceCommitSHAs) - if cacheErr != nil && !errors.Is(cacheErr, cache.ErrCacheMiss) { + if cacheErr != nil && cacheErr != cache.ErrCacheMiss { logCtx.Warnf("manifest cache get error %s: %v", appSourceCopy.String(), cacheErr) ch.errCh <- cacheErr return @@ -839,6 +844,7 @@ func (s *Service) runManifestGenAsync(ctx context.Context, repoRoot, commitSHA, ch.errCh <- cacheErr return } + } ch.errCh <- err return @@ -875,14 +881,18 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe res := cache.CachedManifestResponse{} err := s.cache.GetManifests(cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, &res, refSourceCommitSHAs) if err == nil { + // The cache contains an existing value // If caching of manifest generation errors is enabled, and res is a cached manifest generation error... if s.initConstants.PauseGenerationAfterFailedGenerationAttempts > 0 && res.FirstFailureTimestamp > 0 { + // If we are already in the 'manifest generation caching' state, due to too many consecutive failures... if res.NumberOfConsecutiveFailures >= s.initConstants.PauseGenerationAfterFailedGenerationAttempts { + // Check if enough time has passed to try generation again (e.g. to exit the 'manifest generation caching' state) if s.initConstants.PauseGenerationOnFailureForMinutes > 0 { + elapsedTimeInMinutes := int((s.now().Unix() - res.FirstFailureTimestamp) / 60) // After X minutes, reset the cache and retry the operation (e.g. perhaps the error is ephemeral and has passed) @@ -901,6 +911,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe // Check if enough cached responses have been returned to try generation again (e.g. to exit the 'manifest generation caching' state) if s.initConstants.PauseGenerationOnFailureForRequests > 0 && res.NumberOfCachedResponsesReturned > 0 { + if res.NumberOfCachedResponsesReturned >= s.initConstants.PauseGenerationOnFailureForRequests { cache.LogDebugManifestCacheKeyFields("deleting manifests cache", "reset after paused generation count", cacheKey, q.ApplicationSource, q.RefSources, q, q.Namespace, q.TrackingMethod, q.AppLabelKey, q.AppName, refSourceCommitSHAs) @@ -932,6 +943,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe } return true, nil, cachedErrorResponse + } // Otherwise we are not yet in the manifest generation error state, and not enough consecutive errors have @@ -944,7 +956,7 @@ func (s *Service) getManifestCacheEntry(cacheKey string, q *apiclient.ManifestRe return true, res.ManifestResponse, nil } - if !errors.Is(err, cache.ErrCacheMiss) { + if err != cache.ErrCacheMiss { log.Warnf("manifest cache error %s: %v", q.ApplicationSource.String(), err) } else { log.Infof("manifest cache miss: %s/%s", q.ApplicationSource.String(), cacheKey) @@ -988,9 +1000,7 @@ func getHelmRepos(appPath string, repositories []*v1alpha1.Repository, helmRepoC // finally if repo is OCI and no credentials found, use the first OCI credential matching by hostname // see https://github.com/argoproj/argo-cd/issues/14636 for _, cred := range repositories { - // if the repo is OCI, don't match the repository URL exactly, but only as a dependent repository prefix just like in the getRepoCredential function - // see https://github.com/argoproj/argo-cd/issues/12436 - if _, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && strings.HasPrefix(dep.Repo, cred.Repo) { + if depURL, err := url.Parse("oci://" + dep.Repo); err == nil && cred.EnableOCI && depURL.Host == cred.Repo { repo.Username = cred.Username repo.Password = cred.Password break @@ -1082,7 +1092,7 @@ func runHelmBuild(appPath string, h helm.Helm) error { if err != nil { return fmt.Errorf("error building helm chart dependencies: %w", err) } - return os.WriteFile(markerFile, []byte("marker"), 0o644) + return os.WriteFile(markerFile, []byte("marker"), 0644) } func isSourcePermitted(url string, repos []string) bool { @@ -1143,7 +1153,7 @@ func helmTemplate(appPath string, repoRoot string, env *v1alpha1.Env, q *apiclie _ = os.RemoveAll(p) } }() - err = os.WriteFile(p, appHelm.ValuesYAML(), 0o644) + err = os.WriteFile(p, appHelm.ValuesYAML(), 0644) if err != nil { return nil, fmt.Errorf("error writing helm values file: %w", err) } @@ -1252,19 +1262,19 @@ func getResolvedValueFiles( ) ([]pathutil.ResolvedFilePath, error) { var resolvedValueFiles []pathutil.ResolvedFilePath for _, rawValueFile := range rawValueFiles { - isRemote := false + var isRemote = false var resolvedPath pathutil.ResolvedFilePath var err error referencedSource := getReferencedSource(rawValueFile, refSources) if referencedSource != nil { // If the $-prefixed path appears to reference another source, do env substitution _after_ resolving that source. - resolvedPath, err = getResolvedRefValueFile(rawValueFile, env, allowedValueFilesSchemas, referencedSource.Repo.Repo, gitRepoPaths, referencedSource.Repo.Project) + resolvedPath, err = getResolvedRefValueFile(rawValueFile, env, allowedValueFilesSchemas, referencedSource.Repo.Repo, gitRepoPaths) if err != nil { return nil, fmt.Errorf("error resolving value file path: %w", err) } } else { - // This will resolve val to an absolute path (or a URL) + // This will resolve val to an absolute path (or an URL) resolvedPath, isRemote, err = pathutil.ResolveValueFilePathOrUrl(appPath, repoRoot, env.Envsubst(rawValueFile), allowedValueFilesSchemas) if err != nil { return nil, fmt.Errorf("error resolving value file path: %w", err) @@ -1292,15 +1302,9 @@ func getResolvedRefValueFile( allowedValueFilesSchemas []string, refSourceRepo string, gitRepoPaths io.TempPaths, - project string, ) (pathutil.ResolvedFilePath, error) { pathStrings := strings.Split(rawValueFile, "/") - - keyData, err := json.Marshal(map[string]string{"url": git.NormalizeGitURL(refSourceRepo), "project": project}) - if err != nil { - return "", err - } - repoPath := gitRepoPaths.GetPathIfExists(string(keyData)) + repoPath := gitRepoPaths.GetPathIfExists(git.NormalizeGitURL(refSourceRepo)) if repoPath == "" { return "", fmt.Errorf("failed to find repo %q", refSourceRepo) } @@ -1334,13 +1338,11 @@ func getRepoCredential(repoCredentials []*v1alpha1.RepoCreds, repoURL string) *v return nil } -type ( - GenerateManifestOpt func(*generateManifestOpt) - generateManifestOpt struct { - cmpTarDoneCh chan<- bool - cmpTarExcludedGlobs []string - } -) +type GenerateManifestOpt func(*generateManifestOpt) +type generateManifestOpt struct { + cmpTarDoneCh chan<- bool + cmpTarExcludedGlobs []string +} func newGenerateManifestOpt(opts ...GenerateManifestOpt) *generateManifestOpt { o := &generateManifestOpt{} @@ -1502,7 +1504,7 @@ func mergeSourceParameters(source *v1alpha1.ApplicationSource, path, appName str overrides = append(overrides, filepath.Join(path, fmt.Sprintf(appSourceFile, appName))) } - merged := *source.DeepCopy() + var merged = *source.DeepCopy() for _, filename := range overrides { info, err := os.Stat(filename) @@ -1517,23 +1519,23 @@ func mergeSourceParameters(source *v1alpha1.ApplicationSource, path, appName str data, err := json.Marshal(merged) if err != nil { - return fmt.Errorf("%s: %w", filename, err) + return fmt.Errorf("%s: %v", filename, err) } patch, err := os.ReadFile(filename) if err != nil { - return fmt.Errorf("%s: %w", filename, err) + return fmt.Errorf("%s: %v", filename, err) } patch, err = yaml.YAMLToJSON(patch) if err != nil { - return fmt.Errorf("%s: %w", filename, err) + return fmt.Errorf("%s: %v", filename, err) } data, err = jsonpatch.MergePatch(data, patch) if err != nil { - return fmt.Errorf("%s: %w", filename, err) + return fmt.Errorf("%s: %v", filename, err) } err = json.Unmarshal(data, &merged) if err != nil { - return fmt.Errorf("%s: %w", filename, err) + return fmt.Errorf("%s: %v", filename, err) } } @@ -1551,7 +1553,7 @@ func mergeSourceParameters(source *v1alpha1.ApplicationSource, path, appName str func GetAppSourceType(ctx context.Context, source *v1alpha1.ApplicationSource, appPath, repoPath, appName string, enableGenerateManifests map[string]bool, tarExcludedGlobs []string, env []string) (v1alpha1.ApplicationSourceType, error) { err := mergeSourceParameters(source, appPath, appName) if err != nil { - return "", fmt.Errorf("error while parsing source parameters: %w", err) + return "", fmt.Errorf("error while parsing source parameters: %v", err) } appSourceType, err := source.ExplicitType() @@ -1567,7 +1569,7 @@ func GetAppSourceType(ctx context.Context, source *v1alpha1.ApplicationSource, a } appType, err := discovery.AppType(ctx, appPath, repoPath, enableGenerateManifests, tarExcludedGlobs, env) if err != nil { - return "", fmt.Errorf("error getting app source type: %w", err) + return "", fmt.Errorf("error getting app source type: %v", err) } return v1alpha1.ApplicationSourceType(appType), nil } @@ -1699,10 +1701,10 @@ func splitYAMLOrJSON(reader goio.Reader) ([]*unstructured.Unstructured, error) { for { u := &unstructured.Unstructured{} if err := d.Decode(&u); err != nil { - if errors.Is(err, goio.EOF) { + if err == goio.EOF { break } - return objs, fmt.Errorf("failed to unmarshal manifest: %w", err) + return objs, fmt.Errorf("failed to unmarshal manifest: %v", err) } if u == nil { continue @@ -1733,7 +1735,7 @@ func getPotentiallyValidManifestFile(path string, f os.FileInfo, appPath, repoRo } // If the file is a symlink, these will be overridden with the destination file's info. - relRealPath := relPath + var relRealPath = relPath realFileInfo = f if files.IsSymlink(f) { @@ -1788,7 +1790,7 @@ type potentiallyValidManifest struct { // and 2) the combined file size of the potentially-valid manifest files does not exceed the limit. func getPotentiallyValidManifests(logCtx *log.Entry, appPath string, repoRoot string, recurse bool, include string, exclude string, maxCombinedManifestQuantity resource.Quantity) ([]potentiallyValidManifest, error) { maxCombinedManifestFileSize := maxCombinedManifestQuantity.Value() - currentCombinedManifestFileSize := int64(0) + var currentCombinedManifestFileSize = int64(0) var potentiallyValidManifests []potentiallyValidManifest err := filepath.Walk(appPath, func(path string, f os.FileInfo, err error) error { @@ -1834,6 +1836,7 @@ func getPotentiallyValidManifests(logCtx *log.Entry, appPath string, repoRoot st } func makeJsonnetVm(appPath string, repoRoot string, sourceJsonnet v1alpha1.ApplicationSourceJsonnet, env *v1alpha1.Env) (*jsonnet.VM, error) { + vm := jsonnet.MakeVM() for i, j := range sourceJsonnet.TLAs { sourceJsonnet.TLAs[i].Value = env.Envsubst(j.Value) @@ -1928,7 +1931,7 @@ func runConfigManagementPluginSidecars(ctx context.Context, appPath, repoPath, p // generate manifests using commands provided in plugin config file in detected cmp-server sidecar cmpManifests, err := generateManifestsCMP(ctx, appPath, repoPath, env, cmpClient, tarDoneCh, tarExcludedGlobs) if err != nil { - return nil, fmt.Errorf("error generating manifests in cmp: %w", err) + return nil, fmt.Errorf("error generating manifests in cmp: %s", err) } var manifests []*unstructured.Unstructured for _, manifestString := range cmpManifests.Manifests { @@ -1960,7 +1963,7 @@ func generateManifestsCMP(ctx context.Context, appPath, repoPath string, env []s err = cmp.SendRepoStream(generateManifestStream.Context(), appPath, repoPath, generateManifestStream, env, tarExcludedGlobs, opts...) if err != nil { - return nil, fmt.Errorf("error sending file to cmp-server: %w", err) + return nil, fmt.Errorf("error sending file to cmp-server: %s", err) } return generateManifestStream.CloseAndRecv() @@ -2004,7 +2007,7 @@ func (s *Service) GetAppDetails(ctx context.Context, q *apiclient.RepoServerAppD } settings := operationSettings{allowConcurrent: q.Source.AllowsConcurrentProcessing(), noCache: q.NoCache, noRevisionCache: q.NoCache || q.NoRevisionCache} - err := s.runRepoOperation(ctx, q.Source.TargetRevision, q.Repo, q.Source, false, cacheFn, operation, settings, len(q.RefSources) > 0, q.RefSources) + err := s.runRepoOperation(ctx, q.Source.TargetRevision, q.Repo, q.Source, false, cacheFn, operation, settings, false, nil) return res, err } @@ -2017,7 +2020,7 @@ func (s *Service) createGetAppDetailsCacheHandler(res *apiclient.RepoAppDetailsR return true, nil } - if !errors.Is(err, cache.ErrCacheMiss) { + if err != cache.ErrCacheMiss { log.Warnf("app details cache error %s: %v", revision, q.Source) } else { log.Infof("app details cache miss: %s/%s", revision, q.Source) @@ -2113,6 +2116,7 @@ func loadFileIntoIfExists(path pathutil.ResolvedFilePath, destination *string) e func walkHelmValueFilesInPath(root string, valueFiles *[]string) filepath.WalkFunc { return func(path string, info os.FileInfo, err error) error { + if err != nil { return fmt.Errorf("error reading helm values file from %s: %w", path, err) } @@ -2186,12 +2190,12 @@ func populatePluginAppDetails(ctx context.Context, res *apiclient.RepoAppDetails err = cmp.SendRepoStream(parametersAnnouncementStream.Context(), appPath, repoPath, parametersAnnouncementStream, env, tarExcludedGlobs) if err != nil { - return fmt.Errorf("error sending file to cmp-server: %w", err) + return fmt.Errorf("error sending file to cmp-server: %s", err) } announcement, err := parametersAnnouncementStream.CloseAndRecv() if err != nil { - return fmt.Errorf("failed to get parameter announcement: %w", err) + return fmt.Errorf("failed to get parameter anouncement: %w", err) } res.Plugin = &apiclient.PluginAppSpec{ @@ -2221,7 +2225,7 @@ func (s *Service) GetRevisionMetadata(ctx context.Context, q *apiclient.RepoServ return metadata, nil } } else { - if !errors.Is(err, cache.ErrCacheMiss) { + if err != cache.ErrCacheMiss { log.Warnf("revision metadata cache error %s/%s: %v", q.Repo.Repo, q.Revision, err) } else { log.Infof("revision metadata cache miss: %s/%s", q.Repo.Repo, q.Revision) @@ -2239,6 +2243,7 @@ func (s *Service) GetRevisionMetadata(ctx context.Context, q *apiclient.RepoServ closer, err := s.repoLock.Lock(gitClient.Root(), q.Revision, true, func() (goio.Closer, error) { return s.checkoutRevision(gitClient, q.Revision, s.initConstants.SubmoduleEnabled) }) + if err != nil { return nil, fmt.Errorf("error acquiring repo lock: %w", err) } @@ -2283,7 +2288,7 @@ func (s *Service) GetRevisionChartDetails(ctx context.Context, q *apiclient.Repo log.Infof("revision chart details cache hit: %s/%s/%s", q.Repo.Repo, q.Name, q.Revision) return details, nil } else { - if errors.Is(err, cache.ErrCacheMiss) { + if err == cache.ErrCacheMiss { log.Infof("revision metadata cache miss: %s/%s/%s", q.Repo.Repo, q.Name, q.Revision) } else { log.Warnf("revision metadata cache error %s/%s/%s: %v", q.Repo.Repo, q.Name, q.Revision, err) @@ -2291,25 +2296,25 @@ func (s *Service) GetRevisionChartDetails(ctx context.Context, q *apiclient.Repo } helmClient, revision, err := s.newHelmClientResolveRevision(q.Repo, q.Revision, q.Name, true) if err != nil { - return nil, fmt.Errorf("helm client error: %w", err) + return nil, fmt.Errorf("helm client error: %v", err) } - chartPath, closer, err := helmClient.ExtractChart(q.Name, revision, q.Repo.Project, false, s.initConstants.HelmManifestMaxExtractedSize, s.initConstants.DisableHelmManifestMaxExtractedSize) + chartPath, closer, err := helmClient.ExtractChart(q.Name, revision, false, s.initConstants.HelmManifestMaxExtractedSize, s.initConstants.DisableHelmManifestMaxExtractedSize) if err != nil { - return nil, fmt.Errorf("error extracting chart: %w", err) + return nil, fmt.Errorf("error extracting chart: %v", err) } defer io.Close(closer) helmCmd, err := helm.NewCmdWithVersion(chartPath, helm.HelmV3, q.Repo.EnableOCI, q.Repo.Proxy) if err != nil { - return nil, fmt.Errorf("error creating helm cmd: %w", err) + return nil, fmt.Errorf("error creating helm cmd: %v", err) } defer helmCmd.Close() helmDetails, err := helmCmd.InspectChart() if err != nil { - return nil, fmt.Errorf("error inspecting chart: %w", err) + return nil, fmt.Errorf("error inspecting chart: %v", err) } details, err = getChartDetails(helmDetails) if err != nil { - return nil, fmt.Errorf("error getting chart details: %w", err) + return nil, fmt.Errorf("error getting chart details: %v", err) } _ = s.cache.SetRevisionChartDetails(q.Repo.Repo, q.Name, q.Revision, details) return details, nil @@ -2323,11 +2328,7 @@ func fileParameters(q *apiclient.RepoServerAppDetailsQuery) []v1alpha1.HelmFileP } func (s *Service) newClient(repo *v1alpha1.Repository, opts ...git.ClientOpts) (git.Client, error) { - keyData, err := json.Marshal(map[string]string{"url": git.NormalizeGitURL(repo.Repo), "project": repo.Project}) - if err != nil { - return nil, err - } - repoPath, err := s.gitRepoPaths.GetPath(string(keyData)) + repoPath, err := s.gitRepoPaths.GetPath(git.NormalizeGitURL(repo.Repo)) if err != nil { return nil, err } @@ -2344,7 +2345,6 @@ func (s *Service) newClientResolveRevision(repo *v1alpha1.Repository, revision s } commitSHA, err := gitClient.LsRemote(revision) if err != nil { - s.metricsServer.IncGitLsRemoteFail(gitClient.Root(), revision) return nil, "", err } return gitClient, commitSHA, nil @@ -2358,18 +2358,18 @@ func (s *Service) newHelmClientResolveRevision(repo *v1alpha1.Repository, revisi } constraints, err := semver.NewConstraint(revision) if err != nil { - return nil, "", fmt.Errorf("invalid revision '%s': %w", revision, err) + return nil, "", fmt.Errorf("invalid revision '%s': %v", revision, err) } if enableOCI { tags, err := helmClient.GetTags(chart, noRevisionCache) if err != nil { - return nil, "", fmt.Errorf("unable to get tags: %w", err) + return nil, "", fmt.Errorf("unable to get tags: %v", err) } version, err := tags.MaxVersion(constraints) if err != nil { - return nil, "", fmt.Errorf("no version for constraints: %w", err) + return nil, "", fmt.Errorf("no version for constraints: %v", err) } return helmClient, version.String(), nil } @@ -2393,7 +2393,7 @@ func (s *Service) newHelmClientResolveRevision(repo *v1alpha1.Repository, revisi // a function that can be used to remove all permissions. func directoryPermissionInitializer(rootPath string) goio.Closer { if _, err := os.Stat(rootPath); err == nil { - if err := os.Chmod(rootPath, 0o700); err != nil { + if err := os.Chmod(rootPath, 0700); err != nil { log.Warnf("Failed to restore read/write/execute permissions on %s: %v", rootPath, err) } else { log.Debugf("Successfully restored read/write/execute permissions on %s", rootPath) @@ -2401,7 +2401,7 @@ func directoryPermissionInitializer(rootPath string) goio.Closer { } return io.NewCloser(func() error { - if err := os.Chmod(rootPath, 0o000); err != nil { + if err := os.Chmod(rootPath, 0000); err != nil { log.Warnf("Failed to remove permissions on %s: %v", rootPath, err) } else { log.Debugf("Successfully removed permissions on %s", rootPath) @@ -2428,19 +2428,10 @@ func checkoutRevision(gitClient git.Client, revision string, submoduleEnabled bo return status.Errorf(codes.Internal, "Failed to initialize git repo: %v", err) } - revisionPresent := gitClient.IsRevisionPresent(revision) - - log.WithFields(map[string]interface{}{ - "skipFetch": revisionPresent, - }).Debugf("Checking out revision %v", revision) - - // Fetching can be skipped if the revision is already present locally. - if !revisionPresent { - // Fetching with no revision first. Fetching with an explicit version can cause repo bloat. https://github.com/argoproj/argo-cd/issues/8845 - err = gitClient.Fetch("") - if err != nil { - return status.Errorf(codes.Internal, "Failed to fetch default: %v", err) - } + // Fetching with no revision first. Fetching with an explicit version can cause repo bloat. https://github.com/argoproj/argo-cd/issues/8845 + err = gitClient.Fetch("") + if err != nil { + return status.Errorf(codes.Internal, "Failed to fetch default: %v", err) } err = gitClient.Checkout(revision, submoduleEnabled) @@ -2516,13 +2507,15 @@ func (s *Service) TestRepository(ctx context.Context, q *apiclient.TestRepositor // ResolveRevision resolves the revision/ambiguousRevision specified in the ResolveRevisionRequest request into a concrete revision. func (s *Service) ResolveRevision(ctx context.Context, q *apiclient.ResolveRevisionRequest) (*apiclient.ResolveRevisionResponse, error) { + repo := q.Repo app := q.App ambiguousRevision := q.AmbiguousRevision var revision string - source := app.Spec.GetSourcePtrByIndex(int(q.SourceIndex)) + var source = app.Spec.GetSourcePtrByIndex(int(q.SourceIndex)) if source.IsHelm() { _, revision, err := s.newHelmClientResolveRevision(repo, ambiguousRevision, source.Chart, true) + if err != nil { return &apiclient.ResolveRevisionResponse{Revision: "", AmbiguousRevision: ""}, err } @@ -2537,7 +2530,6 @@ func (s *Service) ResolveRevision(ctx context.Context, q *apiclient.ResolveRevis } revision, err = gitClient.LsRemote(ambiguousRevision) if err != nil { - s.metricsServer.IncGitLsRemoteFail(gitClient.Root(), revision) return &apiclient.ResolveRevisionResponse{Revision: "", AmbiguousRevision: ""}, err } return &apiclient.ResolveRevisionResponse{ @@ -2566,10 +2558,6 @@ func (s *Service) GetGitFiles(_ context.Context, request *apiclient.GitFilesRequ return nil, status.Errorf(codes.Internal, "unable to resolve git revision %s: %v", revision, err) } - if err := verifyCommitSignature(request.VerifyCommit, gitClient, revision, repo); err != nil { - return nil, err - } - // check the cache and return the results if present if cachedFiles, err := s.cache.GetGitFiles(repo.Repo, revision, gitPath); err == nil { log.Debugf("cache hit for repo: %s revision: %s pattern: %s", repo.Repo, revision, gitPath) @@ -2615,28 +2603,6 @@ func (s *Service) GetGitFiles(_ context.Context, request *apiclient.GitFilesRequ }, nil } -func verifyCommitSignature(verifyCommit bool, gitClient git.Client, revision string, repo *v1alpha1.Repository) error { - if gpg.IsGPGEnabled() && verifyCommit { - cs, err := gitClient.VerifyCommitSignature(revision) - if err != nil { - log.Errorf("error verifying signature of commit '%s' in repo '%s': %v", revision, repo.Repo, err) - return err - } - - if cs == "" { - return fmt.Errorf("revision %s is not signed", revision) - } else { - vr := gpg.ParseGitCommitVerification(cs) - if vr.Result == gpg.VerifyResultUnknown { - return fmt.Errorf("UNKNOWN signature: %s", vr.Message) - } else { - log.Debugf("%s signature from %s key %s", vr.Result, vr.Cipher, gpg.KeyID(vr.KeyID)) - } - } - } - return nil -} - func (s *Service) GetGitDirectories(_ context.Context, request *apiclient.GitDirectoriesRequest) (*apiclient.GitDirectoriesResponse, error) { repo := request.GetRepo() revision := request.GetRevision() @@ -2650,10 +2616,6 @@ func (s *Service) GetGitDirectories(_ context.Context, request *apiclient.GitDir return nil, status.Errorf(codes.Internal, "unable to resolve git revision %s: %v", revision, err) } - if err := verifyCommitSignature(request.VerifyCommit, gitClient, revision, repo); err != nil { - return nil, err - } - // check the cache and return the results if present if cachedPaths, err := s.cache.GetGitDirectories(repo.Repo, revision); err == nil { log.Debugf("cache hit for repo: %s revision: %s", repo.Repo, revision) @@ -2684,8 +2646,9 @@ func (s *Service) GetGitDirectories(_ context.Context, request *apiclient.GitDir return nil } - if !s.initConstants.IncludeHiddenDirectories && strings.HasPrefix(entry.Name(), ".") { - return filepath.SkipDir // Skip hidden directory + fname := entry.Name() + if strings.HasPrefix(fname, ".") { // Skip all folders starts with "." + return filepath.SkipDir } relativePath, err := filepath.Rel(repoRoot, path) @@ -2744,7 +2707,6 @@ func (s *Service) UpdateRevisionForPaths(_ context.Context, request *apiclient.U syncedRevision, err = gitClient.LsRemote(syncedRevision) if err != nil { - s.metricsServer.IncGitLsRemoteFail(gitClient.Root(), revision) return nil, status.Errorf(codes.Internal, "unable to resolve git revision %s: %v", revision, err) } @@ -2788,7 +2750,7 @@ func (s *Service) UpdateRevisionForPaths(_ context.Context, request *apiclient.U } logCtx.Debugf("changes found for application %s in repo %s from revision %s to revision %s", request.AppName, repo.Repo, syncedRevision, revision) - return &apiclient.UpdateRevisionForPathsResponse{}, nil + return &apiclient.UpdateRevisionForPathsResponse{Changes: true}, nil } func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev string, request *apiclient.UpdateRevisionForPathsRequest, gitClientOpts git.ClientOpts) error { @@ -2799,8 +2761,10 @@ func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev if err != nil { return fmt.Errorf("failed to get repo refs for application %s in repo %s from revision %s: %w", request.AppName, request.GetRepo().Repo, request.Revision, err) } + } - // Update revision in refSource + // Update revision in refSource + if request.HasMultipleSources && request.ApplicationSource.Helm != nil { for normalizedURL := range repoRefs { repoRefs[normalizedURL] = newRev } @@ -2808,7 +2772,7 @@ func (s *Service) updateCachedRevision(logCtx *log.Entry, oldRev string, newRev err := s.cache.SetNewRevisionManifests(newRev, oldRev, request.ApplicationSource, request.RefSources, request, request.Namespace, request.TrackingMethod, request.AppLabelKey, request.AppName, repoRefs) if err != nil { - if errors.Is(err, cache.ErrCacheMiss) { + if err == cache.ErrCacheMiss { logCtx.Debugf("manifest cache miss during comparison for application %s in repo %s from revision %s", request.AppName, request.GetRepo().Repo, oldRev) return nil } diff --git a/reposerver/repository/repository.proto b/reposerver/repository/repository.proto index d0a72d09902a9..5b96d6cd61bbb 100644 --- a/reposerver/repository/repository.proto +++ b/reposerver/repository/repository.proto @@ -238,7 +238,6 @@ message GitFilesRequest { string path = 4; bool NewGitFileGlobbingEnabled = 5; bool noRevisionCache = 6; - bool verifyCommit = 7; } message GitFilesResponse { @@ -251,7 +250,6 @@ message GitDirectoriesRequest { bool submoduleEnabled = 2; string revision = 3; bool noRevisionCache = 4; - bool verifyCommit = 5; } message GitDirectoriesResponse { @@ -278,6 +276,7 @@ message UpdateRevisionForPathsRequest { } message UpdateRevisionForPathsResponse { + bool changes = 1; } // ManifestService diff --git a/reposerver/repository/repository_test.go b/reposerver/repository/repository_test.go index 6d4ec29d7788c..00a348fee21c9 100644 --- a/reposerver/repository/repository_test.go +++ b/reposerver/repository/repository_test.go @@ -19,11 +19,10 @@ import ( "testing" "time" + cacheutil "github.com/argoproj/argo-cd/v2/util/cache" log "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/resource" - cacheutil "github.com/argoproj/argo-cd/v2/util/cache" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" @@ -41,6 +40,7 @@ import ( "github.com/argoproj/argo-cd/v2/reposerver/metrics" fileutil "github.com/argoproj/argo-cd/v2/test/fixture/path" "github.com/argoproj/argo-cd/v2/util/argo" + dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/argoproj/argo-cd/v2/util/git" gitmocks "github.com/argoproj/argo-cd/v2/util/git/mocks" "github.com/argoproj/argo-cd/v2/util/helm" @@ -104,7 +104,6 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git } return newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", mock.Anything).Return(mock.Anything, nil) @@ -124,10 +123,10 @@ func newServiceWithMocks(t *testing.T, root string, signed bool) (*Service, *git chart: {{Version: "1.0.0"}, {Version: version}}, oobChart: {{Version: "1.0.0"}, {Version: version}}, }}, nil) - helmClient.On("ExtractChart", chart, version, "", false, int64(0), false).Return("./testdata/my-chart", io.NopCloser, nil) - helmClient.On("ExtractChart", oobChart, version, "", false, int64(0), false).Return("./testdata2/out-of-bounds-chart", io.NopCloser, nil) - helmClient.On("CleanChartCache", chart, version, "").Return(nil) - helmClient.On("CleanChartCache", oobChart, version, "").Return(nil) + helmClient.On("ExtractChart", chart, version).Return("./testdata/my-chart", io.NopCloser, nil) + helmClient.On("ExtractChart", oobChart, version).Return("./testdata2/out-of-bounds-chart", io.NopCloser, nil) + helmClient.On("CleanChartCache", chart, version).Return(nil) + helmClient.On("CleanChartCache", oobChart, version).Return(nil) helmClient.On("DependencyBuild").Return(nil) paths.On("Add", mock.Anything, mock.Anything).Return(root, nil) @@ -178,7 +177,6 @@ func newServiceWithCommitSHA(t *testing.T, root, revision string) *Service { service, gitClient, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", revision).Return(revision, revisionErr) @@ -211,13 +209,13 @@ func TestGenerateYamlManifestInDir(t *testing.T) { res1, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) - assert.Len(t, res1.Manifests, countOfManifests) + assert.NoError(t, err) + assert.Equal(t, countOfManifests, len(res1.Manifests)) // this will test concatenated manifests to verify we split YAMLs correctly res2, err := GenerateManifests(context.Background(), "./testdata/concatenated", "/", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) - require.NoError(t, err) - assert.Len(t, res2.Manifests, 3) + assert.NoError(t, err) + assert.Equal(t, 3, len(res2.Manifests)) } func Test_GenerateManifests_NoOutOfBoundsAccess(t *testing.T) { @@ -258,22 +256,20 @@ func Test_GenerateManifests_NoOutOfBoundsAccess(t *testing.T) { outOfBoundsDir := t.TempDir() outOfBoundsFile := path.Join(outOfBoundsDir, testCaseCopy.outOfBoundsFilename) - err := os.WriteFile(outOfBoundsFile, []byte(testCaseCopy.outOfBoundsFileContents), os.FileMode(0o444)) + err := os.WriteFile(outOfBoundsFile, []byte(testCaseCopy.outOfBoundsFileContents), os.FileMode(0444)) require.NoError(t, err) repoDir := t.TempDir() err = os.Symlink(outOfBoundsFile, path.Join(repoDir, testCaseCopy.outOfBoundsFilename)) require.NoError(t, err) - mustNotContain := testCaseCopy.outOfBoundsFileContents + var mustNotContain = testCaseCopy.outOfBoundsFileContents if testCaseCopy.mustNotContain != "" { mustNotContain = testCaseCopy.mustNotContain } - q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.Error(t, err) assert.NotContains(t, err.Error(), mustNotContain) @@ -288,10 +284,8 @@ func TestGenerateManifests_MissingSymlinkDestination(t *testing.T) { err := os.Symlink("/obviously/does/not/exist", path.Join(repoDir, "test.yaml")) require.NoError(t, err) - q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &argoappv1.ApplicationSource{}, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} _, err = GenerateManifests(context.Background(), repoDir, "", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) require.NoError(t, err) } @@ -311,17 +305,17 @@ func TestGenerateManifests_K8SAPIResetCache(t *testing.T) { cachedFakeResponse := &apiclient.ManifestResponse{Manifests: []string{"Fake"}, Revision: mock.Anything} err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: cachedFakeResponse}, nil) - require.NoError(t, err) + assert.NoError(t, err) res, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, cachedFakeResponse, res) q.KubeVersion = "v1.17.0" res, err = service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) + assert.NoError(t, err) assert.NotEqual(t, cachedFakeResponse, res) - assert.Greater(t, len(res.Manifests), 1) + assert.True(t, len(res.Manifests) > 1) } func TestGenerateManifests_EmptyCache(t *testing.T) { @@ -336,16 +330,15 @@ func TestGenerateManifests_EmptyCache(t *testing.T) { } err := service.cache.SetManifests(mock.Anything, &src, q.RefSources, &q, "", "", "", "", &cache.CachedManifestResponse{ManifestResponse: nil}, nil) - require.NoError(t, err) + assert.NoError(t, err) res, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) - assert.Positive(t, len(res.Manifests)) + assert.NoError(t, err) + assert.True(t, len(res.Manifests) > 0) mockCache.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ ExternalSets: 2, ExternalGets: 2, - ExternalDeletes: 1, - }) + ExternalDeletes: 1}) gitMocks.AssertCalled(t, "LsRemote", mock.Anything) gitMocks.AssertCalled(t, "Fetch", mock.Anything) } @@ -396,14 +389,13 @@ func TestGenerateManifest_RefOnlyShortCircuit(t *testing.T) { ProjectSourceRepos: []string{"*"}, } _, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) + assert.NoError(t, err) cacheMocks.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ ExternalSets: 2, - ExternalGets: 2, - }) + ExternalGets: 2}) assert.True(t, lsremoteCalled, "ls-remote should be called when the source is ref only") var revisions [][2]string - require.NoError(t, cacheMocks.cacheutilCache.GetItem(fmt.Sprintf("git-refs|%s", repoRemote), &revisions)) + assert.NoError(t, cacheMocks.cacheutilCache.GetItem(fmt.Sprintf("git-refs|%s", repoRemote), &revisions)) assert.ElementsMatch(t, [][2]string{{"refs/heads/main", revision}, {"HEAD", "ref: refs/heads/main"}}, revisions) } @@ -417,7 +409,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { err := filepath.WalkDir(dir, func(path string, di fs.DirEntry, err error) error { if err == nil { - return os.Chmod(path, 0o777) + return os.Chmod(path, 0777) } return err }) @@ -448,8 +440,7 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { helmChartOptions: newGitRepoHelmChartOptions{ chartName: "my-chart", chartVersion: "v1.0.0", - valuesFiles: map[string]map[string]string{"test.yaml": {"testval": "test"}}, - }, + valuesFiles: map[string]map[string]string{"test.yaml": {"testval": "test"}}}, }) src := argoappv1.ApplicationSource{RepoURL: repoRemote, Path: ".", TargetRevision: "HEAD", Helm: &argoappv1.ApplicationSourceHelm{ ValueFiles: []string{"$ref/test.yaml"}, @@ -467,13 +458,12 @@ func TestGenerateManifestsHelmWithRefs_CachedNoLsRemote(t *testing.T) { RefSources: map[string]*argoappv1.RefTarget{"$ref": {TargetRevision: "HEAD", Repo: *repo}}, } err = cacheMocks.cacheutilCache.SetItem(fmt.Sprintf("git-refs|%s", repoRemote), [][2]string{{"HEAD", revision}}, nil) - require.NoError(t, err) + assert.NoError(t, err) _, err = service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) + assert.NoError(t, err) cacheMocks.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ ExternalSets: 2, - ExternalGets: 5, - }) + ExternalGets: 5}) } // ensure we can use a semver constraint range (>= 1.0.0) and get back the correct chart (1.0.0) @@ -481,12 +471,10 @@ func TestHelmManifestFromChartRepo(t *testing.T) { root := t.TempDir() service, gitMocks, mockCache := newServiceWithMocks(t, root, false) source := &argoappv1.ApplicationSource{Chart: "my-chart", TargetRevision: ">= 1.0.0"} - request := &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, response) assert.Equal(t, &apiclient.ManifestResponse{ Manifests: []string{"{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"my-map\"}}"}, @@ -497,8 +485,7 @@ func TestHelmManifestFromChartRepo(t *testing.T) { }, response) mockCache.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ ExternalSets: 1, - ExternalGets: 0, - }) + ExternalGets: 0}) gitMocks.AssertNotCalled(t, "LsRemote", mock.Anything) } @@ -512,18 +499,16 @@ func TestHelmChartReferencingExternalValues(t *testing.T) { {Ref: "ref", RepoURL: "https://git.example.com/test/repo"}, }, } - refSources, err := argo.GetRefSources(context.Background(), spec.Sources, spec.Project, func(ctx context.Context, url string, project string) (*argoappv1.Repository, error) { - return &argoappv1.Repository{ - Repo: "https://git.example.com/test/repo", - }, nil - }, []string{}, false) + repoDB := &dbmocks.ArgoDB{} + repoDB.On("GetRepository", context.Background(), "https://git.example.com/test/repo").Return(&argoappv1.Repository{ + Repo: "https://git.example.com/test/repo", + }, nil) + refSources, err := argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) - request := &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, response) assert.Equal(t, &apiclient.ManifestResponse{ Manifests: []string{"{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"my-map\"}}"}, @@ -544,39 +529,34 @@ func TestHelmChartReferencingExternalValues_InvalidRefs(t *testing.T) { }, } + repoDB := &dbmocks.ArgoDB{} + repoDB.On("GetRepository", context.Background(), "https://git.example.com/test/repo").Return(&argoappv1.Repository{ + Repo: "https://git.example.com/test/repo", + }, nil) + // Empty refsource service := newService(t, ".") - getRepository := func(ctx context.Context, url string, project string) (*argoappv1.Repository, error) { - return &argoappv1.Repository{ - Repo: "https://git.example.com/test/repo", - }, nil - } - - refSources, err := argo.GetRefSources(context.Background(), spec.Sources, spec.Project, getRepository, []string{}, false) + refSources, err := argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) - request := &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, response) // Invalid ref service = newService(t, ".") spec.Sources[1].Ref = "Invalid" - refSources, err = argo.GetRefSources(context.Background(), spec.Sources, spec.Project, getRepository, []string{}, false) + refSources, err = argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) - request = &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + request = &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err = service.GenerateManifest(context.Background(), request) - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, response) // Helm chart as ref (unsupported) @@ -584,30 +564,28 @@ func TestHelmChartReferencingExternalValues_InvalidRefs(t *testing.T) { spec.Sources[1].Ref = "ref" spec.Sources[1].Chart = "helm-chart" - refSources, err = argo.GetRefSources(context.Background(), spec.Sources, spec.Project, getRepository, []string{}, false) + refSources, err = argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) - request = &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + request = &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} response, err = service.GenerateManifest(context.Background(), request) - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, response) } func TestHelmChartReferencingExternalValues_OutOfBounds_Symlink(t *testing.T) { service := newService(t, ".") - err := os.Mkdir("testdata/oob-symlink", 0o755) + err := os.Mkdir("testdata/oob-symlink", 0755) require.NoError(t, err) t.Cleanup(func() { err = os.RemoveAll("testdata/oob-symlink") require.NoError(t, err) }) - // Create a symlink to a file outside the repo + // Create a symlink to a file outside of the repo err = os.Symlink("../../../values.yaml", "./testdata/oob-symlink/oob-symlink.yaml") // Create a regular file to reference from another source - err = os.WriteFile("./testdata/oob-symlink/values.yaml", []byte("foo: bar"), 0o644) + err = os.WriteFile("./testdata/oob-symlink/values.yaml", []byte("foo: bar"), 0644) require.NoError(t, err) spec := argoappv1.ApplicationSpec{ Sources: []argoappv1.ApplicationSource{ @@ -619,15 +597,15 @@ func TestHelmChartReferencingExternalValues_OutOfBounds_Symlink(t *testing.T) { {Ref: "ref", RepoURL: "https://git.example.com/test/repo"}, }, } - refSources, err := argo.GetRefSources(context.Background(), spec.Sources, spec.Project, func(ctx context.Context, url string, project string) (*argoappv1.Repository, error) { - return &argoappv1.Repository{ - Repo: "https://git.example.com/test/repo", - }, nil - }, []string{}, false) + repoDB := &dbmocks.ArgoDB{} + repoDB.On("GetRepository", context.Background(), "https://git.example.com/test/repo").Return(&argoappv1.Repository{ + Repo: "https://git.example.com/test/repo", + }, nil) + refSources, err := argo.GetRefSources(context.Background(), spec, repoDB) require.NoError(t, err) request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &spec.Sources[0], NoCache: true, RefSources: refSources, HasMultipleSources: true} _, err = service.GenerateManifest(context.Background(), request) - require.Error(t, err) + assert.Error(t, err) } func TestGenerateManifestsUseExactRevision(t *testing.T) { @@ -635,15 +613,13 @@ func TestGenerateManifestsUseExactRevision(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc", ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, Revision: "abc", ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res1, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) - assert.Len(t, res1.Manifests, 2) - assert.Equal(t, "abc", gitClient.Calls[0].Arguments[0]) + assert.Nil(t, err) + assert.Equal(t, 2, len(res1.Manifests)) + assert.Equal(t, gitClient.Calls[0].Arguments[0], "abc") } func TestRecurseManifestsInDir(t *testing.T) { @@ -651,14 +627,12 @@ func TestRecurseManifestsInDir(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/recurse", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} - q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res1, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) - assert.Len(t, res1.Manifests, 2) + assert.Nil(t, err) + assert.Equal(t, 2, len(res1.Manifests)) } func TestInvalidManifestsInDir(t *testing.T) { @@ -669,7 +643,7 @@ func TestInvalidManifestsInDir(t *testing.T) { q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src} _, err := service.GenerateManifest(context.Background(), &q) - require.Error(t, err) + assert.NotNil(t, err) } func TestInvalidMetadata(t *testing.T) { @@ -678,8 +652,8 @@ func TestInvalidMetadata(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/invalid-metadata", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, AppLabelKey: "test", AppName: "invalid-metadata", TrackingMethod: "annotation+label"} _, err := service.GenerateManifest(context.Background(), &q) - require.Error(t, err) - assert.Contains(t, err.Error(), "contains non-string value in the map under key \"invalid\"") + assert.Error(t, err) + assert.Contains(t, err.Error(), "contains non-string key in the map") } func TestNilMetadataAccessors(t *testing.T) { @@ -689,8 +663,8 @@ func TestNilMetadataAccessors(t *testing.T) { src := argoappv1.ApplicationSource{Path: "./testdata/nil-metadata-accessors", Directory: &argoappv1.ApplicationSourceDirectory{Recurse: true}} q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, AppLabelKey: "test", AppName: "nil-metadata-accessors", TrackingMethod: "annotation+label"} res, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) - assert.Len(t, res.Manifests, 1) + assert.NoError(t, err) + assert.Equal(t, len(res.Manifests), 1) assert.Equal(t, expected, res.Manifests[0]) } @@ -713,8 +687,8 @@ func TestGenerateJsonnetManifestInDir(t *testing.T) { ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) - assert.Len(t, res1.Manifests, 2) + assert.Nil(t, err) + assert.Equal(t, 2, len(res1.Manifests)) } func TestGenerateJsonnetManifestInRootDir(t *testing.T) { @@ -736,8 +710,8 @@ func TestGenerateJsonnetManifestInRootDir(t *testing.T) { ProjectSourceRepos: []string{"*"}, } res1, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) - assert.Len(t, res1.Manifests, 2) + assert.Nil(t, err) + assert.Equal(t, 2, len(res1.Manifests)) } func TestGenerateJsonnetLibOutside(t *testing.T) { @@ -762,6 +736,7 @@ func TestGenerateJsonnetLibOutside(t *testing.T) { } func TestManifestGenErrorCacheByNumRequests(t *testing.T) { + // Returns the state of the manifest generation cache, by querying the cache for the previously set result getRecentCachedEntry := func(service *Service, manifestRequest *apiclient.ManifestRequest) *cache.CachedManifestResponse { assert.NotNil(t, service) @@ -769,7 +744,7 @@ func TestManifestGenErrorCacheByNumRequests(t *testing.T) { cachedManifestResponse := &cache.CachedManifestResponse{} err := service.cache.GetManifests(mock.Anything, manifestRequest.ApplicationSource, manifestRequest.RefSources, manifestRequest, manifestRequest.Namespace, "", manifestRequest.AppLabelKey, manifestRequest.AppName, cachedManifestResponse, nil) - require.NoError(t, err) + assert.Nil(t, err) return cachedManifestResponse } @@ -839,9 +814,9 @@ func TestManifestGenErrorCacheByNumRequests(t *testing.T) { // Verify invariant: res != nil xor err != nil if err != nil { - assert.Nil(t, res, "both err and res are non-nil res: %v err: %v", res, err) + assert.True(t, res == nil, "both err and res are non-nil res: %v err: %v", res, err) } else { - assert.NotNil(t, res, "both err and res are nil") + assert.True(t, res != nil, "both err and res are nil") } cachedManifestResponse := getRecentCachedEntry(service, manifestRequest) @@ -856,13 +831,14 @@ func TestManifestGenErrorCacheByNumRequests(t *testing.T) { // nolint:staticcheck assert.Nil(t, cachedManifestResponse.ManifestResponse) // nolint:staticcheck - assert.NotEqual(t, 0, cachedManifestResponse.FirstFailureTimestamp) + assert.True(t, cachedManifestResponse.FirstFailureTimestamp != 0) // Internal cache consec failures value should increase with invocations, cached response should stay the same, // nolint:staticcheck - assert.Equal(t, cachedManifestResponse.NumberOfConsecutiveFailures, adjustedInvocation+1) + assert.True(t, cachedManifestResponse.NumberOfConsecutiveFailures == adjustedInvocation+1) // nolint:staticcheck - assert.Equal(t, 0, cachedManifestResponse.NumberOfCachedResponsesReturned) + assert.True(t, cachedManifestResponse.NumberOfCachedResponsesReturned == 0) + } else { // GenerateManifest SHOULD return cached errors for the next X responses, where X is the // PauseGenerationOnFailureForRequests constant @@ -871,13 +847,13 @@ func TestManifestGenErrorCacheByNumRequests(t *testing.T) { // nolint:staticcheck assert.Nil(t, cachedManifestResponse.ManifestResponse) // nolint:staticcheck - assert.NotEqual(t, 0, cachedManifestResponse.FirstFailureTimestamp) + assert.True(t, cachedManifestResponse.FirstFailureTimestamp != 0) // Internal cache values should update correctly based on number of return cache entries, consecutive failures should stay the same // nolint:staticcheck - assert.Equal(t, cachedManifestResponse.NumberOfConsecutiveFailures, service.initConstants.PauseGenerationAfterFailedGenerationAttempts) + assert.True(t, cachedManifestResponse.NumberOfConsecutiveFailures == service.initConstants.PauseGenerationAfterFailedGenerationAttempts) // nolint:staticcheck - assert.Equal(t, cachedManifestResponse.NumberOfCachedResponsesReturned, (adjustedInvocation - service.initConstants.PauseGenerationAfterFailedGenerationAttempts + 1)) + assert.True(t, cachedManifestResponse.NumberOfCachedResponsesReturned == (adjustedInvocation-service.initConstants.PauseGenerationAfterFailedGenerationAttempts+1)) } } }) @@ -885,6 +861,7 @@ func TestManifestGenErrorCacheByNumRequests(t *testing.T) { } func TestManifestGenErrorCacheFileContentsChange(t *testing.T) { + tmpDir := t.TempDir() service := newService(t, tmpDir) @@ -897,6 +874,7 @@ func TestManifestGenErrorCacheFileContentsChange(t *testing.T) { } for step := 0; step < 3; step++ { + // step 1) Attempt to generate manifests against invalid helm chart (should return uncached error) // step 2) Attempt to generate manifest against valid helm chart (should succeed and return valid response) // step 3) Attempt to generate manifest against invalid helm chart (should return cached value from step 2) @@ -905,17 +883,18 @@ func TestManifestGenErrorCacheFileContentsChange(t *testing.T) { // Ensure that the target directory will succeed or fail, so we can verify the cache correctly handles it err := os.RemoveAll(tmpDir) - require.NoError(t, err) - err = os.MkdirAll(tmpDir, 0o777) - require.NoError(t, err) + assert.NoError(t, err) + err = os.MkdirAll(tmpDir, 0777) + assert.NoError(t, err) if errorExpected { // Copy invalid helm chart into temporary directory, ensuring manifest generation will fail err = fileutil.CopyDir("./testdata/invalid-helm", tmpDir) - require.NoError(t, err) + assert.NoError(t, err) + } else { // Copy valid helm chart into temporary directory, ensuring generation will succeed err = fileutil.CopyDir("./testdata/my-chart", tmpDir) - require.NoError(t, err) + assert.NoError(t, err) } res, err := service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ @@ -933,23 +912,19 @@ func TestManifestGenErrorCacheFileContentsChange(t *testing.T) { fmt.Println(" res: ", res) if step < 2 { - if errorExpected { - require.Error(t, err, "error return value and error expected did not match") - assert.Nil(t, res, "GenerateManifest return value and expected value did not match") - } else { - require.NoError(t, err, "error return value and error expected did not match") - assert.NotNil(t, res, "GenerateManifest return value and expected value did not match") - } + assert.True(t, (err != nil) == errorExpected, "error return value and error expected did not match") + assert.True(t, (res != nil) == !errorExpected, "GenerateManifest return value and expected value did not match") } if step == 2 { - require.NoError(t, err, "error ret val was non-nil on step 3") + assert.NoError(t, err, "error ret val was non-nil on step 3") assert.NotNil(t, res, "GenerateManifest ret val was nil on step 3") } } } func TestManifestGenErrorCacheByMinutesElapsed(t *testing.T) { + tests := []struct { // Test with a range of pause expiration thresholds PauseGenerationOnFailureForMinutes int @@ -990,6 +965,7 @@ func TestManifestGenErrorCacheByMinutesElapsed(t *testing.T) { if x == 1 { assert.True(t, strings.HasPrefix(err.Error(), cachedManifestGenerationPrefix)) } + } // 2) Jump forward X-1 minutes in time, where X is the expiration boundary @@ -1019,12 +995,15 @@ func TestManifestGenErrorCacheByMinutesElapsed(t *testing.T) { // 5) Ensure that the service no longer returns a cached copy of the last error assert.True(t, err != nil && res == nil) - assert.False(t, strings.HasPrefix(err.Error(), cachedManifestGenerationPrefix)) + assert.True(t, !strings.HasPrefix(err.Error(), cachedManifestGenerationPrefix)) + }) } + } func TestManifestGenErrorCacheRespectsNoCache(t *testing.T) { + service := newService(t, ".") service.initConstants = RepoServerInitConstants{ @@ -1064,7 +1043,7 @@ func TestManifestGenErrorCacheRespectsNoCache(t *testing.T) { // 3) Ensure that the cache returns a new generation attempt, rather than a previous cached error assert.True(t, err != nil && res == nil) - assert.False(t, strings.HasPrefix(err.Error(), cachedManifestGenerationPrefix)) + assert.True(t, !strings.HasPrefix(err.Error(), cachedManifestGenerationPrefix)) // 4) Call generateManifest res, err = service.GenerateManifest(context.Background(), &apiclient.ManifestRequest{ @@ -1078,6 +1057,7 @@ func TestManifestGenErrorCacheRespectsNoCache(t *testing.T) { // 5) Ensure that the subsequent invocation, after nocache, is cached assert.True(t, err != nil && res == nil) assert.True(t, strings.HasPrefix(err.Error(), cachedManifestGenerationPrefix)) + } func TestGenerateHelmWithValues(t *testing.T) { @@ -1097,23 +1077,24 @@ func TestGenerateHelmWithValues(t *testing.T) { ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.NoError(t, err) replicasVerified := false for _, src := range res.Manifests { obj := unstructured.Unstructured{} err = json.Unmarshal([]byte(src), &obj) - require.NoError(t, err) + assert.NoError(t, err) if obj.GetKind() == "Deployment" && obj.GetName() == "test-redis-slave" { var dep v1.Deployment err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, &dep) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, int32(2), *dep.Spec.Replicas) replicasVerified = true } } assert.True(t, replicasVerified) + } func TestHelmWithMissingValueFiles(t *testing.T) { @@ -1135,13 +1116,13 @@ func TestHelmWithMissingValueFiles(t *testing.T) { // Should fail since we're passing a non-existent values file, and error should indicate that _, err := service.GenerateManifest(context.Background(), req) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), fmt.Sprintf("%s: no such file or directory", missingValuesFile)) // Should template without error even if defining a non-existent values file req.ApplicationSource.Helm.IgnoreMissingValueFiles = true _, err = service.GenerateManifest(context.Background(), req) - require.NoError(t, err) + assert.NoError(t, err) } func TestGenerateHelmWithEnvVars(t *testing.T) { @@ -1160,18 +1141,18 @@ func TestGenerateHelmWithEnvVars(t *testing.T) { ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.NoError(t, err) replicasVerified := false for _, src := range res.Manifests { obj := unstructured.Unstructured{} err = json.Unmarshal([]byte(src), &obj) - require.NoError(t, err) + assert.NoError(t, err) if obj.GetKind() == "Deployment" && obj.GetName() == "production-redis-slave" { var dep v1.Deployment err := runtime.DefaultUnstructuredConverter.FromUnstructured(obj.Object, &dep) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, int32(3), *dep.Spec.Replicas) replicasVerified = true } @@ -1196,7 +1177,7 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.NoError(t, err) // Test the case where the path is "." service = newService(t, "./testdata") @@ -1209,7 +1190,7 @@ func TestGenerateHelmWithValuesDirectoryTraversal(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.NoError(t, err) } func TestChartRepoWithOutOfBoundsSymlink(t *testing.T) { @@ -1236,10 +1217,9 @@ func TestHelmManifestFromChartRepoWithValueFile(t *testing.T) { ApplicationSource: source, NoCache: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + ProjectSourceRepos: []string{"*"}} response, err := service.GenerateManifest(context.Background(), request) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, response) assert.Equal(t, &apiclient.ManifestResponse{ Manifests: []string{"{\"apiVersion\":\"v1\",\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"my-map\"}}"}, @@ -1263,7 +1243,7 @@ func TestHelmManifestFromChartRepoWithValueFileOutsideRepo(t *testing.T) { } request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true} _, err := service.GenerateManifest(context.Background(), request) - require.Error(t, err) + assert.Error(t, err) } func TestHelmManifestFromChartRepoWithValueFileLinks(t *testing.T) { @@ -1276,12 +1256,10 @@ func TestHelmManifestFromChartRepoWithValueFileLinks(t *testing.T) { ValueFiles: []string{"my-chart-link.yaml"}, }, } - request := &apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + request := &apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: source, NoCache: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} _, err := service.GenerateManifest(context.Background(), request) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -1302,7 +1280,7 @@ func TestGenerateHelmWithURL(t *testing.T) { ProjectSourceRepos: []string{"*"}, HelmOptions: &argoappv1.HelmOptions{ValuesFileSchemes: []string{"https"}}, }) - require.NoError(t, err) + assert.NoError(t, err) } // The requested value file (`../minio/values.yaml`) is outside the repo directory @@ -1323,7 +1301,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") }) @@ -1342,7 +1320,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("Values file with absolute path stays within repo root", func(t *testing.T) { @@ -1360,7 +1338,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("Values file with absolute path using back-references outside repo root", func(t *testing.T) { @@ -1378,7 +1356,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "outside repository root") }) @@ -1397,7 +1375,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "is not allowed") }) @@ -1416,7 +1394,7 @@ func TestGenerateHelmWithValuesDirectoryTraversalOutsideRepo(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "s3://my-bucket/my-chart-values.yaml: no such file or directory") }) } @@ -1426,13 +1404,13 @@ func TestGenerateHelmWithAbsoluteFileParameter(t *testing.T) { service := newService(t, "../..") file, err := os.CreateTemp("", "external-secret.txt") - require.NoError(t, err) + assert.NoError(t, err) externalSecretPath := file.Name() defer func() { _ = os.RemoveAll(externalSecretPath) }() expectedFileContent, err := os.ReadFile("../../util/helm/testdata/external/external-secret.txt") - require.NoError(t, err) - err = os.WriteFile(externalSecretPath, expectedFileContent, 0o644) - require.NoError(t, err) + assert.NoError(t, err) + err = os.WriteFile(externalSecretPath, expectedFileContent, 0644) + assert.NoError(t, err) defer func() { if err = file.Close(); err != nil { panic(err) @@ -1456,7 +1434,7 @@ func TestGenerateHelmWithAbsoluteFileParameter(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.Error(t, err) + assert.Error(t, err) } // The requested file parameter (`../external/external-secret.txt`) is outside the app path @@ -1484,7 +1462,7 @@ func TestGenerateHelmWithFileParameter(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, res.Manifests[6], `"replicas":2`, "ValuesObject should override Values") } @@ -1499,8 +1477,8 @@ func TestGenerateNullList(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) - assert.Len(t, res1.Manifests, 1) + assert.Nil(t, err) + assert.Equal(t, len(res1.Manifests), 1) assert.Contains(t, res1.Manifests[0], "prometheus-operator-operator") }) @@ -1512,8 +1490,8 @@ func TestGenerateNullList(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) - assert.Len(t, res1.Manifests, 1) + assert.Nil(t, err) + assert.Equal(t, len(res1.Manifests), 1) assert.Contains(t, res1.Manifests[0], "prometheus-operator-operator") }) @@ -1525,22 +1503,22 @@ func TestGenerateNullList(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, res1.Manifests, 2) }) } func TestIdentifyAppSourceTypeByAppDirWithKustomizations(t *testing.T) { sourceType, err := GetAppSourceType(context.Background(), &argoappv1.ApplicationSource{}, "./testdata/kustomization_yaml", "./testdata", "testapp", map[string]bool{}, []string{}, []string{}) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, argoappv1.ApplicationSourceTypeKustomize, sourceType) sourceType, err = GetAppSourceType(context.Background(), &argoappv1.ApplicationSource{}, "./testdata/kustomization_yml", "./testdata", "testapp", map[string]bool{}, []string{}, []string{}) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, argoappv1.ApplicationSourceTypeKustomize, sourceType) sourceType, err = GetAppSourceType(context.Background(), &argoappv1.ApplicationSource{}, "./testdata/Kustomization", "./testdata", "testapp", map[string]bool{}, []string{}, []string{}) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, argoappv1.ApplicationSourceTypeKustomize, sourceType) } @@ -1552,15 +1530,15 @@ func TestGenerateFromUTF16(t *testing.T) { ProjectSourceRepos: []string{"*"}, } res1, err := GenerateManifests(context.Background(), "./testdata/utf-16", "/", "", &q, false, &git.NoopCredsStore{}, resource.MustParse("0"), nil) - require.NoError(t, err) - assert.Len(t, res1.Manifests, 2) + assert.Nil(t, err) + assert.Equal(t, 2, len(res1.Manifests)) } func TestListApps(t *testing.T) { service := newService(t, "./testdata") res, err := service.ListApps(context.Background(), &apiclient.ListAppsRequest{Repo: &argoappv1.Repository{}}) - require.NoError(t, err) + assert.NoError(t, err) expectedApps := map[string]string{ "Kustomization": "Kustomize", @@ -1594,7 +1572,7 @@ func TestGetAppDetailsHelm(t *testing.T) { }, }) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, res.Helm) assert.Equal(t, "Helm", res.Type) @@ -1611,7 +1589,7 @@ func TestGetAppDetailsHelmUsesCache(t *testing.T) { }, }) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, res.Helm) assert.Equal(t, "Helm", res.Type) @@ -1628,7 +1606,7 @@ func TestGetAppDetailsHelm_WithNoValuesFile(t *testing.T) { }, }) - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, res.Helm) assert.Equal(t, "Helm", res.Type) @@ -1646,7 +1624,7 @@ func TestGetAppDetailsKustomize(t *testing.T) { }, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "Kustomize", res.Type) assert.NotNil(t, res.Kustomize) @@ -1662,7 +1640,7 @@ func TestGetHelmCharts(t *testing.T) { return res.Items[i].Name < res.Items[j].Name }) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, res.Items, 2) item := res.Items[0] @@ -1691,7 +1669,7 @@ func TestGetRevisionMetadata(t *testing.T) { CheckSignature: true, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "test", res.Message) assert.Equal(t, now, res.Date.Time) assert.Equal(t, "author", res.Author) @@ -1705,7 +1683,7 @@ func TestGetRevisionMetadata(t *testing.T) { CheckSignature: true, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "test", res.Message) assert.Equal(t, now, res.Date.Time) assert.Equal(t, "author", res.Author) @@ -1718,7 +1696,7 @@ func TestGetRevisionMetadata(t *testing.T) { Revision: "c0b400fc458875d925171398f9ba9eabd5529923", CheckSignature: false, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, res.SignatureInfo) // Enforce cache miss - signature info should not be in result @@ -1727,7 +1705,7 @@ func TestGetRevisionMetadata(t *testing.T) { Revision: "da52afd3b2df1ec49470603d8bbb46954dab1091", CheckSignature: false, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, res.SignatureInfo) // Cache hit on previous entry that did not have signature info @@ -1736,7 +1714,7 @@ func TestGetRevisionMetadata(t *testing.T) { Revision: "da52afd3b2df1ec49470603d8bbb46954dab1091", CheckSignature: true, }) - require.NoError(t, err) + assert.NoError(t, err) assert.NotEmpty(t, res.SignatureInfo) } @@ -1755,7 +1733,7 @@ func TestGetSignatureVerificationResult(t *testing.T) { } res, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, testSignature, res.VerifyResult) } // Commit with signature and verification not requested @@ -1763,13 +1741,11 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newServiceWithSignature(t, "../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, res.VerifyResult) } // Commit without signature and verification requested @@ -1777,13 +1753,11 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService(t, "../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, res.VerifyResult) } // Commit without signature and verification not requested @@ -1791,13 +1765,11 @@ func TestGetSignatureVerificationResult(t *testing.T) { service := newService(t, "../../manifests/base") src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{ - Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", - ProjectSourceRepos: []string{"*"}, - } + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, VerifySignature: true, ProjectName: "something", + ProjectSourceRepos: []string{"*"}} res, err := service.GenerateManifest(context.Background(), &q) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, res.VerifyResult) } } @@ -1915,7 +1887,7 @@ func TestGetAppDetailsWithAppParameterFile(t *testing.T) { }, AppName: "broken", }) - require.Error(t, err) + assert.Error(t, err) }) }) } @@ -1962,7 +1934,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { for _, manifest := range manifests.Manifests { var un unstructured.Unstructured err := yaml.Unmarshal([]byte(manifest), &un) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } resourceByKindName[fmt.Sprintf("%s/%s", un.GetKind(), un.GetName())] = &un } deployment, ok := resourceByKindName["Deployment/guestbook-ui"] @@ -1991,7 +1965,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { for _, manifest := range manifests.Manifests { var un unstructured.Unstructured err := yaml.Unmarshal([]byte(manifest), &un) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } resourceByKindName[fmt.Sprintf("%s/%s", un.GetKind(), un.GetName())] = &un } deployment, ok := resourceByKindName["Deployment/guestbook-ui"] @@ -2021,7 +1997,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { for _, manifest := range manifests.Manifests { var un unstructured.Unstructured err := yaml.Unmarshal([]byte(manifest), &un) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } resourceByKindName[fmt.Sprintf("%s/%s", un.GetKind(), un.GetName())] = &un } deployment, ok := resourceByKindName["Deployment/guestbook-ui"] @@ -2049,7 +2027,7 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ProjectSourceRepos: []string{"*"}, HasMultipleSources: true, }) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, manifests.Manifests) assert.NotEmpty(t, manifests.Revision) }) @@ -2072,7 +2050,9 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { for _, manifest := range manifests.Manifests { var un unstructured.Unstructured err := yaml.Unmarshal([]byte(manifest), &un) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } resourceByKindName[fmt.Sprintf("%s/%s", un.GetKind(), un.GetName())] = &un } deployment, ok := resourceByKindName["Deployment/guestbook-ui"] @@ -2099,13 +2079,13 @@ func TestGenerateManifestsWithAppParameterFile(t *testing.T) { ProjectName: "something", ProjectSourceRepos: []string{"*"}, }) - require.NoError(t, err) + assert.NoError(t, err) res := &cache.CachedManifestResponse{} // Try to pull from the cache with a `source` that does not include any overrides. Overrides should not be // part of the cache key, because you can't get the overrides without a repo operation. And avoiding repo // operations is the point of the cache. err = service.cache.GetManifests(mock.Anything, source, argoappv1.RefTargetRevisionMapping{}, &argoappv1.ClusterInfo{}, "", "", "", "test", res, nil) - require.NoError(t, err) + assert.NoError(t, err) }) }) } @@ -2185,6 +2165,7 @@ func TestGenerateManifestWithAnnotatedAndRegularGitTagHashes(t *testing.T) { t.Errorf("expected an error but did not throw one") } } + }) } } @@ -2266,7 +2247,9 @@ func TestFindResources(t *testing.T) { Include: tc.include, Exclude: tc.exclude, }, map[string]bool{}, resource.MustParse("0")) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } var names []string for i := range objs { names = append(names, objs[i].GetName()) @@ -2282,8 +2265,9 @@ func TestFindManifests_Exclude(t *testing.T) { Exclude: "subdir/deploymentSub.yaml", }, map[string]bool{}, resource.MustParse("0")) - require.NoError(t, err) - require.Len(t, objs, 1) + if !assert.NoError(t, err) || !assert.Len(t, objs, 1) { + return + } assert.Equal(t, "nginx-deployment", objs[0].GetName()) } @@ -2294,8 +2278,9 @@ func TestFindManifests_Exclude_NothingMatches(t *testing.T) { Exclude: "nothing.yaml", }, map[string]bool{}, resource.MustParse("0")) - require.NoError(t, err) - require.Len(t, objs, 2) + if !assert.NoError(t, err) || !assert.Len(t, objs, 2) { + return + } assert.ElementsMatch(t, []string{"nginx-deployment", "nginx-deployment-sub"}, []string{objs[0].GetName(), objs[1].GetName()}) @@ -2316,7 +2301,7 @@ func tempDir(t *testing.T) string { } func walkFor(t *testing.T, root string, testPath string, run func(info fs.FileInfo)) { - hitExpectedPath := false + var hitExpectedPath = false err := filepath.Walk(root, func(path string, info fs.FileInfo, err error) error { if path == testPath { require.NoError(t, err) @@ -2339,7 +2324,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { t.Run("non-JSON/YAML is skipped with an empty ignore message", func(t *testing.T) { appDir := tempDir(t) filePath := filepath.Join(appDir, "not-json-or-yaml") - file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0o644) + file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0644) require.NoError(t, err) err = file.Close() require.NoError(t, err) @@ -2348,7 +2333,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { realFileInfo, ignoreMessage, err := getPotentiallyValidManifestFile(filePath, info, appDir, appDir, "", "") assert.Nil(t, realFileInfo) assert.Empty(t, ignoreMessage) - require.NoError(t, err) + assert.NoError(t, err) }) }) @@ -2382,7 +2367,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { realFileInfo, ignoreMessage, err := getPotentiallyValidManifestFile(aPath, info, appDir, appDir, "", "") assert.Nil(t, realFileInfo) assert.NotEmpty(t, ignoreMessage) - require.NoError(t, err) + assert.NoError(t, err) }) }) @@ -2405,7 +2390,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { appDir := tempDir(t) dirPath := filepath.Join(appDir, "test.dir") - err := os.MkdirAll(dirPath, 0o644) + err := os.MkdirAll(dirPath, 0644) require.NoError(t, err) linkPath := filepath.Join(appDir, "test.json") err = os.Symlink(dirPath, linkPath) @@ -2415,7 +2400,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { realFileInfo, ignoreMessage, err := getPotentiallyValidManifestFile(linkPath, info, appDir, appDir, "", "") assert.Nil(t, realFileInfo) assert.Contains(t, ignoreMessage, "non-regular file") - require.NoError(t, err) + assert.NoError(t, err) }) }) @@ -2423,7 +2408,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { appDir := tempDir(t) filePath := filepath.Join(appDir, "not-included.yaml") - file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0o644) + file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0644) require.NoError(t, err) err = file.Close() require.NoError(t, err) @@ -2432,7 +2417,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { realFileInfo, ignoreMessage, err := getPotentiallyValidManifestFile(filePath, info, appDir, appDir, "*.json", "") assert.Nil(t, realFileInfo) assert.Empty(t, ignoreMessage) - require.NoError(t, err) + assert.NoError(t, err) }) }) @@ -2440,7 +2425,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { appDir := tempDir(t) filePath := filepath.Join(appDir, "excluded.json") - file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0o644) + file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0644) require.NoError(t, err) err = file.Close() require.NoError(t, err) @@ -2449,7 +2434,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { realFileInfo, ignoreMessage, err := getPotentiallyValidManifestFile(filePath, info, appDir, appDir, "", "excluded.*") assert.Nil(t, realFileInfo) assert.Empty(t, ignoreMessage) - require.NoError(t, err) + assert.NoError(t, err) }) }) @@ -2457,7 +2442,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { appDir := tempDir(t) filePath := filepath.Join(appDir, "regular-file") - file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0o644) + file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0644) require.NoError(t, err) err = file.Close() require.NoError(t, err) @@ -2470,7 +2455,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { realFileInfo, ignoreMessage, err := getPotentiallyValidManifestFile(linkPath, info, appDir, appDir, "", "") assert.NotNil(t, realFileInfo) assert.Empty(t, ignoreMessage) - require.NoError(t, err) + assert.NoError(t, err) }) }) @@ -2478,7 +2463,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { appDir := tempDir(t) filePath := filepath.Join(appDir, "regular-file.json") - file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0o644) + file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0644) require.NoError(t, err) err = file.Close() require.NoError(t, err) @@ -2487,7 +2472,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { realFileInfo, ignoreMessage, err := getPotentiallyValidManifestFile(filePath, info, appDir, appDir, "", "") assert.NotNil(t, realFileInfo) assert.Empty(t, ignoreMessage) - require.NoError(t, err) + assert.NoError(t, err) }) }) @@ -2495,7 +2480,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { appDir := tempDir(t) filePath := filepath.Join(appDir, "regular-file") - file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0o644) + file, err := os.OpenFile(filePath, os.O_RDONLY|os.O_CREATE, 0644) require.NoError(t, err) err = file.Close() require.NoError(t, err) @@ -2509,7 +2494,7 @@ func Test_getPotentiallyValidManifestFile(t *testing.T) { assert.NotNil(t, realFileInfo) assert.Equal(t, filepath.Base(filePath), realFileInfo.Name()) assert.Empty(t, ignoreMessage) - require.NoError(t, err) + assert.NoError(t, err) }) }) } @@ -2523,17 +2508,17 @@ func Test_getPotentiallyValidManifests(t *testing.T) { t.Run("unreadable file throws error", func(t *testing.T) { appDir := t.TempDir() unreadablePath := filepath.Join(appDir, "unreadable.json") - err := os.WriteFile(unreadablePath, []byte{}, 0o666) + err := os.WriteFile(unreadablePath, []byte{}, 0666) require.NoError(t, err) - err = os.Chmod(appDir, 0o000) + err = os.Chmod(appDir, 0000) require.NoError(t, err) manifests, err := getPotentiallyValidManifests(logCtx, appDir, appDir, false, "", "", resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) // allow cleanup - err = os.Chmod(appDir, 0o777) + err = os.Chmod(appDir, 0777) if err != nil { panic(err) } @@ -2542,19 +2527,19 @@ func Test_getPotentiallyValidManifests(t *testing.T) { t.Run("no recursion when recursion is disabled", func(t *testing.T) { manifests, err := getPotentiallyValidManifests(logCtx, "./testdata/recurse", "./testdata/recurse", false, "", "", resource.MustParse("0")) assert.Len(t, manifests, 1) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("recursion when recursion is enabled", func(t *testing.T) { manifests, err := getPotentiallyValidManifests(logCtx, "./testdata/recurse", "./testdata/recurse", true, "", "", resource.MustParse("0")) assert.Len(t, manifests, 2) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("non-JSON/YAML is skipped", func(t *testing.T) { manifests, err := getPotentiallyValidManifests(logCtx, "./testdata/non-manifest-file", "./testdata/non-manifest-file", false, "", "", resource.MustParse("0")) assert.Empty(t, manifests) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("circular link should throw an error", func(t *testing.T) { @@ -2566,14 +2551,14 @@ func Test_getPotentiallyValidManifests(t *testing.T) { defer os.Remove(path.Join(testDir, "b.json")) manifests, err := getPotentiallyValidManifests(logCtx, "./testdata/circular-link", "./testdata/circular-link", false, "", "", resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) }) t.Run("out-of-bounds symlink should throw an error", func(t *testing.T) { require.DirExists(t, "./testdata/out-of-bounds-link") manifests, err := getPotentiallyValidManifests(logCtx, "./testdata/out-of-bounds-link", "./testdata/out-of-bounds-link", false, "", "", resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) }) t.Run("symlink to a regular file works", func(t *testing.T) { @@ -2583,13 +2568,13 @@ func Test_getPotentiallyValidManifests(t *testing.T) { require.NoError(t, err) manifests, err := getPotentiallyValidManifests(logCtx, appPath, repoRoot, false, "", "", resource.MustParse("0")) assert.Len(t, manifests, 1) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("symlink to nowhere should be ignored", func(t *testing.T) { manifests, err := getPotentiallyValidManifests(logCtx, "./testdata/link-to-nowhere", "./testdata/link-to-nowhere", false, "", "", resource.MustParse("0")) assert.Empty(t, manifests) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("link to over-sized manifest fails", func(t *testing.T) { @@ -2607,7 +2592,7 @@ func Test_getPotentiallyValidManifests(t *testing.T) { // There is a total of 10 files, ech file being 10 bytes. manifests, err := getPotentiallyValidManifests(logCtx, "./testdata/several-files", "./testdata/several-files", false, "", "", resource.MustParse("365")) assert.Len(t, manifests, 10) - require.NoError(t, err) + assert.NoError(t, err) manifests, err = getPotentiallyValidManifests(logCtx, "./testdata/several-files", "./testdata/several-files", false, "", "", resource.MustParse("100")) assert.Empty(t, manifests) @@ -2622,17 +2607,17 @@ func Test_findManifests(t *testing.T) { t.Run("unreadable file throws error", func(t *testing.T) { appDir := t.TempDir() unreadablePath := filepath.Join(appDir, "unreadable.json") - err := os.WriteFile(unreadablePath, []byte{}, 0o666) + err := os.WriteFile(unreadablePath, []byte{}, 0666) require.NoError(t, err) - err = os.Chmod(appDir, 0o000) + err = os.Chmod(appDir, 0000) require.NoError(t, err) manifests, err := findManifests(logCtx, appDir, appDir, nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) // allow cleanup - err = os.Chmod(appDir, 0o777) + err = os.Chmod(appDir, 0777) if err != nil { panic(err) } @@ -2641,20 +2626,20 @@ func Test_findManifests(t *testing.T) { t.Run("no recursion when recursion is disabled", func(t *testing.T) { manifests, err := findManifests(logCtx, "./testdata/recurse", "./testdata/recurse", nil, noRecurse, nil, resource.MustParse("0")) assert.Len(t, manifests, 2) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("recursion when recursion is enabled", func(t *testing.T) { recurse := argoappv1.ApplicationSourceDirectory{Recurse: true} manifests, err := findManifests(logCtx, "./testdata/recurse", "./testdata/recurse", nil, recurse, nil, resource.MustParse("0")) assert.Len(t, manifests, 4) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("non-JSON/YAML is skipped", func(t *testing.T) { manifests, err := findManifests(logCtx, "./testdata/non-manifest-file", "./testdata/non-manifest-file", nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("circular link should throw an error", func(t *testing.T) { @@ -2666,14 +2651,14 @@ func Test_findManifests(t *testing.T) { defer os.Remove(path.Join(testDir, "b.json")) manifests, err := findManifests(logCtx, "./testdata/circular-link", "./testdata/circular-link", nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) }) t.Run("out-of-bounds symlink should throw an error", func(t *testing.T) { require.DirExists(t, "./testdata/out-of-bounds-link") manifests, err := findManifests(logCtx, "./testdata/out-of-bounds-link", "./testdata/out-of-bounds-link", nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) }) t.Run("symlink to a regular file works", func(t *testing.T) { @@ -2683,13 +2668,13 @@ func Test_findManifests(t *testing.T) { require.NoError(t, err) manifests, err := findManifests(logCtx, appPath, repoRoot, nil, noRecurse, nil, resource.MustParse("0")) assert.Len(t, manifests, 1) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("symlink to nowhere should be ignored", func(t *testing.T) { manifests, err := findManifests(logCtx, "./testdata/link-to-nowhere", "./testdata/link-to-nowhere", nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("link to over-sized manifest fails", func(t *testing.T) { @@ -2707,7 +2692,7 @@ func Test_findManifests(t *testing.T) { // There is a total of 10 files, each file being 10 bytes. manifests, err := findManifests(logCtx, "./testdata/several-files", "./testdata/several-files", nil, noRecurse, nil, resource.MustParse("365")) assert.Len(t, manifests, 10) - require.NoError(t, err) + assert.NoError(t, err) manifests, err = findManifests(logCtx, "./testdata/several-files", "./testdata/several-files", nil, noRecurse, nil, resource.MustParse("364")) assert.Empty(t, manifests) @@ -2718,7 +2703,7 @@ func Test_findManifests(t *testing.T) { // Each file is 36 bytes. Only the 36-byte json file should be counted against the limit. manifests, err := findManifests(logCtx, "./testdata/jsonnet-and-json", "./testdata/jsonnet-and-json", nil, noRecurse, nil, resource.MustParse("36")) assert.Len(t, manifests, 2) - require.NoError(t, err) + assert.NoError(t, err) manifests, err = findManifests(logCtx, "./testdata/jsonnet-and-json", "./testdata/jsonnet-and-json", nil, noRecurse, nil, resource.MustParse("35")) assert.Empty(t, manifests) @@ -2729,46 +2714,46 @@ func Test_findManifests(t *testing.T) { require.DirExists(t, "./testdata/partially-valid-yaml") manifests, err := findManifests(logCtx, "./testdata/partially-valid-yaml", "./testdata/partially-valid-yaml", nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) }) t.Run("invalid manifest throws an error", func(t *testing.T) { require.DirExists(t, "./testdata/invalid-manifests") manifests, err := findManifests(logCtx, "./testdata/invalid-manifests", "./testdata/invalid-manifests", nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) }) t.Run("irrelevant YAML gets skipped, relevant YAML gets parsed", func(t *testing.T) { manifests, err := findManifests(logCtx, "./testdata/irrelevant-yaml", "./testdata/irrelevant-yaml", nil, noRecurse, nil, resource.MustParse("0")) assert.Len(t, manifests, 1) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("multiple JSON objects in one file throws an error", func(t *testing.T) { require.DirExists(t, "./testdata/json-list") manifests, err := findManifests(logCtx, "./testdata/json-list", "./testdata/json-list", nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) }) t.Run("invalid JSON throws an error", func(t *testing.T) { require.DirExists(t, "./testdata/invalid-json") manifests, err := findManifests(logCtx, "./testdata/invalid-json", "./testdata/invalid-json", nil, noRecurse, nil, resource.MustParse("0")) assert.Empty(t, manifests) - require.Error(t, err) + assert.Error(t, err) }) t.Run("valid JSON returns manifest and no error", func(t *testing.T) { manifests, err := findManifests(logCtx, "./testdata/valid-json", "./testdata/valid-json", nil, noRecurse, nil, resource.MustParse("0")) assert.Len(t, manifests, 1) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("YAML with an empty document doesn't throw an error", func(t *testing.T) { manifests, err := findManifests(logCtx, "./testdata/yaml-with-empty-document", "./testdata/yaml-with-empty-document", nil, noRecurse, nil, resource.MustParse("0")) assert.Len(t, manifests, 1) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -2790,13 +2775,14 @@ func Test_getHelmDependencyRepos(t *testing.T) { repo2 := "https://eventstore.github.io/EventStore.Charts" repos, err := getHelmDependencyRepos("../../util/helm/testdata/dependency") - require.NoError(t, err) - assert.Len(t, repos, 2) + assert.NoError(t, err) + assert.Equal(t, len(repos), 2) assert.Equal(t, repos[0].Repo, repo1) assert.Equal(t, repos[1].Repo, repo2) } func TestResolveRevision(t *testing.T) { + service := newService(t, ".") repo := &argoappv1.Repository{Repo: "https://github.com/argoproj/argo-cd"} app := &argoappv1.Application{Spec: argoappv1.ApplicationSpec{Source: &argoappv1.ApplicationSource{}}} @@ -2812,11 +2798,13 @@ func TestResolveRevision(t *testing.T) { } assert.NotNil(t, resolveRevisionResponse.Revision) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, expectedResolveRevisionResponse, resolveRevisionResponse) + } func TestResolveRevisionNegativeScenarios(t *testing.T) { + service := newService(t, ".") repo := &argoappv1.Repository{Repo: "https://github.com/argoproj/argo-cd"} app := &argoappv1.Application{Spec: argoappv1.ApplicationSpec{Source: &argoappv1.ApplicationSource{}}} @@ -2832,8 +2820,9 @@ func TestResolveRevisionNegativeScenarios(t *testing.T) { } assert.NotNil(t, resolveRevisionResponse.Revision) - require.Error(t, err) + assert.NotNil(t, err) assert.Equal(t, expectedResolveRevisionResponse, resolveRevisionResponse) + } func TestDirectoryPermissionInitializer(t *testing.T) { @@ -2844,12 +2833,12 @@ func TestDirectoryPermissionInitializer(t *testing.T) { io.Close(file) // remove read permissions - require.NoError(t, os.Chmod(dir, 0o000)) + assert.NoError(t, os.Chmod(dir, 0000)) // Remember to restore permissions when the test finishes so dir can // be removed properly. t.Cleanup(func() { - require.NoError(t, os.Chmod(dir, 0o777)) + require.NoError(t, os.Chmod(dir, 0777)) }) // make sure permission are restored @@ -2864,43 +2853,43 @@ func TestDirectoryPermissionInitializer(t *testing.T) { } func addHelmToGitRepo(t *testing.T, options newGitRepoOptions) { - err := os.WriteFile(filepath.Join(options.path, "Chart.yaml"), []byte("name: test\nversion: v1.0.0"), 0o777) - require.NoError(t, err) + err := os.WriteFile(filepath.Join(options.path, "Chart.yaml"), []byte("name: test\nversion: v1.0.0"), 0777) + assert.NoError(t, err) for valuesFileName, values := range options.helmChartOptions.valuesFiles { valuesFileContents, err := yaml.Marshal(values) - require.NoError(t, err) - err = os.WriteFile(filepath.Join(options.path, valuesFileName), valuesFileContents, 0o777) - require.NoError(t, err) + assert.NoError(t, err) + err = os.WriteFile(filepath.Join(options.path, valuesFileName), valuesFileContents, 0777) + assert.NoError(t, err) } - require.NoError(t, err) + assert.NoError(t, err) cmd := exec.Command("git", "add", "-A") cmd.Dir = options.path - require.NoError(t, cmd.Run()) + assert.NoError(t, cmd.Run()) cmd = exec.Command("git", "commit", "-m", "Initial commit") cmd.Dir = options.path - require.NoError(t, cmd.Run()) + assert.NoError(t, cmd.Run()) } func initGitRepo(t *testing.T, options newGitRepoOptions) (revision string) { if options.createPath { - require.NoError(t, os.Mkdir(options.path, 0o755)) + assert.NoError(t, os.Mkdir(options.path, 0755)) } cmd := exec.Command("git", "init", "-b", "main", options.path) cmd.Dir = options.path - require.NoError(t, cmd.Run()) + assert.NoError(t, cmd.Run()) if options.remote != "" { cmd = exec.Command("git", "remote", "add", "origin", options.path) cmd.Dir = options.path - require.NoError(t, cmd.Run()) + assert.NoError(t, cmd.Run()) } commitAdded := options.addEmptyCommit || options.helmChartOptions.chartName != "" if options.addEmptyCommit { cmd = exec.Command("git", "commit", "-m", "Initial commit", "--allow-empty") cmd.Dir = options.path - require.NoError(t, cmd.Run()) + assert.NoError(t, cmd.Run()) } else if options.helmChartOptions.chartName != "" { addHelmToGitRepo(t, options) } @@ -2910,7 +2899,7 @@ func initGitRepo(t *testing.T, options newGitRepoOptions) (revision string) { cmd = exec.Command("git", "rev-parse", "HEAD", options.path) cmd.Dir = options.path cmd.Stdout = &revB - require.NoError(t, cmd.Run()) + assert.NoError(t, cmd.Run()) revision = strings.Split(revB.String(), "\n")[0] } return revision @@ -2922,7 +2911,7 @@ func TestInit(t *testing.T) { // service.Init sets permission to 0300. Restore permissions when the test // finishes so dir can be removed properly. t.Cleanup(func() { - require.NoError(t, os.Chmod(dir, 0o777)) + require.NoError(t, os.Chmod(dir, 0777)) }) repoPath := path.Join(dir, "repo1") @@ -2968,35 +2957,10 @@ func TestCheckoutRevisionCanGetNonstandardRefs(t *testing.T) { require.NoError(t, err) err = checkoutRevision(gitClient, "does-not-exist", false) - require.Error(t, err) + assert.Error(t, err) err = checkoutRevision(gitClient, pullSha, false) - require.NoError(t, err) -} - -func TestCheckoutRevisionPresentSkipFetch(t *testing.T) { - revision := "0123456789012345678901234567890123456789" - - gitClient := &gitmocks.Client{} - gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", revision).Return(true) - gitClient.On("Checkout", revision, mock.Anything).Return(nil) - - err := checkoutRevision(gitClient, revision, false) - require.NoError(t, err) -} - -func TestCheckoutRevisionNotPresentCallFetch(t *testing.T) { - revision := "0123456789012345678901234567890123456789" - - gitClient := &gitmocks.Client{} - gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", revision).Return(false) - gitClient.On("Fetch", "").Return(nil) - gitClient.On("Checkout", revision, mock.Anything).Return(nil) - - err := checkoutRevision(gitClient, revision, false) - require.NoError(t, err) + assert.NoError(t, err) } // runGit runs a git command in the given working directory. If the command succeeds, it returns the combined standard @@ -3015,14 +2979,14 @@ func Test_walkHelmValueFilesInPath(t *testing.T) { var files []string root := "/obviously/does/not/exist" err := filepath.Walk(root, walkHelmValueFilesInPath(root, &files)) - require.Error(t, err) + assert.Error(t, err) assert.Empty(t, files) }) t.Run("values files", func(t *testing.T) { var files []string root := "./testdata/values-files" err := filepath.Walk(root, walkHelmValueFilesInPath(root, &files)) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, files, 5) }) t.Run("unrelated root", func(t *testing.T) { @@ -3030,12 +2994,12 @@ func Test_walkHelmValueFilesInPath(t *testing.T) { root := "./testdata/values-files" unrelated_root := "/different/root/path" err := filepath.Walk(root, walkHelmValueFilesInPath(unrelated_root, &files)) - require.Error(t, err) + assert.Error(t, err) }) } func Test_populateHelmAppDetails(t *testing.T) { - emptyTempPaths := io.NewRandomizedTempPaths(t.TempDir()) + var emptyTempPaths = io.NewRandomizedTempPaths(t.TempDir()) res := apiclient.RepoAppDetailsResponse{} q := apiclient.RepoServerAppDetailsQuery{ Repo: &argoappv1.Repository{}, @@ -3052,7 +3016,7 @@ func Test_populateHelmAppDetails(t *testing.T) { } func Test_populateHelmAppDetails_values_symlinks(t *testing.T) { - emptyTempPaths := io.NewRandomizedTempPaths(t.TempDir()) + var emptyTempPaths = io.NewRandomizedTempPaths(t.TempDir()) t.Run("inbound", func(t *testing.T) { res := apiclient.RepoAppDetailsResponse{} q := apiclient.RepoServerAppDetailsQuery{Repo: &argoappv1.Repository{}, Source: &argoappv1.ApplicationSource{}} @@ -3072,32 +3036,19 @@ func Test_populateHelmAppDetails_values_symlinks(t *testing.T) { }) } -func TestGetHelmRepos_OCIDependenciesWithHelmRepo(t *testing.T) { +func TestGetHelmRepos_OCIDependencies(t *testing.T) { src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repos: []*argoappv1.Repository{}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{ + q := apiclient.ManifestRequest{Repo: &argoappv1.Repository{}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{ {URL: "example.com", Username: "test", Password: "test", EnableOCI: true}, }} helmRepos, err := getHelmRepos("./testdata/oci-dependencies", q.Repos, q.HelmRepoCreds) - require.NoError(t, err) - - assert.Len(t, helmRepos, 1) - assert.Equal(t, "test", helmRepos[0].Username) - assert.True(t, helmRepos[0].EnableOci) - assert.Equal(t, "example.com/myrepo", helmRepos[0].Repo) -} - -func TestGetHelmRepos_OCIDependenciesWithRepo(t *testing.T) { - src := argoappv1.ApplicationSource{Path: "."} - q := apiclient.ManifestRequest{Repos: []*argoappv1.Repository{{Repo: "example.com", Username: "test", Password: "test", EnableOCI: true}}, ApplicationSource: &src, HelmRepoCreds: []*argoappv1.RepoCreds{}} - - helmRepos, err := getHelmRepos("./testdata/oci-dependencies", q.Repos, q.HelmRepoCreds) - require.NoError(t, err) + assert.Nil(t, err) - assert.Len(t, helmRepos, 1) - assert.Equal(t, "test", helmRepos[0].Username) - assert.True(t, helmRepos[0].EnableOci) - assert.Equal(t, "example.com/myrepo", helmRepos[0].Repo) + assert.Equal(t, len(helmRepos), 1) + assert.Equal(t, helmRepos[0].Username, "test") + assert.Equal(t, helmRepos[0].EnableOci, true) + assert.Equal(t, helmRepos[0].Repo, "example.com/myrepo") } func TestGetHelmRepo_NamedRepos(t *testing.T) { @@ -3109,11 +3060,11 @@ func TestGetHelmRepo_NamedRepos(t *testing.T) { }}} helmRepos, err := getHelmRepos("./testdata/helm-with-dependencies", q.Repos, q.HelmRepoCreds) - require.NoError(t, err) + assert.Nil(t, err) - assert.Len(t, helmRepos, 1) - assert.Equal(t, "test", helmRepos[0].Username) - assert.Equal(t, "https://example.com", helmRepos[0].Repo) + assert.Equal(t, len(helmRepos), 1) + assert.Equal(t, helmRepos[0].Username, "test") + assert.Equal(t, helmRepos[0].Repo, "https://example.com") } func TestGetHelmRepo_NamedReposAlias(t *testing.T) { @@ -3125,19 +3076,17 @@ func TestGetHelmRepo_NamedReposAlias(t *testing.T) { }}} helmRepos, err := getHelmRepos("./testdata/helm-with-dependencies-alias", q.Repos, q.HelmRepoCreds) - require.NoError(t, err) + assert.Nil(t, err) - assert.Len(t, helmRepos, 1) - assert.Equal(t, "test-alias", helmRepos[0].Username) - assert.Equal(t, "https://example.com", helmRepos[0].Repo) + assert.Equal(t, len(helmRepos), 1) + assert.Equal(t, helmRepos[0].Username, "test-alias") + assert.Equal(t, helmRepos[0].Repo, "https://example.com") } func Test_getResolvedValueFiles(t *testing.T) { tempDir := t.TempDir() paths := io.NewRandomizedTempPaths(tempDir) - - key, _ := json.Marshal(map[string]string{"url": git.NormalizeGitURL("https://github.com/org/repo1"), "project": ""}) - paths.Add(string(key), path.Join(tempDir, "repo1")) + paths.Add(git.NormalizeGitURL("https://github.com/org/repo1"), path.Join(tempDir, "repo1")) testCases := []struct { name string @@ -3279,21 +3228,17 @@ func Test_getResolvedValueFiles(t *testing.T) { t.Parallel() resolvedPaths, err := getResolvedValueFiles(path.Join(tempDir, "main-repo"), path.Join(tempDir, "main-repo"), tcc.env, []string{}, []string{tcc.rawPath}, tcc.refSources, paths, false) if !tcc.expectedErr { - require.NoError(t, err) + assert.NoError(t, err) require.Len(t, resolvedPaths, 1) assert.Equal(t, tcc.expectedPath, string(resolvedPaths[0])) } else { - require.Error(t, err) + assert.Error(t, err) assert.Empty(t, resolvedPaths) } }) } } - func TestErrorGetGitDirectories(t *testing.T) { - // test not using the cache - root := "./testdata/git-files-dirs" - type fields struct { service *Service } @@ -3320,7 +3265,6 @@ func TestErrorGetGitDirectories(t *testing.T) { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) - gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) paths.On("GetPathIfExists", mock.Anything).Return(".", nil) }, ".") @@ -3333,25 +3277,6 @@ func TestErrorGetGitDirectories(t *testing.T) { Revision: "sadfsadf", }, }, want: nil, wantErr: assert.Error}, - {name: "ErrorVerifyCommit", fields: fields{service: func() *Service { - s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) - gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) - gitClient.On("VerifyCommitSignature", mock.Anything).Return("", fmt.Errorf("revision %s is not signed", "sadfsadf")) - gitClient.On("Root").Return(root) - paths.On("GetPath", mock.Anything).Return(".", nil) - paths.On("GetPathIfExists", mock.Anything).Return(".", nil) - }, ".") - return s - }()}, args: args{ - ctx: context.TODO(), - request: &apiclient.GitDirectoriesRequest{ - Repo: &argoappv1.Repository{Repo: "not-a-valid-url"}, - SubmoduleEnabled: false, - Revision: "sadfsadf", - VerifyCommit: true, - }, - }, want: nil, wantErr: assert.Error}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -3370,7 +3295,6 @@ func TestGetGitDirectories(t *testing.T) { root := "./testdata/git-files-dirs" s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) @@ -3384,13 +3308,13 @@ func TestGetGitDirectories(t *testing.T) { Revision: "HEAD", } directories, err := s.GetGitDirectories(context.TODO(), dirRequest) - require.NoError(t, err) + assert.Nil(t, err) assert.ElementsMatch(t, directories.GetPaths(), []string{"app", "app/bar", "app/foo/bar", "somedir", "app/foo"}) // do the same request again to use the cache // we only allow CheckOut to be called once in the mock directories, err = s.GetGitDirectories(context.TODO(), dirRequest) - require.NoError(t, err) + assert.Nil(t, err) assert.ElementsMatch(t, []string{"app", "app/bar", "app/foo/bar", "somedir", "app/foo"}, directories.GetPaths()) cacheMocks.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ ExternalSets: 1, @@ -3398,44 +3322,7 @@ func TestGetGitDirectories(t *testing.T) { }) } -func TestGetGitDirectoriesWithHiddenDirSupported(t *testing.T) { - // test not using the cache - root := "./testdata/git-files-dirs" - s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { - gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", mock.Anything).Return(false) - gitClient.On("Fetch", mock.Anything).Return(nil) - gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) - gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) - gitClient.On("Root").Return(root) - paths.On("GetPath", mock.Anything).Return(root, nil) - paths.On("GetPathIfExists", mock.Anything).Return(root, nil) - }, root) - s.initConstants.IncludeHiddenDirectories = true - dirRequest := &apiclient.GitDirectoriesRequest{ - Repo: &argoappv1.Repository{Repo: "a-url.com"}, - SubmoduleEnabled: false, - Revision: "HEAD", - } - directories, err := s.GetGitDirectories(context.TODO(), dirRequest) - require.NoError(t, err) - assert.ElementsMatch(t, directories.GetPaths(), []string{"app", "app/bar", "app/foo/bar", "somedir", "app/foo", "app/bar/.hidden"}) - - // do the same request again to use the cache - // we only allow CheckOut to be called once in the mock - directories, err = s.GetGitDirectories(context.TODO(), dirRequest) - require.NoError(t, err) - assert.ElementsMatch(t, []string{"app", "app/bar", "app/foo/bar", "somedir", "app/foo", "app/bar/.hidden"}, directories.GetPaths()) - cacheMocks.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ - ExternalSets: 1, - ExternalGets: 2, - }) -} - func TestErrorGetGitFiles(t *testing.T) { - // test not using the cache - root := "" - type fields struct { service *Service } @@ -3462,7 +3349,6 @@ func TestErrorGetGitFiles(t *testing.T) { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) - gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) paths.On("GetPathIfExists", mock.Anything).Return(".", nil) }, ".") @@ -3490,14 +3376,11 @@ func TestErrorGetGitFiles(t *testing.T) { func TestGetGitFiles(t *testing.T) { // test not using the cache - files := []string{ - "./testdata/git-files-dirs/somedir/config.yaml", - "./testdata/git-files-dirs/config.yaml", "./testdata/git-files-dirs/config.yaml", "./testdata/git-files-dirs/app/foo/bar/config.yaml", - } + files := []string{"./testdata/git-files-dirs/somedir/config.yaml", + "./testdata/git-files-dirs/config.yaml", "./testdata/git-files-dirs/config.yaml", "./testdata/git-files-dirs/app/foo/bar/config.yaml"} root := "" s, _, cacheMocks := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) gitClient.On("Checkout", mock.Anything, mock.Anything).Once().Return(nil) gitClient.On("LsRemote", "HEAD").Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) @@ -3516,18 +3399,18 @@ func TestGetGitFiles(t *testing.T) { expected := make(map[string][]byte) for _, filePath := range files { fileContents, err := os.ReadFile(filePath) - require.NoError(t, err) + assert.Nil(t, err) expected[filePath] = fileContents } fileResponse, err := s.GetGitFiles(context.TODO(), filesRequest) - require.NoError(t, err) - assert.Equal(t, expected, fileResponse.GetMap()) + assert.Nil(t, err) + assert.Equal(t, fileResponse.GetMap(), expected) // do the same request again to use the cache // we only allow LsFiles to be called once in the mock fileResponse, err = s.GetGitFiles(context.TODO(), filesRequest) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, expected, fileResponse.GetMap()) cacheMocks.mockCache.AssertCacheCalledTimes(t, &repositorymocks.CacheCallCounts{ ExternalSets: 1, @@ -3536,9 +3419,6 @@ func TestGetGitFiles(t *testing.T) { } func TestErrorUpdateRevisionForPaths(t *testing.T) { - // test not using the cache - root := "" - type fields struct { service *Service } @@ -3565,7 +3445,6 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) { s, _, _ := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) - gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) paths.On("GetPathIfExists", mock.Anything).Return(".", nil) }, ".") @@ -3584,7 +3463,6 @@ func TestErrorUpdateRevisionForPaths(t *testing.T) { gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) gitClient.On("LsRemote", mock.Anything).Return("", fmt.Errorf("ah error")) - gitClient.On("Root").Return(root) paths.On("GetPath", mock.Anything).Return(".", nil) paths.On("GetPathIfExists", mock.Anything).Return(".", nil) }, ".") @@ -3671,7 +3549,6 @@ func TestUpdateRevisionForPaths(t *testing.T) { {name: "ChangedFilesDoNothing", fields: func() fields { s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) @@ -3693,11 +3570,12 @@ func TestUpdateRevisionForPaths(t *testing.T) { SyncedRevision: "SYNCEDHEAD", Paths: []string{"."}, }, - }, want: &apiclient.UpdateRevisionForPathsResponse{}, wantErr: assert.NoError}, + }, want: &apiclient.UpdateRevisionForPathsResponse{ + Changes: true, + }, wantErr: assert.NoError}, {name: "NoChangesUpdateCache", fields: func() fields { s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) @@ -3733,7 +3611,6 @@ func TestUpdateRevisionForPaths(t *testing.T) { {name: "NoChangesHelmMultiSourceUpdateCache", fields: func() fields { s, _, c := newServiceWithOpt(t, func(gitClient *gitmocks.Client, helmClient *helmmocks.Client, paths *iomocks.TempPaths) { gitClient.On("Init").Return(nil) - gitClient.On("IsRevisionPresent", mock.Anything).Return(false) gitClient.On("Fetch", mock.Anything).Return(nil) gitClient.On("Checkout", mock.Anything, mock.Anything).Return(nil) gitClient.On("LsRemote", "HEAD").Once().Return("632039659e542ed7de0c170a4fcc1c571b288fc0", nil) @@ -3827,9 +3704,9 @@ func TestGetRefs_CacheWithLockDisabled(t *testing.T) { client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, refs) - assert.NotEmpty(t, refs.Branches, "Expected branches to be populated") + assert.NotEqual(t, 0, len(refs.Branches), "Expected branches to be populated") assert.NotEmpty(t, refs.Branches[0]) }() } @@ -3854,9 +3731,9 @@ func TestGetRefs_CacheDisabled(t *testing.T) { client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, false)) require.NoError(t, err) refs, err := client.LsRefs() - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, refs) - assert.NotEmpty(t, refs.Branches, "Expected branches to be populated") + assert.NotEqual(t, 0, len(refs.Branches), "Expected branches to be populated") assert.NotEmpty(t, refs.Branches[0]) // Unlock should not have been called cacheMocks.mockCache.AssertNumberOfCalls(t, "UnlockGitReferences", 0) @@ -3883,9 +3760,9 @@ func TestGetRefs_CacheWithLock(t *testing.T) { client, err := git.NewClient(fmt.Sprintf("file://%s", dir), git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, refs) - assert.NotEmpty(t, refs.Branches, "Expected branches to be populated") + assert.NotEqual(t, 0, len(refs.Branches), "Expected branches to be populated") assert.NotEmpty(t, refs.Branches[0]) }() } @@ -3912,14 +3789,14 @@ func TestGetRefs_CacheUnlockedOnUpdateFailed(t *testing.T) { client, err := git.NewClient(repoUrl, git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, refs) - assert.NotEmpty(t, refs.Branches, "Expected branches to be populated") + assert.NotEqual(t, 0, len(refs.Branches), "Expected branches to be populated") assert.NotEmpty(t, refs.Branches[0]) var output [][2]string err = cacheMocks.cacheutilCache.GetItem(fmt.Sprintf("git-refs|%s|%s", repoUrl, common.CacheVersion), &output) - require.Error(t, err, "Should be a cache miss") - assert.Empty(t, output, "Expected cache to be empty for key") + assert.Error(t, err, "Should be a cache miss") + assert.Equal(t, 0, len(output), "Expected cache to be empty for key") cacheMocks.mockCache.AssertNumberOfCalls(t, "UnlockGitReferences", 0) cacheMocks.mockCache.AssertNumberOfCalls(t, "GetOrLockGitReferences", 0) } @@ -3943,7 +3820,7 @@ func TestGetRefs_CacheLockTryLockGitRefCacheError(t *testing.T) { client, err := git.NewClient(repoUrl, git.NopCreds{}, true, false, "", git.WithCache(cacheMocks.cache, true)) require.NoError(t, err) refs, err := client.LsRefs() - require.NoError(t, err) + assert.NoError(t, err) assert.NotNil(t, refs) } @@ -3972,7 +3849,7 @@ func TestGetRevisionChartDetails(t *testing.T) { Home: "test-home", Maintainers: []string{"test-maintainer"}, }) - require.NoError(t, err) + assert.NoError(t, err) chartDetails, err := service.GetRevisionChartDetails(context.Background(), &apiclient.RepoServerRevisionChartDetailsRequest{ Repo: &v1alpha1.Repository{ Repo: fmt.Sprintf("file://%s", root), @@ -3982,65 +3859,9 @@ func TestGetRevisionChartDetails(t *testing.T) { Name: "my-chart", Revision: "1.1.0", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "test-description", chartDetails.Description) assert.Equal(t, "test-home", chartDetails.Home) assert.Equal(t, []string{"test-maintainer"}, chartDetails.Maintainers) }) } - -func TestVerifyCommitSignature(t *testing.T) { - repo := &v1alpha1.Repository{ - Repo: "https://github.com/example/repo.git", - } - - t.Run("VerifyCommitSignature with valid signature", func(t *testing.T) { - t.Setenv("ARGOCD_GPG_ENABLED", "true") - mockGitClient := &gitmocks.Client{} - mockGitClient.On("VerifyCommitSignature", mock.Anything, mock.Anything, mock.Anything, mock.Anything). - Return(testSignature, nil) - - err := verifyCommitSignature(true, mockGitClient, "abcd1234", repo) - require.NoError(t, err) - }) - - t.Run("VerifyCommitSignature with invalid signature", func(t *testing.T) { - t.Setenv("ARGOCD_GPG_ENABLED", "true") - mockGitClient := &gitmocks.Client{} - mockGitClient.On("VerifyCommitSignature", mock.Anything, mock.Anything, mock.Anything, mock.Anything). - Return("", nil) - - err := verifyCommitSignature(true, mockGitClient, "abcd1234", repo) - require.Error(t, err) - assert.Equal(t, "revision abcd1234 is not signed", err.Error()) - }) - - t.Run("VerifyCommitSignature with unknown signature", func(t *testing.T) { - t.Setenv("ARGOCD_GPG_ENABLED", "true") - mockGitClient := &gitmocks.Client{} - mockGitClient.On("VerifyCommitSignature", mock.Anything, mock.Anything, mock.Anything, mock.Anything). - Return("", fmt.Errorf("UNKNOWN signature: gpg: Unknown signature from ABCDEFGH")) - - err := verifyCommitSignature(true, mockGitClient, "abcd1234", repo) - require.Error(t, err) - assert.Equal(t, "UNKNOWN signature: gpg: Unknown signature from ABCDEFGH", err.Error()) - }) - - t.Run("VerifyCommitSignature with error verifying signature", func(t *testing.T) { - t.Setenv("ARGOCD_GPG_ENABLED", "true") - mockGitClient := &gitmocks.Client{} - mockGitClient.On("VerifyCommitSignature", mock.Anything, mock.Anything, mock.Anything, mock.Anything). - Return("", fmt.Errorf("error verifying signature of commit 'abcd1234' in repo 'https://github.com/example/repo.git': failed to verify signature")) - - err := verifyCommitSignature(true, mockGitClient, "abcd1234", repo) - require.Error(t, err) - assert.Equal(t, "error verifying signature of commit 'abcd1234' in repo 'https://github.com/example/repo.git': failed to verify signature", err.Error()) - }) - - t.Run("VerifyCommitSignature with signature verification disabled", func(t *testing.T) { - t.Setenv("ARGOCD_GPG_ENABLED", "false") - mockGitClient := &gitmocks.Client{} - err := verifyCommitSignature(false, mockGitClient, "abcd1234", repo) - require.NoError(t, err) - }) -} diff --git a/resource_customizations/astra.netapp.io/AppVault/health.lua b/resource_customizations/astra.netapp.io/AppVault/health.lua deleted file mode 100644 index 7490ed2a89fd0..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/health.lua +++ /dev/null @@ -1,13 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "available" or obj.status.state == "Available" then - hs.status = "Healthy" - hs.message = obj.kind .. " Available" - elseif obj.status.state == "failed" or obj.status.state == "Failed" then - hs.status = "Degraded" - hs.message = obj.kind .. " Failed" - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/AppVault/health_test.yaml b/resource_customizations/astra.netapp.io/AppVault/health_test.yaml deleted file mode 100644 index 03918c3ecaa56..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Healthy - message: "AppVault Available" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "AppVault Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml deleted file mode 100644 index 0ece84574b9b2..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/degraded.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-26T14:25:45Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "12094908" - uid: 12943b68-323a-4e8a-ba78-604da0801d11 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-734ced050128-5rdt4 - providerType: gcp -status: - error: - 'failed to close GCP object "appVault.json" in bucket "astra-gcp-backup-743cfd150129": - googleapi: Error 404: The specified bucket does not exist., notFound' - state: failed diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml deleted file mode 100644 index 3ea713e8ef74e..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/healthy.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-11T21:28:27Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "70908" - uid: d1b552b2-5d8e-467b-829b-1e6af7240400 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-743cfd150129-5rdt4 - providerType: gcp -status: - state: available - uid: c708262e-3944-49bf-af96-ad1c3eb6cafb diff --git a/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml deleted file mode 100644 index d6987da72c348..0000000000000 --- a/resource_customizations/astra.netapp.io/AppVault/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: AppVault -metadata: - creationTimestamp: "2024-04-26T14:25:45Z" - generation: 1 - name: astra-gcp-backup-743cfd150129 - namespace: astra-connector - resourceVersion: "12094608" - uid: 12943b68-323a-4e8a-ba78-604da0801d11 -spec: - providerConfig: - bucketName: astra-gcp-backup-743cfd150129 - providerCredentials: - credentials: - valueFromSecret: - key: credentials.json - name: astra-gcp-backup-734ced050128-5rdt4 - providerType: gcp diff --git a/resource_customizations/astra.netapp.io/Application/health.lua b/resource_customizations/astra.netapp.io/Application/health.lua deleted file mode 100644 index 967400d8819b0..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/health.lua +++ /dev/null @@ -1,17 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for _, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = "Astra Application Ready, protectionState: " .. obj.status.protectionState - return hs - elseif condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = "Astra Application Degraded, message: " .. condition.message - return hs - end - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Application/health_test.yaml b/resource_customizations/astra.netapp.io/Application/health_test.yaml deleted file mode 100644 index d1c2bc9b769cb..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing.yaml - - healthStatus: - status: Healthy - message: "Astra Application Ready, protectionState: protected" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Astra Application Degraded, message: namespace wordpress is in terminating state" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml deleted file mode 100644 index 9b25186fa9587..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/degraded.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:59:56Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: wordpress - namespace: astra-connector - resourceVersion: "10484469" - uid: 5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3 -spec: - includedNamespaces: - - labelSelector: {} - namespace: wordpress -status: - conditions: - - lastTransitionTime: "2024-04-24T16:13:26Z" - message: namespace wordpress is in terminating state - reason: Ready - status: "False" - type: Ready - protectionState: partial - protectionStateDetails: - - Active backup schedule missing - - Application unavailable diff --git a/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml deleted file mode 100644 index f42f84b1a60ae..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/healthy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - finalizers: - - astra.netapp.io/finalizer - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost - namespace: astra-connector - resourceVersion: "3235325" - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 -spec: - includedNamespaces: - - namespace: ghost -status: - conditions: - - lastTransitionTime: "2024-04-15T20:46:16Z" - message: "" - reason: Ready - status: "True" - type: Ready - protectionState: protected diff --git a/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml b/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml deleted file mode 100644 index 64450c1aebc8a..0000000000000 --- a/resource_customizations/astra.netapp.io/Application/testdata/progressing.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Application -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - finalizers: - - astra.netapp.io/finalizer - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost - namespace: astra-connector - resourceVersion: "3235325" - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 -spec: - includedNamespaces: - - namespace: ghost diff --git a/resource_customizations/astra.netapp.io/Backup/health.lua b/resource_customizations/astra.netapp.io/Backup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Backup/health_test.yaml b/resource_customizations/astra.netapp.io/Backup/health_test.yaml deleted file mode 100644 index 56385a102f681..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "Backup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "Backup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml deleted file mode 100644 index 8dbe9ca86c361..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/degraded.yaml +++ /dev/null @@ -1,79 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - creationTimestamp: "2024-04-24T19:54:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-20240424193746 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10641332" - uid: ad301b6a-6536-4313-89c1-d10ad0275430 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: - "Source snapshot failed with permanent error: reconcile timeout of 1h0m0s - exceeded" - reason: Failed - status: "False" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:54:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - error: - "Source snapshot failed with permanent error: reconcile timeout of 1h0m0s - exceeded" - progress: {} - sourceSnapshotName: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - state: Failed diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml deleted file mode 100644 index d3f32fbf93d20..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/healthy.yaml +++ /dev/null @@ -1,116 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: 3c492b7e-8b1f-491a-af99-aa3fca9d54cf - created-by-astra-schedule-name: ghost-daily - created-by-astra-schedule-namespace: astra-connector - creationTimestamp: "2024-04-24T01:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - labels: - created-by-astra-schedule-uid: a2736922-6801-482c-a199-03ef8a3f35d7 - name: daily-a4587-20240424010000 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9965658" - uid: d4b61932-5c8e-4310-82a5-37a0b671aa2d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - snapshotRef: daily-a4587-20240424010000 -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/backups/daily-a4587-20240424010000_d4b61932-5c8e-4310-82a5-37a0b671aa2d - completionTimestamp: "2024-04-24T01:02:30Z" - conditions: - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T01:00:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T01:00:33Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T01:00:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T01:02:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T01:02:31Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-24T01:00:00Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - postBackupExecHooksRunResults: [] - postSnapshotExecHooksRunResults: [] - preBackupExecHooksRunResults: [] - preSnapshotExecHooksRunResults: [] - progress: - volumeBackups: - - completionTimestamp: "2024-04-24T01:02:30Z" - pvcUid: b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticRepositoryPath: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/ghost_b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticSnapshotID: 5d066ee6e4626ec2e3eff50d766f080ba90b2339df5b9f7baf46c281d0763da6 - resticVolumeBackupCompleted: true - resticVolumeBackupCreated: true - sourceVolumeSnapshot: - name: snapshot-71804332-e19d-42a0-bc02-56bd606b9f66-pvc-b9ff9e05-5049-4862-82c6-dea080c2fe0d - namespace: ghost - volumeSnapshotContentCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vsc-ab718bad-fa67-4159-a761-6d1eb5de5330 - volumeSnapshotCopied: true - volumeSnapshotCopyDeleted: true - volumeSnapshotCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vs-d55f9b97-11e5-4fb7-89c0-a2559eba753d - volumeSnapshotCopyReadyToUse: true - - completionTimestamp: "2024-04-24T01:02:30Z" - pvcUid: 38c468b3-eed6-48f2-b43b-15083dd1c030 - resticRepositoryPath: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_38c468b3-eed6-48f2-b43b-15083dd1c030 - resticSnapshotID: dc601d5db3ed78823b134326c6cc9607f1636530783707eb8cd02a018b244e07 - resticVolumeBackupCompleted: true - resticVolumeBackupCreated: true - sourceVolumeSnapshot: - name: snapshot-71804332-e19d-42a0-bc02-56bd606b9f66-pvc-38c468b3-eed6-48f2-b43b-15083dd1c030 - namespace: ghost - volumeSnapshotContentCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vsc-df43df62-1501-406b-b7ba-90aafcd763d5 - volumeSnapshotCopied: true - volumeSnapshotCopyDeleted: true - volumeSnapshotCopyName: backup-d4b61932-5c8e-4310-82a5-37a0b671aa2d-vs-ecf680cf-1665-4320-9f84-c99911b48a2b - volumeSnapshotCopyReadyToUse: true - sourceSnapshotName: daily-a4587-20240424010000 - state: Completed diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml deleted file mode 100644 index 9cc87d827cb11..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: 3c492b7e-8b1f-491a-af99-aa3fca9d54cf - created-by-astra-schedule-name: ghost-daily - created-by-astra-schedule-namespace: astra-connector - creationTimestamp: "2024-04-24T01:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - labels: - created-by-astra-schedule-uid: a2736922-6801-482c-a199-03ef8a3f35d7 - name: daily-a4587-20240424010000 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9965658" - uid: d4b61932-5c8e-4310-82a5-37a0b671aa2d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - snapshotRef: daily-a4587-20240424010000 diff --git a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml deleted file mode 100644 index 38477b5a3f02c..0000000000000 --- a/resource_customizations/astra.netapp.io/Backup/testdata/progressing_status.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Backup -metadata: - annotations: - astra.netapp.io/correlationid: cd272631-d0a8-4a61-9cde-6a7202074051 - creationTimestamp: "2024-04-24T19:39:34Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-20240424193745 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10599529" - uid: fea5520e-553c-400d-8539-e9d2bbe5b762 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourceSnapshotExists - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Waiting for source Snapshot to complete - reason: Waiting - status: "False" - type: SourceSnapshotCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: SnapshotAppArchiveCopied - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeBackupsCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostBackupExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporarySnapshotCleanedUp - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:39:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostBackupExecHooksRunCompleted - progress: {} - sourceSnapshotName: backup-fea5520e-553c-400d-8539-e9d2bbe5b762 - state: Running diff --git a/resource_customizations/astra.netapp.io/ExecHook/health.lua b/resource_customizations/astra.netapp.io/ExecHook/health.lua deleted file mode 100644 index 6d7389ccf0704..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/health.lua +++ /dev/null @@ -1,13 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.spec ~= nil then - if obj.spec.enabled ~= nil then - if obj.spec.enabled == true then - hs.status = "Healthy" - hs.message = obj.kind .. " enabled" - elseif obj.spec.enabled == false then - hs.status = "Suspended" - hs.message = obj.kind .. " disabled" - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml b/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml deleted file mode 100644 index abe46b3f6714e..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Healthy - message: "ExecHook enabled" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Suspended - message: "ExecHook disabled" - inputPath: testdata/suspended.yaml diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml deleted file mode 100644 index fd0e7ad1af15b..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/healthy.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 1 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11239151" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - enabled: true - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCmV4aXQgMA== - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml deleted file mode 100644 index ba5af3f288bf4..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11342335" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCnNsZWVwIDMwMApleGl0IDA= - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml b/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml deleted file mode 100644 index 607b3df616164..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHook/testdata/suspended.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHook -metadata: - creationTimestamp: "2024-04-25T14:17:52Z" - generation: 3 - labels: - argocd.argoproj.io/instance: ghost-demo - name: pre-snapshot - namespace: astra-connector - resourceVersion: "11342335" - uid: 105679e3-4acc-4618-a3c2-53e0e5949f65 -spec: - action: snapshot - applicationRef: ghost - arguments: - - pre - enabled: false - hookSource: IyEvYmluL3NoCgojCiMgc3VjY2Vzc19zYW1wbGUuc2gKIwojIEEgc2ltcGxlIG5vb3Agc3VjY2VzcyBob29rIHNjcmlwdCBmb3IgdGVzdGluZyBwdXJwb3Nlcy4KIwojIGFyZ3M6IE5vbmUKIwoKCiMKIyBXcml0ZXMgdGhlIGdpdmVuIG1lc3NhZ2UgdG8gc3RhbmRhcmQgb3V0cHV0CiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKbXNnKCkgewogICAgZWNobyAiJCoiCn0KCgojCiMgV3JpdGVzIHRoZSBnaXZlbiBpbmZvcm1hdGlvbiBtZXNzYWdlIHRvIHN0YW5kYXJkIG91dHB1dAojCiMgJCogLSBUaGUgbWVzc2FnZSB0byB3cml0ZQojCmluZm8oKSB7CiAgICBtc2cgIklORk86ICQqIgp9CgojCiMgV3JpdGVzIHRoZSBnaXZlbiBlcnJvciBtZXNzYWdlIHRvIHN0YW5kYXJkIGVycm9yCiMKIyAkKiAtIFRoZSBtZXNzYWdlIHRvIHdyaXRlCiMKZXJyb3IoKSB7CiAgICBtc2cgIkVSUk9SOiAkKiIgMT4mMgp9CgoKIwojIG1haW4KIwoKIyBsb2cgc29tZXRoaW5nIHRvIHN0ZG91dAppbmZvICJydW5uaW5nIHN1Y2Nlc3Nfc2FtcGxlLnNoIgoKIyBleGl0IHdpdGggMCB0byBpbmRpY2F0ZSBzdWNjZXNzIAppbmZvICJleGl0IDAiCnNsZWVwIDMwMApleGl0IDA= - matchingCriteria: - - type: containerImage - value: mysql - stage: pre - timeout: 25 diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua b/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml deleted file mode 100644 index 52b629e5e7013..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ExecHooksRun Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ExecHooksRun Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml deleted file mode 100644 index d8822c311f449..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/degraded.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T17:00:50Z" - generation: 1 - name: post-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11335239" - uid: 9bfcda95-2731-47dc-8eb2-6e83ae19da00 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: post -status: - completionTimestamp: "2024-04-25T17:00:56Z" - conditions: - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: failed to get application archive - reason: Done - status: "False" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - completionTimestamp: "2024-04-25T17:00:56Z" - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: post-snapshot - execHookUID: 2cafb1b4-2575-426c-8102-29437ebee48b - jobName: ehr-47223ea8dd0115ca18a986c77380aeb3 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T17:00:50Z" - state: Failed diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml deleted file mode 100644 index 0d237f0eb75a5..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/healthy.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T17:00:50Z" - generation: 1 - name: post-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11335239" - uid: 9bfcda95-2731-47dc-8eb2-6e83ae19da00 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: post -status: - completionTimestamp: "2024-04-25T17:00:56Z" - conditions: - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Found 1 matching container/exechook pairs - reason: Done - status: "True" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Wait only needed on a restore - reason: Done - status: "True" - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T17:00:56Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-25T17:00:50Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - completionTimestamp: "2024-04-25T17:00:56Z" - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: post-snapshot - execHookUID: 2cafb1b4-2575-426c-8102-29437ebee48b - jobName: ehr-47223ea8dd0115ca18a986c77380aeb3 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T17:00:50Z" - state: Completed diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml deleted file mode 100644 index 4d3b6704d4d20..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T16:35:34Z" - generation: 1 - name: pre-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11320392" - uid: 064199e2-d540-4628-b4ec-5b417bb85128 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-734ced050128 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: pre diff --git a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml deleted file mode 100644 index 44578700d61dd..0000000000000 --- a/resource_customizations/astra.netapp.io/ExecHooksRun/testdata/progressing_status.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ExecHooksRun -metadata: - annotations: - astra.netapp.io/correlationid: 1c47a636-f819-43f3-baee-054793424bb5 - creationTimestamp: "2024-04-25T16:35:34Z" - generation: 1 - name: pre-snapshot-073d13d7-4a0c-4c5e-914f-331ef6d00de2 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240425163524 - uid: 073d13d7-4a0c-4c5e-914f-331ef6d00de2 - resourceVersion: "11320407" - uid: 064199e2-d540-4628-b4ec-5b417bb85128 -spec: - action: snapshot - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240425163526_argo-presync-20240425163524_073d13d7-4a0c-4c5e-914f-331ef6d00de2 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - resourceFilter: {} - stage: pre -status: - conditions: - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Found 1 matching container/exechook pairs - reason: Done - status: "True" - type: RetrievedMatchingContainers - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Wait only needed on a restore - reason: Done - status: "True" - type: WaitForReadiness - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Waiting - reason: Waiting - status: "False" - type: ProcessMatchingContainers - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ArchiveExecHooksUsed - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-25T16:35:34Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailureArchiveExecHooksUsed - matchingContainers: - - containerImage: docker.io/bitnami/mysql:8.0.32-debian-11-r8 - containerName: mysql - execHookRef: pre-snapshot - execHookUID: 105679e3-4acc-4618-a3c2-53e0e5949f65 - jobName: ehr-ea0e89c8221790b54e94b4ac937aeac2 - namespace: ghost - podName: ghost-mysql-5bfb6bc8f5-stw4w - podUID: 15ddfce0-1565-4574-89a6-80662450aedd - startTimestamp: "2024-04-25T16:35:34Z" - state: Running diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/health.lua b/resource_customizations/astra.netapp.io/ResourceBackup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml deleted file mode 100644 index 21668ca2006eb..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ResourceBackup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ResourceBackup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Error" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml deleted file mode 100644 index dc8bcd087f06c..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/degraded.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: 6094b54d-b02b-475a-b5db-136729841240 - creationTimestamp: "2024-04-24T19:54:19Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-7b0d4f5e-53d0-4742-adec-15ef5d527865 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - uid: 7b0d4f5e-53d0-4742-adec-15ef5d527865 - resourceVersion: "10608354" - uid: 9f8505a1-29ac-4755-92b5-536e6d825c35 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424195419_backup-ad301b6a-6536-4313-89c1-d10ad0275430_7b0d4f5e-53d0-4742-adec-15ef5d527865 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - conditions: - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: - 'unable to fetch appVault: AppVault.astra.netapp.io "astra-gcp-backup-743cfd150129" - not found' - reason: Error - status: "False" - type: JobCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCleanedUp - error: - 'unable to fetch appVault: AppVault.astra.netapp.io "astra-gcp-backup-743cfd150129" - not found' - state: Error diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml deleted file mode 100644 index 047ccbf583b5a..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/healthy.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: 5b89a58c-9b7c-42e8-b426-c8f863e88f41 - creationTimestamp: "2024-04-18T02:00:00Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0b1c9d28-33bd-45ce-b75b-2a45721e7218 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: daily-02c95-20240418020000 - uid: 0b1c9d28-33bd-45ce-b75b-2a45721e7218 - resourceVersion: "5060306" - uid: 28c08689-2f8d-4b1e-bfa4-ac8c8795adff -spec: - appArchivePath: wordpress_5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3/snapshots/20240418020000_daily-02c95-20240418020000_0b1c9d28-33bd-45ce-b75b-2a45721e7218 - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: wordpress -status: - appArchivePath: wordpress_5ab7cd7d-7a9b-4508-9da2-c7dcb10a69b3/snapshots/20240418020000_daily-02c95-20240418020000_0b1c9d28-33bd-45ce-b75b-2a45721e7218 - completionTimestamp: "2024-04-18T02:00:09Z" - conditions: - - lastTransitionTime: "2024-04-18T02:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-18T02:00:00Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCreated - - lastTransitionTime: "2024-04-18T02:00:09Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCompleted - - lastTransitionTime: "2024-04-18T02:00:10Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCleanedUp - state: Completed diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml deleted file mode 100644 index e4e5f9f6512d5..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: ee3baf3b-c470-486f-a327-47a6eada0722 - creationTimestamp: "2024-04-24T21:30:21Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0796d78d-e751-4835-a0d4-be61b9f9076a - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240424213020 - uid: 0796d78d-e751-4835-a0d4-be61b9f9076a - resourceVersion: "10661760" - uid: 6ed660f0-95be-4369-b548-15cb094a44c2 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost diff --git a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml deleted file mode 100644 index ba27f3627f798..0000000000000 --- a/resource_customizations/astra.netapp.io/ResourceBackup/testdata/progressing_status.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResourceBackup -metadata: - annotations: - astra.netapp.io/correlationid: ee3baf3b-c470-486f-a327-47a6eada0722 - creationTimestamp: "2024-04-24T21:30:21Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: snapshot-0796d78d-e751-4835-a0d4-be61b9f9076a - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Snapshot - name: argo-presync-20240424213020 - uid: 0796d78d-e751-4835-a0d4-be61b9f9076a - resourceVersion: "10661760" - uid: 6ed660f0-95be-4369-b548-15cb094a44c2 -spec: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424213020_argo-presync-20240424213020_0796d78d-e751-4835-a0d4-be61b9f9076a - conditions: - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Successfully reconciled - reason: Done - status: "True" - type: JobCreated - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: waiting for resource backup job to complete - reason: Waiting - status: "False" - type: JobCompleted - - lastTransitionTime: "2024-04-24T21:30:21Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: JobCleanedUp - state: Running diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml deleted file mode 100644 index 2038e85656a2f..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "ResticVolumeBackup Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "ResticVolumeBackup Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml deleted file mode 100644 index dd1e080791b2a..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/degraded.yaml +++ /dev/null @@ -1,99 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 26d34f64-38cc-4775-881d-a2fa12437f4b - creationTimestamp: "2024-04-17T13:50:44Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2024-04-17T14:51:28Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: backup-8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27-vs-54c8ec7f-42e8-48aa-b347-d4acab7b877b - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240417135000 - uid: 8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27 - resourceVersion: "4675672" - uid: ba90a4f7-a68f-4978-bc04-86902281adc2 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteMany - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-8f2ae7bd-82fc-4b4f-a22d-d08edc2e4e27-vs-54c8ec7f-42e8-48aa-b347-d4acab7b877b - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/ghost_b9ff9e05-5049-4862-82c6-dea080c2fe0d - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - clonePVName: "" - conditions: - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: - "restic job restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - failed: permanent error" - reason: Failed - status: "False" - type: ResticJobCompleted - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-17T13:50:44Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - error: - "restic job restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 failed: - permanent error" - resticJobName: restic-volume-backup-ba90a4f7-a68f-4978-bc04-86902281adc2 - state: Failed diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml deleted file mode 100644 index 55d5fdf49055e..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/healthy.yaml +++ /dev/null @@ -1,94 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 2d54c3e9-2b18-4ce9-958e-4c307619e4e7 - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11460297" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - clonePVName: pvc-90470af6-7d44-4500-80c1-99f925193654 - completionTimestamp: "2024-04-25T20:31:57Z" - conditions: - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCompleted - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-25T20:30:54Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:31:57Z" - message: Successfully reconciled - reason: Done - status: "True" - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:31:57Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - resticJobName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - resticSnapshotID: 88c5684cf3e0cd73e57d96f11d20b1c6b03c913cf574cb73cb40da95078d6694 - state: Completed diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml deleted file mode 100644 index b622e552015f1..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11459172" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 diff --git a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml deleted file mode 100644 index e0889bf955fdd..0000000000000 --- a/resource_customizations/astra.netapp.io/ResticVolumeBackup/testdata/progressing_status.yaml +++ /dev/null @@ -1,92 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: ResticVolumeBackup -metadata: - annotations: - astra.netapp.io/correlationid: 2d54c3e9-2b18-4ce9-958e-4c307619e4e7 - creationTimestamp: "2024-04-25T20:30:15Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: hourly-acde9-20240425195000 - uid: 40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14 - resourceVersion: "11459181" - uid: f3424a57-862e-4609-88ce-e534a655a5d6 -spec: - clonePVC: - metadata: {} - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: netapp-cvs-perf-premium - dataSourceRef: - apiGroup: snapshot.storage.k8s.io - kind: VolumeSnapshot - name: backup-40b1dc7d-f1c0-4c3d-b34e-d7db5cc26d14-vs-78b36b0d-52db-4b24-afe4-ceec56209bbb - resticEnv: - - name: GOOGLE_PROJECT_ID - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4/credentials.json - - name: RESTIC_PASSWORD - value: password - resticRepository: gs:astra-gcp-backup-743cfd150129://ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/restic/ghost/mysql-pv-claim_5749beb5-e09a-4286-8cb4-1af9750f6929 - resticVolumeMounts: - - mount: - mountPath: /var/run/secrets/neptune/astra-gcp-backup-743cfd150129-5rdt4 - name: secret-astra-gcp-backup-743cfd150129-5rdt4 - readOnly: true - source: - items: - - key: credentials.json - path: credentials.json - secretName: astra-gcp-backup-743cfd150129-5rdt4 -status: - clonePVCName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - clonePVName: "" - conditions: - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: SourcePVCExists - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResticJobCreated - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCompleted - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: ResticJobCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: TemporaryPVCloneCleanedUp - - lastTransitionTime: "2024-04-25T20:30:15Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - resticJobName: restic-volume-backup-f3424a57-862e-4609-88ce-e534a655a5d6 - state: Running diff --git a/resource_customizations/astra.netapp.io/Schedule/health.lua b/resource_customizations/astra.netapp.io/Schedule/health.lua deleted file mode 100644 index 5d122593e5b08..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/health.lua +++ /dev/null @@ -1,7 +0,0 @@ -hs = { status = "Healthy", message = "Protection policy not yet executed" } -if obj.status ~= nil then - if obj.status.lastScheduleTime ~= nil then - hs.message = "Protection policy lastScheduleTime: " .. obj.status.lastScheduleTime - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Schedule/health_test.yaml b/resource_customizations/astra.netapp.io/Schedule/health_test.yaml deleted file mode 100644 index 73414e0b58d5a..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/health_test.yaml +++ /dev/null @@ -1,9 +0,0 @@ -tests: - - healthStatus: - status: Healthy - message: "Protection policy not yet executed" - inputPath: testdata/healthy_nostatus.yaml - - healthStatus: - status: Healthy - message: "Protection policy lastScheduleTime: 2024-04-24T01:00:00Z" - inputPath: testdata/healthy_status.yaml diff --git a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml deleted file mode 100644 index 0456fb39fc0f6..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_nostatus.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Schedule -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - generation: 2 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost-monthly - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "3231157" - uid: f75ebc6f-627c-4b34-ba36-e64ddc3948e3 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - backupRetention: "1" - dayOfMonth: "1" - dayOfWeek: "" - enabled: true - granularity: monthly - hour: "2" - minute: "0" - recurrenceRule: "" - snapshotRetention: "1" diff --git a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml b/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml deleted file mode 100644 index 71f99ddf23299..0000000000000 --- a/resource_customizations/astra.netapp.io/Schedule/testdata/healthy_status.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Schedule -metadata: - creationTimestamp: "2024-04-15T20:46:16Z" - generation: 2 - labels: - argocd.argoproj.io/instance: ghost-demo - name: ghost-daily - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "9963815" - uid: a2736922-6801-482c-a199-03ef8a3f35d7 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - backupRetention: "1" - dayOfMonth: "" - dayOfWeek: "" - enabled: true - granularity: daily - hour: "1" - minute: "0" - recurrenceRule: "" - snapshotRetention: "1" -status: - lastScheduleTime: "2024-04-24T01:00:00Z" diff --git a/resource_customizations/astra.netapp.io/Snapshot/health.lua b/resource_customizations/astra.netapp.io/Snapshot/health.lua deleted file mode 100644 index 39de4ac74eb68..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/health.lua +++ /dev/null @@ -1,16 +0,0 @@ -hs = { status = "Progressing", message = "No status available" } -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Completed" then - hs.status = "Healthy" - hs.message = obj.kind .. " Completed" - elseif obj.status.state == "Running" then - hs.status = "Progressing" - hs.message = obj.kind .. " Running" - else - hs.status = "Degraded" - hs.message = obj.status.state - end - end -end -return hs diff --git a/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml b/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml deleted file mode 100644 index c15b3d8b3a9f0..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: - - healthStatus: - status: Progressing - message: "No status available" - inputPath: testdata/progressing_nostatus.yaml - - healthStatus: - status: Progressing - message: "Snapshot Running" - inputPath: testdata/progressing_status.yaml - - healthStatus: - status: Healthy - message: "Snapshot Completed" - inputPath: testdata/healthy.yaml - - healthStatus: - status: Degraded - message: "Failed" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml deleted file mode 100644 index 89851bbe5dc0b..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/degraded.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: 6094b54d-b02b-475a-b5db-136729841240 - creationTimestamp: "2024-04-24T19:54:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 1 - name: backup-ad301b6a-6536-4313-89c1-d10ad0275430 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - blockOwnerDeletion: true - controller: true - kind: Backup - name: backup-20240424193746 - uid: ad301b6a-6536-4313-89c1-d10ad0275430 - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10641329" - uid: 7b0d4f5e-53d0-4742-adec-15ef5d527865 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424195419_backup-ad301b6a-6536-4313-89c1-d10ad0275430_7b0d4f5e-53d0-4742-adec-15ef5d527865 - conditions: - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: reconcile timeout of 1h0m0s exceeded - reason: Timeout - status: "False" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T19:54:19Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - error: reconcile timeout of 1h0m0s exceeded - state: Failed diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml deleted file mode 100644 index 7073f9c5147b5..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/healthy.yaml +++ /dev/null @@ -1,81 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: 87091676-6489-4c76-8728-6b81bf4936b0 - creationTimestamp: "2024-04-24T14:23:18Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424142317 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10421471" - uid: 152faab3-0374-4cef-bac9-6e7940b06aa9 -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424142318_argo-presync-20240424142317_152faab3-0374-4cef-bac9-6e7940b06aa9 - completionTimestamp: "2024-04-24T14:23:43Z" - conditions: - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T14:23:30Z" - message: Successfully reconciled - reason: Done - status: "True" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T14:23:31Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T14:23:41Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T14:23:42Z" - message: Successfully reconciled - reason: Done - status: "True" - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T14:23:43Z" - message: Successfully reconciled - reason: Done - status: "True" - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T14:23:43Z" - message: Successfully reconciled - reason: Done - status: "True" - type: Completed - - lastTransitionTime: "2024-04-24T14:23:18Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - postSnapshotExecHooksRunResults: [] - preSnapshotExecHooksRunResults: [] - state: Completed - volumeSnapshots: - - name: snapshot-152faab3-0374-4cef-bac9-6e7940b06aa9-pvc-b9ff9e05-5049-4862-82c6-dea080c2fe0d - namespace: ghost - - name: snapshot-152faab3-0374-4cef-bac9-6e7940b06aa9-pvc-38c468b3-eed6-48f2-b43b-15083dd1c030 - namespace: ghost diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml deleted file mode 100644 index 28501e28fd95f..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_nostatus.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: de2315e9-4733-4733-91a0-1abec5f1e44e - creationTimestamp: "2024-04-24T21:17:04Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424211703 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10654224" - uid: b200db48-c186-4ae8-9748-1ba7bec23d6d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s diff --git a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml b/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml deleted file mode 100644 index 08951648c6d74..0000000000000 --- a/resource_customizations/astra.netapp.io/Snapshot/testdata/progressing_status.yaml +++ /dev/null @@ -1,73 +0,0 @@ -apiVersion: astra.netapp.io/v1 -kind: Snapshot -metadata: - annotations: - astra.netapp.io/correlationid: de2315e9-4733-4733-91a0-1abec5f1e44e - creationTimestamp: "2024-04-24T21:17:04Z" - finalizers: - - astra.netapp.io/finalizer - generation: 2 - name: argo-presync-20240424211703 - namespace: astra-connector - ownerReferences: - - apiVersion: astra.netapp.io/v1 - kind: Application - name: ghost - uid: 0af10ee8-772b-4367-8334-44f9e4ad2849 - resourceVersion: "10654224" - uid: b200db48-c186-4ae8-9748-1ba7bec23d6d -spec: - appVaultRef: astra-gcp-backup-743cfd150129 - applicationRef: ghost - completionTimeout: 0s - volumeSnapshotsCreatedTimeout: 0s - volumeSnapshotsReadyToUseTimeout: 0s -status: - appArchivePath: ghost_0af10ee8-772b-4367-8334-44f9e4ad2849/snapshots/20240424211704_argo-presync-20240424211703_b200db48-c186-4ae8-9748-1ba7bec23d6d - conditions: - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppOwnerReferenceCreated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Successfully reconciled - reason: Done - status: "True" - type: AppArchivePathNameGenerated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Waiting for ResourceBackup to complete - reason: Waiting - status: "False" - type: ResourceBackupCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PreSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsCreated - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: PostSnapshotExecHooksRunCompleted - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: VolumeSnapshotsReady - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: Completed - - lastTransitionTime: "2024-04-24T21:17:04Z" - message: Not yet reconciled - reason: Pending - status: Unknown - type: OnFailurePostSnapshotExecHooksRunCompleted - state: Running diff --git a/resource_customizations/camel.apache.org/Integration/health.lua b/resource_customizations/camel.apache.org/Integration/health.lua deleted file mode 100644 index d2c7494e36bc2..0000000000000 --- a/resource_customizations/camel.apache.org/Integration/health.lua +++ /dev/null @@ -1,24 +0,0 @@ -local hs = {} -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - -- Let's check if something is wrong with the CRD deployment - if condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - -- Let's check if things are healthy with the CRD deployment - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = condition.message - return hs - end - end - end -end - --- Otherwise let's assume that we are still busy building/deploying the Integration -hs.status = "Progressing" -hs.message = "Waiting for Integration" -return hs diff --git a/resource_customizations/camel.apache.org/Integration/health_test.yaml b/resource_customizations/camel.apache.org/Integration/health_test.yaml deleted file mode 100644 index 44d6fb38f2507..0000000000000 --- a/resource_customizations/camel.apache.org/Integration/health_test.yaml +++ /dev/null @@ -1,13 +0,0 @@ -tests: -- healthStatus: - status: Progressing - message: "Waiting for Integration" - inputPath: testdata/progressing.yaml -- healthStatus: - status: Healthy - message: "" - inputPath: testdata/healthy.yaml -- healthStatus: - status: Degraded - message: "back-off 40s restarting failed container=integration pod=camelk-example-deployment" - inputPath: testdata/degraded.yaml diff --git a/resource_customizations/camel.apache.org/Integration/testdata/degraded.yaml b/resource_customizations/camel.apache.org/Integration/testdata/degraded.yaml deleted file mode 100644 index 40b6e69641f04..0000000000000 --- a/resource_customizations/camel.apache.org/Integration/testdata/degraded.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: camel.apache.org/v1 -kind: Integration -metadata: - annotations: - camel.apache.org/operator.id: camel-k - generation: 1 - name: camelk-example - namespace: default -spec: - sources: - - content: | - from('timer:tick?period=3000') - .setBody().constant('Hello world from Camel-K') - .to('log:info') - name: camelk-example.groovy - traits: {} -status: - conditions: - - firstTruthyTime: "2024-01-26T16:01:50Z" - lastTransitionTime: "2024-01-26T16:01:50Z" - lastUpdateTime: "2024-01-26T16:01:50Z" - message: camel-k/camel-k - reason: IntegrationPlatformAvailable - status: "True" - type: IntegrationPlatformAvailable - - firstTruthyTime: "2024-01-26T16:01:52Z" - lastTransitionTime: "2024-01-26T16:01:52Z" - lastUpdateTime: "2024-01-26T16:01:52Z" - message: kit-cmkkksgve68c73e60i60 - reason: IntegrationKitAvailable - status: "True" - type: IntegrationKitAvailable - - lastTransitionTime: "2024-01-26T16:01:52Z" - lastUpdateTime: "2024-01-26T16:01:52Z" - message: different controller strategy used (knative-service) - reason: CronJobNotAvailableReason - status: "False" - type: CronJobAvailable - - lastTransitionTime: "2024-01-26T16:01:52Z" - lastUpdateTime: "2024-01-26T16:01:52Z" - message: 'controller strategy: knative-service' - reason: DeploymentAvailable - status: "False" - type: DeploymentAvailable - - firstTruthyTime: "2024-01-26T16:01:52Z" - lastTransitionTime: "2024-01-26T16:01:52Z" - lastUpdateTime: "2024-01-26T16:01:52Z" - message: Knative service name is api-example - reason: KnativeServiceAvailable - status: "True" - type: KnativeServiceAvailable - - lastTransitionTime: "2024-01-26T16:01:52Z" - lastUpdateTime: "2024-01-26T16:02:55Z" - message: back-off 40s restarting failed container=integration pod=camelk-example-deployment - reason: Error - status: "False" - type: Ready - phase: Error diff --git a/resource_customizations/camel.apache.org/Integration/testdata/healthy.yaml b/resource_customizations/camel.apache.org/Integration/testdata/healthy.yaml deleted file mode 100644 index 6fb5e5e462110..0000000000000 --- a/resource_customizations/camel.apache.org/Integration/testdata/healthy.yaml +++ /dev/null @@ -1,58 +0,0 @@ -apiVersion: camel.apache.org/v1 -kind: Integration -metadata: - annotations: - camel.apache.org/operator.id: camel-k - generation: 1 - name: camelk-example - namespace: default -spec: - sources: - - content: | - from('timer:tick?period=3000') - .setBody().constant('Hello world from Camel-K') - .to('log:info') - name: camelk-example.groovy - traits: {} -status: - conditions: - - firstTruthyTime: "2024-01-26T09:13:16Z" - lastTransitionTime: "2024-01-26T09:13:16Z" - lastUpdateTime: "2024-01-26T09:13:16Z" - message: camel-k/camel-k - reason: IntegrationPlatformAvailable - status: "True" - type: IntegrationPlatformAvailable - - firstTruthyTime: "2024-01-26T09:13:19Z" - lastTransitionTime: "2024-01-26T09:13:19Z" - lastUpdateTime: "2024-01-26T09:13:19Z" - message: kit-cmkkksgve68c73e60i60 - reason: IntegrationKitAvailable - status: "True" - type: IntegrationKitAvailable - - lastTransitionTime: "2024-01-26T09:13:19Z" - lastUpdateTime: "2024-01-26T09:13:19Z" - message: different controller strategy used (knative-service) - reason: CronJobNotAvailableReason - status: "False" - type: CronJobAvailable - - lastTransitionTime: "2024-01-26T09:13:19Z" - lastUpdateTime: "2024-01-26T09:13:19Z" - message: 'controller strategy: knative-service' - reason: DeploymentAvailable - status: "False" - type: DeploymentAvailable - - firstTruthyTime: "2024-01-26T09:13:19Z" - lastTransitionTime: "2024-01-26T09:13:19Z" - lastUpdateTime: "2024-01-26T09:13:19Z" - message: Knative service name is camelk-example - reason: KnativeServiceAvailable - status: "True" - type: KnativeServiceAvailable - - firstTruthyTime: "2024-01-26T09:13:31Z" - lastTransitionTime: "2024-01-26T09:13:31Z" - lastUpdateTime: "2024-01-26T09:13:31Z" - reason: KnativeServiceReady - status: "True" - type: Ready - phase: Running diff --git a/resource_customizations/camel.apache.org/Integration/testdata/progressing.yaml b/resource_customizations/camel.apache.org/Integration/testdata/progressing.yaml deleted file mode 100644 index 58e7b4af64db6..0000000000000 --- a/resource_customizations/camel.apache.org/Integration/testdata/progressing.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: camel.apache.org/v1 -kind: Integration -metadata: - annotations: - camel.apache.org/operator.id: camel-k - generation: 1 - name: camelk-example - namespace: default -spec: - sources: - - content: | - from('timer:tick?period=3000') - .setBody().constant('Hello world from Camel-K') - .to('log:info') - name: camelk-example.groovy - traits: {} -status: - conditions: - - firstTruthyTime: "2024-01-26T09:13:16Z" - lastTransitionTime: "2024-01-26T09:13:16Z" - lastUpdateTime: "2024-01-26T09:13:16Z" - message: camel-k/camel-k - reason: IntegrationPlatformAvailable - status: "True" - type: IntegrationPlatformAvailable - - firstTruthyTime: "2024-01-26T09:13:19Z" - lastTransitionTime: "2024-01-26T09:13:19Z" - lastUpdateTime: "2024-01-26T09:13:19Z" - message: kit-cmkkksgve68c73e60i60 - reason: IntegrationKitAvailable - status: "True" - type: IntegrationKitAvailable - - lastTransitionTime: "2024-01-26T09:13:19Z" - lastUpdateTime: "2024-01-26T09:13:19Z" - message: different controller strategy used (knative-service) - reason: CronJobNotAvailableReason - status: "False" - type: CronJobAvailable - phase: Deploying \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/health.lua b/resource_customizations/core.humio.com/HumioAction/health.lua deleted file mode 100644 index a99a0eb2e0d59..0000000000000 --- a/resource_customizations/core.humio.com/HumioAction/health.lua +++ /dev/null @@ -1,30 +0,0 @@ -hs = { - status = "Progressing", - message = "Update in progress" -} -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Exists" then - hs.status = "Healthy" - hs.message = "Component state: Exists." - end - if obj.status.state == "NotFound" then - hs.status = "Missing" - hs.message = "Component state: NotFound." - end - if obj.status.state == "ConfigError" then - hs.status = "Degraded" - hs.message = "Component state: ConfigError." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - end - return hs -end -return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/health_test.yaml b/resource_customizations/core.humio.com/HumioAction/health_test.yaml deleted file mode 100644 index f90baf9bccc9f..0000000000000 --- a/resource_customizations/core.humio.com/HumioAction/health_test.yaml +++ /dev/null @@ -1,21 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Component state: Exists." - inputPath: testdata/healthy.yaml -- healthStatus: - status: Missing - message: "Component state: NotFound." - inputPath: testdata/notfound.yaml -- healthStatus: - status: Degraded - message: "Component state: ConfigError." - inputPath: testdata/configerror.yaml -- healthStatus: - status: Unknown - message: "Component state: Unknown." - inputPath: testdata/unknown.yaml -- healthStatus: - status: Progressing - message: "Update in progress" - inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/configerror.yaml deleted file mode 100644 index 1c986292f21a4..0000000000000 --- a/resource_customizations/core.humio.com/HumioAction/testdata/configerror.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-action-1 - namespace: humio - resourceVersion: '10768054' - uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e -spec: - humioRepositoryProperties: - ingestTokenSource: - secretKeyRef: - key: test-token - name: token - managedClusterName: example-humiocluster - name: trigger_action - viewName: example-1 -status: - state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/healthy.yaml deleted file mode 100644 index f6dfeffcf31a5..0000000000000 --- a/resource_customizations/core.humio.com/HumioAction/testdata/healthy.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-action-1 - namespace: humio - resourceVersion: '10768054' - uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e -spec: - humioRepositoryProperties: - ingestTokenSource: - secretKeyRef: - key: test-token - name: token - managedClusterName: example-humiocluster - name: trigger_action - viewName: example-1 -status: - state: Exists \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/notfound.yaml deleted file mode 100644 index 2743fb1b7b54b..0000000000000 --- a/resource_customizations/core.humio.com/HumioAction/testdata/notfound.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-action-1 - namespace: humio - resourceVersion: '10768054' - uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e -spec: - humioRepositoryProperties: - ingestTokenSource: - secretKeyRef: - key: test-token - name: token - managedClusterName: example-humiocluster - name: trigger_action - viewName: example-1 -status: - state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/progressing.yaml deleted file mode 100644 index 8a43ffc4fab01..0000000000000 --- a/resource_customizations/core.humio.com/HumioAction/testdata/progressing.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-action-1 - namespace: humio - resourceVersion: '10768054' - uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e -spec: - humioRepositoryProperties: - ingestTokenSource: - secretKeyRef: - key: test-token - name: token - managedClusterName: example-humiocluster - name: trigger_action - viewName: example-1 \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAction/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioAction/testdata/unknown.yaml deleted file mode 100644 index e3ec98cd557b4..0000000000000 --- a/resource_customizations/core.humio.com/HumioAction/testdata/unknown.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAction -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-action-1 - namespace: humio - resourceVersion: '10768054' - uid: f339ddf1-3b3e-49e0-80cc-7f583dce532e -spec: - humioRepositoryProperties: - ingestTokenSource: - secretKeyRef: - key: test-token - name: token - managedClusterName: example-humiocluster - name: trigger_action - viewName: example-1 -status: - state: Unknown diff --git a/resource_customizations/core.humio.com/HumioAlert/health.lua b/resource_customizations/core.humio.com/HumioAlert/health.lua deleted file mode 100644 index a99a0eb2e0d59..0000000000000 --- a/resource_customizations/core.humio.com/HumioAlert/health.lua +++ /dev/null @@ -1,30 +0,0 @@ -hs = { - status = "Progressing", - message = "Update in progress" -} -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Exists" then - hs.status = "Healthy" - hs.message = "Component state: Exists." - end - if obj.status.state == "NotFound" then - hs.status = "Missing" - hs.message = "Component state: NotFound." - end - if obj.status.state == "ConfigError" then - hs.status = "Degraded" - hs.message = "Component state: ConfigError." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - end - return hs -end -return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAlert/health_test.yaml b/resource_customizations/core.humio.com/HumioAlert/health_test.yaml deleted file mode 100644 index f90baf9bccc9f..0000000000000 --- a/resource_customizations/core.humio.com/HumioAlert/health_test.yaml +++ /dev/null @@ -1,21 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Component state: Exists." - inputPath: testdata/healthy.yaml -- healthStatus: - status: Missing - message: "Component state: NotFound." - inputPath: testdata/notfound.yaml -- healthStatus: - status: Degraded - message: "Component state: ConfigError." - inputPath: testdata/configerror.yaml -- healthStatus: - status: Unknown - message: "Component state: Unknown." - inputPath: testdata/unknown.yaml -- healthStatus: - status: Progressing - message: "Update in progress" - inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/configerror.yaml deleted file mode 100644 index 043d08d6a2d17..0000000000000 --- a/resource_customizations/core.humio.com/HumioAlert/testdata/configerror.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAlert -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-alert-1 - namespace: humio - resourceVersion: '10768150' - uid: eb138512-0661-47c1-a056-0e53f3b5fa1f -spec: - actions: - - move-to-alerts - description: Error counts - labels: - - test-label - managedClusterName: example-humiocluster - name: example-alert - query: - queryString: '#repo = humio | error = true | count() | _count > 0' - start: 24h - silenced: false - throttleTimeMillis: 60000 - viewName: example-view -status: - state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/healthy.yaml deleted file mode 100644 index c62feb15a2943..0000000000000 --- a/resource_customizations/core.humio.com/HumioAlert/testdata/healthy.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAlert -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-alert-1 - namespace: humio - resourceVersion: '10768150' - uid: eb138512-0661-47c1-a056-0e53f3b5fa1f -spec: - actions: - - move-to-alerts - description: Error counts - labels: - - test-label - managedClusterName: example-humiocluster - name: example-alert - query: - queryString: '#repo = humio | error = true | count() | _count > 0' - start: 24h - silenced: false - throttleTimeMillis: 60000 - viewName: example-view -status: - state: Exists \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/notfound.yaml deleted file mode 100644 index f694bf3788e5e..0000000000000 --- a/resource_customizations/core.humio.com/HumioAlert/testdata/notfound.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAlert -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-alert-1 - namespace: humio - resourceVersion: '10768150' - uid: eb138512-0661-47c1-a056-0e53f3b5fa1f -spec: - actions: - - move-to-alerts - description: Error counts - labels: - - test-label - managedClusterName: example-humiocluster - name: example-alert - query: - queryString: '#repo = humio | error = true | count() | _count > 0' - start: 24h - silenced: false - throttleTimeMillis: 60000 - viewName: example-view -status: - state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/progressing.yaml deleted file mode 100644 index 2740b020a9311..0000000000000 --- a/resource_customizations/core.humio.com/HumioAlert/testdata/progressing.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAlert -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-alert-1 - namespace: humio - resourceVersion: '10768150' - uid: eb138512-0661-47c1-a056-0e53f3b5fa1f -spec: - actions: - - move-to-alerts - description: Error counts - labels: - - test-label - managedClusterName: example-humiocluster - name: example-alert - query: - queryString: '#repo = humio | error = true | count() | _count > 0' - start: 24h - silenced: false - throttleTimeMillis: 60000 - viewName: example-view \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioAlert/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioAlert/testdata/unknown.yaml deleted file mode 100644 index edbf4b3355866..0000000000000 --- a/resource_customizations/core.humio.com/HumioAlert/testdata/unknown.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioAlert -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-alert-1 - namespace: humio - resourceVersion: '10768150' - uid: eb138512-0661-47c1-a056-0e53f3b5fa1f -spec: - actions: - - move-to-alerts - description: Error counts - labels: - - test-label - managedClusterName: example-humiocluster - name: example-alert - query: - queryString: '#repo = humio | error = true | count() | _count > 0' - start: 24h - silenced: false - throttleTimeMillis: 60000 - viewName: example-view -status: - state: Unknown diff --git a/resource_customizations/core.humio.com/HumioCluster/health.lua b/resource_customizations/core.humio.com/HumioCluster/health.lua deleted file mode 100644 index 95a13ce855cec..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/health.lua +++ /dev/null @@ -1,67 +0,0 @@ - -hs = { - status = "Progressing", - message = "Update in progress" -} - -if obj.status == nil then - hs.status= "Progressing" - if obj.status.message ~= nil then - hs.message = obj.status.message - end -end - -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Running" then - hs.status = "Healthy" - if obj.status.message ~= nil then - hs.message = obj.status.message - else - hs.message = "Cluster is in a healthy running state" - end - end - if obj.status.state == "Restarting" then - hs.status = "Progressing" - if obj.status.message ~= nil then - hs.message = obj.status.message - else - hs.message = "Cluster pods are being restarted" - end - end - if obj.status.state == "Upgrading" then - hs.status = "Progressing" - if obj.status.message ~= nil then - hs.message = obj.status.message - else - hs.message = "Cluster pods are being upgraded" - end - end - if obj.status.state == "ConfigError" then - hs.status = "Degraded" - if obj.status.message ~= nil then - hs.message = obj.status.message - else - hs.message = "User-provided cluster specification resulted in a configuration error" - end - end - if obj.status.state == "Pending" then - hs.status = "Progressing" - if obj.status.message ~= nil then - hs.message = obj.status.message - else - hs.message = "Cluster is waiting on resources to be provisioned" - end - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - if obj.status.message ~= nil then - hs.message = obj.status.message - else - hs.message = "Component state: Unknown." - end - end - end - return hs -end -return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioCluster/health_test.yaml b/resource_customizations/core.humio.com/HumioCluster/health_test.yaml deleted file mode 100644 index cb3696d2cff93..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/health_test.yaml +++ /dev/null @@ -1,29 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Cluster is in a healthy running state" - inputPath: testdata/healthy.yaml -- healthStatus: - status: Progressing - message: "Cluster pods are being restarted" - inputPath: testdata/restarting.yaml -- healthStatus: - status: Progressing - message: "Cluster pods are being upgraded" - inputPath: testdata/upgrading.yaml -- healthStatus: - status: Progressing - message: "Cluster is waiting on resources to be provisioned" - inputPath: testdata/pending.yaml -- healthStatus: - status: Degraded - message: 'Secret "example-humiocluster-license" not found' - inputPath: testdata/configerror_custom.yaml -- healthStatus: - status: Degraded - message: 'User-provided cluster specification resulted in a configuration error' - inputPath: testdata/configerror.yaml -- healthStatus: - status: Unknown - message: "Component state: Unknown." - inputPath: testdata/unknown.yaml \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/configerror.yaml deleted file mode 100644 index 0998dd7deac86..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/testdata/configerror.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - creationTimestamp: '2022-12-09T05:48:10Z' - generation: 1 - labels: - app: humio - app.kubernetes.io/instance: humio-cluster-failtest - name: example-humiocluster - namespace: failtes -spec: - dataVolumePersistentVolumeClaimSpecTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: longhorn - digestPartitionsCount: 2 - image: 'humio/humio-core:latest' - license: - secretKeyRef: - key: data - name: example-humiocluster-license - storagePartitionsCount: 2 - targetReplicationFactor: 1 - tls: - enabled: false -status: - state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/configerror_custom.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/configerror_custom.yaml deleted file mode 100644 index 545b9f33ba4ea..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/testdata/configerror_custom.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - creationTimestamp: '2022-12-09T05:48:10Z' - generation: 1 - labels: - app: humio - app.kubernetes.io/instance: humio-cluster-failtest - name: example-humiocluster - namespace: failtes -spec: - dataVolumePersistentVolumeClaimSpecTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: longhorn - digestPartitionsCount: 2 - image: 'humio/humio-core:latest' - license: - secretKeyRef: - key: data - name: example-humiocluster-license - storagePartitionsCount: 2 - targetReplicationFactor: 1 - tls: - enabled: false -status: - licenseStatus: {} - message: Secret "example-humiocluster-license" not found - observedGeneration: '1' - state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/healthy.yaml deleted file mode 100644 index 4620df81e3159..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/testdata/healthy.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - creationTimestamp: '2022-12-09T05:48:10Z' - generation: 1 - labels: - app: humio - app.kubernetes.io/instance: humio-cluster-failtest - name: example-humiocluster - namespace: failtes -spec: - dataVolumePersistentVolumeClaimSpecTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: longhorn - digestPartitionsCount: 2 - image: 'humio/humio-core:latest' - license: - secretKeyRef: - key: data - name: example-humiocluster-license - storagePartitionsCount: 2 - targetReplicationFactor: 1 - tls: - enabled: false -status: - state: Running diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/pending.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/pending.yaml deleted file mode 100644 index 9cb591f5e56d9..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/testdata/pending.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - creationTimestamp: '2022-12-09T05:48:10Z' - generation: 1 - labels: - app: humio - app.kubernetes.io/instance: humio-cluster-failtest - name: example-humiocluster - namespace: failtes -spec: - dataVolumePersistentVolumeClaimSpecTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: longhorn - digestPartitionsCount: 2 - image: 'humio/humio-core:latest' - license: - secretKeyRef: - key: data - name: example-humiocluster-license - storagePartitionsCount: 2 - targetReplicationFactor: 1 - tls: - enabled: false -status: - state: Pending diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/progressing.yaml deleted file mode 100644 index 78a6fd893dd1c..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/testdata/progressing.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - creationTimestamp: '2022-12-09T05:48:10Z' - generation: 1 - labels: - app: humio - app.kubernetes.io/instance: humio-cluster-failtest - name: example-humiocluster - namespace: failtes -spec: - dataVolumePersistentVolumeClaimSpecTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: longhorn - digestPartitionsCount: 2 - image: 'humio/humio-core:latest' - license: - secretKeyRef: - key: data - name: example-humiocluster-license - storagePartitionsCount: 2 - targetReplicationFactor: 1 - tls: - enabled: false diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/restarting.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/restarting.yaml deleted file mode 100644 index 84943fe0484c1..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/testdata/restarting.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - creationTimestamp: '2022-12-09T05:48:10Z' - generation: 1 - labels: - app: humio - app.kubernetes.io/instance: humio-cluster-failtest - name: example-humiocluster - namespace: failtes -spec: - dataVolumePersistentVolumeClaimSpecTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: longhorn - digestPartitionsCount: 2 - image: 'humio/humio-core:latest' - license: - secretKeyRef: - key: data - name: example-humiocluster-license - storagePartitionsCount: 2 - targetReplicationFactor: 1 - tls: - enabled: false -status: - state: Restarting diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/unknown.yaml deleted file mode 100644 index 1d08a2e885795..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/testdata/unknown.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - creationTimestamp: '2022-12-09T05:48:10Z' - generation: 1 - labels: - app: humio - app.kubernetes.io/instance: humio-cluster-failtest - name: example-humiocluster - namespace: failtes -spec: - dataVolumePersistentVolumeClaimSpecTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: longhorn - digestPartitionsCount: 2 - image: 'humio/humio-core:latest' - license: - secretKeyRef: - key: data - name: example-humiocluster-license - storagePartitionsCount: 2 - targetReplicationFactor: 1 - tls: - enabled: false -status: - state: Unknown - - - diff --git a/resource_customizations/core.humio.com/HumioCluster/testdata/upgrading.yaml b/resource_customizations/core.humio.com/HumioCluster/testdata/upgrading.yaml deleted file mode 100644 index 76a322288aab0..0000000000000 --- a/resource_customizations/core.humio.com/HumioCluster/testdata/upgrading.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioCluster -metadata: - creationTimestamp: '2022-12-09T05:48:10Z' - generation: 1 - labels: - app: humio - app.kubernetes.io/instance: humio-cluster-failtest - name: example-humiocluster - namespace: failtes -spec: - dataVolumePersistentVolumeClaimSpecTemplate: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 100Gi - storageClassName: longhorn - digestPartitionsCount: 2 - image: 'humio/humio-core:latest' - license: - secretKeyRef: - key: data - name: example-humiocluster-license - storagePartitionsCount: 2 - targetReplicationFactor: 1 - tls: - enabled: false -status: - state: Upgrading - - - diff --git a/resource_customizations/core.humio.com/HumioIngestToken/health.lua b/resource_customizations/core.humio.com/HumioIngestToken/health.lua deleted file mode 100644 index a99a0eb2e0d59..0000000000000 --- a/resource_customizations/core.humio.com/HumioIngestToken/health.lua +++ /dev/null @@ -1,30 +0,0 @@ -hs = { - status = "Progressing", - message = "Update in progress" -} -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Exists" then - hs.status = "Healthy" - hs.message = "Component state: Exists." - end - if obj.status.state == "NotFound" then - hs.status = "Missing" - hs.message = "Component state: NotFound." - end - if obj.status.state == "ConfigError" then - hs.status = "Degraded" - hs.message = "Component state: ConfigError." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - end - return hs -end -return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioIngestToken/health_test.yaml b/resource_customizations/core.humio.com/HumioIngestToken/health_test.yaml deleted file mode 100644 index f90baf9bccc9f..0000000000000 --- a/resource_customizations/core.humio.com/HumioIngestToken/health_test.yaml +++ /dev/null @@ -1,21 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Component state: Exists." - inputPath: testdata/healthy.yaml -- healthStatus: - status: Missing - message: "Component state: NotFound." - inputPath: testdata/notfound.yaml -- healthStatus: - status: Degraded - message: "Component state: ConfigError." - inputPath: testdata/configerror.yaml -- healthStatus: - status: Unknown - message: "Component state: Unknown." - inputPath: testdata/unknown.yaml -- healthStatus: - status: Progressing - message: "Update in progress" - inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/configerror.yaml deleted file mode 100644 index df1ed30141ded..0000000000000 --- a/resource_customizations/core.humio.com/HumioIngestToken/testdata/configerror.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-token-1 - namespace: humio - resourceVersion: '10768058' - uid: f0a51e3d-8b64-483c-99fa-d7184a840707 -spec: - managedClusterName: example-humiocluster - name: test-token - parserName: json - repositoryName: example-1 - tokenSecretName: example-test-token-1 -status: - state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/healthy.yaml deleted file mode 100644 index 3eb03b98569b8..0000000000000 --- a/resource_customizations/core.humio.com/HumioIngestToken/testdata/healthy.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-token-1 - namespace: humio - resourceVersion: '10768058' - uid: f0a51e3d-8b64-483c-99fa-d7184a840707 -spec: - managedClusterName: example-humiocluster - name: test-token - parserName: json - repositoryName: example-1 - tokenSecretName: example-test-token-1 -status: - state: Exists diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/notfound.yaml deleted file mode 100644 index 6d36afdc1ef04..0000000000000 --- a/resource_customizations/core.humio.com/HumioIngestToken/testdata/notfound.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-token-1 - namespace: humio - resourceVersion: '10768058' - uid: f0a51e3d-8b64-483c-99fa-d7184a840707 -spec: - managedClusterName: example-humiocluster - name: test-token - parserName: json - repositoryName: example-1 - tokenSecretName: example-test-token-1 -status: - state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/progressing.yaml deleted file mode 100644 index 5dd35fc65c62a..0000000000000 --- a/resource_customizations/core.humio.com/HumioIngestToken/testdata/progressing.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-token-1 - namespace: humio - resourceVersion: '10768058' - uid: f0a51e3d-8b64-483c-99fa-d7184a840707 -spec: - managedClusterName: example-humiocluster - name: test-token - parserName: json - repositoryName: example-1 - tokenSecretName: example-test-token-1 \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioIngestToken/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioIngestToken/testdata/unknown.yaml deleted file mode 100644 index 3b5a50e620823..0000000000000 --- a/resource_customizations/core.humio.com/HumioIngestToken/testdata/unknown.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioIngestToken -metadata: - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: test-token-1 - namespace: humio - resourceVersion: '10768058' - uid: f0a51e3d-8b64-483c-99fa-d7184a840707 -spec: - managedClusterName: example-humiocluster - name: test-token - parserName: json - repositoryName: example-1 - tokenSecretName: example-test-token-1 -status: - state: Unknown diff --git a/resource_customizations/core.humio.com/HumioParser/health.lua b/resource_customizations/core.humio.com/HumioParser/health.lua deleted file mode 100644 index a99a0eb2e0d59..0000000000000 --- a/resource_customizations/core.humio.com/HumioParser/health.lua +++ /dev/null @@ -1,30 +0,0 @@ -hs = { - status = "Progressing", - message = "Update in progress" -} -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Exists" then - hs.status = "Healthy" - hs.message = "Component state: Exists." - end - if obj.status.state == "NotFound" then - hs.status = "Missing" - hs.message = "Component state: NotFound." - end - if obj.status.state == "ConfigError" then - hs.status = "Degraded" - hs.message = "Component state: ConfigError." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - end - return hs -end -return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioParser/health_test.yaml b/resource_customizations/core.humio.com/HumioParser/health_test.yaml deleted file mode 100644 index f90baf9bccc9f..0000000000000 --- a/resource_customizations/core.humio.com/HumioParser/health_test.yaml +++ /dev/null @@ -1,21 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Component state: Exists." - inputPath: testdata/healthy.yaml -- healthStatus: - status: Missing - message: "Component state: NotFound." - inputPath: testdata/notfound.yaml -- healthStatus: - status: Degraded - message: "Component state: ConfigError." - inputPath: testdata/configerror.yaml -- healthStatus: - status: Unknown - message: "Component state: Unknown." - inputPath: testdata/unknown.yaml -- healthStatus: - status: Progressing - message: "Update in progress" - inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/configerror.yaml deleted file mode 100644 index f1334b3110848..0000000000000 --- a/resource_customizations/core.humio.com/HumioParser/testdata/configerror.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioParser -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-1-parser - namespace: humio - resourceVersion: '10768079' - uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 -spec: - managedClusterName: example-humiocluster - name: example-1 - parserScript: > - /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ - | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) - repositoryName: example-repo - tagFields: - - statuscode - - client - testData: - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST - /administrator/index.php HTTP/1.1" 200 4494 - "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; - rv:34.0) Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" -status: - state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/healthy.yaml deleted file mode 100644 index 9a4d92d25c75a..0000000000000 --- a/resource_customizations/core.humio.com/HumioParser/testdata/healthy.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioParser -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-1-parser - namespace: humio - resourceVersion: '10768079' - uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 -spec: - managedClusterName: example-humiocluster - name: example-1 - parserScript: > - /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ - | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) - repositoryName: example-repo - tagFields: - - statuscode - - client - testData: - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST - /administrator/index.php HTTP/1.1" 200 4494 - "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; - rv:34.0) Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" -status: - state: Exists diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/notfound.yaml deleted file mode 100644 index 87565368f42c5..0000000000000 --- a/resource_customizations/core.humio.com/HumioParser/testdata/notfound.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioParser -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-1-parser - namespace: humio - resourceVersion: '10768079' - uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 -spec: - managedClusterName: example-humiocluster - name: example-1 - parserScript: > - /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ - | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) - repositoryName: example-repo - tagFields: - - statuscode - - client - testData: - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST - /administrator/index.php HTTP/1.1" 200 4494 - "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; - rv:34.0) Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" -status: - state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/progressing.yaml deleted file mode 100644 index e46557b7931e2..0000000000000 --- a/resource_customizations/core.humio.com/HumioParser/testdata/progressing.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioParser -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-1-parser - namespace: humio - resourceVersion: '10768079' - uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 -spec: - managedClusterName: example-humiocluster - name: example-1 - parserScript: > - /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ - | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) - repositoryName: example-repo - tagFields: - - statuscode - - client - testData: - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST - /administrator/index.php HTTP/1.1" 200 4494 - "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; - rv:34.0) Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioParser/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioParser/testdata/unknown.yaml deleted file mode 100644 index 9def4c7cbba62..0000000000000 --- a/resource_customizations/core.humio.com/HumioParser/testdata/unknown.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioParser -metadata: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-1-parser - namespace: humio - resourceVersion: '10768079' - uid: 5641590d-b8e9-42e8-a544-d0673bf0e1a2 -spec: - managedClusterName: example-humiocluster - name: example-1 - parserScript: > - /(?\S+)\s+-\s+(?\S+)\s+\[(?<@timestamp>.*)\]\s+"((?\S+)\s+(?\S+)?\s+(?\S+)?|-)"\s+(?\d+)\s+(?\S+)\s+"(?[^"]*)"\s+"(?[^"]*)"\s*(?(\d|\.)+)?/ - | parseTimestamp(format="dd/MMM/yyyy:HH:mm:ss Z", field=@timestamp) - repositoryName: example-repo - tagFields: - - statuscode - - client - testData: - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:25:11 +0100] "POST - /administrator/index.php HTTP/1.1" 200 4494 - "http://github.com/administrator/" "Mozilla/5.0 (Windows NT 6.0; - rv:34.0) Gecko/20100101 Firefox/34.0" "-" - - >- - 4.4.4.4 - - [12/Dec/2015:18:31:08 +0100] "GET /administrator/ - HTTP/1.1" 200 4263 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) - Gecko/20100101 Firefox/34.0" "-" -status: - state: Unknown diff --git a/resource_customizations/core.humio.com/HumioRepository/health.lua b/resource_customizations/core.humio.com/HumioRepository/health.lua deleted file mode 100644 index a99a0eb2e0d59..0000000000000 --- a/resource_customizations/core.humio.com/HumioRepository/health.lua +++ /dev/null @@ -1,30 +0,0 @@ -hs = { - status = "Progressing", - message = "Update in progress" -} -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Exists" then - hs.status = "Healthy" - hs.message = "Component state: Exists." - end - if obj.status.state == "NotFound" then - hs.status = "Missing" - hs.message = "Component state: NotFound." - end - if obj.status.state == "ConfigError" then - hs.status = "Degraded" - hs.message = "Component state: ConfigError." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - end - return hs -end -return hs \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioRepository/health_test.yaml b/resource_customizations/core.humio.com/HumioRepository/health_test.yaml deleted file mode 100644 index f90baf9bccc9f..0000000000000 --- a/resource_customizations/core.humio.com/HumioRepository/health_test.yaml +++ /dev/null @@ -1,21 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Component state: Exists." - inputPath: testdata/healthy.yaml -- healthStatus: - status: Missing - message: "Component state: NotFound." - inputPath: testdata/notfound.yaml -- healthStatus: - status: Degraded - message: "Component state: ConfigError." - inputPath: testdata/configerror.yaml -- healthStatus: - status: Unknown - message: "Component state: Unknown." - inputPath: testdata/unknown.yaml -- healthStatus: - status: Progressing - message: "Update in progress" - inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/configerror.yaml deleted file mode 100644 index 01286b1f77b0b..0000000000000 --- a/resource_customizations/core.humio.com/HumioRepository/testdata/configerror.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioRepository -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-repo-1 - namespace: humio - resourceVersion: '10768154' - uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 -spec: - description: example description - managedClusterName: example-humiocluster - name: example-repo - retention: - ingestSizeInGB: 4 - storageSizeInGB: 50 - timeInDays: 730 -status: - state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/healthy.yaml deleted file mode 100644 index 2b2443047faf9..0000000000000 --- a/resource_customizations/core.humio.com/HumioRepository/testdata/healthy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioRepository -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-repo-1 - namespace: humio - resourceVersion: '10768154' - uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 -spec: - description: example description - managedClusterName: example-humiocluster - name: example-repo - retention: - ingestSizeInGB: 4 - storageSizeInGB: 50 - timeInDays: 730 -status: - state: Exists \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/notfound.yaml deleted file mode 100644 index 86a3c6cfa10ef..0000000000000 --- a/resource_customizations/core.humio.com/HumioRepository/testdata/notfound.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioRepository -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-repo-1 - namespace: humio - resourceVersion: '10768154' - uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 -spec: - description: example description - managedClusterName: example-humiocluster - name: example-repo - retention: - ingestSizeInGB: 4 - storageSizeInGB: 50 - timeInDays: 730 -status: - state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/progressing.yaml deleted file mode 100644 index 9c40d176e131e..0000000000000 --- a/resource_customizations/core.humio.com/HumioRepository/testdata/progressing.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioRepository -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-repo-1 - namespace: humio - resourceVersion: '10768154' - uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 -spec: - description: example description - managedClusterName: example-humiocluster - name: example-repo - retention: - ingestSizeInGB: 4 - storageSizeInGB: 50 - timeInDays: 730 \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioRepository/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioRepository/testdata/unknown.yaml deleted file mode 100644 index 22d343a44eec8..0000000000000 --- a/resource_customizations/core.humio.com/HumioRepository/testdata/unknown.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioRepository -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 3 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-repo-1 - namespace: humio - resourceVersion: '10768154' - uid: bb626adb-1cdd-4db2-baa8-ae5e30132603 -spec: - description: example description - managedClusterName: example-humiocluster - name: example-repo - retention: - ingestSizeInGB: 4 - storageSizeInGB: 50 - timeInDays: 730 -status: - state: Unknown diff --git a/resource_customizations/core.humio.com/HumioView/health.lua b/resource_customizations/core.humio.com/HumioView/health.lua deleted file mode 100644 index e11956922fb7a..0000000000000 --- a/resource_customizations/core.humio.com/HumioView/health.lua +++ /dev/null @@ -1,26 +0,0 @@ -hs = { - status = "Progressing", - message = "Update in progress" -} -if obj.status ~= nil then - if obj.status.state ~= nil then - if obj.status.state == "Exists" then - hs.status = "Healthy" - hs.message = "Component state: Exists." - end - if obj.status.state == "NotFound" then - hs.status = "Missing" - hs.message = "Component state: NotFound." - end - if obj.status.state == "ConfigError" then - hs.status = "Degraded" - hs.message = "Component state: ConfigError." - end - if obj.status.state == "Unknown" then - hs.status = "Unknown" - hs.message = "Component state: Unknown." - end - end - return hs -end -return hs diff --git a/resource_customizations/core.humio.com/HumioView/health_test.yaml b/resource_customizations/core.humio.com/HumioView/health_test.yaml deleted file mode 100644 index f90baf9bccc9f..0000000000000 --- a/resource_customizations/core.humio.com/HumioView/health_test.yaml +++ /dev/null @@ -1,21 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Component state: Exists." - inputPath: testdata/healthy.yaml -- healthStatus: - status: Missing - message: "Component state: NotFound." - inputPath: testdata/notfound.yaml -- healthStatus: - status: Degraded - message: "Component state: ConfigError." - inputPath: testdata/configerror.yaml -- healthStatus: - status: Unknown - message: "Component state: Unknown." - inputPath: testdata/unknown.yaml -- healthStatus: - status: Progressing - message: "Update in progress" - inputPath: testdata/progressing.yaml diff --git a/resource_customizations/core.humio.com/HumioView/testdata/configerror.yaml b/resource_customizations/core.humio.com/HumioView/testdata/configerror.yaml deleted file mode 100644 index 917c1c8b5eaab..0000000000000 --- a/resource_customizations/core.humio.com/HumioView/testdata/configerror.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioView -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-view - namespace: humio - resourceVersion: '10768121' - uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 -spec: - connections: - - filter: '*' - repositoryName: example-1 - - filter: '*' - repositoryName: example-2 - managedClusterName: example-humiocluster - name: example-view -status: - state: ConfigError diff --git a/resource_customizations/core.humio.com/HumioView/testdata/healthy.yaml b/resource_customizations/core.humio.com/HumioView/testdata/healthy.yaml deleted file mode 100644 index 7c75082be60a0..0000000000000 --- a/resource_customizations/core.humio.com/HumioView/testdata/healthy.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioView -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-view - namespace: humio - resourceVersion: '10768121' - uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 -spec: - connections: - - filter: '*' - repositoryName: example-1 - - filter: '*' - repositoryName: example-2 - managedClusterName: example-humiocluster - name: example-view -status: - state: Exists \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioView/testdata/notfound.yaml b/resource_customizations/core.humio.com/HumioView/testdata/notfound.yaml deleted file mode 100644 index 2d929ef2ae584..0000000000000 --- a/resource_customizations/core.humio.com/HumioView/testdata/notfound.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioView -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-view - namespace: humio - resourceVersion: '10768121' - uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 -spec: - connections: - - filter: '*' - repositoryName: example-1 - - filter: '*' - repositoryName: example-2 - managedClusterName: example-humiocluster - name: example-view -status: - state: NotFound \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioView/testdata/progressing.yaml b/resource_customizations/core.humio.com/HumioView/testdata/progressing.yaml deleted file mode 100644 index 4b44ad4cbbf83..0000000000000 --- a/resource_customizations/core.humio.com/HumioView/testdata/progressing.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioView -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-view - namespace: humio - resourceVersion: '10768121' - uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 -spec: - connections: - - filter: '*' - repositoryName: example-1 - - filter: '*' - repositoryName: example-2 - managedClusterName: example-humiocluster - name: example-view \ No newline at end of file diff --git a/resource_customizations/core.humio.com/HumioView/testdata/unknown.yaml b/resource_customizations/core.humio.com/HumioView/testdata/unknown.yaml deleted file mode 100644 index ac4453048e0e7..0000000000000 --- a/resource_customizations/core.humio.com/HumioView/testdata/unknown.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: core.humio.com/v1alpha1 -kind: HumioView -metadata: - annotations: - creationTimestamp: '2022-12-08T02:03:07Z' - finalizers: - - core.humio.com/finalizer - generation: 1 - labels: - app.kubernetes.io/instance: humio-deploy - name: example-view - namespace: humio - resourceVersion: '10768121' - uid: 2c49ac77-1be2-4e2c-a473-44f3f0e03453 -spec: - connections: - - filter: '*' - repositoryName: example-1 - - filter: '*' - repositoryName: example-2 - managedClusterName: example-humiocluster - name: example-view -status: - state: Unknown diff --git a/resource_customizations/k8s.mariadb.com/Backup/health.lua b/resource_customizations/k8s.mariadb.com/Backup/health.lua deleted file mode 100644 index ac78b482648e0..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Backup/health.lua +++ /dev/null @@ -1,25 +0,0 @@ -local health_status = {} - -if obj.status ~= nil and obj.status.conditions ~= nil then - - for i, condition in ipairs(obj.status.conditions) do - - health_status.message = condition.reason .. " " .. condition.message - - if condition.status == "False" then - if condition.reason == "CronJobScheduled" and condition.message == "Failed" then - health_status.status = "Degraded" - return health_status - end - health_status.status = "Progressing" - return health_status - end - end - - health_status.status = "Healthy" - return health_status -end - -health_status.status = "Progressing" -health_status.message = "No status info available" -return health_status diff --git a/resource_customizations/k8s.mariadb.com/Backup/health_test.yaml b/resource_customizations/k8s.mariadb.com/Backup/health_test.yaml deleted file mode 100644 index 2acfdebc9052b..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Backup/health_test.yaml +++ /dev/null @@ -1,9 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "CronJobSucess Success" - inputPath: testdata/ok.yaml -- healthStatus: - status: Degraded - message: "CronJobScheduled Failed" - inputPath: testdata/failed.yaml diff --git a/resource_customizations/k8s.mariadb.com/Backup/testdata/failed.yaml b/resource_customizations/k8s.mariadb.com/Backup/testdata/failed.yaml deleted file mode 100644 index 731288ba52e60..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Backup/testdata/failed.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Backup -metadata: - name: backup-local -spec: - backoffLimit: 5 - logLevel: info - mariaDbRef: - name: mariadb - waitForIt: true - maxRetention: 168h - restartPolicy: OnFailure - schedule: - cron: 0 */2 * * * - suspend: false - serviceAccountName: backup-local - storage: - persistentVolumeClaim: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 80Gi -status: - conditions: - - lastTransitionTime: "2024-04-22T20:00:00Z" - message: Failed - reason: CronJobScheduled - status: "False" - type: Complete diff --git a/resource_customizations/k8s.mariadb.com/Backup/testdata/ok.yaml b/resource_customizations/k8s.mariadb.com/Backup/testdata/ok.yaml deleted file mode 100644 index daf8b55fc6c0f..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Backup/testdata/ok.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Backup -metadata: - annotations: - argocd.argoproj.io/tracking-id: apps-bridge-demo-de1:k8s.mariadb.com/Backup:bridge/backup-local-bridge - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"k8s.mariadb.com/v1alpha1","kind":"Backup","metadata":{"annotations":{"argocd.argoproj.io/tracking-id":"apps-bridge-demo-de1:k8s.mariadb.com/Backup:bridge/backup-local-bridge"},"name":"backup-local-bridge","namespace":"bridge"},"spec":{"args":["--databases bridge"],"mariaDbRef":{"name":"mariadb"},"maxRetention":"168h","schedule":{"cron":"0 1-23/2 * * *","suspend":false},"storage":{"persistentVolumeClaim":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"80Gi"}}}}}} - creationTimestamp: "2024-04-12T12:35:41Z" - generation: 2 - name: backup-local-bridge - namespace: bridge - resourceVersion: "506591405" - uid: 67364d0a-6da9-4369-97fd-45ea468dbbea -spec: - args: - - --databases bridge - backoffLimit: 5 - logLevel: info - mariaDbRef: - name: mariadb - waitForIt: true - maxRetention: 168h - restartPolicy: OnFailure - schedule: - cron: 0 1-23/2 * * * - suspend: false - serviceAccountName: backup-local-bridge - storage: - persistentVolumeClaim: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 80Gi -status: - conditions: - - lastTransitionTime: "2024-04-24T15:00:23Z" - message: Success - reason: CronJobSucess - status: "True" - type: Complete diff --git a/resource_customizations/k8s.mariadb.com/Database/health.lua b/resource_customizations/k8s.mariadb.com/Database/health.lua deleted file mode 100644 index 17372dbbbf503..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Database/health.lua +++ /dev/null @@ -1,23 +0,0 @@ -local health_status = {} -health_status.status = "Progressing" -health_status.message = "No status info available" - -if obj.status ~= nil and obj.status.conditions ~= nil then - - for i, condition in ipairs(obj.status.conditions) do - - health_status.message = condition.message - - if condition.type == "Ready" then - if condition.status == "True" then - health_status.status = "Healthy" - else - health_status.status = "Degraded" - end - return health_status - end - end -end - - -return health_status diff --git a/resource_customizations/k8s.mariadb.com/Database/health_test.yaml b/resource_customizations/k8s.mariadb.com/Database/health_test.yaml deleted file mode 100644 index fa21c37fe26d0..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Database/health_test.yaml +++ /dev/null @@ -1,5 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Created" - inputPath: testdata/database-ready.yaml diff --git a/resource_customizations/k8s.mariadb.com/Database/testdata/database-ready.yaml b/resource_customizations/k8s.mariadb.com/Database/testdata/database-ready.yaml deleted file mode 100644 index f1ccff4f2699b..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Database/testdata/database-ready.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Database -metadata: - name: dbname -spec: - characterSet: utf8 - collate: utf8_general_ci - mariaDbRef: - name: mariadb - waitForIt: true - requeueInterval: 30s - retryInterval: 5s -status: - conditions: - - lastTransitionTime: "2024-04-12T13:43:57Z" - message: Created - reason: Created - status: "True" - type: Ready diff --git a/resource_customizations/k8s.mariadb.com/Grant/health.lua b/resource_customizations/k8s.mariadb.com/Grant/health.lua deleted file mode 100644 index 8e426f15e2b3c..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Grant/health.lua +++ /dev/null @@ -1,22 +0,0 @@ -local health_status = {} -health_status.status = "Progressing" -health_status.message = "No status info available" -if obj.status ~= nil and obj.status.conditions ~= nil then - - for i, condition in ipairs(obj.status.conditions) do - - health_status.message = condition.message - - if condition.type == "Ready" then - if condition.status == "True" then - health_status.status = "Healthy" - else - health_status.status = "Degraded" - end - return health_status - end - end -end - - -return health_status diff --git a/resource_customizations/k8s.mariadb.com/Grant/health_test.yaml b/resource_customizations/k8s.mariadb.com/Grant/health_test.yaml deleted file mode 100644 index 1f420e183cbb5..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Grant/health_test.yaml +++ /dev/null @@ -1,6 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Created" - inputPath: testdata/grant-ready.yaml - diff --git a/resource_customizations/k8s.mariadb.com/Grant/testdata/grant-ready.yaml b/resource_customizations/k8s.mariadb.com/Grant/testdata/grant-ready.yaml deleted file mode 100644 index 2081010f9dae3..0000000000000 --- a/resource_customizations/k8s.mariadb.com/Grant/testdata/grant-ready.yaml +++ /dev/null @@ -1,26 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: Grant -metadata: - name: mariadb-metrics -spec: - database: '*' - grantOption: false - mariaDbRef: - name: mariadb - namespace: bridge - waitForIt: false - privileges: - - SELECT - - PROCESS - - REPLICATION CLIENT - - REPLICA MONITOR - - SLAVE MONITOR - table: '*' - username: mariadb-metrics -status: - conditions: - - lastTransitionTime: "2024-04-20T20:45:02Z" - message: Created - reason: Created - status: "True" - type: Ready diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/health.lua b/resource_customizations/k8s.mariadb.com/MariaDB/health.lua deleted file mode 100644 index b0278bb22650e..0000000000000 --- a/resource_customizations/k8s.mariadb.com/MariaDB/health.lua +++ /dev/null @@ -1,25 +0,0 @@ -local health_status = {} - -if obj.status ~= nil and obj.status.conditions ~= nil then - - for i, condition in ipairs(obj.status.conditions) do - - health_status.message = condition.message - - if condition.status == "False" then - if condition.reason == "Failed" then - health_status.status = "Degraded" - return health_status - end - health_status.status = "Progressing" - return health_status - end - end - - health_status.status = "Healthy" - return health_status -end - -health_status.status = "Progressing" -health_status.message = "No status info available" -return health_status diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/health_test.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/health_test.yaml deleted file mode 100644 index f3dba1ac80c58..0000000000000 --- a/resource_customizations/k8s.mariadb.com/MariaDB/health_test.yaml +++ /dev/null @@ -1,25 +0,0 @@ -tests: -- healthStatus: - status: Progressing - message: "No status info available" - inputPath: testdata/no_status.yaml -- healthStatus: - status: Healthy - message: "Running" - inputPath: testdata/statefulset_ready.yaml -- healthStatus: - status: Progressing - message: "Not ready" - inputPath: testdata/statefulset_not_ready.yaml -- healthStatus: - status: Healthy - message: "Running" - inputPath: testdata/restore_complete.yaml -- healthStatus: - status: Progressing - message: "Restoring backup" - inputPath: testdata/restore_not_complete.yaml -- healthStatus: - status: Degraded - message: "Error creating ConfigMap" - inputPath: testdata/mariadb_error.yaml diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/mariadb_error.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/mariadb_error.yaml deleted file mode 100644 index 9566f9fa3c262..0000000000000 --- a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/mariadb_error.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: mariadb-server -spec: - rootPasswordSecretKeyRef: - name: mariadb - key: root-password - image: - repository: mariadb - tag: "10.7.4" - pullPolicy: IfNotPresent - port: 3306 - volumeClaimTemplate: - resources: - requests: - storage: 100Mi - storageClassName: standard - accessModes: - - ReadWriteOnce -status: - conditions: - - lastTransitionTime: '2023-04-20T15:31:15Z' - message: Error creating ConfigMap - reason: Failed - status: 'False' - type: Ready diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/no_status.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/no_status.yaml deleted file mode 100644 index dcf61713069c1..0000000000000 --- a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/no_status.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: mariadb-server -spec: - rootPasswordSecretKeyRef: - name: mariadb - key: root-password - image: - repository: mariadb - tag: "10.7.4" - pullPolicy: IfNotPresent - port: 3306 - volumeClaimTemplate: - resources: - requests: - storage: 100Mi - storageClassName: standard - accessModes: - - ReadWriteOnce -status: - revision: 0 diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_complete.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_complete.yaml deleted file mode 100644 index e861bc1119683..0000000000000 --- a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_complete.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: mariadb-server -spec: - rootPasswordSecretKeyRef: - name: mariadb - key: root-password - image: - repository: mariadb - tag: "10.7.4" - pullPolicy: IfNotPresent - port: 3306 - volumeClaimTemplate: - resources: - requests: - storage: 100Mi - storageClassName: standard - accessModes: - - ReadWriteOnce -status: - conditions: - - lastTransitionTime: "2023-04-05T14:18:01Z" - message: Ready - reason: RestoreComplete - status: "True" - type: Bootstrapped - - lastTransitionTime: "2023-04-05T14:18:02Z" - message: Running - reason: RestoreComplete - status: "True" - type: Ready diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_not_complete.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_not_complete.yaml deleted file mode 100644 index df7882ec56147..0000000000000 --- a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/restore_not_complete.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: mariadb-server -spec: - rootPasswordSecretKeyRef: - name: mariadb - key: root-password - image: - repository: mariadb - tag: "10.7.4" - pullPolicy: IfNotPresent - port: 3306 - volumeClaimTemplate: - resources: - requests: - storage: 100Mi - storageClassName: standard - accessModes: - - ReadWriteOnce -status: - conditions: - - lastTransitionTime: "2023-04-05T14:18:01Z" - message: Restoring backup - reason: RestoreNotComplete - status: "False" - type: Ready - - lastTransitionTime: "2023-04-05T14:18:02Z" - message: Not ready - reason: RestoreNotComplete - status: "False" - type: Bootstrapped diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_not_ready.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_not_ready.yaml deleted file mode 100644 index faaf12dab205e..0000000000000 --- a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_not_ready.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: mariadb-server -spec: - rootPasswordSecretKeyRef: - name: mariadb - key: root-password - image: - repository: mariadb - tag: "10.7.4" - pullPolicy: IfNotPresent - port: 3306 - volumeClaimTemplate: - resources: - requests: - storage: 100Mi - storageClassName: standard - accessModes: - - ReadWriteOnce -status: - conditions: - - lastTransitionTime: "2023-04-05T14:18:01Z" - message: Not ready - reason: StatefulSetNotReady - status: "False" - type: Ready diff --git a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_ready.yaml b/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_ready.yaml deleted file mode 100644 index 90d82fc08d583..0000000000000 --- a/resource_customizations/k8s.mariadb.com/MariaDB/testdata/statefulset_ready.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: MariaDB -metadata: - name: mariadb-server -spec: - rootPasswordSecretKeyRef: - name: mariadb - key: root-password - image: - repository: mariadb - tag: "10.7.4" - pullPolicy: IfNotPresent - port: 3306 - volumeClaimTemplate: - resources: - requests: - storage: 100Mi - storageClassName: standard - accessModes: - - ReadWriteOnce -status: - conditions: - - lastTransitionTime: "2023-04-05T14:18:01Z" - message: Running - reason: StatefulSetReady - status: "True" - type: Ready diff --git a/resource_customizations/k8s.mariadb.com/SqlJob/health.lua b/resource_customizations/k8s.mariadb.com/SqlJob/health.lua deleted file mode 100644 index 0a666f2c28fe3..0000000000000 --- a/resource_customizations/k8s.mariadb.com/SqlJob/health.lua +++ /dev/null @@ -1,21 +0,0 @@ -local health_status = {} -health_status.status = "Progressing" -health_status.message = "No status info available" - -if obj.status ~= nil and obj.status.conditions ~= nil then - - for i, condition in ipairs(obj.status.conditions) do - - health_status.message = condition.reason .. " " .. condition.message - if condition.reason == "JobComplete" and condition.status == "True" then - health_status.status = "Healthy" - return health_status - end - - if condition.reason == "JobFailed" and condition.status == "True" then - health_status.status = "Degraded" - return health_status - end - end -end -return health_status diff --git a/resource_customizations/k8s.mariadb.com/SqlJob/health_test.yaml b/resource_customizations/k8s.mariadb.com/SqlJob/health_test.yaml deleted file mode 100644 index 4ecd2cb9446c3..0000000000000 --- a/resource_customizations/k8s.mariadb.com/SqlJob/health_test.yaml +++ /dev/null @@ -1,9 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "JobComplete Success" - inputPath: testdata/sqljobs-ok.yaml -- healthStatus: - status: Degraded - message: "JobFailed Failed" - inputPath: testdata/sqljobs-failed.yaml diff --git a/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-failed.yaml b/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-failed.yaml deleted file mode 100644 index f676a151f4057..0000000000000 --- a/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-failed.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: SqlJob -metadata: - name: jobname -spec: - backoffLimit: 5 - database: dbname - mariaDbRef: - name: mariadb - waitForIt: true - passwordSecretKeyRef: - key: password - name: mariadb-root - restartPolicy: OnFailure - serviceAccountName: jobname - sql: "Some SQL" - username: root -status: - conditions: - - lastTransitionTime: "2024-03-19T11:39:00Z" - message: Failed - reason: JobFailed - status: "True" - type: Complete diff --git a/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-ok.yaml b/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-ok.yaml deleted file mode 100644 index 84d80cfa6abb1..0000000000000 --- a/resource_customizations/k8s.mariadb.com/SqlJob/testdata/sqljobs-ok.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: SqlJob -metadata: - name: jobname -spec: - backoffLimit: 5 - database: dbname - mariaDbRef: - name: mariadb - waitForIt: true - passwordSecretKeyRef: - key: password - name: mariadb-root - restartPolicy: Never - serviceAccountName: jobname - sql: "some SQL;" -status: - conditions: - - lastTransitionTime: "2024-04-22T14:08:49Z" - message: Success - reason: JobComplete - status: "True" - type: Complete diff --git a/resource_customizations/k8s.mariadb.com/User/health.lua b/resource_customizations/k8s.mariadb.com/User/health.lua deleted file mode 100644 index 8f0fcb704ab08..0000000000000 --- a/resource_customizations/k8s.mariadb.com/User/health.lua +++ /dev/null @@ -1,23 +0,0 @@ -local health_status = {} - -health_status.status = "Progressing" -health_status.message = "No status info available" - -if obj.status ~= nil and obj.status.conditions ~= nil then - - for i, condition in ipairs(obj.status.conditions) do - - health_status.message = condition.message - - if condition.type == "Ready" then - if condition.status == "True" then - health_status.status = "Healthy" - else - health_status.status = "Degraded" - end - return health_status - end - end -end - -return health_status diff --git a/resource_customizations/k8s.mariadb.com/User/health_test.yaml b/resource_customizations/k8s.mariadb.com/User/health_test.yaml deleted file mode 100644 index b6e41d0e578c3..0000000000000 --- a/resource_customizations/k8s.mariadb.com/User/health_test.yaml +++ /dev/null @@ -1,5 +0,0 @@ -tests: -- healthStatus: - status: Healthy - message: "Created" - inputPath: testdata/user-created.yaml diff --git a/resource_customizations/k8s.mariadb.com/User/testdata/user-created.yaml b/resource_customizations/k8s.mariadb.com/User/testdata/user-created.yaml deleted file mode 100644 index 935f621efe464..0000000000000 --- a/resource_customizations/k8s.mariadb.com/User/testdata/user-created.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: k8s.mariadb.com/v1alpha1 -kind: User -metadata: - creationTimestamp: "2024-04-12T13:43:56Z" - finalizers: - - user.k8s.mariadb.com/finalizer - generation: 1 - labels: - db.bridge.a3p.com: mariadb - name: mariadb-metrics - namespace: bridge - ownerReferences: - - apiVersion: k8s.mariadb.com/v1alpha1 - blockOwnerDeletion: true - controller: true - kind: MariaDB - name: mariadb - uid: a29fc76f-66a5-4612-9b15-16c405f7edd9 - resourceVersion: "345121483" - uid: ecce1099-7b71-418b-b386-893db5fd7e59 -spec: - mariaDbRef: - name: mariadb - namespace: bridge - waitForIt: false - maxUserConnections: 3 - name: mariadb-metrics - passwordSecretKeyRef: - key: password - name: mariadb-metrics-password -status: - conditions: - - lastTransitionTime: "2024-04-12T13:43:57Z" - message: Created - reason: Created - status: "True" - type: Ready diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua index 071e288989502..7422fd4104727 100644 --- a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua +++ b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health.lua @@ -1,10 +1,5 @@ local health_status = {} if obj.status ~= nil then - if obj.status.state == "ClusterRollingUpgrading" then - health_status.message = "Kafka Cluster is Rolling Upgrading." - health_status.status = "Progressing" - return health_status - end if obj.status.brokersState ~= nil then local numberBrokers = 0 local healthyBrokers = 0 @@ -28,6 +23,11 @@ if obj.status ~= nil then health_status.status = "Progressing" return health_status end + if obj.status.state == "ClusterRollingUpgrading" then + health_status.message = "Kafka Cluster is Rolling Upgrading." + health_status.status = "Progressing" + return health_status + end end else health_status.message = "Broker Config is out of Sync or CruiseControlState is not Ready" @@ -38,4 +38,4 @@ if obj.status ~= nil then end health_status.status = "Progressing" health_status.message = "Waiting for KafkaCluster" -return health_status +return health_status \ No newline at end of file diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml index 33e921c2ab236..776cc02739326 100644 --- a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml +++ b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/health_test.yaml @@ -7,10 +7,6 @@ tests: status: Progressing message: "Waiting for KafkaCluster" inputPath: testdata/updating.yaml -- healthStatus: - status: Progressing - message: "Kafka Cluster is Rolling Upgrading." - inputPath: testdata/rollingUpgrade.yaml - healthStatus: status: Degraded message: "Broker Config is out of Sync or CruiseControlState is not Ready" @@ -18,4 +14,4 @@ tests: - healthStatus: status: Healthy message: "Kafka Brokers, CruiseControl and cluster are in Healthy State." - inputPath: testdata/healthy.yaml + inputPath: testdata/healthy.yaml \ No newline at end of file diff --git a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/rollingUpgrade.yaml b/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/rollingUpgrade.yaml deleted file mode 100644 index c0bbfb335e243..0000000000000 --- a/resource_customizations/kafka.banzaicloud.io/KafkaCluster/testdata/rollingUpgrade.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: kafka.banzaicloud.io/v1beta1 -kind: KafkaCluster -metadata: - finalizers: - - finalizer.kafkaclusters.kafka.banzaicloud.io - - topics.kafkaclusters.kafka.banzaicloud.io - - users.kafkaclusters.kafka.banzaicloud.io - generation: 4 - labels: - argocd.argoproj.io/instance: kafka-cluster - controller-tools.k8s.io: "1.0" - name: kafkacluster - namespace: kafka - name: kafkacluster - namespace: kafka - resourceVersion: "31935335" - selfLink: /apis/kafka.banzaicloud.io/v1beta1/namespaces/2269-kafka/kafkaclusters/kafkacluster - uid: c6affef0-651d-44c7-8bff-638961517c8d -spec: {} -status: - alertCount: 0 - brokersState: - "0": - configurationState: ConfigInSync - gracefulActionState: - cruiseControlState: GracefulUpscaleSucceeded - errorMessage: CruiseControlTopicReady - rackAwarenessState: | - broker.rack=us-east-1,us-east-1c - "1": - configurationState: ConfigInSync - gracefulActionState: - cruiseControlState: GracefulUpscaleSucceeded - errorMessage: CruiseControlTopicReady - rackAwarenessState: | - broker.rack=us-east-1,us-east-1b - "2": - configurationState: ConfigOutOfSync - gracefulActionState: - cruiseControlState: GracefulUpscaleSucceeded - errorMessage: CruiseControlTopicReady - rackAwarenessState: | - broker.rack=us-east-1,us-east-1a - cruiseControlTopicStatus: CruiseControlTopicReady - rollingUpgradeStatus: - errorCount: 0 - lastSuccess: "" - state: ClusterRollingUpgrading diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/health.lua b/resource_customizations/kafka.strimzi.io/KafkaBridge/health.lua deleted file mode 100644 index 5cc1908db0ac2..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaBridge/health.lua +++ /dev/null @@ -1,21 +0,0 @@ -local hs = {} -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "NotReady" and condition.status == "True" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = "" - return hs - end - end - end -end - -hs.status = "Progressing" -hs.message = "Waiting for KafkaBridge" -return hs diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/health_test.yaml b/resource_customizations/kafka.strimzi.io/KafkaBridge/health_test.yaml deleted file mode 100644 index 3598282b2b4bd..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaBridge/health_test.yaml +++ /dev/null @@ -1,12 +0,0 @@ -tests: -- healthStatus: - status: Progressing - message: "Waiting for KafkaBridge" - inputPath: testdata/progressing_noStatus.yaml -- healthStatus: - status: Degraded - message: "Error" - inputPath: testdata/degraded.yaml -- healthStatus: - status: Healthy - inputPath: testdata/healthy.yaml diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/degraded.yaml b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/degraded.yaml deleted file mode 100644 index 46a692282e1be..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/degraded.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: kafka.strimzi.io/v1beta1 -kind: KafkaBridge -metadata: - creationTimestamp: "2020-02-13T14:03:15Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2020-05-28T10:29:44Z" - finalizers: - - foregroundDeletion - generation: 25 - labels: - app.kubernetes.io/instance: kafka-bridge - name: kafka-bridge - namespace: strimzi - resourceVersion: "43088521" - selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkabridge/kafka - uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 -spec: - authentication: - passwordSecret: - password: password - secretName: kafka-bridge - type: scram-sha-512 - username: kafka-bridge - bootstrapServers: 'kafka-bootstrap:9095' - enableMetrics: true - http: - port: 8080 - logging: - loggers: - kafka.root.logger.level: DEBUG - logger.send.level: DEBUG - logger.send.name: http.openapi.operation.send - type: inline - producer: - config: - ssl.cipher.suites: TLS_AES_256_GCM_SHA384 - ssl.enabled.protocols: TLSv1.3 - ssl.protocol: TLSv1.3 - replicas: 1 - tls: - trustedCertificates: - - certificate: ca.crt - secretName: kafka-cluster-cluster-ca-cert -status: - conditions: - - lastTransitionTime: '2024-05-15T09:34:44.930056634Z' - status: "True" - type: NotReady - message: "Error" - labelSelector: >- - strimzi.io/cluster=kafka-bridge,strimzi.io/name=kafka-bridge-bridge,strimzi.io/kind=KafkaBridge - observedGeneration: 14 - replicas: 1 - url: 'http://kafka-bridge-bridge-service.strimzi.svc:8080' \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/healthy.yaml b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/healthy.yaml deleted file mode 100644 index 0246a7a964429..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/healthy.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: kafka.strimzi.io/v1beta1 -kind: KafkaBridge -metadata: - creationTimestamp: "2020-02-13T14:03:15Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2020-05-28T10:29:44Z" - finalizers: - - foregroundDeletion - generation: 25 - labels: - app.kubernetes.io/instance: kafka-bridge - name: kafka-bridge - namespace: strimzi - resourceVersion: "43088521" - selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkabridge/kafka - uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 -spec: - authentication: - passwordSecret: - password: password - secretName: kafka-bridge - type: scram-sha-512 - username: kafka-bridge - bootstrapServers: 'kafka-bootstrap:9095' - enableMetrics: true - http: - port: 8080 - logging: - loggers: - kafka.root.logger.level: DEBUG - logger.send.level: DEBUG - logger.send.name: http.openapi.operation.send - type: inline - producer: - config: - ssl.cipher.suites: TLS_AES_256_GCM_SHA384 - ssl.enabled.protocols: TLSv1.3 - ssl.protocol: TLSv1.3 - replicas: 1 - tls: - trustedCertificates: - - certificate: ca.crt - secretName: kafka-cluster-cluster-ca-cert -status: - conditions: - - lastTransitionTime: '2024-05-15T09:34:44.930056634Z' - status: 'True' - type: Ready - labelSelector: >- - strimzi.io/cluster=kafka-bridge,strimzi.io/name=kafka-bridge-bridge,strimzi.io/kind=KafkaBridge - observedGeneration: 14 - replicas: 1 - url: 'http://kafka-bridge-bridge-service.strimzi.svc:8080' \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/progressing_noStatus.yaml b/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/progressing_noStatus.yaml deleted file mode 100644 index 5b1d35293d16d..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaBridge/testdata/progressing_noStatus.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: kafka.strimzi.io/v1beta1 -kind: KafkaBridge -metadata: - creationTimestamp: "2020-02-13T14:03:15Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2020-05-28T10:29:44Z" - finalizers: - - foregroundDeletion - generation: 25 - labels: - app.kubernetes.io/instance: kafka-bridge - name: kafka-bridge - namespace: strimzi - resourceVersion: "43088521" - selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkabridge/kafka - uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 -spec: - authentication: - passwordSecret: - password: password - secretName: kafka-bridge - type: scram-sha-512 - username: kafka-bridge - bootstrapServers: 'kafka-bootstrap:9095' - enableMetrics: true - http: - port: 8080 - logging: - loggers: - kafka.root.logger.level: DEBUG - logger.send.level: DEBUG - logger.send.name: http.openapi.operation.send - type: inline - producer: - config: - ssl.cipher.suites: TLS_AES_256_GCM_SHA384 - ssl.enabled.protocols: TLSv1.3 - ssl.protocol: TLSv1.3 - replicas: 1 - tls: - trustedCertificates: - - certificate: ca.crt - secretName: kafka-cluster-cluster-ca-cert \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/health.lua b/resource_customizations/kafka.strimzi.io/KafkaConnector/health.lua deleted file mode 100644 index 3f35894629bf0..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaConnector/health.lua +++ /dev/null @@ -1,21 +0,0 @@ -local hs = {} -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "NotReady" and condition.status == "True" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - hs.status = "Healthy" - hs.message = "" - return hs - end - end - end -end - -hs.status = "Progressing" -hs.message = "Waiting for KafkaConnector" -return hs diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/health_test.yaml b/resource_customizations/kafka.strimzi.io/KafkaConnector/health_test.yaml deleted file mode 100644 index ec96bb4f029d5..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaConnector/health_test.yaml +++ /dev/null @@ -1,12 +0,0 @@ -tests: -- healthStatus: - status: Progressing - message: "Waiting for KafkaConnector" - inputPath: testdata/progressing_noStatus.yaml -- healthStatus: - status: Degraded - message: "The following tasks have failed: 0, see connectorStatus for more details." - inputPath: testdata/degraded.yaml -- healthStatus: - status: Healthy - inputPath: testdata/healthy.yaml diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/degraded.yaml b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/degraded.yaml deleted file mode 100644 index 806da605e36d3..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/degraded.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: kafka.strimzi.io/v1beta1 -kind: KafkaConnector -metadata: - creationTimestamp: "2020-02-13T14:03:15Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2020-05-28T10:29:44Z" - finalizers: - - foregroundDeletion - generation: 25 - labels: - app.kubernetes.io/instance: kafka-connect - strimzi.io/cluster: strimzi-connect-cluster - name: my-connector - namespace: strimzi - resourceVersion: "43088521" - selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkaconnector/kafka - uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 -spec: - class: org.apache.kafka.connect.file.FileStreamSourceConnector - tasksMax: 2 - config: - file: "/opt/kafka/LICENSE" - topic: my-topic -status: - autoRestart: - count: 1 - lastRestartTimestamp: '2024-05-17T15:55:21.611546835Z' - conditions: - - lastTransitionTime: '2024-05-17T15:57:09.059039185Z' - message: >- - The following tasks have failed: 0, see connectorStatus for more - details. - reason: Throwable - status: 'True' - type: NotReady - connectorStatus: - connector: - state: RUNNING - worker_id: >- - kafka-connect-cluster-connect-0.kafka-connect-cluster-connect.strimzi.svc:8083 - name: my-connector - tasks: - - id: 0 - state: FAILED - trace: "org.apache.kafka.connect.errors.ConnectException: Tolerance exceeded in error handler..." - worker_id: >- - kafka-connect-cluster-connect-0.kafka-connect-cluster-connect.strimzi.svc:8083 - type: source - observedGeneration: 1 - tasksMax: 1 - topics: [] \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/healthy.yaml b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/healthy.yaml deleted file mode 100644 index 18f88ed67a140..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/healthy.yaml +++ /dev/null @@ -1,43 +0,0 @@ -apiVersion: kafka.strimzi.io/v1beta1 -kind: KafkaConnector -metadata: - creationTimestamp: "2020-02-13T14:03:15Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2020-05-28T10:29:44Z" - finalizers: - - foregroundDeletion - generation: 25 - labels: - app.kubernetes.io/instance: kafka-connect - strimzi.io/cluster: strimzi-connect-cluster - name: my-connector - namespace: strimzi - resourceVersion: "43088521" - selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkaconnector/kafka - uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 -spec: - class: org.apache.kafka.connect.file.FileStreamSourceConnector - tasksMax: 2 - config: - file: "/opt/kafka/LICENSE" - topic: my-topic -status: - conditions: - - lastTransitionTime: '2024-05-17T15:55:22.356665885Z' - status: 'True' - type: Ready - connectorStatus: - connector: - state: RUNNING - worker_id: >- - kafka-connect-cluster-connect-0.kafka-connect-cluster-connect.strimzi.svc:8083 - name: my-connector - tasks: - - id: 0 - state: RUNNING - worker_id: >- - kafka-connect-cluster-connect-0.kafka-connect-cluster-connect.strimzi.svc:8083 - type: source - observedGeneration: 1 - tasksMax: 1 - topics: [] \ No newline at end of file diff --git a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/progressing_noStatus.yaml b/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/progressing_noStatus.yaml deleted file mode 100644 index 7dd14e5fc1241..0000000000000 --- a/resource_customizations/kafka.strimzi.io/KafkaConnector/testdata/progressing_noStatus.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: kafka.strimzi.io/v1beta1 -kind: KafkaConnector -metadata: - creationTimestamp: "2020-02-13T14:03:15Z" - deletionGracePeriodSeconds: 0 - deletionTimestamp: "2020-05-28T10:29:44Z" - finalizers: - - foregroundDeletion - generation: 25 - labels: - app.kubernetes.io/instance: kafka-connect - strimzi.io/cluster: strimzi-connect-cluster - name: my-connector - namespace: strimzi - resourceVersion: "43088521" - selfLink: /apis/kafka.strimzi.io/v1beta1/namespaces/strimzi/kafkaconnector/kafka - uid: 941ae21d-4e69-11ea-a53d-06e66a171f98 -spec: - class: org.apache.kafka.connect.file.FileStreamSourceConnector - tasksMax: 2 - config: - file: "/opt/kafka/LICENSE" - topic: my-topic \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/health.lua b/resource_customizations/keda.sh/ScaledObject/health.lua deleted file mode 100644 index 84cc5ad17a433..0000000000000 --- a/resource_customizations/keda.sh/ScaledObject/health.lua +++ /dev/null @@ -1,35 +0,0 @@ -local hs = {} -local healthy = false -local degraded = false -local suspended = false -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.status == "False" and condition.type == "Ready" then - hs.message = condition.message - degraded = true - end - if condition.status == "True" and condition.type == "Ready" then - hs.message = condition.message - healthy = true - end - if condition.status == "True" and condition.type == "Paused" then - hs.message = condition.message - suspended = true - end - end - end -end -if degraded == true then - hs.status = "Degraded" - return hs -elseif healthy == true and suspended == false then - hs.status = "Healthy" - return hs -elseif healthy == true and suspended == true then - hs.status = "Suspended" - return hs -end -hs.status = "Progressing" -hs.message = "Creating HorizontalPodAutoscaler Object" -return hs \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/health_test.yaml b/resource_customizations/keda.sh/ScaledObject/health_test.yaml deleted file mode 100644 index 969334650ba14..0000000000000 --- a/resource_customizations/keda.sh/ScaledObject/health_test.yaml +++ /dev/null @@ -1,21 +0,0 @@ -tests: -- healthStatus: - status: Progressing - message: "Creating HorizontalPodAutoscaler Object" - inputPath: testdata/keda-progressing.yaml -- healthStatus: - status: Degraded - message: "ScaledObject doesn't have correct Idle/Min/Max Replica Counts specification" - inputPath: testdata/keda-degraded-1.yaml -- healthStatus: - status: Degraded - message: "ScaledObject doesn't have correct triggers specification" - inputPath: testdata/keda-degraded.yaml -- healthStatus: - status: Healthy - message: "ScaledObject is defined correctly and is ready for scaling" - inputPath: testdata/keda-healthy.yaml -- healthStatus: - status: Suspended - message: "ScaledObject is paused" - inputPath: testdata/keda-suspended.yaml diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded-1.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded-1.yaml deleted file mode 100644 index 3c3aba78a16a4..0000000000000 --- a/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded-1.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: keda.sh/v1alpha1 -kind: ScaledObject -metadata: - annotations: - finalizers: - - finalizer.keda.sh - labels: - argocd.argoproj.io/instance: keda-default - name: keda - namespace: keda - resourceVersion: '160591442' - uid: 73ee438a-f383-43f3-9346-b901d9773f4b -spec: - maxReplicaCount: 3 - minReplicaCount: 0 - scaleTargetRef: - name: keda - triggers: - - metadata: - desiredReplicas: '1' - end: 00 17 * * 1-5 - start: 00 08 * * 1-5 - timezone: Europe/Stockholm - type: cron -status: - conditions: - - message: >- - ScaledObject doesn't have correct Idle/Min/Max Replica Counts specification - reason: ScaledObjectCheckFailed - status: 'False' - type: Ready - - message: ScaledObject check failed - reason: UnknownState - status: Unknown - type: Active - - message: No fallbacks are active on this scaled object - reason: NoFallbackFound - status: 'False' - type: Fallback - - status: Unknown - type: Paused - externalMetricNames: - - s0-cron-Europe-Stockholm-0008xx1-5-0019xx1-5 - hpaName: keda-hpa - lastActiveTime: '2023-12-18T17:59:55Z' - originalReplicaCount: 1 - scaleTargetGVKR: - group: apps - kind: Deployment - resource: deployments - version: v1 - scaleTargetKind: apps/v1.Deployment \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded.yaml deleted file mode 100644 index 4996905fed7f4..0000000000000 --- a/resource_customizations/keda.sh/ScaledObject/testdata/keda-degraded.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: keda.sh/v1alpha1 -kind: ScaledObject -metadata: - annotations: - finalizers: - - finalizer.keda.sh - labels: - argocd.argoproj.io/instance: keda-default - name: keda - namespace: keda - resourceVersion: '160591442' - uid: 73ee438a-f383-43f3-9346-b901d9773f4b -spec: - maxReplicaCount: 3 - minReplicaCount: 0 - scaleTargetRef: - name: keda - triggers: - - metadata: - desiredReplicas: '1' - end: 00 17 * * 1-5 - start: 00 08 * * 1-5 - timezone: Europe/Stockholm - type: cron -status: - conditions: - - message: ScaledObject doesn't have correct triggers specification - reason: ScaledObjectCheckFailed - status: 'False' - type: Ready - - message: Scaling is not performed because triggers are not active - reason: ScalerNotActive - status: 'False' - type: Active - - message: No fallbacks are active on this scaled object - reason: NoFallbackFound - status: 'False' - type: Fallback - - status: Unknown - type: Paused - externalMetricNames: - - s0-cron-Europe-Stockholm-0008xx1-5-0019xx1-5 - hpaName: keda-hpa - lastActiveTime: '2023-12-18T17:59:55Z' - originalReplicaCount: 1 - scaleTargetGVKR: - group: apps - kind: Deployment - resource: deployments - version: v1 - scaleTargetKind: apps/v1.Deployment \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-healthy.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-healthy.yaml deleted file mode 100644 index 38bd24dc1953f..0000000000000 --- a/resource_customizations/keda.sh/ScaledObject/testdata/keda-healthy.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: keda.sh/v1alpha1 -kind: ScaledObject -metadata: - annotations: - finalizers: - - finalizer.keda.sh - labels: - argocd.argoproj.io/instance: keda-default - name: keda - namespace: keda - resourceVersion: '160591442' - uid: 73ee438a-f383-43f3-9346-b901d9773f4b -spec: - maxReplicaCount: 3 - minReplicaCount: 0 - scaleTargetRef: - name: backstage - triggers: - - metadata: - desiredReplicas: '1' - end: 00 17 * * 1-5 - start: 00 08 * * 1-5 - timezone: Europe/Stockholm - type: cron -status: - conditions: - - message: ScaledObject is defined correctly and is ready for scaling - reason: ScaledObjectReady - status: 'True' - type: Ready - - message: Scaling is not performed because triggers are not active - reason: ScalerNotActive - status: 'False' - type: Active - - message: No fallbacks are active on this scaled object - reason: NoFallbackFound - status: 'False' - type: Fallback - - status: Unknown - type: Paused - externalMetricNames: - - s0-cron-Europe-Stockholm-0008xx1-5-0019xx1-5 - hpaName: keda-hpa-backstage-kambi-standard-chart - lastActiveTime: '2023-12-18T17:59:55Z' - originalReplicaCount: 1 - scaleTargetGVKR: - group: apps - kind: Deployment - resource: deployments - version: v1 - scaleTargetKind: apps/v1.Deployment \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-progressing.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-progressing.yaml deleted file mode 100644 index 2206bfbff97f1..0000000000000 --- a/resource_customizations/keda.sh/ScaledObject/testdata/keda-progressing.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: keda.sh/v1alpha1 -kind: ScaledObject -metadata: - annotations: - finalizers: - - finalizer.keda.sh - labels: - argocd.argoproj.io/instance: keda-default - name: keda - namespace: keda - resourceVersion: '160591442' - uid: 73ee438a-f383-43f3-9346-b901d9773f4b -spec: - maxReplicaCount: 3 - minReplicaCount: 0 - scaleTargetRef: - name: backstage - triggers: - - metadata: - desiredReplicas: '1' - end: 00 17 * * 1-5 - start: 00 08 * * 1-5 - timezone: Europe/Stockholm - type: cron -status: - conditions: - - message: Creating HorizontalPodAutoscaler Object - reason: Running - status: 'True' - type: Running \ No newline at end of file diff --git a/resource_customizations/keda.sh/ScaledObject/testdata/keda-suspended.yaml b/resource_customizations/keda.sh/ScaledObject/testdata/keda-suspended.yaml deleted file mode 100644 index a2d0b2b5dcf67..0000000000000 --- a/resource_customizations/keda.sh/ScaledObject/testdata/keda-suspended.yaml +++ /dev/null @@ -1,51 +0,0 @@ -apiVersion: keda.sh/v1alpha1 -kind: ScaledObject -metadata: - annotations: - finalizers: - - finalizer.keda.sh - labels: - argocd.argoproj.io/instance: keda-default - name: keda - namespace: keda - resourceVersion: '160591442' - uid: 73ee438a-f383-43f3-9346-b901d9773f4b -spec: - maxReplicaCount: 3 - minReplicaCount: 0 - scaleTargetRef: - name: backstage - triggers: - - metadata: - desiredReplicas: '1' - end: 00 17 * * 1-5 - start: 00 08 * * 1-5 - timezone: Europe/Stockholm - type: cron -status: - conditions: - - message: ScaledObject is defined correctly and is ready for scaling - reason: ScaledObjectReady - status: 'True' - type: Ready - - message: ScaledObject check failed - reason: UnknownState - status: Unknown - type: Active - - status: Unknown - type: Fallback - - message: ScaledObject is paused - reason: ScaledObjectPaused - status: 'True' - type: Paused - externalMetricNames: - - s0-cron-Europe-Stockholm-0008xx1-5-0019xx1-5 - hpaName: keda-hpa-backstage-kambi-standard-chart - lastActiveTime: '2023-12-18T17:59:55Z' - originalReplicaCount: 1 - scaleTargetGVKR: - group: apps - kind: Deployment - resource: deployments - version: v1 - scaleTargetKind: apps/v1.Deployment \ No newline at end of file diff --git a/resource_customizations/openfaas.com/Function/health.lua b/resource_customizations/openfaas.com/Function/health.lua deleted file mode 100644 index df72e228b04fa..0000000000000 --- a/resource_customizations/openfaas.com/Function/health.lua +++ /dev/null @@ -1,31 +0,0 @@ -hs = {} -if obj.status ~= nil then - if obj.status.conditions ~= nil then - for i, condition in ipairs(obj.status.conditions) do - if condition.type == "Ready" and condition.status == "False" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Stalled" and condition.status == "True" then - hs.status = "Degraded" - hs.message = condition.message - return hs - end - if condition.type == "Ready" and condition.status == "True" then - if obj.status.replicas ~= nil and obj.status.replicas > 0 then - hs.status = "Healthy" - hs.message = condition.message - else - hs.status = "Suspended" - hs.message = "No replicas available" - end - return hs - end - end - end -end - -hs.status = "Progressing" -hs.message = "Waiting for Function" -return hs diff --git a/resource_customizations/openfaas.com/Function/health_test.yaml b/resource_customizations/openfaas.com/Function/health_test.yaml deleted file mode 100644 index 750089fac48ea..0000000000000 --- a/resource_customizations/openfaas.com/Function/health_test.yaml +++ /dev/null @@ -1,17 +0,0 @@ -tests: -- healthStatus: - status: Progressing - message: "Waiting for Function" - inputPath: testdata/progressing.yaml -- healthStatus: - status: Degraded - message: "Secret missing: secrets \"missing-secret\" not found" - inputPath: testdata/degraded_no_secret.yaml -- healthStatus: - status: Healthy - message: "Deployment and service reconciled" - inputPath: testdata/healthy.yaml -- healthStatus: - status: Suspended - message: "No replicas available" - inputPath: testdata/suspended_zero_replicas.yaml diff --git a/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml b/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml deleted file mode 100644 index a1c0c981f1176..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/degraded_no_secret.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{ - "apiVersion": "openfaas.com/v1", - "kind": "Function", - "metadata": { - "annotations": { - "kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"openfaas.com/v1\",\"kind\":\"Function\",\"metadata\":{\"annotations\":{},\"name\":\"env\",\"namespace\":\"openfaas-fn\"},\"spec\":{\"annotations\":{},\"environment\":{\"fprocess\":\"env\",\"test\":\"yes\"},\"image\":\"ghcr.io/openfaas/alpine:latest\",\"labels\":{},\"name\":\"env\",\"secrets\":[\"missing-secret\"]}}\n" - }, - "creationTimestamp": "2024-04-29T13:42:46Z", - "generation": 1, - "name": "env", - "namespace": "openfaas-fn", - "resourceVersion": "580675", - "uid": "7a00bc7b-eb01-4f6a-b5f7-7893422ace7d" - }, - "spec": { - "annotations": {}, - "environment": { - "fprocess": "env", - "test": "yes" - }, - "image": "ghcr.io/openfaas/alpine:latest", - "labels": {}, - "name": "env", - "secrets": [ - "missing-secret" - ] - }, - "status": { - "conditions": [ - { - "lastTransitionTime": "2024-04-29T13:42:46Z", - "message": "Function queued for creation", - "observedGeneration": 1, - "reason": "Reconciling", - "status": "True", - "type": "Reconciling" - }, - { - "lastTransitionTime": "2024-04-29T13:42:46Z", - "message": "Secret missing: secrets \"missing-secret\" not found", - "observedGeneration": 1, - "reason": "SecretMissing", - "status": "True", - "type": "Stalled" - } - ] - } -} diff --git a/resource_customizations/openfaas.com/Function/testdata/healthy.yaml b/resource_customizations/openfaas.com/Function/testdata/healthy.yaml deleted file mode 100644 index 7d09972561710..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/healthy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580323" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - availableReplicas: 1 - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Deployment and service reconciled - observedGeneration: 1 - reason: Ready - status: "True" - type: Ready - - lastTransitionTime: "2024-04-29T13:38:53Z" - message: At least one replica available - observedGeneration: 1 - reason: ReplicaAvailable - status: "True" - type: Healthy - replicas: 1 diff --git a/resource_customizations/openfaas.com/Function/testdata/progressing.yaml b/resource_customizations/openfaas.com/Function/testdata/progressing.yaml deleted file mode 100644 index 4b70ad08c19aa..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/progressing.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580277" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Function queued for creation - observedGeneration: 1 - reason: Reconciling - status: "True" - type: Reconciling ---- diff --git a/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml b/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml deleted file mode 100644 index 3307dfd8e4fe4..0000000000000 --- a/resource_customizations/openfaas.com/Function/testdata/suspended_zero_replicas.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -apiVersion: openfaas.com/v1 -kind: Function -metadata: - annotations: - kubectl.kubernetes.io/last-applied-configuration: | - {"apiVersion":"openfaas.com/v1","kind":"Function","metadata":{"annotations":{},"name":"env","namespace":"openfaas-fn"},"spec":{"annotations":{},"environment":{"fprocess":"env","test":"yes"},"image":"ghcr.io/openfaas/alpine:latest","labels":{},"name":"env"}} - creationTimestamp: "2024-04-29T13:38:50Z" - generation: 1 - name: env - namespace: openfaas-fn - resourceVersion: "580543" - uid: 865f74b9-cbc5-455a-abd7-4a1cdeae22d1 -spec: - annotations: {} - environment: - fprocess: env - test: "yes" - image: ghcr.io/openfaas/alpine:latest - labels: {} - name: env -status: - conditions: - - lastTransitionTime: "2024-04-29T13:38:50Z" - message: Deployment and service reconciled - observedGeneration: 1 - reason: Ready - status: "True" - type: Ready - - lastTransitionTime: "2024-04-29T13:41:27Z" - message: At least one replica available - observedGeneration: 1 - reason: ReplicaAvailable - status: "False" - type: Healthy diff --git a/resource_customizations/serving.kserve.io/InferenceService/health.lua b/resource_customizations/serving.kserve.io/InferenceService/health.lua index 85da1161f315f..fbcfbf77820f9 100644 --- a/resource_customizations/serving.kserve.io/InferenceService/health.lua +++ b/resource_customizations/serving.kserve.io/InferenceService/health.lua @@ -1,13 +1,3 @@ --- isInferenceServiceInRawDeploymentMode determines if the inference service deployed in RawDeployment mode --- KServe v12 and above supports Rawdeployment for Inference graphs. For Inference services, KServe has supported RawDeployment model since [v0.7.0](https://github.com/kserve/kserve/releases/tag/v0.7.0). -function isInferenceServiceInRawDeploymentMode(obj) - if obj.metadata.annotations == nil then - return false - end - local deploymentMode = obj.metadata.annotations["serving.kserve.io/deploymentMode"] - return deploymentMode ~= nil and deploymentMode == "RawDeployment" -end - local health_status = {} health_status.status = "Progressing" health_status.message = "Waiting for status update." @@ -35,7 +25,7 @@ if obj.status ~= nil and obj.status.conditions ~= nil then end end end - if ((isInferenceServiceInRawDeploymentMode(obj) and status_true == 3) or status_true == 5) and status_false == 0 and status_unknown == 0 then + if status_true == 5 and status_false == 0 and status_unknown == 0 then health_status.message = "Inference Service is healthy." health_status.status = "Healthy" return health_status diff --git a/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml b/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml index 1dc5576f93f3a..e8f32bd51f798 100644 --- a/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml +++ b/resource_customizations/serving.kserve.io/InferenceService/health_test.yaml @@ -11,7 +11,3 @@ tests: status: Healthy message: Inference Service is healthy. inputPath: testdata/healthy.yaml -- healthStatus: - status: Healthy - message: Inference Service is healthy. - inputPath: testdata/healthy_raw.yaml diff --git a/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_raw.yaml b/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_raw.yaml deleted file mode 100644 index 5f9d805625d9c..0000000000000 --- a/resource_customizations/serving.kserve.io/InferenceService/testdata/healthy_raw.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: serving.kserve.io/v1beta1 -kind: InferenceService -metadata: - name: helloworld - namespace: default - annotations: - serving.kserve.io/deploymentMode: RawDeployment -spec: {} -status: - conditions: - - lastTransitionTime: '2024-05-14T03:49:11Z' - status: 'True' - type: IngressReady - - lastTransitionTime: '2024-05-16T18:48:56Z' - status: 'True' - type: PredictorReady - - lastTransitionTime: '2024-05-16T18:48:56Z' - status: 'True' - type: Ready diff --git a/server/account/account.go b/server/account/account.go index 8c499c7da2707..502cd8693e11c 100644 --- a/server/account/account.go +++ b/server/account/account.go @@ -77,7 +77,7 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe } } - // Need to validate password complexity with regular expression + //Need to validate password complexity with regular expression passwordPattern, err := s.settingsMgr.GetPasswordPattern() if err != nil { return nil, err @@ -104,6 +104,7 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe acc.PasswordMtime = &now return nil }) + if err != nil { return nil, err } @@ -114,6 +115,7 @@ func (s *Server) UpdatePassword(ctx context.Context, q *account.UpdatePasswordRe log.Infof("user '%s' updated password of user '%s'", username, updatedUsername) } return &account.UpdatePasswordResponse{}, nil + } // CanI checks if the current account has permission to perform an action diff --git a/server/account/account_test.go b/server/account/account_test.go index ca5571f117048..d65c2e925b63d 100644 --- a/server/account/account_test.go +++ b/server/account/account_test.go @@ -7,7 +7,6 @@ import ( "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" v1 "k8s.io/api/core/v1" @@ -83,7 +82,7 @@ func getAdminAccount(mgr *settings.SettingsManager) (*settings.Account, error) { func adminContext(ctx context.Context) context.Context { // nolint:staticcheck - return context.WithValue(ctx, "claims", &jwt.RegisteredClaims{Subject: "admin", Issuer: sessionutil.SessionManagerClaimsIssuer}) + return context.WithValue(ctx, "claims", &jwt.StandardClaims{Subject: "admin", Issuer: sessionutil.SessionManagerClaimsIssuer}) } func ssoAdminContext(ctx context.Context, iat time.Time) context.Context { @@ -110,33 +109,33 @@ func TestUpdatePassword(t *testing.T) { // ensure password is not allowed to be updated if given bad password _, err = accountServer.UpdatePassword(ctx, &account.UpdatePasswordRequest{CurrentPassword: "badpassword", NewPassword: "newpassword"}) - require.Error(t, err) - require.NoError(t, accountServer.sessionMgr.VerifyUsernamePassword("admin", "oldpassword")) - require.Error(t, accountServer.sessionMgr.VerifyUsernamePassword("admin", "newpassword")) + assert.Error(t, err) + assert.NoError(t, accountServer.sessionMgr.VerifyUsernamePassword("admin", "oldpassword")) + assert.Error(t, accountServer.sessionMgr.VerifyUsernamePassword("admin", "newpassword")) // verify old password works _, err = sessionServer.Create(ctx, &sessionpkg.SessionCreateRequest{Username: "admin", Password: "oldpassword"}) - require.NoError(t, err) + assert.NoError(t, err) // verify new password doesn't _, err = sessionServer.Create(ctx, &sessionpkg.SessionCreateRequest{Username: "admin", Password: "newpassword"}) - require.Error(t, err) + assert.Error(t, err) // ensure password can be updated with valid password and immediately be used adminAccount, err := getAdminAccount(accountServer.settingsMgr) - require.NoError(t, err) + assert.NoError(t, err) prevHash := adminAccount.PasswordHash _, err = accountServer.UpdatePassword(ctx, &account.UpdatePasswordRequest{CurrentPassword: "oldpassword", NewPassword: "newpassword"}) - require.NoError(t, err) + assert.NoError(t, err) adminAccount, err = getAdminAccount(accountServer.settingsMgr) - require.NoError(t, err) + assert.NoError(t, err) assert.NotEqual(t, prevHash, adminAccount.PasswordHash) - require.NoError(t, accountServer.sessionMgr.VerifyUsernamePassword("admin", "newpassword")) - require.Error(t, accountServer.sessionMgr.VerifyUsernamePassword("admin", "oldpassword")) + assert.NoError(t, accountServer.sessionMgr.VerifyUsernamePassword("admin", "newpassword")) + assert.Error(t, accountServer.sessionMgr.VerifyUsernamePassword("admin", "oldpassword")) // verify old password is invalid _, err = sessionServer.Create(ctx, &sessionpkg.SessionCreateRequest{Username: "admin", Password: "oldpassword"}) - require.Error(t, err) + assert.Error(t, err) // verify new password works _, err = sessionServer.Create(ctx, &sessionpkg.SessionCreateRequest{Username: "admin", Password: "newpassword"}) - require.NoError(t, err) + assert.NoError(t, err) } func TestUpdatePassword_AdminUpdatesAnotherUser(t *testing.T) { @@ -146,10 +145,10 @@ func TestUpdatePassword_AdminUpdatesAnotherUser(t *testing.T) { ctx := adminContext(context.Background()) _, err := accountServer.UpdatePassword(ctx, &account.UpdatePasswordRequest{CurrentPassword: "oldpassword", NewPassword: "newpassword", Name: "anotherUser"}) - require.NoError(t, err) + assert.NoError(t, err) _, err = sessionServer.Create(ctx, &sessionpkg.SessionCreateRequest{Username: "anotherUser", Password: "newpassword"}) - require.NoError(t, err) + assert.NoError(t, err) } func TestUpdatePassword_DoesNotHavePermissions(t *testing.T) { @@ -163,7 +162,7 @@ func TestUpdatePassword_DoesNotHavePermissions(t *testing.T) { }) ctx := adminContext(context.Background()) _, err := accountServer.UpdatePassword(ctx, &account.UpdatePasswordRequest{CurrentPassword: "oldpassword", NewPassword: "newpassword", Name: "anotherUser"}) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "permission denied") }) @@ -171,7 +170,7 @@ func TestUpdatePassword_DoesNotHavePermissions(t *testing.T) { accountServer, _ := newTestAccountServerExt(context.Background(), enforcer) ctx := ssoAdminContext(context.Background(), time.Now()) _, err := accountServer.UpdatePassword(ctx, &account.UpdatePasswordRequest{CurrentPassword: "oldpassword", NewPassword: "newpassword", Name: "admin"}) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "permission denied") }) } @@ -182,7 +181,7 @@ func TestUpdatePassword_ProjectToken(t *testing.T) { }) ctx := projTokenContext(context.Background()) _, err := accountServer.UpdatePassword(ctx, &account.UpdatePasswordRequest{CurrentPassword: "oldpassword", NewPassword: "newpassword"}) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "password can only be changed for local users") } @@ -193,7 +192,7 @@ func TestUpdatePassword_OldSSOToken(t *testing.T) { ctx := ssoAdminContext(context.Background(), time.Now().Add(-2*common.ChangePasswordSSOTokenMaxAge)) _, err := accountServer.UpdatePassword(ctx, &account.UpdatePasswordRequest{CurrentPassword: "oldpassword", NewPassword: "newpassword", Name: "anotherUser"}) - require.Error(t, err) + assert.Error(t, err) } func TestUpdatePassword_SSOUserUpdatesAnotherUser(t *testing.T) { @@ -203,10 +202,10 @@ func TestUpdatePassword_SSOUserUpdatesAnotherUser(t *testing.T) { ctx := ssoAdminContext(context.Background(), time.Now()) _, err := accountServer.UpdatePassword(ctx, &account.UpdatePasswordRequest{CurrentPassword: "oldpassword", NewPassword: "newpassword", Name: "anotherUser"}) - require.NoError(t, err) + assert.NoError(t, err) _, err = sessionServer.Create(ctx, &sessionpkg.SessionCreateRequest{Username: "anotherUser", Password: "newpassword"}) - require.NoError(t, err) + assert.NoError(t, err) } func TestListAccounts_NoAccountsConfigured(t *testing.T) { @@ -214,7 +213,7 @@ func TestListAccounts_NoAccountsConfigured(t *testing.T) { accountServer, _ := newTestAccountServer(ctx) resp, err := accountServer.ListAccounts(ctx, &account.ListAccountRequest{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, resp.Items, 1) } @@ -227,7 +226,7 @@ func TestListAccounts_AccountsAreConfigured(t *testing.T) { }) resp, err := accountServer.ListAccounts(ctx, &account.ListAccountRequest{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, resp.Items, 3) assert.ElementsMatch(t, []*account.Account{ {Name: "admin", Capabilities: []string{"login"}, Enabled: true}, @@ -244,15 +243,15 @@ func TestGetAccount(t *testing.T) { t.Run("ExistingAccount", func(t *testing.T) { acc, err := accountServer.GetAccount(ctx, &account.GetAccountRequest{Name: "account1"}) - require.NoError(t, err) + assert.NoError(t, err) - assert.Equal(t, "account1", acc.Name) + assert.Equal(t, acc.Name, "account1") }) t.Run("NonExistingAccount", func(t *testing.T) { _, err := accountServer.GetAccount(ctx, &account.GetAccountRequest{Name: "bad-name"}) - require.Error(t, err) - assert.Equal(t, codes.NotFound, status.Code(err)) + assert.Error(t, err) + assert.Equal(t, status.Code(err), codes.NotFound) }) } @@ -263,10 +262,10 @@ func TestCreateToken_SuccessfullyCreated(t *testing.T) { }) _, err := accountServer.CreateToken(ctx, &account.CreateTokenRequest{Name: "account1"}) - require.NoError(t, err) + assert.NoError(t, err) acc, err := accountServer.GetAccount(ctx, &account.GetAccountRequest{Name: "account1"}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, acc.Tokens, 1) } @@ -278,7 +277,7 @@ func TestCreateToken_DoesNotHaveCapability(t *testing.T) { }) _, err := accountServer.CreateToken(ctx, &account.CreateTokenRequest{Name: "account1"}) - require.Error(t, err) + assert.Error(t, err) } func TestCreateToken_UserSpecifiedID(t *testing.T) { @@ -288,10 +287,12 @@ func TestCreateToken_UserSpecifiedID(t *testing.T) { }) _, err := accountServer.CreateToken(ctx, &account.CreateTokenRequest{Name: "account1", Id: "test"}) - require.NoError(t, err) + assert.NoError(t, err) _, err = accountServer.CreateToken(ctx, &account.CreateTokenRequest{Name: "account1", Id: "test"}) - require.Error(t, err) + if !assert.Error(t, err) { + return + } assert.Contains(t, "account already has token with id 'test'", err.Error()) } @@ -303,21 +304,22 @@ func TestDeleteToken_SuccessfullyRemoved(t *testing.T) { }) _, err := accountServer.DeleteToken(ctx, &account.DeleteTokenRequest{Name: "account1", Id: "123"}) - require.NoError(t, err) + assert.NoError(t, err) acc, err := accountServer.GetAccount(ctx, &account.GetAccountRequest{Name: "account1"}) - require.NoError(t, err) + assert.NoError(t, err) - assert.Empty(t, acc.Tokens) + assert.Len(t, acc.Tokens, 0) } func TestCanI_GetLogsAllowNoSwitch(t *testing.T) { + accountServer, _ := newTestAccountServer(context.Background(), func(cm *v1.ConfigMap, secret *v1.Secret) { }) ctx := projTokenContext(context.Background()) resp, err := accountServer.CanI(ctx, &account.CanIRequest{Resource: "logs", Action: "get", Subresource: ""}) - require.NoError(t, err) + assert.NoError(t, err) assert.EqualValues(t, "yes", resp.Value) } @@ -332,28 +334,30 @@ func TestCanI_GetLogsDenySwitchOn(t *testing.T) { ctx := projTokenContext(context.Background()) resp, err := accountServer.CanI(ctx, &account.CanIRequest{Resource: "logs", Action: "get", Subresource: "*/*"}) - require.NoError(t, err) + assert.NoError(t, err) assert.EqualValues(t, "no", resp.Value) } func TestCanI_GetLogsAllowSwitchOn(t *testing.T) { + accountServer, _ := newTestAccountServer(context.Background(), func(cm *v1.ConfigMap, secret *v1.Secret) { cm.Data["server.rbac.log.enforce.enable"] = "true" }) ctx := projTokenContext(context.Background()) resp, err := accountServer.CanI(ctx, &account.CanIRequest{Resource: "logs", Action: "get", Subresource: ""}) - require.NoError(t, err) + assert.NoError(t, err) assert.EqualValues(t, "yes", resp.Value) } func TestCanI_GetLogsAllowSwitchOff(t *testing.T) { + accountServer, _ := newTestAccountServer(context.Background(), func(cm *v1.ConfigMap, secret *v1.Secret) { cm.Data["server.rbac.log.enforce.enable"] = "false" }) ctx := projTokenContext(context.Background()) resp, err := accountServer.CanI(ctx, &account.CanIRequest{Resource: "logs", Action: "get", Subresource: ""}) - require.NoError(t, err) + assert.NoError(t, err) assert.EqualValues(t, "yes", resp.Value) } diff --git a/server/application/application.go b/server/application/application.go index af535ca6295c8..ed73938cc596d 100644 --- a/server/application/application.go +++ b/server/application/application.go @@ -34,11 +34,10 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/cache" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" argocommon "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" appclientset "github.com/argoproj/argo-cd/v2/pkg/client/clientset/versioned" applisters "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1" @@ -395,8 +394,8 @@ func (s *Server) queryRepoServer(ctx context.Context, proj *appv1.AppProject, ac helmCreds []*appv1.RepoCreds, helmOptions *appv1.HelmOptions, enabledSourceTypes map[string]bool, -) error, -) error { +) error) error { + closer, client, err := s.repoClientset.NewRepoServerClient() if err != nil { return fmt.Errorf("error creating repo server client: %w", err) @@ -447,8 +446,8 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan manifestInfos := make([]*apiclient.ManifestResponse, 0) err = s.queryRepoServer(ctx, proj, func( - client apiclient.RepoServerServiceClient, helmRepos []*appv1.Repository, helmCreds []*appv1.RepoCreds, helmOptions *appv1.HelmOptions, enableGenerateManifests map[string]bool, - ) error { + client apiclient.RepoServerServiceClient, helmRepos []*appv1.Repository, helmCreds []*appv1.RepoCreds, helmOptions *appv1.HelmOptions, enableGenerateManifests map[string]bool) error { + appInstanceLabelKey, err := s.settingsMgr.GetAppInstanceLabelKey() if err != nil { return fmt.Errorf("error getting app instance label key from settings: %w", err) @@ -489,13 +488,13 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan } // Store the map of all sources having ref field into a map for applications with sources field - refSources, err := argo.GetRefSources(context.Background(), sources, appSpec.Project, s.db.GetRepository, []string{}, false) + refSources, err := argo.GetRefSources(context.Background(), *appSpec, s.db) if err != nil { - return fmt.Errorf("failed to get ref sources: %w", err) + return fmt.Errorf("failed to get ref sources: %v", err) } for _, source := range sources { - repo, err := s.db.GetRepository(ctx, source.RepoURL, proj.Name) + repo, err := s.db.GetRepository(ctx, source.RepoURL) if err != nil { return fmt.Errorf("error getting repository: %w", err) } @@ -537,6 +536,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan } return nil }) + if err != nil { return nil, err } @@ -570,6 +570,7 @@ func (s *Server) GetManifests(ctx context.Context, q *application.ApplicationMan func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_GetManifestsWithFilesServer) error { ctx := stream.Context() query, err := manifeststream.ReceiveApplicationManifestQueryWithFiles(stream) + if err != nil { return fmt.Errorf("error getting query: %w", err) } @@ -585,8 +586,8 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get var manifestInfo *apiclient.ManifestResponse err = s.queryRepoServer(ctx, proj, func( - client apiclient.RepoServerServiceClient, helmRepos []*appv1.Repository, helmCreds []*appv1.RepoCreds, helmOptions *appv1.HelmOptions, enableGenerateManifests map[string]bool, - ) error { + client apiclient.RepoServerServiceClient, helmRepos []*appv1.Repository, helmCreds []*appv1.RepoCreds, helmOptions *appv1.HelmOptions, enableGenerateManifests map[string]bool) error { + appInstanceLabelKey, err := s.settingsMgr.GetAppInstanceLabelKey() if err != nil { return fmt.Errorf("error getting app instance label key from settings: %w", err) @@ -614,7 +615,7 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get return fmt.Errorf("error getting app project: %w", err) } - repo, err := s.db.GetRepository(ctx, a.Spec.GetSource().RepoURL, proj.Name) + repo, err := s.db.GetRepository(ctx, a.Spec.GetSource().RepoURL) if err != nil { return fmt.Errorf("error getting repository: %w", err) } @@ -665,6 +666,7 @@ func (s *Server) GetManifestsWithFiles(stream application.ApplicationService_Get manifestInfo = resp return nil }) + if err != nil { return err } @@ -747,7 +749,7 @@ func (s *Server) Get(ctx context.Context, q *application.ApplicationQuery) (*app enabledSourceTypes map[string]bool, ) error { source := app.Spec.GetSource() - repo, err := s.db.GetRepository(ctx, a.Spec.GetSource().RepoURL, proj.Name) + repo, err := s.db.GetRepository(ctx, a.Spec.GetSource().RepoURL) if err != nil { return fmt.Errorf("error getting repository: %w", err) } @@ -1048,8 +1050,7 @@ func (s *Server) getAppProject(ctx context.Context, a *appv1.Application, logCtx return nil, vagueError } - var applicationNotAllowedToUseProjectErr *appv1.ErrApplicationNotAllowedToUseProject - if errors.As(err, &applicationNotAllowedToUseProjectErr) { + if _, ok := err.(*appv1.ErrApplicationNotAllowedToUseProject); ok { logCtx.WithFields(map[string]interface{}{ "project": a.Spec.Project, argocommon.SecurityField: argocommon.SecurityMedium, @@ -1091,9 +1092,11 @@ func (s *Server) Delete(ctx context.Context, q *application.ApplicationDeleteReq a.SetCascadedDeletion(policyFinalizer) patchFinalizer = true } - } else if a.CascadedDeletion() { - a.UnSetCascadedDeletion() - patchFinalizer = true + } else { + if a.CascadedDeletion() { + a.UnSetCascadedDeletion() + patchFinalizer = true + } } if patchFinalizer { @@ -1288,7 +1291,7 @@ func (s *Server) getApplicationClusterConfig(ctx context.Context, a *appv1.Appli // getCachedAppState loads the cached state and trigger app refresh if cache is missing func (s *Server) getCachedAppState(ctx context.Context, a *appv1.Application, getFromCache func() error) error { err := getFromCache() - if err != nil && errors.Is(err, servercache.ErrCacheMiss) { + if err != nil && err == servercache.ErrCacheMiss { conditions := a.Status.GetConditions(map[appv1.ApplicationConditionType]bool{ appv1.ApplicationConditionComparisonError: true, appv1.ApplicationConditionInvalidSpecError: true, @@ -1297,9 +1300,9 @@ func (s *Server) getCachedAppState(ctx context.Context, a *appv1.Application, ge return errors.New(argoutil.FormatAppConditions(conditions)) } _, err = s.Get(ctx, &application.ApplicationQuery{ - Name: ptr.To(a.GetName()), - AppNamespace: ptr.To(a.GetNamespace()), - Refresh: ptr.To(string(appv1.RefreshTypeNormal)), + Name: pointer.String(a.GetName()), + AppNamespace: pointer.String(a.GetNamespace()), + Refresh: pointer.String(string(appv1.RefreshTypeNormal)), }) if err != nil { return fmt.Errorf("error getting application by query: %w", err) @@ -1322,15 +1325,9 @@ func (s *Server) getAppResources(ctx context.Context, a *appv1.Application) (*ap func (s *Server) getAppLiveResource(ctx context.Context, action string, q *application.ApplicationResourceRequest) (*appv1.ResourceNode, *rest.Config, *appv1.Application, error) { a, _, err := s.getApplicationEnforceRBACInformer(ctx, action, q.GetProject(), q.GetAppNamespace(), q.GetName()) - if err != nil && errors.Is(err, permissionDeniedErr) && (action == rbacpolicy.ActionDelete || action == rbacpolicy.ActionUpdate) { - // If users dont have permission on the whole applications, maybe they have fine-grained access to the specific resources - action = fmt.Sprintf("%s/%s/%s/%s/%s", action, q.GetGroup(), q.GetKind(), q.GetNamespace(), q.GetResourceName()) - a, _, err = s.getApplicationEnforceRBACInformer(ctx, action, q.GetProject(), q.GetAppNamespace(), q.GetName()) - } if err != nil { return nil, nil, nil, err } - tree, err := s.getAppResources(ctx, a) if err != nil { return nil, nil, nil, fmt.Errorf("error getting app resources: %w", err) @@ -1495,12 +1492,8 @@ func (s *Server) RevisionMetadata(ctx context.Context, q *application.RevisionMe return nil, err } - source, err := getAppSourceBySourceIndexAndVersionId(a, q.SourceIndex, q.VersionId) - if err != nil { - return nil, fmt.Errorf("error getting app source by source index and version ID: %w", err) - } - - repo, err := s.db.GetRepository(ctx, source.RepoURL, proj.Name) + source := a.Spec.GetSource() + repo, err := s.db.GetRepository(ctx, source.RepoURL) if err != nil { return nil, fmt.Errorf("error getting repository by URL: %w", err) } @@ -1522,16 +1515,10 @@ func (s *Server) RevisionChartDetails(ctx context.Context, q *application.Revisi if err != nil { return nil, err } - - source, err := getAppSourceBySourceIndexAndVersionId(a, q.SourceIndex, q.VersionId) - if err != nil { - return nil, fmt.Errorf("error getting app source by source index and version ID: %w", err) - } - - if source.Chart == "" { - return nil, fmt.Errorf("no chart found for application: %v", q.GetName()) + if a.Spec.Source.Chart == "" { + return nil, fmt.Errorf("no chart found for application: %v", a.QualifiedName()) } - repo, err := s.db.GetRepository(ctx, source.RepoURL, a.Spec.Project) + repo, err := s.db.GetRepository(ctx, a.Spec.Source.RepoURL) if err != nil { return nil, fmt.Errorf("error getting repository by URL: %w", err) } @@ -1542,81 +1529,11 @@ func (s *Server) RevisionChartDetails(ctx context.Context, q *application.Revisi defer ioutil.Close(conn) return repoClient.GetRevisionChartDetails(ctx, &apiclient.RepoServerRevisionChartDetailsRequest{ Repo: repo, - Name: source.Chart, + Name: a.Spec.Source.Chart, Revision: q.GetRevision(), }) } -// getAppSourceBySourceIndexAndVersionId returns the source for a specific source index and version ID. Source index and -// version ID are optional. If the source index is not specified, it defaults to 0. If the version ID is not specified, -// we use the source(s) currently configured for the app. If the version ID is specified, we find the source for that -// version ID. If the version ID is not found, we return an error. If the source index is out of bounds for whichever -// source we choose (configured sources or sources for a specific version), we return an error. -func getAppSourceBySourceIndexAndVersionId(a *appv1.Application, sourceIndexMaybe *int32, versionIdMaybe *int32) (appv1.ApplicationSource, error) { - // Start with all the app's configured sources. - sources := a.Spec.GetSources() - - // If the user specified a version, get the sources for that version. If the version is not found, return an error. - if versionIdMaybe != nil { - versionId := int64(*versionIdMaybe) - var err error - sources, err = getSourcesByVersionId(a, versionId) - if err != nil { - return appv1.ApplicationSource{}, fmt.Errorf("error getting source by version ID: %w", err) - } - } - - // Start by assuming we want the first source. - sourceIndex := 0 - - // If the user specified a source index, use that instead. - if sourceIndexMaybe != nil { - sourceIndex = int(*sourceIndexMaybe) - if sourceIndex >= len(sources) { - if len(sources) == 1 { - return appv1.ApplicationSource{}, fmt.Errorf("source index %d not found because there is only 1 source", sourceIndex) - } - return appv1.ApplicationSource{}, fmt.Errorf("source index %d not found because there are only %d sources", sourceIndex, len(sources)) - } - } - - source := sources[sourceIndex] - - return source, nil -} - -// getRevisionHistoryByVersionId returns the revision history for a specific version ID. -// If the version ID is not found, it returns an empty revision history and false. -func getRevisionHistoryByVersionId(histories v1alpha1.RevisionHistories, versionId int64) (appv1.RevisionHistory, bool) { - for _, h := range histories { - if h.ID == versionId { - return h, true - } - } - return appv1.RevisionHistory{}, false -} - -// getSourcesByVersionId returns the sources for a specific version ID. If there is no history, it returns an error. -// If the version ID is not found, it returns an error. If the version ID is found, and there are multiple sources, -// it returns the sources for that version ID. If the version ID is found, and there is only one source, it returns -// a slice with just the single source. -func getSourcesByVersionId(a *appv1.Application, versionId int64) ([]appv1.ApplicationSource, error) { - if len(a.Status.History) == 0 { - return nil, fmt.Errorf("version ID %d not found because the app has no history", versionId) - } - - h, ok := getRevisionHistoryByVersionId(a.Status.History, versionId) - if !ok { - return nil, fmt.Errorf("revision history not found for version ID %d", versionId) - } - - if len(h.Sources) > 0 { - return h.Sources, nil - } - - return []v1alpha1.ApplicationSource{h.Source}, nil -} - func isMatchingResource(q *application.ResourcesQuery, key kube.ResourceKey) bool { return (q.GetName() == "" || q.GetName() == key.Name) && (q.GetNamespace() == "" || q.GetNamespace() == key.Namespace) && @@ -1657,15 +1574,15 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. var sinceSeconds, tailLines *int64 if q.GetSinceSeconds() > 0 { - sinceSeconds = ptr.To(q.GetSinceSeconds()) + sinceSeconds = pointer.Int64(q.GetSinceSeconds()) } if q.GetTailLines() > 0 { - tailLines = ptr.To(q.GetTailLines()) + tailLines = pointer.Int64(q.GetTailLines()) } var untilTime *metav1.Time if q.GetUntilTime() != "" { if val, err := time.Parse(time.RFC3339Nano, q.GetUntilTime()); err != nil { - return fmt.Errorf("invalid untilTime parameter value: %w", err) + return fmt.Errorf("invalid untilTime parameter value: %v", err) } else { untilTimeVal := metav1.NewTime(val) untilTime = &untilTimeVal @@ -1781,10 +1698,10 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. ts := metav1.NewTime(entry.timeStamp) if untilTime != nil && entry.timeStamp.After(untilTime.Time) { done <- ws.Send(&application.LogEntry{ - Last: ptr.To(true), + Last: pointer.Bool(true), PodName: &entry.podName, Content: &entry.line, - TimeStampStr: ptr.To(entry.timeStamp.Format(time.RFC3339Nano)), + TimeStampStr: pointer.String(entry.timeStamp.Format(time.RFC3339Nano)), TimeStamp: &ts, }) return @@ -1793,9 +1710,9 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. if err := ws.Send(&application.LogEntry{ PodName: &entry.podName, Content: &entry.line, - TimeStampStr: ptr.To(entry.timeStamp.Format(time.RFC3339Nano)), + TimeStampStr: pointer.String(entry.timeStamp.Format(time.RFC3339Nano)), TimeStamp: &ts, - Last: ptr.To(false), + Last: pointer.Bool(false), }); err != nil { done <- err break @@ -1806,10 +1723,10 @@ func (s *Server) PodLogs(q *application.ApplicationPodLogsQuery, ws application. now := time.Now() nowTS := metav1.NewTime(now) done <- ws.Send(&application.LogEntry{ - Last: ptr.To(true), - PodName: ptr.To(""), - Content: ptr.To(""), - TimeStampStr: ptr.To(now.Format(time.RFC3339Nano)), + Last: pointer.Bool(true), + PodName: pointer.String(""), + Content: pointer.String(""), + TimeStampStr: pointer.String(now.Format(time.RFC3339Nano)), TimeStamp: &nowTS, }) }() @@ -2047,10 +1964,9 @@ func (s *Server) Rollback(ctx context.Context, rollbackReq *application.Applicat if deploymentInfo == nil { return nil, status.Errorf(codes.InvalidArgument, "application %s does not have deployment with id %v", a.QualifiedName(), rollbackReq.GetId()) } - if deploymentInfo.Source.IsZero() && deploymentInfo.Sources.IsZero() { + if deploymentInfo.Source.IsZero() { // Since source type was introduced to history starting with v0.12, and is now required for // rollback, we cannot support rollback to revisions deployed using Argo CD v0.11 or below - // As multi source doesn't use app.Source, we need to check to the Sources length return nil, status.Errorf(codes.FailedPrecondition, "cannot rollback to revision deployed with Argo CD v0.11 or lower. sync to revision instead.") } @@ -2063,13 +1979,11 @@ func (s *Server) Rollback(ctx context.Context, rollbackReq *application.Applicat op := appv1.Operation{ Sync: &appv1.SyncOperation{ Revision: deploymentInfo.Revision, - Revisions: deploymentInfo.Revisions, DryRun: rollbackReq.GetDryRun(), Prune: rollbackReq.GetPrune(), SyncOptions: syncOptions, SyncStrategy: &appv1.SyncStrategy{Apply: &appv1.SyncStrategyApply{}}, Source: &deploymentInfo.Source, - Sources: deploymentInfo.Sources, }, InitiatedBy: appv1.OperationInitiator{Username: session.Username(ctx)}, } @@ -2231,7 +2145,7 @@ func (s *Server) resolveRevision(ctx context.Context, app *appv1.Application, sy repoUrl = app.Spec.Sources[sourceIndex].RepoURL } - repo, err := s.db.GetRepository(ctx, repoUrl, app.Spec.Project) + repo, err := s.db.GetRepository(ctx, repoUrl) if err != nil { return "", "", fmt.Errorf("error getting repository by URL: %w", err) } @@ -2300,8 +2214,7 @@ func (s *Server) logAppEvent(a *appv1.Application, ctx context.Context, reason s user = "Unknown user" } message := fmt.Sprintf("%s %s", user, action) - eventLabels := argo.GetAppEventLabels(a, applisters.NewAppProjectLister(s.projInformer.GetIndexer()), s.ns, s.settingsMgr, s.db, ctx) - s.auditLogger.LogAppEvent(a, eventInfo, message, user, eventLabels) + s.auditLogger.LogAppEvent(a, eventInfo, message, user) } func (s *Server) logResourceEvent(res *appv1.ResourceNode, ctx context.Context, reason string, action string) { @@ -2356,6 +2269,7 @@ func (s *Server) getUnstructuredLiveResourceOrApp(ctx context.Context, rbacReque return nil, nil, nil, nil, err } obj, err = s.kubectl.GetResource(ctx, config, res.GroupKindVersion(), res.Name, res.Namespace) + } if err != nil { return nil, nil, nil, nil, fmt.Errorf("error getting resource: %w", err) @@ -2380,6 +2294,7 @@ func (s *Server) getAvailableActions(resourceOverrides map[string]appv1.Resource return nil, fmt.Errorf("error executing Lua discovery script: %w", err) } return availableActions, nil + } func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceActionRunRequest) (*application.ApplicationResponse, error) { @@ -2466,6 +2381,7 @@ func (s *Server) RunResourceAction(ctx context.Context, q *application.ResourceA for _, impactedResource := range newObjects { newObj := impactedResource.UnstructuredObj newObjBytes, err := json.Marshal(newObj) + if err != nil { return nil, fmt.Errorf("error marshaling new object: %w", err) } diff --git a/server/application/application.proto b/server/application/application.proto index 945c0c417c65c..2a70e1c518c09 100644 --- a/server/application/application.proto +++ b/server/application/application.proto @@ -51,10 +51,6 @@ message RevisionMetadataQuery{ // the application's namespace optional string appNamespace = 3; optional string project = 4; - // source index (for multi source apps) - optional int32 sourceIndex = 5; - // versionId from historical data (for multi source apps) - optional int32 versionId = 6; } // ApplicationEventsQuery is a query for application resource events diff --git a/server/application/application_test.go b/server/application/application_test.go index 96bfeaf51221c..81bba66764d7e 100644 --- a/server/application/application_test.go +++ b/server/application/application_test.go @@ -10,8 +10,6 @@ import ( "testing" "time" - "k8s.io/utils/pointer" - "k8s.io/apimachinery/pkg/labels" "github.com/argoproj/gitops-engine/pkg/health" @@ -39,7 +37,7 @@ import ( "k8s.io/client-go/rest" kubetesting "k8s.io/client-go/testing" k8scache "k8s.io/client-go/tools/cache" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "sigs.k8s.io/yaml" "github.com/argoproj/argo-cd/v2/common" @@ -246,7 +244,7 @@ func newTestAppServerWithEnforcerConfigure(f func(*rbac.Enforcer), t *testing.T, } }() }) - broadcaster.On("OnAdd", mock.Anything, mock.Anything).Return() + broadcaster.On("OnAdd", mock.Anything).Return() broadcaster.On("OnUpdate", mock.Anything, mock.Anything).Return() broadcaster.On("OnDelete", mock.Anything).Return() @@ -426,7 +424,7 @@ func newTestAppServerWithEnforcerConfigureWithBenchmark(f func(*rbac.Enforcer), } }() }) - broadcaster.On("OnAdd", mock.Anything, mock.Anything).Return() + broadcaster.On("OnAdd", mock.Anything).Return() broadcaster.On("OnUpdate", mock.Anything, mock.Anything).Return() broadcaster.On("OnDelete", mock.Anything).Return() @@ -610,9 +608,9 @@ func (t *TestServerStream) Recv() (*application.ApplicationManifestQueryWithFile t.headerSent = true return &application.ApplicationManifestQueryWithFilesWrapper{Part: &application.ApplicationManifestQueryWithFilesWrapper_Query{ Query: &application.ApplicationManifestQueryWithFiles{ - Name: ptr.To(t.appName), - Project: ptr.To(t.project), - Checksum: ptr.To(""), + Name: pointer.String(t.appName), + Project: pointer.String(t.project), + Checksum: pointer.String(""), }, }}, nil } @@ -755,42 +753,8 @@ func TestNoAppEnumeration(t *testing.T) { }, } }) - testAppMulti := newTestApp(func(app *appsv1.Application) { - app.Name = "test-multi" - app.Spec.Sources = appsv1.ApplicationSources{ - appsv1.ApplicationSource{ - TargetRevision: "something-old", - }, - appsv1.ApplicationSource{ - TargetRevision: "something-old", - }, - } - app.Status.Resources = []appsv1.ResourceStatus{ - { - Group: deployment.GroupVersionKind().Group, - Kind: deployment.GroupVersionKind().Kind, - Version: deployment.GroupVersionKind().Version, - Name: deployment.Name, - Namespace: deployment.Namespace, - Status: "Synced", - }, - } - app.Status.History = []appsv1.RevisionHistory{ - { - ID: 1, - Sources: appsv1.ApplicationSources{ - appsv1.ApplicationSource{ - TargetRevision: "something-old", - }, - appsv1.ApplicationSource{ - TargetRevision: "something-old", - }, - }, - }, - } - }) testDeployment := kube.MustToUnstructured(&deployment) - appServer := newTestAppServerWithEnforcerConfigure(f, t, map[string]string{}, testApp, testHelmApp, testAppMulti, testDeployment) + appServer := newTestAppServerWithEnforcerConfigure(f, t, map[string]string{}, testApp, testHelmApp, testDeployment) noRoleCtx := context.Background() // nolint:staticcheck @@ -798,58 +762,58 @@ func TestNoAppEnumeration(t *testing.T) { t.Run("Get", func(t *testing.T) { // nolint:staticcheck - _, err := appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("test")}) - require.NoError(t, err) + _, err := appServer.Get(adminCtx, &application.ApplicationQuery{Name: pointer.String("test")}) + assert.NoError(t, err) // nolint:staticcheck - _, err = appServer.Get(noRoleCtx, &application.ApplicationQuery{Name: ptr.To("test")}) + _, err = appServer.Get(noRoleCtx, &application.ApplicationQuery{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") // nolint:staticcheck - _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("doest-not-exist")}) + _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") // nolint:staticcheck - _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: ptr.To("doest-not-exist"), Project: []string{"test"}}) + _, err = appServer.Get(adminCtx, &application.ApplicationQuery{Name: pointer.String("doest-not-exist"), Project: []string{"test"}}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetManifests", func(t *testing.T) { - _, err := appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.GetManifests(noRoleCtx, &application.ApplicationManifestQuery{Name: ptr.To("test")}) + _, err := appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.GetManifests(noRoleCtx, &application.ApplicationManifestQuery{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: ptr.To("doest-not-exist")}) + _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.GetManifests(adminCtx, &application.ApplicationManifestQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceEvents", func(t *testing.T) { - _, err := appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.ListResourceEvents(noRoleCtx, &application.ApplicationResourceEventsQuery{Name: ptr.To("test")}) + _, err := appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.ListResourceEvents(noRoleCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: ptr.To("doest-not-exist")}) + _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.ListResourceEvents(adminCtx, &application.ApplicationResourceEventsQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("UpdateSpec", func(t *testing.T) { - _, err := appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: ptr.To("test"), Spec: &appsv1.ApplicationSpec{ + _, err := appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("test"), Spec: &appsv1.ApplicationSpec{ Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.example.com"}, Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) - require.NoError(t, err) - _, err = appServer.UpdateSpec(noRoleCtx, &application.ApplicationUpdateSpecRequest{Name: ptr.To("test"), Spec: &appsv1.ApplicationSpec{ + assert.NoError(t, err) + _, err = appServer.UpdateSpec(noRoleCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("test"), Spec: &appsv1.ApplicationSpec{ Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.example.com"}, Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: ptr.To("doest-not-exist"), Spec: &appsv1.ApplicationSpec{ + _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("doest-not-exist"), Spec: &appsv1.ApplicationSpec{ Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.example.com"}, Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test"), Spec: &appsv1.ApplicationSpec{ + _, err = appServer.UpdateSpec(adminCtx, &application.ApplicationUpdateSpecRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), Spec: &appsv1.ApplicationSpec{ Destination: appsv1.ApplicationDestination{Namespace: "default", Server: "https://cluster-api.example.com"}, Source: &appsv1.ApplicationSource{RepoURL: "https://some-fake-source", Path: "."}, }}) @@ -857,105 +821,103 @@ func TestNoAppEnumeration(t *testing.T) { }) t.Run("Patch", func(t *testing.T) { - _, err := appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) - require.NoError(t, err) - _, err = appServer.Patch(noRoleCtx, &application.ApplicationPatchRequest{Name: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) + _, err := appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) + assert.NoError(t, err) + _, err = appServer.Patch(noRoleCtx, &application.ApplicationPatchRequest{Name: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/source/path", "value": "foo"}]`)}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: ptr.To("doest-not-exist")}) + _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.Patch(adminCtx, &application.ApplicationPatchRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetResource", func(t *testing.T) { - _, err := appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.GetResource(noRoleCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) + _, err := appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.GetResource(noRoleCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("doest-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) + _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) + _, err = appServer.GetResource(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("PatchResource", func(t *testing.T) { - _, err := appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + _, err := appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) // This will always throw an error, because the kubectl mock for PatchResource is hard-coded to return nil. // The best we can do is to confirm we get past the permission check. assert.NotEqual(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.PatchResource(noRoleCtx, &application.ApplicationResourcePatchRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + _, err = appServer.PatchResource(noRoleCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: ptr.To("doest-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Patch: ptr.To(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) + _, err = appServer.PatchResource(adminCtx, &application.ApplicationResourcePatchRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Patch: pointer.String(`[{"op": "replace", "path": "/spec/replicas", "value": 3}]`)}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("DeleteResource", func(t *testing.T) { - _, err := appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.DeleteResource(noRoleCtx, &application.ApplicationResourceDeleteRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) + _, err := appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.DeleteResource(noRoleCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: ptr.To("doest-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) + _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("doest-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) + _, err = appServer.DeleteResource(adminCtx, &application.ApplicationResourceDeleteRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ResourceTree", func(t *testing.T) { - _, err := appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.ResourceTree(noRoleCtx, &application.ResourcesQuery{ApplicationName: ptr.To("test")}) + _, err := appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.ResourceTree(noRoleCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("doest-not-exist")}) + _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.ResourceTree(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RevisionMetadata", func(t *testing.T) { - _, err := appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("test-multi"), SourceIndex: ptr.To(int32(0)), VersionId: ptr.To(int32(1))}) - require.NoError(t, err) - _, err = appServer.RevisionMetadata(noRoleCtx, &application.RevisionMetadataQuery{Name: ptr.To("test")}) + _, err := appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.RevisionMetadata(noRoleCtx, &application.RevisionMetadataQuery{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("doest-not-exist")}) + _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.RevisionMetadata(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RevisionChartDetails", func(t *testing.T) { - _, err := appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("test-helm")}) - require.NoError(t, err) - _, err = appServer.RevisionChartDetails(noRoleCtx, &application.RevisionMetadataQuery{Name: ptr.To("test-helm")}) + _, err := appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("test-helm")}) + assert.NoError(t, err) + _, err = appServer.RevisionChartDetails(noRoleCtx, &application.RevisionMetadataQuery{Name: pointer.String("test-helm")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("doest-not-exist")}) + _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.RevisionChartDetails(adminCtx, &application.RevisionMetadataQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ManagedResources", func(t *testing.T) { - _, err := appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.ManagedResources(noRoleCtx, &application.ResourcesQuery{ApplicationName: ptr.To("test")}) + _, err := appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.ManagedResources(noRoleCtx, &application.ResourcesQuery{ApplicationName: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("doest-not-exist")}) + _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.ManagedResources(adminCtx, &application.ResourcesQuery{ApplicationName: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("Sync", func(t *testing.T) { - _, err := appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.Sync(noRoleCtx, &application.ApplicationSyncRequest{Name: ptr.To("test")}) + _, err := appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.Sync(noRoleCtx, &application.ApplicationSyncRequest{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: ptr.To("doest-not-exist")}) + _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.Sync(adminCtx, &application.ApplicationSyncRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) @@ -963,70 +925,68 @@ func TestNoAppEnumeration(t *testing.T) { // The sync operation is already started from the previous test. We just need to set the field that the // controller would set if this were an actual Argo CD environment. setSyncRunningOperationState(t, appServer) - _, err := appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.TerminateOperation(noRoleCtx, &application.OperationTerminateRequest{Name: ptr.To("test")}) + _, err := appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.TerminateOperation(noRoleCtx, &application.OperationTerminateRequest{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: ptr.To("doest-not-exist")}) + _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.TerminateOperation(adminCtx, &application.OperationTerminateRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("Rollback", func(t *testing.T) { unsetSyncRunningOperationState(t, appServer) - _, err := appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: ptr.To("test-multi"), Id: ptr.To(int64(1))}) - require.NoError(t, err) - _, err = appServer.Rollback(noRoleCtx, &application.ApplicationRollbackRequest{Name: ptr.To("test")}) + _, err := appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.Rollback(noRoleCtx, &application.ApplicationRollbackRequest{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: ptr.To("doest-not-exist")}) + _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.Rollback(adminCtx, &application.ApplicationRollbackRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceActions", func(t *testing.T) { - _, err := appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.ListResourceActions(noRoleCtx, &application.ApplicationResourceRequest{Name: ptr.To("test")}) + _, err := appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.ListResourceActions(noRoleCtx, &application.ApplicationResourceRequest{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceActions(noRoleCtx, &application.ApplicationResourceRequest{Group: ptr.To("argoproj.io"), Kind: ptr.To("Application"), Name: ptr.To("test")}) + _, err = appServer.ListResourceActions(noRoleCtx, &application.ApplicationResourceRequest{Group: pointer.String("argoproj.io"), Kind: pointer.String("Application"), Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("doest-not-exist")}) + _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.ListResourceActions(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("RunResourceAction", func(t *testing.T) { - _, err := appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Action: ptr.To("restart")}) - require.NoError(t, err) - _, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Name: ptr.To("test")}) + _, err := appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Action: pointer.String("restart")}) + assert.NoError(t, err) + _, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Group: ptr.To("argoproj.io"), Kind: ptr.To("Application"), Name: ptr.To("test")}) + _, err = appServer.RunResourceAction(noRoleCtx, &application.ResourceActionRunRequest{Group: pointer.String("argoproj.io"), Kind: pointer.String("Application"), Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("doest-not-exist")}) + _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.RunResourceAction(adminCtx, &application.ResourceActionRunRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetApplicationSyncWindows", func(t *testing.T) { - _, err := appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.GetApplicationSyncWindows(noRoleCtx, &application.ApplicationSyncWindowsQuery{Name: ptr.To("test")}) + _, err := appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.GetApplicationSyncWindows(noRoleCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: ptr.To("doest-not-exist")}) + _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.GetApplicationSyncWindows(adminCtx, &application.ApplicationSyncWindowsQuery{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("GetManifestsWithFiles", func(t *testing.T) { err := appServer.GetManifestsWithFiles(&TestServerStream{ctx: adminCtx, appName: "test"}) - require.NoError(t, err) + assert.NoError(t, err) err = appServer.GetManifestsWithFiles(&TestServerStream{ctx: noRoleCtx, appName: "test"}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") err = appServer.GetManifestsWithFiles(&TestServerStream{ctx: adminCtx, appName: "does-not-exist"}) @@ -1036,58 +996,58 @@ func TestNoAppEnumeration(t *testing.T) { }) t.Run("WatchResourceTree", func(t *testing.T) { - err := appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: ptr.To("test")}, &TestResourceTreeServer{ctx: adminCtx}) - require.NoError(t, err) - err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: ptr.To("test")}, &TestResourceTreeServer{ctx: noRoleCtx}) + err := appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("test")}, &TestResourceTreeServer{ctx: adminCtx}) + assert.NoError(t, err) + err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("test")}, &TestResourceTreeServer{ctx: noRoleCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: ptr.To("does-not-exist")}, &TestResourceTreeServer{ctx: adminCtx}) + err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("does-not-exist")}, &TestResourceTreeServer{ctx: adminCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: ptr.To("does-not-exist"), Project: ptr.To("test")}, &TestResourceTreeServer{ctx: adminCtx}) + err = appServer.WatchResourceTree(&application.ResourcesQuery{ApplicationName: pointer.String("does-not-exist"), Project: pointer.String("test")}, &TestResourceTreeServer{ctx: adminCtx}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("PodLogs", func(t *testing.T) { - err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("test")}, &TestPodLogsServer{ctx: adminCtx}) - require.NoError(t, err) - err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("test")}, &TestPodLogsServer{ctx: noRoleCtx}) + err := appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) + assert.NoError(t, err) + err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("test")}, &TestPodLogsServer{ctx: noRoleCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("does-not-exist")}, &TestPodLogsServer{ctx: adminCtx}) + err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("does-not-exist")}, &TestPodLogsServer{ctx: adminCtx}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: ptr.To("does-not-exist"), Project: ptr.To("test")}, &TestPodLogsServer{ctx: adminCtx}) + err = appServer.PodLogs(&application.ApplicationPodLogsQuery{Name: pointer.String("does-not-exist"), Project: pointer.String("test")}, &TestPodLogsServer{ctx: adminCtx}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListLinks", func(t *testing.T) { - _, err := appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.ListLinks(noRoleCtx, &application.ListAppLinksRequest{Name: ptr.To("test")}) + _, err := appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.ListLinks(noRoleCtx, &application.ListAppLinksRequest{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: ptr.To("does-not-exist")}) + _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: pointer.String("does-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: ptr.To("does-not-exist"), Project: ptr.To("test")}) + _, err = appServer.ListLinks(adminCtx, &application.ListAppLinksRequest{Name: pointer.String("does-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) t.Run("ListResourceLinks", func(t *testing.T) { - _, err := appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.ListResourceLinks(noRoleCtx, &application.ApplicationResourceRequest{Name: ptr.To("test"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) + _, err := appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.ListResourceLinks(noRoleCtx, &application.ApplicationResourceRequest{Name: pointer.String("test"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("does-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test")}) + _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("does-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: ptr.To("does-not-exist"), ResourceName: ptr.To("test"), Group: ptr.To("apps"), Kind: ptr.To("Deployment"), Namespace: ptr.To("test"), Project: ptr.To("test")}) + _, err = appServer.ListResourceLinks(adminCtx, &application.ApplicationResourceRequest{Name: pointer.String("does-not-exist"), ResourceName: pointer.String("test"), Group: pointer.String("apps"), Kind: pointer.String("Deployment"), Namespace: pointer.String("test"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"does-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) // Do this last so other stuff doesn't fail. t.Run("Delete", func(t *testing.T) { - _, err := appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: ptr.To("test")}) - require.NoError(t, err) - _, err = appServer.Delete(noRoleCtx, &application.ApplicationDeleteRequest{Name: ptr.To("test")}) + _, err := appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: pointer.String("test")}) + assert.NoError(t, err) + _, err = appServer.Delete(noRoleCtx, &application.ApplicationDeleteRequest{Name: pointer.String("test")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: ptr.To("doest-not-exist")}) + _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: pointer.String("doest-not-exist")}) assert.Equal(t, permissionDeniedErr.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about app existence") - _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: ptr.To("doest-not-exist"), Project: ptr.To("test")}) + _, err = appServer.Delete(adminCtx, &application.ApplicationDeleteRequest{Name: pointer.String("doest-not-exist"), Project: pointer.String("test")}) assert.Equal(t, "rpc error: code = NotFound desc = applications.argoproj.io \"doest-not-exist\" not found", err.Error(), "when the request specifies a project, we can return the standard k8s error message") }) } @@ -1156,48 +1116,34 @@ func testListAppsWithLabels(t *testing.T, appQuery application.ApplicationQuery, label string expectedResult []string }{ - { - testName: "Equality based filtering using '=' operator", + {testName: "Equality based filtering using '=' operator", label: "key1=value1", - expectedResult: []string{"App1"}, - }, - { - testName: "Equality based filtering using '==' operator", + expectedResult: []string{"App1"}}, + {testName: "Equality based filtering using '==' operator", label: "key1==value1", - expectedResult: []string{"App1"}, - }, - { - testName: "Equality based filtering using '!=' operator", + expectedResult: []string{"App1"}}, + {testName: "Equality based filtering using '!=' operator", label: "key1!=value1", - expectedResult: []string{"App2", "App3"}, - }, - { - testName: "Set based filtering using 'in' operator", + expectedResult: []string{"App2", "App3"}}, + {testName: "Set based filtering using 'in' operator", label: "key1 in (value1, value3)", - expectedResult: []string{"App1", "App3"}, - }, - { - testName: "Set based filtering using 'notin' operator", + expectedResult: []string{"App1", "App3"}}, + {testName: "Set based filtering using 'notin' operator", label: "key1 notin (value1, value3)", - expectedResult: []string{"App2"}, - }, - { - testName: "Set based filtering using 'exists' operator", + expectedResult: []string{"App2"}}, + {testName: "Set based filtering using 'exists' operator", label: "key1", - expectedResult: []string{"App1", "App2", "App3"}, - }, - { - testName: "Set based filtering using 'not exists' operator", + expectedResult: []string{"App1", "App2", "App3"}}, + {testName: "Set based filtering using 'not exists' operator", label: "!key2", - expectedResult: []string{"App2", "App3"}, - }, + expectedResult: []string{"App2", "App3"}}, } // test valid scenarios for _, validTest := range validTests { t.Run(validTest.testName, func(t *testing.T) { appQuery.Selector = &validTest.label res, err := appServer.List(context.Background(), &appQuery) - require.NoError(t, err) + assert.NoError(t, err) apps := []string{} for i := range res.Items { apps = append(apps, res.Items[i].Name) @@ -1211,16 +1157,12 @@ func testListAppsWithLabels(t *testing.T, appQuery application.ApplicationQuery, label string errorMesage string }{ - { - testName: "Set based filtering using '>' operator", + {testName: "Set based filtering using '>' operator", label: "key1>value1", - errorMesage: "error parsing the selector", - }, - { - testName: "Set based filtering using '<' operator", + errorMesage: "error parsing the selector"}, + {testName: "Set based filtering using '<' operator", label: "key1' operator", + {testName: "Set based filtering using '>' operator", label: "key1>value1", - errorMesage: "error parsing the selector", - }, - { - testName: "Set based filtering using '<' operator", + errorMesage: "error parsing the selector"}, + {testName: "Set based filtering using '<' operator", label: "key1]*>([^<]*)`) titleRectWidthPattern = regexp.MustCompile(`(id="titleRect" .* width=)("0")`) rightRectWidthPattern = regexp.MustCompile(`(id="rightRect" .* width=)("\d*")`) - revisionRectWidthPattern = regexp.MustCompile(`(id="revisionRect" .* width=)("\d*")`) leftRectYCoodPattern = regexp.MustCompile(`(id="leftRect" .* y=)("\d*")`) rightRectYCoodPattern = regexp.MustCompile(`(id="rightRect" .* y=)("\d*")`) revisionRectYCoodPattern = regexp.MustCompile(`(id="revisionRect" .* y=)("\d*")`) leftTextYCoodPattern = regexp.MustCompile(`(id="leftText" .* y=)("\d*")`) rightTextYCoodPattern = regexp.MustCompile(`(id="rightText" .* y=)("\d*")`) revisionTextYCoodPattern = regexp.MustCompile(`(id="revisionText" .* y=)("\d*")`) - revisionTextXCoodPattern = regexp.MustCompile(`(id="revisionText" x=)("\d*")`) svgHeightPattern = regexp.MustCompile(`^( 0 && len(errs) != 0 { @@ -166,7 +161,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { } } } - // Sample url: http://localhost:8080/api/badge?name=123&revision=true + //Sample url: http://localhost:8080/api/badge?name=123&revision=true if revisionParam, ok := r.URL.Query()["revision"]; ok && enabled && strings.EqualFold(revisionParam[0], "true") { revisionEnabled = true } @@ -200,40 +195,16 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { badge = replaceFirstGroupSubMatch(rightTextPattern, badge, rightText) if !notFound && revisionEnabled && revision != "" { - // Enable display of revision components + // Increase width of SVG and enable display of revision components + badge = svgWidthPattern.ReplaceAllString(badge, fmt.Sprintf(` 7 { - displayedRevision = revision[:7] - svgWidth = svgWidthWithRevision - } else { - svgWidth = svgWidthWithFullRevision - } - - badge = replaceFirstGroupSubMatch(revisionTextPattern, badge, fmt.Sprintf("(%s)", displayedRevision)) - } - - if widthParam, ok := r.URL.Query()["width"]; ok && enabled { - width, err := strconv.Atoi(widthParam[0]) - if err == nil { - svgWidth = width - adjustWidth = true - } - } - - // Increase width of SVG - if adjustWidth { - badge = svgWidthPattern.ReplaceAllString(badge, fmt.Sprintf(` 7 { + shortRevision = shortRevision[:7] } + badge = replaceFirstGroupSubMatch(revisionTextPattern, badge, fmt.Sprintf("(%s)", shortRevision)) } if showAppNameParam, ok := r.URL.Query()["showAppName"]; ok && enabled && strings.EqualFold(showAppNameParam[0], "true") { @@ -244,6 +215,7 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { titleRectWidth := len(applicationName) * widthPerChar var longerWidth int = max(titleRectWidth, svgWidth) rightRectWidth := longerWidth - leftRectWidth + fmt.Println(len(applicationName)) badge = titleRectWidthPattern.ReplaceAllString(badge, fmt.Sprintf(`$1"%d"`, longerWidth)) badge = rightRectWidthPattern.ReplaceAllString(badge, fmt.Sprintf(`$1"%d"`, rightRectWidth)) badge = replaceFirstGroupSubMatch(titleTextPattern, badge, applicationName) @@ -260,10 +232,10 @@ func (h *Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "image/svg+xml") - // Ask cache's to not cache the contents in order prevent the badge from becoming stale + //Ask cache's to not cache the contents in order prevent the badge from becoming stale w.Header().Set("Cache-Control", "private, no-store") - // Allow badges to be fetched via XHR from frontend applications without running into CORS issues + //Allow badges to be fetched via XHR from frontend applications without running into CORS issues w.Header().Set("Access-Control-Allow-Origin", "*") w.WriteHeader(http.StatusOK) _, _ = w.Write([]byte(badge)) diff --git a/server/badge/badge_test.go b/server/badge/badge_test.go index 8e1d8819165bf..57d88c963323a 100644 --- a/server/badge/badge_test.go +++ b/server/badge/badge_test.go @@ -61,7 +61,6 @@ func testApp() *v1alpha1.Application { }, } } - func testApp2() *v1alpha1.Application { return &v1alpha1.Application{ ObjectMeta: v1.ObjectMeta{Name: "test-app", Namespace: "argocd-test"}, @@ -76,22 +75,6 @@ func testApp2() *v1alpha1.Application { }, } } - -func testApp3() *v1alpha1.Application { - return &v1alpha1.Application{ - ObjectMeta: v1.ObjectMeta{Name: "test-app", Namespace: "argocd-test"}, - Status: v1alpha1.ApplicationStatus{ - Sync: v1alpha1.SyncStatus{Status: v1alpha1.SyncStatusCodeSynced}, - Health: v1alpha1.HealthStatus{Status: health.HealthStatusHealthy}, - OperationState: &v1alpha1.OperationState{ - SyncResult: &v1alpha1.SyncOperationResult{ - Revision: "aa29b85ababababababab", - }, - }, - }, - } -} - func testProject() *v1alpha1.AppProject { return &v1alpha1.AppProject{ ObjectMeta: v1.ObjectMeta{Name: "test-project", Namespace: "default"}, @@ -103,7 +86,7 @@ func TestHandlerFeatureIsEnabled(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp()), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -131,66 +114,36 @@ func TestHandlerFeatureProjectIsEnabled(t *testing.T) { healthColor color.RGBA statusColor color.RGBA }{ - { - createApplications([]string{"Healthy:Synced", "Healthy:Synced"}, []string{"default", "default"}, "test"), - http.StatusOK, "/api/badge?project=default", "test", "Healthy", "Synced", Green, Green, - }, - { - createApplications([]string{"Healthy:Synced", "Healthy:OutOfSync"}, []string{"test-project", "test-project"}, "default"), - http.StatusOK, "/api/badge?project=test-project", "default", "Healthy", "OutOfSync", Green, Orange, - }, - { - createApplications([]string{"Healthy:Synced", "Degraded:Synced"}, []string{"default", "default"}, "test"), - http.StatusOK, "/api/badge?project=default", "test", "Degraded", "Synced", Red, Green, - }, - { - createApplications([]string{"Healthy:Synced", "Degraded:OutOfSync"}, []string{"test-project", "test-project"}, "default"), - http.StatusOK, "/api/badge?project=test-project", "default", "Degraded", "OutOfSync", Red, Orange, - }, - { - createApplications([]string{"Healthy:Synced", "Healthy:Synced"}, []string{"test-project", "default"}, "test"), - http.StatusOK, "/api/badge?project=default&project=test-project", "test", "Healthy", "Synced", Green, Green, - }, - { - createApplications([]string{"Healthy:OutOfSync", "Healthy:Synced"}, []string{"test-project", "default"}, "default"), - http.StatusOK, "/api/badge?project=default&project=test-project", "default", "Healthy", "OutOfSync", Green, Orange, - }, - { - createApplications([]string{"Degraded:Synced", "Healthy:Synced"}, []string{"test-project", "default"}, "test"), - http.StatusOK, "/api/badge?project=default&project=test-project", "test", "Degraded", "Synced", Red, Green, - }, - { - createApplications([]string{"Degraded:OutOfSync", "Healthy:OutOfSync"}, []string{"test-project", "default"}, "default"), - http.StatusOK, "/api/badge?project=default&project=test-project", "default", "Degraded", "OutOfSync", Red, Orange, - }, - { - createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), - http.StatusOK, "/api/badge?project=", "default", "Unknown", "Unknown", Purple, Purple, - }, - { - createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), - http.StatusBadRequest, "/api/badge?project=test$project", "default", "Unknown", "Unknown", Purple, Purple, - }, - { - createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), - http.StatusOK, "/api/badge?project=unknown", "default", "Unknown", "Unknown", Purple, Purple, - }, - { - createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), - http.StatusBadRequest, "/api/badge?name=foo_bar", "default", "Unknown", "Unknown", Purple, Purple, - }, - { - createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), - http.StatusOK, "/api/badge?name=foobar", "default", "Not Found", "", Purple, Purple, - }, - { - createApplicationsWithName([]string{"Healthy:Synced"}, []string{"default"}, "test", "test.application"), - http.StatusOK, "/api/badge?name=test.application-0", "test", "Healthy", "Synced", Green, Green, - }, - { - createApplicationsWithName([]string{"Healthy:Synced"}, []string{"default"}, "test", "test.invalid_name"), - http.StatusBadRequest, "/api/badge?name=test.invalid_name-0", "test", "Healthy", "Synced", Green, Green, - }, + {createApplications([]string{"Healthy:Synced", "Healthy:Synced"}, []string{"default", "default"}, "test"), + http.StatusOK, "/api/badge?project=default", "test", "Healthy", "Synced", Green, Green}, + {createApplications([]string{"Healthy:Synced", "Healthy:OutOfSync"}, []string{"test-project", "test-project"}, "default"), + http.StatusOK, "/api/badge?project=test-project", "default", "Healthy", "OutOfSync", Green, Orange}, + {createApplications([]string{"Healthy:Synced", "Degraded:Synced"}, []string{"default", "default"}, "test"), + http.StatusOK, "/api/badge?project=default", "test", "Degraded", "Synced", Red, Green}, + {createApplications([]string{"Healthy:Synced", "Degraded:OutOfSync"}, []string{"test-project", "test-project"}, "default"), + http.StatusOK, "/api/badge?project=test-project", "default", "Degraded", "OutOfSync", Red, Orange}, + {createApplications([]string{"Healthy:Synced", "Healthy:Synced"}, []string{"test-project", "default"}, "test"), + http.StatusOK, "/api/badge?project=default&project=test-project", "test", "Healthy", "Synced", Green, Green}, + {createApplications([]string{"Healthy:OutOfSync", "Healthy:Synced"}, []string{"test-project", "default"}, "default"), + http.StatusOK, "/api/badge?project=default&project=test-project", "default", "Healthy", "OutOfSync", Green, Orange}, + {createApplications([]string{"Degraded:Synced", "Healthy:Synced"}, []string{"test-project", "default"}, "test"), + http.StatusOK, "/api/badge?project=default&project=test-project", "test", "Degraded", "Synced", Red, Green}, + {createApplications([]string{"Degraded:OutOfSync", "Healthy:OutOfSync"}, []string{"test-project", "default"}, "default"), + http.StatusOK, "/api/badge?project=default&project=test-project", "default", "Degraded", "OutOfSync", Red, Orange}, + {createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), + http.StatusOK, "/api/badge?project=", "default", "Unknown", "Unknown", Purple, Purple}, + {createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), + http.StatusBadRequest, "/api/badge?project=test$project", "default", "Unknown", "Unknown", Purple, Purple}, + {createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), + http.StatusOK, "/api/badge?project=unknown", "default", "Unknown", "Unknown", Purple, Purple}, + {createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), + http.StatusBadRequest, "/api/badge?name=foo_bar", "default", "Unknown", "Unknown", Purple, Purple}, + {createApplications([]string{"Unknown:Unknown", "Unknown:Unknown"}, []string{"test-project", "default"}, "default"), + http.StatusOK, "/api/badge?name=foobar", "default", "Not Found", "", Purple, Purple}, + {createApplicationsWithName([]string{"Healthy:Synced"}, []string{"default"}, "test", "test.application"), + http.StatusOK, "/api/badge?name=test.application-0", "test", "Healthy", "Synced", Green, Green}, + {createApplicationsWithName([]string{"Healthy:Synced"}, []string{"default"}, "test", "test.invalid_name"), + http.StatusBadRequest, "/api/badge?name=test.invalid_name-0", "test", "Healthy", "Synced", Green, Green}, } for _, tt := range projectTests { argoCDCm := argoCDCm() @@ -206,7 +159,7 @@ func TestHandlerFeatureProjectIsEnabled(t *testing.T) { handler := NewHandler(appclientset.NewSimpleClientset(objects...), settingsMgr, tt.namespace, []string{}) rr := httptest.NewRecorder() req, err := http.NewRequest(http.MethodGet, tt.apiEndPoint, nil) - require.NoError(t, err) + assert.NoError(t, err) handler.ServeHTTP(rr, req) require.Equal(t, tt.response, rr.Result().StatusCode) if rr.Result().StatusCode != 400 { @@ -228,7 +181,7 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp2()), settingsMgr, "default", []string{"argocd-test"}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&namespace=argocd-test", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -249,7 +202,7 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp2()), settingsMgr, "default", []string{"argocd-test"}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&namespace=kube-system", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -260,13 +213,14 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { assert.Equal(t, toRGBString(Purple), rightRectColorPattern.FindStringSubmatch(response)[1]) assert.Equal(t, "Not Found", leftTextPattern.FindStringSubmatch(response)[1]) assert.Equal(t, "", rightTextPattern.FindStringSubmatch(response)[1]) + }) t.Run("Request with illegal namespace", func(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp2()), settingsMgr, "default", []string{"argocd-test"}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&namespace=kube()system", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -275,70 +229,6 @@ func TestHandlerNamespacesIsEnabled(t *testing.T) { }) } -func TestHandlerFeatureIsEnabledKeepFullRevisionIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{""}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=true", nil) - require.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85ababababababab)") -} - -func TestHandlerFeatureIsEnabledKeepFullRevisionIsDisabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=false", nil) - require.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85)") -} - -func TestHandlerFeatureIsEnabledKeepFullRevisionAndWidthIsEnabled(t *testing.T) { - settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") - handler := NewHandler(appclientset.NewSimpleClientset(testApp3()), settingsMgr, "argocd-test", []string{""}) - req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true&keepFullRevision=true&width=500", nil) - require.NoError(t, err) - - rr := httptest.NewRecorder() - handler.ServeHTTP(rr, req) - - assert.Equal(t, "private, no-store", rr.Header().Get("Cache-Control")) - assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin")) - - response := rr.Body.String() - assert.Equal(t, toRGBString(Green), leftRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, toRGBString(Green), rightRectColorPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Healthy", leftTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "Synced", rightTextPattern.FindStringSubmatch(response)[1]) - assert.Equal(t, "500", svgWidthPattern.FindStringSubmatch(response)[1]) - assert.NotContains(t, response, "test-app") - assert.Contains(t, response, "(aa29b85ababababababab)") -} - func createApplicationFeatureProjectIsEnabled(healthStatus health.HealthStatusCode, syncStatus v1alpha1.SyncStatusCode, appName, projectName, namespace string) *v1alpha1.Application { return &v1alpha1.Application{ ObjectMeta: v1.ObjectMeta{Name: appName, Namespace: namespace}, @@ -390,12 +280,11 @@ func createApplicationsWithName(appCombo, projectName []string, namespace string } return apps } - func TestHandlerFeatureIsEnabledRevisionIsEnabled(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp()), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -419,7 +308,7 @@ func TestHandlerRevisionIsEnabledNoOperationState(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(app), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -443,7 +332,7 @@ func TestHandlerRevisionIsEnabledShortCommitSHA(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(app), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&revision=true", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -453,13 +342,14 @@ func TestHandlerRevisionIsEnabledShortCommitSHA(t *testing.T) { } func TestHandlerFeatureIsDisabled(t *testing.T) { + argoCDCmDisabled := argoCDCm() delete(argoCDCmDisabled.Data, "statusbadge.enabled") settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCmDisabled, argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp()), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -480,7 +370,7 @@ func TestHandlerApplicationNameInBadgeIsEnabled(t *testing.T) { settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp()), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app&showAppName=true", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) @@ -504,10 +394,11 @@ func TestHandlerApplicationNameInBadgeIsEnabled(t *testing.T) { } func TestHandlerApplicationNameInBadgeIsDisabled(t *testing.T) { + settingsMgr := settings.NewSettingsManager(context.Background(), fake.NewSimpleClientset(argoCDCm(), argoCDSecret()), "default") handler := NewHandler(appclientset.NewSimpleClientset(testApp()), settingsMgr, "default", []string{}) req, err := http.NewRequest(http.MethodGet, "/api/badge?name=test-app", nil) - require.NoError(t, err) + assert.NoError(t, err) rr := httptest.NewRecorder() handler.ServeHTTP(rr, req) diff --git a/server/cache/cache.go b/server/cache/cache.go index 1fd326c596c56..c2042c3f0e8d1 100644 --- a/server/cache/cache.go +++ b/server/cache/cache.go @@ -65,17 +65,17 @@ func (c *Cache) GetAppManagedResources(appName string, res *[]*appv1.ResourceDif return c.cache.GetAppManagedResources(appName, res) } -func (c *Cache) SetRepoConnectionState(repo string, project string, state *appv1.ConnectionState) error { - return c.cache.SetItem(repoConnectionStateKey(repo, project), &state, c.connectionStatusCacheExpiration, state == nil) +func (c *Cache) SetRepoConnectionState(repo string, state *appv1.ConnectionState) error { + return c.cache.SetItem(repoConnectionStateKey(repo), &state, c.connectionStatusCacheExpiration, state == nil) } -func repoConnectionStateKey(repo string, project string) string { - return fmt.Sprintf("repo|%s|%s|connection-state", repo, project) +func repoConnectionStateKey(repo string) string { + return fmt.Sprintf("repo|%s|connection-state", repo) } -func (c *Cache) GetRepoConnectionState(repo string, project string) (appv1.ConnectionState, error) { +func (c *Cache) GetRepoConnectionState(repo string) (appv1.ConnectionState, error) { res := appv1.ConnectionState{} - err := c.cache.GetItem(repoConnectionStateKey(repo, project), &res) + err := c.cache.GetItem(repoConnectionStateKey(repo), &res) return res, err } diff --git a/server/cache/cache_test.go b/server/cache/cache_test.go index 9104305a600a7..6e173035aa33a 100644 --- a/server/cache/cache_test.go +++ b/server/cache/cache_test.go @@ -6,7 +6,6 @@ import ( "github.com/spf13/cobra" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" cacheutil "github.com/argoproj/argo-cd/v2/util/cache" @@ -32,33 +31,23 @@ func newFixtures() *fixtures { func TestCache_GetRepoConnectionState(t *testing.T) { cache := newFixtures().Cache // cache miss - _, err := cache.GetRepoConnectionState("my-repo", "") + _, err := cache.GetRepoConnectionState("my-repo") assert.Equal(t, ErrCacheMiss, err) // populate cache - err = cache.SetRepoConnectionState("my-repo", "", &ConnectionState{Status: "my-state"}) - require.NoError(t, err) + err = cache.SetRepoConnectionState("my-repo", &ConnectionState{Status: "my-state"}) + assert.NoError(t, err) // cache miss - _, err = cache.GetRepoConnectionState("my-repo", "some-project") - assert.Equal(t, ErrCacheMiss, err) - // populate cache - err = cache.SetRepoConnectionState("my-repo", "some-project", &ConnectionState{Status: "my-project-state"}) - require.NoError(t, err) - // cache miss - _, err = cache.GetRepoConnectionState("other-repo", "") + _, err = cache.GetRepoConnectionState("other-repo") assert.Equal(t, ErrCacheMiss, err) // cache hit - value, err := cache.GetRepoConnectionState("my-repo", "") - require.NoError(t, err) + value, err := cache.GetRepoConnectionState("my-repo") + assert.NoError(t, err) assert.Equal(t, ConnectionState{Status: "my-state"}, value) - // cache hit - value, err = cache.GetRepoConnectionState("my-repo", "some-project") - require.NoError(t, err) - assert.Equal(t, ConnectionState{Status: "my-project-state"}, value) } func TestAddCacheFlagsToCmd(t *testing.T) { cache, err := AddCacheFlagsToCmd(&cobra.Command{})() - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, 1*time.Hour, cache.connectionStatusCacheExpiration) assert.Equal(t, 3*time.Minute, cache.oidcCacheExpiration) } diff --git a/server/cluster/cluster.go b/server/cluster/cluster.go index ed59e90f54f5b..cee0435f10fb4 100644 --- a/server/cluster/cluster.go +++ b/server/cluster/cluster.go @@ -243,8 +243,8 @@ func (s *Server) getCluster(ctx context.Context, q *cluster.ClusterQuery) (*appv return c, nil } - // we only get the name when we specify Name in ApplicationDestination and next - // we want to find the server in order to populate ApplicationDestination.Server + //we only get the name when we specify Name in ApplicationDestination and next + //we want to find the server in order to populate ApplicationDestination.Server if q.Name != "" { clusterList, err := s.db.ListClusters(ctx) if err != nil { @@ -294,6 +294,7 @@ func (s *Server) Update(ctx context.Context, q *cluster.ClusterUpdateRequest) (* Name: q.Cluster.Name, Id: q.Id, }, rbacpolicy.ActionUpdate) + if err != nil { return nil, err } diff --git a/server/cluster/cluster_test.go b/server/cluster/cluster_test.go index 567de3a661901..2ed7e023d4b80 100644 --- a/server/cluster/cluster_test.go +++ b/server/cluster/cluster_test.go @@ -4,26 +4,13 @@ import ( "context" "encoding/json" "fmt" + "github.com/argoproj/argo-cd/v2/server/rbacpolicy" + "github.com/argoproj/argo-cd/v2/util/assets" + "github.com/golang-jwt/jwt/v4" "reflect" "testing" "time" - "github.com/golang-jwt/jwt/v4" - - "github.com/argoproj/argo-cd/v2/server/rbacpolicy" - "github.com/argoproj/argo-cd/v2/util/assets" - - "github.com/argoproj/gitops-engine/pkg/utils/kube/kubetest" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/client-go/kubernetes/fake" - "k8s.io/utils/ptr" - "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" clusterapi "github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" @@ -37,6 +24,16 @@ import ( dbmocks "github.com/argoproj/argo-cd/v2/util/db/mocks" "github.com/argoproj/argo-cd/v2/util/rbac" "github.com/argoproj/argo-cd/v2/util/settings" + "github.com/argoproj/gitops-engine/pkg/utils/kube/kubetest" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/mock" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/client-go/kubernetes/fake" + "k8s.io/utils/pointer" ) func newServerInMemoryCache() *servercache.Cache { @@ -205,7 +202,7 @@ func TestGetCluster_UrlEncodedName(t *testing.T) { }) require.NoError(t, err) - assert.Equal(t, "test/ing", cluster.Name) + assert.Equal(t, cluster.Name, "test/ing") } func TestGetCluster_NameWithUrlEncodingButShouldNotBeUnescaped(t *testing.T) { @@ -235,7 +232,7 @@ func TestGetCluster_NameWithUrlEncodingButShouldNotBeUnescaped(t *testing.T) { }) require.NoError(t, err) - assert.Equal(t, "test%2fing", cluster.Name) + assert.Equal(t, cluster.Name, "test%2fing") } func TestUpdateCluster_NoFieldsPaths(t *testing.T) { @@ -272,8 +269,8 @@ func TestUpdateCluster_NoFieldsPaths(t *testing.T) { require.NoError(t, err) - assert.Equal(t, "minikube", updated.Name) - assert.Equal(t, []string{"default", "kube-system"}, updated.Namespaces) + assert.Equal(t, updated.Name, "minikube") + assert.Equal(t, updated.Namespaces, []string{"default", "kube-system"}) } func TestUpdateCluster_FieldsPathSet(t *testing.T) { @@ -294,16 +291,16 @@ func TestUpdateCluster_FieldsPathSet(t *testing.T) { _, err := server.Update(context.Background(), &clusterapi.ClusterUpdateRequest{ Cluster: &v1alpha1.Cluster{ Server: "https://127.0.0.1", - Shard: ptr.To(int64(1)), + Shard: pointer.Int64(1), }, UpdatedFields: []string{"shard"}, }) require.NoError(t, err) - assert.Equal(t, "minikube", updated.Name) - assert.Equal(t, []string{"default", "kube-system"}, updated.Namespaces) - assert.Equal(t, int64(1), *updated.Shard) + assert.Equal(t, updated.Name, "minikube") + assert.Equal(t, updated.Namespaces, []string{"default", "kube-system"}) + assert.Equal(t, *updated.Shard, int64(1)) labelEnv := map[string]string{ "env": "qa", @@ -318,8 +315,8 @@ func TestUpdateCluster_FieldsPathSet(t *testing.T) { require.NoError(t, err) - assert.Equal(t, "minikube", updated.Name) - assert.Equal(t, []string{"default", "kube-system"}, updated.Namespaces) + assert.Equal(t, updated.Name, "minikube") + assert.Equal(t, updated.Namespaces, []string{"default", "kube-system"}) assert.Equal(t, updated.Labels, labelEnv) annotationEnv := map[string]string{ @@ -335,8 +332,8 @@ func TestUpdateCluster_FieldsPathSet(t *testing.T) { require.NoError(t, err) - assert.Equal(t, "minikube", updated.Name) - assert.Equal(t, []string{"default", "kube-system"}, updated.Namespaces) + assert.Equal(t, updated.Name, "minikube") + assert.Equal(t, updated.Namespaces, []string{"default", "kube-system"}) assert.Equal(t, updated.Annotations, annotationEnv) _, err = server.Update(context.Background(), &clusterapi.ClusterUpdateRequest{ @@ -349,9 +346,9 @@ func TestUpdateCluster_FieldsPathSet(t *testing.T) { require.NoError(t, err) - assert.Equal(t, "minikube", updated.Name) - assert.Equal(t, []string{"default", "kube-system"}, updated.Namespaces) - assert.Equal(t, "new-project", updated.Project) + assert.Equal(t, updated.Name, "minikube") + assert.Equal(t, updated.Namespaces, []string{"default", "kube-system"}) + assert.Equal(t, updated.Project, "new-project") } func TestDeleteClusterByName(t *testing.T) { @@ -388,7 +385,7 @@ func TestDeleteClusterByName(t *testing.T) { _, err := server.Delete(context.Background(), &clusterapi.ClusterQuery{ Name: "my-cluster-name", }) - require.NoError(t, err) + assert.Nil(t, err) _, err = db.GetCluster(context.Background(), "https://my-cluster-server") assert.EqualError(t, err, `rpc error: code = NotFound desc = cluster "https://my-cluster-server" not found`) @@ -471,7 +468,7 @@ func TestRotateAuth(t *testing.T) { Name: "my-cluster-name", }) - require.Error(t, err) + require.NotNil(t, err) assert.Contains(t, err.Error(), "Get \"https://my-cluster-name/") }) @@ -480,7 +477,7 @@ func TestRotateAuth(t *testing.T) { Server: "https://my-cluster-name", }) - require.Error(t, err) + require.NotNil(t, err) assert.Contains(t, err.Error(), "Get \"https://my-cluster-name/") }) } @@ -699,13 +696,13 @@ func TestNoClusterEnumeration(t *testing.T) { _, err := server.Get(context.Background(), &clusterapi.ClusterQuery{ Name: "cluster-not-exists", }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") _, err = server.Get(context.Background(), &clusterapi.ClusterQuery{ Name: "test/ing", }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") }) @@ -715,7 +712,7 @@ func TestNoClusterEnumeration(t *testing.T) { Name: "cluster-not-exists", }, }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") _, err = server.Update(context.Background(), &clusterapi.ClusterUpdateRequest{ @@ -723,7 +720,7 @@ func TestNoClusterEnumeration(t *testing.T) { Name: "test/ing", }, }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") }) @@ -731,13 +728,13 @@ func TestNoClusterEnumeration(t *testing.T) { _, err := server.Delete(context.Background(), &clusterapi.ClusterQuery{ Server: "https://127.0.0.2", }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") _, err = server.Delete(context.Background(), &clusterapi.ClusterQuery{ Server: "https://127.0.0.1", }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") }) @@ -745,13 +742,13 @@ func TestNoClusterEnumeration(t *testing.T) { _, err := server.RotateAuth(context.Background(), &clusterapi.ClusterQuery{ Server: "https://127.0.0.2", }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") _, err = server.RotateAuth(context.Background(), &clusterapi.ClusterQuery{ Server: "https://127.0.0.1", }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") }) @@ -759,13 +756,13 @@ func TestNoClusterEnumeration(t *testing.T) { _, err := server.InvalidateCache(context.Background(), &clusterapi.ClusterQuery{ Server: "https://127.0.0.2", }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") _, err = server.InvalidateCache(context.Background(), &clusterapi.ClusterQuery{ Server: "https://127.0.0.1", }) - require.Error(t, err) + assert.Error(t, err) assert.Equal(t, common.PermissionDeniedAPIError.Error(), err.Error(), "error message must be _only_ the permission error, to avoid leaking information about cluster existence") }) } diff --git a/server/deeplinks/deeplinks.go b/server/deeplinks/deeplinks.go index 13d332072ce40..301d9ad0b2fb0 100644 --- a/server/deeplinks/deeplinks.go +++ b/server/deeplinks/deeplinks.go @@ -9,7 +9,7 @@ import ( "github.com/antonmedv/expr" "github.com/argoproj/gitops-engine/pkg/utils/kube" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -105,8 +105,8 @@ func EvaluateDeepLinksResponse(obj map[string]interface{}, name string, links [] case bool: if resOut { finalLinks = append(finalLinks, &application.LinkInfo{ - Title: ptr.To(link.Title), - Url: ptr.To(finalURL.String()), + Title: pointer.String(link.Title), + Url: pointer.String(finalURL.String()), Description: link.Description, IconClass: link.IconClass, }) @@ -117,8 +117,8 @@ func EvaluateDeepLinksResponse(obj map[string]interface{}, name string, links [] } } else { finalLinks = append(finalLinks, &application.LinkInfo{ - Title: ptr.To(link.Title), - Url: ptr.To(finalURL.String()), + Title: pointer.String(link.Title), + Url: pointer.String(finalURL.String()), Description: link.Description, IconClass: link.IconClass, }) diff --git a/server/deeplinks/deeplinks_test.go b/server/deeplinks/deeplinks_test.go index 8458a72770f50..09ad64671af9b 100644 --- a/server/deeplinks/deeplinks_test.go +++ b/server/deeplinks/deeplinks_test.go @@ -7,11 +7,10 @@ import ( "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -41,7 +40,7 @@ func TestDeepLinks(t *testing.T) { }, }, }) - require.NoError(t, err) + assert.NoError(t, err) resourceObj, err := kube.ToUnstructured(&v1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "test-cm", @@ -52,12 +51,12 @@ func TestDeepLinks(t *testing.T) { "key": "value1", }, }) - require.NoError(t, err) + assert.NoError(t, err) clusterObj, err := kube.ToUnstructured(&ClusterLinksData{ Server: "test-svc.com", Name: "test-cluster", }) - require.NoError(t, err) + assert.NoError(t, err) projectObj, err := kube.ToUnstructured(&v1alpha1.AppProject{ ObjectMeta: metav1.ObjectMeta{ Name: "test-project", @@ -67,7 +66,7 @@ func TestDeepLinks(t *testing.T) { SourceRepos: []string{"test-repo.git"}, }, }) - require.NoError(t, err) + assert.NoError(t, err) testTable := []deepLinkTC{ { appObj: appObj, @@ -77,11 +76,11 @@ func TestDeepLinks(t *testing.T) { inputLinks: []settings.DeepLink{{ Title: "link", URL: "http://example.com/{{ .application.metadata.name }}&{{ .resource.data.key }}&{{ index .project.spec.sourceRepos 0}}&{{ .cluster.name }}", - Condition: ptr.To(`application.metadata.name == "test" && project.metadata.name == "test-project"`), + Condition: pointer.String(`application.metadata.name == "test" && project.metadata.name == "test-project"`), }}, outputLinks: []*application.LinkInfo{{ - Title: ptr.To("link"), - Url: ptr.To("http://example.com/test&value1&test-repo.git&test-cluster"), + Title: pointer.String("link"), + Url: pointer.String("http://example.com/test&value1&test-repo.git&test-cluster"), }}, error: []string{}, }, @@ -93,11 +92,11 @@ func TestDeepLinks(t *testing.T) { inputLinks: []settings.DeepLink{{ Title: "link", URL: "http://example.com/{{ .app.metadata.name }}&{{ .resource.data.key }}&{{ index .project.spec.sourceRepos 0}}&{{ .cluster.name }}", - Condition: ptr.To(`app.metadata.name == "test" && project.metadata.name == "test-project"`), + Condition: pointer.String(`app.metadata.name == "test" && project.metadata.name == "test-project"`), }}, outputLinks: []*application.LinkInfo{{ - Title: ptr.To("link"), - Url: ptr.To("http://example.com/test&value1&test-repo.git&test-cluster"), + Title: pointer.String("link"), + Url: pointer.String("http://example.com/test&value1&test-repo.git&test-cluster"), }}, error: []string{}, }, @@ -109,22 +108,21 @@ func TestDeepLinks(t *testing.T) { { Title: "link", URL: "http://example.com/{{ .application.metadata.name }}&{{ .application.spec.destination.namespace }}", - Condition: ptr.To(`application.metadata.name matches "test"`), + Condition: pointer.String(`application.metadata.name matches "test"`), }, { Title: "link1", URL: "http://example.com/{{ .application.metadata.name }}&{{ .application.spec.destination.namespace }}", - Condition: ptr.To(`application.metadata.name matches "test1"`), + Condition: pointer.String(`application.metadata.name matches "test1"`), }, { Title: "link2", URL: "http://example.com/{{ .application.metadata.name }}&{{ .application.spec.destination.namespace }}", - Condition: ptr.To(`application.metadata.test matches "test"`), - }, - }, + Condition: pointer.String(`application.metadata.test matches "test"`), + }}, outputLinks: []*application.LinkInfo{{ - Title: ptr.To("link"), - Url: ptr.To("http://example.com/test&testns"), + Title: pointer.String("link"), + Url: pointer.String("http://example.com/test&testns"), }}, error: []string{"failed to evaluate link condition 'application.metadata.test matches \"test\"' with resource test, error=interface conversion: interface {} is nil, not string (1:27)\n | application.metadata.test matches \"test\"\n | ..........................^"}, }, @@ -136,17 +134,16 @@ func TestDeepLinks(t *testing.T) { { Title: "link", URL: "http://example.com/{{ .application.metadata.name }}&{{ .application.spec.destination.namespace }}", - Condition: ptr.To(`application.metadata.name matches "test"`), + Condition: pointer.String(`application.metadata.name matches "test"`), }, { Title: "link1", URL: "http://example.com/{{ .application.metadata.name }}&{{ .application.spec.destination.namespace }}", - Condition: ptr.To(`1 + 1`), - }, - }, + Condition: pointer.String(`1 + 1`), + }}, outputLinks: []*application.LinkInfo{{ - Title: ptr.To("link"), - Url: ptr.To("http://example.com/test&testns"), + Title: pointer.String("link"), + Url: pointer.String("http://example.com/test&testns"), }}, error: []string{"link condition '1 + 1' evaluated to non-boolean value for resource test"}, }, @@ -158,11 +155,11 @@ func TestDeepLinks(t *testing.T) { inputLinks: []settings.DeepLink{{ Title: "link", URL: "http://example.com/{{ .cluster.name | replace \"-\" \"_\" }}&{{ first .project.spec.sourceRepos }}", - Condition: ptr.To(`application.metadata.name == "test" && project.metadata.name == "test-project"`), + Condition: pointer.String(`application.metadata.name == "test" && project.metadata.name == "test-project"`), }}, outputLinks: []*application.LinkInfo{{ - Title: ptr.To("link"), - Url: ptr.To("http://example.com/test_cluster&test-repo.git"), + Title: pointer.String("link"), + Url: pointer.String("http://example.com/test_cluster&test-repo.git"), }}, error: []string{}, }, @@ -172,6 +169,6 @@ func TestDeepLinks(t *testing.T) { objs := CreateDeepLinksObject(tc.resourceObj, tc.appObj, tc.clusterObj, tc.projectObj) output, err := EvaluateDeepLinksResponse(objs, tc.appObj.GetName(), tc.inputLinks) assert.Equal(t, tc.error, err, strings.Join(err, ",")) - assert.True(t, reflect.DeepEqual(output.Items, tc.outputLinks)) + assert.Equal(t, reflect.DeepEqual(output.Items, tc.outputLinks), true) } } diff --git a/server/extension/extension.go b/server/extension/extension.go index 95dc539a70af1..9f8edcd6184fc 100644 --- a/server/extension/extension.go +++ b/server/extension/extension.go @@ -50,7 +50,7 @@ const ( // that the Argo CD application is associated with. This header // will be populated by the extension proxy and passed to the // configured backend service. If this header is passed by - // the client, its value will be overridden by the extension + // the client, its value will be overriden by the extension // handler. // // Example: @@ -61,7 +61,7 @@ const ( // that the Argo CD application is associated with. This header // will be populated by the extension proxy and passed to the // configured backend service. If this header is passed by - // the client, its value will be overridden by the extension + // the client, its value will be overriden by the extension // handler. HeaderArgoCDTargetClusterName = "Argocd-Target-Cluster-Name" ) @@ -92,7 +92,7 @@ func ValidateHeaders(r *http.Request) (*RequestResources, error) { } appNamespace, appName, err := getAppName(appHeader) if err != nil { - return nil, fmt.Errorf("error getting app details: %w", err) + return nil, fmt.Errorf("error getting app details: %s", err) } if !argo.IsValidNamespaceName(appNamespace) { return nil, errors.New("invalid value for namespace") @@ -370,23 +370,23 @@ func parseAndValidateConfig(s *settings.ArgoCDSettings) (*ExtensionConfigs, erro extConfigMap := map[string]interface{}{} err := yaml.Unmarshal([]byte(s.ExtensionConfig), &extConfigMap) if err != nil { - return nil, fmt.Errorf("invalid extension config: %w", err) + return nil, fmt.Errorf("invalid extension config: %s", err) } parsedExtConfig := settings.ReplaceMapSecrets(extConfigMap, s.Secrets) parsedExtConfigBytes, err := yaml.Marshal(parsedExtConfig) if err != nil { - return nil, fmt.Errorf("error marshaling parsed extension config: %w", err) + return nil, fmt.Errorf("error marshaling parsed extension config: %s", err) } configs := ExtensionConfigs{} err = yaml.Unmarshal(parsedExtConfigBytes, &configs) if err != nil { - return nil, fmt.Errorf("invalid parsed extension config: %w", err) + return nil, fmt.Errorf("invalid parsed extension config: %s", err) } err = validateConfigs(&configs) if err != nil { - return nil, fmt.Errorf("validation error: %w", err) + return nil, fmt.Errorf("validation error: %s", err) } return &configs, nil } @@ -442,7 +442,7 @@ func validateConfigs(configs *ExtensionConfigs) error { func NewProxy(targetURL string, headers []Header, config ProxyConfig) (*httputil.ReverseProxy, error) { url, err := url.Parse(targetURL) if err != nil { - return nil, fmt.Errorf("failed to parse proxy URL: %w", err) + return nil, fmt.Errorf("failed to parse proxy URL: %s", err) } proxy := &httputil.ReverseProxy{ Transport: newTransport(config), @@ -497,7 +497,7 @@ func applyProxyConfigDefaults(c *ProxyConfig) { func (m *Manager) RegisterExtensions() error { settings, err := m.settings.Get() if err != nil { - return fmt.Errorf("error getting settings: %w", err) + return fmt.Errorf("error getting settings: %s", err) } if settings.ExtensionConfig == "" { m.log.Infof("No extensions configured.") @@ -505,7 +505,7 @@ func (m *Manager) RegisterExtensions() error { } err = m.UpdateExtensionRegistry(settings) if err != nil { - return fmt.Errorf("error updating extension registry: %w", err) + return fmt.Errorf("error updating extension registry: %s", err) } return nil } @@ -517,7 +517,7 @@ func (m *Manager) RegisterExtensions() error { func (m *Manager) UpdateExtensionRegistry(s *settings.ArgoCDSettings) error { extConfigs, err := parseAndValidateConfig(s) if err != nil { - return fmt.Errorf("error parsing extension config: %w", err) + return fmt.Errorf("error parsing extension config: %s", err) } extReg := make(map[string]ProxyRegistry) for _, ext := range extConfigs.Extensions { @@ -526,11 +526,11 @@ func (m *Manager) UpdateExtensionRegistry(s *settings.ArgoCDSettings) error { for _, service := range ext.Backend.Services { proxy, err := NewProxy(service.URL, service.Headers, ext.Backend.ProxyConfig) if err != nil { - return fmt.Errorf("error creating proxy: %w", err) + return fmt.Errorf("error creating proxy: %s", err) } err = appendProxy(proxyReg, ext.Name, service, proxy, singleBackend) if err != nil { - return fmt.Errorf("error appending proxy: %w", err) + return fmt.Errorf("error appending proxy: %s", err) } } extReg[ext.Name] = proxyReg @@ -546,8 +546,8 @@ func appendProxy(registry ProxyRegistry, extName string, service ServiceConfig, proxy *httputil.ReverseProxy, - singleBackend bool, -) error { + singleBackend bool) error { + if singleBackend { key := proxyKey(extName, "", "") if _, exist := registry[key]; exist { @@ -593,17 +593,17 @@ func (m *Manager) authorize(ctx context.Context, rr *RequestResources, extName s } appRBACName := security.RBACName(rr.ApplicationNamespace, rr.ProjectName, rr.ApplicationNamespace, rr.ApplicationName) if err := m.rbac.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceApplications, rbacpolicy.ActionGet, appRBACName); err != nil { - return nil, fmt.Errorf("application authorization error: %w", err) + return nil, fmt.Errorf("application authorization error: %s", err) } if err := m.rbac.EnforceErr(ctx.Value("claims"), rbacpolicy.ResourceExtensions, rbacpolicy.ActionInvoke, extName); err != nil { - return nil, fmt.Errorf("unauthorized to invoke extension %q: %w", extName, err) + return nil, fmt.Errorf("unauthorized to invoke extension %q: %s", extName, err) } // just retrieve the app after checking if subject has access to it app, err := m.application.Get(rr.ApplicationNamespace, rr.ApplicationName) if err != nil { - return nil, fmt.Errorf("error getting application: %w", err) + return nil, fmt.Errorf("error getting application: %s", err) } if app == nil { return nil, fmt.Errorf("invalid Application provided in the %q header", HeaderArgoCDApplicationName) @@ -615,14 +615,14 @@ func (m *Manager) authorize(ctx context.Context, rr *RequestResources, extName s proj, err := m.project.Get(app.Spec.GetProject()) if err != nil { - return nil, fmt.Errorf("error getting project: %w", err) + return nil, fmt.Errorf("error getting project: %s", err) } if proj == nil { return nil, fmt.Errorf("invalid project provided in the %q header", HeaderArgoCDProjectName) } permitted, err := proj.IsDestinationPermitted(app.Spec.Destination, m.project.GetClusters) if err != nil { - return nil, fmt.Errorf("error validating project destinations: %w", err) + return nil, fmt.Errorf("error validating project destinations: %s", err) } if !permitted { return nil, fmt.Errorf("the provided project is not allowed to access the cluster configured in the Application destination") @@ -634,6 +634,7 @@ func (m *Manager) authorize(ctx context.Context, rr *RequestResources, extName s // findProxy will search the given registry to find the correct proxy to use // based on the given extName and dest. func findProxy(registry ProxyRegistry, extName string, dest v1alpha1.ApplicationDestination) (*httputil.ReverseProxy, error) { + // First try to find the proxy in the registry just by the extension name. // This is the simple case for extensions with only one backend service. key := proxyKey(extName, "", "") @@ -718,7 +719,7 @@ func registerMetrics(extName string, metrics httpsnoop.Metrics, extensionMetrics } } -// prepareRequest is responsible for cleaning the incoming request URL removing +// prepareRequest is reponsible for cleaning the incoming request URL removing // the Argo CD extension API section from it. It will set the cluster destination name // and cluster destination server in the headers as it is defined in the given app. func prepareRequest(r *http.Request, extName string, app *v1alpha1.Application) { diff --git a/server/extension/extension_test.go b/server/extension/extension_test.go index 7d6a8e5ffb02b..ff287dde80424 100644 --- a/server/extension/extension_test.go +++ b/server/extension/extension_test.go @@ -15,7 +15,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/server/extension" @@ -56,7 +56,7 @@ func TestValidateHeaders(t *testing.T) { rr, err := extension.ValidateHeaders(r) // then - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, rr) }) t.Run("will return error if application header is missing", func(t *testing.T) { @@ -71,7 +71,7 @@ func TestValidateHeaders(t *testing.T) { rr, err := extension.ValidateHeaders(r) // then - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, rr) }) t.Run("will return error if project header is missing", func(t *testing.T) { @@ -86,7 +86,7 @@ func TestValidateHeaders(t *testing.T) { rr, err := extension.ValidateHeaders(r) // then - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, rr) }) t.Run("will return error if invalid namespace", func(t *testing.T) { @@ -102,7 +102,7 @@ func TestValidateHeaders(t *testing.T) { rr, err := extension.ValidateHeaders(r) // then - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, rr) }) t.Run("will return error if invalid app name", func(t *testing.T) { @@ -118,7 +118,7 @@ func TestValidateHeaders(t *testing.T) { rr, err := extension.ValidateHeaders(r) // then - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, rr) }) t.Run("will return error if invalid project name", func(t *testing.T) { @@ -134,7 +134,7 @@ func TestValidateHeaders(t *testing.T) { rr, err := extension.ValidateHeaders(r) // then - require.Error(t, err) + assert.Error(t, err) assert.Nil(t, rr) }) } @@ -167,8 +167,7 @@ func TestRegisterExtensions(t *testing.T) { f.settingsGetterMock.On("Get", mock.Anything).Return(settings, nil) expectedProxyRegistries := []string{ "external-backend", - "some-backend", - } + "some-backend"} // when err := f.manager.RegisterExtensions() @@ -180,6 +179,7 @@ func TestRegisterExtensions(t *testing.T) { assert.True(t, found) assert.NotNil(t, proxyRegistry) } + }) t.Run("will return error if extension config is invalid", func(t *testing.T) { // given @@ -231,7 +231,7 @@ func TestRegisterExtensions(t *testing.T) { err := f.manager.RegisterExtensions() // then - require.Error(t, err, "expected error in test %s but got nil", tc.name) + assert.Error(t, err, fmt.Sprintf("expected error in test %s but got nil", tc.name)) }) } }) @@ -375,6 +375,7 @@ func TestCallExtension(t *testing.T) { } fmt.Fprintln(w, response) })) + } newExtensionRequest := func(t *testing.T, method, url string) *http.Request { t.Helper() @@ -781,7 +782,6 @@ extensions: connectionTimeout: 2s ` } - func getExtensionConfigNoName() string { return ` extensions: @@ -790,7 +790,6 @@ extensions: - url: https://httpbin.org ` } - func getExtensionConfigInvalidName() string { return ` extensions: diff --git a/server/gpgkey/gpgkey.go b/server/gpgkey/gpgkey.go index 338f3a8acc2c9..375cb1e13a032 100644 --- a/server/gpgkey/gpgkey.go +++ b/server/gpgkey/gpgkey.go @@ -1,10 +1,11 @@ package gpgkey import ( - "context" "fmt" "strings" + "context" + gpgkeypkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/gpgkey" appsv1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/reposerver/apiclient" diff --git a/server/logout/logout_test.go b/server/logout/logout_test.go index 78a735c528beb..e20d35837f475 100644 --- a/server/logout/logout_test.go +++ b/server/logout/logout_test.go @@ -17,7 +17,6 @@ import ( "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" @@ -80,7 +79,7 @@ func TestConstructLogoutURL(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { constructedLogoutURL := constructLogoutURL(tt.logoutURL, tt.token, tt.logoutRedirectURL) - assert.Equal(t, tt.expectedLogoutURL, constructedLogoutURL) + assert.Equal(t, constructedLogoutURL, tt.expectedLogoutURL) }) } } @@ -253,17 +252,17 @@ func TestHandlerConstructLogoutURL(t *testing.T) { invalidHeader["Cookie"] = []string{"argocd.token=" + invalidToken} oidcRequest, err := http.NewRequest(http.MethodGet, "http://localhost:4000/api/logout", nil) - require.NoError(t, err) + assert.NoError(t, err) oidcRequest.Header = oidcTokenHeader nonoidcRequest, err := http.NewRequest(http.MethodGet, "http://localhost:4000/api/logout", nil) - require.NoError(t, err) + assert.NoError(t, err) nonoidcRequest.Header = nonOidcTokenHeader - require.NoError(t, err) + assert.NoError(t, err) requestWithInvalidToken, err := http.NewRequest(http.MethodGet, "http://localhost:4000/api/logout", nil) - require.NoError(t, err) + assert.NoError(t, err) requestWithInvalidToken.Header = invalidHeader invalidRequest, err := http.NewRequest(http.MethodGet, "http://localhost:4000/api/logout", nil) - require.NoError(t, err) + assert.NoError(t, err) tests := []struct { name string diff --git a/server/metrics/metrics.go b/server/metrics/metrics.go index 3056a4e3e9332..4afac9da26c02 100644 --- a/server/metrics/metrics.go +++ b/server/metrics/metrics.go @@ -9,7 +9,6 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" - "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/util/profile" ) @@ -19,7 +18,6 @@ type MetricsServer struct { redisRequestHistogram *prometheus.HistogramVec extensionRequestCounter *prometheus.CounterVec extensionRequestDuration *prometheus.HistogramVec - argoVersion *prometheus.GaugeVec } var ( @@ -53,13 +51,6 @@ var ( }, []string{"extension"}, ) - argoVersion = prometheus.NewGaugeVec( - prometheus.GaugeOpts{ - Name: "argocd_info", - Help: "ArgoCD version information", - }, - []string{"version"}, - ) ) // NewMetricsServer returns a new prometheus server which collects api server metrics @@ -70,15 +61,12 @@ func NewMetricsServer(host string, port int) *MetricsServer { registry, prometheus.DefaultGatherer, }, promhttp.HandlerOpts{})) - argoVersion.WithLabelValues(common.GetVersion().Version).Set(1) - profile.RegisterProfiler(mux) registry.MustRegister(redisRequestCounter) registry.MustRegister(redisRequestHistogram) registry.MustRegister(extensionRequestCounter) registry.MustRegister(extensionRequestDuration) - registry.MustRegister(argoVersion) return &MetricsServer{ Server: &http.Server{ @@ -89,7 +77,6 @@ func NewMetricsServer(host string, port int) *MetricsServer { redisRequestHistogram: redisRequestHistogram, extensionRequestCounter: extensionRequestCounter, extensionRequestDuration: extensionRequestDuration, - argoVersion: argoVersion, } } diff --git a/server/notification/notification.go b/server/notification/notification.go index 7b8f6589fcfbf..b85cbc34eb23b 100644 --- a/server/notification/notification.go +++ b/server/notification/notification.go @@ -3,11 +3,10 @@ package notification import ( "context" + "github.com/argoproj/argo-cd/v2/pkg/apiclient/notification" "github.com/argoproj/notifications-engine/pkg/api" apierr "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/utils/ptr" - - "github.com/argoproj/argo-cd/v2/pkg/apiclient/notification" + "k8s.io/utils/pointer" ) // Server provides an Application service @@ -31,7 +30,7 @@ func (s *Server) ListTriggers(ctx context.Context, q *notification.TriggersListR } triggers := []*notification.Trigger{} for trigger := range api.GetConfig().Triggers { - triggers = append(triggers, ¬ification.Trigger{Name: ptr.To(trigger)}) + triggers = append(triggers, ¬ification.Trigger{Name: pointer.String(trigger)}) } return ¬ification.TriggerList{Items: triggers}, nil } @@ -47,7 +46,7 @@ func (s *Server) ListServices(ctx context.Context, q *notification.ServicesListR } services := []*notification.Service{} for svc := range api.GetConfig().Services { - services = append(services, ¬ification.Service{Name: ptr.To(svc)}) + services = append(services, ¬ification.Service{Name: pointer.String(svc)}) } return ¬ification.ServiceList{Items: services}, nil } @@ -63,7 +62,7 @@ func (s *Server) ListTemplates(ctx context.Context, q *notification.TemplatesLis } templates := []*notification.Template{} for tmpl := range api.GetConfig().Templates { - templates = append(templates, ¬ification.Template{Name: ptr.To(tmpl)}) + templates = append(templates, ¬ification.Template{Name: pointer.String(tmpl)}) } return ¬ification.TemplateList{Items: templates}, nil } diff --git a/server/notification/notification_test.go b/server/notification/notification_test.go index 41e0306c84bd0..ee913926bc010 100644 --- a/server/notification/notification_test.go +++ b/server/notification/notification_test.go @@ -5,17 +5,16 @@ import ( "os" "testing" - "github.com/argoproj/notifications-engine/pkg/api" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - "k8s.io/utils/ptr" - "github.com/argoproj/argo-cd/v2/pkg/apiclient/notification" "github.com/argoproj/argo-cd/v2/reposerver/apiclient/mocks" service "github.com/argoproj/argo-cd/v2/util/notification/argocd" "github.com/argoproj/argo-cd/v2/util/notification/k8s" "github.com/argoproj/argo-cd/v2/util/notification/settings" + "github.com/argoproj/notifications-engine/pkg/api" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + "k8s.io/utils/pointer" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes/fake" @@ -26,6 +25,7 @@ import ( const testNamespace = "default" func TestNotificationServer(t *testing.T) { + // catalogPath := path.Join(paths[1], "config", "notifications-catalog") b, err := os.ReadFile("../../notifications_catalog/install.yaml") require.NoError(t, err) @@ -75,25 +75,25 @@ func TestNotificationServer(t *testing.T) { t.Run("TestListServices", func(t *testing.T) { server := NewServer(apiFactory) services, err := server.ListServices(ctx, ¬ification.ServicesListRequest{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, services.Items, 1) - assert.Equal(t, services.Items[0].Name, ptr.To("test")) + assert.Equal(t, services.Items[0].Name, pointer.String("test")) assert.NotEmpty(t, services.Items[0]) }) t.Run("TestListTriggers", func(t *testing.T) { server := NewServer(apiFactory) triggers, err := server.ListTriggers(ctx, ¬ification.TriggersListRequest{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, triggers.Items, 1) - assert.Equal(t, triggers.Items[0].Name, ptr.To("on-created")) + assert.Equal(t, triggers.Items[0].Name, pointer.String("on-created")) assert.NotEmpty(t, triggers.Items[0]) }) t.Run("TestListTemplates", func(t *testing.T) { server := NewServer(apiFactory) templates, err := server.ListTemplates(ctx, ¬ification.TemplatesListRequest{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, templates.Items, 1) - assert.Equal(t, templates.Items[0].Name, ptr.To("app-created")) + assert.Equal(t, templates.Items[0].Name, pointer.String("app-created")) assert.NotEmpty(t, templates.Items[0]) }) } diff --git a/server/project/project.go b/server/project/project.go index 74e7cf7bf0008..44ddee95eaaff 100644 --- a/server/project/project.go +++ b/server/project/project.go @@ -58,13 +58,10 @@ type Server struct { // NewServer returns a new instance of the Project service func NewServer(ns string, kubeclientset kubernetes.Interface, appclientset appclientset.Interface, enf *rbac.Enforcer, projectLock sync.KeyLock, sessionMgr *session.SessionManager, policyEnf *rbacpolicy.RBACPolicyEnforcer, - projInformer cache.SharedIndexInformer, settingsMgr *settings.SettingsManager, db db.ArgoDB, -) *Server { + projInformer cache.SharedIndexInformer, settingsMgr *settings.SettingsManager, db db.ArgoDB) *Server { auditLogger := argo.NewAuditLogger(ns, kubeclientset, "argocd-server") - return &Server{ - enf: enf, policyEnf: policyEnf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger, sessionMgr: sessionMgr, - projInformer: projInformer, settingsMgr: settingsMgr, db: db, - } + return &Server{enf: enf, policyEnf: policyEnf, appclientset: appclientset, kubeclientset: kubeclientset, ns: ns, projectLock: projectLock, auditLogger: auditLogger, sessionMgr: sessionMgr, + projInformer: projInformer, settingsMgr: settingsMgr, db: db} } func validateProject(proj *v1alpha1.AppProject) error { @@ -140,8 +137,6 @@ func (s *Server) createToken(ctx context.Context, q *project.ProjectTokenCreateR } id = claims.ID - prj.NormalizeJWTTokens() - items := append(prj.Status.JWTTokensByRole[q.Role].Items, v1alpha1.JWTToken{IssuedAt: issuedAt, ExpiresAt: expiresAt, ID: id}) if _, found := prj.Status.JWTTokensByRole[q.Role]; found { prj.Status.JWTTokensByRole[q.Role] = v1alpha1.JWTTokens{Items: items} @@ -159,6 +154,7 @@ func (s *Server) createToken(ctx context.Context, q *project.ProjectTokenCreateR } s.logEvent(prj, ctx, argo.EventReasonResourceCreated, "created token") return &project.ProjectTokenResponse{Token: jwtToken}, nil + } func (s *Server) ListLinks(ctx context.Context, q *project.ListProjectLinksRequest) (*application.LinksResponse, error) { @@ -519,6 +515,7 @@ func (s *Server) GetSyncWindowsState(ctx context.Context, q *project.SyncWindows return nil, err } proj, err := s.appclientset.ArgoprojV1alpha1().AppProjects(s.ns).Get(ctx, q.Name, metav1.GetOptions{}) + if err != nil { return nil, err } diff --git a/server/project/project_test.go b/server/project/project_test.go index a03f472696f5a..caf0df9f3ebac 100644 --- a/server/project/project_test.go +++ b/server/project/project_test.go @@ -12,7 +12,6 @@ import ( "github.com/golang-jwt/jwt/v4" "github.com/google/uuid" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" corev1 "k8s.io/api/core/v1" @@ -93,15 +92,17 @@ func TestProjectServer(t *testing.T) { argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB) err := projectServer.NormalizeProjs() - require.NoError(t, err) + assert.NoError(t, err) appList, err := projectServer.appclientset.ArgoprojV1alpha1().AppProjects(projectWithRole.Namespace).List(context.Background(), v1.ListOptions{}) - require.NoError(t, err) - assert.Equal(t, int64(1), appList.Items[0].Status.JWTTokensByRole[roleName].Items[0].IssuedAt) + assert.NoError(t, err) + assert.Equal(t, appList.Items[0].Status.JWTTokensByRole[roleName].Items[0].IssuedAt, int64(1)) assert.ElementsMatch(t, appList.Items[0].Status.JWTTokensByRole[roleName].Items, appList.Items[0].Spec.Roles[0].JWTTokens) + }) t.Run("TestClusterUpdateDenied", func(t *testing.T) { + enforcer.SetDefaultRole("role:projects") _ = enforcer.SetBuiltinPolicy("p, role:projects, projects, update, *, allow") argoDB := db.NewDB("default", settingsMgr, kubeclientset) @@ -116,6 +117,7 @@ func TestProjectServer(t *testing.T) { }) t.Run("TestReposUpdateDenied", func(t *testing.T) { + enforcer.SetDefaultRole("role:projects") _ = enforcer.SetBuiltinPolicy("p, role:projects, projects, update, *, allow") argoDB := db.NewDB("default", settingsMgr, kubeclientset) @@ -130,6 +132,7 @@ func TestProjectServer(t *testing.T) { }) t.Run("TestClusterResourceWhitelistUpdateDenied", func(t *testing.T) { + enforcer.SetDefaultRole("role:projects") _ = enforcer.SetBuiltinPolicy("p, role:projects, projects, update, *, allow") argoDB := db.NewDB("default", settingsMgr, kubeclientset) @@ -144,6 +147,7 @@ func TestProjectServer(t *testing.T) { }) t.Run("TestNamespaceResourceBlacklistUpdateDenied", func(t *testing.T) { + enforcer.SetDefaultRole("role:projects") _ = enforcer.SetBuiltinPolicy("p, role:projects, projects, update, *, allow") argoDB := db.NewDB("default", settingsMgr, kubeclientset) @@ -173,7 +177,7 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.Update(context.Background(), &project.ProjectUpdateRequest{Project: updatedProj}) - require.NoError(t, err) + assert.Nil(t, err) }) t.Run("TestRemoveDestinationUsedByApp", func(t *testing.T) { @@ -190,7 +194,7 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.Update(context.Background(), &project.ProjectUpdateRequest{Project: updatedProj}) - require.Error(t, err) + assert.NotNil(t, err) statusCode, _ := status.FromError(err) assert.Equal(t, codes.InvalidArgument, statusCode.Code()) }) @@ -209,7 +213,7 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.Update(context.Background(), &project.ProjectUpdateRequest{Project: updatedProj}) - require.NoError(t, err) + assert.Nil(t, err) }) t.Run("TestRemoveSourceUsedByApp", func(t *testing.T) { @@ -226,7 +230,7 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.Update(context.Background(), &project.ProjectUpdateRequest{Project: updatedProj}) - require.Error(t, err) + assert.NotNil(t, err) statusCode, _ := status.FromError(err) assert.Equal(t, codes.InvalidArgument, statusCode.Code()) }) @@ -246,7 +250,7 @@ func TestProjectServer(t *testing.T) { res, err := projectServer.Update(context.Background(), &project.ProjectUpdateRequest{Project: updatedProj}) - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, res.Spec.SourceRepos, updatedProj.Spec.SourceRepos) }) @@ -275,7 +279,7 @@ func TestProjectServer(t *testing.T) { res, err := projectServer.Update(context.Background(), &project.ProjectUpdateRequest{Project: updatedProj}) - require.NoError(t, err) + assert.NoError(t, err) assert.ElementsMatch(t, res.Spec.Destinations, updatedProj.Spec.Destinations) }) @@ -285,7 +289,7 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.Delete(context.Background(), &project.ProjectQuery{Name: "test"}) - require.NoError(t, err) + assert.Nil(t, err) }) t.Run("TestDeleteDefaultProjectFailure", func(t *testing.T) { @@ -312,7 +316,7 @@ func TestProjectServer(t *testing.T) { _, err := projectServer.Delete(context.Background(), &project.ProjectQuery{Name: "test"}) - require.Error(t, err) + assert.NotNil(t, err) statusCode, _ := status.FromError(err) assert.Equal(t, codes.InvalidArgument, statusCode.Code()) }) @@ -347,7 +351,7 @@ func TestProjectServer(t *testing.T) { argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithRole), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) _, err := projectServer.CreateToken(ctx, &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1}) - require.NoError(t, err) + assert.NoError(t, err) }) _ = enforcer.SetBuiltinPolicy(`p, role:admin, projects, update, *, allow`) @@ -361,16 +365,16 @@ func TestProjectServer(t *testing.T) { argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) tokenResponse, err := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 100}) - require.NoError(t, err) + assert.NoError(t, err) claims, _, err := sessionMgr.Parse(tokenResponse.Token) - require.NoError(t, err) + assert.NoError(t, err) mapClaims, err := jwtutil.MapClaims(claims) subject, ok := mapClaims["sub"].(string) assert.True(t, ok) expectedSubject := fmt.Sprintf(JWTTokenSubFormat, projectWithRole.Name, tokenName) assert.Equal(t, expectedSubject, subject) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("TestCreateTokenWithIDSuccessfully", func(t *testing.T) { @@ -382,16 +386,16 @@ func TestProjectServer(t *testing.T) { argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) tokenResponse, err := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1, Id: id}) - require.NoError(t, err) + assert.NoError(t, err) claims, _, err := sessionMgr.Parse(tokenResponse.Token) - require.NoError(t, err) + assert.NoError(t, err) mapClaims, err := jwtutil.MapClaims(claims) subject, ok := mapClaims["sub"].(string) assert.True(t, ok) expectedSubject := fmt.Sprintf(JWTTokenSubFormat, projectWithRole.Name, tokenName) assert.Equal(t, expectedSubject, subject) - require.NoError(t, err) + assert.NoError(t, err) }) t.Run("TestCreateTokenWithSameIdDeny", func(t *testing.T) { @@ -404,16 +408,16 @@ func TestProjectServer(t *testing.T) { projectServer := NewServer("default", fake.NewSimpleClientset(), clientset, enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) tokenResponse, err := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1, Id: id}) - require.NoError(t, err) + assert.NoError(t, err) claims, _, err := sessionMgr.Parse(tokenResponse.Token) - require.NoError(t, err) + assert.NoError(t, err) mapClaims, err := jwtutil.MapClaims(claims) subject, ok := mapClaims["sub"].(string) assert.True(t, ok) expectedSubject := fmt.Sprintf(JWTTokenSubFormat, projectWithRole.Name, tokenName) assert.Equal(t, expectedSubject, subject) - require.NoError(t, err) + assert.NoError(t, err) _, err1 := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projectWithRole.Name, Role: tokenName, ExpiresIn: 1, Id: id}) expectedErr := fmt.Sprintf("rpc error: code = InvalidArgument desc = rpc error: code = InvalidArgument desc = Token id '%s' has been used. ", id) @@ -445,7 +449,7 @@ func TestProjectServer(t *testing.T) { argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) _, err := projectServer.DeleteToken(ctx, &project.ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: issuedAt}) - require.NoError(t, err) + assert.NoError(t, err) }) _ = enforcer.SetBuiltinPolicy(`p, role:admin, projects, get, *, allow @@ -461,9 +465,9 @@ p, role:admin, projects, update, *, allow`) argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) _, err := projectServer.DeleteToken(ctx, &project.ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: issuedAt}) - require.NoError(t, err) + assert.NoError(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &project.ProjectQuery{Name: projWithToken.Name}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, projWithoutToken.Spec.Roles, 1) assert.Len(t, projWithoutToken.Spec.Roles[0].JWTTokens, 1) assert.Equal(t, projWithoutToken.Spec.Roles[0].JWTTokens[0].IssuedAt, secondIssuedAt) @@ -485,9 +489,9 @@ p, role:admin, projects, update, *, allow`) argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) _, err := projectServer.DeleteToken(ctx, &project.ProjectTokenDeleteRequest{Project: projWithToken.Name, Role: tokenName, Iat: secondIssuedAt, Id: id}) - require.NoError(t, err) + assert.NoError(t, err) projWithoutToken, err := projectServer.Get(context.Background(), &project.ProjectQuery{Name: projWithToken.Name}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, projWithoutToken.Spec.Roles, 1) assert.Len(t, projWithoutToken.Spec.Roles[0].JWTTokens, 1) assert.Equal(t, projWithoutToken.Spec.Roles[0].JWTTokens[0].IssuedAt, secondIssuedAt) @@ -504,14 +508,15 @@ p, role:admin, projects, update, *, allow`) argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithToken), enforcer, sync.NewKeyLock(), sessionMgr, policyEnf, projInformer, settingsMgr, argoDB) _, err := projectServer.CreateToken(context.Background(), &project.ProjectTokenCreateRequest{Project: projWithToken.Name, Role: tokenName}) - require.NoError(t, err) + assert.Nil(t, err) projWithTwoTokens, err := projectServer.Get(context.Background(), &project.ProjectQuery{Name: projWithToken.Name}) - require.NoError(t, err) + assert.Nil(t, err) assert.Len(t, projWithTwoTokens.Spec.Roles, 1) assert.Len(t, projWithTwoTokens.Spec.Roles[0].JWTTokens, 2) }) t.Run("TestAddWildcardSource", func(t *testing.T) { + proj := existingProj.DeepCopy() wildSourceRepo := "*" proj.Spec.SourceRepos = append(proj.Spec.SourceRepos, wildSourceRepo) @@ -519,7 +524,7 @@ p, role:admin, projects, update, *, allow`) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(proj), enforcer, sync.NewKeyLock(), nil, policyEnf, projInformer, settingsMgr, argoDB) request := &project.ProjectUpdateRequest{Project: proj} updatedProj, err := projectServer.Update(context.Background(), request) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, wildSourceRepo, updatedProj.Spec.SourceRepos[1]) }) @@ -538,10 +543,10 @@ p, role:admin, projects, update, *, allow`) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, policyEnf, projInformer, settingsMgr, argoDB) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) - require.NoError(t, err) + assert.Nil(t, err) t.Log(projWithRole.Spec.Roles[0].Policies[0]) expectedPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, role.Name, action, projWithRole.Name, object, effect) - assert.Equal(t, expectedPolicy, projWithRole.Spec.Roles[0].Policies[0]) + assert.Equal(t, projWithRole.Spec.Roles[0].Policies[0], expectedPolicy) }) t.Run("TestValidatePolicyDuplicatePolicyFailure", func(t *testing.T) { @@ -580,7 +585,7 @@ p, role:admin, projects, update, *, allow`) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) request := &project.ProjectUpdateRequest{Project: projWithRole} _, err := projectServer.Update(context.Background(), request) - assert.Contains(t, err.Error(), "object must be of form 'test/*', 'test[/]/' or 'test/'") + assert.Contains(t, err.Error(), "object must be of form 'test/*' or 'test/'") }) t.Run("TestValidateProjectIncorrectProjectInRoleFailure", func(t *testing.T) { @@ -647,7 +652,7 @@ p, role:admin, projects, update, *, allow`) projWithRole := existingProj.DeepCopy() role := v1alpha1.ProjectRole{Name: roleName, JWTTokens: []v1alpha1.JWTToken{{IssuedAt: 1}}} - noSpacesPolicyTemplate := strings.ReplaceAll(policyTemplate, " ", "") + noSpacesPolicyTemplate := strings.Replace(policyTemplate, " ", "", -1) invalidPolicy := fmt.Sprintf(noSpacesPolicyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect) role.Policies = append(role.Policies, invalidPolicy) projWithRole.Spec.Roles = append(projWithRole.Spec.Roles, role) @@ -655,7 +660,7 @@ p, role:admin, projects, update, *, allow`) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projWithRole), enforcer, sync.NewKeyLock(), nil, nil, projInformer, settingsMgr, argoDB) request := &project.ProjectUpdateRequest{Project: projWithRole} updateProj, err := projectServer.Update(context.Background(), request) - require.NoError(t, err) + assert.Nil(t, err) expectedPolicy := fmt.Sprintf(policyTemplate, projWithRole.Name, roleName, action, projWithRole.Name, object, effect) assert.Equal(t, expectedPolicy, updateProj.Spec.Roles[0].Policies[0]) }) @@ -669,8 +674,8 @@ p, role:admin, projects, update, *, allow`) argoDB := db.NewDB("default", settingsMgr, kubeclientset) projectServer := NewServer("default", fake.NewSimpleClientset(), apps.NewSimpleClientset(projectWithSyncWindows), enforcer, sync.NewKeyLock(), sessionMgr, nil, projInformer, settingsMgr, argoDB) res, err := projectServer.GetSyncWindowsState(ctx, &project.SyncWindowsQuery{Name: projectWithSyncWindows.Name}) - require.NoError(t, err) - assert.Len(t, res.Windows, 1) + assert.NoError(t, err) + assert.Equal(t, 1, len(res.Windows)) }) t.Run("TestGetSyncWindowsStateCannotGetProjectDetails", func(t *testing.T) { @@ -702,6 +707,7 @@ p, role:admin, projects, update, *, allow`) _, err := projectServer.GetSyncWindowsState(ctx, &project.SyncWindowsQuery{Name: projectWithSyncWindows.Name}) assert.EqualError(t, err, "rpc error: code = PermissionDenied desc = permission denied: projects, get, test") }) + } func newEnforcer(kubeclientset *fake.Clientset) *rbac.Enforcer { diff --git a/server/rbacpolicy/rbacpolicy.go b/server/rbacpolicy/rbacpolicy.go index 0be623ae7819f..940f5bfe70844 100644 --- a/server/rbacpolicy/rbacpolicy.go +++ b/server/rbacpolicy/rbacpolicy.go @@ -141,11 +141,7 @@ func (p *RBACPolicyEnforcer) EnforceClaims(claims jwt.Claims, rvals ...interface groups := jwtutil.GetScopeValues(mapClaims, scopes) // Get groups to reduce the amount to checking groups - groupingPolicies, err := enforcer.GetGroupingPolicy() - if err != nil { - log.WithError(err).Error("failed to get grouping policy") - return false - } + groupingPolicies := enforcer.GetGroupingPolicy() for gidx := range groups { for gpidx := range groupingPolicies { // Prefilter user groups by groups defined in the model diff --git a/server/repocreds/repocreds.go b/server/repocreds/repocreds.go index d4706f6bb9970..a9f34dc22ef32 100644 --- a/server/repocreds/repocreds.go +++ b/server/repocreds/repocreds.go @@ -1,11 +1,11 @@ package repocreds import ( - "context" "reflect" "github.com/argoproj/argo-cd/v2/util/argo" + "context" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" diff --git a/server/repository/repository.go b/server/repository/repository.go index 5507b91bffb7f..417a41ee306ef 100644 --- a/server/repository/repository.go +++ b/server/repository/repository.go @@ -4,8 +4,6 @@ import ( "context" "fmt" "reflect" - "sort" - "strings" "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/argoproj/gitops-engine/pkg/utils/text" @@ -27,7 +25,6 @@ import ( "github.com/argoproj/argo-cd/v2/util/argo" "github.com/argoproj/argo-cd/v2/util/db" "github.com/argoproj/argo-cd/v2/util/errors" - "github.com/argoproj/argo-cd/v2/util/git" "github.com/argoproj/argo-cd/v2/util/io" "github.com/argoproj/argo-cd/v2/util/rbac" "github.com/argoproj/argo-cd/v2/util/settings" @@ -68,10 +65,12 @@ func NewServer( } } -var errPermissionDenied = status.Error(codes.PermissionDenied, "permission denied") +var ( + errPermissionDenied = status.Error(codes.PermissionDenied, "permission denied") +) -func (s *Server) getRepo(ctx context.Context, url, project string) (*appsv1.Repository, error) { - repo, err := s.db.GetRepository(ctx, url, project) +func (s *Server) getRepo(ctx context.Context, url string) (*appsv1.Repository, error) { + repo, err := s.db.GetRepository(ctx, url) if err != nil { return nil, errPermissionDenied } @@ -88,9 +87,9 @@ func createRBACObject(project string, repo string) string { // Get the connection state for a given repository URL by connecting to the // repo and evaluate the results. Unless forceRefresh is set to true, the // result may be retrieved out of the cache. -func (s *Server) getConnectionState(ctx context.Context, url string, project string, forceRefresh bool) appsv1.ConnectionState { +func (s *Server) getConnectionState(ctx context.Context, url string, forceRefresh bool) appsv1.ConnectionState { if !forceRefresh { - if connectionState, err := s.cache.GetRepoConnectionState(url, project); err == nil { + if connectionState, err := s.cache.GetRepoConnectionState(url); err == nil { return connectionState } } @@ -100,7 +99,7 @@ func (s *Server) getConnectionState(ctx context.Context, url string, project str ModifiedAt: &now, } var err error - repo, err := s.db.GetRepository(ctx, url, project) + repo, err := s.db.GetRepository(ctx, url) if err == nil { err = s.testRepo(ctx, repo) } @@ -113,7 +112,7 @@ func (s *Server) getConnectionState(ctx context.Context, url string, project str connectionState.Message = fmt.Sprintf("Unable to connect to repository: %v", err) } } - err = s.cache.SetRepoConnectionState(url, project, &connectionState) + err = s.cache.SetRepoConnectionState(url, &connectionState) if err != nil { log.Warnf("getConnectionState cache set error %s: %v", url, err) } @@ -128,7 +127,7 @@ func (s *Server) List(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1. // Get return the requested configured repository by URL and the state of its connections. func (s *Server) Get(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.Repository, error) { - repo, err := getRepository(ctx, s.ListRepositories, q) + repo, err := s.getRepo(ctx, q.Repo) if err != nil { return nil, err } @@ -138,7 +137,7 @@ func (s *Server) Get(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.R } // getRepo does not return an error for unconfigured repositories, so we are checking here - exists, err := s.db.RepositoryExists(ctx, q.Repo, repo.Project) + exists, err := s.db.RepositoryExists(ctx, q.Repo) if err != nil { return nil, err } @@ -167,7 +166,7 @@ func (s *Server) Get(ctx context.Context, q *repositorypkg.RepoQuery) (*appsv1.R InheritedCreds: repo.InheritedCreds, } - item.ConnectionState = s.getConnectionState(ctx, item.Repo, item.Project, q.ForceRefresh) + item.ConnectionState = s.getConnectionState(ctx, item.Repo, q.ForceRefresh) return &item, nil } @@ -203,22 +202,17 @@ func (s *Server) ListRepositories(ctx context.Context, q *repositorypkg.RepoQuer } } err = kube.RunAllAsync(len(items), func(i int) error { - items[i].ConnectionState = s.getConnectionState(ctx, items[i].Repo, items[i].Project, q.ForceRefresh) + items[i].ConnectionState = s.getConnectionState(ctx, items[i].Repo, q.ForceRefresh) return nil }) if err != nil { return nil, err } - sort.Slice(items, func(i, j int) bool { - first := items[i] - second := items[j] - return strings.Compare(fmt.Sprintf("%s/%s", first.Project, first.Repo), fmt.Sprintf("%s/%s", second.Project, second.Repo)) < 0 - }) return &appsv1.RepositoryList{Items: items}, nil } func (s *Server) ListRefs(ctx context.Context, q *repositorypkg.RepoQuery) (*apiclient.Refs, error) { - repo, err := s.getRepo(ctx, q.Repo, q.GetAppProject()) + repo, err := s.getRepo(ctx, q.Repo) if err != nil { return nil, err } @@ -241,7 +235,7 @@ func (s *Server) ListRefs(ctx context.Context, q *repositorypkg.RepoQuery) (*api // ListApps performs discovery of a git repository for potential sources of applications. Used // as a convenience to the UI for auto-complete. func (s *Server) ListApps(ctx context.Context, q *repositorypkg.RepoAppsQuery) (*repositorypkg.RepoAppsResponse, error) { - repo, err := s.getRepo(ctx, q.Repo, q.GetAppProject()) + repo, err := s.getRepo(ctx, q.Repo) if err != nil { return nil, err } @@ -292,7 +286,7 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta if q.Source == nil { return nil, status.Errorf(codes.InvalidArgument, "missing payload in request") } - repo, err := s.getRepo(ctx, q.Source.RepoURL, q.GetAppProject()) + repo, err := s.getRepo(ctx, q.Source.RepoURL) if err != nil { return nil, err } @@ -319,7 +313,7 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta return nil, errPermissionDenied } // verify caller is not making a request with arbitrary source values which were not in our history - if !isSourceInHistory(app, *q.Source, q.SourceIndex, q.VersionId) { + if !isSourceInHistory(app, *q.Source) { return nil, errPermissionDenied } } @@ -349,7 +343,6 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta if err != nil { return nil, err } - return repoClient.GetAppDetails(ctx, &apiclient.RepoServerAppDetailsQuery{ Repo: repo, Source: q.Source, @@ -362,7 +355,7 @@ func (s *Server) GetAppDetails(ctx context.Context, q *repositorypkg.RepoAppDeta // GetHelmCharts returns list of helm charts in the specified repository func (s *Server) GetHelmCharts(ctx context.Context, q *repositorypkg.RepoQuery) (*apiclient.HelmChartsResponse, error) { - repo, err := s.getRepo(ctx, q.Repo, q.GetAppProject()) + repo, err := s.getRepo(ctx, q.Repo) if err != nil { return nil, err } @@ -418,7 +411,7 @@ func (s *Server) CreateRepository(ctx context.Context, q *repositorypkg.RepoCrea repo, err = s.db.CreateRepository(ctx, r) if status.Convert(err).Code() == codes.AlreadyExists { // act idempotent if existing spec matches new spec - existing, getErr := s.db.GetRepository(ctx, r.Repo, q.Repo.Project) + existing, getErr := s.db.GetRepository(ctx, r.Repo) if getErr != nil { return nil, status.Errorf(codes.Internal, "unable to check existing repository details: %v", getErr) } @@ -453,7 +446,7 @@ func (s *Server) UpdateRepository(ctx context.Context, q *repositorypkg.RepoUpda return nil, status.Errorf(codes.InvalidArgument, "missing payload in request") } - repo, err := s.getRepo(ctx, q.Repo.Repo, q.Repo.Project) + repo, err := s.getRepo(ctx, q.Repo.Repo) if err != nil { return nil, err } @@ -478,7 +471,7 @@ func (s *Server) Delete(ctx context.Context, q *repositorypkg.RepoQuery) (*repos // DeleteRepository removes a repository from the configuration func (s *Server) DeleteRepository(ctx context.Context, q *repositorypkg.RepoQuery) (*repositorypkg.RepoResponse, error) { - repo, err := getRepository(ctx, s.ListRepositories, q) + repo, err := s.getRepo(ctx, q.Repo) if err != nil { return nil, err } @@ -488,53 +481,14 @@ func (s *Server) DeleteRepository(ctx context.Context, q *repositorypkg.RepoQuer } // invalidate cache - if err := s.cache.SetRepoConnectionState(repo.Repo, repo.Project, nil); err != nil { + if err := s.cache.SetRepoConnectionState(q.Repo, nil); err == nil { log.Errorf("error invalidating cache: %v", err) } - err = s.db.DeleteRepository(ctx, repo.Repo, repo.Project) + err = s.db.DeleteRepository(ctx, q.Repo) return &repositorypkg.RepoResponse{}, err } -// getRepository fetches a single repository which the user has access to. If only one repository can be found which -// matches the same URL, that will be returned (this is for backward compatibility reasons). If multiple repositories -// are matched, a repository is only returned if it matches the app project of the incoming request. -func getRepository(ctx context.Context, listRepositories func(context.Context, *repositorypkg.RepoQuery) (*v1alpha1.RepositoryList, error), q *repositorypkg.RepoQuery) (*appsv1.Repository, error) { - repositories, err := listRepositories(ctx, q) - if err != nil { - return nil, err - } - - var foundRepos []*v1alpha1.Repository - for _, repo := range repositories.Items { - if git.SameURL(repo.Repo, q.Repo) { - foundRepos = append(foundRepos, repo) - } - } - - if len(foundRepos) == 0 { - return nil, errPermissionDenied - } - - var foundRepo *v1alpha1.Repository - if len(foundRepos) == 1 && q.GetAppProject() == "" { - foundRepo = foundRepos[0] - } else if len(foundRepos) > 0 { - for _, repo := range foundRepos { - if repo.Project == q.GetAppProject() { - foundRepo = repo - break - } - } - } - - if foundRepo == nil { - return nil, fmt.Errorf("repository not found for url %q and project %q", q.Repo, q.GetAppProject()) - } - - return foundRepo, nil -} - // ValidateAccess checks whether access to a repository is possible with the // given URL and credentials. func (s *Server) ValidateAccess(ctx context.Context, q *repositorypkg.RepoAccessQuery) (*repositorypkg.RepoResponse, error) { @@ -605,48 +559,26 @@ func (s *Server) isRepoPermittedInProject(ctx context.Context, repo string, proj // isSourceInHistory checks if the supplied application source is either our current application // source, or was something which we synced to previously. -func isSourceInHistory(app *v1alpha1.Application, source v1alpha1.ApplicationSource, index int32, versionId int32) bool { - // We have to check if the spec is within the source or sources split - // and then iterate over the historical - if app.Spec.HasMultipleSources() { - appSources := app.Spec.GetSources() - for _, s := range appSources { - if source.Equals(&s) { - return true - } - } - } else { - appSource := app.Spec.GetSource() - if source.Equals(&appSource) { +func isSourceInHistory(app *v1alpha1.Application, source v1alpha1.ApplicationSource) bool { + appSource := app.Spec.GetSource() + if source.Equals(&appSource) { + return true + } + appSources := app.Spec.GetSources() + for _, s := range appSources { + if source.Equals(&s) { return true } } - // Iterate history. When comparing items in our history, use the actual synced revision to // compare with the supplied source.targetRevision in the request. This is because // history[].source.targetRevision is ambiguous (e.g. HEAD), whereas // history[].revision will contain the explicit SHA - // In case of multi source apps, we have to check the specific versionID because users - // could have removed/added new sources and we cannot check all the versions due to that for _, h := range app.Status.History { - // multi source revision - if len(h.Sources) > 0 { - if h.ID == int64(versionId) { - if h.Revisions == nil { - continue - } - h.Sources[index].TargetRevision = h.Revisions[index] - if source.Equals(&h.Sources[index]) { - return true - } - } - } else { // single source revision - h.Source.TargetRevision = h.Revision - if source.Equals(&h.Source) { - return true - } + h.Source.TargetRevision = h.Revision + if source.Equals(&h.Source) { + return true } } - return false } diff --git a/server/repository/repository.proto b/server/repository/repository.proto index 379cbdeabf9cc..6466967702e85 100644 --- a/server/repository/repository.proto +++ b/server/repository/repository.proto @@ -30,10 +30,6 @@ message RepoAppDetailsQuery { github.com.argoproj.argo_cd.v2.pkg.apis.application.v1alpha1.ApplicationSource source = 1; string appName = 2; string appProject = 3; - // source index (for multi source apps) - int32 sourceIndex = 4; - // versionId from historical data (for multi source apps) - int32 versionId = 5; } // RepoAppsResponse contains applications of specified repository @@ -47,8 +43,6 @@ message RepoQuery { string repo = 1; // Whether to force a cache refresh on repo's connection state bool forceRefresh = 2; - // App project for query - string appProject = 3; } // RepoAccessQuery is a query for checking access to a repo diff --git a/server/repository/repository_test.go b/server/repository/repository_test.go index 72354633048dc..e77ae2e8a962c 100644 --- a/server/repository/repository_test.go +++ b/server/repository/repository_test.go @@ -9,7 +9,6 @@ import ( "github.com/golang-jwt/jwt/v4" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" corev1 "k8s.io/api/core/v1" @@ -170,10 +169,7 @@ var ( Status: appsv1.ApplicationStatus{ History: appsv1.RevisionHistories{ { - ID: 1, - Revisions: []string{ - "abcdef123567", - }, + Revision: "HEAD", Sources: []appsv1.ApplicationSource{ { RepoURL: "https://helm.elastic.co", @@ -268,7 +264,7 @@ func TestRepositoryServer(t *testing.T) { s := NewServer(&repoServerClientset, argoDB, enforcer, nil, appLister, projInformer, testNamespace, settingsMgr) url := "https://test" - repo, _ := s.getRepo(context.TODO(), url, "") + repo, _ := s.getRepo(context.TODO(), url) assert.Equal(t, repo.Repo, url) }) @@ -282,7 +278,7 @@ func TestRepositoryServer(t *testing.T) { _, err := s.ValidateAccess(context.TODO(), &repository.RepoAccessQuery{ Repo: url, }) - require.NoError(t, err) + assert.Nil(t, err) }) t.Run("Test_Get", func(t *testing.T) { @@ -292,15 +288,14 @@ func TestRepositoryServer(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{{Repo: url}}, nil) - db.On("GetRepository", context.TODO(), url, "").Return(&appsv1.Repository{Repo: url}, nil) - db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) + db.On("RepositoryExists", context.TODO(), url).Return(true, nil) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) - require.NoError(t, err) + assert.Nil(t, err) assert.Equal(t, repo.Repo, url) }) @@ -317,15 +312,14 @@ func TestRepositoryServer(t *testing.T) { Username: "foo", InheritedCreds: true, } - db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{testRepo}, nil) - db.On("GetRepository", context.TODO(), url, "").Return(testRepo, nil) - db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) + db.On("GetRepository", context.TODO(), url).Return(testRepo, nil) + db.On("RepositoryExists", context.TODO(), url).Return(true, nil) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ Repo: url, }) - require.NoError(t, err) + assert.Nil(t, err) testRepo.ConnectionState = repo.ConnectionState // overwrite connection state on our test object to simplify comparison below @@ -338,9 +332,8 @@ func TestRepositoryServer(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("ListRepositories", context.TODO()).Return(nil, nil) - db.On("GetRepository", context.TODO(), url, "").Return(nil, errors.New("some error")) - db.On("RepositoryExists", context.TODO(), url, "").Return(true, nil) + db.On("GetRepository", context.TODO(), url).Return(nil, errors.New("some error")) + db.On("RepositoryExists", context.TODO(), url).Return(true, nil) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ @@ -353,13 +346,11 @@ func TestRepositoryServer(t *testing.T) { t.Run("Test_GetWithNotExistRepoShouldReturn404", func(t *testing.T) { repoServerClient := mocks.RepoServerServiceClient{} repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} - repoServerClient.On("TestRepository", mock.Anything, mock.Anything).Return(&apiclient.TestRepositoryResponse{}, nil) url := "https://test" db := &dbmocks.ArgoDB{} - db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{{Repo: url}}, nil) - db.On("GetRepository", context.TODO(), url, "").Return(&appsv1.Repository{Repo: url}, nil) - db.On("RepositoryExists", context.TODO(), url, "").Return(false, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) + db.On("RepositoryExists", context.TODO(), url).Return(false, nil) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) repo, err := s.Get(context.TODO(), &repository.RepoQuery{ @@ -388,8 +379,8 @@ func TestRepositoryServer(t *testing.T) { Username: "test", }, }) - require.NoError(t, err) - assert.Equal(t, "repo", repo.Repo) + assert.Nil(t, err) + assert.Equal(t, repo.Repo, "repo") }) t.Run("Test_CreateRepositoryWithUpsert", func(t *testing.T) { @@ -398,7 +389,7 @@ func TestRepositoryServer(t *testing.T) { repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), "test", "").Return(&appsv1.Repository{ + db.On("GetRepository", context.TODO(), "test").Return(&appsv1.Repository{ Repo: "test", Username: "test", }, nil) @@ -414,8 +405,8 @@ func TestRepositoryServer(t *testing.T) { Upsert: true, }) - require.NoError(t, err) - assert.Equal(t, "test", repo.Repo) + assert.Nil(t, err) + assert.Equal(t, repo.Repo, "test") }) t.Run("Test_ListRepositories", func(t *testing.T) { @@ -426,14 +417,14 @@ func TestRepositoryServer(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "argocd").Return(nil, nil) + db.On("GetRepository", context.TODO(), url).Return(nil, nil) db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) db.On("ListRepositories", context.TODO()).Return([]*appsv1.Repository{&fakeRepo, &fakeRepo}, nil) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projInformer, testNamespace, settingsMgr) resp, err := s.ListRepositories(context.TODO(), &repository.RepoQuery{}) - require.NoError(t, err) - assert.Len(t, resp.Items, 2) + assert.NoError(t, err) + assert.Equal(t, 2, len(resp.Items)) }) } @@ -449,7 +440,7 @@ func TestRepositoryServerListApps(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) @@ -472,7 +463,7 @@ func TestRepositoryServerListApps(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) repoServerClient.On("ListApps", context.TODO(), mock.Anything).Return(&apiclient.AppList{ @@ -488,7 +479,7 @@ func TestRepositoryServerListApps(t *testing.T) { AppName: "foo", AppProject: "default", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, resp.Items, 1) assert.Equal(t, "path/to/dir", resp.Items[0].Path) assert.Equal(t, "Kustomize", resp.Items[0].Type) @@ -503,7 +494,7 @@ func TestRepositoryServerListApps(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) repoServerClient.On("ListApps", context.TODO(), mock.Anything).Return(&apiclient.AppList{ @@ -520,7 +511,7 @@ func TestRepositoryServerListApps(t *testing.T) { AppProject: "default", }) assert.Nil(t, resp) - require.Error(t, err, "repository 'https://test' not permitted in project 'default'") + assert.Error(t, err, "repository 'https://test' not permitted in project 'default'") }) } @@ -536,7 +527,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) @@ -548,7 +539,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppProject: "default", }) assert.Nil(t, resp) - require.Error(t, err, "rpc error: code = PermissionDenied desc = permission denied: repositories, get, https://test") + assert.Error(t, err, "rpc error: code = PermissionDenied desc = permission denied: repositories, get, https://test") }) t.Run("Test_WithoutAppReadPrivileges", func(t *testing.T) { repoServerClient := mocks.RepoServerServiceClient{} @@ -559,7 +550,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) @@ -571,7 +562,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppProject: "default", }) assert.Nil(t, resp) - require.Error(t, err, "rpc error: code = PermissionDenied desc = permission denied: applications, get, default/newapp") + assert.Error(t, err, "rpc error: code = PermissionDenied desc = permission denied: applications, get, default/newapp") }) t.Run("Test_WithoutCreatePrivileges", func(t *testing.T) { repoServerClient := mocks.RepoServerServiceClient{} @@ -581,7 +572,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) @@ -593,7 +584,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppProject: "default", }) assert.Nil(t, resp) - require.Error(t, err, "rpc error: code = PermissionDenied desc = permission denied: applications, create, default/newapp") + assert.Error(t, err, "rpc error: code = PermissionDenied desc = permission denied: applications, create, default/newapp") }) t.Run("Test_WithCreatePrivileges", func(t *testing.T) { repoServerClient := mocks.RepoServerServiceClient{} @@ -603,7 +594,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) expectedResp := apiclient.RepoAppDetailsResponse{Type: "Directory"} @@ -618,7 +609,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppName: "newapp", AppProject: "default", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedResp, *resp) }) t.Run("Test_RepoNotPermitted", func(t *testing.T) { @@ -628,7 +619,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) expectedResp := apiclient.RepoAppDetailsResponse{Type: "Directory"} @@ -643,7 +634,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppName: "newapp", AppProject: "default", }) - require.Error(t, err, "repository 'https://test' not permitted in project 'default'") + assert.Error(t, err, "repository 'https://test' not permitted in project 'default'") assert.Nil(t, resp) }) t.Run("Test_ExistingApp", func(t *testing.T) { @@ -654,7 +645,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) expectedResp := apiclient.RepoAppDetailsResponse{Type: "Directory"} @@ -667,7 +658,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppName: "guestbook", AppProject: "default", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedResp, *resp) }) t.Run("Test_ExistingMultiSourceApp001", func(t *testing.T) { @@ -679,7 +670,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { helmRepos := []*appsv1.Repository{{Repo: url}, {Repo: url}} db := &dbmocks.ArgoDB{} db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(helmRepos, nil) - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) expectedResp := apiclient.RepoAppDetailsResponse{Type: "Helm"} @@ -688,13 +679,13 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) sources := multiSourceApp001.Spec.GetSources() - assert.Len(t, sources, 2) + assert.Equal(t, 2, len(sources)) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: &sources[0], AppName: multiSourceApp001AppName, AppProject: "default", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedResp, *resp) assert.Equal(t, "Helm", resp.Type) // Next source @@ -703,7 +694,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppName: multiSourceApp001AppName, AppProject: "default", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedResp, *resp) assert.Equal(t, "Helm", resp.Type) }) @@ -717,8 +708,8 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { helmRepos := []*appsv1.Repository{{Repo: url0}, {Repo: url1}} db := &dbmocks.ArgoDB{} db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(helmRepos, nil) - db.On("GetRepository", context.TODO(), url0, "default").Return(&appsv1.Repository{Repo: url0}, nil) - db.On("GetRepository", context.TODO(), url1, "default").Return(&appsv1.Repository{Repo: url1}, nil) + db.On("GetRepository", context.TODO(), url0).Return(&appsv1.Repository{Repo: url0}, nil) + db.On("GetRepository", context.TODO(), url1).Return(&appsv1.Repository{Repo: url1}, nil) db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) expectedResp0 := apiclient.RepoAppDetailsResponse{Type: "Plugin"} @@ -729,14 +720,14 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) sources := multiSourceApp002.Spec.GetSources() - assert.Len(t, sources, 2) + assert.Equal(t, 2, len(sources)) resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ Source: &sources[0], AppName: multiSourceApp002AppName, AppProject: "default", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "Plugin", resp.Type) assert.Equal(t, expectedResp0, *resp) // Next source @@ -745,7 +736,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppName: multiSourceApp002AppName, AppProject: "default", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedResp1, *resp) assert.Equal(t, "Helm", resp.Type) }) @@ -756,7 +747,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "mismatch").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj, guestbookApp) s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) @@ -775,7 +766,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) appLister, projLister := newAppAndProjLister(defaultProj, guestbookApp) differentSource := guestbookApp.Spec.Source.DeepCopy() differentSource.Helm.ValueFiles = []string{"/etc/passwd"} @@ -796,7 +787,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { url := "https://test" db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) + db.On("GetRepository", context.TODO(), url).Return(&appsv1.Repository{Repo: url}, nil) db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) @@ -812,66 +803,7 @@ func TestRepositoryServerGetAppDetails(t *testing.T) { AppName: "guestbook", AppProject: "default", }) - require.NoError(t, err) - assert.Equal(t, expectedResp, *resp) - }) - - t.Run("Test_ExistingAppMultiSourceNotInHistory", func(t *testing.T) { - repoServerClient := mocks.RepoServerServiceClient{} - repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} - enforcer := newEnforcer(kubeclientset) - - url := "https://helm.elastic.co" - helmRepos := []*appsv1.Repository{{Repo: url}, {Repo: url}} - db := &dbmocks.ArgoDB{} - db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(helmRepos, nil) - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) - db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) - db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) - expectedResp := apiclient.RepoAppDetailsResponse{Type: "Helm"} - repoServerClient.On("GetAppDetails", context.TODO(), mock.Anything).Return(&expectedResp, nil) - appLister, projLister := newAppAndProjLister(defaultProj, multiSourceApp001) - - differentSource := multiSourceApp001.Spec.Sources[0].DeepCopy() - differentSource.Helm.ValueFiles = []string{"/etc/passwd"} - - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) - resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ - Source: differentSource, - AppName: multiSourceApp001AppName, - AppProject: "default", - SourceIndex: 0, - VersionId: 1, - }) - assert.Equal(t, errPermissionDenied, err) - assert.Nil(t, resp) - }) - t.Run("Test_ExistingAppMultiSourceInHistory", func(t *testing.T) { - repoServerClient := mocks.RepoServerServiceClient{} - repoServerClientset := mocks.Clientset{RepoServerServiceClient: &repoServerClient} - enforcer := newEnforcer(kubeclientset) - - url := "https://helm.elastic.co" - db := &dbmocks.ArgoDB{} - db.On("GetRepository", context.TODO(), url, "default").Return(&appsv1.Repository{Repo: url}, nil) - db.On("ListHelmRepositories", context.TODO(), mock.Anything).Return(nil, nil) - db.On("GetProjectRepositories", context.TODO(), "default").Return(nil, nil) - db.On("GetProjectClusters", context.TODO(), "default").Return(nil, nil) - expectedResp := apiclient.RepoAppDetailsResponse{Type: "Directory"} - repoServerClient.On("GetAppDetails", context.TODO(), mock.Anything).Return(&expectedResp, nil) - appLister, projLister := newAppAndProjLister(defaultProj, multiSourceApp001) - previousSource := multiSourceApp001.Status.History[0].Sources[0].DeepCopy() - previousSource.TargetRevision = multiSourceApp001.Status.History[0].Revisions[0] - - s := NewServer(&repoServerClientset, db, enforcer, newFixtures().Cache, appLister, projLister, testNamespace, settingsMgr) - resp, err := s.GetAppDetails(context.TODO(), &repository.RepoAppDetailsQuery{ - Source: previousSource, - AppName: multiSourceApp001AppName, - AppProject: "default", - SourceIndex: 0, - VersionId: 1, - }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedResp, *resp) }) } @@ -901,159 +833,3 @@ func newEnforcer(kubeclientset *fake.Clientset) *rbac.Enforcer { }) return enforcer } - -func TestGetRepository(t *testing.T) { - type args struct { - ctx context.Context - listRepositories func(context.Context, *repository.RepoQuery) (*appsv1.RepositoryList, error) - q *repository.RepoQuery - } - tests := []struct { - name string - args args - want *appsv1.Repository - error error - }{ - { - name: "empty project and no repos", - args: args{ - ctx: context.TODO(), - listRepositories: func(ctx context.Context, query *repository.RepoQuery) (*appsv1.RepositoryList, error) { - return &appsv1.RepositoryList{ - Items: []*appsv1.Repository{ - {Repo: "something-else"}, - }, - }, nil - }, - q: &repository.RepoQuery{}, - }, - want: nil, - error: status.Error(codes.PermissionDenied, "permission denied"), - }, - { - name: "empty project and no matching repos", - args: args{ - ctx: context.TODO(), - listRepositories: func(ctx context.Context, query *repository.RepoQuery) (*appsv1.RepositoryList, error) { - return &appsv1.RepositoryList{}, nil - }, - q: &repository.RepoQuery{ - Repo: "foobar", - }, - }, - want: nil, - error: status.Error(codes.PermissionDenied, "permission denied"), - }, - { - name: "empty project + matching repo with an empty project", - args: args{ - ctx: context.TODO(), - listRepositories: func(ctx context.Context, query *repository.RepoQuery) (*appsv1.RepositoryList, error) { - return &appsv1.RepositoryList{ - Items: []*appsv1.Repository{ - {Repo: "foobar", Project: ""}, - }, - }, nil - }, - q: &repository.RepoQuery{ - Repo: "foobar", - AppProject: "", - }, - }, - want: &appsv1.Repository{ - Repo: "foobar", - Project: "", - }, - error: nil, - }, - { - name: "empty project + matching repo with a non-empty project", - args: args{ - ctx: context.TODO(), - listRepositories: func(ctx context.Context, query *repository.RepoQuery) (*appsv1.RepositoryList, error) { - return &appsv1.RepositoryList{ - Items: []*appsv1.Repository{ - {Repo: "foobar", Project: "foobar"}, - }, - }, nil - }, - q: &repository.RepoQuery{ - Repo: "foobar", - AppProject: "", - }, - }, - want: &appsv1.Repository{ - Repo: "foobar", - Project: "foobar", - }, - error: nil, - }, - { - name: "non-empty project + matching repo with an empty project", - args: args{ - ctx: context.TODO(), - listRepositories: func(ctx context.Context, query *repository.RepoQuery) (*appsv1.RepositoryList, error) { - return &appsv1.RepositoryList{ - Items: []*appsv1.Repository{ - {Repo: "foobar", Project: ""}, - }, - }, nil - }, - q: &repository.RepoQuery{ - Repo: "foobar", - AppProject: "foobar", - }, - }, - want: nil, - error: errors.New(`repository not found for url "foobar" and project "foobar"`), - }, - { - name: "non-empty project + matching repo with a matching project", - args: args{ - ctx: context.TODO(), - listRepositories: func(ctx context.Context, query *repository.RepoQuery) (*appsv1.RepositoryList, error) { - return &appsv1.RepositoryList{ - Items: []*appsv1.Repository{ - {Repo: "foobar", Project: "foobar"}, - }, - }, nil - }, - q: &repository.RepoQuery{ - Repo: "foobar", - AppProject: "foobar", - }, - }, - want: &appsv1.Repository{ - Repo: "foobar", - Project: "foobar", - }, - error: nil, - }, - { - name: "non-empty project + matching repo with a non-matching project", - args: args{ - ctx: context.TODO(), - listRepositories: func(ctx context.Context, query *repository.RepoQuery) (*appsv1.RepositoryList, error) { - return &appsv1.RepositoryList{ - Items: []*appsv1.Repository{ - {Repo: "foobar", Project: "something-else"}, - }, - }, nil - }, - q: &repository.RepoQuery{ - Repo: "foobar", - AppProject: "foobar", - }, - }, - want: nil, - error: errors.New(`repository not found for url "foobar" and project "foobar"`), - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - got, err := getRepository(tt.args.ctx, tt.args.listRepositories, tt.args.q) - assert.Equal(t, tt.error, err) - assert.Equalf(t, tt.want, got, "getRepository(%v, %v) = %v", tt.args.ctx, tt.args.q, got) - }) - } -} diff --git a/server/server.go b/server/server.go index 23520ee8c90fc..bd1e9857ce1ef 100644 --- a/server/server.go +++ b/server/server.go @@ -54,10 +54,8 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" - "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/cache" - "sigs.k8s.io/controller-runtime/pkg/client" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient" @@ -125,11 +123,9 @@ import ( "github.com/argoproj/argo-cd/v2/util/webhook" ) -const ( - maxConcurrentLoginRequestsCountEnv = "ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT" - replicasCountEnv = "ARGOCD_API_SERVER_REPLICAS" - renewTokenKey = "renew-token" -) +const maxConcurrentLoginRequestsCountEnv = "ARGOCD_MAX_CONCURRENT_LOGIN_REQUESTS_COUNT" +const replicasCountEnv = "ARGOCD_API_SERVER_REPLICAS" +const renewTokenKey = "renew-token" // ErrNoSession indicates no auth token was supplied as part of a request var ErrNoSession = status.Errorf(codes.Unauthenticated, "no session information") @@ -169,7 +165,6 @@ func init() { // ArgoCDServer is the API server for Argo CD type ArgoCDServer struct { ArgoCDServerOpts - ApplicationSetOpts ssoClientApp *oidc.ClientApp settings *settings_util.ArgoCDSettings @@ -201,42 +196,31 @@ type ArgoCDServer struct { } type ArgoCDServerOpts struct { - DisableAuth bool - ContentTypes []string - EnableGZip bool - Insecure bool - StaticAssetsDir string - ListenPort int - ListenHost string - MetricsPort int - MetricsHost string - Namespace string - DexServerAddr string - DexTLSConfig *dexutil.DexTLSConfig - BaseHRef string - RootPath string - DynamicClientset dynamic.Interface - KubeControllerClientset client.Client - KubeClientset kubernetes.Interface - AppClientset appclientset.Interface - RepoClientset repoapiclient.Clientset - Cache *servercache.Cache - RepoServerCache *repocache.Cache - RedisClient *redis.Client - TLSConfigCustomizer tlsutil.ConfigCustomizer - XFrameOptions string - ContentSecurityPolicy string - ApplicationNamespaces []string - EnableProxyExtension bool - WebhookParallelism int -} - -type ApplicationSetOpts struct { - GitSubmoduleEnabled bool - EnableNewGitFileGlobbing bool - ScmRootCAPath string - AllowedScmProviders []string - EnableScmProviders bool + DisableAuth bool + ContentTypes []string + EnableGZip bool + Insecure bool + StaticAssetsDir string + ListenPort int + ListenHost string + MetricsPort int + MetricsHost string + Namespace string + DexServerAddr string + DexTLSConfig *dexutil.DexTLSConfig + BaseHRef string + RootPath string + KubeClientset kubernetes.Interface + AppClientset appclientset.Interface + RepoClientset repoapiclient.Clientset + Cache *servercache.Cache + RepoServerCache *repocache.Cache + RedisClient *redis.Client + TLSConfigCustomizer tlsutil.ConfigCustomizer + XFrameOptions string + ContentSecurityPolicy string + ApplicationNamespaces []string + EnableProxyExtension bool } // HTTPMetricsRegistry exposes operations to update http metrics in the Argo CD @@ -273,7 +257,7 @@ func initializeDefaultProject(opts ArgoCDServerOpts) error { } // NewServer returns a new instance of the Argo CD API server -func NewServer(ctx context.Context, opts ArgoCDServerOpts, appsetOpts ApplicationSetOpts) *ArgoCDServer { +func NewServer(ctx context.Context, opts ArgoCDServerOpts) *ArgoCDServer { settingsMgr := settings_util.NewSettingsManager(ctx, opts.KubeClientset, opts.Namespace) settings, err := settingsMgr.InitializeSettings(opts.Insecure) errorsutil.CheckError(err) @@ -329,27 +313,26 @@ func NewServer(ctx context.Context, opts ArgoCDServerOpts, appsetOpts Applicatio em := extension.NewManager(logger, sg, ag, pg, enf) a := &ArgoCDServer{ - ArgoCDServerOpts: opts, - ApplicationSetOpts: appsetOpts, - log: logger, - settings: settings, - sessionMgr: sessionMgr, - settingsMgr: settingsMgr, - enf: enf, - projInformer: projInformer, - projLister: projLister, - appInformer: appInformer, - appLister: appLister, - appsetInformer: appsetInformer, - appsetLister: appsetLister, - policyEnforcer: policyEnf, - userStateStorage: userStateStorage, - staticAssets: http.FS(staticFS), - db: dbInstance, - apiFactory: apiFactory, - secretInformer: secretInformer, - configMapInformer: configMapInformer, - extensionManager: em, + ArgoCDServerOpts: opts, + log: logger, + settings: settings, + sessionMgr: sessionMgr, + settingsMgr: settingsMgr, + enf: enf, + projInformer: projInformer, + projLister: projLister, + appInformer: appInformer, + appLister: appLister, + appsetInformer: appsetInformer, + appsetLister: appsetLister, + policyEnforcer: policyEnf, + userStateStorage: userStateStorage, + staticAssets: http.FS(staticFS), + db: dbInstance, + apiFactory: apiFactory, + secretInformer: secretInformer, + configMapInformer: configMapInformer, + extensionManager: em, } err = a.logInClusterWarnings() @@ -552,6 +535,7 @@ func (a *ArgoCDServer) Run(ctx context.Context, listeners *Listeners) { if !a.useTLS() { httpL = tcpm.Match(cmux.HTTP1Fast("PATCH")) grpcL = tcpm.MatchWithWriters(cmux.HTTP2MatchHeaderFieldSendSettings("content-type", "application/grpc")) + } else { // We first match on HTTP 1.1 methods. httpL = tcpm.Match(cmux.HTTP1Fast("PATCH")) @@ -883,10 +867,7 @@ func newArgoCDServiceSet(a *ArgoCDServer) *ArgoCDServiceSet { applicationSetService := applicationset.NewServer( a.db, a.KubeClientset, - a.DynamicClientset, - a.KubeControllerClientset, a.enf, - a.RepoClientset, a.AppClientset, a.appsetInformer, a.appsetLister, @@ -894,13 +875,7 @@ func newArgoCDServiceSet(a *ArgoCDServer) *ArgoCDServiceSet { a.settingsMgr, a.Namespace, projectLock, - a.ApplicationNamespaces, - a.GitSubmoduleEnabled, - a.EnableNewGitFileGlobbing, - a.ScmRootCAPath, - a.AllowedScmProviders, - a.EnableScmProviders, - ) + a.ApplicationNamespaces) projectService := project.NewServer(a.Namespace, a.KubeClientset, a.AppClientset, a.enf, projectLock, a.sessionMgr, a.policyEnforcer, a.projInformer, a.settingsMgr, a.db) appsInAnyNamespaceEnabled := len(a.ArgoCDServerOpts.ApplicationNamespaces) > 0 @@ -1073,7 +1048,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl // Webhook handler for git events (Note: cache timeouts are hardcoded because API server does not write to cache and not really using them) argoDB := db.NewDB(a.Namespace, a.settingsMgr, a.KubeClientset) - acdWebhookHandler := webhook.NewHandler(a.Namespace, a.ArgoCDServerOpts.ApplicationNamespaces, a.ArgoCDServerOpts.WebhookParallelism, a.AppClientset, a.settings, a.settingsMgr, a.RepoServerCache, a.Cache, argoDB) + acdWebhookHandler := webhook.NewHandler(a.Namespace, a.ArgoCDServerOpts.ApplicationNamespaces, a.AppClientset, a.settings, a.settingsMgr, a.RepoServerCache, a.Cache, argoDB) mux.HandleFunc("/api/webhook", acdWebhookHandler.Handler) @@ -1081,7 +1056,7 @@ func (a *ArgoCDServer) newHTTPServer(ctx context.Context, port int, grpcWebHandl registerDownloadHandlers(mux, "/download") // Serve extensions - extensionsSharedPath := "/tmp/extensions/" + var extensionsSharedPath = "/tmp/extensions/" var extensionsHandler http.Handler = http.HandlerFunc(func(writer http.ResponseWriter, _ *http.Request) { a.serveExtensions(extensionsSharedPath, writer) diff --git a/server/server_norace_test.go b/server/server_norace_test.go index cd73a54f12c41..eaef2e67257d1 100644 --- a/server/server_norace_test.go +++ b/server/server_norace_test.go @@ -13,7 +13,6 @@ import ( "time" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient" @@ -22,6 +21,7 @@ import ( ) func TestUserAgent(t *testing.T) { + // !race: // A data race in go-client's `shared_informer.go`, between `sharedProcessor.run(...)` and itself. Based on // the data race, it APPEARS to be intentional, but in any case it's nothing we are doing in Argo CD @@ -30,7 +30,7 @@ func TestUserAgent(t *testing.T) { s, closer := fakeServer(t) defer closer() lns, err := s.Listen() - require.NoError(t, err) + assert.NoError(t, err) cancelInformer := test.StartInformer(s.projInformer) defer cancelInformer() @@ -45,9 +45,9 @@ func TestUserAgent(t *testing.T) { errorMsg string } currentVersionBytes, err := os.ReadFile("../VERSION") - require.NoError(t, err) + assert.NoError(t, err) currentVersion := strings.TrimSpace(string(currentVersionBytes)) - tests := []testData{ + var tests = []testData{ { // Reject out-of-date user-agent userAgent: fmt.Sprintf("%s/0.10.0", common.ArgoCDUserAgentName), @@ -74,20 +74,21 @@ func TestUserAgent(t *testing.T) { UserAgent: test.userAgent, } clnt, err := apiclient.NewClient(&opts) - require.NoError(t, err) + assert.NoError(t, err) conn, appClnt := clnt.NewApplicationClientOrDie() _, err = appClnt.List(ctx, &applicationpkg.ApplicationQuery{}) if test.errorMsg != "" { - require.Error(t, err) + assert.Error(t, err) assert.Regexp(t, test.errorMsg, err.Error()) } else { - require.NoError(t, err) + assert.NoError(t, err) } _ = conn.Close() } } func Test_StaticHeaders(t *testing.T) { + // !race: // Same as TestUserAgent @@ -96,7 +97,7 @@ func Test_StaticHeaders(t *testing.T) { s, closer := fakeServer(t) defer closer() lns, err := s.Listen() - require.NoError(t, err) + assert.NoError(t, err) cancelInformer := test.StartInformer(s.projInformer) defer cancelInformer() ctx, cancel := context.WithCancel(context.Background()) @@ -111,9 +112,9 @@ func Test_StaticHeaders(t *testing.T) { client := http.Client{} url := fmt.Sprintf("http://127.0.0.1:%d/test.html", s.ListenPort) req, err := http.NewRequest(http.MethodGet, url, nil) - require.NoError(t, err) + assert.NoError(t, err) resp, err := client.Do(req) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "sameorigin", resp.Header.Get("X-Frame-Options")) assert.Equal(t, "frame-ancestors 'self';", resp.Header.Get("Content-Security-Policy")) } @@ -127,7 +128,7 @@ func Test_StaticHeaders(t *testing.T) { cancelInformer := test.StartInformer(s.projInformer) defer cancelInformer() lns, err := s.Listen() - require.NoError(t, err) + assert.NoError(t, err) ctx, cancel := context.WithCancel(context.Background()) defer cancel() s.Init(ctx) @@ -140,9 +141,9 @@ func Test_StaticHeaders(t *testing.T) { client := http.Client{} url := fmt.Sprintf("http://127.0.0.1:%d/test.html", s.ListenPort) req, err := http.NewRequest(http.MethodGet, url, nil) - require.NoError(t, err) + assert.NoError(t, err) resp, err := client.Do(req) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "deny", resp.Header.Get("X-Frame-Options")) assert.Equal(t, "frame-ancestors 'none';", resp.Header.Get("Content-Security-Policy")) } @@ -156,7 +157,7 @@ func Test_StaticHeaders(t *testing.T) { cancelInformer := test.StartInformer(s.projInformer) defer cancelInformer() lns, err := s.Listen() - require.NoError(t, err) + assert.NoError(t, err) ctx, cancel := context.WithCancel(context.Background()) defer cancel() s.Init(ctx) @@ -164,7 +165,7 @@ func Test_StaticHeaders(t *testing.T) { defer func() { time.Sleep(3 * time.Second) }() err = test.WaitForPortListen(fmt.Sprintf("127.0.0.1:%d", s.ListenPort), 10*time.Second) - require.NoError(t, err) + assert.NoError(t, err) // Allow server startup time.Sleep(1 * time.Second) @@ -172,9 +173,9 @@ func Test_StaticHeaders(t *testing.T) { client := http.Client{} url := fmt.Sprintf("http://127.0.0.1:%d/test.html", s.ListenPort) req, err := http.NewRequest(http.MethodGet, url, nil) - require.NoError(t, err) + assert.NoError(t, err) resp, err := client.Do(req) - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, resp.Header.Get("X-Frame-Options")) assert.Empty(t, resp.Header.Get("Content-Security-Policy")) } diff --git a/server/server_test.go b/server/server_test.go index 7923db7f3e9d6..c4f4153f24d89 100644 --- a/server/server_test.go +++ b/server/server_test.go @@ -19,13 +19,9 @@ import ( "github.com/stretchr/testify/require" "google.golang.org/grpc/metadata" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/fake" "sigs.k8s.io/yaml" - dynfake "k8s.io/client-go/dynamic/fake" - clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake" - "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apiclient" "github.com/argoproj/argo-cd/v2/pkg/apiclient/session" @@ -56,12 +52,10 @@ func fakeServer(t *testing.T) (*FakeArgoCDServer, func()) { kubeclientset := fake.NewSimpleClientset(cm, secret) appClientSet := apps.NewSimpleClientset() redis, closer := test.NewInMemoryRedis() + port, err := test.GetFreePort() mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} tmpAssetsDir := t.TempDir() - dynamicClient := dynfake.NewSimpleDynamicClient(runtime.NewScheme()) - fakeClient := clientfake.NewClientBuilder().Build() - port, err := test.GetFreePort() if err != nil { panic(err) } @@ -84,13 +78,11 @@ func fakeServer(t *testing.T) (*FakeArgoCDServer, func()) { 1*time.Minute, 1*time.Minute, ), - RedisClient: redis, - RepoClientset: mockRepoClient, - StaticAssetsDir: tmpAssetsDir, - DynamicClientset: dynamicClient, - KubeControllerClientset: fakeClient, + RedisClient: redis, + RepoClientset: mockRepoClient, + StaticAssetsDir: tmpAssetsDir, } - srv := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) + srv := NewServer(context.Background(), argoCDOpts) fakeSrv := &FakeArgoCDServer{srv, tmpAssetsDir} return fakeSrv, closer } @@ -126,7 +118,7 @@ func TestEnforceProjectToken(t *testing.T) { mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} t.Run("TestEnforceProjectTokenSuccessful", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} @@ -135,21 +127,21 @@ func TestEnforceProjectToken(t *testing.T) { }) t.Run("TestEnforceProjectTokenWithDiffCreateAtFailure", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) diffCreateAt := defaultIssuedAt + 1 claims := jwt.MapClaims{"sub": defaultSub, "iat": diffCreateAt} assert.False(t, s.enf.Enforce(claims, "applications", "get", defaultTestObject)) }) t.Run("TestEnforceProjectTokenIncorrectSubFormatFailure", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) invalidSub := "proj:test" claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultIssuedAt} assert.False(t, s.enf.Enforce(claims, "applications", "get", defaultTestObject)) }) t.Run("TestEnforceProjectTokenNoTokenFailure", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) nonExistentToken := "fake-token" invalidSub := fmt.Sprintf(subFormat, projectName, nonExistentToken) claims := jwt.MapClaims{"sub": invalidSub, "iat": defaultIssuedAt} @@ -159,7 +151,7 @@ func TestEnforceProjectToken(t *testing.T) { t.Run("TestEnforceProjectTokenNotJWTTokenFailure", func(t *testing.T) { proj := existingProj.DeepCopy() proj.Spec.Roles[0].JWTTokens = nil - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj), RepoClientset: mockRepoClient}) claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} assert.False(t, s.enf.Enforce(claims, "applications", "get", defaultTestObject)) }) @@ -172,7 +164,7 @@ func TestEnforceProjectToken(t *testing.T) { proj := existingProj.DeepCopy() proj.Spec.Roles[0] = role - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(proj), RepoClientset: mockRepoClient}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} @@ -183,7 +175,7 @@ func TestEnforceProjectToken(t *testing.T) { }) t.Run("TestEnforceProjectTokenWithIdSuccessful", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{"sub": defaultSub, "jti": defaultId} @@ -192,12 +184,13 @@ func TestEnforceProjectToken(t *testing.T) { }) t.Run("TestEnforceProjectTokenWithInvalidIdFailure", func(t *testing.T) { - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) invalidId := "invalidId" claims := jwt.MapClaims{"sub": defaultSub, "jti": defaultId} res := s.enf.Enforce(claims, "applications", "get", invalidId) assert.False(t, res) }) + } func TestEnforceClaims(t *testing.T) { @@ -276,13 +269,13 @@ func TestInitializingExistingDefaultProject(t *testing.T) { RepoClientset: mockRepoClient, } - argocd := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) + argocd := NewServer(context.Background(), argoCDOpts) assert.NotNil(t, argocd) proj, err := appClientSet.ArgoprojV1alpha1().AppProjects(test.FakeArgoCDNamespace).Get(context.Background(), v1alpha1.DefaultAppProjectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.Nil(t, err) assert.NotNil(t, proj) - assert.Equal(t, v1alpha1.DefaultAppProjectName, proj.Name) + assert.Equal(t, proj.Name, v1alpha1.DefaultAppProjectName) } func TestInitializingNotExistingDefaultProject(t *testing.T) { @@ -299,13 +292,13 @@ func TestInitializingNotExistingDefaultProject(t *testing.T) { RepoClientset: mockRepoClient, } - argocd := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) + argocd := NewServer(context.Background(), argoCDOpts) assert.NotNil(t, argocd) proj, err := appClientSet.ArgoprojV1alpha1().AppProjects(test.FakeArgoCDNamespace).Get(context.Background(), v1alpha1.DefaultAppProjectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.Nil(t, err) assert.NotNil(t, proj) - assert.Equal(t, v1alpha1.DefaultAppProjectName, proj.Name) + assert.Equal(t, proj.Name, v1alpha1.DefaultAppProjectName) } func TestEnforceProjectGroups(t *testing.T) { @@ -341,7 +334,7 @@ func TestEnforceProjectGroups(t *testing.T) { } mockRepoClient := &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}} kubeclientset := fake.NewSimpleClientset(test.NewFakeConfigMap(), test.NewFakeSecret()) - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{ @@ -403,7 +396,7 @@ func TestRevokedToken(t *testing.T) { }, } - s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}, ApplicationSetOpts{}) + s := NewServer(context.Background(), ArgoCDServerOpts{Namespace: test.FakeArgoCDNamespace, KubeClientset: kubeclientset, AppClientset: apps.NewSimpleClientset(&existingProj), RepoClientset: mockRepoClient}) cancel := test.StartInformer(s.projInformer) defer cancel() claims := jwt.MapClaims{"sub": defaultSub, "iat": defaultIssuedAt} @@ -425,7 +418,7 @@ func TestAuthenticate(t *testing.T) { errorMsg string anonymousEnabled bool } - tests := []testData{ + var tests = []testData{ { test: "TestNoSessionAnonymousDisabled", errorMsg: "no session information", @@ -458,11 +451,11 @@ func TestAuthenticate(t *testing.T) { AppClientset: appClientSet, RepoClientset: mockRepoClient, } - argocd := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) + argocd := NewServer(context.Background(), argoCDOpts) ctx := context.Background() if testData.user != "" { token, err := argocd.sessionMgr.Create(testData.user, 0, "abc") - require.NoError(t, err) + assert.NoError(t, err) ctx = metadata.NewIncomingContext(context.Background(), metadata.Pairs(apiclient.MetaDataTokenKey, token)) } @@ -470,8 +463,9 @@ func TestAuthenticate(t *testing.T) { if testData.errorMsg != "" { assert.Errorf(t, err, testData.errorMsg) } else { - require.NoError(t, err) + assert.NoError(t, err) } + }) } } @@ -595,7 +589,7 @@ connectors: if withFakeSSO && useDexForSSO { argoCDOpts.DexServerAddr = ts.URL } - argocd = NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) + argocd = NewServer(context.Background(), argoCDOpts) var err error argocd.ssoClientApp, err = oidc.NewClientApp(argocd.settings, argocd.DexServerAddr, argocd.DexTLSConfig, argocd.BaseHRef, cache.NewInMemoryCache(24*time.Hour)) require.NoError(t, err) @@ -603,6 +597,7 @@ connectors: } func TestGetClaims(t *testing.T) { + defaultExpiry := jwt.NewNumericDate(time.Now().Add(time.Hour * 24)) defaultExpiryUnix := float64(defaultExpiry.Unix()) @@ -614,7 +609,7 @@ func TestGetClaims(t *testing.T) { expectNewToken bool additionalOIDCConfig settings_util.OIDCConfig } - tests := []testData{ + var tests = []testData{ { test: "GetClaims", claims: jwt.MapClaims{ @@ -692,7 +687,7 @@ func TestGetClaims(t *testing.T) { if testDataCopy.expectedErrorContains != "" { assert.ErrorContains(t, err, testDataCopy.expectedErrorContains, "getClaims should have thrown an error and return an error") } else { - require.NoError(t, err) + assert.NoError(t, err) } }) } @@ -710,7 +705,7 @@ func TestAuthenticate_3rd_party_JWTs(t *testing.T) { expectedClaims interface{} useDex bool } - tests := []testData{ + var tests = []testData{ // Dex { test: "anonymous disabled, no audience", @@ -851,7 +846,7 @@ func TestAuthenticate_3rd_party_JWTs(t *testing.T) { if testDataCopy.expectedErrorContains != "" { assert.ErrorContains(t, err, testDataCopy.expectedErrorContains, "Authenticate should have thrown an error and blocked the request") } else { - require.NoError(t, err) + assert.NoError(t, err) } }) } @@ -864,7 +859,7 @@ func TestAuthenticate_no_request_metadata(t *testing.T) { expectedErrorContains string expectedClaims interface{} } - tests := []testData{ + var tests = []testData{ { test: "anonymous disabled", anonymousEnabled: false, @@ -894,7 +889,7 @@ func TestAuthenticate_no_request_metadata(t *testing.T) { if testDataCopy.expectedErrorContains != "" { assert.ErrorContains(t, err, testDataCopy.expectedErrorContains, "Authenticate should have thrown an error and blocked the request") } else { - require.NoError(t, err) + assert.NoError(t, err) } }) } @@ -907,7 +902,7 @@ func TestAuthenticate_no_SSO(t *testing.T) { expectedErrorMessage string expectedClaims interface{} } - tests := []testData{ + var tests = []testData{ { test: "anonymous disabled", anonymousEnabled: false, @@ -943,7 +938,7 @@ func TestAuthenticate_no_SSO(t *testing.T) { if testDataCopy.expectedErrorMessage != "" { assert.ErrorContains(t, err, testDataCopy.expectedErrorMessage, "Authenticate should have thrown an error and blocked the request") } else { - require.NoError(t, err) + assert.NoError(t, err) } }) } @@ -957,7 +952,7 @@ func TestAuthenticate_bad_request_metadata(t *testing.T) { expectedErrorMessage string expectedClaims interface{} } - tests := []testData{ + var tests = []testData{ { test: "anonymous disabled, empty metadata", anonymousEnabled: false, @@ -1048,7 +1043,7 @@ func TestAuthenticate_bad_request_metadata(t *testing.T) { if testDataCopy.expectedErrorMessage != "" { assert.ErrorContains(t, err, testDataCopy.expectedErrorMessage, "Authenticate should have thrown an error and blocked the request") } else { - require.NoError(t, err) + assert.NoError(t, err) } }) } @@ -1079,16 +1074,16 @@ func TestTranslateGrpcCookieHeader(t *testing.T) { AppClientset: apps.NewSimpleClientset(), RepoClientset: &mocks.Clientset{RepoServerServiceClient: &mocks.RepoServerServiceClient{}}, } - argocd := NewServer(context.Background(), argoCDOpts, ApplicationSetOpts{}) + argocd := NewServer(context.Background(), argoCDOpts) t.Run("TokenIsNotEmpty", func(t *testing.T) { recorder := httptest.NewRecorder() err := argocd.translateGrpcCookieHeader(context.Background(), recorder, &session.SessionResponse{ Token: "xyz", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "argocd.token=xyz; path=/; SameSite=lax; httpOnly; Secure", recorder.Result().Header.Get("Set-Cookie")) - assert.Len(t, recorder.Result().Cookies(), 1) + assert.Equal(t, 1, len(recorder.Result().Cookies())) }) t.Run("TokenIsLongerThan4093", func(t *testing.T) { @@ -1096,9 +1091,9 @@ func TestTranslateGrpcCookieHeader(t *testing.T) { err := argocd.translateGrpcCookieHeader(context.Background(), recorder, &session.SessionResponse{ Token: "abc.xyz." + strings.Repeat("x", 4093), }) - require.NoError(t, err) + assert.NoError(t, err) assert.Regexp(t, "argocd.token=.*; path=/; SameSite=lax; httpOnly; Secure", recorder.Result().Header.Get("Set-Cookie")) - assert.Len(t, recorder.Result().Cookies(), 2) + assert.Equal(t, 2, len(recorder.Result().Cookies())) }) t.Run("TokenIsEmpty", func(t *testing.T) { @@ -1106,9 +1101,10 @@ func TestTranslateGrpcCookieHeader(t *testing.T) { err := argocd.translateGrpcCookieHeader(context.Background(), recorder, &session.SessionResponse{ Token: "", }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "", recorder.Result().Header.Get("Set-Cookie")) }) + } func TestInitializeDefaultProject_ProjectDoesNotExist(t *testing.T) { @@ -1120,18 +1116,22 @@ func TestInitializeDefaultProject_ProjectDoesNotExist(t *testing.T) { } err := initializeDefaultProject(argoCDOpts) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } proj, err := argoCDOpts.AppClientset.ArgoprojV1alpha1(). AppProjects(test.FakeArgoCDNamespace).Get(context.Background(), v1alpha1.DefaultAppProjectName, metav1.GetOptions{}) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } - assert.Equal(t, v1alpha1.AppProjectSpec{ + assert.Equal(t, proj.Spec, v1alpha1.AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []v1alpha1.ApplicationDestination{{Server: "*", Namespace: "*"}}, ClusterResourceWhitelist: []metav1.GroupKind{{Group: "*", Kind: "*"}}, - }, proj.Spec) + }) } func TestInitializeDefaultProject_ProjectAlreadyInitialized(t *testing.T) { @@ -1154,23 +1154,26 @@ func TestInitializeDefaultProject_ProjectAlreadyInitialized(t *testing.T) { } err := initializeDefaultProject(argoCDOpts) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } proj, err := argoCDOpts.AppClientset.ArgoprojV1alpha1(). AppProjects(test.FakeArgoCDNamespace).Get(context.Background(), v1alpha1.DefaultAppProjectName, metav1.GetOptions{}) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } assert.Equal(t, proj.Spec, existingDefaultProject.Spec) } func TestOIDCConfigChangeDetection_SecretsChanged(t *testing.T) { - // Given + //Given rawOIDCConfig, err := yaml.Marshal(&settings_util.OIDCConfig{ ClientID: "$k8ssecret:clientid", - ClientSecret: "$k8ssecret:clientsecret", - }) - require.NoError(t, err, "no error expected when marshalling OIDC config") + ClientSecret: "$k8ssecret:clientsecret"}) + assert.NoError(t, err, "no error expected when marshalling OIDC config") originalSecrets := map[string]string{"k8ssecret:clientid": "argocd", "k8ssecret:clientsecret": "sharedargooauthsecret"} @@ -1181,24 +1184,23 @@ func TestOIDCConfigChangeDetection_SecretsChanged(t *testing.T) { assert.Equal(t, originalOIDCConfig.ClientID, originalSecrets["k8ssecret:clientid"], "expected ClientID be replaced by secret value") assert.Equal(t, originalOIDCConfig.ClientSecret, originalSecrets["k8ssecret:clientsecret"], "expected ClientSecret be replaced by secret value") - // When + //When newSecrets := map[string]string{"k8ssecret:clientid": "argocd", "k8ssecret:clientsecret": "a!Better!Secret"} argoSettings.Secrets = newSecrets result := checkOIDCConfigChange(originalOIDCConfig, &argoSettings) - // Then - assert.True(t, result, "secrets have changed, expect interpolated OIDCConfig to change") + //Then + assert.Equal(t, result, true, "secrets have changed, expect interpolated OIDCConfig to change") } func TestOIDCConfigChangeDetection_ConfigChanged(t *testing.T) { - // Given + //Given rawOIDCConfig, err := yaml.Marshal(&settings_util.OIDCConfig{ Name: "argocd", ClientID: "$k8ssecret:clientid", - ClientSecret: "$k8ssecret:clientsecret", - }) + ClientSecret: "$k8ssecret:clientsecret"}) - require.NoError(t, err, "no error expected when marshalling OIDC config") + assert.NoError(t, err, "no error expected when marshalling OIDC config") originalSecrets := map[string]string{"k8ssecret:clientid": "argocd", "k8ssecret:clientsecret": "sharedargooauthsecret"} @@ -1209,49 +1211,46 @@ func TestOIDCConfigChangeDetection_ConfigChanged(t *testing.T) { assert.Equal(t, originalOIDCConfig.ClientID, originalSecrets["k8ssecret:clientid"], "expected ClientID be replaced by secret value") assert.Equal(t, originalOIDCConfig.ClientSecret, originalSecrets["k8ssecret:clientsecret"], "expected ClientSecret be replaced by secret value") - // When + //When newRawOICDConfig, err := yaml.Marshal(&settings_util.OIDCConfig{ Name: "cat", ClientID: "$k8ssecret:clientid", - ClientSecret: "$k8ssecret:clientsecret", - }) + ClientSecret: "$k8ssecret:clientsecret"}) - require.NoError(t, err, "no error expected when marshalling OIDC config") + assert.NoError(t, err, "no error expected when marshalling OIDC config") argoSettings.OIDCConfigRAW = string(newRawOICDConfig) result := checkOIDCConfigChange(originalOIDCConfig, &argoSettings) - // Then - assert.True(t, result, "no error expected since OICD config created") + //Then + assert.Equal(t, result, true, "no error expected since OICD config created") } func TestOIDCConfigChangeDetection_ConfigCreated(t *testing.T) { - // Given + //Given argoSettings := settings_util.ArgoCDSettings{OIDCConfigRAW: ""} originalOIDCConfig := argoSettings.OIDCConfig() - // When + //When newRawOICDConfig, err := yaml.Marshal(&settings_util.OIDCConfig{ Name: "cat", ClientID: "$k8ssecret:clientid", - ClientSecret: "$k8ssecret:clientsecret", - }) - require.NoError(t, err, "no error expected when marshalling OIDC config") + ClientSecret: "$k8ssecret:clientsecret"}) + assert.NoError(t, err, "no error expected when marshalling OIDC config") newSecrets := map[string]string{"k8ssecret:clientid": "argocd", "k8ssecret:clientsecret": "sharedargooauthsecret"} argoSettings.OIDCConfigRAW = string(newRawOICDConfig) argoSettings.Secrets = newSecrets result := checkOIDCConfigChange(originalOIDCConfig, &argoSettings) - // Then - assert.True(t, result, "no error expected since new OICD config created") + //Then + assert.Equal(t, result, true, "no error expected since new OICD config created") } func TestOIDCConfigChangeDetection_ConfigDeleted(t *testing.T) { - // Given + //Given rawOIDCConfig, err := yaml.Marshal(&settings_util.OIDCConfig{ ClientID: "$k8ssecret:clientid", - ClientSecret: "$k8ssecret:clientsecret", - }) - require.NoError(t, err, "no error expected when marshalling OIDC config") + ClientSecret: "$k8ssecret:clientsecret"}) + assert.NoError(t, err, "no error expected when marshalling OIDC config") originalSecrets := map[string]string{"k8ssecret:clientid": "argocd", "k8ssecret:clientsecret": "sharedargooauthsecret"} @@ -1262,22 +1261,21 @@ func TestOIDCConfigChangeDetection_ConfigDeleted(t *testing.T) { assert.Equal(t, originalOIDCConfig.ClientID, originalSecrets["k8ssecret:clientid"], "expected ClientID be replaced by secret value") assert.Equal(t, originalOIDCConfig.ClientSecret, originalSecrets["k8ssecret:clientsecret"], "expected ClientSecret be replaced by secret value") - // When + //When argoSettings.OIDCConfigRAW = "" argoSettings.Secrets = make(map[string]string) result := checkOIDCConfigChange(originalOIDCConfig, &argoSettings) - // Then - assert.True(t, result, "no error expected since OICD config deleted") + //Then + assert.Equal(t, result, true, "no error expected since OICD config deleted") } func TestOIDCConfigChangeDetection_NoChange(t *testing.T) { - // Given + //Given rawOIDCConfig, err := yaml.Marshal(&settings_util.OIDCConfig{ ClientID: "$k8ssecret:clientid", - ClientSecret: "$k8ssecret:clientsecret", - }) - require.NoError(t, err, "no error expected when marshalling OIDC config") + ClientSecret: "$k8ssecret:clientsecret"}) + assert.NoError(t, err, "no error expected when marshalling OIDC config") originalSecrets := map[string]string{"k8ssecret:clientid": "argocd", "k8ssecret:clientsecret": "sharedargooauthsecret"} @@ -1288,11 +1286,11 @@ func TestOIDCConfigChangeDetection_NoChange(t *testing.T) { assert.Equal(t, originalOIDCConfig.ClientID, originalSecrets["k8ssecret:clientid"], "expected ClientID be replaced by secret value") assert.Equal(t, originalOIDCConfig.ClientSecret, originalSecrets["k8ssecret:clientsecret"], "expected ClientSecret be replaced by secret value") - // When + //When result := checkOIDCConfigChange(originalOIDCConfig, &argoSettings) - // Then - assert.False(t, result, "no error since no config change") + //Then + assert.Equal(t, result, false, "no error since no config change") } func TestIsMainJsBundle(t *testing.T) { @@ -1395,9 +1393,9 @@ func TestCacheControlHeaders(t *testing.T) { if testCase.createFile { tmpFile, err := os.Create(fp) - require.NoError(t, err) + assert.NoError(t, err) err = tmpFile.Close() - require.NoError(t, err) + assert.NoError(t, err) } handler(rr, req) @@ -1409,7 +1407,6 @@ func TestCacheControlHeaders(t *testing.T) { }) } } - func TestReplaceBaseHRef(t *testing.T) { testCases := []struct { name string diff --git a/server/session/ratelimiter_test.go b/server/session/ratelimiter_test.go index 1642f1b8d400e..69a6a2e78f606 100644 --- a/server/session/ratelimiter_test.go +++ b/server/session/ratelimiter_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" util "github.com/argoproj/argo-cd/v2/util/io" "github.com/argoproj/argo-cd/v2/util/session" @@ -15,18 +14,18 @@ func TestRateLimiter(t *testing.T) { limiter := NewLoginRateLimiter(10) for i := 0; i < 10; i++ { closer, err := limiter() - require.NoError(t, err) + assert.NoError(t, err) closers = append(closers, closer) } // 11 request should fail _, err := limiter() assert.Equal(t, err, session.InvalidLoginErr) - if !assert.Len(t, closers, 10) { + if !assert.Equal(t, len(closers), 10) { return } // complete one request - require.NoError(t, closers[0].Close()) + assert.NoError(t, closers[0].Close()) _, err = limiter() - require.NoError(t, err) + assert.NoError(t, err) } diff --git a/server/session/session.go b/server/session/session.go index 780d66c123779..c3837d7f4af4f 100644 --- a/server/session/session.go +++ b/server/session/session.go @@ -67,6 +67,7 @@ func (s *Server) Create(_ context.Context, q *session.SessionCreateRequest) (*se fmt.Sprintf("%s:%s", q.Username, settings.AccountCapabilityLogin), int64(argoCDSettings.UserSessionDuration.Seconds()), uniqueId.String()) + if err != nil { return nil, err } diff --git a/sonar-project.properties b/sonar-project.properties index 21dad92e68837..e2f34fd2313d0 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -19,10 +19,7 @@ sonar.host.url=https://sonarcloud.io sonar.coverage.exclusions=**/*.pb.go,**/*.pb.gw.go,**/mocks/**,**/*.ts*,**/vendor/**,**/openapi_generated.go,**/*_test.go,**/*_generated*,test/**,pkg/client/**,pkg/apiclient/**,docs/** # Exclude following set of patterns from code analysis -sonar.go.exclusions=**/vendor/**,**/*.pb.go,**/*_test.go,**/*.pb.gw.go,**/mocks/**,**/openapi_generated.go,**/*_generated*.go,docs/** +sonar.go.exclusions=**/vendor/**,*/*.pb.go,**/*_test.go,**/*.pb.gw.go,**/mocks/**,**/openapi_generated.go,**/*_generated*.go,docs/** # Exclude following set of patterns from duplication detection sonar.cpd.exclusions=**/*.pb.go,**/*.g.cs,**/*.gw.go,**/mocks/*,docs/** - -# Exclude test manifests from analysis -sonar.kubernetes.exclusions=controller/testdata/**,test/**,util/kustomize/testdata/** diff --git a/test/container/Dockerfile b/test/container/Dockerfile index aaebf0f869392..aa3fff4026e64 100644 --- a/test/container/Dockerfile +++ b/test/container/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/redis:7.2.5@sha256:fb534a36ac2034a6374933467d971fbcbfa5d213805507f560d564851a720355 as redis +FROM docker.io/library/redis:7.2.4@sha256:7dd707032d90c6eaafd566f62a00f5b0116ae08fd7d6cbbb0f311b82b47171a2 as redis # There are libraries we will want to copy from here in the final stage of the # build, but the COPY directive does not have a way to determine system @@ -6,15 +6,15 @@ FROM docker.io/library/redis:7.2.5@sha256:fb534a36ac2034a6374933467d971fbcbfa5d2 RUN ln -s /usr/lib/$(uname -m)-linux-gnu /usr/lib/linux-gnu # Please make sure to also check the contained yarn version and update the references below when upgrading this image's version -FROM docker.io/library/node:22.4.0@sha256:2558f19e787cb0baed81a8068adf7509023b43dedce24ed606f8a01522b21313 as node +FROM docker.io/library/node:21.7.1@sha256:b9ccc4aca32eebf124e0ca0fd573dacffba2b9236987a1d4d2625ce3c162ecc8 as node -FROM docker.io/library/golang:1.23rc1@sha256:e94e0159e05a05d1d0fce4e0b542422a4285cdb9201c0ac9a20acdca467cb950 as golang +FROM docker.io/library/golang:1.21.10@sha256:16438a8e66c0c984f732e815ee5b7d715b8e33e81bac6d6a3750b1067744e7ca as golang -FROM docker.io/library/registry:2.8@sha256:79b29591e1601a73f03fcd413e655b72b9abfae5a23f1ad2e883d4942fbb4351 as registry +FROM docker.io/library/registry:2.8@sha256:fb9c9aef62af3955f6014613456551c92e88a67dcf1fc51f5f91bcbd1832813f as registry -FROM docker.io/bitnami/kubectl:1.30@sha256:a9e1c140974b2b57621dcabd0abcea20aea33d7ab7af1f19374ac079227b523f as kubectl +FROM docker.io/bitnami/kubectl:1.27@sha256:14ab746e857d96c105df4989cc2bf841292f2d143f7c60f9d7f549ae660eab43 as kubectl -FROM docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +FROM docker.io/library/ubuntu:22.04@sha256:77906da86b60585ce12215807090eb327e7386c8fafb5402369e421f44eff17e ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install --fix-missing -y \ @@ -85,7 +85,7 @@ COPY --from=registry /etc/docker/registry/config.yml /etc/docker/registry/config # Copy node binaries COPY --from=node /usr/local/lib/node_modules /usr/local/lib/node_modules COPY --from=node /usr/local/bin/node /usr/local/bin -COPY --from=node /opt/yarn-v1.22.22 /opt/yarn-v1.22.22 +COPY --from=node /opt/yarn-v1.22.19 /opt/yarn-v1.22.19 # Entrypoint is required for container's user management COPY ./test/container/entrypoint.sh /usr/local/bin @@ -93,8 +93,7 @@ COPY ./test/container/entrypoint.sh /usr/local/bin ARG UID # Prepare user configuration & build environments -RUN userdel -r ubuntu && \ - useradd -l -u ${UID} -d /home/user -s /bin/bash user && \ +RUN useradd -l -u ${UID} -d /home/user -s /bin/bash user && \ echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/user && \ mkdir -p /home/user/.kube && \ mkdir -p /home/user/.cache && \ @@ -112,8 +111,8 @@ RUN userdel -r ubuntu && \ ln -s /usr/local/bin/node /usr/local/bin/nodejs && \ ln -s /usr/local/lib/node_modules/npm/bin/npm-cli.js /usr/local/bin/npm && \ ln -s /usr/local/lib/node_modules/npm/bin/npx-cli.js /usr/local/bin/npx && \ - ln -s /opt/yarn-v1.22.22/bin/yarn /usr/local/bin/yarn && \ - ln -s /opt/yarn-v1.22.22/bin/yarnpkg /usr/local/bin/yarnpkg && \ + ln -s /opt/yarn-v1.22.19/bin/yarn /usr/local/bin/yarn && \ + ln -s /opt/yarn-v1.22.19/bin/yarnpkg /usr/local/bin/yarnpkg && \ mkdir -p /var/lib/registry ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/test/e2e/accounts_test.go b/test/e2e/accounts_test.go index c238aacb728b5..54eba790af2c5 100644 --- a/test/e2e/accounts_test.go +++ b/test/e2e/accounts_test.go @@ -8,7 +8,6 @@ import ( "github.com/argoproj/pkg/errors" "github.com/spf13/cobra" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" @@ -29,13 +28,13 @@ func TestCreateAndUseAccount(t *testing.T) { Then(). And(func(account *account.Account, err error) { assert.Equal(t, account.Name, ctx.GetName()) - assert.Equal(t, []string{"login"}, account.Capabilities) + assert.Equal(t, account.Capabilities, []string{"login"}) }). When(). Login(). Then(). CurrentUser(func(user *session.GetUserInfoResponse, err error) { - assert.True(t, user.LoggedIn) + assert.Equal(t, user.LoggedIn, true) assert.Equal(t, user.Username, ctx.GetName()) }) } @@ -143,9 +142,9 @@ test true login, apiKey`, output) defer io.Close(closer) info, err := client.GetUserInfo(context.Background(), &session.GetUserInfoRequest{}) - require.NoError(t, err) + assert.NoError(t, err) - assert.Equal(t, "test", info.Username) + assert.Equal(t, info.Username, "test") } func TestLoginBadCredentials(t *testing.T) { @@ -162,7 +161,9 @@ func TestLoginBadCredentials(t *testing.T) { for _, r := range requests { _, err := sessionClient.Create(context.Background(), &r) - require.Error(t, err) + if !assert.Error(t, err) { + return + } errStatus, ok := status.FromError(err) if !assert.True(t, ok) { return diff --git a/test/e2e/app_autosync_ns_test.go b/test/e2e/app_autosync_ns_test.go index 3dbf465df49b5..53e87db87d931 100644 --- a/test/e2e/app_autosync_ns_test.go +++ b/test/e2e/app_autosync_ns_test.go @@ -96,6 +96,7 @@ func TestNSAutoSyncSelfHealEnabled(t *testing.T) { Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Empty(t, app.Status.Conditions) + assert.Len(t, app.Status.Conditions, 0) }) + } diff --git a/test/e2e/app_autosync_test.go b/test/e2e/app_autosync_test.go index 67081fe98adae..6e3c1443285e5 100644 --- a/test/e2e/app_autosync_test.go +++ b/test/e2e/app_autosync_test.go @@ -90,6 +90,7 @@ func TestAutoSyncSelfHealEnabled(t *testing.T) { Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Empty(t, app.Status.Conditions) + assert.Len(t, app.Status.Conditions, 0) }) + } diff --git a/test/e2e/app_k8s_events_test.go b/test/e2e/app_k8s_events_test.go deleted file mode 100644 index 7438adfe7001c..0000000000000 --- a/test/e2e/app_k8s_events_test.go +++ /dev/null @@ -1,65 +0,0 @@ -package e2e - -import ( - "context" - "fmt" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - - . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" - . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" -) - -// resource.includeEventLabelKeys keys set in argocd-cm -func TestLabelsOnAppK8sEvents(t *testing.T) { - expectedLabels := map[string]string{"app": "test", "environment": "dev"} - - Given(t). - Timeout(60). - Path("two-nice-pods"). - When(). - SetParamInSettingConfigMap("resource.includeEventLabelKeys", "app,team,env*"). - SetParamInSettingConfigMap("resource.excludeEventLabelKeys", "team"). - CreateApp("--label=app=test", "--label=environment=dev", "--label=team=A", "--label=tier=ui"). - Sync(). - Then(). - Expect(SyncStatusIs(SyncStatusCodeSynced)). - And(func(app *Application) { - events, err := KubeClientset.CoreV1().Events(app.Namespace).List(context.Background(), metav1.ListOptions{ - FieldSelector: fmt.Sprintf("involvedObject.name=%s,involvedObject.kind=Application", app.Name), - }) - require.NoError(t, err) - for _, event := range events.Items { - for k, v := range event.Labels { - ev, found := expectedLabels[k] - assert.True(t, found) - assert.Equal(t, ev, v) - } - } - }) -} - -// resource.includeEventLabelKeys keys not set in argocd-cm -func TestNoLabelsOnAppK8sEvents(t *testing.T) { - Given(t). - Timeout(60). - Path("two-nice-pods"). - When(). - CreateApp("--label=app=test", "--label=environment=dev", "--label=team=A", "--label=tier=ui"). - Sync(). - Then(). - Expect(SyncStatusIs(SyncStatusCodeSynced)). - And(func(app *Application) { - events, err := KubeClientset.CoreV1().Events(app.Namespace).List(context.Background(), metav1.ListOptions{ - FieldSelector: fmt.Sprintf("involvedObject.name=%s,involvedObject.kind=Application", app.Name), - }) - require.NoError(t, err) - for _, event := range events.Items { - assert.Nil(t, event.Labels) - } - }) -} diff --git a/test/e2e/app_management_ns_test.go b/test/e2e/app_management_ns_test.go index 4257e59bf9a62..496513d22f202 100644 --- a/test/e2e/app_management_ns_test.go +++ b/test/e2e/app_management_ns_test.go @@ -23,7 +23,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/common" applicationpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" @@ -91,7 +91,7 @@ func TestNamespacedGetLogsDenySwitchOn(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { _, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "permission denied") }) } @@ -145,19 +145,20 @@ func TestNamespacedGetLogsAllowSwitchOnNS(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Pod") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Service") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) + } func TestNamespacedGetLogsAllowSwitchOff(t *testing.T) { @@ -203,17 +204,17 @@ func TestNamespacedGetLogsAllowSwitchOff(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Pod") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", ctx.AppQualifiedName(), "--kind", "Service") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) } @@ -294,7 +295,7 @@ func TestNamespacedAppCreation(t *testing.T) { And(func(app *Application) { // app should be listed output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, ctx.AppQualifiedName()) }). When(). @@ -342,7 +343,7 @@ func TestNamespacedAppCreationWithoutForceUpdate(t *testing.T) { And(func(_ *Application) { // app should be listed output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, ctx.AppQualifiedName()) }). When(). @@ -367,7 +368,7 @@ func TestNamespacedDeleteAppResource(t *testing.T) { And(func(_ *Application) { // app should be listed if _, err := RunCli("app", "delete-resource", ctx.AppQualifiedName(), "--kind", "Service", "--resource-name", "guestbook-ui"); err != nil { - require.NoError(t, err) + assert.NoError(t, err) } }). Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). @@ -451,7 +452,7 @@ func TestNamespacedAppDeletion(t *testing.T) { Expect(NamespacedEvent(AppNamespace(), EventReasonResourceDeleted, "delete")) output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, output, ctx.AppQualifiedName()) } @@ -539,15 +540,16 @@ func TestNamespacedAppRollbackSuccessful(t *testing.T) { // sync app and make sure it reaches InSync state _, err = RunCli("app", "rollback", app.QualifiedName(), "1") require.NoError(t, err) + }). Expect(NamespacedEvent(AppNamespace(), EventReasonOperationStarted, "rollback")). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { assert.Equal(t, SyncStatusCodeSynced, app.Status.Sync.Status) require.NotNil(t, app.Status.OperationState.SyncResult) - assert.Len(t, app.Status.OperationState.SyncResult.Resources, 2) + assert.Equal(t, 2, len(app.Status.OperationState.SyncResult.Resources)) assert.Equal(t, OperationSucceeded, app.Status.OperationState.Phase) - assert.Len(t, app.Status.History, 3) + assert.Equal(t, 3, len(app.Status.History)) }) } @@ -590,9 +592,9 @@ func TestNamespacedManipulateApplicationResources(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { manifests, err := RunCli("app", "manifests", ctx.AppQualifiedName(), "--source", "live") - require.NoError(t, err) + assert.NoError(t, err) resources, err := kube.SplitYAML([]byte(manifests)) - require.NoError(t, err) + assert.NoError(t, err) index := -1 for i := range resources { @@ -601,31 +603,31 @@ func TestNamespacedManipulateApplicationResources(t *testing.T) { break } } - assert.Greater(t, index, -1) + assert.True(t, index > -1) deployment := resources[index] closer, client, err := ArgoCDClientset.NewApplicationClient() - require.NoError(t, err) + assert.NoError(t, err) defer io.Close(closer) _, err = client.DeleteResource(context.Background(), &applicationpkg.ApplicationResourceDeleteRequest{ Name: &app.Name, - AppNamespace: ptr.To(AppNamespace()), - Group: ptr.To(deployment.GroupVersionKind().Group), - Kind: ptr.To(deployment.GroupVersionKind().Kind), - Version: ptr.To(deployment.GroupVersionKind().Version), - Namespace: ptr.To(deployment.GetNamespace()), - ResourceName: ptr.To(deployment.GetName()), + AppNamespace: pointer.String(AppNamespace()), + Group: pointer.String(deployment.GroupVersionKind().Group), + Kind: pointer.String(deployment.GroupVersionKind().Kind), + Version: pointer.String(deployment.GroupVersionKind().Version), + Namespace: pointer.String(deployment.GetNamespace()), + ResourceName: pointer.String(deployment.GetName()), }) - require.NoError(t, err) + assert.NoError(t, err) }). Expect(SyncStatusIs(SyncStatusCodeOutOfSync)) } func TestNamespacedAppWithSecrets(t *testing.T) { closer, client, err := ArgoCDClientset.NewApplicationClient() - require.NoError(t, err) + assert.NoError(t, err) defer io.Close(closer) ctx := Given(t) @@ -641,18 +643,18 @@ func TestNamespacedAppWithSecrets(t *testing.T) { And(func(app *Application) { res := FailOnErr(client.GetResource(context.Background(), &applicationpkg.ApplicationResourceRequest{ Namespace: &app.Spec.Destination.Namespace, - AppNamespace: ptr.To(AppNamespace()), - Kind: ptr.To(kube.SecretKind), - Group: ptr.To(""), + AppNamespace: pointer.String(AppNamespace()), + Kind: pointer.String(kube.SecretKind), + Group: pointer.String(""), Name: &app.Name, - Version: ptr.To("v1"), - ResourceName: ptr.To("test-secret"), + Version: pointer.String("v1"), + ResourceName: pointer.String("test-secret"), })).(*applicationpkg.ApplicationResourceResponse) assetSecretDataHidden(t, res.GetManifest()) manifests, err := client.GetManifests(context.Background(), &applicationpkg.ApplicationManifestQuery{ Name: &app.Name, - AppNamespace: ptr.To(AppNamespace()), + AppNamespace: pointer.String(AppNamespace()), }) errors.CheckError(err) @@ -685,7 +687,7 @@ func TestNamespacedAppWithSecrets(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). And(func(app *Application) { diffOutput, err := RunCli("app", "diff", ctx.AppQualifiedName()) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, diffOutput, "username: ++++++++") assert.Contains(t, diffOutput, "password: ++++++++++++") @@ -697,7 +699,7 @@ func TestNamespacedAppWithSecrets(t *testing.T) { app.Spec.IgnoreDifferences = []ResourceIgnoreDifferences{{ Kind: kube.SecretKind, JSONPointers: []string{"/data"}, }} - FailOnErr(client.UpdateSpec(context.Background(), &applicationpkg.ApplicationUpdateSpecRequest{Name: &app.Name, AppNamespace: ptr.To(AppNamespace()), Spec: &app.Spec})) + FailOnErr(client.UpdateSpec(context.Background(), &applicationpkg.ApplicationUpdateSpecRequest{Name: &app.Name, AppNamespace: pointer.String(AppNamespace()), Spec: &app.Spec})) }). When(). Refresh(RefreshTypeNormal). @@ -739,7 +741,7 @@ func TestNamespacedResourceDiffing(t *testing.T) { // Patch deployment _, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Patch(context.Background(), "guestbook-ui", types.JSONPatchType, []byte(`[{ "op": "replace", "path": "/spec/template/spec/containers/0/image", "value": "test" }]`), metav1.PatchOptions{}) - require.NoError(t, err) + assert.NoError(t, err) }). When(). Refresh(RefreshTypeNormal). @@ -747,7 +749,7 @@ func TestNamespacedResourceDiffing(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). And(func(app *Application) { diffOutput, err := RunCli("app", "diff", ctx.AppQualifiedName(), "--local-repo-root", ".", "--local", "testdata/guestbook") - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, diffOutput, fmt.Sprintf("===== apps/Deployment %s/guestbook-ui ======", DeploymentNamespace())) }). Given(). @@ -760,7 +762,7 @@ func TestNamespacedResourceDiffing(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { diffOutput, err := RunCli("app", "diff", ctx.AppQualifiedName(), "--local-repo-root", ".", "--local", "testdata/guestbook") - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, diffOutput) }). Given(). @@ -778,7 +780,7 @@ func TestNamespacedResourceDiffing(t *testing.T) { Sync(). And(func() { output, err := RunWithStdin(testdata.SSARevisionHistoryDeployment, "", "kubectl", "apply", "-n", DeploymentNamespace(), "--server-side=true", "--field-manager=revision-history-manager", "--validate=false", "--force-conflicts", "-f", "-") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "serverside-applied") }). Refresh(RefreshTypeNormal). @@ -805,12 +807,12 @@ func TestNamespacedResourceDiffing(t *testing.T) { }]`). And(func() { deployment, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, int32(3), *deployment.Spec.RevisionHistoryLimit) }). And(func() { output, err := RunWithStdin(testdata.SSARevisionHistoryDeployment, "", "kubectl", "apply", "-n", DeploymentNamespace(), "--server-side=true", "--field-manager=revision-history-manager", "--validate=false", "--force-conflicts", "-f", "-") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "serverside-applied") }). Then(). @@ -819,13 +821,13 @@ func TestNamespacedResourceDiffing(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { deployment, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, int32(1), *deployment.Spec.RevisionHistoryLimit) }). When().Sync().Then().Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { deployment, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, int32(1), *deployment.Spec.RevisionHistoryLimit) }) } @@ -897,7 +899,7 @@ func testNSEdgeCasesApplicationResources(t *testing.T, appPath string, statusCod And(func(app *Application) { diffOutput, err := RunCli("app", "diff", ctx.AppQualifiedName(), "--local-repo-root", ".", "--local", path.Join("testdata", appPath)) assert.Empty(t, diffOutput) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -922,36 +924,36 @@ func TestNamespacedResourceAction(t *testing.T) { Sync(). Then(). And(func(app *Application) { + closer, client, err := ArgoCDClientset.NewApplicationClient() - require.NoError(t, err) + assert.NoError(t, err) defer io.Close(closer) actions, err := client.ListResourceActions(context.Background(), &applicationpkg.ApplicationResourceRequest{ Name: &app.Name, - AppNamespace: ptr.To(AppNamespace()), - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), - Version: ptr.To("v1"), - Namespace: ptr.To(DeploymentNamespace()), - ResourceName: ptr.To("guestbook-ui"), + AppNamespace: pointer.String(AppNamespace()), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("guestbook-ui"), }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions) - _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{ - Name: &app.Name, - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), - Version: ptr.To("v1"), - Namespace: ptr.To(DeploymentNamespace()), - ResourceName: ptr.To("guestbook-ui"), - Action: ptr.To("sample"), - AppNamespace: ptr.To(AppNamespace()), + _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{Name: &app.Name, + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("guestbook-ui"), + Action: pointer.String("sample"), + AppNamespace: pointer.String(AppNamespace()), }) - require.NoError(t, err) + assert.NoError(t, err) deployment, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "test", deployment.Labels["sample"]) }) @@ -973,7 +975,7 @@ func TestNamespacedSyncResourceByLabel(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { _, err := RunCli("app", "sync", ctx.AppQualifiedName(), "--label", "this-label=does-not-exist") - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "level=fatal") }) } @@ -1042,10 +1044,10 @@ func TestNamespacedNoLocalSyncWithAutosyncEnabled(t *testing.T) { Then(). And(func(app *Application) { _, err := RunCli("app", "set", app.QualifiedName(), "--sync-policy", "automated") - require.NoError(t, err) + assert.NoError(t, err) _, err = RunCli("app", "sync", app.QualifiedName(), "--local", guestbookPathLocal) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "Cannot use local sync") }) } @@ -1061,11 +1063,11 @@ func TestNamespacedLocalSyncDryRunWithASEnabled(t *testing.T) { Then(). And(func(app *Application) { _, err := RunCli("app", "set", app.QualifiedName(), "--sync-policy", "automated") - require.NoError(t, err) + assert.NoError(t, err) appBefore := app.DeepCopy() _, err = RunCli("app", "sync", app.QualifiedName(), "--dry-run", "--local-repo-root", ".", "--local", guestbookPathLocal) - require.NoError(t, err) + assert.NoError(t, err) appAfter := app.DeepCopy() assert.True(t, reflect.DeepEqual(appBefore, appAfter)) @@ -1091,10 +1093,11 @@ func TestNamespacedSyncAsync(t *testing.T) { func assertNSResourceActions(t *testing.T, appName string, successful bool) { assertError := func(err error, message string) { if successful { - require.NoError(t, err) + assert.NoError(t, err) } else { - require.Error(t, err) - assert.Contains(t, err.Error(), message) + if assert.Error(t, err) { + assert.Contains(t, err.Error(), message) + } } } @@ -1105,15 +1108,15 @@ func assertNSResourceActions(t *testing.T, appName string, successful bool) { require.NoError(t, err) logs, err := cdClient.PodLogs(context.Background(), &applicationpkg.ApplicationPodLogsQuery{ - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), Name: &appName, - AppNamespace: ptr.To(AppNamespace()), - Namespace: ptr.To(DeploymentNamespace()), - Container: ptr.To(""), - SinceSeconds: ptr.To(int64(0)), - TailLines: ptr.To(int64(0)), - Follow: ptr.To(false), + AppNamespace: pointer.String(AppNamespace()), + Namespace: pointer.String(DeploymentNamespace()), + Container: pointer.String(""), + SinceSeconds: pointer.Int64(0), + TailLines: pointer.Int64(0), + Follow: pointer.Bool(false), }) require.NoError(t, err) _, err = logs.Recv() @@ -1123,44 +1126,44 @@ func assertNSResourceActions(t *testing.T, appName string, successful bool) { _, err = cdClient.ListResourceEvents(context.Background(), &applicationpkg.ApplicationResourceEventsQuery{ Name: &appName, - AppNamespace: ptr.To(AppNamespace()), - ResourceName: ptr.To("guestbook-ui"), - ResourceNamespace: ptr.To(DeploymentNamespace()), - ResourceUID: ptr.To(string(deploymentResource.UID)), + AppNamespace: pointer.String(AppNamespace()), + ResourceName: pointer.String("guestbook-ui"), + ResourceNamespace: pointer.String(DeploymentNamespace()), + ResourceUID: pointer.String(string(deploymentResource.UID)), }) assertError(err, fmt.Sprintf("%s not found as part of application %s", "guestbook-ui", appName)) _, err = cdClient.GetResource(context.Background(), &applicationpkg.ApplicationResourceRequest{ Name: &appName, - AppNamespace: ptr.To(AppNamespace()), - ResourceName: ptr.To("guestbook-ui"), - Namespace: ptr.To(DeploymentNamespace()), - Version: ptr.To("v1"), - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), + AppNamespace: pointer.String(AppNamespace()), + ResourceName: pointer.String("guestbook-ui"), + Namespace: pointer.String(DeploymentNamespace()), + Version: pointer.String("v1"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), }) assertError(err, expectedError) _, err = cdClient.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{ Name: &appName, - AppNamespace: ptr.To(AppNamespace()), - ResourceName: ptr.To("guestbook-ui"), - Namespace: ptr.To(DeploymentNamespace()), - Version: ptr.To("v1"), - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), - Action: ptr.To("restart"), + AppNamespace: pointer.String(AppNamespace()), + ResourceName: pointer.String("guestbook-ui"), + Namespace: pointer.String(DeploymentNamespace()), + Version: pointer.String("v1"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), + Action: pointer.String("restart"), }) assertError(err, expectedError) _, err = cdClient.DeleteResource(context.Background(), &applicationpkg.ApplicationResourceDeleteRequest{ Name: &appName, - AppNamespace: ptr.To(AppNamespace()), - ResourceName: ptr.To("guestbook-ui"), - Namespace: ptr.To(DeploymentNamespace()), - Version: ptr.To("v1"), - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), + AppNamespace: pointer.String(AppNamespace()), + ResourceName: pointer.String("guestbook-ui"), + Namespace: pointer.String(DeploymentNamespace()), + Version: pointer.String("v1"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), }) assertError(err, expectedError) } @@ -1222,8 +1225,8 @@ func TestNamespacedPermissions(t *testing.T) { defer io.Close(closer) tree, err := cdClient.ResourceTree(context.Background(), &applicationpkg.ResourcesQuery{ApplicationName: &app.Name, AppNamespace: &app.Namespace}) require.NoError(t, err) - assert.Empty(t, tree.Nodes) - assert.Empty(t, tree.OrphanedNodes) + assert.Len(t, tree.Nodes, 0) + assert.Len(t, tree.OrphanedNodes, 0) }). When(). // add missing permissions but deny management of Deployment kind @@ -1311,6 +1314,7 @@ func TestNamespacedPermissionDeniedWithScopedRepo(t *testing.T) { CreateApp(). Then(). Expect(Error("", "is not permitted in project")) + } // make sure that if we deleted a resource from the app, it is not pruned if annotated with Prune=false @@ -1339,6 +1343,7 @@ func TestNamespacedSyncOptionPruneFalse(t *testing.T) { // make sure that if we have an invalid manifest, we can add it if we disable validation, we get a server error rather than a client error func TestNamespacedSyncOptionValidateFalse(t *testing.T) { + Given(t). Path("crd-validation"). SetTrackingMethod("annotation"). @@ -1397,6 +1402,7 @@ func TestNamespacedCompareOptionIgnoreExtraneous(t *testing.T) { } func TestNamespacedSelfManagedApps(t *testing.T) { + Given(t). Path("self-managed-app"). SetTrackingMethod("annotation"). @@ -1425,7 +1431,7 @@ func TestNamespacedSelfManagedApps(t *testing.T) { lastReconciledAt = reconciledAt } - assert.Less(t, reconciledCount, 3, "Application was reconciled too many times") + assert.True(t, reconciledCount < 3, "Application was reconciled too many times") }) } @@ -1477,7 +1483,7 @@ func TestNamespacedOrphanedResource(t *testing.T) { ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true)}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true)}, SourceNamespaces: []string{AppNamespace()}, }). SetTrackingMethod("annotation"). @@ -1502,14 +1508,14 @@ func TestNamespacedOrphanedResource(t *testing.T) { Expect(Condition(ApplicationConditionOrphanedResourceWarning, "Application has 1 orphaned resources")). And(func(app *Application) { output, err := RunCli("app", "resources", app.QualifiedName()) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "orphaned-configmap") }). Given(). ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true), Ignore: []OrphanedResourceKey{{Group: "Test", Kind: "ConfigMap"}}}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true), Ignore: []OrphanedResourceKey{{Group: "Test", Kind: "ConfigMap"}}}, SourceNamespaces: []string{AppNamespace()}, }). When(). @@ -1518,14 +1524,14 @@ func TestNamespacedOrphanedResource(t *testing.T) { Expect(Condition(ApplicationConditionOrphanedResourceWarning, "Application has 1 orphaned resources")). And(func(app *Application) { output, err := RunCli("app", "resources", app.QualifiedName()) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "orphaned-configmap") }). Given(). ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true), Ignore: []OrphanedResourceKey{{Kind: "ConfigMap"}}}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true), Ignore: []OrphanedResourceKey{{Kind: "ConfigMap"}}}, SourceNamespaces: []string{AppNamespace()}, }). When(). @@ -1535,14 +1541,14 @@ func TestNamespacedOrphanedResource(t *testing.T) { Expect(NoConditions()). And(func(app *Application) { output, err := RunCli("app", "resources", app.QualifiedName()) - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, output, "orphaned-configmap") }). Given(). ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true), Ignore: []OrphanedResourceKey{{Kind: "ConfigMap", Name: "orphaned-configmap"}}}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true), Ignore: []OrphanedResourceKey{{Kind: "ConfigMap", Name: "orphaned-configmap"}}}, SourceNamespaces: []string{AppNamespace()}, }). When(). @@ -1552,7 +1558,7 @@ func TestNamespacedOrphanedResource(t *testing.T) { Expect(NoConditions()). And(func(app *Application) { output, err := RunCli("app", "resources", app.QualifiedName()) - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, output, "orphaned-configmap") }). Given(). @@ -1628,8 +1634,7 @@ func TestNamespacedNotPermittedResources(t *testing.T) { SourceNamespaces: []string{AppNamespace()}, NamespaceResourceBlacklist: []metav1.GroupKind{ {Group: "", Kind: "Service"}, - }, - }). + }}). And(func() { FailOnErr(KubeClientset.NetworkingV1().Ingresses(TestNamespace()).Create(context.Background(), ingress, metav1.CreateOptions{})) FailOnErr(KubeClientset.CoreV1().Services(DeploymentNamespace()).Create(context.Background(), svc, metav1.CreateOptions{})) @@ -1647,9 +1652,9 @@ func TestNamespacedNotPermittedResources(t *testing.T) { _, hasIngress := statusByKind[kube.IngressKind] assert.False(t, hasIngress, "Ingress is prohibited not managed object and should be even visible to user") serviceStatus := statusByKind[kube.ServiceKind] - assert.Equal(t, SyncStatusCodeUnknown, serviceStatus.Status, "Service is prohibited managed resource so should be set to Unknown") + assert.Equal(t, serviceStatus.Status, SyncStatusCodeUnknown, "Service is prohibited managed resource so should be set to Unknown") deploymentStatus := statusByKind[kube.DeploymentKind] - assert.Equal(t, SyncStatusCodeOutOfSync, deploymentStatus.Status) + assert.Equal(t, deploymentStatus.Status, SyncStatusCodeOutOfSync) }). When(). Delete(true). @@ -1677,7 +1682,7 @@ func TestNamespacedSyncWithInfos(t *testing.T) { _, err := RunCli("app", "sync", app.QualifiedName(), "--info", fmt.Sprintf("%s=%s", expectedInfo[0].Name, expectedInfo[0].Value), "--info", fmt.Sprintf("%s=%s", expectedInfo[1].Name, expectedInfo[1].Value)) - require.NoError(t, err) + assert.NoError(t, err) }). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { @@ -1701,8 +1706,8 @@ func TestNamespacedCreateAppWithNoNameSpaceForGlobalResource(t *testing.T) { And(func(app *Application) { time.Sleep(500 * time.Millisecond) app, err := AppClientset.ArgoprojV1alpha1().Applications(AppNamespace()).Get(context.Background(), app.Name, metav1.GetOptions{}) - require.NoError(t, err) - assert.Empty(t, app.Status.Conditions) + assert.NoError(t, err) + assert.Len(t, app.Status.Conditions, 0) }) } @@ -1726,8 +1731,8 @@ func TestNamespacedCreateAppWithNoNameSpaceWhenRequired(t *testing.T) { require.NoError(t, err) assert.Len(t, updatedApp.Status.Conditions, 2) - assert.Equal(t, ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) - assert.Equal(t, ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[1].Type) + assert.Equal(t, updatedApp.Status.Conditions[0].Type, ApplicationConditionInvalidSpecError) + assert.Equal(t, updatedApp.Status.Conditions[1].Type, ApplicationConditionInvalidSpecError) }) } @@ -1752,8 +1757,8 @@ func TestNamespacedCreateAppWithNoNameSpaceWhenRequired2(t *testing.T) { require.NoError(t, err) assert.Len(t, updatedApp.Status.Conditions, 2) - assert.Equal(t, ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) - assert.Equal(t, ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[1].Type) + assert.Equal(t, updatedApp.Status.Conditions[0].Type, ApplicationConditionInvalidSpecError) + assert.Equal(t, updatedApp.Status.Conditions[1].Type, ApplicationConditionInvalidSpecError) }) } @@ -1765,7 +1770,7 @@ func TestNamespacedListResource(t *testing.T) { ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true)}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true)}, SourceNamespaces: []string{AppNamespace()}, }). Path(guestbookPath). @@ -1788,19 +1793,19 @@ func TestNamespacedListResource(t *testing.T) { Expect(Condition(ApplicationConditionOrphanedResourceWarning, "Application has 1 orphaned resources")). And(func(app *Application) { output, err := RunCli("app", "resources", app.QualifiedName()) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "orphaned-configmap") assert.Contains(t, output, "guestbook-ui") }). And(func(app *Application) { output, err := RunCli("app", "resources", app.QualifiedName(), "--orphaned=true") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "orphaned-configmap") assert.NotContains(t, output, "guestbook-ui") }). And(func(app *Application) { output, err := RunCli("app", "resources", app.QualifiedName(), "--orphaned=false") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, output, "orphaned-configmap") assert.Contains(t, output, "guestbook-ui") }). @@ -1832,7 +1837,7 @@ func TestNamespacedNamespaceAutoCreation(t *testing.T) { defer func() { if !t.Skipped() { _, err := Run("", "kubectl", "delete", "namespace", updatedNamespace) - require.NoError(t, err) + assert.NoError(t, err) } }() Given(t). @@ -1860,7 +1865,7 @@ func TestNamespacedNamespaceAutoCreation(t *testing.T) { And(func(app *Application) { // Verify delete app does not delete the namespace auto created output, err := Run("", "kubectl", "get", "namespace", updatedNamespace) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, updatedNamespace) }) } @@ -1876,7 +1881,7 @@ func TestNamespacedNamespaceAutoCreationWithMetadata(t *testing.T) { defer func() { if !t.Skipped() { _, err := Run("", "kubectl", "delete", "namespace", updatedNamespace) - require.NoError(t, err) + assert.NoError(t, err) } }() ctx := Given(t) @@ -1892,8 +1897,7 @@ func TestNamespacedNamespaceAutoCreationWithMetadata(t *testing.T) { ManagedNamespaceMetadata: &ManagedNamespaceMetadata{ Labels: map[string]string{"foo": "bar"}, Annotations: map[string]string{"bar": "bat"}, - }, - } + }} }). Then(). Expect(NoNamespace(updatedNamespace)). @@ -1927,6 +1931,7 @@ func TestNamespacedNamespaceAutoCreationWithMetadata(t *testing.T) { Then(). Expect(Success("")). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + delete(ns.Labels, "kubernetes.io/metadata.name") delete(ns.Labels, "argocd.argoproj.io/tracking-id") delete(ns.Annotations, "kubectl.kubernetes.io/last-applied-configuration") @@ -1969,7 +1974,7 @@ func TestNamespacedNamespaceAutoCreationWithMetadataAndNsManifest(t *testing.T) defer func() { if !t.Skipped() { _, err := Run("", "kubectl", "delete", "namespace", namespace) - require.NoError(t, err) + assert.NoError(t, err) } }() @@ -1986,8 +1991,7 @@ func TestNamespacedNamespaceAutoCreationWithMetadataAndNsManifest(t *testing.T) ManagedNamespaceMetadata: &ManagedNamespaceMetadata{ Labels: map[string]string{"foo": "bar", "abc": "123"}, Annotations: map[string]string{"bar": "bat"}, - }, - } + }} }). Then(). Expect(NoNamespace(namespace)). @@ -2023,7 +2027,7 @@ func TestNamespacedNamespaceAutoCreationWithPreexistingNs(t *testing.T) { defer func() { if !t.Skipped() { _, err := Run("", "kubectl", "delete", "namespace", updatedNamespace) - require.NoError(t, err) + assert.NoError(t, err) } }() @@ -2045,7 +2049,7 @@ metadata: errors.CheckError(err) _, err = Run("", "kubectl", "apply", "-f", tmpFile.Name()) - require.NoError(t, err) + assert.NoError(t, err) ctx := Given(t) ctx. @@ -2060,8 +2064,7 @@ metadata: ManagedNamespaceMetadata: &ManagedNamespaceMetadata{ Labels: map[string]string{"foo": "bar"}, Annotations: map[string]string{"bar": "bat"}, - }, - } + }} }). Then(). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { @@ -2098,6 +2101,7 @@ metadata: Then(). Expect(Success("")). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + assert.Empty(t, app.Status.Conditions) delete(ns.Labels, "kubernetes.io/metadata.name") @@ -2118,6 +2122,7 @@ metadata: Then(). Expect(Success("")). Expect(Namespace(updatedNamespace, func(app *Application, ns *v1.Namespace) { + assert.Empty(t, app.Status.Conditions) delete(ns.Labels, "kubernetes.io/metadata.name") @@ -2162,14 +2167,16 @@ func TestNamespacedCreateDisableValidation(t *testing.T) { And(func(app *Application) { _, err := RunCli("app", "create", app.QualifiedName(), "--upsert", "--validate=false", "--repo", RepoURL(RepoURLTypeFile), "--path", "baddir2", "--project", app.Spec.Project, "--dest-server", KubernetesInternalAPIServerAddr, "--dest-namespace", DeploymentNamespace()) - require.NoError(t, err) + assert.NoError(t, err) }). When(). AppSet("--path", "baddir3", "--validate=false") + } func TestNamespacedCreateFromPartialFile(t *testing.T) { - partialApp := `metadata: + partialApp := + `metadata: labels: labels.local/from-file: file labels.local/from-args: file @@ -2253,38 +2260,38 @@ definitions: // tests resource actions on a CRD using status subresource And(func(app *Application) { _, err := RunCli("app", "actions", "run", app.QualifiedName(), "--kind", "StatusSubResource", "update-both") - require.NoError(t, err) + assert.NoError(t, err) text := FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "statussubresources", "status-subresource", "-o", "jsonpath={.spec.foo}")).(string) assert.Equal(t, "update-both", text) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "statussubresources", "status-subresource", "-o", "jsonpath={.status.bar}")).(string) assert.Equal(t, "update-both", text) _, err = RunCli("app", "actions", "run", app.QualifiedName(), "--kind", "StatusSubResource", "update-spec") - require.NoError(t, err) + assert.NoError(t, err) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "statussubresources", "status-subresource", "-o", "jsonpath={.spec.foo}")).(string) assert.Equal(t, "update-spec", text) _, err = RunCli("app", "actions", "run", app.QualifiedName(), "--kind", "StatusSubResource", "update-status") - require.NoError(t, err) + assert.NoError(t, err) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "statussubresources", "status-subresource", "-o", "jsonpath={.status.bar}")).(string) assert.Equal(t, "update-status", text) }). // tests resource actions on a CRD *not* using status subresource And(func(app *Application) { _, err := RunCli("app", "actions", "run", app.QualifiedName(), "--kind", "NonStatusSubResource", "update-both") - require.NoError(t, err) + assert.NoError(t, err) text := FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "nonstatussubresources", "non-status-subresource", "-o", "jsonpath={.spec.foo}")).(string) assert.Equal(t, "update-both", text) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "nonstatussubresources", "non-status-subresource", "-o", "jsonpath={.status.bar}")).(string) assert.Equal(t, "update-both", text) _, err = RunCli("app", "actions", "run", app.QualifiedName(), "--kind", "NonStatusSubResource", "update-spec") - require.NoError(t, err) + assert.NoError(t, err) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "nonstatussubresources", "non-status-subresource", "-o", "jsonpath={.spec.foo}")).(string) assert.Equal(t, "update-spec", text) _, err = RunCli("app", "actions", "run", app.QualifiedName(), "--kind", "NonStatusSubResource", "update-status") - require.NoError(t, err) + assert.NoError(t, err) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "nonstatussubresources", "non-status-subresource", "-o", "jsonpath={.status.bar}")).(string) assert.Equal(t, "update-status", text) }) @@ -2303,17 +2310,17 @@ func TestNamespacedAppLogs(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", app.QualifiedName(), "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", app.QualifiedName(), "--kind", "Pod") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(5, "app", "logs", app.QualifiedName(), "--kind", "Service") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) } @@ -2360,14 +2367,14 @@ func TestNamespacedSyncOptionReplace(t *testing.T) { Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Equal(t, "configmap/my-map created", app.Status.OperationState.SyncResult.Resources[0].Message) + assert.Equal(t, app.Status.OperationState.SyncResult.Resources[0].Message, "configmap/my-map created") }). When(). Sync(). Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Equal(t, "configmap/my-map replaced", app.Status.OperationState.SyncResult.Resources[0].Message) + assert.Equal(t, app.Status.OperationState.SyncResult.Resources[0].Message, "configmap/my-map replaced") }) } @@ -2383,14 +2390,14 @@ func TestNamespacedSyncOptionReplaceFromCLI(t *testing.T) { Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Equal(t, "configmap/my-map created", app.Status.OperationState.SyncResult.Resources[0].Message) + assert.Equal(t, app.Status.OperationState.SyncResult.Resources[0].Message, "configmap/my-map created") }). When(). Sync(). Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Equal(t, "configmap/my-map replaced", app.Status.OperationState.SyncResult.Resources[0].Message) + assert.Equal(t, app.Status.OperationState.SyncResult.Resources[0].Message, "configmap/my-map replaced") }) } @@ -2437,7 +2444,7 @@ func TestNamespacedDisableManifestGeneration(t *testing.T) { Refresh(RefreshTypeHard). Then(). And(func(app *Application) { - assert.Equal(t, ApplicationSourceTypeKustomize, app.Status.SourceType) + assert.Equal(t, app.Status.SourceType, ApplicationSourceTypeKustomize) }). When(). And(func() { @@ -2452,7 +2459,7 @@ func TestNamespacedDisableManifestGeneration(t *testing.T) { time.Sleep(1 * time.Second) }). And(func(app *Application) { - assert.Equal(t, ApplicationSourceTypeDirectory, app.Status.SourceType) + assert.Equal(t, app.Status.SourceType, ApplicationSourceTypeDirectory) }) } diff --git a/test/e2e/app_management_test.go b/test/e2e/app_management_test.go index c34ed635e71bd..257e8a27ecbd0 100644 --- a/test/e2e/app_management_test.go +++ b/test/e2e/app_management_test.go @@ -25,7 +25,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/common" applicationpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" @@ -100,7 +100,7 @@ func TestGetLogsDenySwitchOn(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { _, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "permission denied") }) } @@ -151,19 +151,20 @@ func TestGetLogsAllowSwitchOn(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Pod") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Service") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) + } func TestGetLogsAllowSwitchOff(t *testing.T) { @@ -207,17 +208,17 @@ func TestGetLogsAllowSwitchOff(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Pod") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Service") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) } @@ -401,7 +402,7 @@ func TestAppCreation(t *testing.T) { And(func(_ *Application) { // app should be listed output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, Name()) }). When(). @@ -446,7 +447,7 @@ func TestAppCreationWithoutForceUpdate(t *testing.T) { And(func(_ *Application) { // app should be listed output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, Name()) }). When(). @@ -456,45 +457,6 @@ func TestAppCreationWithoutForceUpdate(t *testing.T) { Expect(Error("", "existing application spec is different, use upsert flag to force update")) } -// Test designed to cover #15126. -// The issue occurs in the controller, when a valuesObject field that contains non-strings (eg, a nested map) gets -// merged/patched. -// Note: Failure is observed by the test timing out, because the controller cannot 'merge' the patch. -func TestPatchValuesObject(t *testing.T) { - Given(t). - Timeout(30). - Path("helm"). - When(). - // app should be auto-synced once created - CreateFromFile(func(app *Application) { - app.Spec.Source.Helm = &ApplicationSourceHelm{ - ValuesObject: &runtime.RawExtension{ - // Setup by using nested YAML objects, which is what causes the patch error: - // "unable to find api field in struct RawExtension for the json field "some"" - Raw: []byte(`{"some": {"foo": "bar"}}`), - }, - } - }). - Then(). - When(). - PatchApp(`[{ - "op": "add", - "path": "/spec/source/helm/valuesObject", - "value": {"some":{"foo":"bar","new":"field"}} - }]`). - Refresh(RefreshTypeNormal). - Sync(). - Then(). - Expect(Success("")). - Expect(OperationPhaseIs(OperationSucceeded)). - Expect(SyncStatusIs(SyncStatusCodeSynced)). - Expect(NoConditions()). - And(func(app *Application) { - // Check that the patch was a success. - assert.Equal(t, `{"some":{"foo":"bar","new":"field"}}`, string(app.Spec.Source.Helm.ValuesObject.Raw)) - }) -} - func TestDeleteAppResource(t *testing.T) { ctx := Given(t) @@ -508,7 +470,7 @@ func TestDeleteAppResource(t *testing.T) { And(func(_ *Application) { // app should be listed if _, err := RunCli("app", "delete-resource", Name(), "--kind", "Service", "--resource-name", "guestbook-ui"); err != nil { - require.NoError(t, err) + assert.NoError(t, err) } }). Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). @@ -530,6 +492,7 @@ func TestPatchHttp(t *testing.T) { assert.Equal(t, "patch", app.Labels["test"]) assert.Equal(t, "patch", app.Annotations["test"]) }) + } // demonstrate that we cannot use a standard sync when an immutable field is changed, we must use "force" @@ -602,7 +565,7 @@ func TestAppDeletion(t *testing.T) { Expect(Event(EventReasonResourceDeleted, "delete")) output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, output, Name()) } @@ -682,15 +645,16 @@ func TestAppRollbackSuccessful(t *testing.T) { // sync app and make sure it reaches InSync state _, err = RunCli("app", "rollback", app.Name, "1") require.NoError(t, err) + }). Expect(Event(EventReasonOperationStarted, "rollback")). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { assert.Equal(t, SyncStatusCodeSynced, app.Status.Sync.Status) require.NotNil(t, app.Status.OperationState.SyncResult) - assert.Len(t, app.Status.OperationState.SyncResult.Resources, 2) + assert.Equal(t, 2, len(app.Status.OperationState.SyncResult.Resources)) assert.Equal(t, OperationSucceeded, app.Status.OperationState.Phase) - assert.Len(t, app.Status.History, 3) + assert.Equal(t, 3, len(app.Status.History)) }) } @@ -726,9 +690,9 @@ func TestManipulateApplicationResources(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { manifests, err := RunCli("app", "manifests", app.Name, "--source", "live") - require.NoError(t, err) + assert.NoError(t, err) resources, err := kube.SplitYAML([]byte(manifests)) - require.NoError(t, err) + assert.NoError(t, err) index := -1 for i := range resources { @@ -737,37 +701,37 @@ func TestManipulateApplicationResources(t *testing.T) { break } } - assert.Greater(t, index, -1) + assert.True(t, index > -1) deployment := resources[index] closer, client, err := ArgoCDClientset.NewApplicationClient() - require.NoError(t, err) + assert.NoError(t, err) defer io.Close(closer) _, err = client.DeleteResource(context.Background(), &applicationpkg.ApplicationResourceDeleteRequest{ Name: &app.Name, - Group: ptr.To(deployment.GroupVersionKind().Group), - Kind: ptr.To(deployment.GroupVersionKind().Kind), - Version: ptr.To(deployment.GroupVersionKind().Version), - Namespace: ptr.To(deployment.GetNamespace()), - ResourceName: ptr.To(deployment.GetName()), + Group: pointer.String(deployment.GroupVersionKind().Group), + Kind: pointer.String(deployment.GroupVersionKind().Kind), + Version: pointer.String(deployment.GroupVersionKind().Version), + Namespace: pointer.String(deployment.GetNamespace()), + ResourceName: pointer.String(deployment.GetName()), }) - require.NoError(t, err) + assert.NoError(t, err) }). Expect(SyncStatusIs(SyncStatusCodeOutOfSync)) } func assetSecretDataHidden(t *testing.T, manifest string) { secret, err := UnmarshalToUnstructured(manifest) - require.NoError(t, err) + assert.NoError(t, err) _, hasStringData, err := unstructured.NestedMap(secret.Object, "stringData") - require.NoError(t, err) + assert.NoError(t, err) assert.False(t, hasStringData) secretData, hasData, err := unstructured.NestedMap(secret.Object, "data") - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, hasData) for _, v := range secretData { assert.Regexp(t, regexp.MustCompile(`[*]*`), v) @@ -784,7 +748,7 @@ func assetSecretDataHidden(t *testing.T, manifest string) { func TestAppWithSecrets(t *testing.T) { closer, client, err := ArgoCDClientset.NewApplicationClient() - require.NoError(t, err) + assert.NoError(t, err) defer io.Close(closer) Given(t). @@ -797,11 +761,11 @@ func TestAppWithSecrets(t *testing.T) { And(func(app *Application) { res := FailOnErr(client.GetResource(context.Background(), &applicationpkg.ApplicationResourceRequest{ Namespace: &app.Spec.Destination.Namespace, - Kind: ptr.To(kube.SecretKind), - Group: ptr.To(""), + Kind: pointer.String(kube.SecretKind), + Group: pointer.String(""), Name: &app.Name, - Version: ptr.To("v1"), - ResourceName: ptr.To("test-secret"), + Version: pointer.String("v1"), + ResourceName: pointer.String("test-secret"), })).(*applicationpkg.ApplicationResourceResponse) assetSecretDataHidden(t, res.GetManifest()) @@ -837,7 +801,7 @@ func TestAppWithSecrets(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). And(func(app *Application) { diffOutput, err := RunCli("app", "diff", app.Name) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, diffOutput, "username: ++++++++") assert.Contains(t, diffOutput, "password: ++++++++++++") @@ -888,7 +852,7 @@ func TestResourceDiffing(t *testing.T) { // Patch deployment _, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Patch(context.Background(), "guestbook-ui", types.JSONPatchType, []byte(`[{ "op": "replace", "path": "/spec/template/spec/containers/0/image", "value": "test" }]`), metav1.PatchOptions{}) - require.NoError(t, err) + assert.NoError(t, err) }). When(). Refresh(RefreshTypeNormal). @@ -896,7 +860,7 @@ func TestResourceDiffing(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeOutOfSync)). And(func(app *Application) { diffOutput, err := RunCli("app", "diff", app.Name, "--local", "testdata", "--server-side-generate") - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, diffOutput, fmt.Sprintf("===== apps/Deployment %s/guestbook-ui ======", DeploymentNamespace())) }). Given(). @@ -909,7 +873,7 @@ func TestResourceDiffing(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { diffOutput, err := RunCli("app", "diff", app.Name, "--local", "testdata", "--server-side-generate") - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, diffOutput) }). Given(). @@ -927,7 +891,7 @@ func TestResourceDiffing(t *testing.T) { Sync(). And(func() { output, err := RunWithStdin(testdata.SSARevisionHistoryDeployment, "", "kubectl", "apply", "-n", DeploymentNamespace(), "--server-side=true", "--field-manager=revision-history-manager", "--validate=false", "--force-conflicts", "-f", "-") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "serverside-applied") }). Refresh(RefreshTypeNormal). @@ -954,12 +918,12 @@ func TestResourceDiffing(t *testing.T) { }]`). And(func() { deployment, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, int32(3), *deployment.Spec.RevisionHistoryLimit) }). And(func() { output, err := RunWithStdin(testdata.SSARevisionHistoryDeployment, "", "kubectl", "apply", "-n", DeploymentNamespace(), "--server-side=true", "--field-manager=revision-history-manager", "--validate=false", "--force-conflicts", "-f", "-") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "serverside-applied") }). Then(). @@ -968,13 +932,13 @@ func TestResourceDiffing(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { deployment, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, int32(1), *deployment.Spec.RevisionHistoryLimit) }). When().Sync().Then().Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { deployment, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, int32(1), *deployment.Spec.RevisionHistoryLimit) }) } @@ -1039,7 +1003,7 @@ func testEdgeCasesApplicationResources(t *testing.T, appPath string, statusCode And(func(app *Application) { diffOutput, err := RunCli("app", "diff", app.Name, "--local", "testdata", "--server-side-generate") assert.Empty(t, diffOutput) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -1059,34 +1023,34 @@ func TestOldStyleResourceAction(t *testing.T) { Sync(). Then(). And(func(app *Application) { + closer, client, err := ArgoCDClientset.NewApplicationClient() - require.NoError(t, err) + assert.NoError(t, err) defer io.Close(closer) actions, err := client.ListResourceActions(context.Background(), &applicationpkg.ApplicationResourceRequest{ Name: &app.Name, - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), - Version: ptr.To("v1"), - Namespace: ptr.To(DeploymentNamespace()), - ResourceName: ptr.To("guestbook-ui"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("guestbook-ui"), }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions) - _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{ - Name: &app.Name, - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), - Version: ptr.To("v1"), - Namespace: ptr.To(DeploymentNamespace()), - ResourceName: ptr.To("guestbook-ui"), - Action: ptr.To("sample"), + _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{Name: &app.Name, + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("guestbook-ui"), + Action: pointer.String("sample"), }) - require.NoError(t, err) + assert.NoError(t, err) deployment, err := KubeClientset.AppsV1().Deployments(DeploymentNamespace()).Get(context.Background(), "guestbook-ui", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "test", deployment.Labels["sample"]) }) @@ -1158,41 +1122,40 @@ func TestNewStyleResourceActionPermitted(t *testing.T) { NamespaceResourceWhitelist: []metav1.GroupKind{ {Group: "batch", Kind: "Job"}, {Group: "batch", Kind: "CronJob"}, - }, - }). + }}). When(). CreateApp(). Sync(). Then(). And(func(app *Application) { + closer, client, err := ArgoCDClientset.NewApplicationClient() - require.NoError(t, err) + assert.NoError(t, err) defer io.Close(closer) actions, err := client.ListResourceActions(context.Background(), &applicationpkg.ApplicationResourceRequest{ Name: &app.Name, - Group: ptr.To("batch"), - Kind: ptr.To("CronJob"), - Version: ptr.To("v1"), - Namespace: ptr.To(DeploymentNamespace()), - ResourceName: ptr.To("hello"), + Group: pointer.String("batch"), + Kind: pointer.String("CronJob"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("hello"), }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions) - _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{ - Name: &app.Name, - Group: ptr.To("batch"), - Kind: ptr.To("CronJob"), - Version: ptr.To("v1"), - Namespace: ptr.To(DeploymentNamespace()), - ResourceName: ptr.To("hello"), - Action: ptr.To("sample"), + _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{Name: &app.Name, + Group: pointer.String("batch"), + Kind: pointer.String("CronJob"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("hello"), + Action: pointer.String("sample"), }) - require.NoError(t, err) + assert.NoError(t, err) _, err = KubeClientset.BatchV1().Jobs(DeploymentNamespace()).Get(context.Background(), "hello-123", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -1269,46 +1232,45 @@ func TestNewStyleResourceActionMixedOk(t *testing.T) { NamespaceResourceWhitelist: []metav1.GroupKind{ {Group: "batch", Kind: "Job"}, {Group: "batch", Kind: "CronJob"}, - }, - }). + }}). When(). CreateApp(). Sync(). Then(). And(func(app *Application) { + closer, client, err := ArgoCDClientset.NewApplicationClient() - require.NoError(t, err) + assert.NoError(t, err) defer io.Close(closer) actions, err := client.ListResourceActions(context.Background(), &applicationpkg.ApplicationResourceRequest{ Name: &app.Name, - Group: ptr.To("batch"), - Kind: ptr.To("CronJob"), - Version: ptr.To("v1"), - Namespace: ptr.To(DeploymentNamespace()), - ResourceName: ptr.To("hello"), + Group: pointer.String("batch"), + Kind: pointer.String("CronJob"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("hello"), }) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, []*ResourceAction{{Name: "sample", Disabled: false}}, actions.Actions) - _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{ - Name: &app.Name, - Group: ptr.To("batch"), - Kind: ptr.To("CronJob"), - Version: ptr.To("v1"), - Namespace: ptr.To(DeploymentNamespace()), - ResourceName: ptr.To("hello"), - Action: ptr.To("sample"), + _, err = client.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{Name: &app.Name, + Group: pointer.String("batch"), + Kind: pointer.String("CronJob"), + Version: pointer.String("v1"), + Namespace: pointer.String(DeploymentNamespace()), + ResourceName: pointer.String("hello"), + Action: pointer.String("sample"), }) - require.NoError(t, err) + assert.NoError(t, err) // Assert new Job was created _, err = KubeClientset.BatchV1().Jobs(DeploymentNamespace()).Get(context.Background(), "hello-123", metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) // Assert the original CronJob was patched cronJob, err := KubeClientset.BatchV1().CronJobs(DeploymentNamespace()).Get(context.Background(), "hello", metav1.GetOptions{}) assert.Equal(t, "aValue", cronJob.Labels["aKey"]) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -1325,7 +1287,7 @@ func TestSyncResourceByLabel(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { _, err := RunCli("app", "sync", app.Name, "--label", "this-label=does-not-exist") - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "level=fatal") }) } @@ -1343,7 +1305,7 @@ func TestSyncResourceByProject(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { _, err := RunCli("app", "sync", app.Name, "--project", "this-project-does-not-exist") - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "level=fatal") }) } @@ -1405,10 +1367,10 @@ func TestNoLocalSyncWithAutosyncEnabled(t *testing.T) { Then(). And(func(app *Application) { _, err := RunCli("app", "set", app.Name, "--sync-policy", "automated") - require.NoError(t, err) + assert.NoError(t, err) _, err = RunCli("app", "sync", app.Name, "--local", guestbookPathLocal) - require.Error(t, err) + assert.Error(t, err) }) } @@ -1421,11 +1383,11 @@ func TestLocalSyncDryRunWithAutosyncEnabled(t *testing.T) { Then(). And(func(app *Application) { _, err := RunCli("app", "set", app.Name, "--sync-policy", "automated") - require.NoError(t, err) + assert.NoError(t, err) appBefore := app.DeepCopy() _, err = RunCli("app", "sync", app.Name, "--dry-run", "--local-repo-root", ".", "--local", guestbookPathLocal) - require.NoError(t, err) + assert.NoError(t, err) appAfter := app.DeepCopy() assert.True(t, reflect.DeepEqual(appBefore, appAfter)) @@ -1449,10 +1411,11 @@ func TestSyncAsync(t *testing.T) { func assertResourceActions(t *testing.T, appName string, successful bool) { assertError := func(err error, message string) { if successful { - require.NoError(t, err) + assert.NoError(t, err) } else { - require.Error(t, err) - assert.Contains(t, err.Error(), message) + if assert.Error(t, err) { + assert.Contains(t, err.Error(), message) + } } } @@ -1463,14 +1426,14 @@ func assertResourceActions(t *testing.T, appName string, successful bool) { require.NoError(t, err) logs, err := cdClient.PodLogs(context.Background(), &applicationpkg.ApplicationPodLogsQuery{ - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), Name: &appName, - Namespace: ptr.To(DeploymentNamespace()), - Container: ptr.To(""), - SinceSeconds: ptr.To(int64(0)), - TailLines: ptr.To(int64(0)), - Follow: ptr.To(false), + Namespace: pointer.String(DeploymentNamespace()), + Container: pointer.String(""), + SinceSeconds: pointer.Int64(0), + TailLines: pointer.Int64(0), + Follow: pointer.Bool(false), }) require.NoError(t, err) _, err = logs.Recv() @@ -1480,40 +1443,40 @@ func assertResourceActions(t *testing.T, appName string, successful bool) { _, err = cdClient.ListResourceEvents(context.Background(), &applicationpkg.ApplicationResourceEventsQuery{ Name: &appName, - ResourceName: ptr.To("guestbook-ui"), - ResourceNamespace: ptr.To(DeploymentNamespace()), - ResourceUID: ptr.To(string(deploymentResource.UID)), + ResourceName: pointer.String("guestbook-ui"), + ResourceNamespace: pointer.String(DeploymentNamespace()), + ResourceUID: pointer.String(string(deploymentResource.UID)), }) assertError(err, fmt.Sprintf("%s not found as part of application %s", "guestbook-ui", appName)) _, err = cdClient.GetResource(context.Background(), &applicationpkg.ApplicationResourceRequest{ Name: &appName, - ResourceName: ptr.To("guestbook-ui"), - Namespace: ptr.To(DeploymentNamespace()), - Version: ptr.To("v1"), - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), + ResourceName: pointer.String("guestbook-ui"), + Namespace: pointer.String(DeploymentNamespace()), + Version: pointer.String("v1"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), }) assertError(err, expectedError) _, err = cdClient.RunResourceAction(context.Background(), &applicationpkg.ResourceActionRunRequest{ Name: &appName, - ResourceName: ptr.To("guestbook-ui"), - Namespace: ptr.To(DeploymentNamespace()), - Version: ptr.To("v1"), - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), - Action: ptr.To("restart"), + ResourceName: pointer.String("guestbook-ui"), + Namespace: pointer.String(DeploymentNamespace()), + Version: pointer.String("v1"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), + Action: pointer.String("restart"), }) assertError(err, expectedError) _, err = cdClient.DeleteResource(context.Background(), &applicationpkg.ApplicationResourceDeleteRequest{ Name: &appName, - ResourceName: ptr.To("guestbook-ui"), - Namespace: ptr.To(DeploymentNamespace()), - Version: ptr.To("v1"), - Group: ptr.To("apps"), - Kind: ptr.To("Deployment"), + ResourceName: pointer.String("guestbook-ui"), + Namespace: pointer.String(DeploymentNamespace()), + Version: pointer.String("v1"), + Group: pointer.String("apps"), + Kind: pointer.String("Deployment"), }) assertError(err, expectedError) } @@ -1574,8 +1537,8 @@ func TestPermissions(t *testing.T) { fmt.Printf("APP NAME: %s\n", appName) tree, err := cdClient.ResourceTree(context.Background(), &applicationpkg.ResourcesQuery{ApplicationName: &appName, AppNamespace: &appNs}) require.NoError(t, err) - assert.Empty(t, tree.Nodes) - assert.Empty(t, tree.OrphanedNodes) + assert.Len(t, tree.Nodes, 0) + assert.Len(t, tree.OrphanedNodes, 0) }). When(). // add missing permissions but deny management of Deployment kind @@ -1738,6 +1701,7 @@ func TestSyncOptionPruneFalse(t *testing.T) { // make sure that if we have an invalid manifest, we can add it if we disable validation, we get a server error rather than a client error func TestSyncOptionValidateFalse(t *testing.T) { + Given(t). Path("crd-validation"). When(). @@ -1826,6 +1790,7 @@ func TestSourceNamespaceCanBeMigratedToManagedNamespaceWithoutBeingPrunedOrOutOf } func TestSelfManagedApps(t *testing.T) { + Given(t). Path("self-managed-app"). When(). @@ -1852,7 +1817,7 @@ func TestSelfManagedApps(t *testing.T) { lastReconciledAt = reconciledAt } - assert.Less(t, reconciledCount, 3, "Application was reconciled too many times") + assert.True(t, reconciledCount < 3, "Application was reconciled too many times") }) } @@ -1900,7 +1865,7 @@ func TestOrphanedResource(t *testing.T) { ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true)}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true)}, }). Path(guestbookPath). When(). @@ -1922,14 +1887,14 @@ func TestOrphanedResource(t *testing.T) { Expect(Condition(ApplicationConditionOrphanedResourceWarning, "Application has 1 orphaned resources")). And(func(app *Application) { output, err := RunCli("app", "resources", app.Name) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "orphaned-configmap") }). Given(). ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true), Ignore: []OrphanedResourceKey{{Group: "Test", Kind: "ConfigMap"}}}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true), Ignore: []OrphanedResourceKey{{Group: "Test", Kind: "ConfigMap"}}}, }). When(). Refresh(RefreshTypeNormal). @@ -1937,14 +1902,14 @@ func TestOrphanedResource(t *testing.T) { Expect(Condition(ApplicationConditionOrphanedResourceWarning, "Application has 1 orphaned resources")). And(func(app *Application) { output, err := RunCli("app", "resources", app.Name) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "orphaned-configmap") }). Given(). ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true), Ignore: []OrphanedResourceKey{{Kind: "ConfigMap"}}}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true), Ignore: []OrphanedResourceKey{{Kind: "ConfigMap"}}}, }). When(). Refresh(RefreshTypeNormal). @@ -1953,14 +1918,14 @@ func TestOrphanedResource(t *testing.T) { Expect(NoConditions()). And(func(app *Application) { output, err := RunCli("app", "resources", app.Name) - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, output, "orphaned-configmap") }). Given(). ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true), Ignore: []OrphanedResourceKey{{Kind: "ConfigMap", Name: "orphaned-configmap"}}}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true), Ignore: []OrphanedResourceKey{{Kind: "ConfigMap", Name: "orphaned-configmap"}}}, }). When(). Refresh(RefreshTypeNormal). @@ -1969,7 +1934,7 @@ func TestOrphanedResource(t *testing.T) { Expect(NoConditions()). And(func(app *Application) { output, err := RunCli("app", "resources", app.Name) - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, output, "orphaned-configmap") }). Given(). @@ -2043,8 +2008,7 @@ func TestNotPermittedResources(t *testing.T) { Destinations: []ApplicationDestination{{Namespace: DeploymentNamespace(), Server: "*"}}, NamespaceResourceBlacklist: []metav1.GroupKind{ {Group: "", Kind: "Service"}, - }, - }). + }}). And(func() { FailOnErr(KubeClientset.NetworkingV1().Ingresses(TestNamespace()).Create(context.Background(), ingress, metav1.CreateOptions{})) FailOnErr(KubeClientset.CoreV1().Services(DeploymentNamespace()).Create(context.Background(), svc, metav1.CreateOptions{})) @@ -2062,9 +2026,9 @@ func TestNotPermittedResources(t *testing.T) { _, hasIngress := statusByKind[kube.IngressKind] assert.False(t, hasIngress, "Ingress is prohibited not managed object and should be even visible to user") serviceStatus := statusByKind[kube.ServiceKind] - assert.Equal(t, SyncStatusCodeUnknown, serviceStatus.Status, "Service is prohibited managed resource so should be set to Unknown") + assert.Equal(t, serviceStatus.Status, SyncStatusCodeUnknown, "Service is prohibited managed resource so should be set to Unknown") deploymentStatus := statusByKind[kube.DeploymentKind] - assert.Equal(t, SyncStatusCodeOutOfSync, deploymentStatus.Status) + assert.Equal(t, deploymentStatus.Status, SyncStatusCodeOutOfSync) }). When(). Delete(true). @@ -2090,7 +2054,7 @@ func TestSyncWithInfos(t *testing.T) { _, err := RunCli("app", "sync", app.Name, "--info", fmt.Sprintf("%s=%s", expectedInfo[0].Name, expectedInfo[0].Value), "--info", fmt.Sprintf("%s=%s", expectedInfo[1].Name, expectedInfo[1].Value)) - require.NoError(t, err) + assert.NoError(t, err) }). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { @@ -2112,8 +2076,8 @@ func TestCreateAppWithNoNameSpaceForGlobalResource(t *testing.T) { And(func(app *Application) { time.Sleep(500 * time.Millisecond) app, err := AppClientset.ArgoprojV1alpha1().Applications(TestNamespace()).Get(context.Background(), app.Name, metav1.GetOptions{}) - require.NoError(t, err) - assert.Empty(t, app.Status.Conditions) + assert.NoError(t, err) + assert.Len(t, app.Status.Conditions, 0) }) } @@ -2135,8 +2099,8 @@ func TestCreateAppWithNoNameSpaceWhenRequired(t *testing.T) { require.NoError(t, err) assert.Len(t, updatedApp.Status.Conditions, 2) - assert.Equal(t, ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) - assert.Equal(t, ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[1].Type) + assert.Equal(t, updatedApp.Status.Conditions[0].Type, ApplicationConditionInvalidSpecError) + assert.Equal(t, updatedApp.Status.Conditions[1].Type, ApplicationConditionInvalidSpecError) }) } @@ -2159,8 +2123,8 @@ func TestCreateAppWithNoNameSpaceWhenRequired2(t *testing.T) { require.NoError(t, err) assert.Len(t, updatedApp.Status.Conditions, 2) - assert.Equal(t, ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type) - assert.Equal(t, ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[1].Type) + assert.Equal(t, updatedApp.Status.Conditions[0].Type, ApplicationConditionInvalidSpecError) + assert.Equal(t, updatedApp.Status.Conditions[1].Type, ApplicationConditionInvalidSpecError) }) } @@ -2170,7 +2134,7 @@ func TestListResource(t *testing.T) { ProjectSpec(AppProjectSpec{ SourceRepos: []string{"*"}, Destinations: []ApplicationDestination{{Namespace: "*", Server: "*"}}, - OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: ptr.To(true)}, + OrphanedResources: &OrphanedResourcesMonitorSettings{Warn: pointer.Bool(true)}, }). Path(guestbookPath). When(). @@ -2192,19 +2156,19 @@ func TestListResource(t *testing.T) { Expect(Condition(ApplicationConditionOrphanedResourceWarning, "Application has 1 orphaned resources")). And(func(app *Application) { output, err := RunCli("app", "resources", app.Name) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "orphaned-configmap") assert.Contains(t, output, "guestbook-ui") }). And(func(app *Application) { output, err := RunCli("app", "resources", app.Name, "--orphaned=true") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "orphaned-configmap") assert.NotContains(t, output, "guestbook-ui") }). And(func(app *Application) { output, err := RunCli("app", "resources", app.Name, "--orphaned=false") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, output, "orphaned-configmap") assert.Contains(t, output, "guestbook-ui") }). @@ -2235,7 +2199,7 @@ func TestNamespaceAutoCreation(t *testing.T) { defer func() { if !t.Skipped() { _, err := Run("", "kubectl", "delete", "namespace", updatedNamespace) - require.NoError(t, err) + assert.NoError(t, err) } }() Given(t). @@ -2247,7 +2211,7 @@ func TestNamespaceAutoCreation(t *testing.T) { And(func(app *Application) { // Make sure the namespace we are about to update to does not exist _, err := Run("", "kubectl", "get", "namespace", updatedNamespace) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "not found") }). When(). @@ -2266,7 +2230,7 @@ func TestNamespaceAutoCreation(t *testing.T) { And(func(app *Application) { // Verify delete app does not delete the namespace auto created output, err := Run("", "kubectl", "get", "namespace", updatedNamespace) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, updatedNamespace) }) } @@ -2295,14 +2259,16 @@ func TestCreateDisableValidation(t *testing.T) { And(func(app *Application) { _, err := RunCli("app", "create", app.Name, "--upsert", "--validate=false", "--repo", RepoURL(RepoURLTypeFile), "--path", "baddir2", "--project", app.Spec.Project, "--dest-server", KubernetesInternalAPIServerAddr, "--dest-namespace", DeploymentNamespace()) - require.NoError(t, err) + assert.NoError(t, err) }). When(). AppSet("--path", "baddir3", "--validate=false") + } func TestCreateFromPartialFile(t *testing.T) { - partialApp := `metadata: + partialApp := + `metadata: labels: labels.local/from-file: file labels.local/from-args: file @@ -2382,38 +2348,38 @@ definitions: // tests resource actions on a CRD using status subresource And(func(app *Application) { _, err := RunCli("app", "actions", "run", app.Name, "--kind", "StatusSubResource", "update-both") - require.NoError(t, err) + assert.NoError(t, err) text := FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "statussubresources", "status-subresource", "-o", "jsonpath={.spec.foo}")).(string) assert.Equal(t, "update-both", text) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "statussubresources", "status-subresource", "-o", "jsonpath={.status.bar}")).(string) assert.Equal(t, "update-both", text) _, err = RunCli("app", "actions", "run", app.Name, "--kind", "StatusSubResource", "update-spec") - require.NoError(t, err) + assert.NoError(t, err) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "statussubresources", "status-subresource", "-o", "jsonpath={.spec.foo}")).(string) assert.Equal(t, "update-spec", text) _, err = RunCli("app", "actions", "run", app.Name, "--kind", "StatusSubResource", "update-status") - require.NoError(t, err) + assert.NoError(t, err) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "statussubresources", "status-subresource", "-o", "jsonpath={.status.bar}")).(string) assert.Equal(t, "update-status", text) }). // tests resource actions on a CRD *not* using status subresource And(func(app *Application) { _, err := RunCli("app", "actions", "run", app.Name, "--kind", "NonStatusSubResource", "update-both") - require.NoError(t, err) + assert.NoError(t, err) text := FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "nonstatussubresources", "non-status-subresource", "-o", "jsonpath={.spec.foo}")).(string) assert.Equal(t, "update-both", text) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "nonstatussubresources", "non-status-subresource", "-o", "jsonpath={.status.bar}")).(string) assert.Equal(t, "update-both", text) _, err = RunCli("app", "actions", "run", app.Name, "--kind", "NonStatusSubResource", "update-spec") - require.NoError(t, err) + assert.NoError(t, err) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "nonstatussubresources", "non-status-subresource", "-o", "jsonpath={.spec.foo}")).(string) assert.Equal(t, "update-spec", text) _, err = RunCli("app", "actions", "run", app.Name, "--kind", "NonStatusSubResource", "update-status") - require.NoError(t, err) + assert.NoError(t, err) text = FailOnErr(Run(".", "kubectl", "-n", app.Spec.Destination.Namespace, "get", "nonstatussubresources", "non-status-subresource", "-o", "jsonpath={.status.bar}")).(string) assert.Equal(t, "update-status", text) }) @@ -2430,17 +2396,17 @@ func TestAppLogs(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Deployment", "--group", "", "--name", "guestbook-ui") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Pod") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "Hi") }). And(func(app *Application) { out, err := RunCliWithRetry(appLogsRetryCount, "app", "logs", app.Name, "--kind", "Service") - require.NoError(t, err) + assert.NoError(t, err) assert.NotContains(t, out, "Hi") }) } @@ -2483,14 +2449,14 @@ func TestSyncOptionReplace(t *testing.T) { Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Equal(t, "configmap/my-map created", app.Status.OperationState.SyncResult.Resources[0].Message) + assert.Equal(t, app.Status.OperationState.SyncResult.Resources[0].Message, "configmap/my-map created") }). When(). Sync(). Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Equal(t, "configmap/my-map replaced", app.Status.OperationState.SyncResult.Resources[0].Message) + assert.Equal(t, app.Status.OperationState.SyncResult.Resources[0].Message, "configmap/my-map replaced") }) } @@ -2504,14 +2470,14 @@ func TestSyncOptionReplaceFromCLI(t *testing.T) { Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Equal(t, "configmap/my-map created", app.Status.OperationState.SyncResult.Resources[0].Message) + assert.Equal(t, app.Status.OperationState.SyncResult.Resources[0].Message, "configmap/my-map created") }). When(). Sync(). Then(). Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { - assert.Equal(t, "configmap/my-map replaced", app.Status.OperationState.SyncResult.Resources[0].Message) + assert.Equal(t, app.Status.OperationState.SyncResult.Resources[0].Message, "configmap/my-map replaced") }) } @@ -2554,7 +2520,7 @@ func TestDisableManifestGeneration(t *testing.T) { Refresh(RefreshTypeHard). Then(). And(func(app *Application) { - assert.Equal(t, ApplicationSourceTypeKustomize, app.Status.SourceType) + assert.Equal(t, app.Status.SourceType, ApplicationSourceTypeKustomize) }). When(). And(func() { @@ -2568,7 +2534,7 @@ func TestDisableManifestGeneration(t *testing.T) { time.Sleep(1 * time.Second) }). And(func(app *Application) { - assert.Equal(t, ApplicationSourceTypeDirectory, app.Status.SourceType) + assert.Equal(t, app.Status.SourceType, ApplicationSourceTypeDirectory) }) } @@ -2879,4 +2845,46 @@ func TestAnnotationTrackingExtraResources(t *testing.T) { Expect(OperationPhaseIs(OperationSucceeded)). Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(HealthIs(health.HealthStatusHealthy)) + +} + +// Test designed to cover #15126. +// The issue occurs in the controller, when a valuesObject field that contains non-strings (eg, a nested map) gets +// merged/patched. +// Note: Failure is observed by the test timing out, because the controller cannot 'merge' the patch. +func TestPatchValuesObject(t *testing.T) { + + Given(t). + Timeout(30). + Path("helm"). + When(). + // app should be auto-synced once created + CreateFromFile(func(app *Application) { + app.Spec.Source.Helm = &ApplicationSourceHelm{ + ValuesObject: &runtime.RawExtension{ + // Setup by using nested YAML objects, which is what causes the patch error: + // "unable to find api field in struct RawExtension for the json field "some"" + Raw: []byte(`{"some": {"foo": "bar"}}`), + }, + } + }). + Then(). + When(). + PatchApp(`[{ + "op": "add", + "path": "/spec/source/helm/valuesObject", + "value": {"some":{"foo":"bar","new":"field"}} + }]`). + Refresh(RefreshTypeNormal). + Sync(). + Then(). + Expect(Success("")). + Expect(OperationPhaseIs(OperationSucceeded)). + Expect(SyncStatusIs(SyncStatusCodeSynced)). + Expect(NoConditions()). + And(func(app *Application) { + // Check that the patch was a success. + assert.Equal(t, `{"some":{"foo":"bar","new":"field"}}`, string(app.Spec.Source.Helm.ValuesObject.Raw)) + }) + } diff --git a/test/e2e/app_multiple_sources_test.go b/test/e2e/app_multiple_sources_test.go index fd5f2d8d5fb69..4ae4607a66b4a 100644 --- a/test/e2e/app_multiple_sources_test.go +++ b/test/e2e/app_multiple_sources_test.go @@ -5,7 +5,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" @@ -40,7 +39,7 @@ func TestMultiSourceAppCreation(t *testing.T) { And(func(_ *Application) { // app should be listed output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, Name()) }). Expect(Success("")). @@ -95,7 +94,7 @@ func TestMultiSourceAppWithHelmExternalValueFiles(t *testing.T) { And(func(_ *Application) { // app should be listed output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, Name()) }). Expect(Success("")). @@ -143,7 +142,7 @@ func TestMultiSourceAppWithSourceOverride(t *testing.T) { And(func(_ *Application) { // app should be listed output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, Name()) }). Expect(Success("")). @@ -163,7 +162,7 @@ func TestMultiSourceAppWithSourceOverride(t *testing.T) { // check if label was added to the pod to make sure resource was taken from the later source output, err := Run("", "kubectl", "describe", "pods", "pod-1", "-n", DeploymentNamespace()) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "foo=bar") }) } diff --git a/test/e2e/app_namespaces_test.go b/test/e2e/app_namespaces_test.go index 20e878a4685f1..033c34e9a70d3 100644 --- a/test/e2e/app_namespaces_test.go +++ b/test/e2e/app_namespaces_test.go @@ -6,7 +6,6 @@ import ( . "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -38,7 +37,7 @@ func TestAppCreationInOtherNamespace(t *testing.T) { And(func(_ *Application) { // app should be listed output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, ctx.AppName()) }). When(). diff --git a/test/e2e/applicationset_test.go b/test/e2e/applicationset_test.go index ebdbac8673f38..23aa8578c907e 100644 --- a/test/e2e/applicationset_test.go +++ b/test/e2e/applicationset_test.go @@ -15,14 +15,11 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "github.com/argoproj/pkg/rand" - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" argov1alpha1 "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets/utils" @@ -31,29 +28,32 @@ import ( "github.com/argoproj/argo-cd/v2/pkg/apis/application" ) -var ExpectedConditions = []v1alpha1.ApplicationSetCondition{ - { - Type: v1alpha1.ApplicationSetConditionErrorOccurred, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: "Successfully generated parameters for all Applications", - Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, - }, - { - Type: v1alpha1.ApplicationSetConditionParametersGenerated, - Status: v1alpha1.ApplicationSetConditionStatusTrue, - Message: "Successfully generated parameters for all Applications", - Reason: v1alpha1.ApplicationSetReasonParametersGenerated, - }, - { - Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, - Status: v1alpha1.ApplicationSetConditionStatusTrue, - Message: "ApplicationSet up to date", - Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, - }, -} +var ( + ExpectedConditions = []v1alpha1.ApplicationSetCondition{ + { + Type: v1alpha1.ApplicationSetConditionErrorOccurred, + Status: v1alpha1.ApplicationSetConditionStatusFalse, + Message: "Successfully generated parameters for all Applications", + Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, + }, + { + Type: v1alpha1.ApplicationSetConditionParametersGenerated, + Status: v1alpha1.ApplicationSetConditionStatusTrue, + Message: "Successfully generated parameters for all Applications", + Reason: v1alpha1.ApplicationSetReasonParametersGenerated, + }, + { + Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, + Status: v1alpha1.ApplicationSetConditionStatusTrue, + Message: "ApplicationSet up to date", + Reason: v1alpha1.ApplicationSetReasonApplicationSetUpToDate, + }, + } +) func TestSimpleListGeneratorExternalNamespace(t *testing.T) { - externalNamespace := string(utils.ArgoCDExternalNamespace) + + var externalNamespace = string(utils.ArgoCDExternalNamespace) expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -85,11 +85,10 @@ func TestSimpleListGeneratorExternalNamespace(t *testing.T) { // Create a ListGenerator-based ApplicationSet When(). SwitchToExternalNamespace(utils.ArgoCDExternalNamespace). - CreateNamespace(externalNamespace).Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-list-generator-external", - Namespace: externalNamespace, - }, + CreateNamespace(externalNamespace).Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-list-generator-external", + Namespace: externalNamespace, + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -151,11 +150,13 @@ func TestSimpleListGeneratorExternalNamespace(t *testing.T) { // Delete the ApplicationSet, and verify it deletes the Applications When(). Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) + } func TestSimpleListGeneratorExternalNamespaceNoConflict(t *testing.T) { - externalNamespace := string(utils.ArgoCDExternalNamespace) - externalNamespace2 := string(utils.ArgoCDExternalNamespace2) + + var externalNamespace = string(utils.ArgoCDExternalNamespace) + var externalNamespace2 = string(utils.ArgoCDExternalNamespace2) expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -212,11 +213,10 @@ func TestSimpleListGeneratorExternalNamespaceNoConflict(t *testing.T) { // Create a ListGenerator-based ApplicationSet When(). SwitchToExternalNamespace(utils.ArgoCDExternalNamespace2). - CreateNamespace(externalNamespace2).Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-list-generator-external", - Namespace: externalNamespace2, - }, + CreateNamespace(externalNamespace2).Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-list-generator-external", + Namespace: externalNamespace2, + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -247,11 +247,10 @@ func TestSimpleListGeneratorExternalNamespaceNoConflict(t *testing.T) { }).Then().Expect(ApplicationsExist([]argov1alpha1.Application{expectedAppExternalNamespace2})). When(). SwitchToExternalNamespace(utils.ArgoCDExternalNamespace). - CreateNamespace(externalNamespace).Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-list-generator-external", - Namespace: externalNamespace, - }, + CreateNamespace(externalNamespace).Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-list-generator-external", + Namespace: externalNamespace, + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -340,6 +339,7 @@ func TestSimpleListGeneratorExternalNamespaceNoConflict(t *testing.T) { } func TestSimpleListGenerator(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -368,10 +368,9 @@ func TestSimpleListGenerator(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-list-generator", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-list-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{cluster}}-guestbook"}, @@ -428,9 +427,11 @@ func TestSimpleListGenerator(t *testing.T) { // Delete the ApplicationSet, and verify it deletes the Applications When(). Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) + } func TestSimpleListGeneratorGoTemplate(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -459,10 +460,9 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-list-generator", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-list-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -520,9 +520,11 @@ func TestSimpleListGeneratorGoTemplate(t *testing.T) { // Delete the ApplicationSet, and verify it deletes the Applications When(). Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) + } func TestRenderHelmValuesObject(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -555,10 +557,9 @@ func TestRenderHelmValuesObject(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-values-object", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "test-values-object", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -595,9 +596,11 @@ func TestRenderHelmValuesObject(t *testing.T) { // Delete the ApplicationSet, and verify it deletes the Applications When(). Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{expectedApp})) + } func TestTemplatePatch(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -653,10 +656,9 @@ func TestTemplatePatch(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "patch-template", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "patch-template", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -722,94 +724,11 @@ func TestTemplatePatch(t *testing.T) { // Delete the ApplicationSet, and verify it deletes the Applications When(). Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) -} - -func TestUpdateHelmValuesObject(t *testing.T) { - expectedApp := argov1alpha1.Application{ - TypeMeta: metav1.TypeMeta{ - Kind: application.ApplicationKind, - APIVersion: "argoproj.io/v1alpha1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: "my-cluster-guestbook", - Namespace: fixture.TestNamespace(), - Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, - }, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "helm-guestbook", - Helm: &argov1alpha1.ApplicationSourceHelm{ - ValuesObject: &runtime.RawExtension{ - // This will always be converted as yaml - Raw: []byte(`{"some":{"foo":"bar"}}`), - }, - }, - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "guestbook", - }, - }, - } - Given(t). - // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test-values-object-patch", - }, - Spec: v1alpha1.ApplicationSetSpec{ - GoTemplate: true, - Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook"}, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "helm-guestbook", - Helm: &argov1alpha1.ApplicationSourceHelm{ - ValuesObject: &runtime.RawExtension{ - Raw: []byte(`{"some":{"string":"{{.test}}"}}`), - }, - }, - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "{{.url}}", - Namespace: "guestbook", - }, - }, - }, - Generators: []v1alpha1.ApplicationSetGenerator{ - { - List: &v1alpha1.ListGenerator{ - Elements: []apiextensionsv1.JSON{{ - Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc", "test": "Hello world"}`), - }}, - }, - }, - }, - }, - }).Then(). - Expect(ApplicationSetHasConditions("test-values-object-patch", ExpectedConditions)). - When(). - // Update the app spec with some knew ValuesObject to force a merge - Update(func(as *argov1alpha1.ApplicationSet) { - as.Spec.Template.Spec.Source.Helm.ValuesObject = &runtime.RawExtension{ - Raw: []byte(`{"some":{"foo":"bar"}}`), - } - }). - Then(). - Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). - When(). - // Delete the ApplicationSet, and verify it deletes the Applications - Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{expectedApp})) } func TestSyncPolicyCreateUpdate(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: "Application", @@ -838,10 +757,9 @@ func TestSyncPolicyCreateUpdate(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "sync-policy-create-update", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "sync-policy-create-update", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -916,9 +834,11 @@ func TestSyncPolicyCreateUpdate(t *testing.T) { // Delete the ApplicationSet, and verify it deletes the Applications When(). Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewMetadata})) + } func TestSyncPolicyCreateDelete(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: "Application", @@ -946,10 +866,9 @@ func TestSyncPolicyCreateDelete(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "sync-policy-create-delete", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "sync-policy-create-delete", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -1015,9 +934,11 @@ func TestSyncPolicyCreateDelete(t *testing.T) { // Delete the ApplicationSet When(). Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewNamespace})) + } func TestSyncPolicyCreateOnly(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: "Application", @@ -1045,10 +966,9 @@ func TestSyncPolicyCreateOnly(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "sync-policy-create-only", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "sync-policy-create-only", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -1114,6 +1034,7 @@ func TestSyncPolicyCreateOnly(t *testing.T) { // Delete the ApplicationSet, and verify it deletes the Applications When(). Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{*expectedAppNewNamespace})) + } func TestSimpleGitDirectoryGenerator(t *testing.T) { @@ -1155,10 +1076,9 @@ func TestSimpleGitDirectoryGenerator(t *testing.T) { Given(t). When(). // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-git-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{path.basename}}"}, @@ -1225,460 +1145,8 @@ func TestSimpleGitDirectoryGenerator(t *testing.T) { When(). Delete().Then().Expect(ApplicationsDoNotExist(expectedAppsNewNamespace)) } - -func TestSimpleGitDirectoryGeneratorGoTemplate(t *testing.T) { - generateExpectedApp := func(name string) argov1alpha1.Application { - return argov1alpha1.Application{ - TypeMeta: metav1.TypeMeta{ - Kind: application.ApplicationKind, - APIVersion: "argoproj.io/v1alpha1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: fixture.TestNamespace(), - Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, - }, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: name, - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: name, - }, - }, - } - } - - expectedApps := []argov1alpha1.Application{ - generateExpectedApp("kustomize-guestbook"), - generateExpectedApp("helm-guestbook"), - generateExpectedApp("ksonnet-guestbook"), - } - - var expectedAppsNewNamespace []argov1alpha1.Application - var expectedAppsNewMetadata []argov1alpha1.Application - - Given(t). - When(). - // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, - Spec: v1alpha1.ApplicationSetSpec{ - GoTemplate: true, - Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.path.basename}}"}, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "{{.path.path}}", - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "{{.path.basename}}", - }, - }, - }, - Generators: []v1alpha1.ApplicationSetGenerator{ - { - Git: &v1alpha1.GitGenerator{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - Directories: []v1alpha1.GitDirectoryGeneratorItem{ - { - Path: "*guestbook*", - }, - }, - }, - }, - }, - }, - }).Then().Expect(ApplicationsExist(expectedApps)). - - // Update the ApplicationSet template namespace, and verify it updates the Applications - When(). - And(func() { - for _, expectedApp := range expectedApps { - newExpectedApp := expectedApp.DeepCopy() - newExpectedApp.Spec.Destination.Namespace = "guestbook2" - expectedAppsNewNamespace = append(expectedAppsNewNamespace, *newExpectedApp) - } - }). - Update(func(appset *v1alpha1.ApplicationSet) { - appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" - }).Then().Expect(ApplicationsExist(expectedAppsNewNamespace)). - - // Update the metadata fields in the appset template, and make sure it propagates to the apps - When(). - And(func() { - for _, expectedApp := range expectedAppsNewNamespace { - expectedAppNewMetadata := expectedApp.DeepCopy() - expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} - expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) - } - }). - Update(func(appset *v1alpha1.ApplicationSet) { - appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} - appset.Spec.Template.Labels = map[string]string{"label-key": "label-value"} - }).Then().Expect(ApplicationsExist(expectedAppsNewMetadata)). - - // verify the ApplicationSet status conditions were set correctly - Expect(ApplicationSetHasConditions("simple-git-generator", ExpectedConditions)). - - // Delete the ApplicationSet, and verify it deletes the Applications - When(). - Delete().Then().Expect(ApplicationsDoNotExist(expectedAppsNewNamespace)) -} - -func TestSimpleGitDirectoryGeneratorGPGEnabledUnsignedCommits(t *testing.T) { - fixture.SkipOnEnv(t, "GPG") - expectedErrorMessage := `error generating params from git: error getting directories from repo: error retrieving Git Directories: rpc error: code = Unknown desc = permission denied` - expectedConditionsParamsError := []v1alpha1.ApplicationSetCondition{ - { - Type: v1alpha1.ApplicationSetConditionErrorOccurred, - Status: v1alpha1.ApplicationSetConditionStatusTrue, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - { - Type: v1alpha1.ApplicationSetConditionParametersGenerated, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonErrorOccurred, - }, - { - Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - } - generateExpectedApp := func(name string) argov1alpha1.Application { - return argov1alpha1.Application{ - TypeMeta: metav1.TypeMeta{ - Kind: application.ApplicationKind, - APIVersion: "argoproj.io/v1alpha1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: fixture.TestNamespace(), - Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, - }, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: name, - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: name, - }, - }, - } - } - - expectedApps := []argov1alpha1.Application{ - generateExpectedApp("guestbook"), - } - project := "gpg" - - fixture.EnsureCleanState(t) - Given(t). - Project(project). - When(). - // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{path.basename}}"}, - Spec: argov1alpha1.ApplicationSpec{ - Project: project, - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "{{path}}", - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "{{path.basename}}", - }, - }, - }, - Generators: []v1alpha1.ApplicationSetGenerator{ - { - Git: &v1alpha1.GitGenerator{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - Directories: []v1alpha1.GitDirectoryGeneratorItem{ - { - Path: guestbookPath, - }, - }, - }, - }, - }, - }, - }). - Then().Expect(ApplicationsDoNotExist(expectedApps)). - // verify the ApplicationSet error status conditions were set correctly - Expect(ApplicationSetHasConditions("simple-git-generator", expectedConditionsParamsError)). - When(). - Delete().Then().Expect(ApplicationsDoNotExist(expectedApps)) -} - -func TestSimpleGitDirectoryGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) { - fixture.SkipOnEnv(t, "GPG") - expectedErrorMessage := `error generating params from git: error getting directories from repo: error retrieving Git Directories: rpc error: code = Unknown desc = permission denied` - expectedConditionsParamsError := []v1alpha1.ApplicationSetCondition{ - { - Type: v1alpha1.ApplicationSetConditionErrorOccurred, - Status: v1alpha1.ApplicationSetConditionStatusTrue, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - { - Type: v1alpha1.ApplicationSetConditionParametersGenerated, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonErrorOccurred, - }, - { - Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - } - generateExpectedApp := func(name string) argov1alpha1.Application { - return argov1alpha1.Application{ - TypeMeta: metav1.TypeMeta{ - Kind: application.ApplicationKind, - APIVersion: "argoproj.io/v1alpha1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: fixture.TestNamespace(), - Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, - }, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: name, - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: name, - }, - }, - } - } - - expectedApps := []argov1alpha1.Application{ - generateExpectedApp("guestbook"), - } - - project := "gpg" - - str, _ := rand.RandString(1) - - Given(t). - Project(project). - Path(guestbookPath). - When(). - AddSignedFile("test.yaml", str).IgnoreErrors(). - IgnoreErrors(). - // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{path.basename}}"}, - Spec: argov1alpha1.ApplicationSpec{ - Project: project, - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "{{path}}", - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "{{path.basename}}", - }, - // Automatically create resources - SyncPolicy: &argov1alpha1.SyncPolicy{ - Automated: &argov1alpha1.SyncPolicyAutomated{}, - }, - }, - }, - Generators: []v1alpha1.ApplicationSetGenerator{ - { - Git: &v1alpha1.GitGenerator{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - Directories: []v1alpha1.GitDirectoryGeneratorItem{ - { - Path: guestbookPath, - }, - }, - }, - }, - }, - }, - }).Then(). - // verify the ApplicationSet error status conditions were set correctly - Expect(ApplicationSetHasConditions("simple-git-generator", expectedConditionsParamsError)). - Expect(ApplicationsDoNotExist(expectedApps)). - When(). - Delete().Then().Expect(ApplicationsDoNotExist(expectedApps)) -} - -func TestSimpleGitFilesGenerator(t *testing.T) { - generateExpectedApp := func(name string) argov1alpha1.Application { - return argov1alpha1.Application{ - TypeMeta: metav1.TypeMeta{ - Kind: application.ApplicationKind, - APIVersion: "argoproj.io/v1alpha1", - }, - ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: fixture.TestNamespace(), - Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, - }, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "guestbook", - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "guestbook", - }, - }, - } - } - - expectedApps := []argov1alpha1.Application{ - generateExpectedApp("engineering-dev-guestbook"), - generateExpectedApp("engineering-prod-guestbook"), - } - - var expectedAppsNewNamespace []argov1alpha1.Application - var expectedAppsNewMetadata []argov1alpha1.Application - - Given(t). - When(). - // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, - Spec: v1alpha1.ApplicationSetSpec{ - Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{cluster.name}}-guestbook"}, - Spec: argov1alpha1.ApplicationSpec{ - Project: "default", - Source: &argov1alpha1.ApplicationSource{ - RepoURL: "https://github.com/argoproj/argocd-example-apps.git", - TargetRevision: "HEAD", - Path: "guestbook", - }, - Destination: argov1alpha1.ApplicationDestination{ - Server: "https://kubernetes.default.svc", - Namespace: "guestbook", - }, - }, - }, - Generators: []v1alpha1.ApplicationSetGenerator{ - { - Git: &v1alpha1.GitGenerator{ - RepoURL: "https://github.com/argoproj/applicationset.git", - Files: []v1alpha1.GitFileGeneratorItem{ - { - Path: "examples/git-generator-files-discovery/cluster-config/**/config.json", - }, - }, - }, - }, - }, - }, - }).Then().Expect(ApplicationsExist(expectedApps)). - - // Update the ApplicationSet template namespace, and verify it updates the Applications - When(). - And(func() { - for _, expectedApp := range expectedApps { - newExpectedApp := expectedApp.DeepCopy() - newExpectedApp.Spec.Destination.Namespace = "guestbook2" - expectedAppsNewNamespace = append(expectedAppsNewNamespace, *newExpectedApp) - } - }). - Update(func(appset *v1alpha1.ApplicationSet) { - appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" - }).Then().Expect(ApplicationsExist(expectedAppsNewNamespace)). - - // Update the metadata fields in the appset template, and make sure it propagates to the apps - When(). - And(func() { - for _, expectedApp := range expectedAppsNewNamespace { - expectedAppNewMetadata := expectedApp.DeepCopy() - expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} - expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} - expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) - } - }). - Update(func(appset *v1alpha1.ApplicationSet) { - appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} - appset.Spec.Template.Labels = map[string]string{"label-key": "label-value"} - }).Then().Expect(ApplicationsExist(expectedAppsNewMetadata)). - - // verify the ApplicationSet status conditions were set correctly - Expect(ApplicationSetHasConditions("simple-git-generator", ExpectedConditions)). - - // Delete the ApplicationSet, and verify it deletes the Applications - When(). - Delete().Then().Expect(ApplicationsDoNotExist(expectedAppsNewNamespace)) -} - -func TestSimpleGitFilesGeneratorGPGEnabledUnsignedCommits(t *testing.T) { - fixture.SkipOnEnv(t, "GPG") - expectedErrorMessage := `error generating params from git: error retrieving Git files: rpc error: code = Unknown desc = permission denied` - expectedConditionsParamsError := []v1alpha1.ApplicationSetCondition{ - { - Type: v1alpha1.ApplicationSetConditionErrorOccurred, - Status: v1alpha1.ApplicationSetConditionStatusTrue, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - { - Type: v1alpha1.ApplicationSetConditionParametersGenerated, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonErrorOccurred, - }, - { - Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - } - project := "gpg" + +func TestSimpleGitDirectoryGeneratorGoTemplate(t *testing.T) { generateExpectedApp := func(name string) argov1alpha1.Application { return argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -1691,94 +1159,105 @@ func TestSimpleGitFilesGeneratorGPGEnabledUnsignedCommits(t *testing.T) { Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, }, Spec: argov1alpha1.ApplicationSpec{ - Project: project, + Project: "default", Source: &argov1alpha1.ApplicationSource{ RepoURL: "https://github.com/argoproj/argocd-example-apps.git", TargetRevision: "HEAD", - Path: "guestbook", + Path: name, }, Destination: argov1alpha1.ApplicationDestination{ Server: "https://kubernetes.default.svc", - Namespace: "guestbook", + Namespace: name, }, }, } } expectedApps := []argov1alpha1.Application{ - generateExpectedApp("engineering-dev-guestbook"), - generateExpectedApp("engineering-prod-guestbook"), + generateExpectedApp("kustomize-guestbook"), + generateExpectedApp("helm-guestbook"), + generateExpectedApp("ksonnet-guestbook"), } - fixture.EnsureCleanState(t) + var expectedAppsNewNamespace []argov1alpha1.Application + var expectedAppsNewMetadata []argov1alpha1.Application + Given(t). - Project(project). When(). // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-git-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ - ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{cluster.name}}-guestbook"}, + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.path.basename}}"}, Spec: argov1alpha1.ApplicationSpec{ - Project: project, + Project: "default", Source: &argov1alpha1.ApplicationSource{ RepoURL: "https://github.com/argoproj/argocd-example-apps.git", TargetRevision: "HEAD", - Path: "guestbook", + Path: "{{.path.path}}", }, Destination: argov1alpha1.ApplicationDestination{ Server: "https://kubernetes.default.svc", - Namespace: "guestbook", + Namespace: "{{.path.basename}}", }, }, }, Generators: []v1alpha1.ApplicationSetGenerator{ { Git: &v1alpha1.GitGenerator{ - RepoURL: "https://github.com/argoproj/applicationset.git", - Files: []v1alpha1.GitFileGeneratorItem{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + Directories: []v1alpha1.GitDirectoryGeneratorItem{ { - Path: "examples/git-generator-files-discovery/cluster-config/**/config.json", + Path: "*guestbook*", }, }, }, }, }, }, - }).Then().Expect(ApplicationsDoNotExist(expectedApps)). - // verify the ApplicationSet error status conditions were set correctly - Expect(ApplicationSetHasConditions("simple-git-generator", expectedConditionsParamsError)). + }).Then().Expect(ApplicationsExist(expectedApps)). + + // Update the ApplicationSet template namespace, and verify it updates the Applications + When(). + And(func() { + for _, expectedApp := range expectedApps { + newExpectedApp := expectedApp.DeepCopy() + newExpectedApp.Spec.Destination.Namespace = "guestbook2" + expectedAppsNewNamespace = append(expectedAppsNewNamespace, *newExpectedApp) + } + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" + }).Then().Expect(ApplicationsExist(expectedAppsNewNamespace)). + + // Update the metadata fields in the appset template, and make sure it propagates to the apps + When(). + And(func() { + for _, expectedApp := range expectedAppsNewNamespace { + expectedAppNewMetadata := expectedApp.DeepCopy() + expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) + } + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + appset.Spec.Template.Labels = map[string]string{"label-key": "label-value"} + }).Then().Expect(ApplicationsExist(expectedAppsNewMetadata)). + + // verify the ApplicationSet status conditions were set correctly + Expect(ApplicationSetHasConditions("simple-git-generator", ExpectedConditions)). + + // Delete the ApplicationSet, and verify it deletes the Applications When(). - Delete().Then().Expect(ApplicationsDoNotExist(expectedApps)) + Delete().Then().Expect(ApplicationsDoNotExist(expectedAppsNewNamespace)) } -func TestSimpleGitFilesGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) { - fixture.SkipOnEnv(t, "GPG") - expectedErrorMessage := `error generating params from git: error retrieving Git files: rpc error: code = Unknown desc = permission denied` - expectedConditionsParamsError := []v1alpha1.ApplicationSetCondition{ - { - Type: v1alpha1.ApplicationSetConditionErrorOccurred, - Status: v1alpha1.ApplicationSetConditionStatusTrue, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - { - Type: v1alpha1.ApplicationSetConditionParametersGenerated, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonErrorOccurred, - }, - { - Type: v1alpha1.ApplicationSetConditionResourcesUpToDate, - Status: v1alpha1.ApplicationSetConditionStatusFalse, - Message: expectedErrorMessage, - Reason: v1alpha1.ApplicationSetReasonApplicationParamsGenerationError, - }, - } - project := "gpg" +func TestSimpleGitFilesGenerator(t *testing.T) { + generateExpectedApp := func(name string) argov1alpha1.Application { return argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -1791,7 +1270,7 @@ func TestSimpleGitFilesGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) { Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, }, Spec: argov1alpha1.ApplicationSpec{ - Project: project, + Project: "default", Source: &argov1alpha1.ApplicationSource{ RepoURL: "https://github.com/argoproj/argocd-example-apps.git", TargetRevision: "HEAD", @@ -1805,30 +1284,25 @@ func TestSimpleGitFilesGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) { } } - str, _ := rand.RandString(1) - expectedApps := []argov1alpha1.Application{ generateExpectedApp("engineering-dev-guestbook"), generateExpectedApp("engineering-prod-guestbook"), } - fixture.EnsureCleanState(t) + var expectedAppsNewNamespace []argov1alpha1.Application + var expectedAppsNewMetadata []argov1alpha1.Application + Given(t). - Project(project). - Path(guestbookPath). When(). - AddSignedFile("test.yaml", str).IgnoreErrors(). - IgnoreErrors(). // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-git-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{cluster.name}}-guestbook"}, Spec: argov1alpha1.ApplicationSpec{ - Project: project, + Project: "default", Source: &argov1alpha1.ApplicationSource{ RepoURL: "https://github.com/argoproj/argocd-example-apps.git", TargetRevision: "HEAD", @@ -1853,15 +1327,46 @@ func TestSimpleGitFilesGeneratorGPGEnabledWithoutKnownKeys(t *testing.T) { }, }, }, - }).Then(). - // verify the ApplicationSet error status conditions were set correctly - Expect(ApplicationSetHasConditions("simple-git-generator", expectedConditionsParamsError)). - Expect(ApplicationsDoNotExist(expectedApps)). + }).Then().Expect(ApplicationsExist(expectedApps)). + + // Update the ApplicationSet template namespace, and verify it updates the Applications + When(). + And(func() { + for _, expectedApp := range expectedApps { + newExpectedApp := expectedApp.DeepCopy() + newExpectedApp.Spec.Destination.Namespace = "guestbook2" + expectedAppsNewNamespace = append(expectedAppsNewNamespace, *newExpectedApp) + } + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Spec.Destination.Namespace = "guestbook2" + }).Then().Expect(ApplicationsExist(expectedAppsNewNamespace)). + + // Update the metadata fields in the appset template, and make sure it propagates to the apps + When(). + And(func() { + for _, expectedApp := range expectedAppsNewNamespace { + expectedAppNewMetadata := expectedApp.DeepCopy() + expectedAppNewMetadata.ObjectMeta.Annotations = map[string]string{"annotation-key": "annotation-value"} + expectedAppNewMetadata.ObjectMeta.Labels = map[string]string{"label-key": "label-value"} + expectedAppsNewMetadata = append(expectedAppsNewMetadata, *expectedAppNewMetadata) + } + }). + Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Template.Annotations = map[string]string{"annotation-key": "annotation-value"} + appset.Spec.Template.Labels = map[string]string{"label-key": "label-value"} + }).Then().Expect(ApplicationsExist(expectedAppsNewMetadata)). + + // verify the ApplicationSet status conditions were set correctly + Expect(ApplicationSetHasConditions("simple-git-generator", ExpectedConditions)). + + // Delete the ApplicationSet, and verify it deletes the Applications When(). - Delete().Then().Expect(ApplicationsDoNotExist(expectedApps)) + Delete().Then().Expect(ApplicationsDoNotExist(expectedAppsNewNamespace)) } func TestSimpleGitFilesGeneratorGoTemplate(t *testing.T) { + generateExpectedApp := func(name string) argov1alpha1.Application { return argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -1899,10 +1404,9 @@ func TestSimpleGitFilesGeneratorGoTemplate(t *testing.T) { Given(t). When(). // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-git-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -1972,14 +1476,14 @@ func TestSimpleGitFilesGeneratorGoTemplate(t *testing.T) { } func TestSimpleGitFilesPreserveResourcesOnDeletion(t *testing.T) { + Given(t). When(). CreateNamespace(utils.ApplicationsResourcesNamespace). // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-git-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{cluster.name}}-guestbook"}, @@ -2032,14 +1536,14 @@ func TestSimpleGitFilesPreserveResourcesOnDeletion(t *testing.T) { } func TestSimpleGitFilesPreserveResourcesOnDeletionGoTemplate(t *testing.T) { + Given(t). When(). CreateNamespace(utils.ApplicationsResourcesNamespace). // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-git-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -2297,6 +1801,7 @@ func testServerWithPort(t *testing.T, port int, handler http.Handler) *httptest. } func TestSimpleSCMProviderGenerator(t *testing.T) { + ts := testServerWithPort(t, 8341, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { githubSCMMockHandler(t)(w, r) })) @@ -2332,10 +1837,9 @@ func TestSimpleSCMProviderGenerator(t *testing.T) { Given(t). // Create an SCMProviderGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-scm-provider-generator", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-scm-provider-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{ repository }}-guestbook"}, @@ -2407,10 +1911,9 @@ func TestSimpleSCMProviderGeneratorGoTemplate(t *testing.T) { Given(t). // Create an SCMProviderGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-scm-provider-generator", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-scm-provider-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -2477,10 +1980,9 @@ func TestSCMProviderGeneratorSCMProviderNotAllowed(t *testing.T) { Given(t). // Create an SCMProviderGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "scm-provider-generator-scm-provider-not-allowed", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "scm-provider-generator-scm-provider-not-allowed", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -2518,7 +2020,7 @@ func TestSCMProviderGeneratorSCMProviderNotAllowed(t *testing.T) { And(func() { // app should be listed output, err := fixture.RunCli("appset", "get", "scm-provider-generator-scm-provider-not-allowed") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "scm provider not allowed") }) } @@ -2550,10 +2052,9 @@ func TestCustomApplicationFinalizers(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-list-generator", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-list-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ @@ -2617,10 +2118,9 @@ func TestCustomApplicationFinalizersGoTemplate(t *testing.T) { Given(t). // Create a ListGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-list-generator", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-list-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -2691,6 +2191,7 @@ func githubPullMockHandler(t *testing.T) func(http.ResponseWriter, *http.Request } func TestSimplePullRequestGenerator(t *testing.T) { + ts := testServerWithPort(t, 8343, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { githubPullMockHandler(t)(w, r) })) @@ -2727,10 +2228,9 @@ func TestSimplePullRequestGenerator(t *testing.T) { Given(t). // Create an PullRequestGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-pull-request-generator", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-pull-request-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "guestbook-{{ number }}"}, @@ -2806,17 +2306,15 @@ func TestSimplePullRequestGeneratorGoTemplate(t *testing.T) { Given(t). // Create an PullRequestGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-pull-request-generator", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-pull-request-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ Name: "guestbook-{{ .number }}", - Labels: map[string]string{"app": "{{index .labels 0}}"}, - }, + Labels: map[string]string{"app": "{{index .labels 0}}"}}, Spec: argov1alpha1.ApplicationSpec{ Project: "default", Source: &argov1alpha1.ApplicationSource{ @@ -2852,6 +2350,7 @@ func TestSimplePullRequestGeneratorGoTemplate(t *testing.T) { } func TestPullRequestGeneratorNotAllowedSCMProvider(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -2884,17 +2383,15 @@ func TestPullRequestGeneratorNotAllowedSCMProvider(t *testing.T) { Given(t). // Create an PullRequestGenerator-based ApplicationSet - When().Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "pull-request-generator-not-allowed-scm", - }, + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "pull-request-generator-not-allowed-scm", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{ Name: "guestbook-{{ .number }}", - Labels: map[string]string{"app": "{{index .labels 0}}"}, - }, + Labels: map[string]string{"app": "{{index .labels 0}}"}}, Spec: argov1alpha1.ApplicationSpec{ Project: "default", Source: &argov1alpha1.ApplicationSource{ @@ -2930,7 +2427,7 @@ func TestPullRequestGeneratorNotAllowedSCMProvider(t *testing.T) { And(func() { // app should be listed output, err := fixture.RunCli("appset", "get", "pull-request-generator-not-allowed-scm") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, output, "scm provider not allowed") }) } @@ -2972,10 +2469,9 @@ func TestGitGeneratorPrivateRepo(t *testing.T) { Given(t). When(). // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator-private", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-git-generator-private", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{path.basename}}"}, @@ -3048,10 +2544,9 @@ func TestGitGeneratorPrivateRepoGoTemplate(t *testing.T) { Given(t). When(). // Create a GitGenerator-based ApplicationSet - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-git-generator-private", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-git-generator-private", + }, Spec: v1alpha1.ApplicationSetSpec{ GoTemplate: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -3087,3 +2582,88 @@ func TestGitGeneratorPrivateRepoGoTemplate(t *testing.T) { When(). Delete().Then().Expect(ApplicationsDoNotExist(expectedAppsNewNamespace)) } + +func TestUpdateHelmValuesObject(t *testing.T) { + + expectedApp := argov1alpha1.Application{ + TypeMeta: metav1.TypeMeta{ + Kind: application.ApplicationKind, + APIVersion: "argoproj.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "my-cluster-guestbook", + Namespace: fixture.TestNamespace(), + Finalizers: []string{"resources-finalizer.argocd.argoproj.io"}, + }, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "helm-guestbook", + Helm: &argov1alpha1.ApplicationSourceHelm{ + ValuesObject: &runtime.RawExtension{ + // This will always be converted as yaml + Raw: []byte(`{"some":{"foo":"bar"}}`), + }, + }, + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "https://kubernetes.default.svc", + Namespace: "guestbook", + }, + }, + } + + Given(t). + // Create a ListGenerator-based ApplicationSet + When().Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "test-values-object-patch", + }, + Spec: v1alpha1.ApplicationSetSpec{ + GoTemplate: true, + Template: v1alpha1.ApplicationSetTemplate{ + ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{.cluster}}-guestbook"}, + Spec: argov1alpha1.ApplicationSpec{ + Project: "default", + Source: &argov1alpha1.ApplicationSource{ + RepoURL: "https://github.com/argoproj/argocd-example-apps.git", + TargetRevision: "HEAD", + Path: "helm-guestbook", + Helm: &argov1alpha1.ApplicationSourceHelm{ + ValuesObject: &runtime.RawExtension{ + Raw: []byte(`{"some":{"string":"{{.test}}"}}`), + }, + }, + }, + Destination: argov1alpha1.ApplicationDestination{ + Server: "{{.url}}", + Namespace: "guestbook", + }, + }, + }, + Generators: []v1alpha1.ApplicationSetGenerator{ + { + List: &v1alpha1.ListGenerator{ + Elements: []apiextensionsv1.JSON{{ + Raw: []byte(`{"cluster": "my-cluster","url": "https://kubernetes.default.svc", "test": "Hello world"}`), + }}, + }, + }, + }, + }, + }).Then(). + Expect(ApplicationSetHasConditions("test-values-object-patch", ExpectedConditions)). + When(). + // Update the app spec with some knew ValuesObject to force a merge + Update(func(as *argov1alpha1.ApplicationSet) { + as.Spec.Template.Spec.Source.Helm.ValuesObject = &runtime.RawExtension{ + Raw: []byte(`{"some":{"foo":"bar"}}`), + } + }). + Then(). + Expect(ApplicationsExist([]argov1alpha1.Application{expectedApp})). + When(). + // Delete the ApplicationSet, and verify it deletes the Applications + Delete().Then().Expect(ApplicationsDoNotExist([]argov1alpha1.Application{expectedApp})) +} diff --git a/test/e2e/cli_test.go b/test/e2e/cli_test.go index 1472116be7e93..8e87ea16f4469 100644 --- a/test/e2e/cli_test.go +++ b/test/e2e/cli_test.go @@ -6,7 +6,6 @@ import ( "github.com/argoproj/gitops-engine/pkg/health" . "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" @@ -20,7 +19,7 @@ func TestCliAppCommand(t *testing.T) { CreateApp(). And(func() { output, err := RunCli("app", "sync", Name(), "--timeout", "90") - require.NoError(t, err) + assert.NoError(t, err) vars := map[string]interface{}{"Name": Name(), "Namespace": DeploymentNamespace()} assert.Contains(t, NormalizeOutput(output), Tmpl(`Pod {{.Namespace}} pod Synced Progressing pod/pod created`, vars)) assert.Contains(t, NormalizeOutput(output), Tmpl(`Pod {{.Namespace}} hook Succeeded Sync pod/hook created`, vars)) @@ -30,7 +29,7 @@ func TestCliAppCommand(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(_ *Application) { output, err := RunCli("app", "list") - require.NoError(t, err) + assert.NoError(t, err) expected := Tmpl( `{{.Name}} https://kubernetes.default.svc {{.Namespace}} default Synced Healthy Manual `, map[string]interface{}{"Name": Name(), "Namespace": DeploymentNamespace()}) diff --git a/test/e2e/cluster_generator_test.go b/test/e2e/cluster_generator_test.go index aa73e36aea796..1d5699e23503d 100644 --- a/test/e2e/cluster_generator_test.go +++ b/test/e2e/cluster_generator_test.go @@ -17,7 +17,8 @@ import ( ) func TestSimpleClusterGeneratorExternalNamespace(t *testing.T) { - externalNamespace := string(utils.ArgoCDExternalNamespace) + + var externalNamespace = string(utils.ArgoCDExternalNamespace) expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -52,10 +53,9 @@ func TestSimpleClusterGeneratorExternalNamespace(t *testing.T) { CreateClusterSecret("my-secret", "cluster1", "https://kubernetes.default.svc"). SwitchToExternalNamespace(utils.ArgoCDExternalNamespace). CreateNamespace(externalNamespace). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, @@ -119,6 +119,7 @@ func TestSimpleClusterGeneratorExternalNamespace(t *testing.T) { } func TestSimpleClusterGenerator(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -150,10 +151,9 @@ func TestSimpleClusterGenerator(t *testing.T) { // Create a ClusterGenerator-based ApplicationSet When(). CreateClusterSecret("my-secret", "cluster1", "https://kubernetes.default.svc"). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, @@ -275,10 +275,9 @@ func TestClusterGeneratorWithLocalCluster(t *testing.T) { Given(t). // Create a ClusterGenerator-based ApplicationSet When(). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "in-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "in-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, @@ -330,6 +329,7 @@ func TestClusterGeneratorWithLocalCluster(t *testing.T) { } func TestSimpleClusterGeneratorAddingCluster(t *testing.T) { + expectedAppTemplate := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -366,10 +366,9 @@ func TestSimpleClusterGeneratorAddingCluster(t *testing.T) { // Create a ClusterGenerator-based ApplicationSet When(). CreateClusterSecret("my-secret", "cluster1", "https://kubernetes.default.svc"). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, @@ -412,6 +411,7 @@ func TestSimpleClusterGeneratorAddingCluster(t *testing.T) { } func TestSimpleClusterGeneratorDeletingCluster(t *testing.T) { + expectedAppTemplate := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -449,10 +449,9 @@ func TestSimpleClusterGeneratorDeletingCluster(t *testing.T) { When(). CreateClusterSecret("my-secret", "cluster1", "https://kubernetes.default.svc"). CreateClusterSecret("my-secret2", "cluster2", "https://kubernetes.default.svc"). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, diff --git a/test/e2e/cluster_objects_test.go b/test/e2e/cluster_objects_test.go index 59ee43d3974b6..4299a35c55c00 100644 --- a/test/e2e/cluster_objects_test.go +++ b/test/e2e/cluster_objects_test.go @@ -6,7 +6,6 @@ import ( "github.com/argoproj/gitops-engine/pkg/health" . "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" @@ -26,7 +25,7 @@ func TestClusterRoleBinding(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { diffOutput, err := RunCli("app", "diff", app.Name, "--revision=HEAD") - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, diffOutput) }). When(). @@ -38,7 +37,7 @@ func TestClusterRoleBinding(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { diffOutput, err := RunCli("app", "diff", app.Name, "--revision=HEAD") - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, diffOutput) }) } diff --git a/test/e2e/cluster_test.go b/test/e2e/cluster_test.go index 81399c0a01022..96415f4f5541a 100644 --- a/test/e2e/cluster_test.go +++ b/test/e2e/cluster_test.go @@ -153,7 +153,7 @@ func TestClusterListDenied(t *testing.T) { List(). Then(). AndCLIOutput(func(output string, err error) { - assert.Equal(t, "SERVER NAME VERSION STATUS MESSAGE PROJECT", output) + assert.Equal(t, output, "SERVER NAME VERSION STATUS MESSAGE PROJECT") }) } @@ -199,7 +199,7 @@ func TestClusterNameInRestAPI(t *testing.T) { err := DoHttpJsonRequest("GET", "/api/v1/clusters/in-cluster?id.type=name", &cluster) require.NoError(t, err) - assert.Equal(t, "in-cluster", cluster.Name) + assert.Equal(t, cluster.Name, "in-cluster") assert.Contains(t, cluster.Server, "https://kubernetes.default.svc") err = DoHttpJsonRequest("PUT", @@ -217,7 +217,7 @@ func TestClusterURLInRestAPI(t *testing.T) { err := DoHttpJsonRequest("GET", fmt.Sprintf("/api/v1/clusters/%s", clusterURL), &cluster) require.NoError(t, err) - assert.Equal(t, "in-cluster", cluster.Name) + assert.Equal(t, cluster.Name, "in-cluster") assert.Contains(t, cluster.Server, "https://kubernetes.default.svc") err = DoHttpJsonRequest("PUT", diff --git a/test/e2e/clusterdecisiongenerator_e2e_test.go b/test/e2e/clusterdecisiongenerator_e2e_test.go index 3ee4a30509cbb..5f0d6ff6ae3c7 100644 --- a/test/e2e/clusterdecisiongenerator_e2e_test.go +++ b/test/e2e/clusterdecisiongenerator_e2e_test.go @@ -18,7 +18,8 @@ import ( var tenSec = int64(10) func TestSimpleClusterDecisionResourceGeneratorExternalNamespace(t *testing.T) { - externalNamespace := string(utils.ArgoCDExternalNamespace) + + var externalNamespace = string(utils.ArgoCDExternalNamespace) expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ @@ -64,10 +65,9 @@ func TestSimpleClusterDecisionResourceGeneratorExternalNamespace(t *testing.T) { StatusUpdatePlacementDecision("my-placementdecision", clusterList). CreateNamespace(externalNamespace). SwitchToExternalNamespace(utils.ArgoCDExternalNamespace). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, @@ -128,6 +128,7 @@ func TestSimpleClusterDecisionResourceGeneratorExternalNamespace(t *testing.T) { } func TestSimpleClusterDecisionResourceGenerator(t *testing.T) { + expectedApp := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -170,10 +171,9 @@ func TestSimpleClusterDecisionResourceGenerator(t *testing.T) { CreatePlacementDecisionConfigMap("my-configmap"). CreatePlacementDecision("my-placementdecision"). StatusUpdatePlacementDecision("my-placementdecision", clusterList). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, @@ -230,6 +230,7 @@ func TestSimpleClusterDecisionResourceGenerator(t *testing.T) { } func TestSimpleClusterDecisionResourceGeneratorAddingCluster(t *testing.T) { + expectedAppTemplate := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -281,10 +282,9 @@ func TestSimpleClusterDecisionResourceGeneratorAddingCluster(t *testing.T) { CreatePlacementDecisionConfigMap("my-configmap"). CreatePlacementDecision("my-placementdecision"). StatusUpdatePlacementDecision("my-placementdecision", clusterList). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, @@ -325,6 +325,7 @@ func TestSimpleClusterDecisionResourceGeneratorAddingCluster(t *testing.T) { } func TestSimpleClusterDecisionResourceGeneratorDeletingClusterSecret(t *testing.T) { + expectedAppTemplate := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -377,10 +378,9 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterSecret(t *testing. CreatePlacementDecisionConfigMap("my-configmap"). CreatePlacementDecision("my-placementdecision"). StatusUpdatePlacementDecision("my-placementdecision", clusterList). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, @@ -422,6 +422,7 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterSecret(t *testing. } func TestSimpleClusterDecisionResourceGeneratorDeletingClusterFromResource(t *testing.T) { + expectedAppTemplate := argov1alpha1.Application{ TypeMeta: metav1.TypeMeta{ Kind: application.ApplicationKind, @@ -481,10 +482,9 @@ func TestSimpleClusterDecisionResourceGeneratorDeletingClusterFromResource(t *te CreatePlacementDecisionConfigMap("my-configmap"). CreatePlacementDecision("my-placementdecision"). StatusUpdatePlacementDecision("my-placementdecision", clusterList). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "simple-cluster-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "simple-cluster-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-guestbook"}, diff --git a/test/e2e/custom_tool_test.go b/test/e2e/custom_tool_test.go index d5433977afa3f..7370fb5478ad3 100644 --- a/test/e2e/custom_tool_test.go +++ b/test/e2e/custom_tool_test.go @@ -67,12 +67,12 @@ func TestCustomToolWithGitCredsTemplate(t *testing.T) { Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.GitUsername}") - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, output) }). And(func(app *Application) { output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.GitPassword}") - require.NoError(t, err) + assert.NoError(t, err) assert.Empty(t, output) }) } @@ -107,18 +107,18 @@ func TestCustomToolWithEnv(t *testing.T) { }). And(func(app *Application) { output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.Bar}") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "baz", output) }). And(func(app *Application) { output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.Foo}") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "bar", output) }). And(func(app *Application) { expectedKubeVersion := GetVersions().ServerVersion.Format("%s.%s") output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.KubeVersion}") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedKubeVersion, output) }). And(func(app *Application) { @@ -127,7 +127,7 @@ func TestCustomToolWithEnv(t *testing.T) { sort.Strings(expectedApiVersionSlice) output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.KubeApiVersion}") - require.NoError(t, err) + assert.NoError(t, err) outputSlice := strings.Split(output, ",") sort.Strings(outputSlice) @@ -174,7 +174,7 @@ func startCMPServer(t *testing.T, configFile string) { t.Setenv("ARGOCD_PLUGINSOCKFILEPATH", pluginSockFilePath) if _, err := os.Stat(pluginSockFilePath); os.IsNotExist(err) { // path/to/whatever does not exist - err := os.Mkdir(pluginSockFilePath, 0o700) + err := os.Mkdir(pluginSockFilePath, 0700) require.NoError(t, err) } FailOnErr(RunWithStdin("", "", "../../dist/argocd", "--config-dir-path", configFile)) @@ -261,13 +261,13 @@ func TestCMPDiscoverWithFindCommandWithEnv(t *testing.T) { }). And(func(app *Application) { output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.Bar}") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "baz", output) }). And(func(app *Application) { expectedKubeVersion := GetVersions().ServerVersion.Format("%s.%s") output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.KubeVersion}") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, expectedKubeVersion, output) }). And(func(app *Application) { @@ -276,7 +276,7 @@ func TestCMPDiscoverWithFindCommandWithEnv(t *testing.T) { sort.Strings(expectedApiVersionSlice) output, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "cm", ctx.AppName(), "-o", "jsonpath={.metadata.annotations.KubeApiVersion}") - require.NoError(t, err) + assert.NoError(t, err) outputSlice := strings.Split(output, ",") sort.Strings(outputSlice) @@ -303,7 +303,7 @@ func TestPruneResourceFromCMP(t *testing.T) { Expect(DoesNotExist()). AndAction(func() { _, err := Run("", "kubectl", "-n", DeploymentNamespace(), "get", "deployment", "guestbook-ui") - require.Error(t, err) + assert.Error(t, err) }) } diff --git a/test/e2e/declarative_test.go b/test/e2e/declarative_test.go index 0b1649b527f20..3f1c1a20e1037 100644 --- a/test/e2e/declarative_test.go +++ b/test/e2e/declarative_test.go @@ -55,14 +55,13 @@ func TestDeclarativeInvalidProject(t *testing.T) { Expect(HealthIs(health.HealthStatusUnknown)). Expect(SyncStatusIs(SyncStatusCodeUnknown)). Expect(Condition(ApplicationConditionInvalidSpecError, "Application referencing project garbage which does not exist")) - // TODO: you can`t delete application with invalid project due to enforcment that was recently added, // in https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c - // When(). - // Delete(false). - // Then(). - // Expect(Success("")). - // Expect(DoesNotExist()) + //When(). + //Delete(false). + //Then(). + //Expect(Success("")). + //Expect(DoesNotExist()) } func TestDeclarativeInvalidRepoURL(t *testing.T) { diff --git a/test/e2e/deployment_test.go b/test/e2e/deployment_test.go index 083a2a60d9b3d..20e79c2aff56c 100644 --- a/test/e2e/deployment_test.go +++ b/test/e2e/deployment_test.go @@ -9,7 +9,6 @@ import ( "time" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -66,7 +65,7 @@ func TestDeploymentWithAnnotationTrackingMode(t *testing.T) { Then(). And(func(app *Application) { out, err := RunCli("app", "manifests", ctx.AppName()) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, fmt.Sprintf(`annotations: argocd.argoproj.io/tracking-id: %s:apps/Deployment:%s/nginx-deployment `, ctx.AppName(), DeploymentNamespace())) @@ -89,7 +88,7 @@ func TestDeploymentWithLabelTrackingMode(t *testing.T) { Then(). And(func(app *Application) { out, err := RunCli("app", "manifests", ctx.AppName()) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, fmt.Sprintf(`labels: app: nginx app.kubernetes.io/instance: %s @@ -112,7 +111,7 @@ func TestDeploymentWithoutTrackingMode(t *testing.T) { Then(). And(func(app *Application) { out, err := RunCli("app", "manifests", ctx.AppName()) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, fmt.Sprintf(`labels: app: nginx app.kubernetes.io/instance: %s @@ -125,9 +124,11 @@ func TestDeploymentWithoutTrackingMode(t *testing.T) { // and // B) Multiple users can deploy to the same K8s cluster, using above mechanism (but with different Argo CD Cluster Secrets, and different ServiceAccounts) func TestDeployToKubernetesAPIURLWithQueryParameter(t *testing.T) { + // We test with both a cluster-scoped, and a non-cluster scoped, Argo CD Cluster Secret. clusterScopedParam := []bool{false, true} for _, clusterScoped := range clusterScopedParam { + EnsureCleanState(t) // Simulate two users, each with their own Argo CD cluster secret that can only deploy to their Namespace @@ -147,7 +148,9 @@ func TestDeployToKubernetesAPIURLWithQueryParameter(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(HealthIs(health.HealthStatusHealthy)) } + } + } // This test verifies that Argo CD can: @@ -155,10 +158,12 @@ func TestDeployToKubernetesAPIURLWithQueryParameter(t *testing.T) { // fully enforces user boundary. // Our simulated user's ServiceAccounts should not be able to deploy into a namespace that is outside that SA's RBAC. func TestArgoCDSupportsMultipleServiceAccountsWithDifferingRBACOnSameCluster(t *testing.T) { + // We test with both a cluster-scoped, and a non-cluster scoped, Argo CD Cluster Secret. clusterScopedParam := []bool{ /*false,*/ true} for _, clusterScoped := range clusterScopedParam { + EnsureCleanState(t) // Simulate two users, each with their own Argo CD cluster secret that can only deploy to their Namespace @@ -169,6 +174,7 @@ func TestArgoCDSupportsMultipleServiceAccountsWithDifferingRBACOnSameCluster(t * } for idx, username := range users { + // we should use user-a's serviceaccount to deploy to user-b's namespace, and vice versa // - If everything as working as expected, this should fail. otherUser := users[(idx+1)%len(users)] @@ -191,12 +197,14 @@ func TestArgoCDSupportsMultipleServiceAccountsWithDifferingRBACOnSameCluster(t * consequences.Expect(OperationMessageContains("User \"system:serviceaccount:" + otherUser + ":" + otherUser + "-serviceaccount\" cannot create resource \"deployments\" in API group \"apps\" in the namespace \"" + username + "\"")) } } + } } // generateReadOnlyClusterRoleandBindingForServiceAccount creates a ClusterRole/Binding that allows a ServiceAccount in a given namespace to read all resources on a cluster. // - This allows the ServiceAccount to be used within a cluster-scoped Argo CD Cluster Secret func generateReadOnlyClusterRoleandBindingForServiceAccount(roleSuffix string, serviceAccountNS string) (rbacv1.ClusterRole, rbacv1.ClusterRoleBinding) { + clusterRole := rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ Name: E2ETestPrefix + "read-all-" + roleSuffix, @@ -259,6 +267,7 @@ func buildArgoCDClusterSecret(secretName, secretNamespace, clusterName, clusterS // - username = name of Namespace the simulated user is able to deploy to // - clusterScopedSecrets = whether the Service Account is namespace-scoped or cluster-scoped. func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecrets bool) { + // Create a new Namespace for our simulated user ns := corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ @@ -266,12 +275,12 @@ func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecre }, } _, err := KubeClientset.CoreV1().Namespaces().Create(context.Background(), &ns, metav1.CreateOptions{}) - require.NoError(t, err) + assert.Nil(t, err) // Create a ServiceAccount in that Namespace, which will be used for the Argo CD Cluster SEcret serviceAccountName := username + "-serviceaccount" err = clusterauth.CreateServiceAccount(KubeClientset, serviceAccountName, ns.Name) - require.NoError(t, err) + assert.Nil(t, err) // Create a Role that allows the ServiceAccount to read/write all within the Namespace role := rbacv1.Role{ @@ -286,7 +295,7 @@ func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecre }}, } _, err = KubeClientset.RbacV1().Roles(role.Namespace).Create(context.Background(), &role, metav1.CreateOptions{}) - require.NoError(t, err) + assert.Nil(t, err) // Bind the Role with the ServiceAccount in the Namespace roleBinding := rbacv1.RoleBinding{ @@ -306,11 +315,11 @@ func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecre }, } _, err = KubeClientset.RbacV1().RoleBindings(roleBinding.Namespace).Create(context.Background(), &roleBinding, metav1.CreateOptions{}) - require.NoError(t, err) + assert.Nil(t, err) // Retrieve the bearer token from the ServiceAccount token, err := clusterauth.GetServiceAccountBearerToken(KubeClientset, ns.Name, serviceAccountName, time.Second*60) - require.NoError(t, err) + assert.Nil(t, err) assert.NotEmpty(t, token) // In order to test a cluster-scoped Argo CD Cluster Secret, we may optionally grant the ServiceAccount read-all permissions at cluster scope. @@ -318,10 +327,11 @@ func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecre clusterRole, clusterRoleBinding := generateReadOnlyClusterRoleandBindingForServiceAccount(username, username) _, err := KubeClientset.RbacV1().ClusterRoles().Create(context.Background(), &clusterRole, metav1.CreateOptions{}) - require.NoError(t, err) + assert.Nil(t, err) _, err = KubeClientset.RbacV1().ClusterRoleBindings().Create(context.Background(), &clusterRoleBinding, metav1.CreateOptions{}) - require.NoError(t, err) + assert.Nil(t, err) + } // Build the Argo CD Cluster Secret by using the service account token, and extracting needed values from kube config @@ -333,10 +343,10 @@ func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecre } jsonStringBytes, err := json.Marshal(clusterSecretConfigJSON) - require.NoError(t, err) + assert.Nil(t, err) _, apiURL, err := extractKubeConfigValues() - require.NoError(t, err) + assert.Nil(t, err) clusterResourcesField := "" namespacesField := "" @@ -354,7 +364,7 @@ func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecre // Finally, create the Cluster secret in the Argo CD E2E namespace _, err = KubeClientset.CoreV1().Secrets(secret.Namespace).Create(context.Background(), &secret, metav1.CreateOptions{}) - require.NoError(t, err) + assert.Nil(t, err) } // extractKubeConfigValues returns contents of the local environment's kubeconfig, using standard path resolution mechanism. @@ -363,6 +373,7 @@ func createNamespaceScopedUser(t *testing.T, username string, clusterScopedSecre // - server name (within the kubeconfig) // - error func extractKubeConfigValues() (string, string, error) { + loadingRules := clientcmd.NewDefaultClientConfigLoadingRules() config, err := loadingRules.Load() @@ -384,6 +395,7 @@ func extractKubeConfigValues() (string, string, error) { paths := loadingRules.Precedence { + // For all the kubeconfig paths, look for one that exists for _, path := range paths { _, err = os.Stat(path) @@ -392,6 +404,7 @@ func extractKubeConfigValues() (string, string, error) { kubeConfigDefault = path break } // Otherwise, continue. + } if kubeConfigDefault == "" { diff --git a/test/e2e/fixture/app/actions.go b/test/e2e/fixture/app/actions.go index 1d013b6628963..a2b1d5e01371b 100644 --- a/test/e2e/fixture/app/actions.go +++ b/test/e2e/fixture/app/actions.go @@ -106,7 +106,6 @@ func (a *Actions) CreateFromPartialFile(data string, flags ...string) *Actions { a.runCli(args...) return a } - func (a *Actions) CreateFromFile(handler func(app *Application), flags ...string) *Actions { a.context.t.Helper() app := &Application{ @@ -301,9 +300,9 @@ func (a *Actions) PatchApp(patch string) *Actions { func (a *Actions) PatchAppHttp(patch string) *Actions { a.context.t.Helper() var application Application - patchType := "merge" - appName := a.context.AppQualifiedName() - appNamespace := a.context.AppNamespace() + var patchType = "merge" + var appName = a.context.AppQualifiedName() + var appNamespace = a.context.AppNamespace() patchRequest := &client.ApplicationPatchRequest{ Name: &appName, PatchType: &patchType, diff --git a/test/e2e/fixture/app/context.go b/test/e2e/fixture/app/context.go index 2225cac54c61d..41c8dbd17bcad 100644 --- a/test/e2e/fixture/app/context.go +++ b/test/e2e/fixture/app/context.go @@ -100,7 +100,7 @@ func (c *Context) AppNamespace() string { func (c *Context) SetAppNamespace(namespace string) *Context { c.appNamespace = namespace - // fixture.SetParamInSettingConfigMap("application.resourceTrackingMethod", "annotation") + //fixture.SetParamInSettingConfigMap("application.resourceTrackingMethod", "annotation") return c } diff --git a/test/e2e/fixture/app/expectation.go b/test/e2e/fixture/app/expectation.go index 8546a4eed7be9..4d4918e981751 100644 --- a/test/e2e/fixture/app/expectation.go +++ b/test/e2e/fixture/app/expectation.go @@ -111,6 +111,7 @@ func StatusExists() Expectation { func Namespace(name string, block func(app *Application, ns *v1.Namespace)) Expectation { return func(c *Consequences) (state, string) { ns, err := namespace(name) + if err != nil { return failed, fmt.Sprintf("namespace not found %s", err.Error()) } @@ -133,7 +134,6 @@ func ResourceSyncStatusIs(kind, resource string, expected SyncStatusCode) Expect return simple(actual == expected, fmt.Sprintf("resource '%s/%s' sync status should be %s, is %s", kind, resource, expected, actual)) } } - func ResourceSyncStatusWithNamespaceIs(kind, resource, namespace string, expected SyncStatusCode) Expectation { return func(c *Consequences) (state, string) { actual := c.resource(kind, resource, namespace).Status @@ -147,14 +147,12 @@ func ResourceHealthIs(kind, resource string, expected health.HealthStatusCode) E return simple(actual == expected, fmt.Sprintf("resource '%s/%s' health should be %s, is %s", kind, resource, expected, actual)) } } - func ResourceHealthWithNamespaceIs(kind, resource, namespace string, expected health.HealthStatusCode) Expectation { return func(c *Consequences) (state, string) { actual := c.resource(kind, resource, namespace).Health.Status return simple(actual == expected, fmt.Sprintf("resource '%s/%s' health should be %s, is %s", kind, resource, expected, actual)) } } - func ResourceResultNumbering(num int) Expectation { return func(c *Consequences) (state, string) { actualNum := len(c.app().Status.OperationState.SyncResult.Resources) @@ -270,6 +268,7 @@ func pods() (*v1.PodList, error) { func NoNamespace(name string) Expectation { return func(c *Consequences) (state, string) { _, err := namespace(name) + if err != nil { return succeeded, "namespace not found" } diff --git a/test/e2e/fixture/applicationsets/actions.go b/test/e2e/fixture/applicationsets/actions.go index 1a5b214f75482..0b167c2b1a734 100644 --- a/test/e2e/fixture/applicationsets/actions.go +++ b/test/e2e/fixture/applicationsets/actions.go @@ -79,13 +79,15 @@ func (a *Actions) SwitchToArgoCDNamespace() *Actions { // CreateClusterSecret creates a faux cluster secret, with the given cluster server and cluster name (this cluster // will not actually be used by the Argo CD controller, but that's not needed for our E2E tests) func (a *Actions) CreateClusterSecret(secretName string, clusterName string, clusterServer string) *Actions { + fixtureClient := utils.GetE2EFixtureK8sClient() var serviceAccountName string // Look for a service account matching '*application-controller*' - err := wait.PollUntilContextTimeout(context.Background(), 500*time.Millisecond, 30*time.Second, false, func(ctx context.Context) (bool, error) { - serviceAccountList, err := fixtureClient.KubeClientset.CoreV1().ServiceAccounts(fixture.TestNamespace()).List(ctx, metav1.ListOptions{}) + err := wait.Poll(500*time.Millisecond, 30*time.Second, func() (bool, error) { + + serviceAccountList, err := fixtureClient.KubeClientset.CoreV1().ServiceAccounts(fixture.TestNamespace()).List(context.Background(), metav1.ListOptions{}) if err != nil { fmt.Println("Unable to retrieve ServiceAccount list", err) return false, nil @@ -152,6 +154,7 @@ func (a *Actions) CreateClusterSecret(secretName string, clusterName string, clu // DeleteClusterSecret deletes a faux cluster secret func (a *Actions) DeleteClusterSecret(secretName string) *Actions { + err := utils.GetE2EFixtureK8sClient().KubeClientset.CoreV1().Secrets(fixture.TestNamespace()).Delete(context.Background(), secretName, metav1.DeleteOptions{}) a.describeAction = fmt.Sprintf("deleting cluster Secret '%s'", secretName) @@ -163,6 +166,7 @@ func (a *Actions) DeleteClusterSecret(secretName string) *Actions { // DeleteConfigMap deletes a faux cluster secret func (a *Actions) DeleteConfigMap(configMapName string) *Actions { + err := utils.GetE2EFixtureK8sClient().KubeClientset.CoreV1().ConfigMaps(fixture.TestNamespace()).Delete(context.Background(), configMapName, metav1.DeleteOptions{}) a.describeAction = fmt.Sprintf("deleting configMap '%s'", configMapName) @@ -174,6 +178,7 @@ func (a *Actions) DeleteConfigMap(configMapName string) *Actions { // DeletePlacementDecision deletes a faux cluster secret func (a *Actions) DeletePlacementDecision(placementDecisionName string) *Actions { + err := utils.GetE2EFixtureK8sClient().DynamicClientset.Resource(pdGVR).Namespace(fixture.TestNamespace()).Delete(context.Background(), placementDecisionName, metav1.DeleteOptions{}) a.describeAction = fmt.Sprintf("deleting placement decision '%s'", placementDecisionName) @@ -444,6 +449,7 @@ func (a *Actions) get() (*v1alpha1.ApplicationSet, error) { } return &appSet, nil + } // Update retrieves the latest copy the ApplicationSet, then allows the caller to mutate it via 'toUpdate', with @@ -456,6 +462,7 @@ func (a *Actions) Update(toUpdate func(*v1alpha1.ApplicationSet)) *Actions { var mostRecentError error for start := time.Now(); time.Since(start) < timeout; time.Sleep(3 * time.Second) { + appSet, err := a.get() mostRecentError = err if err == nil { @@ -521,9 +528,3 @@ func (a *Actions) runCli(args ...string) { a.lastOutput, a.lastError = fixture.RunCli(args...) a.verifyAction() } - -func (a *Actions) AddSignedFile(fileName, fileContents string) *Actions { - a.context.t.Helper() - fixture.AddSignedFile(a.context.path+"/"+fileName, fileContents) - return a -} diff --git a/test/e2e/fixture/applicationsets/consequences.go b/test/e2e/fixture/applicationsets/consequences.go index 3da461c1c9e5e..db614f3cf3075 100644 --- a/test/e2e/fixture/applicationsets/consequences.go +++ b/test/e2e/fixture/applicationsets/consequences.go @@ -27,6 +27,7 @@ func (c *Consequences) Expect(e Expectation) *Consequences { } func (c *Consequences) ExpectWithDuration(e Expectation, timeout time.Duration) *Consequences { + // this invocation makes sure this func is not reported as the cause of the failure - we are a "test helper" c.context.t.Helper() var message string @@ -74,6 +75,7 @@ func (c *Consequences) app(name string) *v1alpha1.Application { } func (c *Consequences) apps() []v1alpha1.Application { + var namespace string if c.context.switchToNamespace != "" { namespace = string(c.context.switchToNamespace) @@ -93,6 +95,7 @@ func (c *Consequences) apps() []v1alpha1.Application { } func (c *Consequences) applicationSet(applicationSetName string) *v1alpha1.ApplicationSet { + fixtureClient := utils.GetE2EFixtureK8sClient() var appSetClientSet dynamic.ResourceInterface diff --git a/test/e2e/fixture/applicationsets/context.go b/test/e2e/fixture/applicationsets/context.go index daa2474ea01d5..a7e91f4d0c8ff 100644 --- a/test/e2e/fixture/applicationsets/context.go +++ b/test/e2e/fixture/applicationsets/context.go @@ -5,7 +5,6 @@ import ( "time" "github.com/argoproj/argo-cd/v2/test/e2e/fixture/applicationsets/utils" - "github.com/argoproj/argo-cd/v2/test/e2e/fixture/gpgkeys" ) // Context implements the "given" part of given/when/then @@ -16,8 +15,6 @@ type Context struct { name string namespace string switchToNamespace utils.ExternalNamespace - project string - path string } func Given(t *testing.T) *Context { @@ -40,18 +37,3 @@ func (c *Context) And(block func()) *Context { block() return c } - -func (c *Context) Project(project string) *Context { - c.project = project - return c -} - -func (c *Context) Path(path string) *Context { - c.path = path - return c -} - -func (c *Context) GPGPublicKeyAdded() *Context { - gpgkeys.AddGPGPublicKey() - return c -} diff --git a/test/e2e/fixture/applicationsets/expectation.go b/test/e2e/fixture/applicationsets/expectation.go index fc8de495fe70c..990ad5f33dbfb 100644 --- a/test/e2e/fixture/applicationsets/expectation.go +++ b/test/e2e/fixture/applicationsets/expectation.go @@ -59,6 +59,7 @@ func Error(message, err string) Expectation { // equivalent to provided values. func ApplicationsExist(expectedApps []v1alpha1.Application) Expectation { return func(c *Consequences) (state, string) { + for _, expectedApp := range expectedApps { foundApp := c.app(expectedApp.Name) if foundApp == nil { @@ -66,13 +67,16 @@ func ApplicationsExist(expectedApps []v1alpha1.Application) Expectation { } if !appsAreEqual(expectedApp, *foundApp) { + diff, err := getDiff(filterFields(expectedApp), filterFields(*foundApp)) if err != nil { return failed, err.Error() } return pending, fmt.Sprintf("apps are not equal: '%s', diff: %s\n", expectedApp.QualifiedName(), diff) + } + } return succeeded, "all apps successfully found" @@ -83,6 +87,7 @@ func ApplicationsExist(expectedApps []v1alpha1.Application) Expectation { // equivalent to provided values. func ApplicationSetHasConditions(applicationSetName string, expectedConditions []v1alpha1.ApplicationSetCondition) Expectation { return func(c *Consequences) (state, string) { + // retrieve the application set foundApplicationSet := c.applicationSet(applicationSetName) if foundApplicationSet == nil { @@ -103,6 +108,7 @@ func ApplicationSetHasConditions(applicationSetName string, expectedConditions [ // ApplicationsDoNotExist checks that each of the 'expectedApps' no longer exist in the namespace func ApplicationsDoNotExist(expectedApps []v1alpha1.Application) Expectation { return func(c *Consequences) (state, string) { + for _, expectedApp := range expectedApps { foundApp := c.app(expectedApp.Name) if foundApp != nil { @@ -139,12 +145,14 @@ func pods(namespace string) (*corev1.PodList, error) { // getDiff returns a string containing a comparison result of two applications (for test output/debug purposes) func getDiff(orig, new v1alpha1.Application) (string, error) { + bytes, _, err := diff.CreateTwoWayMergePatch(orig, new, orig) if err != nil { return "", err } return string(bytes), nil + } // getConditionDiff returns a string containing a comparison result of two ApplicationSetCondition (for test output/debug purposes) @@ -164,10 +172,12 @@ func getConditionDiff(orig, new []v1alpha1.ApplicationSetCondition) (string, err } return string(bytes), nil + } // filterFields returns a copy of Application, but with unnecessary (for testing) fields removed func filterFields(input v1alpha1.Application) v1alpha1.Application { + spec := input.Spec metaCopy := input.ObjectMeta.DeepCopy() @@ -200,6 +210,7 @@ func filterFields(input v1alpha1.Application) v1alpha1.Application { // filterConditionFields returns a copy of ApplicationSetCondition, but with unnecessary (for testing) fields removed func filterConditionFields(input *[]v1alpha1.ApplicationSetCondition) *[]v1alpha1.ApplicationSetCondition { + var filteredConditions []v1alpha1.ApplicationSetCondition for _, condition := range *input { newCondition := &v1alpha1.ApplicationSetCondition{ diff --git a/test/e2e/fixture/applicationsets/utils/fixture.go b/test/e2e/fixture/applicationsets/utils/fixture.go index e447f9d455433..d4e23e5f5415d 100644 --- a/test/e2e/fixture/applicationsets/utils/fixture.go +++ b/test/e2e/fixture/applicationsets/utils/fixture.go @@ -81,11 +81,12 @@ func TestNamespace() string { return GetEnvWithDefault("ARGOCD_E2E_NAMESPACE", ArgoCDNamespace) } -// GetE2EFixtureK8sClient initializes the Kubernetes clients (if needed), and returns the most recently initialized value. +// GetE2EFixtureK8sClient initializes the Kubernetes clients (if needed), and returns the most recently initalized value. // Note: this requires a local Kubernetes configuration (for example, while running the E2E tests). func GetE2EFixtureK8sClient() *E2EFixtureK8sClient { // Initialize the Kubernetes clients only on first use clientInitialized.Do(func() { + // set-up variables config := getKubeConfig("", clientcmd.ConfigOverrides{}) @@ -100,12 +101,14 @@ func GetE2EFixtureK8sClient() *E2EFixtureK8sClient { ArgoCDExternalNamespace: internalClientVars.DynamicClientset.Resource(v1alpha1.SchemeGroupVersion.WithResource("applicationsets")).Namespace(string(ArgoCDExternalNamespace)), ArgoCDExternalNamespace2: internalClientVars.DynamicClientset.Resource(v1alpha1.SchemeGroupVersion.WithResource("applicationsets")).Namespace(string(ArgoCDExternalNamespace2)), } + }) return internalClientVars } // EnsureCleanSlate ensures that the Kubernetes resources on the cluster are in a 'clean' state, before a test is run. func EnsureCleanState(t *testing.T) { + start := time.Now() fixtureClient := GetE2EFixtureK8sClient() @@ -188,6 +191,7 @@ func EnsureCleanState(t *testing.T) { } func waitForExpectedClusterState() error { + fixtureClient := GetE2EFixtureK8sClient() SetProjectSpec(fixtureClient, "default", v1alpha1.AppProjectSpec{ @@ -225,6 +229,7 @@ func waitForExpectedClusterState() error { return fmt.Errorf("Waiting for list of Applications to be size zero: %d", len(appList.Items)) } return nil // Pass + }, time.Now().Add(60*time.Second)); err != nil { return err } @@ -275,6 +280,7 @@ func cleanUpNamespace(fixtureClient *E2EFixtureK8sClient, namespace string) erro // Returns if condition returns nil, or the expireTime has elapsed (in which // case the last error will be returned) func waitForSuccess(condition func() error, expireTime time.Time) error { + var mostRecentError error for { @@ -296,6 +302,7 @@ func waitForSuccess(condition func() error, expireTime time.Time) error { time.Sleep(500 * time.Millisecond) } return mostRecentError + } // getKubeConfig creates new kubernetes client config using specified config path and config overrides variables @@ -312,6 +319,7 @@ func getKubeConfig(configPath string, overrides clientcmd.ConfigOverrides) *rest // creates e2e tests fixture: ensures that Application CRD is installed, creates temporal namespace, starts repo and api server, // configure currently available cluster. func init() { + // ensure we log all shell execs log.SetLevel(log.DebugLevel) } @@ -366,10 +374,12 @@ func ToUnstructured(obj interface{}) (*unstructured.Unstructured, error) { // // Note: This only applies to tests that use the GitHub API (different from GitHub's Git service) func IsGitHubAPISkippedTest(t *testing.T) bool { + if strings.TrimSpace(os.Getenv("GITHUB_TOKEN")) == "" { t.Skip("Skipping this test, as the GITHUB_TOKEN is not set. Please ensure this test passes locally, with your own GITHUB_TOKEN.") return true } return false + } diff --git a/test/e2e/fixture/certs/certs.go b/test/e2e/fixture/certs/certs.go index 40db06a18f45d..b9dcea1a7624d 100644 --- a/test/e2e/fixture/certs/certs.go +++ b/test/e2e/fixture/certs/certs.go @@ -23,9 +23,9 @@ func AddCustomCACert() { errors.FailOnErr(fixture.RunCli(args...)) certData, err := os.ReadFile(caCertPath) errors.CheckError(err) - err = os.WriteFile(fixture.TmpDir+"/app/config/tls/localhost", certData, 0o644) + err = os.WriteFile(fixture.TmpDir+"/app/config/tls/localhost", certData, 0644) errors.CheckError(err) - err = os.WriteFile(fixture.TmpDir+"/app/config/tls/127.0.0.1", certData, 0o644) + err = os.WriteFile(fixture.TmpDir+"/app/config/tls/127.0.0.1", certData, 0644) errors.CheckError(err) } else { args := []string{"cert", "add-tls", "argocd-e2e-server", "--from", caCertPath} @@ -33,6 +33,7 @@ func AddCustomCACert() { fixture.RestartAPIServer() fixture.RestartRepoServer() } + } // AddCustomSSHKnownHostsKeys adds SSH known hosts data to the Argo CD server @@ -51,7 +52,7 @@ func AddCustomSSHKnownHostsKeys() { if fixture.IsLocal() { knownHostsData, err := os.ReadFile(knownHostsPath) errors.CheckError(err) - err = os.WriteFile(fixture.TmpDir+"/app/config/ssh/ssh_known_hosts", knownHostsData, 0o644) + err = os.WriteFile(fixture.TmpDir+"/app/config/ssh/ssh_known_hosts", knownHostsData, 0644) errors.CheckError(err) } else { fixture.RestartAPIServer() diff --git a/test/e2e/fixture/cluster/actions.go b/test/e2e/fixture/cluster/actions.go index bd8fb33184379..0613c9a22cf15 100644 --- a/test/e2e/fixture/cluster/actions.go +++ b/test/e2e/fixture/cluster/actions.go @@ -7,12 +7,11 @@ import ( "log" "strings" - "k8s.io/client-go/kubernetes" - "k8s.io/client-go/tools/clientcmd" - "github.com/argoproj/argo-cd/v2/common" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/util/clusterauth" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" clusterpkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/cluster" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" @@ -58,6 +57,7 @@ func (a *Actions) Create(args ...string) *Actions { }, Upsert: a.context.upsert, }) + if err != nil { if !a.ignoreErrors { log.Fatalf(fmt.Sprintf("Failed to upsert cluster %v", err.Error())) diff --git a/test/e2e/fixture/fixture.go b/test/e2e/fixture/fixture.go index e9e2c351c3df9..f8dd60cb74974 100644 --- a/test/e2e/fixture/fixture.go +++ b/test/e2e/fixture/fixture.go @@ -231,6 +231,7 @@ func init() { for scanner.Scan() { testsRun[scanner.Text()] = true } + } func loginAs(username, password string) { @@ -567,7 +568,7 @@ func EnsureCleanState(t *testing.T, opts ...TestOption) { opt := newTestOption(opts...) // In large scenarios, we can skip tests that already run SkipIfAlreadyRun(t) - // Register this test after it has been run & was successful + // Register this test after it has been run & was successfull t.Cleanup(func() { RecordTestRun(t) }) @@ -755,6 +756,7 @@ func RunCliWithStdin(stdin string, args ...string) (string, error) { } func Patch(path string, jsonPatch string) { + log.WithFields(log.Fields{"path": path, "jsonPatch": jsonPatch}).Info("patching") filename := filepath.Join(repoDirectory(), path) @@ -782,7 +784,7 @@ func Patch(path string, jsonPatch string) { CheckError(err) } - CheckError(os.WriteFile(filename, bytes, 0o644)) + CheckError(os.WriteFile(filename, bytes, 0644)) FailOnErr(Run(repoDirectory(), "git", "diff")) FailOnErr(Run(repoDirectory(), "git", "commit", "-am", "patch")) if IsRemote() { @@ -791,6 +793,7 @@ func Patch(path string, jsonPatch string) { } func Delete(path string) { + log.WithFields(log.Fields{"path": path}).Info("deleting") CheckError(os.Remove(filepath.Join(repoDirectory(), path))) @@ -805,10 +808,11 @@ func Delete(path string) { func WriteFile(path, contents string) { log.WithFields(log.Fields{"path": path}).Info("adding") - CheckError(os.WriteFile(filepath.Join(repoDirectory(), path), []byte(contents), 0o644)) + CheckError(os.WriteFile(filepath.Join(repoDirectory(), path), []byte(contents), 0644)) } func AddFile(path, contents string) { + WriteFile(path, contents) FailOnErr(Run(repoDirectory(), "git", "diff")) @@ -856,6 +860,7 @@ func AddTag(name string) { // create the resource by creating using "kubectl apply", with bonus templating func Declarative(filename string, values interface{}) (string, error) { + bytes, err := os.ReadFile(path.Join("testdata", filename)) CheckError(err) @@ -996,7 +1001,7 @@ func RecordTestRun(t *testing.T) { return } log.Infof("Registering test execution at %s", rf) - f, err := os.OpenFile(rf, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0o644) + f, err := os.OpenFile(rf, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) if err != nil { t.Fatalf("could not open record file %s: %v", rf, err) } diff --git a/test/e2e/fixture/gpgkeys/gpgkeys.go b/test/e2e/fixture/gpgkeys/gpgkeys.go index 0751f67ad2cec..339c6e474dd93 100644 --- a/test/e2e/fixture/gpgkeys/gpgkeys.go +++ b/test/e2e/fixture/gpgkeys/gpgkeys.go @@ -19,7 +19,7 @@ func AddGPGPublicKey() { if fixture.IsLocal() { keyData, err := os.ReadFile(keyPath) errors.CheckError(err) - err = os.WriteFile(fmt.Sprintf("%s/app/config/gpg/source/%s", fixture.TmpDir, fixture.GpgGoodKeyID), keyData, 0o644) + err = os.WriteFile(fmt.Sprintf("%s/app/config/gpg/source/%s", fixture.TmpDir, fixture.GpgGoodKeyID), keyData, 0644) errors.CheckError(err) } else { fixture.RestartRepoServer() diff --git a/test/e2e/fixture/repos/repos.go b/test/e2e/fixture/repos/repos.go index e64f6e20fe8fa..70eb574265554 100644 --- a/test/e2e/fixture/repos/repos.go +++ b/test/e2e/fixture/repos/repos.go @@ -137,10 +137,8 @@ func AddHelmHTTPSCredentialsTLSClientCert() { // AddHelmoOCICredentialsWithoutUserPass adds credentials for Helm OIC repo to context func AddHelmoOCICredentialsWithoutUserPass() { - args := []string{ - "repocreds", "add", fixture.RepoURL(fixture.RepoURLTypeHelmOCI), - "--enable-oci", "--type", "helm", - } + args := []string{"repocreds", "add", fixture.RepoURL(fixture.RepoURLTypeHelmOCI), + "--enable-oci", "--type", "helm"} errors.FailOnErr(fixture.RunCli(args...)) } @@ -174,4 +172,5 @@ func PushChartToOCIRegistry(chartPathName, chartName, chartVersion string) { fmt.Sprintf("%s/%s-%s.tgz", tempDest, chartName, chartVersion), fmt.Sprintf("oci://%s", fixture.HelmOCIRegistryURL), )) + } diff --git a/test/e2e/git_test.go b/test/e2e/git_test.go deleted file mode 100644 index d231ab2034311..0000000000000 --- a/test/e2e/git_test.go +++ /dev/null @@ -1,53 +0,0 @@ -package e2e - -import ( - "strings" - "testing" - - v1 "k8s.io/api/core/v1" - - "github.com/argoproj/argo-cd/v2/test/e2e/fixture" - - . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" - . "github.com/argoproj/argo-cd/v2/test/e2e/fixture/app" -) - -func TestGitSemverResolutionNotUsingConstraint(t *testing.T) { - Given(t). - Path("deployment"). - CustomSSHKnownHostsAdded(). - SSHRepoURLAdded(true). - RepoURLType(fixture.RepoURLTypeSSH). - Revision("v0.1.0"). - When(). - AddTag("v0.1.0"). - CreateApp(). - Sync(). - Then(). - Expect(SyncStatusIs(SyncStatusCodeSynced)) -} - -func TestGitSemverResolutionUsingConstraint(t *testing.T) { - Given(t). - Path("deployment"). - CustomSSHKnownHostsAdded(). - SSHRepoURLAdded(true). - RepoURLType(fixture.RepoURLTypeSSH). - Revision("v0.1.*"). - When(). - AddTag("v0.1.0"). - CreateApp(). - Sync(). - Then(). - Expect(SyncStatusIs(SyncStatusCodeSynced)). - When(). - PatchFile("deployment.yaml", `[ - {"op": "replace", "path": "/metadata/name", "value": "new-app"}, - {"op": "replace", "path": "/spec/replicas", "value": 1} -]`). - AddTag("v0.1.2"). - Sync(). - Then(). - Expect(SyncStatusIs(SyncStatusCodeSynced)). - Expect(Pod(func(p v1.Pod) bool { return strings.HasPrefix(p.Name, "new-app") })) -} diff --git a/test/e2e/helm_test.go b/test/e2e/helm_test.go index 06e0c8ea9e622..5fd774ea0c46d 100644 --- a/test/e2e/helm_test.go +++ b/test/e2e/helm_test.go @@ -135,13 +135,13 @@ func TestHelmIgnoreMissingValueFiles(t *testing.T) { Then(). And(func(app *Application) { assert.Equal(t, []string{"does-not-exist-values.yaml"}, app.Spec.GetSource().Helm.ValueFiles) - assert.False(t, app.Spec.GetSource().Helm.IgnoreMissingValueFiles) + assert.Equal(t, false, app.Spec.GetSource().Helm.IgnoreMissingValueFiles) }). When(). AppSet("--ignore-missing-value-files"). Then(). And(func(app *Application) { - assert.True(t, app.Spec.GetSource().Helm.IgnoreMissingValueFiles) + assert.Equal(t, true, app.Spec.GetSource().Helm.IgnoreMissingValueFiles) }). When(). Sync(). @@ -153,7 +153,7 @@ func TestHelmIgnoreMissingValueFiles(t *testing.T) { AppUnSet("--ignore-missing-value-files"). Then(). And(func(app *Application) { - assert.False(t, app.Spec.GetSource().Helm.IgnoreMissingValueFiles) + assert.Equal(t, false, app.Spec.GetSource().Helm.IgnoreMissingValueFiles) }). When(). IgnoreErrors(). diff --git a/test/e2e/hook_test.go b/test/e2e/hook_test.go index 7c3860b47c8f2..2db8ff87795ad 100644 --- a/test/e2e/hook_test.go +++ b/test/e2e/hook_test.go @@ -7,7 +7,6 @@ import ( "time" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -66,6 +65,7 @@ func TestPostDeleteHook(t *testing.T) { assert.Len(t, hooks.Items, 1) assert.Equal(t, "hook", hooks.Items[0].Name) }) + } // make sure that that hooks do not appear in "argocd app diff" @@ -77,7 +77,7 @@ func TestHookDiff(t *testing.T) { Then(). And(func(_ *Application) { output, err := RunCli("app", "diff", Name()) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, output, "name: pod") assert.NotContains(t, output, "name: hook") }) @@ -420,7 +420,7 @@ func TestAutomaticallyNamingUnnamedHook(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { resources := app.Status.OperationState.SyncResult.Resources - assert.Len(t, resources, 3) + assert.Equal(t, 3, len(resources)) // make sure we don't use the same name assert.Contains(t, resources[0].Name, "presync") assert.Contains(t, resources[2].Name, "postsync") diff --git a/test/e2e/jsonnet_test.go b/test/e2e/jsonnet_test.go index 3f1113b4207a5..cad88f34a0048 100644 --- a/test/e2e/jsonnet_test.go +++ b/test/e2e/jsonnet_test.go @@ -6,7 +6,6 @@ import ( . "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/argoproj/gitops-engine/pkg/utils/kube" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" @@ -24,9 +23,9 @@ func TestJsonnetAppliedCorrectly(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { manifests, err := RunCli("app", "manifests", app.Name, "--source", "live") - require.NoError(t, err) + assert.NoError(t, err) resources, err := kube.SplitYAML([]byte(manifests)) - require.NoError(t, err) + assert.NoError(t, err) index := -1 for i := range resources { @@ -36,7 +35,7 @@ func TestJsonnetAppliedCorrectly(t *testing.T) { } } - assert.Greater(t, index, -1) + assert.True(t, index > -1) deployment := resources[index] assert.Equal(t, "jsonnet-guestbook-ui", deployment.GetName()) @@ -54,9 +53,9 @@ func TestJsonnetTlaParameterAppliedCorrectly(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). And(func(app *Application) { manifests, err := RunCli("app", "manifests", app.Name, "--source", "live") - require.NoError(t, err) + assert.NoError(t, err) resources, err := kube.SplitYAML([]byte(manifests)) - require.NoError(t, err) + assert.NoError(t, err) index := -1 for i := range resources { @@ -66,7 +65,7 @@ func TestJsonnetTlaParameterAppliedCorrectly(t *testing.T) { } } - assert.Greater(t, index, -1) + assert.True(t, index > -1) deployment := resources[index] assert.Equal(t, "testing-tla", deployment.GetName()) @@ -88,7 +87,6 @@ func TestJsonnetTlaEnv(t *testing.T) { assert.Equal(t, Name(), FailOnErr(Run(".", "kubectl", "-n", DeploymentNamespace(), "get", "cm", "my-map", "-o", "jsonpath={.data.bar}")).(string)) }) } - func TestJsonnetExtVarEnv(t *testing.T) { Given(t). Path("jsonnet-ext-var"). diff --git a/test/e2e/kustomize_test.go b/test/e2e/kustomize_test.go index 8936d591cfb65..862e55c9e9502 100644 --- a/test/e2e/kustomize_test.go +++ b/test/e2e/kustomize_test.go @@ -7,7 +7,6 @@ import ( "github.com/argoproj/gitops-engine/pkg/health" . "github.com/argoproj/gitops-engine/pkg/sync/common" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" . "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" @@ -16,6 +15,7 @@ import ( ) func TestKustomize2AppSource(t *testing.T) { + patchLabelMatchesFor := func(kind string) func(app *Application) { return func(app *Application) { name := "k2-patched-guestbook-ui-deploy1" @@ -23,7 +23,7 @@ func TestKustomize2AppSource(t *testing.T) { "", "kubectl", "-n="+fixture.DeploymentNamespace(), "get", kind, name, "-ojsonpath={.metadata.labels.patched-by}") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, "argo-cd", labelValue, "wrong value of 'patched-by' label of %s %s", kind, name) } } @@ -98,13 +98,14 @@ func TestSyncStatusOptionIgnore(t *testing.T) { Expect(SyncStatusIs(SyncStatusCodeSynced)). Expect(HealthIs(health.HealthStatusHealthy)). And(func(app *Application) { - assert.Len(t, app.Status.Resources, 2) + assert.Equal(t, 2, len(app.Status.Resources)) for _, resourceStatus := range app.Status.Resources { // new map in-sync if resourceStatus.Name != oldMap { assert.Contains(t, resourceStatus.Name, "my-map-") // make sure we've a new map with changed name assert.Equal(t, SyncStatusCodeSynced, resourceStatus.Status) + } else { assert.Equal(t, SyncStatusCodeOutOfSync, resourceStatus.Status) } @@ -190,7 +191,7 @@ func TestKustomizeReplicas2AppSource(t *testing.T) { "", "kubectl", "-n="+fixture.DeploymentNamespace(), "get", kind, name, "-ojsonpath={.spec.replicas}") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, strconv.Itoa(deploymentReplicas), replicas, "wrong value of replicas %s %s", kind, name) } } @@ -255,7 +256,7 @@ func TestKustomizeUnsetOverride(t *testing.T) { assert.Contains(t, app.Spec.GetSource().Kustomize.Images, KustomizeImage("alpine:bar")) }). When(). - // AppUnSet("--kustomize-image=alpine"). + //AppUnSet("--kustomize-image=alpine"). AppUnSet("--kustomize-image", "alpine", "--kustomize-image", "alpine"). Then(). And(func(app *Application) { diff --git a/test/e2e/matrix_e2e_test.go b/test/e2e/matrix_e2e_test.go index e6f8781fcfcea..9fc023ecaaf69 100644 --- a/test/e2e/matrix_e2e_test.go +++ b/test/e2e/matrix_e2e_test.go @@ -58,10 +58,9 @@ func TestListMatrixGenerator(t *testing.T) { Given(t). // Create a ClusterGenerator-based ApplicationSet When(). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "matrix-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "matrix-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{values.name}}-{{path.basename}}"}, @@ -185,10 +184,9 @@ func TestClusterMatrixGenerator(t *testing.T) { When(). CreateClusterSecret("my-secret", "cluster1", "https://kubernetes.default.svc"). CreateClusterSecret("my-secret2", "cluster2", "https://kubernetes.default.svc"). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "matrix-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "matrix-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-{{path.basename}}"}, @@ -309,10 +307,9 @@ func TestMatrixTerminalMatrixGeneratorSelector(t *testing.T) { Given(t). // Create ApplicationSet with LabelSelector on an ApplicationSetTerminalGenerator When(). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "matrix-generator-nested-matrix", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "matrix-generator-nested-matrix", + }, Spec: v1alpha1.ApplicationSetSpec{ ApplyNestedSelectors: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -457,10 +454,9 @@ func TestMatrixTerminalMergeGeneratorSelector(t *testing.T) { Given(t). // Create ApplicationSet with LabelSelector on an ApplicationSetTerminalGenerator When(). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "matrix-generator-nested-merge", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "matrix-generator-nested-merge", + }, Spec: v1alpha1.ApplicationSetSpec{ ApplyNestedSelectors: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -529,6 +525,7 @@ func TestMatrixTerminalMergeGeneratorSelector(t *testing.T) { // Update the ApplicationSetTerminalGenerator LabelSelector, and verify the Applications are deleted and created When(). Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Generators[0].Matrix.Generators[0].Merge = toAPIExtensionsJSON(t, &v1alpha1.NestedMergeGenerator{ MergeKeys: []string{"path.basename"}, Generators: []v1alpha1.ApplicationSetTerminalGenerator{ diff --git a/test/e2e/merge_e2e_test.go b/test/e2e/merge_e2e_test.go index 970996aee9819..9ad148b65b985 100644 --- a/test/e2e/merge_e2e_test.go +++ b/test/e2e/merge_e2e_test.go @@ -54,10 +54,9 @@ func TestListMergeGenerator(t *testing.T) { Given(t). // Create a ClusterGenerator-based ApplicationSet When(). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "merge-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "merge-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{path.basename}}-{{name-suffix}}"}, @@ -182,10 +181,9 @@ func TestClusterMergeGenerator(t *testing.T) { When(). CreateClusterSecret("my-secret", "cluster1", "https://kubernetes.default.svc"). CreateClusterSecret("my-secret2", "cluster2", "https://kubernetes.default.svc"). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "merge-generator", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "merge-generator", + }, Spec: v1alpha1.ApplicationSetSpec{ Template: v1alpha1.ApplicationSetTemplate{ ApplicationSetTemplateMeta: v1alpha1.ApplicationSetTemplateMeta{Name: "{{name}}-{{path.basename}}-{{values.name-suffix}}"}, @@ -320,10 +318,9 @@ func TestMergeTerminalMergeGeneratorSelector(t *testing.T) { Given(t). // Create ApplicationSet with LabelSelector on an ApplicationSetTerminalGenerator When(). - Create(v1alpha1.ApplicationSet{ - ObjectMeta: metav1.ObjectMeta{ - Name: "merge-generator-nested-merge", - }, + Create(v1alpha1.ApplicationSet{ObjectMeta: metav1.ObjectMeta{ + Name: "merge-generator-nested-merge", + }, Spec: v1alpha1.ApplicationSetSpec{ ApplyNestedSelectors: true, Template: v1alpha1.ApplicationSetTemplate{ @@ -393,6 +390,7 @@ func TestMergeTerminalMergeGeneratorSelector(t *testing.T) { // Update the ApplicationSetTerminalGenerator LabelSelector, and verify the Applications are deleted and created When(). Update(func(appset *v1alpha1.ApplicationSet) { + appset.Spec.Generators[0].Merge.Generators[0].Merge = toAPIExtensionsJSON(t, &v1alpha1.NestedMergeGenerator{ MergeKeys: []string{"path.basename"}, Generators: []v1alpha1.ApplicationSetTerminalGenerator{ @@ -435,6 +433,7 @@ func TestMergeTerminalMergeGeneratorSelector(t *testing.T) { } func toAPIExtensionsJSON(t *testing.T, g interface{}) *apiextensionsv1.JSON { + resVal, err := json.Marshal(g) if err != nil { t.Error("unable to unmarshal json", g) diff --git a/test/e2e/multiarch-container/Dockerfile b/test/e2e/multiarch-container/Dockerfile index 54ae46ffed69a..681a4bd44e61e 100644 --- a/test/e2e/multiarch-container/Dockerfile +++ b/test/e2e/multiarch-container/Dockerfile @@ -1,2 +1,2 @@ -FROM docker.io/library/busybox@sha256:9ae97d36d26566ff84e8893c64a6dc4fe8ca6d1144bf5b87b2b85a32def253c7 +FROM docker.io/library/busybox@sha256:c3839dd800b9eb7603340509769c43e146a74c63dca3045a8e7dc8ee07e53966 CMD exec sh -c "trap : TERM INT; echo 'Hi' && tail -f /dev/null" diff --git a/test/e2e/notification_test.go b/test/e2e/notification_test.go index e4dd855a107e3..eebe4d8991ae5 100644 --- a/test/e2e/notification_test.go +++ b/test/e2e/notification_test.go @@ -3,12 +3,10 @@ package e2e import ( "testing" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - "k8s.io/utils/ptr" - "github.com/argoproj/argo-cd/v2/pkg/apiclient/notification" notifFixture "github.com/argoproj/argo-cd/v2/test/e2e/fixture/notification" + "github.com/stretchr/testify/assert" + "k8s.io/utils/pointer" ) func TestNotificationsListServices(t *testing.T) { @@ -16,8 +14,8 @@ func TestNotificationsListServices(t *testing.T) { ctx.When(). SetParamInNotificationConfigMap("service.webhook.test", "url: https://test.example.com"). Then().Services(func(services *notification.ServiceList, err error) { - require.NoError(t, err) - assert.Equal(t, []*notification.Service{{Name: ptr.To("test")}}, services.Items) + assert.Nil(t, err) + assert.Equal(t, []*notification.Service{{Name: pointer.String("test")}}, services.Items) }) } @@ -26,8 +24,8 @@ func TestNotificationsListTemplates(t *testing.T) { ctx.When(). SetParamInNotificationConfigMap("template.app-created", "email:\n subject: Application {{.app.metadata.name}} has been created.\nmessage: Application {{.app.metadata.name}} has been created.\nteams:\n title: Application {{.app.metadata.name}} has been created.\n"). Then().Templates(func(templates *notification.TemplateList, err error) { - require.NoError(t, err) - assert.Equal(t, []*notification.Template{{Name: ptr.To("app-created")}}, templates.Items) + assert.Nil(t, err) + assert.Equal(t, []*notification.Template{{Name: pointer.String("app-created")}}, templates.Items) }) } @@ -36,7 +34,7 @@ func TestNotificationsListTriggers(t *testing.T) { ctx.When(). SetParamInNotificationConfigMap("trigger.on-created", "- description: Application is created.\n oncePer: app.metadata.name\n send:\n - app-created\n when: \"true\"\n"). Then().Triggers(func(triggers *notification.TriggerList, err error) { - require.NoError(t, err) - assert.Equal(t, []*notification.Trigger{{Name: ptr.To("on-created")}}, triggers.Items) + assert.Nil(t, err) + assert.Equal(t, []*notification.Trigger{{Name: pointer.String("on-created")}}, triggers.Items) }) } diff --git a/test/e2e/project_management_test.go b/test/e2e/project_management_test.go index 5e8b42a94442d..fb8886a21dbd4 100644 --- a/test/e2e/project_management_test.go +++ b/test/e2e/project_management_test.go @@ -10,11 +10,10 @@ import ( "time" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/fields" - "k8s.io/utils/ptr" + "k8s.io/utils/pointer" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" "github.com/argoproj/argo-cd/v2/test/e2e/fixture" @@ -29,7 +28,7 @@ func assertProjHasEvent(t *testing.T, a *v1alpha1.AppProject, message string, re "involvedObject.namespace": fixture.TestNamespace(), }).String(), }) - require.NoError(t, err) + assert.NoError(t, err) for i := range list.Items { event := list.Items[i] @@ -50,12 +49,12 @@ func TestProjectCreation(t *testing.T) { "-d", "https://192.168.99.100:8443,service", "-s", "https://github.com/argoproj/argo-cd.git", "--orphaned-resources") - require.NoError(t, err) + assert.Nil(t, err) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, projectName, proj.Name) - assert.Len(t, proj.Spec.Destinations, 2) + assert.Equal(t, 2, len(proj.Spec.Destinations)) assert.Equal(t, "https://192.168.99.100:8443", proj.Spec.Destinations[0].Server) assert.Equal(t, "default", proj.Spec.Destinations[0].Namespace) @@ -63,7 +62,7 @@ func TestProjectCreation(t *testing.T) { assert.Equal(t, "https://192.168.99.100:8443", proj.Spec.Destinations[1].Server) assert.Equal(t, "service", proj.Spec.Destinations[1].Namespace) - assert.Len(t, proj.Spec.SourceRepos, 1) + assert.Equal(t, 1, len(proj.Spec.SourceRepos)) assert.Equal(t, "https://github.com/argoproj/argo-cd.git", proj.Spec.SourceRepos[0]) assert.NotNil(t, proj.Spec.OrphanedResources) @@ -77,19 +76,19 @@ func TestProjectCreation(t *testing.T) { proj.ResourceVersion = "" data, err := json.Marshal(proj) stdinString := string(data) - require.NoError(t, err) + assert.NoError(t, err) // fail without upsert flag _, err = fixture.RunCliWithStdin(stdinString, "proj", "create", "-f", "-") - require.Error(t, err) + assert.Error(t, err) // succeed with the upsert flag _, err = fixture.RunCliWithStdin(stdinString, "proj", "create", "-f", "-", "--upsert") - require.NoError(t, err) + assert.NoError(t, err) proj, err = fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, newDescription, proj.Spec.Description) } @@ -99,10 +98,10 @@ func TestProjectDeletion(t *testing.T) { projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Create( context.Background(), &v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: projectName}}, metav1.CreateOptions{}) - require.NoError(t, err) + assert.NoError(t, err) _, err = fixture.RunCli("proj", "delete", projectName) - require.NoError(t, err) + assert.NoError(t, err) _, err = fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) assert.True(t, errors.IsNotFound(err)) @@ -115,19 +114,19 @@ func TestSetProject(t *testing.T) { projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10) _, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Create( context.Background(), &v1alpha1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: projectName}}, metav1.CreateOptions{}) - require.NoError(t, err) + assert.NoError(t, err) _, err = fixture.RunCli("proj", "set", projectName, "--description", "updated description", "-d", "https://192.168.99.100:8443,default", "-d", "https://192.168.99.100:8443,service", "--orphaned-resources-warn=false") - require.NoError(t, err) + assert.NoError(t, err) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, projectName, proj.Name) - assert.Len(t, proj.Spec.Destinations, 2) + assert.Equal(t, 2, len(proj.Spec.Destinations)) assert.Equal(t, "https://192.168.99.100:8443", proj.Spec.Destinations[0].Server) assert.Equal(t, "default", proj.Spec.Destinations[0].Namespace) @@ -155,6 +154,7 @@ func TestAddProjectDestination(t *testing.T) { "https://192.168.99.100:8443", "test1", ) + if err != nil { t.Fatalf("Unable to add project destination %v", err) } @@ -163,27 +163,27 @@ func TestAddProjectDestination(t *testing.T) { "https://192.168.99.100:8443", "test1", ) - require.Error(t, err) + assert.Error(t, err) assert.True(t, strings.Contains(err.Error(), "already defined")) _, err = fixture.RunCli("proj", "add-destination", projectName, "!*", "test1", ) - require.Error(t, err) + assert.Error(t, err) assert.True(t, strings.Contains(err.Error(), "server has an invalid format, '!*'")) _, err = fixture.RunCli("proj", "add-destination", projectName, "https://192.168.99.100:8443", "!*", ) - require.Error(t, err) + assert.Error(t, err) assert.True(t, strings.Contains(err.Error(), "namespace has an invalid format, '!*'")) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, projectName, proj.Name) - assert.Len(t, proj.Spec.Destinations, 1) + assert.Equal(t, 1, len(proj.Spec.Destinations)) assert.Equal(t, "https://192.168.99.100:8443", proj.Spec.Destinations[0].Server) assert.Equal(t, "test1", proj.Spec.Destinations[0].Namespace) @@ -205,14 +205,15 @@ func TestAddProjectDestinationWithName(t *testing.T) { "test1", "--name", ) + if err != nil { t.Fatalf("Unable to add project destination %v", err) } proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, projectName, proj.Name) - assert.Len(t, proj.Spec.Destinations, 1) + assert.Equal(t, 1, len(proj.Spec.Destinations)) assert.Equal(t, "", proj.Spec.Destinations[0].Server) assert.Equal(t, "in-cluster", proj.Spec.Destinations[0].Name) @@ -233,6 +234,7 @@ func TestRemoveProjectDestination(t *testing.T) { }}, }, }, metav1.CreateOptions{}) + if err != nil { t.Fatalf("Unable to create project %v", err) } @@ -241,6 +243,7 @@ func TestRemoveProjectDestination(t *testing.T) { "https://192.168.99.100:8443", "test", ) + if err != nil { t.Fatalf("Unable to remove project destination %v", err) } @@ -249,7 +252,7 @@ func TestRemoveProjectDestination(t *testing.T) { "https://192.168.99.100:8443", "test1", ) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "does not exist") proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) @@ -257,7 +260,7 @@ func TestRemoveProjectDestination(t *testing.T) { t.Fatalf("Unable to get project %v", err) } assert.Equal(t, projectName, proj.Name) - assert.Empty(t, proj.Spec.Destinations) + assert.Equal(t, 0, len(proj.Spec.Destinations)) assertProjHasEvent(t, proj, "update", argo.EventReasonResourceUpdated) } @@ -272,17 +275,18 @@ func TestAddProjectSource(t *testing.T) { } _, err = fixture.RunCli("proj", "add-source", projectName, "https://github.com/argoproj/argo-cd.git") + if err != nil { t.Fatalf("Unable to add project source %v", err) } _, err = fixture.RunCli("proj", "add-source", projectName, "https://github.com/argoproj/argo-cd.git") - require.NoError(t, err) + assert.Nil(t, err) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, projectName, proj.Name) - assert.Len(t, proj.Spec.SourceRepos, 1) + assert.Equal(t, 1, len(proj.Spec.SourceRepos)) assert.Equal(t, "https://github.com/argoproj/argo-cd.git", proj.Spec.SourceRepos[0]) } @@ -298,19 +302,19 @@ func TestRemoveProjectSource(t *testing.T) { }, }, metav1.CreateOptions{}) - require.NoError(t, err) + assert.NoError(t, err) _, err = fixture.RunCli("proj", "remove-source", projectName, "https://github.com/argoproj/argo-cd.git") - require.NoError(t, err) + assert.NoError(t, err) _, err = fixture.RunCli("proj", "remove-source", projectName, "https://github.com/argoproj/argo-cd.git") - require.NoError(t, err) + assert.NoError(t, err) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, projectName, proj.Name) - assert.Empty(t, proj.Spec.SourceRepos) + assert.Equal(t, 0, len(proj.Spec.SourceRepos)) assertProjHasEvent(t, proj, "update", argo.EventReasonResourceUpdated) } @@ -320,7 +324,6 @@ func TestUseJWTToken(t *testing.T) { projectName := "proj-" + strconv.FormatInt(time.Now().Unix(), 10) appName := "app-" + strconv.FormatInt(time.Now().Unix(), 10) roleName := "roleTest" - roleName2 := "roleTest2" testApp := &v1alpha1.Application{ ObjectMeta: metav1.ObjectMeta{ Name: appName, @@ -347,50 +350,42 @@ func TestUseJWTToken(t *testing.T) { SourceRepos: []string{"*"}, }, }, metav1.CreateOptions{}) - require.NoError(t, err) + assert.Nil(t, err) _, err = fixture.AppClientset.ArgoprojV1alpha1().Applications(fixture.TestNamespace()).Create(context.Background(), testApp, metav1.CreateOptions{}) - require.NoError(t, err) + assert.NoError(t, err) _, err = fixture.RunCli("proj", "role", "create", projectName, roleName) - require.NoError(t, err) + assert.NoError(t, err) roleGetResult, err := fixture.RunCli("proj", "role", "get", projectName, roleName) - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, strings.HasSuffix(roleGetResult, "ID ISSUED-AT EXPIRES-AT")) _, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName) - require.NoError(t, err) - - // Create second role with kubectl, to test that it will not affect 1st role - _, err = fixture.Run("", "kubectl", "patch", "appproject", projectName, "--type", "merge", - "-n", fixture.TestNamespace(), - "-p", fmt.Sprintf(`{"spec":{"roles":[{"name":"%s"},{"name":"%s"}]}}`, roleName, roleName2)) - require.NoError(t, err) - - _, err = fixture.RunCli("proj", "role", "create-token", projectName, roleName2) - require.NoError(t, err) + assert.NoError(t, err) for _, action := range []string{"get", "update", "sync", "create", "override", "*"} { _, err = fixture.RunCli("proj", "role", "add-policy", projectName, roleName, "-a", action, "-o", "*", "-p", "allow") - require.NoError(t, err) + assert.NoError(t, err) } newProj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Len(t, newProj.Status.JWTTokensByRole[roleName].Items, 1) assert.ElementsMatch(t, newProj.Status.JWTTokensByRole[roleName].Items, newProj.Spec.Roles[0].JWTTokens) roleGetResult, err = fixture.RunCli("proj", "role", "get", projectName, roleName) - require.NoError(t, err) + assert.NoError(t, err) assert.True(t, strings.Contains(roleGetResult, strconv.FormatInt(newProj.Status.JWTTokensByRole[roleName].Items[0].IssuedAt, 10))) _, err = fixture.RunCli("proj", "role", "delete-token", projectName, roleName, strconv.FormatInt(newProj.Status.JWTTokensByRole[roleName].Items[0].IssuedAt, 10)) - require.NoError(t, err) + assert.NoError(t, err) newProj, err = fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Nil(t, newProj.Status.JWTTokensByRole[roleName].Items) assert.Nil(t, newProj.Spec.Roles[0].JWTTokens) + } func TestAddOrphanedIgnore(t *testing.T) { @@ -409,6 +404,7 @@ func TestAddOrphanedIgnore(t *testing.T) { "--name", "name", ) + if err != nil { t.Fatalf("Unable to add resource to orphaned ignore %v", err) } @@ -419,13 +415,13 @@ func TestAddOrphanedIgnore(t *testing.T) { "--name", "name", ) - require.Error(t, err) + assert.Error(t, err) assert.True(t, strings.Contains(err.Error(), "already defined")) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, projectName, proj.Name) - assert.Len(t, proj.Spec.OrphanedResources.Ignore, 1) + assert.Equal(t, 1, len(proj.Spec.OrphanedResources.Ignore)) assert.Equal(t, "group", proj.Spec.OrphanedResources.Ignore[0].Group) assert.Equal(t, "kind", proj.Spec.OrphanedResources.Ignore[0].Kind) @@ -441,11 +437,12 @@ func TestRemoveOrphanedIgnore(t *testing.T) { ObjectMeta: metav1.ObjectMeta{Name: projectName}, Spec: v1alpha1.AppProjectSpec{ OrphanedResources: &v1alpha1.OrphanedResourcesMonitorSettings{ - Warn: ptr.To(true), + Warn: pointer.Bool(true), Ignore: []v1alpha1.OrphanedResourceKey{{Group: "group", Kind: "kind", Name: "name"}}, }, }, }, metav1.CreateOptions{}) + if err != nil { t.Fatalf("Unable to create project %v", err) } @@ -456,6 +453,7 @@ func TestRemoveOrphanedIgnore(t *testing.T) { "--name", "name", ) + if err != nil { t.Fatalf("Unable to remove resource from orphaned ignore list %v", err) } @@ -466,7 +464,7 @@ func TestRemoveOrphanedIgnore(t *testing.T) { "--name", "name", ) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "does not exist") proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) @@ -474,7 +472,7 @@ func TestRemoveOrphanedIgnore(t *testing.T) { t.Fatalf("Unable to get project %v", err) } assert.Equal(t, projectName, proj.Name) - assert.Empty(t, proj.Spec.OrphanedResources.Ignore) + assert.Equal(t, 0, len(proj.Spec.OrphanedResources.Ignore)) assertProjHasEvent(t, proj, "update", argo.EventReasonResourceUpdated) } @@ -547,7 +545,7 @@ func createAndConfigGlobalProject() error { func TestGetVirtualProjectNoMatch(t *testing.T) { fixture.EnsureCleanState(t) err := createAndConfigGlobalProject() - require.NoError(t, err) + assert.NoError(t, err) // Create project which does not match global project settings projectName := "proj-" + fixture.Name() @@ -556,15 +554,15 @@ func TestGetVirtualProjectNoMatch(t *testing.T) { "-d", fmt.Sprintf("%s,*", v1alpha1.KubernetesInternalAPIServerAddr), "-s", "*", "--orphaned-resources") - require.NoError(t, err) + assert.NoError(t, err) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) // Create an app belongs to proj project _, err = fixture.RunCli("app", "create", fixture.Name(), "--repo", fixture.RepoURL(fixture.RepoURLTypeFile), "--path", guestbookPath, "--project", proj.Name, "--dest-server", v1alpha1.KubernetesInternalAPIServerAddr, "--dest-namespace", fixture.DeploymentNamespace()) - require.NoError(t, err) + assert.NoError(t, err) // Waiting for the app to be successfully created. // Else the sync would fail to retrieve the app resources. @@ -572,17 +570,18 @@ func TestGetVirtualProjectNoMatch(t *testing.T) { // App trying to sync a resource which is not blacked listed anywhere _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", "apps:Deployment:guestbook-ui", "--timeout", fmt.Sprintf("%v", 10)) - require.NoError(t, err) + assert.NoError(t, err) // app trying to sync a resource which is black listed by global project _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", ":Service:guestbook-ui", "--timeout", fmt.Sprintf("%v", 10)) - require.NoError(t, err) + assert.NoError(t, err) + } func TestGetVirtualProjectMatch(t *testing.T) { fixture.EnsureCleanState(t) err := createAndConfigGlobalProject() - require.NoError(t, err) + assert.NoError(t, err) // Create project which matches global project settings projectName := "proj-" + fixture.Name() @@ -591,20 +590,20 @@ func TestGetVirtualProjectMatch(t *testing.T) { "-d", fmt.Sprintf("%s,*", v1alpha1.KubernetesInternalAPIServerAddr), "-s", "*", "--orphaned-resources") - require.NoError(t, err) + assert.NoError(t, err) proj, err := fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Get(context.Background(), projectName, metav1.GetOptions{}) - require.NoError(t, err) + assert.NoError(t, err) // Add a label to this project so that this project match global project selector proj.Labels = map[string]string{"opt": "me"} _, err = fixture.AppClientset.ArgoprojV1alpha1().AppProjects(fixture.TestNamespace()).Update(context.Background(), proj, metav1.UpdateOptions{}) - require.NoError(t, err) + assert.NoError(t, err) // Create an app belongs to proj project _, err = fixture.RunCli("app", "create", fixture.Name(), "--repo", fixture.RepoURL(fixture.RepoURLTypeFile), "--path", guestbookPath, "--project", proj.Name, "--dest-server", v1alpha1.KubernetesInternalAPIServerAddr, "--dest-namespace", fixture.DeploymentNamespace()) - require.NoError(t, err) + assert.NoError(t, err) // Waiting for the app to be successfully created. // Else the sync would fail to retrieve the app resources. @@ -612,10 +611,11 @@ func TestGetVirtualProjectMatch(t *testing.T) { // App trying to sync a resource which is not blacked listed anywhere _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", "apps:Deployment:guestbook-ui", "--timeout", fmt.Sprintf("%v", 10)) - require.Error(t, err) + assert.Error(t, err) assert.Contains(t, err.Error(), "blocked by sync window") // app trying to sync a resource which is black listed by global project _, err = fixture.RunCli("app", "sync", fixture.Name(), "--resource", ":Service:guestbook-ui", "--timeout", fmt.Sprintf("%v", 10)) assert.Contains(t, err.Error(), "blocked by sync window") + } diff --git a/test/e2e/repo_management_test.go b/test/e2e/repo_management_test.go index c49eb2eeba794..70b14d5682299 100644 --- a/test/e2e/repo_management_test.go +++ b/test/e2e/repo_management_test.go @@ -5,7 +5,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" repositorypkg "github.com/argoproj/argo-cd/v2/pkg/apiclient/repository" "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" @@ -21,15 +20,15 @@ func TestAddRemovePublicRepo(t *testing.T) { app.Given(t).And(func() { repoUrl := fixture.RepoURL(fixture.RepoURLTypeFile) _, err := fixture.RunCli("repo", "add", repoUrl) - require.NoError(t, err) + assert.NoError(t, err) conn, repoClient, err := fixture.ArgoCDClientset.NewRepoClient() - require.NoError(t, err) + assert.NoError(t, err) defer argoio.Close(conn) repo, err := repoClient.ListRepositories(context.Background(), &repositorypkg.RepoQuery{}) - require.NoError(t, err) + assert.Nil(t, err) exists := false for i := range repo.Items { if repo.Items[i].Repo == repoUrl { @@ -40,10 +39,10 @@ func TestAddRemovePublicRepo(t *testing.T) { assert.True(t, exists) _, err = fixture.RunCli("repo", "rm", repoUrl) - require.NoError(t, err) + assert.NoError(t, err) repo, err = repoClient.ListRepositories(context.Background(), &repositorypkg.RepoQuery{}) - require.NoError(t, err) + assert.NoError(t, err) exists = false for i := range repo.Items { if repo.Items[i].Repo == repoUrl { @@ -67,7 +66,7 @@ func TestGetRepoWithInheritedCreds(t *testing.T) { // Then, we remove username/password so that the repo inherits the credentials from our repocreds conn, repoClient, err := fixture.ArgoCDClientset.NewRepoClient() - require.NoError(t, err) + assert.NoError(t, err) defer argoio.Close(conn) _, err = repoClient.UpdateRepository(context.Background(), &repositorypkg.RepoUpdateRequest{ @@ -75,15 +74,15 @@ func TestGetRepoWithInheritedCreds(t *testing.T) { Repo: repoUrl, }, }) - require.NoError(t, err) + assert.NoError(t, err) // CLI output should indicate that repo has inherited credentials out, err := fixture.RunCli("repo", "get", repoUrl) - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "inherited") _, err = fixture.RunCli("repo", "rm", repoUrl) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -92,13 +91,13 @@ func TestUpsertExistingRepo(t *testing.T) { fixture.SetRepos(settings.RepositoryCredentials{URL: fixture.RepoURL(fixture.RepoURLTypeFile)}) repoUrl := fixture.RepoURL(fixture.RepoURLTypeFile) _, err := fixture.RunCli("repo", "add", repoUrl) - require.NoError(t, err) + assert.NoError(t, err) _, err = fixture.RunCli("repo", "add", repoUrl, "--username", fixture.GitUsername, "--password", fixture.GitPassword) - require.Error(t, err) + assert.Error(t, err) _, err = fixture.RunCli("repo", "add", repoUrl, "--upsert", "--username", fixture.GitUsername, "--password", fixture.GitPassword) - require.NoError(t, err) + assert.NoError(t, err) }) } @@ -111,15 +110,15 @@ func TestAddRemoveHelmRepo(t *testing.T) { "--password", fixture.GitPassword, "--tls-client-cert-path", repos.CertPath, "--tls-client-cert-key-path", repos.CertKeyPath) - require.NoError(t, err) + assert.NoError(t, err) conn, repoClient, err := fixture.ArgoCDClientset.NewRepoClient() - require.NoError(t, err) + assert.NoError(t, err) defer argoio.Close(conn) repo, err := repoClient.ListRepositories(context.Background(), &repositorypkg.RepoQuery{}) - require.NoError(t, err) + assert.NoError(t, err) exists := false for i := range repo.Items { if repo.Items[i].Repo == fixture.RepoURL(fixture.RepoURLTypeHelm) { @@ -130,10 +129,10 @@ func TestAddRemoveHelmRepo(t *testing.T) { assert.True(t, exists) _, err = fixture.RunCli("repo", "rm", fixture.RepoURL(fixture.RepoURLTypeHelm)) - require.NoError(t, err) + assert.NoError(t, err) repo, err = repoClient.ListRepositories(context.Background(), &repositorypkg.RepoQuery{}) - require.NoError(t, err) + assert.NoError(t, err) exists = false for i := range repo.Items { if repo.Items[i].Repo == fixture.RepoURL(fixture.RepoURLTypeHelm) { @@ -143,6 +142,7 @@ func TestAddRemoveHelmRepo(t *testing.T) { } assert.False(t, exists) }) + } func TestAddHelmRepoInsecureSkipVerify(t *testing.T) { @@ -156,16 +156,22 @@ func TestAddHelmRepoInsecureSkipVerify(t *testing.T) { "--tls-client-cert-path", repos.CertPath, "--tls-client-cert-key-path", repos.CertKeyPath) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } conn, repoClient, err := fixture.ArgoCDClientset.NewRepoClient() - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } defer argoio.Close(conn) repo, err := repoClient.ListRepositories(context.Background(), &repositorypkg.RepoQuery{}) - require.NoError(t, err) + if !assert.NoError(t, err) { + return + } exists := false for i := range repo.Items { @@ -176,4 +182,5 @@ func TestAddHelmRepoInsecureSkipVerify(t *testing.T) { } assert.True(t, exists) }) + } diff --git a/test/e2e/scoped_repository_test.go b/test/e2e/scoped_repository_test.go index 1a459af06736d..275deb0c20f63 100644 --- a/test/e2e/scoped_repository_test.go +++ b/test/e2e/scoped_repository_test.go @@ -32,10 +32,10 @@ func TestCreateRepositoryWithProject(t *testing.T) { Then(). And(func(r *Repository, err error) { assert.Equal(t, r.Repo, path) - assert.Equal(t, "argo-project", r.Project) + assert.Equal(t, r.Project, "argo-project") prjConsequence.And(func(projectResponse *project.DetailedProjectsResponse, err error) { - assert.Len(t, projectResponse.Repositories, 1) + assert.Equal(t, len(projectResponse.Repositories), 1) assert.Equal(t, projectResponse.Repositories[0].Repo, path) }) }) @@ -121,7 +121,7 @@ func TestDeleteRepositoryRbacAllowed(t *testing.T) { Then(). And(func(r *Repository, err error) { assert.Equal(t, r.Repo, path) - assert.Equal(t, "argo-project", r.Project) + assert.Equal(t, r.Project, "argo-project") }). When(). Delete(). @@ -164,7 +164,7 @@ func TestDeleteRepositoryRbacDenied(t *testing.T) { Then(). And(func(r *Repository, err error) { assert.Equal(t, r.Repo, path) - assert.Equal(t, "argo-project", r.Project) + assert.Equal(t, r.Project, "argo-project") }). When(). IgnoreErrors(). @@ -190,8 +190,9 @@ func TestDeleteRepository(t *testing.T) { Delete(). Then(). And(func(r *Repository, err error) { - assert.Equal(t, "repo not found", err.Error()) + assert.Equal(t, err.Error(), "repo not found") }) + } func TestListRepoCLIOutput(t *testing.T) { diff --git a/test/e2e/user_info_test.go b/test/e2e/user_info_test.go index 3e852c030f221..db352b816e82a 100644 --- a/test/e2e/user_info_test.go +++ b/test/e2e/user_info_test.go @@ -4,7 +4,6 @@ import ( "testing" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" . "github.com/argoproj/argo-cd/v2/test/e2e/fixture" ) @@ -14,7 +13,7 @@ func TestUserInfo(t *testing.T) { output, err := RunCli("account", "get-user-info") - require.NoError(t, err) + assert.NoError(t, err) assert.Equal(t, `Logged In: true Username: admin Issuer: argocd diff --git a/test/fixture/path/files.go b/test/fixture/path/files.go index 5a7a2ae380277..5c5f6120a7ec6 100644 --- a/test/fixture/path/files.go +++ b/test/fixture/path/files.go @@ -10,6 +10,7 @@ import ( // CopyDir copies the contents of a directory from 'src' to 'dest' func CopyDir(src string, dest string) error { + mode, err := os.Stat(src) if err != nil { return err diff --git a/test/manifests_test.go b/test/manifests_test.go index 9c30714041bcb..ce62b175d79b3 100644 --- a/test/manifests_test.go +++ b/test/manifests_test.go @@ -8,7 +8,6 @@ import ( argoexec "github.com/argoproj/pkg/exec" "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" "github.com/argoproj/argo-cd/v2/test/fixture/test" ) @@ -16,7 +15,7 @@ import ( func TestKustomizeVersion(t *testing.T) { test.CIOnly(t) out, err := argoexec.RunCommand("kustomize", argoexec.CmdOpts{}, "version") - require.NoError(t, err) + assert.NoError(t, err) assert.Contains(t, out, "v5.", "kustomize should be version 5") } @@ -42,5 +41,5 @@ func TestBuildManifests(t *testing.T) { _, err = argoexec.RunCommand("kustomize", argoexec.CmdOpts{}, "build", dirName) return err }) - require.NoError(t, err) + assert.NoError(t, err) } diff --git a/test/remote/Dockerfile b/test/remote/Dockerfile index 139bd696437ce..cf43ee355567d 100644 --- a/test/remote/Dockerfile +++ b/test/remote/Dockerfile @@ -1,4 +1,4 @@ -ARG BASE_IMAGE=docker.io/library/ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 +ARG BASE_IMAGE=docker.io/library/ubuntu:22.04 FROM docker.io/library/golang:1.22.0@sha256:7b297d9abee021bab9046e492506b3c2da8a3722cbf301653186545ecc1e00bb AS go diff --git a/test/testutil.go b/test/testutil.go index 3ad755bfdca69..e97de4a762bcf 100644 --- a/test/testutil.go +++ b/test/testutil.go @@ -10,12 +10,11 @@ import ( "testing" "time" + "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" log "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/client-go/tools/cache" "sigs.k8s.io/yaml" - - "github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1" ) // StartInformer is a helper to start an informer, wait for its cache to sync and return a cancel func diff --git a/tools/cmd-docs/main.go b/tools/cmd-docs/main.go index 27c26195c851c..aace315302d4b 100644 --- a/tools/cmd-docs/main.go +++ b/tools/cmd-docs/main.go @@ -54,4 +54,5 @@ func main() { if err != nil { log.Fatal(err) } + } diff --git a/ui-test/Dockerfile b/ui-test/Dockerfile index 4aaa407a2f801..46231bad8d142 100644 --- a/ui-test/Dockerfile +++ b/ui-test/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/library/node:22.4.0@sha256:2558f19e787cb0baed81a8068adf7509023b43dedce24ed606f8a01522b21313 as node +FROM docker.io/library/node:21.7.1@sha256:b9ccc4aca32eebf124e0ca0fd573dacffba2b9236987a1d4d2625ce3c162ecc8 as node RUN apt-get update && apt-get install --no-install-recommends -y \ software-properties-common diff --git a/ui-test/package.json b/ui-test/package.json index 20f9bc3b27190..fd34ca2edab4a 100644 --- a/ui-test/package.json +++ b/ui-test/package.json @@ -12,21 +12,21 @@ "author": "Keith Chong", "license": "Apache-2.0", "dependencies": { - "@types/selenium-webdriver": "^4.1.23", - "assert": "^2.1.0", - "chromedriver": "^126.0.4", - "selenium-webdriver": "^4.21.0" + "@types/selenium-webdriver": "^4.0.9", + "assert": "^2.0.0", + "chromedriver": "^94.0.0", + "selenium-webdriver": "^4.0.0-alpha.7" }, "devDependencies": { - "@types/mocha": "^10.0.6", - "@types/node": "^20.14.9", - "dotenv": "^16.4.5", - "mocha": "^10.4.0", - "prettier": "^2.8.8", + "@types/mocha": "^8.0.3", + "@types/node": "^14.14.2", + "dotenv": "^8.2.0", + "mocha": "^8.2.0", + "prettier": "^1.18.2", "tslint": "^6.1.3", "tslint-config-prettier": "^1.18.0", "tslint-plugin-prettier": "^2.0.1", - "typescript": "^5.5.3", - "yarn": "^1.22.22" + "typescript": "^4.0.3", + "yarn": "^1.22.13" } } diff --git a/ui-test/yarn.lock b/ui-test/yarn.lock index 9c65a22f56dd8..9d7f089c6f4d9 100644 --- a/ui-test/yarn.lock +++ b/ui-test/yarn.lock @@ -23,42 +23,51 @@ chalk "^2.0.0" js-tokens "^4.0.0" -"@testim/chrome-version@^1.1.4": - version "1.1.4" - resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.1.4.tgz#86e04e677cd6c05fa230dd15ac223fa72d1d7090" - integrity sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g== - -"@tootallnate/quickjs-emscripten@^0.23.0": - version "0.23.0" - resolved "https://registry.yarnpkg.com/@tootallnate/quickjs-emscripten/-/quickjs-emscripten-0.23.0.tgz#db4ecfd499a9765ab24002c3b696d02e6d32a12c" - integrity sha512-C5Mc6rdnsaJDjO3UpGW/CQTHtCKaYlScZTly4JIu97Jxo/odCiH0ITnDXSJPTOrEKk/ycSZ0AOgTmkDtkOsvIA== +"@nodelib/fs.scandir@2.1.5": + version "2.1.5" + resolved "https://registry.yarnpkg.com/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz#7619c2eb21b25483f6d167548b4cfd5a7488c3d5" + integrity sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g== + dependencies: + "@nodelib/fs.stat" "2.0.5" + run-parallel "^1.1.9" -"@types/mocha@^10.0.6": - version "10.0.6" - resolved "https://registry.yarnpkg.com/@types/mocha/-/mocha-10.0.6.tgz#818551d39113081048bdddbef96701b4e8bb9d1b" - integrity sha512-dJvrYWxP/UcXm36Qn36fxhUKu8A/xMRXVT2cliFF1Z7UA9liG5Psj3ezNSZw+5puH2czDXRLcXQxf8JbJt0ejg== +"@nodelib/fs.stat@2.0.5", "@nodelib/fs.stat@^2.0.2": + version "2.0.5" + resolved "https://registry.yarnpkg.com/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz#5bd262af94e9d25bd1e71b05deed44876a222e8b" + integrity sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A== -"@types/node@*", "@types/node@^20.14.9": - version "20.14.9" - resolved "https://registry.yarnpkg.com/@types/node/-/node-20.14.9.tgz#12e8e765ab27f8c421a1820c99f5f313a933b420" - integrity sha512-06OCtnTXtWOZBJlRApleWndH4JsRVs1pDCc8dLSQp+7PpUpX3ePdHyeNSFTeSe7FtKyQkrlPvHwJOW3SLd8Oyg== +"@nodelib/fs.walk@^1.2.3": + version "1.2.8" + resolved "https://registry.yarnpkg.com/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz#e95737e8bb6746ddedf69c556953494f196fe69a" + integrity sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg== dependencies: - undici-types "~5.26.4" + "@nodelib/fs.scandir" "2.1.5" + fastq "^1.6.0" -"@types/selenium-webdriver@^4.1.23": - version "4.1.23" - resolved "https://registry.yarnpkg.com/@types/selenium-webdriver/-/selenium-webdriver-4.1.23.tgz#05a2794927db661f075ab443d5504b679b32f7f7" - integrity sha512-PgreEfCfafYLyTwvJTZvOspCq3JABnS51e+NSFFL5yoiMO7h04lWgLfr10NA7nl/yZbz4m76rBfOOdDfleb7pQ== - dependencies: - "@types/node" "*" - "@types/ws" "*" +"@testim/chrome-version@^1.0.7": + version "1.0.7" + resolved "https://registry.yarnpkg.com/@testim/chrome-version/-/chrome-version-1.0.7.tgz#0cd915785ec4190f08a3a6acc9b61fc38fb5f1a9" + integrity sha512-8UT/J+xqCYfn3fKtOznAibsHpiuDshCb0fwgWxRazTT19Igp9ovoXMPhXyLD6m3CKQGTMHgqoxaFfMWaL40Rnw== -"@types/ws@*": - version "8.5.10" - resolved "https://registry.yarnpkg.com/@types/ws/-/ws-8.5.10.tgz#4acfb517970853fa6574a3a6886791d04a396787" - integrity sha512-vmQSUcfalpIq0R9q7uTo2lXs6eGIpt9wtnLdMv9LVpIjCA/+ufZRozlVoVelIYixx1ugCBKDhn89vnsEGOCx9A== - dependencies: - "@types/node" "*" +"@types/mocha@^8.0.3": + version "8.2.0" + resolved "https://registry.npmjs.org/@types/mocha/-/mocha-8.2.0.tgz" + integrity sha512-/Sge3BymXo4lKc31C8OINJgXLaw+7vL1/L1pGiBNpGrBiT8FQiaFpSYV0uhTaG4y78vcMBTMFsWaHDvuD+xGzQ== + +"@types/node@*": + version "16.10.3" + resolved "https://registry.yarnpkg.com/@types/node/-/node-16.10.3.tgz#7a8f2838603ea314d1d22bb3171d899e15c57bd5" + integrity sha512-ho3Ruq+fFnBrZhUYI46n/bV2GjwzSkwuT4dTf0GkuNFmnb8nq4ny2z9JEVemFi6bdEJanHLlYfy9c6FN9B9McQ== + +"@types/node@^14.14.2": + version "14.14.14" + resolved "https://registry.npmjs.org/@types/node/-/node-14.14.14.tgz" + integrity sha512-UHnOPWVWV1z+VV8k6L1HhG7UbGBgIdghqF3l9Ny9ApPghbjICXkUJSd/b9gOgQfjM1r+37cipdw/HJ3F6ICEnQ== + +"@types/selenium-webdriver@^4.0.9": + version "4.0.10" + resolved "https://registry.npmjs.org/@types/selenium-webdriver/-/selenium-webdriver-4.0.10.tgz" + integrity sha512-Xavn3fE+uM2aeIHtefIwpy0zAf2HQOyip/jU7ZR0ailt/B0ww/TJ6yMnfZ5pM0F4+Kx+9AQSnxQio3P5QAl1yQ== "@types/yauzl@^2.9.1": version "2.9.2" @@ -67,41 +76,59 @@ dependencies: "@types/node" "*" -agent-base@^7.0.2, agent-base@^7.1.0, agent-base@^7.1.1: - version "7.1.1" - resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-7.1.1.tgz#bdbded7dfb096b751a2a087eeeb9664725b2e317" - integrity sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA== +"@ungap/promise-all-settled@1.1.2": + version "1.1.2" + resolved "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz" + integrity sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q== + +agent-base@6: + version "6.0.2" + resolved "https://registry.yarnpkg.com/agent-base/-/agent-base-6.0.2.tgz#49fff58577cfee3f37176feab4c22e00f86d7f77" + integrity sha512-RZNwNclF7+MS/8bDg70amg32dyeZGZxiDuQmZxKLAlQjr3jGyLx+4Kkk58UO7D2QdgFIQCovuSuZESne6RG6XQ== + dependencies: + debug "4" + +aggregate-error@^3.0.0: + version "3.1.0" + resolved "https://registry.yarnpkg.com/aggregate-error/-/aggregate-error-3.1.0.tgz#92670ff50f5359bdb7a3e0d40d0ec30c5737687a" + integrity sha512-4I7Td01quW/RpocfNayFdFVk1qSuoh0E7JrbRJ16nH01HhKFQ88INq9Sd+nd72zqRySlr9BmDA8xlEJ6vJMrYA== dependencies: - debug "^4.3.4" + clean-stack "^2.0.0" + indent-string "^4.0.0" ansi-colors@4.1.1: version "4.1.1" resolved "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz" integrity sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA== -ansi-regex@^5.0.1: - version "5.0.1" - resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-5.0.1.tgz#082cb2c89c9fe8659a311a53bd6a4dc5301db304" - integrity sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ== +ansi-regex@^3.0.0: + version "3.0.1" + resolved "https://registry.yarnpkg.com/ansi-regex/-/ansi-regex-3.0.1.tgz#123d6479e92ad45ad897d4054e3c7ca7db4944e1" + integrity sha512-+O9Jct8wf++lXxxFc4hc8LsjaSq0HFzzL7cVsw8pRDIPdjKD2mT4ytDZlLuSBZ4cLKZFXIrMGO7DbQCtMJJMKw== -ansi-styles@^3.2.1: +ansi-regex@^4.1.0: + version "4.1.0" + resolved "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.0.tgz" + integrity sha512-1apePfXM1UOSqw0o9IiFAovVz9M5S1Dg+4TrDwfMewQ6p/rmMueb7tWZjQ1rx4Loy1ArBggoqGpfqqdI4rondg== + +ansi-styles@^3.2.0, ansi-styles@^3.2.1: version "3.2.1" resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz" integrity sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA== dependencies: color-convert "^1.9.0" -ansi-styles@^4.0.0, ansi-styles@^4.1.0: +ansi-styles@^4.1.0: version "4.3.0" resolved "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz" integrity sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg== dependencies: color-convert "^2.0.1" -anymatch@~3.1.2: - version "3.1.3" - resolved "https://registry.yarnpkg.com/anymatch/-/anymatch-3.1.3.tgz#790c58b19ba1720a84205b57c618d5ad8524973e" - integrity sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw== +anymatch@~3.1.1: + version "3.1.1" + resolved "https://registry.npmjs.org/anymatch/-/anymatch-3.1.1.tgz" + integrity sha512-mM8522psRCqzV+6LhomX5wgp25YVibjh8Wj23I5RPkPppSVSjyKD2A2mBJmWGa+KN7f2D6LNh9jkBCeyLktzjg== dependencies: normalize-path "^3.0.0" picomatch "^2.0.4" @@ -113,38 +140,25 @@ argparse@^1.0.7: dependencies: sprintf-js "~1.0.2" -argparse@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/argparse/-/argparse-2.0.1.tgz#246f50f3ca78a3240f6c997e8a9bd1eac49e4b38" - integrity sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q== - array-filter@^1.0.0: version "1.0.0" resolved "https://registry.npmjs.org/array-filter/-/array-filter-1.0.0.tgz" integrity sha1-uveeYubvTCpMC4MSMtr/7CUfnYM= -assert@^2.1.0: +array-union@^2.1.0: version "2.1.0" - resolved "https://registry.yarnpkg.com/assert/-/assert-2.1.0.tgz#6d92a238d05dc02e7427c881fb8be81c8448b2dd" - integrity sha512-eLHpSK/Y4nhMJ07gDaAzoX/XAKS8PSaojml3M0DM4JpV1LAi5JOJ/p6H/XWrl8L+DzVEvVCW1z3vWAaB9oTsQw== - dependencies: - call-bind "^1.0.2" - is-nan "^1.3.2" - object-is "^1.1.5" - object.assign "^4.1.4" - util "^0.12.5" + resolved "https://registry.yarnpkg.com/array-union/-/array-union-2.1.0.tgz#b798420adbeb1de828d84acd8a2e23d3efe85e8d" + integrity sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw== -ast-types@^0.13.4: - version "0.13.4" - resolved "https://registry.yarnpkg.com/ast-types/-/ast-types-0.13.4.tgz#ee0d77b343263965ecc3fb62da16e7222b2b6782" - integrity sha512-x1FCFnFifvYDDzTaLII71vG5uvDwgtmDTEVWAxrgeiR8VjMONcCXJx7E+USjDtHlwFmt9MysbqgF9b9Vjr6w+w== +assert@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/assert/-/assert-2.0.0.tgz" + integrity sha512-se5Cd+js9dXJnu6Ag2JFc00t+HmHOen+8Q+L7O9zI0PqQXr20uk2J0XQqMxZEeo5U50o8Nvmmx7dZrl+Ufr35A== dependencies: - tslib "^2.0.1" - -asynckit@^0.4.0: - version "0.4.0" - resolved "https://registry.yarnpkg.com/asynckit/-/asynckit-0.4.0.tgz#c79ed97f7f34cb8f2ba1bc9790bcc366474b4b79" - integrity sha512-Oei9OH4tRh0YqU3GxhX79dM/mwVgvbZJaSNaRk+bshkj0S5cfHcgYakreBjrHwatXKbz+IoIdYLxrKim2MjW0Q== + es6-object-assign "^1.1.0" + is-nan "^1.2.1" + object-is "^1.0.1" + util "^0.12.0" available-typed-arrays@^1.0.2: version "1.0.2" @@ -153,25 +167,18 @@ available-typed-arrays@^1.0.2: dependencies: array-filter "^1.0.0" -axios@^1.6.7: - version "1.7.1" - resolved "https://registry.yarnpkg.com/axios/-/axios-1.7.1.tgz#522145622a09dfaf49359837db9649ff245a35b9" - integrity sha512-+LV37nQcd1EpFalkXksWNBiA17NZ5m5/WspmHGmZmdx1qBOg/VNq/c4eRJiA9VQQHBOs+N0ZhhdU10h2TyNK7Q== +axios@^0.21.2: + version "0.21.4" + resolved "https://registry.yarnpkg.com/axios/-/axios-0.21.4.tgz#c67b90dc0568e5c1cf2b0b858c43ba28e2eda575" + integrity sha512-ut5vewkiu8jjGBdqpM44XxjuCjq9LAKeHVmoVfHVzy8eHgxxq8SbAVQNovDA8mVi05kP0Ea/n/UzcSHcTJQfNg== dependencies: - follow-redirects "^1.15.6" - form-data "^4.0.0" - proxy-from-env "^1.1.0" + follow-redirects "^1.14.0" balanced-match@^1.0.0: version "1.0.2" resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.2.tgz#e83e3a7e3f300b34cb9d87f615fa0cbf357690ee" integrity sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw== -basic-ftp@^5.0.2: - version "5.0.5" - resolved "https://registry.yarnpkg.com/basic-ftp/-/basic-ftp-5.0.5.tgz#14a474f5fffecca1f4f406f1c26b18f800225ac0" - integrity sha512-4Bcg1P8xhUuqcii/S0Z9wiHIrQVPMermM1any+MX5GeGD7faD3/msQUDGLol9wOcz4/jbg/WJnGqoJF6LiBdtg== - binary-extensions@^2.0.0: version "2.1.0" resolved "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.1.0.tgz" @@ -185,19 +192,12 @@ brace-expansion@^1.1.7: balanced-match "^1.0.0" concat-map "0.0.1" -brace-expansion@^2.0.1: - version "2.0.1" - resolved "https://registry.yarnpkg.com/brace-expansion/-/brace-expansion-2.0.1.tgz#1edc459e0f0c548486ecf9fc99f2221364b9a0ae" - integrity sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA== +braces@^3.0.1, braces@~3.0.2: + version "3.0.2" + resolved "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz" + integrity sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A== dependencies: - balanced-match "^1.0.0" - -braces@~3.0.2: - version "3.0.3" - resolved "https://registry.yarnpkg.com/braces/-/braces-3.0.3.tgz#490332f40919452272d55a8480adc0c441358789" - integrity sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA== - dependencies: - fill-range "^7.1.1" + fill-range "^7.0.1" browser-stdout@1.3.1: version "1.3.1" @@ -214,16 +214,18 @@ builtin-modules@^1.1.1: resolved "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz" integrity sha1-Jw8HbFpywC9bZaR9+Uxf46J4iS8= -call-bind@^1.0.0, call-bind@^1.0.2, call-bind@^1.0.5, call-bind@^1.0.7: - version "1.0.7" - resolved "https://registry.yarnpkg.com/call-bind/-/call-bind-1.0.7.tgz#06016599c40c56498c18769d2730be242b6fa3b9" - integrity sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w== +call-bind@^1.0.0: + version "1.0.0" + resolved "https://registry.npmjs.org/call-bind/-/call-bind-1.0.0.tgz" + integrity sha512-AEXsYIyyDY3MCzbwdhzG3Jx1R0J2wetQyUynn6dYHAO+bg8l1k7jwZtRv4ryryFs7EP+NDlikJlVe59jr0cM2w== dependencies: - es-define-property "^1.0.0" - es-errors "^1.3.0" - function-bind "^1.1.2" - get-intrinsic "^1.2.4" - set-function-length "^1.2.1" + function-bind "^1.1.1" + get-intrinsic "^1.0.0" + +camelcase@^5.0.0: + version "5.3.1" + resolved "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz" + integrity sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg== camelcase@^6.0.0: version "6.2.0" @@ -239,50 +241,55 @@ chalk@^2.0.0, chalk@^2.3.0: escape-string-regexp "^1.0.5" supports-color "^5.3.0" -chalk@^4.1.0: - version "4.1.2" - resolved "https://registry.yarnpkg.com/chalk/-/chalk-4.1.2.tgz#aac4e2b7734a740867aeb16bf02aad556a1e7a01" - integrity sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA== +chalk@^4.0.0: + version "4.1.0" + resolved "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz" + integrity sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A== dependencies: ansi-styles "^4.1.0" supports-color "^7.1.0" -chokidar@3.5.3: - version "3.5.3" - resolved "https://registry.yarnpkg.com/chokidar/-/chokidar-3.5.3.tgz#1cf37c8707b932bd1af1ae22c0432e2acd1903bd" - integrity sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw== +chokidar@3.4.3: + version "3.4.3" + resolved "https://registry.npmjs.org/chokidar/-/chokidar-3.4.3.tgz" + integrity sha512-DtM3g7juCXQxFVSNPNByEC2+NImtBuxQQvWlHunpJIS5Ocr0lG306cC7FCi7cEA0fzmybPUIl4txBIobk1gGOQ== dependencies: - anymatch "~3.1.2" + anymatch "~3.1.1" braces "~3.0.2" - glob-parent "~5.1.2" + glob-parent "~5.1.0" is-binary-path "~2.1.0" is-glob "~4.0.1" normalize-path "~3.0.0" - readdirp "~3.6.0" + readdirp "~3.5.0" optionalDependencies: - fsevents "~2.3.2" + fsevents "~2.1.2" -chromedriver@^126.0.4: - version "126.0.4" - resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-126.0.4.tgz#5c5e1f80c4269b55251c563cf47709154090135b" - integrity sha512-mIdJqdocfN/y9fl5BymIzM9WQLy64x078i5tS1jGFzbFAwXwXrj3zmA86Wf3R/hywPYpWqwXxFGBJHgqZTuGCA== +chromedriver@^94.0.0: + version "94.0.0" + resolved "https://registry.yarnpkg.com/chromedriver/-/chromedriver-94.0.0.tgz#f6a3533976ba72413a01672954040c3544ea9d30" + integrity sha512-x4hK7R7iOyAhdLHJEcOyGBW/oa2kno6AqpHVLd+n3G7c2Vk9XcAXMz84XhNItqykJvTc6E3z/JRIT1eHYH//Eg== dependencies: - "@testim/chrome-version" "^1.1.4" - axios "^1.6.7" - compare-versions "^6.1.0" + "@testim/chrome-version" "^1.0.7" + axios "^0.21.2" + del "^6.0.0" extract-zip "^2.0.1" - proxy-agent "^6.4.0" + https-proxy-agent "^5.0.0" proxy-from-env "^1.1.0" - tcp-port-used "^1.0.2" + tcp-port-used "^1.0.1" + +clean-stack@^2.0.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/clean-stack/-/clean-stack-2.2.0.tgz#ee8472dbb129e727b31e8a10a427dee9dfe4008b" + integrity sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A== -cliui@^7.0.2: - version "7.0.4" - resolved "https://registry.yarnpkg.com/cliui/-/cliui-7.0.4.tgz#a0265ee655476fc807aea9df3df8df7783808b4f" - integrity sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ== +cliui@^5.0.0: + version "5.0.0" + resolved "https://registry.npmjs.org/cliui/-/cliui-5.0.0.tgz" + integrity sha512-PYeGSEmmHM6zvoef2w8TPzlrnNpXIjTipYK780YswmIP9vjxmd6Y2a3CB2Ks6/AU8NHjZugXvo8w3oWM2qnwXA== dependencies: - string-width "^4.2.0" - strip-ansi "^6.0.0" - wrap-ansi "^7.0.0" + string-width "^3.1.0" + strip-ansi "^5.2.0" + wrap-ansi "^5.1.0" color-convert@^1.9.0: version "1.9.3" @@ -308,23 +315,11 @@ color-name@~1.1.4: resolved "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz" integrity sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA== -combined-stream@^1.0.8: - version "1.0.8" - resolved "https://registry.yarnpkg.com/combined-stream/-/combined-stream-1.0.8.tgz#c3d45a8b34fd730631a110a8a2520682b31d5a7f" - integrity sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg== - dependencies: - delayed-stream "~1.0.0" - commander@^2.12.1: version "2.20.3" resolved "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz" integrity sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ== -compare-versions@^6.1.0: - version "6.1.0" - resolved "https://registry.yarnpkg.com/compare-versions/-/compare-versions-6.1.0.tgz#3f2131e3ae93577df111dba133e6db876ffe127a" - integrity sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg== - concat-map@0.0.1: version "0.0.1" resolved "https://registry.yarnpkg.com/concat-map/-/concat-map-0.0.1.tgz#d8a96bd77fd68df7793a73036a3ba0d5405d477b" @@ -335,15 +330,17 @@ core-util-is@~1.0.0: resolved "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz" integrity sha1-tf1UIgqivFq1eqtxQMlAdUUDwac= -data-uri-to-buffer@^6.0.2: - version "6.0.2" - resolved "https://registry.yarnpkg.com/data-uri-to-buffer/-/data-uri-to-buffer-6.0.2.tgz#8a58bb67384b261a38ef18bea1810cb01badd28b" - integrity sha512-7hvf7/GW8e86rW0ptuwS3OcBGDjIi6SZva7hCyWC0yYry2cOPmLIjXAUHI6DK2HsnwJd9ifmt57i8eV2n4YNpw== +debug@4, debug@^4.1.1: + version "4.3.2" + resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.2.tgz#f0a49c18ac8779e31d4a0c6029dfb76873c7428b" + integrity sha512-mOp8wKcvj7XxC78zLgw/ZA+6TSgkoE2C/ienthhRD298T7UNwAg9diBpLRxC0mOezLl4B0xV7M0cCO6P/O0Xhw== + dependencies: + ms "2.1.2" -debug@4, debug@4.3.4, debug@^4.1.1, debug@^4.3.4: - version "4.3.4" - resolved "https://registry.yarnpkg.com/debug/-/debug-4.3.4.tgz#1319f6579357f2338d3337d2cdd4914bb5dcc865" - integrity sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ== +debug@4.2.0: + version "4.2.0" + resolved "https://registry.npmjs.org/debug/-/debug-4.2.0.tgz" + integrity sha512-IX2ncY78vDTjZMFUdmsvIRFY2Cf4FnD0wRs+nQwJU8Lu99/tPFdb0VybiiMTPe3I6rQmwsqQqRBvxU+bZ/I8sg== dependencies: ms "2.1.2" @@ -354,6 +351,11 @@ debug@4.3.1: dependencies: ms "2.1.2" +decamelize@^1.2.0: + version "1.2.0" + resolved "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz" + integrity sha1-9lNNFRSCabIDUue+4m9QH5oZEpA= + decamelize@^4.0.0: version "4.0.0" resolved "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz" @@ -364,15 +366,6 @@ deep-is@^0.1.3: resolved "https://registry.yarnpkg.com/deep-is/-/deep-is-0.1.4.tgz#a6f2dce612fadd2ef1f519b73551f17e85199831" integrity sha512-oIPzksmTg4/MriiaYGO+okXDT7ztn/w3Eptv/+gSIdMdKsJo0u4CfYNFJPy+4SKMuCqGw2wxnA+URMg3t8a/bQ== -define-data-property@^1.0.1, define-data-property@^1.1.4: - version "1.1.4" - resolved "https://registry.yarnpkg.com/define-data-property/-/define-data-property-1.1.4.tgz#894dc141bb7d3060ae4366f6a0107e68fbe48c5e" - integrity sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A== - dependencies: - es-define-property "^1.0.0" - es-errors "^1.3.0" - gopd "^1.0.1" - define-properties@^1.1.3: version "1.1.3" resolved "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz" @@ -380,48 +373,41 @@ define-properties@^1.1.3: dependencies: object-keys "^1.0.12" -define-properties@^1.2.1: - version "1.2.1" - resolved "https://registry.yarnpkg.com/define-properties/-/define-properties-1.2.1.tgz#10781cc616eb951a80a034bafcaa7377f6af2b6c" - integrity sha512-8QmQKqEASLd5nx0U1B1okLElbUuuttJ/AnYmRXbbbGDWh6uS208EjD4Xqq/I9wK7u0v6O08XhTWnt5XtEbR6Dg== - dependencies: - define-data-property "^1.0.1" - has-property-descriptors "^1.0.0" - object-keys "^1.1.1" - -degenerator@^5.0.0: - version "5.0.1" - resolved "https://registry.yarnpkg.com/degenerator/-/degenerator-5.0.1.tgz#9403bf297c6dad9a1ece409b37db27954f91f2f5" - integrity sha512-TllpMR/t0M5sqCXfj85i4XaAzxmS5tVA16dqvdkMwGmzI+dXLXnw3J+3Vdv7VKw+ThlTMboK6i9rnZ6Nntj5CQ== +del@^6.0.0: + version "6.0.0" + resolved "https://registry.yarnpkg.com/del/-/del-6.0.0.tgz#0b40d0332cea743f1614f818be4feb717714c952" + integrity sha512-1shh9DQ23L16oXSZKB2JxpL7iMy2E0S9d517ptA1P8iw0alkPtQcrKH7ru31rYtKwF499HkTu+DRzq3TCKDFRQ== dependencies: - ast-types "^0.13.4" - escodegen "^2.1.0" - esprima "^4.0.1" - -delayed-stream@~1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/delayed-stream/-/delayed-stream-1.0.0.tgz#df3ae199acadfb7d440aaae0b29e2272b24ec619" - integrity sha512-ZySD7Nf91aLB0RxL4KGrKHBXl7Eds1DAmEdcoVawXnLD7SDhpNgtuII2aAkg7a7QS41jxPSZ17p4VdGnMHk3MQ== - -diff@5.0.0: - version "5.0.0" - resolved "https://registry.yarnpkg.com/diff/-/diff-5.0.0.tgz#7ed6ad76d859d030787ec35855f5b1daf31d852b" - integrity sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w== + globby "^11.0.1" + graceful-fs "^4.2.4" + is-glob "^4.0.1" + is-path-cwd "^2.2.0" + is-path-inside "^3.0.2" + p-map "^4.0.0" + rimraf "^3.0.2" + slash "^3.0.0" -diff@^4.0.1: +diff@4.0.2, diff@^4.0.1: version "4.0.2" resolved "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz" integrity sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A== -dotenv@^16.4.5: - version "16.4.5" - resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-16.4.5.tgz#cdd3b3b604cb327e286b4762e13502f717cb099f" - integrity sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg== +dir-glob@^3.0.1: + version "3.0.1" + resolved "https://registry.yarnpkg.com/dir-glob/-/dir-glob-3.0.1.tgz#56dbf73d992a4a93ba1584f4534063fd2e41717f" + integrity sha512-WkrWp9GR4KXfKGYzOLmTuGVi1UWFfws377n9cc55/tb6DuqyF6pcQ5AbiHEshaDpY9v6oaSr2XCDidGmMwdzIA== + dependencies: + path-type "^4.0.0" + +dotenv@^8.2.0: + version "8.2.0" + resolved "https://registry.npmjs.org/dotenv/-/dotenv-8.2.0.tgz" + integrity sha512-8sJ78ElpbDJBHNeBzUbUVLsqKdccaa/BXF1uPTw3GrvQTBgrQrtObr2mUrE38vzYd8cEv+m/JBfDLioYcfXoaw== -emoji-regex@^8.0.0: - version "8.0.0" - resolved "https://registry.yarnpkg.com/emoji-regex/-/emoji-regex-8.0.0.tgz#e818fd69ce5ccfcb404594f842963bf53164cc37" - integrity sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A== +emoji-regex@^7.0.1: + version "7.0.3" + resolved "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz" + integrity sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA== end-of-stream@^1.1.0: version "1.4.4" @@ -448,18 +434,6 @@ es-abstract@^1.18.0-next.1: string.prototype.trimend "^1.0.1" string.prototype.trimstart "^1.0.1" -es-define-property@^1.0.0: - version "1.0.0" - resolved "https://registry.yarnpkg.com/es-define-property/-/es-define-property-1.0.0.tgz#c7faefbdff8b2696cf5f46921edfb77cc4ba3845" - integrity sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ== - dependencies: - get-intrinsic "^1.2.4" - -es-errors@^1.3.0: - version "1.3.0" - resolved "https://registry.yarnpkg.com/es-errors/-/es-errors-1.3.0.tgz#05f75a25dab98e4fb1dcd5e1472c0546d5057c8f" - integrity sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw== - es-to-primitive@^1.2.1: version "1.2.1" resolved "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.2.1.tgz" @@ -469,10 +443,10 @@ es-to-primitive@^1.2.1: is-date-object "^1.0.1" is-symbol "^1.0.2" -escalade@^3.1.1: - version "3.1.2" - resolved "https://registry.yarnpkg.com/escalade/-/escalade-3.1.2.tgz#54076e9ab29ea5bf3d8f1ed62acffbb88272df27" - integrity sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA== +es6-object-assign@^1.1.0: + version "1.1.0" + resolved "https://registry.npmjs.org/es6-object-assign/-/es6-object-assign-1.1.0.tgz" + integrity sha1-wsNYJlYkfDnqEHyx5mUrb58kUjw= escape-string-regexp@4.0.0: version "4.0.0" @@ -484,17 +458,6 @@ escape-string-regexp@^1.0.5: resolved "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz" integrity sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ= -escodegen@^2.1.0: - version "2.1.0" - resolved "https://registry.yarnpkg.com/escodegen/-/escodegen-2.1.0.tgz#ba93bbb7a43986d29d6041f99f5262da773e2e17" - integrity sha512-2NlIDTwUWJN0mRPQOdtQBzbUHvdGY2P1VXSyU83Q3xKxM7WHX2Ql8dKq782Q9TgQUNOLEzEYu9bzLNj1q88I5w== - dependencies: - esprima "^4.0.1" - estraverse "^5.2.0" - esutils "^2.0.2" - optionalDependencies: - source-map "~0.6.1" - eslint-plugin-prettier@^2.2.0: version "2.7.0" resolved "https://registry.npmjs.org/eslint-plugin-prettier/-/eslint-plugin-prettier-2.7.0.tgz" @@ -503,21 +466,11 @@ eslint-plugin-prettier@^2.2.0: fast-diff "^1.1.1" jest-docblock "^21.0.0" -esprima@^4.0.0, esprima@^4.0.1: +esprima@^4.0.0: version "4.0.1" resolved "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz" integrity sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A== -estraverse@^5.2.0: - version "5.3.0" - resolved "https://registry.yarnpkg.com/estraverse/-/estraverse-5.3.0.tgz#2eea5290702f26ab8fe5370370ff86c965d21123" - integrity sha512-MMdARuVEQziNTeJD8DgMqmhwR11BRQ/cBP+pLtYdSTnf3MIO8fFeiINEbX36ZdNlfU/7A9f3gUw49B3oQsvwBA== - -esutils@^2.0.2: - version "2.0.3" - resolved "https://registry.yarnpkg.com/esutils/-/esutils-2.0.3.tgz#74d2eb4de0b8da1293711910d50775b9b710ef64" - integrity sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g== - extract-zip@^2.0.1: version "2.0.1" resolved "https://registry.yarnpkg.com/extract-zip/-/extract-zip-2.0.1.tgz#663dca56fe46df890d5f131ef4a06d22bb8ba13a" @@ -534,6 +487,24 @@ fast-diff@^1.1.1: resolved "https://registry.npmjs.org/fast-diff/-/fast-diff-1.2.0.tgz" integrity sha512-xJuoT5+L99XlZ8twedaRf6Ax2TgQVxvgZOYoPKqZufmJib0tL2tegPBOZb1pVNgIhlqDlA0eO0c3wBvQcmzx4w== +fast-glob@^3.1.1: + version "3.2.7" + resolved "https://registry.yarnpkg.com/fast-glob/-/fast-glob-3.2.7.tgz#fd6cb7a2d7e9aa7a7846111e85a196d6b2f766a1" + integrity sha512-rYGMRwip6lUMvYD3BTScMwT1HtAs2d71SMv66Vrxs0IekGZEjhM0pcMfjQPnknBt2zeCwQMEupiN02ZP4DiT1Q== + dependencies: + "@nodelib/fs.stat" "^2.0.2" + "@nodelib/fs.walk" "^1.2.3" + glob-parent "^5.1.2" + merge2 "^1.3.0" + micromatch "^4.0.4" + +fastq@^1.6.0: + version "1.13.0" + resolved "https://registry.yarnpkg.com/fastq/-/fastq-1.13.0.tgz#616760f88a7526bdfc596b7cab8c18938c36b98c" + integrity sha512-YpkpUnK8od0o1hmeSc7UUs/eB/vIPWJYjKck2QKIzAf71Vm1AAQ3EbuZB3g2JIy+pg+ERD0vqI79KyZiB2e2Nw== + dependencies: + reusify "^1.0.4" + fd-slicer@~1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/fd-slicer/-/fd-slicer-1.1.0.tgz#25c7c89cb1f9077f8891bbe61d8f390eae256f1e" @@ -541,10 +512,10 @@ fd-slicer@~1.1.0: dependencies: pend "~1.2.0" -fill-range@^7.1.1: - version "7.1.1" - resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.1.1.tgz#44265d3cac07e3ea7dc247516380643754a05292" - integrity sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg== +fill-range@^7.0.1: + version "7.0.1" + resolved "https://registry.yarnpkg.com/fill-range/-/fill-range-7.0.1.tgz#1919a6a7c75fe38b2c7c77e5198535da9acdda40" + integrity sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ== dependencies: to-regex-range "^5.0.1" @@ -556,12 +527,19 @@ find-up@5.0.0: locate-path "^6.0.0" path-exists "^4.0.0" +find-up@^3.0.0: + version "3.0.0" + resolved "https://registry.npmjs.org/find-up/-/find-up-3.0.0.tgz" + integrity sha512-1yD6RmLI1XBfxugvORwlck6f75tYL+iR0jqwsOrOxMZyGYqUuDhJ0l4AXdO1iX/FTs9cBAMEk1gWSEx1kSbylg== + dependencies: + locate-path "^3.0.0" + flat@^5.0.2: version "5.0.2" resolved "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz" integrity sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ== -follow-redirects@^1.15.6: +follow-redirects@^1.14.0: version "1.15.6" resolved "https://registry.yarnpkg.com/follow-redirects/-/follow-redirects-1.15.6.tgz#7f815c0cda4249c74ff09e95ef97c23b5fd0399b" integrity sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA== @@ -571,59 +549,34 @@ foreach@^2.0.5: resolved "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz" integrity sha1-C+4AUBiusmDQo6865ljdATbsG5k= -form-data@^4.0.0: - version "4.0.0" - resolved "https://registry.yarnpkg.com/form-data/-/form-data-4.0.0.tgz#93919daeaf361ee529584b9b31664dc12c9fa452" - integrity sha512-ETEklSGi5t0QMZuiXoA/Q6vcnxcLQP5vdugSpuAyi6SVGi2clPPp+xgEhuMaHC+zGgn31Kd235W35f7Hykkaww== - dependencies: - asynckit "^0.4.0" - combined-stream "^1.0.8" - mime-types "^2.1.12" - -fs-extra@^11.2.0: - version "11.2.0" - resolved "https://registry.yarnpkg.com/fs-extra/-/fs-extra-11.2.0.tgz#e70e17dfad64232287d01929399e0ea7c86b0e5b" - integrity sha512-PmDi3uwK5nFuXh7XDTlVnS17xJS7vW36is2+w3xcv8SVxiB4NyATf4ctkVY5bkSjX0Y4nbvZCq1/EjtEyr9ktw== - dependencies: - graceful-fs "^4.2.0" - jsonfile "^6.0.1" - universalify "^2.0.0" - fs.realpath@^1.0.0: version "1.0.0" resolved "https://registry.yarnpkg.com/fs.realpath/-/fs.realpath-1.0.0.tgz#1504ad2523158caa40db4a2787cb01411994ea4f" integrity sha1-FQStJSMVjKpA20onh8sBQRmU6k8= -fsevents@~2.3.2: - version "2.3.3" - resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.3.3.tgz#cac6407785d03675a2a5e1a5305c697b347d90d6" - integrity sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw== +fsevents@~2.1.2: + version "2.1.3" + resolved "https://registry.yarnpkg.com/fsevents/-/fsevents-2.1.3.tgz#fb738703ae8d2f9fe900c33836ddebee8b97f23e" + integrity sha512-Auw9a4AxqWpa9GUfj370BMPzzyncfBABW8Mab7BGWBYDj4Isgq+cDKtx0i6u9jcX9pQDnswsaaOTgTmA5pEjuQ== function-bind@^1.1.1: version "1.1.1" resolved "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz" integrity sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A== -function-bind@^1.1.2: - version "1.1.2" - resolved "https://registry.yarnpkg.com/function-bind/-/function-bind-1.1.2.tgz#2c02d864d97f3ea6c8830c464cbd11ab6eab7a1c" - integrity sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA== - -get-caller-file@^2.0.5: +get-caller-file@^2.0.1: version "2.0.5" - resolved "https://registry.yarnpkg.com/get-caller-file/-/get-caller-file-2.0.5.tgz#4f94412a82db32f36e3b0b9741f8a97feb031f7e" + resolved "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz" integrity sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg== -get-intrinsic@^1.1.3, get-intrinsic@^1.2.4: - version "1.2.4" - resolved "https://registry.yarnpkg.com/get-intrinsic/-/get-intrinsic-1.2.4.tgz#e385f5a4b5227d449c3eabbad05494ef0abbeadd" - integrity sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ== +get-intrinsic@^1.0.0: + version "1.0.1" + resolved "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.0.1.tgz" + integrity sha512-ZnWP+AmS1VUaLgTRy47+zKtjTxz+0xMpx3I52i+aalBK1QP19ggLF3Db89KJX7kjfOfP2eoa01qc++GwPgufPg== dependencies: - es-errors "^1.3.0" - function-bind "^1.1.2" - has-proto "^1.0.1" - has-symbols "^1.0.3" - hasown "^2.0.0" + function-bind "^1.1.1" + has "^1.0.3" + has-symbols "^1.0.1" get-stream@^5.1.0: version "5.2.0" @@ -632,35 +585,26 @@ get-stream@^5.1.0: dependencies: pump "^3.0.0" -get-uri@^6.0.1: - version "6.0.3" - resolved "https://registry.yarnpkg.com/get-uri/-/get-uri-6.0.3.tgz#0d26697bc13cf91092e519aa63aa60ee5b6f385a" - integrity sha512-BzUrJBS9EcUb4cFol8r4W3v1cPsSyajLSthNkz5BxbpDcHN5tIrM10E2eNvfnvBn3DaT3DUgx0OpsBKkaOpanw== - dependencies: - basic-ftp "^5.0.2" - data-uri-to-buffer "^6.0.2" - debug "^4.3.4" - fs-extra "^11.2.0" - -glob-parent@~5.1.2: +glob-parent@^5.1.2, glob-parent@~5.1.0: version "5.1.2" - resolved "https://registry.yarnpkg.com/glob-parent/-/glob-parent-5.1.2.tgz#869832c58034fe68a4093c17dc15e8340d8401c4" + resolved "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz" integrity sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow== dependencies: is-glob "^4.0.1" -glob@8.1.0: - version "8.1.0" - resolved "https://registry.yarnpkg.com/glob/-/glob-8.1.0.tgz#d388f656593ef708ee3e34640fdfb99a9fd1c33e" - integrity sha512-r8hpEjiQEYlF2QU0df3dS+nxxSIreXQS1qRhMJM0Q5NDdR386C7jb7Hwwod8Fgiuex+k0GFjgft18yvxm5XoCQ== +glob@7.1.6, glob@^7.1.1: + version "7.1.6" + resolved "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz" + integrity sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA== dependencies: fs.realpath "^1.0.0" inflight "^1.0.4" inherits "2" - minimatch "^5.0.1" + minimatch "^3.0.4" once "^1.3.0" + path-is-absolute "^1.0.0" -glob@^7.1.1: +glob@^7.1.3: version "7.2.0" resolved "https://registry.yarnpkg.com/glob/-/glob-7.2.0.tgz#d15535af7732e02e948f4c41628bd910293f6023" integrity sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q== @@ -672,17 +616,27 @@ glob@^7.1.1: once "^1.3.0" path-is-absolute "^1.0.0" -gopd@^1.0.1: - version "1.0.1" - resolved "https://registry.yarnpkg.com/gopd/-/gopd-1.0.1.tgz#29ff76de69dac7489b7c0918a5788e56477c332c" - integrity sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA== +globby@^11.0.1: + version "11.0.4" + resolved "https://registry.yarnpkg.com/globby/-/globby-11.0.4.tgz#2cbaff77c2f2a62e71e9b2813a67b97a3a3001a5" + integrity sha512-9O4MVG9ioZJ08ffbcyVYyLOJLk5JQ688pJ4eMGLpdWLHq/Wr1D9BlriLQyL0E+jbkuePVZXYFj47QM/v093wHg== dependencies: - get-intrinsic "^1.1.3" + array-union "^2.1.0" + dir-glob "^3.0.1" + fast-glob "^3.1.1" + ignore "^5.1.4" + merge2 "^1.3.0" + slash "^3.0.0" -graceful-fs@^4.1.6, graceful-fs@^4.2.0: - version "4.2.11" - resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.11.tgz#4183e4e8bf08bb6e05bbb2f7d2e0c8f712ca40e3" - integrity sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ== +graceful-fs@^4.2.4: + version "4.2.8" + resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.8.tgz#e412b8d33f5e006593cbd3cee6df9f2cebbe802a" + integrity sha512-qkIilPUYcNhJpd33n0GBXTB1MMPp14TxEsEs0pTrsSVucApsYzW5V+Q8Qxhik6KU3evy+qkAAowTByymK0avdg== + +growl@1.10.5: + version "1.10.5" + resolved "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz" + integrity sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA== has-flag@^3.0.0: version "3.0.0" @@ -694,28 +648,11 @@ has-flag@^4.0.0: resolved "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz" integrity sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ== -has-property-descriptors@^1.0.0, has-property-descriptors@^1.0.2: - version "1.0.2" - resolved "https://registry.yarnpkg.com/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz#963ed7d071dc7bf5f084c5bfbe0d1b6222586854" - integrity sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg== - dependencies: - es-define-property "^1.0.0" - -has-proto@^1.0.1: - version "1.0.3" - resolved "https://registry.yarnpkg.com/has-proto/-/has-proto-1.0.3.tgz#b31ddfe9b0e6e9914536a6ab286426d0214f77fd" - integrity sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q== - has-symbols@^1.0.1: version "1.0.1" resolved "https://registry.npmjs.org/has-symbols/-/has-symbols-1.0.1.tgz" integrity sha512-PLcsoqu++dmEIZB+6totNFKq/7Do+Z0u4oT0zKOJNl3lYK6vGwwu2hjHs+68OEZbTjiUE9bgOABXbP/GvrS0Kg== -has-symbols@^1.0.3: - version "1.0.3" - resolved "https://registry.yarnpkg.com/has-symbols/-/has-symbols-1.0.3.tgz#bb7b2c4349251dce87b125f7bdf874aa7c8b39f8" - integrity sha512-l3LCuF6MgDNwTDKkdYGEihYjt5pRPbEg46rtlmnSPlUbgmB8LOIrKJbYYFBSbnPaJexMKtiPO8hmeRjRz2Td+A== - has@^1.0.3: version "1.0.3" resolved "https://registry.npmjs.org/has/-/has-1.0.3.tgz" @@ -723,39 +660,34 @@ has@^1.0.3: dependencies: function-bind "^1.1.1" -hasown@^2.0.0: - version "2.0.2" - resolved "https://registry.yarnpkg.com/hasown/-/hasown-2.0.2.tgz#003eaf91be7adc372e84ec59dc37252cedb80003" - integrity sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ== - dependencies: - function-bind "^1.1.2" - he@1.2.0: version "1.2.0" resolved "https://registry.npmjs.org/he/-/he-1.2.0.tgz" integrity sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw== -http-proxy-agent@^7.0.0, http-proxy-agent@^7.0.1: - version "7.0.2" - resolved "https://registry.yarnpkg.com/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz#9a8b1f246866c028509486585f62b8f2c18c270e" - integrity sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig== - dependencies: - agent-base "^7.1.0" - debug "^4.3.4" - -https-proxy-agent@^7.0.2, https-proxy-agent@^7.0.3: - version "7.0.4" - resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-7.0.4.tgz#8e97b841a029ad8ddc8731f26595bad868cb4168" - integrity sha512-wlwpilI7YdjSkWaQ/7omYBMTliDcmCN8OLihO6I9B86g06lMyAoqgoDpV0XqoaPOKj+0DIdAvnsWfyAAhmimcg== +https-proxy-agent@^5.0.0: + version "5.0.0" + resolved "https://registry.yarnpkg.com/https-proxy-agent/-/https-proxy-agent-5.0.0.tgz#e2a90542abb68a762e0a0850f6c9edadfd8506b2" + integrity sha512-EkYm5BcKUGiduxzSt3Eppko+PiNWNEpa4ySk9vTC6wDsQJW9rHSa+UhGNJoRYp7bz6Ht1eaRIa6QaJqO5rCFbA== dependencies: - agent-base "^7.0.2" + agent-base "6" debug "4" +ignore@^5.1.4: + version "5.1.8" + resolved "https://registry.yarnpkg.com/ignore/-/ignore-5.1.8.tgz#f150a8b50a34289b33e22f5889abd4d8016f0e57" + integrity sha512-BMpfD7PpiETpBl/A6S498BaIJ6Y/ABT93ETbby2fP00v4EbvPBXWEoaR1UBPKs3iR53pJY7EtZk5KACI57i1Uw== + immediate@~3.0.5: version "3.0.6" resolved "https://registry.npmjs.org/immediate/-/immediate-3.0.6.tgz" integrity sha1-nbHb0Pr43m++D13V5Wu2BigN5ps= +indent-string@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/indent-string/-/indent-string-4.0.0.tgz#624f8f4497d619b2d9768531d58f4122854d7251" + integrity sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg== + inflight@^1.0.4: version "1.0.6" resolved "https://registry.yarnpkg.com/inflight/-/inflight-1.0.6.tgz#49bd6331d7d02d0c09bc910a1075ba8165b56df9" @@ -769,14 +701,6 @@ inherits@2, inherits@^2.0.3, inherits@~2.0.3: resolved "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz" integrity sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ== -ip-address@^9.0.5: - version "9.0.5" - resolved "https://registry.yarnpkg.com/ip-address/-/ip-address-9.0.5.tgz#117a960819b08780c3bd1f14ef3c1cc1d3f3ea5a" - integrity sha512-zHtQzGojZXTwZTHQqra+ETKd4Sn3vgi7uBmlPoXVWZqYvuKmtI0l/VZTjqGmJY9x88GGOaZ9+G9ES8hC4T4X8g== - dependencies: - jsbn "1.1.0" - sprintf-js "^1.1.3" - ip-regex@^4.1.0: version "4.3.0" resolved "https://registry.yarnpkg.com/ip-regex/-/ip-regex-4.3.0.tgz#687275ab0f57fa76978ff8f4dddc8a23d5990db5" @@ -818,10 +742,10 @@ is-extglob@^2.1.1: resolved "https://registry.yarnpkg.com/is-extglob/-/is-extglob-2.1.1.tgz#a88c02535791f02ed37c76a1b9ea9773c833f8c2" integrity sha1-qIwCU1eR8C7TfHahueqXc8gz+MI= -is-fullwidth-code-point@^3.0.0: - version "3.0.0" - resolved "https://registry.yarnpkg.com/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz#f116f8064fe90b3f7844a38997c0b75051269f1d" - integrity sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg== +is-fullwidth-code-point@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz" + integrity sha1-o7MKXE8ZkYMWeqq5O+764937ZU8= is-generator-function@^1.0.7: version "1.0.8" @@ -842,12 +766,11 @@ is-glob@~4.0.1: dependencies: is-extglob "^2.1.1" -is-nan@^1.3.2: - version "1.3.2" - resolved "https://registry.yarnpkg.com/is-nan/-/is-nan-1.3.2.tgz#043a54adea31748b55b6cd4e09aadafa69bd9e1d" - integrity sha512-E+zBKpQ2t6MEo1VsonYmluk9NxGrbzpeeLC2xIViuO2EjU2xsXsBPwTr3Ykv9l08UYEVEdWeRZNouaZqF6RN0w== +is-nan@^1.2.1: + version "1.3.0" + resolved "https://registry.npmjs.org/is-nan/-/is-nan-1.3.0.tgz" + integrity sha512-z7bbREymOqt2CCaZVly8aC4ML3Xhfi0ekuOnjO2L8vKdl+CttdVoGZQhd4adMFAsxQ5VeRVwORs4tU8RH+HFtQ== dependencies: - call-bind "^1.0.0" define-properties "^1.1.3" is-negative-zero@^2.0.0: @@ -860,6 +783,16 @@ is-number@^7.0.0: resolved "https://registry.yarnpkg.com/is-number/-/is-number-7.0.0.tgz#7535345b896734d5f80c4d06c50955527a14f12b" integrity sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng== +is-path-cwd@^2.2.0: + version "2.2.0" + resolved "https://registry.yarnpkg.com/is-path-cwd/-/is-path-cwd-2.2.0.tgz#67d43b82664a7b5191fd9119127eb300048a9fdb" + integrity sha512-w942bTcih8fdJPJmQHFzkS76NEP8Kzzvmw92cXsazb8intwLqPibPPdXf4ANdKV3rYMuuQYGIWtvz9JilB3NFQ== + +is-path-inside@^3.0.2: + version "3.0.3" + resolved "https://registry.yarnpkg.com/is-path-inside/-/is-path-inside-3.0.3.tgz#d231362e53a07ff2b0e0ea7fed049161ffd16283" + integrity sha512-Fd4gABb+ycGAmKou8eMftCupSir5lRxqf4aD/vd0cD2qc4HL07OjCeuHMr8Ro4CoMaeCKDB0/ECBOVWjTwUvPQ== + is-plain-obj@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz" @@ -890,11 +823,6 @@ is-typed-array@^1.1.3: foreach "^2.0.5" has-symbols "^1.0.1" -is-unicode-supported@^0.1.0: - version "0.1.0" - resolved "https://registry.yarnpkg.com/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz#3f26c76a809593b52bfa2ecb5710ed2779b522a7" - integrity sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw== - is-url@^1.2.4: version "1.2.4" resolved "https://registry.yarnpkg.com/is-url/-/is-url-1.2.4.tgz#04a4df46d28c4cff3d73d01ff06abeb318a1aa52" @@ -914,6 +842,11 @@ isarray@~1.0.0: resolved "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz" integrity sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE= +isexe@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz" + integrity sha1-6PvzdNxVb/iUehDcsFctYz8s+hA= + jest-docblock@^21.0.0: version "21.2.0" resolved "https://registry.npmjs.org/jest-docblock/-/jest-docblock-21.2.0.tgz" @@ -924,14 +857,7 @@ js-tokens@^4.0.0: resolved "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz" integrity sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ== -js-yaml@4.1.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/js-yaml/-/js-yaml-4.1.0.tgz#c1fb65f8f5017901cdd2c951864ba18458a10602" - integrity sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA== - dependencies: - argparse "^2.0.1" - -js-yaml@^3.13.1: +js-yaml@3.14.0, js-yaml@^3.13.1: version "3.14.0" resolved "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.0.tgz" integrity sha512-/4IbIeHcD9VMHFqDR/gQ7EdZdLimOvW2DdcxFjdyyZ9NsbS+ccrXqVWDtab/lRl5AlUqmpBx8EhPaWR+OtY17A== @@ -939,29 +865,15 @@ js-yaml@^3.13.1: argparse "^1.0.7" esprima "^4.0.0" -jsbn@1.1.0: - version "1.1.0" - resolved "https://registry.yarnpkg.com/jsbn/-/jsbn-1.1.0.tgz#b01307cb29b618a1ed26ec79e911f803c4da0040" - integrity sha512-4bYVV3aAMtDTTu4+xsDYa6sy9GyJ69/amsu9sYF2zqjiEoZA5xJi3BrfX3uY+/IekIu7MwdObdbDWpoZdBv3/A== - -jsonfile@^6.0.1: - version "6.1.0" - resolved "https://registry.yarnpkg.com/jsonfile/-/jsonfile-6.1.0.tgz#bc55b2634793c679ec6403094eb13698a6ec0aae" - integrity sha512-5dgndWOriYSm5cnYaJNhalLNDKOqFwyDB/rr1E9ZsGciGvKPs8R2xYGCacuf3z6K1YKDz182fd+fY3cn3pMqXQ== - dependencies: - universalify "^2.0.0" - optionalDependencies: - graceful-fs "^4.1.6" - -jszip@^3.10.1: - version "3.10.1" - resolved "https://registry.yarnpkg.com/jszip/-/jszip-3.10.1.tgz#34aee70eb18ea1faec2f589208a157d1feb091c2" - integrity sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g== +jszip@^3.5.0: + version "3.7.1" + resolved "https://registry.npmjs.org/jszip/-/jszip-3.7.1.tgz" + integrity sha512-ghL0tz1XG9ZEmRMcEN2vt7xabrDdqHHeykgARpmZ0BiIctWxM47Vt63ZO2dnp4QYt/xJVLLy5Zv1l/xRdh2byg== dependencies: lie "~3.3.0" pako "~1.0.2" readable-stream "~2.3.6" - setimmediate "^1.0.5" + set-immediate-shim "~1.0.1" lie@~3.3.0: version "3.3.0" @@ -975,6 +887,14 @@ lines-and-columns@^1.1.6: resolved "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.1.6.tgz" integrity sha1-HADHQ7QzzQpOgHWPe2SldEDZ/wA= +locate-path@^3.0.0: + version "3.0.0" + resolved "https://registry.npmjs.org/locate-path/-/locate-path-3.0.0.tgz" + integrity sha512-7AO748wWnIhNqAuaty2ZWHkQHRSNfPVIsPIfwEOWO22AmaoVrWavlOcMR5nzTLNYvp36X220/maaRsrec1G65A== + dependencies: + p-locate "^3.0.0" + path-exists "^3.0.0" + locate-path@^6.0.0: version "6.0.0" resolved "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz" @@ -982,52 +902,33 @@ locate-path@^6.0.0: dependencies: p-locate "^5.0.0" -log-symbols@4.1.0: - version "4.1.0" - resolved "https://registry.yarnpkg.com/log-symbols/-/log-symbols-4.1.0.tgz#3fbdbb95b4683ac9fc785111e792e558d4abd503" - integrity sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg== +log-symbols@4.0.0: + version "4.0.0" + resolved "https://registry.npmjs.org/log-symbols/-/log-symbols-4.0.0.tgz" + integrity sha512-FN8JBzLx6CzeMrB0tg6pqlGU1wCrXW+ZXGH481kfsBqer0hToTIiHdjH4Mq8xJUbvATujKCvaREGWpGUionraA== dependencies: - chalk "^4.1.0" - is-unicode-supported "^0.1.0" - -lru-cache@^7.14.1: - version "7.18.3" - resolved "https://registry.yarnpkg.com/lru-cache/-/lru-cache-7.18.3.tgz#f793896e0fd0e954a59dfdd82f0773808df6aa89" - integrity sha512-jumlc0BIUrS3qJGgIkWZsyfAM7NCWiBcCDhnd+3NNM5KbBmLTgHVfWBcg6W+rLUsIpzpERPsvwUP7CckAQSOoA== + chalk "^4.0.0" -mime-db@1.52.0: - version "1.52.0" - resolved "https://registry.yarnpkg.com/mime-db/-/mime-db-1.52.0.tgz#bbabcdc02859f4987301c856e3387ce5ec43bf70" - integrity sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg== +merge2@^1.3.0: + version "1.4.1" + resolved "https://registry.yarnpkg.com/merge2/-/merge2-1.4.1.tgz#4368892f885e907455a6fd7dc55c0c9d404990ae" + integrity sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg== -mime-types@^2.1.12: - version "2.1.35" - resolved "https://registry.yarnpkg.com/mime-types/-/mime-types-2.1.35.tgz#381a871b62a734450660ae3deee44813f70d959a" - integrity sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw== +micromatch@^4.0.4: + version "4.0.4" + resolved "https://registry.yarnpkg.com/micromatch/-/micromatch-4.0.4.tgz#896d519dfe9db25fce94ceb7a500919bf881ebf9" + integrity sha512-pRmzw/XUcwXGpD9aI9q/0XOwLNygjETJ8y0ao0wdqprrzDa4YnxLcz7fQRZr8voh8V10kGhABbNcHVk5wHgWwg== dependencies: - mime-db "1.52.0" + braces "^3.0.1" + picomatch "^2.2.3" -minimatch@5.0.1: - version "5.0.1" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.0.1.tgz#fb9022f7528125187c92bd9e9b6366be1cf3415b" - integrity sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g== - dependencies: - brace-expansion "^2.0.1" - -minimatch@^3.0.4: - version "3.1.2" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.1.2.tgz#19cd194bfd3e428f049a70817c038d89ab4be35b" - integrity sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw== +minimatch@3.0.4, minimatch@^3.0.4: + version "3.0.4" + resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-3.0.4.tgz#5166e286457f03306064be5497e8dbb0c3d32083" + integrity sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA== dependencies: brace-expansion "^1.1.7" -minimatch@^5.0.1: - version "5.1.6" - resolved "https://registry.yarnpkg.com/minimatch/-/minimatch-5.1.6.tgz#1cfcb8cf5522ea69952cd2af95ae09477f122a96" - integrity sha512-lKwV/1brpG6mBUFHtb7NUmtABCb2WZZmm2wNiOA5hAb8VdCS4B3dtMWyvcoViccwAW/COERjXLt0zP1zXUN26g== - dependencies: - brace-expansion "^2.0.1" - minimist@^1.2.5: version "1.2.6" resolved "https://registry.yarnpkg.com/minimist/-/minimist-1.2.6.tgz#8637a5b759ea0d6e98702cfb3a9283323c93af44" @@ -1040,30 +941,35 @@ mkdirp@^0.5.3: dependencies: minimist "^1.2.5" -mocha@^10.4.0: - version "10.4.0" - resolved "https://registry.yarnpkg.com/mocha/-/mocha-10.4.0.tgz#ed03db96ee9cfc6d20c56f8e2af07b961dbae261" - integrity sha512-eqhGB8JKapEYcC4ytX/xrzKforgEc3j1pGlAXVy3eRwrtAy5/nIfT1SvgGzfN0XZZxeLq0aQWkOUAmqIJiv+bA== +mocha@^8.2.0: + version "8.2.1" + resolved "https://registry.npmjs.org/mocha/-/mocha-8.2.1.tgz" + integrity sha512-cuLBVfyFfFqbNR0uUKbDGXKGk+UDFe6aR4os78XIrMQpZl/nv7JYHcvP5MFIAb374b2zFXsdgEGwmzMtP0Xg8w== dependencies: + "@ungap/promise-all-settled" "1.1.2" ansi-colors "4.1.1" browser-stdout "1.3.1" - chokidar "3.5.3" - debug "4.3.4" - diff "5.0.0" + chokidar "3.4.3" + debug "4.2.0" + diff "4.0.2" escape-string-regexp "4.0.0" find-up "5.0.0" - glob "8.1.0" + glob "7.1.6" + growl "1.10.5" he "1.2.0" - js-yaml "4.1.0" - log-symbols "4.1.0" - minimatch "5.0.1" - ms "2.1.3" - serialize-javascript "6.0.0" + js-yaml "3.14.0" + log-symbols "4.0.0" + minimatch "3.0.4" + ms "2.1.2" + nanoid "3.1.12" + serialize-javascript "5.0.1" strip-json-comments "3.1.1" - supports-color "8.1.1" - workerpool "6.2.1" - yargs "16.2.0" - yargs-parser "20.2.4" + supports-color "7.2.0" + which "2.0.2" + wide-align "1.1.3" + workerpool "6.0.2" + yargs "13.3.2" + yargs-parser "13.1.2" yargs-unparser "2.0.0" ms@2.1.2: @@ -1071,15 +977,10 @@ ms@2.1.2: resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.2.tgz#d09d1f357b443f493382a8eb3ccd183872ae6009" integrity sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w== -ms@2.1.3: - version "2.1.3" - resolved "https://registry.yarnpkg.com/ms/-/ms-2.1.3.tgz#574c8138ce1d2b5861f0b44579dbadd60c6615b2" - integrity sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA== - -netmask@^2.0.2: - version "2.0.2" - resolved "https://registry.yarnpkg.com/netmask/-/netmask-2.0.2.tgz#8b01a07644065d536383835823bc52004ebac5e7" - integrity sha512-dBpDMdxv9Irdq66304OLfEmQ9tbNRFnFTuZiLo+bD+r332bBmMJ8GBLXklIXXgxd3+v9+KUnZaUR5PJMa75Gsg== +nanoid@3.1.12: + version "3.1.12" + resolved "https://registry.npmjs.org/nanoid/-/nanoid-3.1.12.tgz" + integrity sha512-1qstj9z5+x491jfiC4Nelk+f8XBad7LN20PmyWINJEMRSf3wcAjAWysw1qaA8z6NSKe2sjq1hRSDpBH5paCb6A== normalize-path@^3.0.0, normalize-path@~3.0.0: version "3.0.0" @@ -1091,27 +992,27 @@ object-inspect@^1.8.0: resolved "https://registry.npmjs.org/object-inspect/-/object-inspect-1.9.0.tgz" integrity sha512-i3Bp9iTqwhaLZBxGkRfo5ZbE07BQRT7MGu8+nNgwW9ItGp1TzCTw2DLEoWwjClxBjOFI/hWljTAmYGCEwmtnOw== -object-is@^1.1.5: - version "1.1.6" - resolved "https://registry.yarnpkg.com/object-is/-/object-is-1.1.6.tgz#1a6a53aed2dd8f7e6775ff870bea58545956ab07" - integrity sha512-F8cZ+KfGlSGi09lJT7/Nd6KJZ9ygtvYC0/UYYLI9nmQKLMnydpB9yvbv9K1uSkEu7FU9vYPmVwLg328tX+ot3Q== +object-is@^1.0.1: + version "1.1.4" + resolved "https://registry.npmjs.org/object-is/-/object-is-1.1.4.tgz" + integrity sha512-1ZvAZ4wlF7IyPVOcE1Omikt7UpaFlOQq0HlSti+ZvDH3UiD2brwGMwDbyV43jao2bKJ+4+WdPJHSd7kgzKYVqg== dependencies: - call-bind "^1.0.7" - define-properties "^1.2.1" + call-bind "^1.0.0" + define-properties "^1.1.3" object-keys@^1.0.12, object-keys@^1.1.1: version "1.1.1" resolved "https://registry.npmjs.org/object-keys/-/object-keys-1.1.1.tgz" integrity sha512-NuAESUOUMrlIXOfHKzD6bpPu3tYt3xvjNdRIQ+FeT0lNb4K8WR70CaDxhuNguS2XG+GjkyMwOzsN5ZktImfhLA== -object.assign@^4.1.1, object.assign@^4.1.4: - version "4.1.5" - resolved "https://registry.yarnpkg.com/object.assign/-/object.assign-4.1.5.tgz#3a833f9ab7fdb80fc9e8d2300c803d216d8fdbb0" - integrity sha512-byy+U7gp+FVwmyzKPYhW2h5l3crpmGsxl7X2s8y43IgxvG4g3QZ6CffDtsNQy1WsmZpQbO+ybo0AlW7TY6DcBQ== +object.assign@^4.1.1: + version "4.1.2" + resolved "https://registry.npmjs.org/object.assign/-/object.assign-4.1.2.tgz" + integrity sha512-ixT2L5THXsApyiUPYKmW+2EHpXXe5Ii3M+f4e+aJFAHao5amFRW6J0OO6c/LU8Be47utCx2GL89hxGB6XSmKuQ== dependencies: - call-bind "^1.0.5" - define-properties "^1.2.1" - has-symbols "^1.0.3" + call-bind "^1.0.0" + define-properties "^1.1.3" + has-symbols "^1.0.1" object-keys "^1.1.1" once@^1.3.0, once@^1.3.1, once@^1.4.0: @@ -1121,6 +1022,13 @@ once@^1.3.0, once@^1.3.1, once@^1.4.0: dependencies: wrappy "1" +p-limit@^2.0.0: + version "2.3.0" + resolved "https://registry.npmjs.org/p-limit/-/p-limit-2.3.0.tgz" + integrity sha512-//88mFWSJx8lxCzwdAABTJL2MyWB12+eIY7MDL2SqLmAkeKU9qxRvWuSyTjm3FUmpBEMuFfckAIqEaVGUDxb6w== + dependencies: + p-try "^2.0.0" + p-limit@^3.0.2: version "3.1.0" resolved "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz" @@ -1128,6 +1036,13 @@ p-limit@^3.0.2: dependencies: yocto-queue "^0.1.0" +p-locate@^3.0.0: + version "3.0.0" + resolved "https://registry.npmjs.org/p-locate/-/p-locate-3.0.0.tgz" + integrity sha512-x+12w/To+4GFfgJhBEpiDcLozRJGegY+Ei7/z0tSLkMmxGZNybVMSfWj9aJn8Z5Fc7dBUNJOOVgPv2H7IwulSQ== + dependencies: + p-limit "^2.0.0" + p-locate@^5.0.0: version "5.0.0" resolved "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz" @@ -1135,33 +1050,28 @@ p-locate@^5.0.0: dependencies: p-limit "^3.0.2" -pac-proxy-agent@^7.0.1: - version "7.0.1" - resolved "https://registry.yarnpkg.com/pac-proxy-agent/-/pac-proxy-agent-7.0.1.tgz#6b9ddc002ec3ff0ba5fdf4a8a21d363bcc612d75" - integrity sha512-ASV8yU4LLKBAjqIPMbrgtaKIvxQri/yh2OpI+S6hVa9JRkUI3Y3NPFbfngDtY7oFtSMD3w31Xns89mDa3Feo5A== - dependencies: - "@tootallnate/quickjs-emscripten" "^0.23.0" - agent-base "^7.0.2" - debug "^4.3.4" - get-uri "^6.0.1" - http-proxy-agent "^7.0.0" - https-proxy-agent "^7.0.2" - pac-resolver "^7.0.0" - socks-proxy-agent "^8.0.2" - -pac-resolver@^7.0.0: - version "7.0.1" - resolved "https://registry.yarnpkg.com/pac-resolver/-/pac-resolver-7.0.1.tgz#54675558ea368b64d210fd9c92a640b5f3b8abb6" - integrity sha512-5NPgf87AT2STgwa2ntRMr45jTKrYBGkVU36yT0ig/n/GMAa3oPqhZfIQ2kMEimReg0+t9kZViDVZ83qfVUlckg== +p-map@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/p-map/-/p-map-4.0.0.tgz#bb2f95a5eda2ec168ec9274e06a747c3e2904d2b" + integrity sha512-/bjOqmgETBYB5BoEeGVea8dmvHb2m9GLy1E9W43yeyfP6QQCZGFNa+XRceJEuDB6zqr+gKpIAmlLebMpykw/MQ== dependencies: - degenerator "^5.0.0" - netmask "^2.0.2" + aggregate-error "^3.0.0" + +p-try@^2.0.0: + version "2.2.0" + resolved "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz" + integrity sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ== pako@~1.0.2: version "1.0.11" resolved "https://registry.npmjs.org/pako/-/pako-1.0.11.tgz" integrity sha512-4hLB8Py4zZce5s4yd9XzopqwVv/yGNhV1Bl8NTmCq1763HeK2+EwVTv+leGeL13Dnh2wfbqowVPXCIO0z4taYw== +path-exists@^3.0.0: + version "3.0.0" + resolved "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz" + integrity sha1-zg6+ql94yxiSXqfYENe1mwEP1RU= + path-exists@^4.0.0: version "4.0.0" resolved "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz" @@ -1177,6 +1087,11 @@ path-parse@^1.0.6: resolved "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz" integrity sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw== +path-type@^4.0.0: + version "4.0.0" + resolved "https://registry.yarnpkg.com/path-type/-/path-type-4.0.0.tgz#84ed01c0a7ba380afe09d90a8c180dcd9d03043b" + integrity sha512-gDKb8aZMDeD/tZWs9P6+q0J9Mwkdl6xMV8TjnGP3qJVJ06bdMgkbBlLU8IdfOsIsFz2BW1rNVT3XuNEl8zPAvw== + pend@~1.2.0: version "1.2.0" resolved "https://registry.yarnpkg.com/pend/-/pend-1.2.0.tgz#7a57eb550a6783f9115331fcf4663d5c8e007a50" @@ -1187,35 +1102,21 @@ picomatch@^2.0.4: resolved "https://registry.npmjs.org/picomatch/-/picomatch-2.2.2.tgz" integrity sha512-q0M/9eZHzmr0AulXyPwNfZjtwZ/RBZlbN3K3CErVrk50T2ASYI7Bye0EvekFY3IP1Nt2DHu0re+V2ZHIpMkuWg== -picomatch@^2.2.1: +picomatch@^2.2.1, picomatch@^2.2.3: version "2.3.0" resolved "https://registry.yarnpkg.com/picomatch/-/picomatch-2.3.0.tgz#f1f061de8f6a4bf022892e2d128234fb98302972" integrity sha512-lY1Q/PiJGC2zOv/z391WOTD+Z02bCgsFfvxoXXf6h7kv9o+WmsmzYqrAwY63sNgOxE4xEdq0WyUnXfKeBrSvYw== -prettier@^2.8.8: - version "2.8.8" - resolved "https://registry.yarnpkg.com/prettier/-/prettier-2.8.8.tgz#e8c5d7e98a4305ffe3de2e1fc4aca1a71c28b1da" - integrity sha512-tdN8qQGvNjw4CHbY+XXk0JgCXn9QiF21a55rBe5LJAU+kDyC4WQn4+awm2Xfk2lQMk5fKup9XgzTZtGkjBdP9Q== +prettier@^1.18.2: + version "1.19.1" + resolved "https://registry.npmjs.org/prettier/-/prettier-1.19.1.tgz" + integrity sha512-s7PoyDv/II1ObgQunCbB9PdLmUcBZcnWOcxDh7O0N/UwDEsHyqkW+Qh28jW+mVuCdx7gLB0BotYI1Y6uI9iyew== process-nextick-args@~2.0.0: version "2.0.1" resolved "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz" integrity sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag== -proxy-agent@^6.4.0: - version "6.4.0" - resolved "https://registry.yarnpkg.com/proxy-agent/-/proxy-agent-6.4.0.tgz#b4e2dd51dee2b377748aef8d45604c2d7608652d" - integrity sha512-u0piLU+nCOHMgGjRbimiXmA9kM/L9EHh3zL81xCdp7m+Y2pHIsnmbdDoEDoAz5geaonNR6q6+yOPQs6n4T6sBQ== - dependencies: - agent-base "^7.0.2" - debug "^4.3.4" - http-proxy-agent "^7.0.1" - https-proxy-agent "^7.0.3" - lru-cache "^7.14.1" - pac-proxy-agent "^7.0.1" - proxy-from-env "^1.1.0" - socks-proxy-agent "^8.0.2" - proxy-from-env@^1.1.0: version "1.1.0" resolved "https://registry.yarnpkg.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz#e102f16ca355424865755d2c9e8ea4f24d58c3e2" @@ -1229,6 +1130,11 @@ pump@^3.0.0: end-of-stream "^1.1.0" once "^1.3.1" +queue-microtask@^1.2.2: + version "1.2.3" + resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.3.tgz#4929228bbc724dfac43e0efb058caf7b6cfb6243" + integrity sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A== + randombytes@^2.1.0: version "2.1.0" resolved "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz" @@ -1249,10 +1155,10 @@ readable-stream@~2.3.6: string_decoder "~1.1.1" util-deprecate "~1.0.1" -readdirp@~3.6.0: - version "3.6.0" - resolved "https://registry.yarnpkg.com/readdirp/-/readdirp-3.6.0.tgz#74a370bd857116e245b29cc97340cd431a02a6c7" - integrity sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA== +readdirp@~3.5.0: + version "3.5.0" + resolved "https://registry.npmjs.org/readdirp/-/readdirp-3.5.0.tgz" + integrity sha512-cMhu7c/8rdhkHXWsY+osBhfSy0JikwpHK/5+imo+LpeasTF8ouErHrlYkwT0++njiyuDvc7OFY5T3ukvZ8qmFQ== dependencies: picomatch "^2.2.1" @@ -1261,6 +1167,11 @@ require-directory@^2.1.1: resolved "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz" integrity sha1-jGStX9MNqxyXbiNE/+f3kqam30I= +require-main-filename@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz" + integrity sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg== + resolve@^1.3.2: version "1.19.0" resolved "https://registry.npmjs.org/resolve/-/resolve-1.19.0.tgz" @@ -1269,94 +1180,95 @@ resolve@^1.3.2: is-core-module "^2.1.0" path-parse "^1.0.6" -safe-buffer@^5.1.0, safe-buffer@~5.1.0, safe-buffer@~5.1.1: +reusify@^1.0.4: + version "1.0.4" + resolved "https://registry.yarnpkg.com/reusify/-/reusify-1.0.4.tgz#90da382b1e126efc02146e90845a88db12925d76" + integrity sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw== + +rimraf@^2.6.3, rimraf@^2.7.1: + version "2.7.1" + resolved "https://registry.npmjs.org/rimraf/-/rimraf-2.7.1.tgz" + integrity sha512-uWjbaKIK3T1OSVptzX7Nl6PvQ3qAGtKEtVRjRuazjfL3Bx5eI409VZSqgND+4UNnmzLVdPj9FqFJNPqBZFve4w== + dependencies: + glob "^7.1.3" + +rimraf@^3.0.2: + version "3.0.2" + resolved "https://registry.yarnpkg.com/rimraf/-/rimraf-3.0.2.tgz#f1a5402ba6220ad52cc1282bac1ae3aa49fd061a" + integrity sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA== + dependencies: + glob "^7.1.3" + +run-parallel@^1.1.9: + version "1.2.0" + resolved "https://registry.yarnpkg.com/run-parallel/-/run-parallel-1.2.0.tgz#66d1368da7bdf921eb9d95bd1a9229e7f21a43ee" + integrity sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA== + dependencies: + queue-microtask "^1.2.2" + +safe-buffer@^5.1.0, safe-buffer@^5.1.2, safe-buffer@~5.1.0, safe-buffer@~5.1.1: version "5.1.2" resolved "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz" integrity sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g== -selenium-webdriver@^4.21.0: - version "4.21.0" - resolved "https://registry.yarnpkg.com/selenium-webdriver/-/selenium-webdriver-4.21.0.tgz#d38aebfc34770421a880afcfdb7bd8fe85ce9174" - integrity sha512-WaEJHZjOWNth1QG5FEpxpREER0qptZBMonFU6GtAqdCNLJVxbtC3E7oS/I/+Q1sf1W032Wg0Ebk+m46lANOXyQ== +selenium-webdriver@^4.0.0-alpha.7: + version "4.0.0-alpha.8" + resolved "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.0.0-alpha.8.tgz" + integrity sha512-yPSaiWySZTEbxuuWQMDqdXh3H3N4Aiw/bSUjpkKMPWWCysfPqUncrq6FewBqdxWD1wQKzy5yWaQMGsgTY/0rCQ== dependencies: - jszip "^3.10.1" - tmp "^0.2.3" - ws ">=8.16.0" + jszip "^3.5.0" + rimraf "^2.7.1" + tmp "^0.1.0" + ws "^7.3.1" semver@^5.3.0: version "5.7.2" resolved "https://registry.yarnpkg.com/semver/-/semver-5.7.2.tgz#48d55db737c3287cd4835e17fa13feace1c41ef8" integrity sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g== -serialize-javascript@6.0.0: - version "6.0.0" - resolved "https://registry.yarnpkg.com/serialize-javascript/-/serialize-javascript-6.0.0.tgz#efae5d88f45d7924141da8b5c3a7a7e663fefeb8" - integrity sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag== +serialize-javascript@5.0.1: + version "5.0.1" + resolved "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-5.0.1.tgz" + integrity sha512-SaaNal9imEO737H2c05Og0/8LUXG7EnsZyMa8MzkmuHoELfT6txuj0cMqRj6zfPKnmQ1yasR4PCJc8x+M4JSPA== dependencies: randombytes "^2.1.0" -set-function-length@^1.2.1: - version "1.2.2" - resolved "https://registry.yarnpkg.com/set-function-length/-/set-function-length-1.2.2.tgz#aac72314198eaed975cf77b2c3b6b880695e5449" - integrity sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg== - dependencies: - define-data-property "^1.1.4" - es-errors "^1.3.0" - function-bind "^1.1.2" - get-intrinsic "^1.2.4" - gopd "^1.0.1" - has-property-descriptors "^1.0.2" - -setimmediate@^1.0.5: - version "1.0.5" - resolved "https://registry.yarnpkg.com/setimmediate/-/setimmediate-1.0.5.tgz#290cbb232e306942d7d7ea9b83732ab7856f8285" - integrity sha512-MATJdZp8sLqDl/68LfQmbP8zKPLQNV6BIZoIgrscFDQ+RsvK/BxeDQOgyxKKoh0y/8h3BqVFnCqQ/gd+reiIXA== - -smart-buffer@^4.2.0: - version "4.2.0" - resolved "https://registry.yarnpkg.com/smart-buffer/-/smart-buffer-4.2.0.tgz#6e1d71fa4f18c05f7d0ff216dd16a481d0e8d9ae" - integrity sha512-94hK0Hh8rPqQl2xXc3HsaBoOXKV20MToPkcXvwbISWLEs+64sBq5kFgn2kJDHb1Pry9yrP0dxrCI9RRci7RXKg== - -socks-proxy-agent@^8.0.2: - version "8.0.3" - resolved "https://registry.yarnpkg.com/socks-proxy-agent/-/socks-proxy-agent-8.0.3.tgz#6b2da3d77364fde6292e810b496cb70440b9b89d" - integrity sha512-VNegTZKhuGq5vSD6XNKlbqWhyt/40CgoEw8XxD6dhnm8Jq9IEa3nIa4HwnM8XOqU0CdB0BwWVXusqiFXfHB3+A== - dependencies: - agent-base "^7.1.1" - debug "^4.3.4" - socks "^2.7.1" - -socks@^2.7.1: - version "2.8.3" - resolved "https://registry.yarnpkg.com/socks/-/socks-2.8.3.tgz#1ebd0f09c52ba95a09750afe3f3f9f724a800cb5" - integrity sha512-l5x7VUUWbjVFbafGLxPWkYsHIhEvmF85tbIeFZWc8ZPtoMyybuEhL7Jye/ooC4/d48FgOjSJXgsF/AJPYCW8Zw== - dependencies: - ip-address "^9.0.5" - smart-buffer "^4.2.0" +set-blocking@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz" + integrity sha1-BF+XgtARrppoA93TgrJDkrPYkPc= -source-map@~0.6.1: - version "0.6.1" - resolved "https://registry.yarnpkg.com/source-map/-/source-map-0.6.1.tgz#74722af32e9614e9c287a8d0bbde48b5e2f1a263" - integrity sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g== +set-immediate-shim@~1.0.1: + version "1.0.1" + resolved "https://registry.npmjs.org/set-immediate-shim/-/set-immediate-shim-1.0.1.tgz" + integrity sha1-SysbJ+uAip+NzEgaWOXlb1mfP2E= -sprintf-js@^1.1.3: - version "1.1.3" - resolved "https://registry.yarnpkg.com/sprintf-js/-/sprintf-js-1.1.3.tgz#4914b903a2f8b685d17fdf78a70e917e872e444a" - integrity sha512-Oo+0REFV59/rz3gfJNKQiBlwfHaSESl1pcGyABQsnnIfWOFt6JNj5gCog2U6MLZ//IGYD+nA8nI+mTShREReaA== +slash@^3.0.0: + version "3.0.0" + resolved "https://registry.yarnpkg.com/slash/-/slash-3.0.0.tgz#6539be870c165adbd5240220dbe361f1bc4d4634" + integrity sha512-g9Q1haeby36OSStwb4ntCGGGaKsaVSjQ68fBxoQcutl5fS1vuY18H3wSt3jFyFtrkx+Kz0V1G85A4MyAdDMi2Q== sprintf-js@~1.0.2: version "1.0.3" resolved "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz" integrity sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw= -string-width@^4.1.0, string-width@^4.2.0: - version "4.2.3" - resolved "https://registry.yarnpkg.com/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" - integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== +"string-width@^1.0.2 || 2": + version "2.1.1" + resolved "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz" + integrity sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw== dependencies: - emoji-regex "^8.0.0" - is-fullwidth-code-point "^3.0.0" - strip-ansi "^6.0.1" + is-fullwidth-code-point "^2.0.0" + strip-ansi "^4.0.0" + +string-width@^3.0.0, string-width@^3.1.0: + version "3.1.0" + resolved "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz" + integrity sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w== + dependencies: + emoji-regex "^7.0.1" + is-fullwidth-code-point "^2.0.0" + strip-ansi "^5.1.0" string.prototype.trimend@^1.0.1: version "1.0.3" @@ -1381,22 +1293,29 @@ string_decoder@~1.1.1: dependencies: safe-buffer "~5.1.0" -strip-ansi@^6.0.0, strip-ansi@^6.0.1: - version "6.0.1" - resolved "https://registry.yarnpkg.com/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" - integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== +strip-ansi@^4.0.0: + version "4.0.0" + resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz" + integrity sha1-qEeQIusaw2iocTibY1JixQXuNo8= + dependencies: + ansi-regex "^3.0.0" + +strip-ansi@^5.0.0, strip-ansi@^5.1.0, strip-ansi@^5.2.0: + version "5.2.0" + resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz" + integrity sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA== dependencies: - ansi-regex "^5.0.1" + ansi-regex "^4.1.0" strip-json-comments@3.1.1: version "3.1.1" resolved "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz" integrity sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig== -supports-color@8.1.1: - version "8.1.1" - resolved "https://registry.yarnpkg.com/supports-color/-/supports-color-8.1.1.tgz#cd6fc17e28500cff56c1b86c0a7fd4a54a73005c" - integrity sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q== +supports-color@7.2.0, supports-color@^7.1.0: + version "7.2.0" + resolved "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz" + integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw== dependencies: has-flag "^4.0.0" @@ -1407,14 +1326,7 @@ supports-color@^5.3.0: dependencies: has-flag "^3.0.0" -supports-color@^7.1.0: - version "7.2.0" - resolved "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz" - integrity sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw== - dependencies: - has-flag "^4.0.0" - -tcp-port-used@^1.0.2: +tcp-port-used@^1.0.1: version "1.0.2" resolved "https://registry.yarnpkg.com/tcp-port-used/-/tcp-port-used-1.0.2.tgz#9652b7436eb1f4cfae111c79b558a25769f6faea" integrity sha512-l7ar8lLUD3XS1V2lfoJlCBaeoaWo/2xfYt81hM7VlvR4RrMVFqfmzfhLVk40hAb368uitje5gPtBRL1m/DGvLA== @@ -1422,10 +1334,12 @@ tcp-port-used@^1.0.2: debug "4.3.1" is2 "^2.0.6" -tmp@^0.2.3: - version "0.2.3" - resolved "https://registry.yarnpkg.com/tmp/-/tmp-0.2.3.tgz#eb783cc22bc1e8bebd0671476d46ea4eb32a79ae" - integrity sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w== +tmp@^0.1.0: + version "0.1.0" + resolved "https://registry.npmjs.org/tmp/-/tmp-0.1.0.tgz" + integrity sha512-J7Z2K08jbGcdA1kkQpJSqLF6T0tdQqpR2pnSUXsIchbPdTI9v3e85cLW0d6WDhwuAleOV71j2xWs8qMPfK7nKw== + dependencies: + rimraf "^2.6.3" to-regex-range@^5.0.1: version "5.0.1" @@ -1439,11 +1353,6 @@ tslib@^1.13.0, tslib@^1.7.1, tslib@^1.8.1: resolved "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz" integrity sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg== -tslib@^2.0.1: - version "2.6.2" - resolved "https://registry.yarnpkg.com/tslib/-/tslib-2.6.2.tgz#703ac29425e7b37cd6fd456e92404d46d1f3e4ae" - integrity sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q== - tslint-config-prettier@^1.18.0: version "1.18.0" resolved "https://registry.npmjs.org/tslint-config-prettier/-/tslint-config-prettier-1.18.0.tgz" @@ -1484,37 +1393,33 @@ tsutils@^2.29.0: dependencies: tslib "^1.8.1" -typescript@^5.5.3: - version "5.5.3" - resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.5.3.tgz#e1b0a3c394190838a0b168e771b0ad56a0af0faa" - integrity sha512-/hreyEujaB0w76zKo6717l3L0o/qEUtRgdvUBvlkhoWeOVMjMuHNHk0BRBzikzuGDqNmPQbg5ifMEqsHLiIUcQ== - -undici-types@~5.26.4: - version "5.26.5" - resolved "https://registry.yarnpkg.com/undici-types/-/undici-types-5.26.5.tgz#bcd539893d00b56e964fd2657a4866b221a65617" - integrity sha512-JlCMO+ehdEIKqlFxk6IfVoAUVmgz7cU7zD/h9XZ0qzeosSHmUJVOzSQvvYSYWXkFXC+IfLKSIffhv0sVZup6pA== - -universalify@^2.0.0: - version "2.0.1" - resolved "https://registry.yarnpkg.com/universalify/-/universalify-2.0.1.tgz#168efc2180964e6386d061e094df61afe239b18d" - integrity sha512-gptHNQghINnc/vTGIk0SOFGFNXw7JVrlRUtConJRlvaw6DuX0wO5Jeko9sWrMBhh+PsYAZ7oXAiOnf/UKogyiw== +typescript@^4.0.3: + version "4.1.3" + resolved "https://registry.npmjs.org/typescript/-/typescript-4.1.3.tgz" + integrity sha512-B3ZIOf1IKeH2ixgHhj6la6xdwR9QrLC5d1VKeCSY4tvkqhF2eqd9O7txNlS0PO3GrBAFIdr3L1ndNwteUbZLYg== util-deprecate@~1.0.1: version "1.0.2" resolved "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz" integrity sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8= -util@^0.12.5: - version "0.12.5" - resolved "https://registry.yarnpkg.com/util/-/util-0.12.5.tgz#5f17a6059b73db61a875668781a1c2b136bd6fbc" - integrity sha512-kZf/K6hEIrWHI6XqOFUiiMa+79wE/D8Q+NCNAWclkyg3b4d2k7s0QGepNjiABc+aR3N1PAyHL7p6UcLY6LmrnA== +util@^0.12.0: + version "0.12.3" + resolved "https://registry.npmjs.org/util/-/util-0.12.3.tgz" + integrity sha512-I8XkoQwE+fPQEhy9v012V+TSdH2kp9ts29i20TaaDUXsg7x/onePbhFJUExBfv/2ay1ZOp/Vsm3nDlmnFGSAog== dependencies: inherits "^2.0.3" is-arguments "^1.0.4" is-generator-function "^1.0.7" is-typed-array "^1.1.3" + safe-buffer "^5.1.2" which-typed-array "^1.1.2" +which-module@^2.0.0: + version "2.0.0" + resolved "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz" + integrity sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho= + which-typed-array@^1.1.2: version "1.1.4" resolved "https://registry.npmjs.org/which-typed-array/-/which-typed-array-1.1.4.tgz" @@ -1528,44 +1433,56 @@ which-typed-array@^1.1.2: has-symbols "^1.0.1" is-typed-array "^1.1.3" -workerpool@6.2.1: - version "6.2.1" - resolved "https://registry.yarnpkg.com/workerpool/-/workerpool-6.2.1.tgz#46fc150c17d826b86a008e5a4508656777e9c343" - integrity sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw== +which@2.0.2: + version "2.0.2" + resolved "https://registry.npmjs.org/which/-/which-2.0.2.tgz" + integrity sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA== + dependencies: + isexe "^2.0.0" -wrap-ansi@^7.0.0: - version "7.0.0" - resolved "https://registry.yarnpkg.com/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" - integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== +wide-align@1.1.3: + version "1.1.3" + resolved "https://registry.npmjs.org/wide-align/-/wide-align-1.1.3.tgz" + integrity sha512-QGkOQc8XL6Bt5PwnsExKBPuMKBxnGxWWW3fU55Xt4feHozMUhdUMaBCk290qpm/wG5u/RSKzwdAC4i51YigihA== dependencies: - ansi-styles "^4.0.0" - string-width "^4.1.0" - strip-ansi "^6.0.0" + string-width "^1.0.2 || 2" + +workerpool@6.0.2: + version "6.0.2" + resolved "https://registry.npmjs.org/workerpool/-/workerpool-6.0.2.tgz" + integrity sha512-DSNyvOpFKrNusaaUwk+ej6cBj1bmhLcBfj80elGk+ZIo5JSkq+unB1dLKEOcNfJDZgjGICfhQ0Q5TbP0PvF4+Q== + +wrap-ansi@^5.1.0: + version "5.1.0" + resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-5.1.0.tgz" + integrity sha512-QC1/iN/2/RPVJ5jYK8BGttj5z83LmSKmvbvrXPNCLZSEb32KKVDJDl/MOt2N01qU2H/FkzEa9PKto1BqDjtd7Q== + dependencies: + ansi-styles "^3.2.0" + string-width "^3.0.0" + strip-ansi "^5.0.0" wrappy@1: version "1.0.2" resolved "https://registry.yarnpkg.com/wrappy/-/wrappy-1.0.2.tgz#b5243d8f3ec1aa35f1364605bc0d1036e30ab69f" integrity sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8= -ws@>=8.16.0: - version "8.17.1" - resolved "https://registry.yarnpkg.com/ws/-/ws-8.17.1.tgz#9293da530bb548febc95371d90f9c878727d919b" - integrity sha512-6XQFvXTkbfUOZOKKILFG1PDK2NDQs4azKQl26T0YS5CxqWLgXajbPZ+h4gZekJyRqFU8pvnbAbbs/3TgRPy+GQ== +ws@^7.3.1: + version "7.5.3" + resolved "https://registry.npmjs.org/ws/-/ws-7.5.3.tgz" + integrity sha512-kQ/dHIzuLrS6Je9+uv81ueZomEwH0qVYstcAQ4/Z93K8zeko9gtAbttJWzoC5ukqXY1PpoouV3+VSOqEAFt5wg== -y18n@^5.0.5: - version "5.0.8" - resolved "https://registry.yarnpkg.com/y18n/-/y18n-5.0.8.tgz#7f4934d0f7ca8c56f95314939ddcd2dd91ce1d55" - integrity sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA== - -yargs-parser@20.2.4: - version "20.2.4" - resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.4.tgz#b42890f14566796f85ae8e3a25290d205f154a54" - integrity sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA== +y18n@^4.0.0: + version "4.0.1" + resolved "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz" + integrity sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ== -yargs-parser@^20.2.2: - version "20.2.9" - resolved "https://registry.yarnpkg.com/yargs-parser/-/yargs-parser-20.2.9.tgz#2eb7dc3b0289718fc295f362753845c41a0c94ee" - integrity sha512-y11nGElTIV+CT3Zv9t7VKl+Q3hTQoT9a1Qzezhhl6Rp21gJ/IVTW7Z3y9EWXhuUBC2Shnf+DX0antecpAwSP8w== +yargs-parser@13.1.2, yargs-parser@^13.1.2: + version "13.1.2" + resolved "https://registry.npmjs.org/yargs-parser/-/yargs-parser-13.1.2.tgz" + integrity sha512-3lbsNRf/j+A4QuSZfDRA7HRSfWrzO0YjqTJd5kjAq37Zep1CEgaYmrH9Q3GwPiB9cHyd1Y1UwggGhJGoxipbzg== + dependencies: + camelcase "^5.0.0" + decamelize "^1.2.0" yargs-unparser@2.0.0: version "2.0.0" @@ -1577,23 +1494,26 @@ yargs-unparser@2.0.0: flat "^5.0.2" is-plain-obj "^2.1.0" -yargs@16.2.0: - version "16.2.0" - resolved "https://registry.yarnpkg.com/yargs/-/yargs-16.2.0.tgz#1c82bf0f6b6a66eafce7ef30e376f49a12477f66" - integrity sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw== +yargs@13.3.2: + version "13.3.2" + resolved "https://registry.npmjs.org/yargs/-/yargs-13.3.2.tgz" + integrity sha512-AX3Zw5iPruN5ie6xGRIDgqkT+ZhnRlZMLMHAs8tg7nRruy2Nb+i5o9bwghAogtM08q1dpr2LVoS8KSTMYpWXUw== dependencies: - cliui "^7.0.2" - escalade "^3.1.1" - get-caller-file "^2.0.5" + cliui "^5.0.0" + find-up "^3.0.0" + get-caller-file "^2.0.1" require-directory "^2.1.1" - string-width "^4.2.0" - y18n "^5.0.5" - yargs-parser "^20.2.2" - -yarn@^1.22.22: - version "1.22.22" - resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.22.22.tgz#ac34549e6aa8e7ead463a7407e1c7390f61a6610" - integrity sha512-prL3kGtyG7o9Z9Sv8IPfBNrWTDmXB4Qbes8A9rEzt6wkJV8mUvoirjU0Mp3GGAU06Y0XQyA3/2/RQFVuK7MTfg== + require-main-filename "^2.0.0" + set-blocking "^2.0.0" + string-width "^3.0.0" + which-module "^2.0.0" + y18n "^4.0.0" + yargs-parser "^13.1.2" + +yarn@^1.22.13: + version "1.22.13" + resolved "https://registry.yarnpkg.com/yarn/-/yarn-1.22.13.tgz#8789ef23b630fe99b819b044f4b7b93ab1bc1b8f" + integrity sha512-G8qG4t7Ef5cLVpzbM3HWWsow4hpfeSCfKtMnjfERmp9V5qSCOKz0uGAIQCM/x3gWfCzH8Bvb4hl3ZfhG/XD1Jg== yauzl@^2.10.0: version "2.10.0" diff --git a/ui/.prettierrc b/ui/.prettierrc index 13a9584287dd1..9e18402b642d4 100644 --- a/ui/.prettierrc +++ b/ui/.prettierrc @@ -6,6 +6,5 @@ "tabWidth": 4, "jsxBracketSameLine": true, "quoteProps": "consistent", - "arrowParens": "avoid", - "trailingComma": "none" + "arrowParens": "avoid" } diff --git a/ui/README.md b/ui/README.md index aa6393fb9196f..aec1971e6797d 100644 --- a/ui/README.md +++ b/ui/README.md @@ -22,25 +22,4 @@ Make sure your code passes the lint checks: ``` yarn lint --fix -``` - -If you are using VSCode, add this configuration to `.vscode/settings.json` in the root of this repository to identify and fix lint issues automatically before you save file. - -Install [Eslint Extension](https://marketplace.visualstudio.com/items?itemName=dbaeumer.vscode-eslint) in VSCode. - -`.vscode/settings.json` -```json -{ - "eslint.format.enable": true, - "editor.codeActionsOnSave": { - "source.fixAll.eslint": "always" - }, - "eslint.workingDirectories": [ - { - "directory": "./ui", - "!cwd": false - } - ], - "eslint.experimental.useFlatConfig": true -} -``` +``` \ No newline at end of file diff --git a/ui/eslint.config.mjs b/ui/eslint.config.mjs deleted file mode 100644 index 45cca74acdcf7..0000000000000 --- a/ui/eslint.config.mjs +++ /dev/null @@ -1,37 +0,0 @@ -import globals from 'globals'; -import pluginJs from '@eslint/js'; -import tseslint from 'typescript-eslint'; -import pluginReactConfig from 'eslint-plugin-react/configs/recommended.js'; -import eslintPluginPrettierRecommended from 'eslint-plugin-prettier/recommended'; - -export default [ - {languageOptions: {globals: globals.browser}}, - pluginJs.configs.recommended, - ...tseslint.configs.recommended, - { - rules: { - '@typescript-eslint/no-explicit-any': 'off', - '@typescript-eslint/ban-types': 'off', - '@typescript-eslint/no-var-requires': 'off' - } - }, - { - settings: { - react: { - version: 'detect' - } - }, - ...pluginReactConfig, - rules: { - 'react/display-name': 'off', - 'react/no-string-refs': 'off' - } - }, - eslintPluginPrettierRecommended, - { - files: ['./src/**/*.{ts,tsx}'] - }, - { - ignores: ['dist', 'assets', '**/*.config.js', '__mocks__', 'coverage', '**/*.test.{ts,tsx}'] - } -]; diff --git a/ui/package.json b/ui/package.json index a7ec12f6d0071..8eaaaa26dfcfe 100644 --- a/ui/package.json +++ b/ui/package.json @@ -6,14 +6,14 @@ "start": "webpack-dev-server --config ./src/app/webpack.config.js --mode development", "docker": "./scripts/build_docker.sh", "build": "find ./dist -type f -not -name gitkeep -delete && webpack --config ./src/app/webpack.config.js --mode production", - "lint": "tsc --noEmit --project ./src/app && eslint", - "lint:fix": "eslint --fix", + "lint": "tsc --noEmit --project ./src/app && tslint -p ./src/app", + "lint:fix": "tslint -p ./src/app --fix", "test": "jest" }, "dependencies": { - "@fortawesome/fontawesome-free": "^6.5.2", + "@fortawesome/fontawesome-free": "^6.4.0", "@types/react-virtualized": "^9.21.21", - "@types/superagent": "^8.1.6", + "@types/superagent": "^4.1.21", "ansi-to-react": "^6.1.6", "argo-ui": "git+https://github.com/argoproj/argo-ui.git", "buffer": "^6.0.3", @@ -22,10 +22,10 @@ "dagre": "^0.8.5", "date-fns": "^2.30.0", "deepmerge": "^3.2.0", - "foundation-sites": "^6.8.1", + "foundation-sites": "^6.7.5", "git-url-parse": "^13.1.0", "history": "^4.7.2", - "js-yaml": "^4.1.0", + "js-yaml": "^3.14.1", "json-merge-patch": "^0.2.3", "lodash-es": "^4.17.21", "minimatch": "^3.1.2", @@ -43,7 +43,7 @@ "react-helmet": "^6.1.0", "react-hot-loader": "^3.1.3", "react-moment": "^0.9.7", - "react-paginate": "^8.2.0", + "react-paginate": "^8.1.4", "react-router": "^4.3.1", "react-router-dom": "^4.2.2", "react-svg-piechart": "^2.4.2", @@ -69,58 +69,54 @@ "@babel/preset-env": "^7.7.1", "@babel/preset-react": "^7.18.6", "@babel/preset-typescript": "^7.7.2", - "@eslint/js": "^9.1.1", "@types/classnames": "^2.2.3", "@types/cookie": "^0.5.1", "@types/dagre": "^0.7.40", "@types/deepmerge": "^2.2.0", "@types/git-url-parse": "^9.0.1", - "@types/jest": "^29.5.12", - "@types/js-yaml": "^4.0.9", + "@types/jest": "^24.0.13", + "@types/js-yaml": "^3.11.2", "@types/lodash-es": "^4.17.6", "@types/minimatch": "^3.0.3", "@types/node": "20.6.3", "@types/prop-types": "^15.7.5", "@types/react": "^16.8.5", - "@types/react-autocomplete": "^1.8.10", + "@types/react-autocomplete": "^1.8.4", "@types/react-dom": "^16.9.14", "@types/react-form": "^2.16.0", "@types/react-helmet": "^6.1.6", - "@types/react-paginate": "^7.1.4", + "@types/react-paginate": "^6.2.0", "@types/react-router": "^4.0.27", "@types/react-router-dom": "^4.2.3", "@types/react-test-renderer": "^16.8.3", "@types/uuid": "^9.0.1", "add": "^2.0.6", - "babel-jest": "^29.7.0", + "babel-jest": "^26.6.3", "babel-loader": "^8.0.6", "codecov": "^3.8.3", "copy-webpack-plugin": "^6.1.1", "esbuild-loader": "^2.18.0", - "eslint": "^9.1.1", - "eslint-config-prettier": "^9.1.0", - "eslint-plugin-prettier": "^5.1.3", - "eslint-plugin-react": "^7.34.1", - "globals": "^15.1.0", - "html-webpack-plugin": "^5.6.0", + "html-webpack-plugin": "^5.5.0", "identity-obj-proxy": "^3.0.0", - "jest": "^29.7.0", - "jest-environment-jsdom": "^29.7.0", + "jest": "^27.5.1", "jest-junit": "^6.4.0", "jest-transform-css": "^2.0.0", - "monaco-editor-webpack-plugin": "^7.1.0", + "monaco-editor-webpack-plugin": "^7.0.0", "postcss": "^8.4.38", - "prettier": "^3.2.5", + "prettier": "1.19", "raw-loader": "^0.5.1", "react-test-renderer": "16.8.3", "sass": "^1.49.9", - "sass-loader": "^14.2.1", + "sass-loader": "^12.6.0", "source-map-loader": "^0.2.3", "style-loader": "^0.20.1", - "ts-jest": "^29.1.2", - "ts-node": "10.9.2", + "ts-jest": "^27.1.3", + "ts-node": "10.9.1", + "tslint": "^6.1.3", + "tslint-config-prettier": "^1.18.0", + "tslint-plugin-prettier": "^2.0.1", + "tslint-react": "^5.0.0", "typescript": "^4.9.5", - "typescript-eslint": "^7.8.0", "webpack": "^5.84.1", "webpack-cli": "^4.9.2", "webpack-dev-server": "^4.7.4", diff --git a/ui/src/app/app.tsx b/ui/src/app/app.tsx index fb52e54e03ddc..d0a58d3fbdc7f 100644 --- a/ui/src/app/app.tsx +++ b/ui/src/app/app.tsx @@ -26,7 +26,7 @@ const base = bases.length > 0 ? bases[0].getAttribute('href') || '/' : '/'; export const history = createBrowserHistory({basename: base}); requests.setBaseHRef(base); -type Routes = {[path: string]: {component: React.ComponentType>; noLayout?: boolean}}; +type Routes = {[path: string]: {component: React.ComponentType>; noLayout?: boolean; extension?: boolean}}; const routes: Routes = { '/login': {component: login.component as any, noLayout: true}, @@ -98,7 +98,10 @@ requests.onError.subscribe(async err => { } // Query for basehref and remove trailing /. // If basehref is the default `/` it will become an empty string. - const basehref = document.querySelector('head > base').getAttribute('href').replace(/\/$/, ''); + const basehref = document + .querySelector('head > base') + .getAttribute('href') + .replace(/\/$/, ''); if (isSSO) { window.location.href = `${basehref}/auth/login?return_url=${encodeURIComponent(location.href)}`; } else { @@ -182,7 +185,8 @@ export class App extends React.Component< ); extendedRoutes[extension.path] = { - component: component as React.ComponentType> + component: component as React.ComponentType>, + extension: true }; } @@ -236,7 +240,11 @@ export class App extends React.Component< ) : ( services.viewPreferences.getPreferences()}> {pref => ( - this.setState({showVersionPanel: true})} navItems={this.navItems} pref={pref}> + this.setState({showVersionPanel: true})} + navItems={this.navItems} + pref={pref} + isExtension={route.extension}> diff --git a/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap b/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap index 10f05e4cf80fe..c3756c3510277 100644 --- a/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap +++ b/ui/src/app/applications/components/__snapshots__/utils.test.tsx.snap @@ -1,12 +1,12 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP exports[`ComparisonStatusIcon.OutOfSync 1`] = ` -[ +Array [ { if (app?.spec?.destination?.name && app.spec.destination.name !== '') { @@ -183,7 +180,7 @@ export const ApplicationCreatePanel = (props: { 'Cluster name is required' })} defaultValues={app} - formDidUpdate={state => debouncedOnAppChanged(state.values as any)} + formDidUpdate={state => props.onAppChanged(state.values as any)} onSubmit={props.createApp} getApi={props.getFormApi}> {api => { @@ -447,7 +444,7 @@ export const ApplicationCreatePanel = (props: { }} load={async src => { if (src.repoURL && src.targetRevision && (src.path || src.chart)) { - return services.repos.appDetails(src, src.appName, app.spec.project, 0, 0).catch(() => ({ + return services.repos.appDetails(src, src.appName, app.spec.project).catch(() => ({ type: 'Directory', details: {} })); diff --git a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.scss b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.scss index b370878a36520..8c31a357529f2 100644 --- a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.scss +++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.scss @@ -43,11 +43,4 @@ .white-box__details p { margin-left: -1em; } - - .separator { - height: 2px; - margin: 1em 0; - width: 100%; - background-color: $argo-color-gray-5; - } } diff --git a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx index c81f2c41c55a0..37908fb1a35b8 100644 --- a/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx +++ b/ui/src/app/applications/components/application-deployment-history/application-deployment-history.tsx @@ -26,6 +26,7 @@ export const ApplicationDeploymentHistory = ({ const runEnd = nextDeployedAt ? moment(nextDeployedAt) : moment(); return {...info, nextDeployedAt, durationMs: runEnd.diff(moment(info.deployedAt)) / 1000}; }); + return (
    {recentDeployments.map((info, index) => ( @@ -57,7 +58,9 @@ export const ApplicationDeploymentHistory = ({
    +
    Revision:
    +
    ( @@ -76,86 +79,29 @@ export const ApplicationDeploymentHistory = ({
    {selectedRollbackDeploymentIndex === index ? ( - info.sources === undefined ? ( - -
    -
    -
    Revision:
    -
    - -
    -
    -
    - - services.repos.appDetails(src, src.appName, app.spec.project, 0, recentDeployments[index].id)}> - {(details: models.RepoAppDetails) => ( -
    - -
    - )} -     -     - ) : ( - info.sources.map((source, i) => ( - - {i > 0 ?
    : null} + + + services.repos.appDetails(src, src.appName, app.spec.project)}> + {(details: models.RepoAppDetails) => (
    -
    -
    Revision:
    -
    - -
    -
    +
    - - - services.repos.appDetails(src, src.appName, app.spec.project, i, recentDeployments[index].id)}> - {(details: models.RepoAppDetails) => ( -
    - -
    - )} -     -     - )) - ) - ) : ( -

    Click to see source details.

    - )} + )} + + + ) : null}
    ))} diff --git a/ui/src/app/applications/components/application-deployment-history/revision-metadata-rows.tsx b/ui/src/app/applications/components/application-deployment-history/revision-metadata-rows.tsx index 1043d0bfa5659..3fa7c62ed1caa 100644 --- a/ui/src/app/applications/components/application-deployment-history/revision-metadata-rows.tsx +++ b/ui/src/app/applications/components/application-deployment-history/revision-metadata-rows.tsx @@ -4,14 +4,10 @@ import {Timestamp} from '../../../shared/components/timestamp'; import {ApplicationSource, RevisionMetadata, ChartDetails} from '../../../shared/models'; import {services} from '../../../shared/services'; -export const RevisionMetadataRows = (props: {applicationName: string; applicationNamespace: string; source: ApplicationSource; index: number; versionId: number}) => { +export const RevisionMetadataRows = (props: {applicationName: string; applicationNamespace: string; source: ApplicationSource}) => { if (props.source.chart) { return ( - - services.applications.revisionChartDetails(input.applicationName, input.applicationNamespace, input.source.targetRevision, input.index, input.versionId) - }> + services.applications.revisionChartDetails(input.applicationName, input.applicationNamespace, input.source.targetRevision)}> {(m: ChartDetails) => (
    @@ -48,9 +44,7 @@ export const RevisionMetadataRows = (props: {applicationName: string; applicatio ); } return ( - services.applications.revisionMetadata(input.applicationName, input.applicationNamespace, input.source.targetRevision, input.index, input.versionId)}> + services.applications.revisionMetadata(input.applicationName, input.applicationNamespace, input.source.targetRevision)}> {(m: RevisionMetadata) => (
    diff --git a/ui/src/app/applications/components/application-details/application-details.tsx b/ui/src/app/applications/components/application-details/application-details.tsx index 34d5121f87557..a3e8175591dde 100644 --- a/ui/src/app/applications/components/application-details/application-details.tsx +++ b/ui/src/app/applications/components/application-details/application-details.tsx @@ -24,7 +24,7 @@ import {ResourceDetails} from '../resource-details/resource-details'; import * as AppUtils from '../utils'; import {ApplicationResourceList} from './application-resource-list'; import {Filters, FiltersProps} from './application-resource-filter'; -import {getAppDefaultSource, getAppCurrentVersion, urlPattern} from '../utils'; +import {getAppDefaultSource, urlPattern, helpTip} from '../utils'; import {ChartDetails, ResourceStatus} from '../../../shared/models'; import {ApplicationsDetailsAppDropdown} from './application-details-app-dropdown'; import {useSidebarTarget} from '../../../sidebar/sidebar'; @@ -34,7 +34,7 @@ import {AppViewExtension, StatusPanelExtension} from '../../../shared/services/e interface ApplicationDetailsState { page: number; - revision?: string; // Which type of revision panelto show SYNC_STATUS_REVISION or OPERATION_STATE_REVISION + revision?: string; groupedResources?: ResourceStatus[]; slidingPanelPage?: number; filteredGraph?: any[]; @@ -180,217 +180,6 @@ export class ApplicationDetails extends React.Component - message.split(/\s/).map(part => - urlPattern.test(part) ? ( - - {part}{' '} - - ) : ( - part + ' ' - ) - ); - - const getContentForChart = ( - aRevision: string, - aSourceIndex: number | null, - aVersionId: number | null, - indx: number, - aSource: models.ApplicationSource, - sourceHeader?: JSX.Element - ) => { - const showChartNonMetadataInfo = (aRevision: string, aRepoUrl: string) => { - return ( - <> -
    -
    Revision:
    -
    {aRevision}
    -
    -
    -
    Chart Source:
    -
    {aRepoUrl}
    -
    - - ); - }; - return ( - services.applications.revisionChartDetails(input.metadata.name, input.metadata.namespace, aRevision, aSourceIndex, aVersionId)}> - {(m: ChartDetails) => { - return m ? ( -
    - {sourceHeader && sourceHeader} -
    - {showChartNonMetadataInfo(aRevision, aSource.repoURL)} -
    -
    Helm Chart:
    -
    - {aSource.chart}  - {m.home && ( - { - e.stopPropagation(); - window.open(m.home); - }}> - - - )} -
    -
    - {m.description && ( -
    -
    Description:
    -
    {m.description}
    -
    - )} - {m.maintainers && m.maintainers.length > 0 && ( -
    -
    Maintainers:
    -
    {m.maintainers.join(', ')}
    -
    - )} -
    -
    - ) : ( -
    -
    Source {indx + 1}
    -
    - {showChartNonMetadataInfo(aRevision, aSource.repoURL)} -
    -
    Helm Chart:
    - -
    -
    -
    - ); - }} -     - ); - }; - - const getContentForNonChart = ( - aRevision: string, - aSourceIndex: number, - aVersionId: number, - indx: number, - aSource: models.ApplicationSource, - sourceHeader?: JSX.Element - ) => { - const showNonMetadataInfo = (aSource: models.ApplicationSource, aRevision: string) => { - return ( - <> -
    -
    -
    SHA:
    -
    - -
    -
    -
    -
    -
    -
    Source:
    -
    {aSource.repoURL}
    -
    -
    - - ); - }; - return ( - services.applications.revisionMetadata(application.metadata.name, application.metadata.namespace, aRevision, aSourceIndex, aVersionId)}> - {metadata => - metadata ? ( -
    - {sourceHeader && sourceHeader} - {showNonMetadataInfo(aSource, aRevision)} -
    -
    -
    Date:
    -
    - -
    -
    -
    -
    -
    -
    Tags:
    -
    {((metadata.tags || []).length > 0 && metadata.tags.join(', ')) || 'No tags'}
    -
    -
    -
    -
    -
    Author:
    -
    {metadata.author}
    -
    -
    -
    -
    -
    Message:
    -
    -
    {renderCommitMessage(metadata.message)}
    -
    -
    -
    -
    - ) : ( -
    -
    Source {indx + 1}
    - {showNonMetadataInfo(aSource, aRevision)} -
    - ) - } -     - ); - }; - const cont: JSX.Element[] = []; - const sources: models.ApplicationSource[] = application.spec.sources; - if (sources?.length > 0 && revisions) { - revisions.forEach((rev, indx) => { - if (sources[indx].chart) { - cont.push(getContentForChart(rev, indx, getAppCurrentVersion(application), indx, sources[indx],
    Source {indx + 1}
    )); - } else { - cont.push(getContentForNonChart(rev, indx, getAppCurrentVersion(application), indx, sources[indx],
    Source {indx + 1}
    )); - } - }); - return <>{cont}; - } else if (application.spec.source) { - if (source.chart) { - cont.push(getContentForChart(revision, null, null, 0, source)); - } else { - cont.push(getContentForNonChart(revision, null, getAppCurrentVersion(application), 0, source)); - } - return <>{cont}; - } else { - return ( -
    -
    -
    -
    No other information available
    -
    -
    -
    - ); - } - } - public render() { return ( @@ -494,6 +283,17 @@ export class ApplicationDetails extends React.Component + message.split(/\s/).map(part => + urlPattern.test(part) ? ( + + {part}{' '} + + ) : ( + part + ' ' + ) + ); const {Tree, Pods, Network, List} = AppsDetailsViewKey; const zoomNum = (pref.zoom * 100).toFixed(0); const setZoom = (s: number) => { @@ -773,12 +573,16 @@ export class ApplicationDetails extends React.Component {data => ( this.selectNode(fullName)} resources={data} nodeMenu={node => - AppUtils.renderResourceMenu(node, application, tree, this.appContext.apis, this.appChanged, () => - this.getApplicationActionMenu(application, false) + AppUtils.renderResourceMenu( + {...node, root: node}, + application, + tree, + this.appContext.apis, + this.appChanged, + () => this.getApplicationActionMenu(application, false) ) } tree={tree} @@ -804,11 +608,10 @@ export class ApplicationDetails extends React.Component {data => ( this.selectNode(fullName)} resources={data} nodeMenu={node => - AppUtils.renderResourceMenu(node, application, tree, this.appContext.apis, this.appChanged, () => + AppUtils.renderResourceMenu({...node, root: node}, application, tree, this.appContext.apis, this.appChanged, () => this.getApplicationActionMenu(application, false) ) } @@ -849,21 +652,102 @@ export class ApplicationDetails extends React.Component this.setConditionsStatusVisible(false)}> {conditions && } - this.setState({revision: null})}> - {this.state.revision === 'SYNC_STATUS_REVISION' && - (application.status.sync.revisions || application.status.sync.revision) && - this.getContent(application, source, application.status.sync.revisions, application.status.sync.revision)} - {this.state.revision === 'OPERATION_STATE_REVISION' && - (application.status.operationState.syncResult.revisions || application.status.operationState.syncResult.revision) && - this.getContent( - application, - source, - application.status.operationState.syncResult.revisions, - application.status.operationState.syncResult.revision - )} + this.setState({revision: null})}> + {this.state.revision && + (source.chart ? ( + + services.applications.revisionChartDetails(input.metadata.name, input.metadata.namespace, this.state.revision) + }> + {(m: ChartDetails) => ( +
    +
    +
    +
    Revision:
    +
    {this.state.revision}
    +
    +
    +
    Helm Chart:
    +
    + {source.chart}  + {m.home && ( + { + e.stopPropagation(); + window.open(m.home); + }}> + + + )} +
    +
    + {m.description && ( +
    +
    Description:
    +
    {m.description}
    +
    + )} + {m.maintainers && m.maintainers.length > 0 && ( +
    +
    Maintainers:
    +
    {m.maintainers.join(', ')}
    +
    + )} +
    +
    + )} +     + ) : ( + + services.applications.revisionMetadata(application.metadata.name, application.metadata.namespace, this.state.revision) + }> + {metadata => ( +
    +
    +
    +
    SHA:
    +
    + +
    +
    +
    +
    +
    +
    Date:
    +
    + +
    +
    +
    +
    +
    +
    Tags:
    +
    + {((metadata.tags || []).length > 0 && metadata.tags.join(', ')) || 'No tags'} +
    +
    +
    +
    +
    +
    Author:
    +
    {metadata.author}
    +
    +
    +
    +
    +
    Message:
    +
    +
    {renderCommitMessage(metadata.message)}
    +
    +
    +
    +
    + )} +     + ))}     {prop.actionLabel}; + const hasMultipleSources = app.spec.sources && app.spec.sources.length > 0; return [ { iconClassName: 'fa fa-info-circle', @@ -911,11 +796,18 @@ export class ApplicationDetails extends React.Component, + title: hasMultipleSources ? ( + + + {helpTip('Rollback is not supported for apps with multiple sources')} + + ) : ( + + ), action: () => { this.setRollbackPanelVisible(0); }, - disabled: !app.status.operationState + disabled: !app.status.operationState || hasMultipleSources }, { iconClassName: 'fa fa-times-circle', diff --git a/ui/src/app/applications/components/application-details/application-resource-list.tsx b/ui/src/app/applications/components/application-details/application-resource-list.tsx index 2230e31bacea1..d1e01adb52c04 100644 --- a/ui/src/app/applications/components/application-details/application-resource-list.tsx +++ b/ui/src/app/applications/components/application-details/application-resource-list.tsx @@ -1,45 +1,51 @@ -import {DropDown, Tooltip} from 'argo-ui'; +import {DropDown} from 'argo-ui'; import * as React from 'react'; import * as classNames from 'classnames'; import * as models from '../../../shared/models'; import {ResourceIcon} from '../resource-icon'; import {ResourceLabel} from '../resource-label'; -import {ComparisonStatusIcon, HealthStatusIcon, nodeKey, createdOrNodeKey, isSameNode} from '../utils'; -import {AppDetailsPreferences} from '../../../shared/services'; +import {ComparisonStatusIcon, HealthStatusIcon, nodeKey, createdOrNodeKey} from '../utils'; import {Consumer} from '../../../shared/context'; +import * as _ from 'lodash'; import Moment from 'react-moment'; import {format} from 'date-fns'; -import {ResourceNode} from '../../../shared/models'; +import {ResourceNode, ResourceRef} from '../../../shared/models'; import './application-resource-list.scss'; -export interface ApplicationResourceListProps { - pref: AppDetailsPreferences; +export const ApplicationResourceList = ({ + resources, + onNodeClick, + nodeMenu, + tree +}: { resources: models.ResourceStatus[]; onNodeClick?: (fullName: string) => any; nodeMenu?: (node: models.ResourceNode) => React.ReactNode; tree?: models.ApplicationTree; -} - -export const ApplicationResourceList = (props: ApplicationResourceListProps) => { - const nodeByKey = new Map(); - props.tree?.nodes?.forEach(res => nodeByKey.set(nodeKey(res), res)); - - const firstParentNode = props.resources.length > 0 && (nodeByKey.get(nodeKey(props.resources[0])) as ResourceNode)?.parentRefs?.[0]; - const isSameParent = firstParentNode && props.resources?.every(x => (nodeByKey.get(nodeKey(x)) as ResourceNode)?.parentRefs?.every(p => isSameNode(p, firstParentNode))); - const isSameKind = props.resources?.every(x => x.group === props.resources[0].group && x.kind === props.resources[0].kind); - const view = props.pref.view; +}) => { + function getResNode(nodes: ResourceNode[], nodeId: string): models.ResourceNode { + for (const node of nodes) { + if (nodeKey(node) === nodeId) { + return node; + } + } + return null; + } + const parentNode = ((resources || []).length > 0 && (getResNode(tree.nodes, nodeKey(resources[0])) as ResourceNode)?.parentRefs?.[0]) || ({} as ResourceRef); + const searchParams = new URLSearchParams(window.location.search); + const view = searchParams.get('view'); const ParentRefDetails = () => { - return isSameParent ? ( + return Object.keys(parentNode).length > 0 ? (
    Parent Node Info
    Name:
    -
    {firstParentNode.name}
    +
    {parentNode?.name}
    Kind:
    -
    {firstParentNode.kind}
    +
    {parentNode?.kind}
    ) : ( @@ -47,126 +53,119 @@ export const ApplicationResourceList = (props: ApplicationResourceListProps) => ); }; return ( - props.resources.length > 0 && ( -
    - {/* Display only when the view is set to or network */} - {(view === 'tree' || view === 'network') && ( -
    - -
    - )} -
    -
    -
    -
    -
    NAME
    -
    GROUP/KIND
    -
    SYNC ORDER
    -
    NAMESPACE
    - {isSameKind && props.resources[0].kind === 'ReplicaSet' &&
    REVISION
    } -
    CREATED AT
    -
    STATUS
    -
    +
    + {/* Display only when the view is set to or network */} + {(view === 'tree' || view === 'network') && ( +
    + +
    + )} +
    +
    +
    +
    +
    NAME
    +
    GROUP/KIND
    +
    SYNC ORDER
    +
    NAMESPACE
    + {(parentNode.kind === 'Rollout' || parentNode.kind === 'Deployment') &&
    REVISION
    } +
    CREATED AT
    +
    STATUS
    - {props.resources - .sort((first, second) => -createdOrNodeKey(first).localeCompare(createdOrNodeKey(second))) - .map(res => { - const groupkindjoin = [res.group, res.kind].filter(item => !!item).join('/'); - return ( -
    props.onNodeClick && props.onNodeClick(nodeKey(res))}> -
    -
    -
    - -
    -
    {ResourceLabel({kind: res.kind})}
    -
    -
    - -
    - {res.name} - {res.kind === 'Application' && ( - - {ctx => ( - - e.stopPropagation()} - title='Open application'> - - - - )} - - )} -
    -     - -
    {groupkindjoin}
    -     - -
    {res.syncWave || '-'}
    -     - -
    {res.namespace}
    -     - {isSameKind && - res.kind === 'ReplicaSet' && - ((nodeByKey.get(nodeKey(res)) as ResourceNode).info || []) - .filter(tag => !tag.name.includes('Node')) - .slice(0, 4) - .map((tag, i) => { - return ( -
    - {tag?.value?.split(':')[1] || '-'} -
    - ); - })} - -
    - {res.createdAt && ( - - - {res.createdAt} - -  ago   {format(new Date(res.createdAt), 'MM/dd/yy')} - - )} -
    -     -
    - {res.health && ( - - {res.health.status}   - +
    + {resources + .sort((first, second) => -createdOrNodeKey(first).localeCompare(createdOrNodeKey(second))) + .map(res => ( +
    onNodeClick(nodeKey(res))}> +
    +
    +
    + +
    +
    {ResourceLabel({kind: res.kind})}
    +
    +
    +
    + {res.name} + {res.kind === 'Application' && ( + + {ctx => ( + + e.stopPropagation()} + title='Open application'> + + + )} - {res.status && } - {res.hook && } - {props.nodeMenu && ( -
    - ( - - )}> - {() => props.nodeMenu(nodeByKey.get(nodeKey(res)))} - + + )} +
    +
    {[res.group, res.kind].filter(item => !!item).join('/')}
    +
    {res.syncWave || '-'}
    +
    {res.namespace}
    + {res.kind === 'ReplicaSet' && + ((getResNode(tree.nodes, nodeKey(res)) as ResourceNode).info || []) + .filter(tag => !tag.name.includes('Node')) + .slice(0, 4) + .map((tag, i) => { + return ( +
    + {tag?.value?.split(':')[1] || '-'}
    - )} -
    + ); + })} + +
    + {res.createdAt && ( + + + {res.createdAt} + +  ago   {format(new Date(res.createdAt), 'MM/dd/yy')} + + )} +
    +
    + {res.health && ( + + {res.health.status}   + + )} + {res.status && } + {res.hook && } +
    + ( + + )}> + {nodeMenu({ + name: res.name, + version: res.version, + kind: res.kind, + namespace: res.namespace, + group: res.group, + info: null, + uid: '', + resourceVersion: null, + parentRefs: [] + })} +
    - ); - })} -
    +
    +
    + ))}
    - ) +
    ); }; diff --git a/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.tsx b/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.tsx index 03baa4e44e655..c7e669f46dded 100644 --- a/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.tsx +++ b/ui/src/app/applications/components/application-fullscreen-logs/application-fullscreen-logs.tsx @@ -15,7 +15,6 @@ export const ApplicationFullscreenLogs = (props: RouteComponentProps<{name: stri const group = q.get('group'); const kind = q.get('kind'); const title = `${podName || `${group}/${kind}/${name}`}:${props.match.params.container}`; - const fullscreen = true; return (
    @@ -29,7 +28,6 @@ export const ApplicationFullscreenLogs = (props: RouteComponentProps<{name: stri kind={kind} name={name} podName={podName} - fullscreen={fullscreen} />
    ); diff --git a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx index 57ec1f122f915..0f5bbac2615a2 100644 --- a/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx +++ b/ui/src/app/applications/components/application-operation-state/application-operation-state.tsx @@ -93,15 +93,7 @@ export const ApplicationOperationState: React.StatelessComponent = ({appl }); } if (operationState.syncResult) { - operationAttributes.push({ - title: 'REVISION', - value: ( -
    - - {utils.getAppDefaultOperationSyncRevisionExtra(application)} -
    - ) - }); + operationAttributes.push({title: 'REVISION', value: }); } let initiator = ''; if (operationState.operation.initiatedBy) { diff --git a/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx b/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx deleted file mode 100644 index 4acbcdd82fcf6..0000000000000 --- a/ui/src/app/applications/components/application-parameters/application-parameters-source.tsx +++ /dev/null @@ -1,112 +0,0 @@ -import * as classNames from 'classnames'; -import * as React from 'react'; -import {FormApi} from 'react-form'; -import {EditablePanelItem} from '../../../shared/components'; -import {EditableSection} from '../../../shared/components/editable-panel/editable-section'; -import {Consumer} from '../../../shared/context'; -import '../../../shared/components/editable-panel/editable-panel.scss'; - -export interface ApplicationParametersPanelProps { - floatingTitle?: string | React.ReactNode; - titleTop?: string | React.ReactNode; - titleBottom?: string | React.ReactNode; - index: number; - valuesTop?: T; - valuesBottom?: T; - validateTop?: (values: T) => any; - validateBottom?: (values: T) => any; - saveTop?: (input: T, query: {validate?: boolean}) => Promise; - saveBottom?: (input: T, query: {validate?: boolean}) => Promise; - itemsTop?: EditablePanelItem[]; - itemsBottom?: EditablePanelItem[]; - onModeSwitch?: () => any; - viewTop?: string | React.ReactNode; - viewBottom?: string | React.ReactNode; - editTop?: (formApi: FormApi) => React.ReactNode; - editBottom?: (formApi: FormApi) => React.ReactNode; - noReadonlyMode?: boolean; - collapsible?: boolean; -} - -interface ApplicationParametersPanelState { - editTop: boolean; - editBottom: boolean; - savingTop: boolean; - savingBottom: boolean; -} - -// Currently two editable sections, but can be modified to support N panels in general. This should be part of a white-box, editable-panel. -export class ApplicationParametersSource extends React.Component, ApplicationParametersPanelState> { - constructor(props: ApplicationParametersPanelProps) { - super(props); - this.state = {editTop: !!props.noReadonlyMode, editBottom: !!props.noReadonlyMode, savingTop: false, savingBottom: false}; - } - - public render() { - return ( - - {ctx => ( -
    - {this.props.floatingTitle &&
    {this.props.floatingTitle}
    } - - this.onModeSwitch()} - noReadonlyMode={this.props.noReadonlyMode} - edit={this.props.editTop} - collapsible={this.props.collapsible} - ctx={ctx} - isTopSection={true} - disabledState={this.state.editTop || this.state.editTop === null} - updateButtons={editClicked => { - this.setState({editBottom: editClicked}); - }} - /> - - {this.props.itemsTop && ( - -
    -

     

    -
    -
    - - )} - - this.onModeSwitch()} - noReadonlyMode={this.props.noReadonlyMode} - edit={this.props.editBottom} - collapsible={this.props.collapsible} - ctx={ctx} - isTopSection={false} - disabledState={this.state.editBottom || this.state.editBottom === null} - updateButtons={editClicked => { - this.setState({editTop: editClicked}); - }} - /> - -
    - )} - - ); - } - - private onModeSwitch() { - if (this.props.onModeSwitch) { - this.props.onModeSwitch(); - } - } -} diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.scss b/ui/src/app/applications/components/application-parameters/application-parameters.scss deleted file mode 100644 index e49945dc85324..0000000000000 --- a/ui/src/app/applications/components/application-parameters/application-parameters.scss +++ /dev/null @@ -1,80 +0,0 @@ -@import 'node_modules/argo-ui/src/styles/config'; -@import 'node_modules/argo-ui/src/styles/theme'; - -.application-parameters { - &__labels { - line-height: 28px; - display: flex; - align-items: center; - height: 100%; - flex-wrap: wrap; - padding-top: 0.5em; - } - - &__label { - background-color: $argo-color-gray-5; - color: white; - border-radius: 5px; - padding: 4px; - line-height: 14px; - margin: 0.3em 0; - margin-right: 2px; - } - - &__sort-icon { - cursor: pointer; - position: absolute; - font-size: 1.3em; - left: -1em; - - &.fa-sort-up { - top: 10px; - } - - &.fa-sort-down { - bottom: 10px; - } - } - &__remove-icon { - cursor: pointer; - position: absolute; - top: 1em; - right: 1em; - } - - .argo-field { - line-height: 1.15; - } - - .white-box__details p { - font-weight: 500; - @include themify($themes) { - color: themed('text-1'); - } - } - - .white-box__details-row .row { - padding-left: 1em; - padding-right: 1em; - } - - .white-box__details-row .row .columns:last-child { - padding-left: 1em; - } - - .select { - padding-bottom: 0; - } - - .row.application-retry-options { - .columns.application-retry-options__item{ - padding-left: 0; - padding-right: 10px; - } - - .argo-form-row__error-msg { - position: static; - line-height: 1; - } - } -} diff --git a/ui/src/app/applications/components/application-parameters/application-parameters.tsx b/ui/src/app/applications/components/application-parameters/application-parameters.tsx index 9f5073a838bad..38a6d151a90c2 100644 --- a/ui/src/app/applications/components/application-parameters/application-parameters.tsx +++ b/ui/src/app/applications/components/application-parameters/application-parameters.tsx @@ -6,19 +6,15 @@ import { ArrayInputField, ArrayValueField, CheckboxField, + EditablePanel, + EditablePanelItem, Expandable, MapValueField, NameValueEditor, StringValueField, NameValue, TagsInputField, - ValueEditor, - Paginate, - RevisionHelpIcon, - Revision, - Repo, - EditablePanel, - EditablePanelItem + ValueEditor } from '../../../shared/components'; import * as models from '../../../shared/models'; import {ApplicationSourceDirectory, Plugin} from '../../../shared/models'; @@ -29,11 +25,6 @@ import {VarsInputField} from './vars-input-field'; import {concatMaps} from '../../../shared/utils'; import {getAppDefaultSource} from '../utils'; import * as jsYaml from 'js-yaml'; -import {RevisionFormField} from '../revision-form-field/revision-form-field'; -import classNames from 'classnames'; -import {ApplicationParametersSource} from './application-parameters-source'; - -import './application-parameters.scss'; const TextWithMetadataField = ReactFormField((props: {metadata: {value: string}; fieldApi: FieldApi; className: string}) => { const { @@ -60,16 +51,6 @@ function overridesFirst(first: {overrideIndex: number; metadata: {name: string}} return first.overrideIndex - second.overrideIndex; } -function processPath(path: string) { - if (path !== null && path !== undefined) { - if (path === '.') { - return '(root)'; - } - return path; - } - return ''; -} - function getParamsEditableItems( app: models.Application, title: string, @@ -141,458 +122,20 @@ function getParamsEditableItems( export const ApplicationParameters = (props: { application: models.Application; - details?: models.RepoAppDetails; + details: models.RepoAppDetails; save?: (application: models.Application, query: {validate?: boolean}) => Promise; noReadonlyMode?: boolean; - pageNumber?: number; - setPageNumber?: (x: number) => any; - collapsedSources?: boolean[]; - handleCollapse?: (i: number, isCollapsed: boolean) => void; }) => { const app = cloneDeep(props.application); - const source = getAppDefaultSource(app); // For source field - const appSources = app?.spec.sources; + const source = getAppDefaultSource(app); const [removedOverrides, setRemovedOverrides] = React.useState(new Array()); - const collapsible = props.collapsedSources !== undefined && props.handleCollapse !== undefined; - const [appParamsDeletedState, setAppParamsDeletedState] = React.useState([]); - - if (app.spec.sources?.length > 0 && !props.details) { - return ( -
    - { - props.setPageNumber(page); - }}> - {data => { - const listOfPanels: JSX.Element[] = []; - data.forEach(appSource => { - const i = app.spec.sources.indexOf(appSource); - listOfPanels.push(getEditablePanelForSources(i, appSource)); - }); - return listOfPanels; - }} - -
    - ); - } else { - // For the other old/existings references of ApplicationParameters that have details already loaded. They are single source - let attributes: EditablePanelItem[] = []; - if (props.details) { - return getEditablePanel( - gatherDetails(0, props.details, attributes, source, app, setRemovedOverrides, removedOverrides, appParamsDeletedState, setAppParamsDeletedState, false), - props.details - ); - } else { - // For single source field, for resource details where we have to do the load. - return ( - getSingleSource(application)}> - {(details: models.RepoAppDetails) => { - attributes = []; - const attr = gatherDetails( - 0, - details, - attributes, - source, - app, - setRemovedOverrides, - removedOverrides, - appParamsDeletedState, - setAppParamsDeletedState, - false - ); - return getEditablePanel(attr, details); - }} - - ); - } - } - - // Collapse button is separate - function getEditablePanelForSources(index: number, appSource: models.ApplicationSource): JSX.Element { - return (collapsible && props.collapsedSources[index] === undefined) || props.collapsedSources[index] ? ( -
    { - const currentState = props.collapsedSources[index] !== undefined ? props.collapsedSources[index] : true; - props.handleCollapse(index, !currentState); - }}> -
    - -
    -
    -
    Source {index + 1 + ': ' + appSource.repoURL}
    -
    - {(appSource.path ? 'PATH=' + appSource.path : '') + (appSource.targetRevision ? (appSource.path ? ', ' : '') + 'REVISION=' + appSource.targetRevision : '')} -
    -
    -
    - ) : ( -
    -
    - {collapsible && ( - -
    - { - props.handleCollapse(index, !props.collapsedSources[index]); - }} - /> -
    -     - )} - getSourceFromAppSources(src, app.metadata.name, app.spec.project, index, 0)}> - {(details: models.RepoAppDetails) => getEditablePanelForOneSource(details, index, source)} - -
    -
    - ); - } - - function getEditablePanel(items: EditablePanelItem[], repoAppDetails: models.RepoAppDetails): any { - return ( -
    - { - const updatedSrc = input.spec.source; - - function isDefined(item: any) { - return item !== null && item !== undefined; - } - function isDefinedWithVersion(item: any) { - return item !== null && item !== undefined && item.match(/:/); - } - if (updatedSrc.helm && updatedSrc.helm.parameters) { - updatedSrc.helm.parameters = updatedSrc.helm.parameters.filter(isDefined); - } - if (updatedSrc.kustomize && updatedSrc.kustomize.images) { - updatedSrc.kustomize.images = updatedSrc.kustomize.images.filter(isDefinedWithVersion); - } - - let params = input.spec?.source?.plugin?.parameters; - if (params) { - for (const param of params) { - if (param.map && param.array) { - // eslint-disable-next-line @typescript-eslint/ban-ts-comment - // @ts-ignore - param.map = param.array.reduce((acc, {name, value}) => { - // eslint-disable-next-line @typescript-eslint/ban-ts-comment - // @ts-ignore - acc[name] = value; - return acc; - }, {}); - delete param.array; - } - } - params = params.filter(param => !appParamsDeletedState.includes(param.name)); - input.spec.source.plugin.parameters = params; - } - if (input.spec.source.helm && input.spec.source.helm.valuesObject) { - input.spec.source.helm.valuesObject = jsYaml.load(input.spec.source.helm.values); // Deserialize json - input.spec.source.helm.values = ''; - } - await props.save(input, {}); - setRemovedOverrides(new Array()); - }) - } - values={((repoAppDetails.plugin || app?.spec?.source?.plugin) && cloneDeep(app)) || app} - validate={updatedApp => { - const errors = {} as any; - - for (const fieldPath of ['spec.source.directory.jsonnet.tlas', 'spec.source.directory.jsonnet.extVars']) { - const invalid = ((getNestedField(updatedApp, fieldPath) || []) as Array).filter(item => !item.name && !item.code); - errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; - } - - if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { - const parsedValues = jsYaml.load(updatedApp.spec.source.helm.values); - errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; - } - - return errors; - }} - onModeSwitch={ - repoAppDetails.plugin && - (() => { - setAppParamsDeletedState([]); - }) - } - title={repoAppDetails.type.toLocaleUpperCase()} - items={items as EditablePanelItem[]} - noReadonlyMode={props.noReadonlyMode} - hasMultipleSources={false} - /> -
    - ); - } - - function getEditablePanelForOneSource(repoAppDetails: models.RepoAppDetails, ind: number, src: models.ApplicationSource): any { - let floatingTitle: string; - const lowerPanelAttributes: EditablePanelItem[] = []; - const upperPanelAttributes: EditablePanelItem[] = []; - - const upperPanel = gatherCoreSourceDetails(ind, upperPanelAttributes, appSources[ind], app); - const lowerPanel = gatherDetails( - ind, - repoAppDetails, - lowerPanelAttributes, - appSources[ind], - app, - setRemovedOverrides, - removedOverrides, - appParamsDeletedState, - setAppParamsDeletedState, - true - ); - - if (repoAppDetails.type === 'Directory') { - floatingTitle = - 'Source ' + - (ind + 1) + - ': TYPE=' + - repoAppDetails.type + - ', URL=' + - src.repoURL + - (repoAppDetails.path ? ', PATH=' + repoAppDetails.path : '') + - (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : ''); - } else if (repoAppDetails.type === 'Helm') { - floatingTitle = - 'Source ' + - (ind + 1) + - ': TYPE=' + - repoAppDetails.type + - ', URL=' + - src.repoURL + - (src.chart ? ', CHART=' + src.chart + ':' + src.targetRevision : '') + - (src.path ? ', PATH=' + src.path : '') + - (src.targetRevision ? ', REVISION=' + src.targetRevision : ''); - } else if (repoAppDetails.type === 'Kustomize') { - floatingTitle = - 'Source ' + - (ind + 1) + - ': TYPE=' + - repoAppDetails.type + - ', URL=' + - src.repoURL + - (repoAppDetails.path ? ', PATH=' + repoAppDetails.path : '') + - (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : ''); - } else if (repoAppDetails.type === 'Plugin') { - floatingTitle = - 'Source ' + - (ind + 1) + - ': TYPE=' + - repoAppDetails.type + - ', URL=' + - src.repoURL + - (repoAppDetails.path ? ', PATH=' + repoAppDetails.path : '') + - (src.targetRevision ? ', TARGET REVISION=' + src.targetRevision : ''); - } - return ( - { - const updatedSrc = input.spec.sources[ind]; - - function isDefined(item: any) { - return item !== null && item !== undefined; - } - function isDefinedWithVersion(item: any) { - return item !== null && item !== undefined && item.match(/:/); - } - - if (updatedSrc.helm && updatedSrc.helm.parameters) { - updatedSrc.helm.parameters = updatedSrc.helm.parameters.filter(isDefined); - } - if (updatedSrc.kustomize && updatedSrc.kustomize.images) { - updatedSrc.kustomize.images = updatedSrc.kustomize.images.filter(isDefinedWithVersion); - } - - let params = input.spec?.sources[ind]?.plugin?.parameters; - if (params) { - for (const param of params) { - if (param.map && param.array) { - // eslint-disable-next-line @typescript-eslint/ban-ts-comment - // @ts-ignore - param.map = param.array.reduce((acc, {name, value}) => { - // eslint-disable-next-line @typescript-eslint/ban-ts-comment - // @ts-ignore - acc[name] = value; - return acc; - }, {}); - delete param.array; - } - } - - params = params.filter(param => !appParamsDeletedState.includes(param.name)); - updatedSrc.plugin.parameters = params; - } - if (updatedSrc.helm && updatedSrc.helm.valuesObject) { - updatedSrc.helm.valuesObject = jsYaml.load(updatedSrc.helm.values); // Deserialize json - updatedSrc.helm.values = ''; - } - - await props.save(input, {}); - setRemovedOverrides(new Array()); - }) - } - valuesTop={(app?.spec?.sources && (repoAppDetails.plugin || app?.spec?.sources[ind]?.plugin) && cloneDeep(app)) || app} - valuesBottom={(app?.spec?.sources && (repoAppDetails.plugin || app?.spec?.sources[ind]?.plugin) && cloneDeep(app)) || app} - validateTop={updatedApp => { - const errors = [] as any; - const repoURL = updatedApp.spec.sources[ind].repoURL; - if (repoURL === null || repoURL.length === 0) { - errors['spec.sources[' + ind + '].repoURL'] = 'The source repo URL cannot be empty'; - } else { - errors['spec.sources[' + ind + '].repoURL'] = null; - } - return errors; - }} - validateBottom={updatedApp => { - const errors = {} as any; - - for (const fieldPath of ['spec.sources[' + ind + '].directory.jsonnet.tlas', 'spec.sources[' + ind + '].directory.jsonnet.extVars']) { - const invalid = ((getNestedField(updatedApp, fieldPath) || []) as Array).filter(item => !item.name && !item.code); - errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; - } - - if (updatedApp.spec.sources[ind].helm?.values) { - const parsedValues = jsYaml.load(updatedApp.spec.sources[ind].helm.values); - errors['spec.sources[' + ind + '].helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; - } - return errors; - }} - onModeSwitch={ - repoAppDetails.plugin && - (() => { - setAppParamsDeletedState([]); - }) - } - titleBottom={repoAppDetails.type.toLocaleUpperCase()} - titleTop={'SOURCE ' + (ind + 1)} - floatingTitle={floatingTitle ? floatingTitle : null} - itemsBottom={lowerPanel as EditablePanelItem[]} - itemsTop={upperPanel as EditablePanelItem[]} - noReadonlyMode={props.noReadonlyMode} - collapsible={collapsible} - /> - ); - } -}; - -function gatherCoreSourceDetails(i: number, attributes: EditablePanelItem[], source: models.ApplicationSource, app: models.Application): EditablePanelItem[] { - const hasMultipleSources = app.spec.sources && app.spec.sources.length > 0; - // eslint-disable-next-line no-prototype-builtins - const isHelm = source.hasOwnProperty('chart'); - const repoUrlField = 'spec.sources[' + i + '].repoURL'; - const sourcesPathField = 'spec.sources[' + i + '].path'; - const refField = 'spec.sources[' + i + '].ref'; - const chartField = 'spec.sources[' + i + '].chart'; - const revisionField = 'spec.sources[' + i + '].targetRevision'; - // For single source apps using the source field, these fields are shown in the Summary tab. - if (hasMultipleSources) { - attributes.push({ - title: 'REPO URL', - view: , - edit: (formApi: FormApi) => - }); - if (isHelm) { - attributes.push({ - title: 'CHART', - view: ( - - {source.chart}:{source.targetRevision} - - ), - edit: (formApi: FormApi) => ( - services.repos.charts(src.repoURL).catch(() => new Array())}> - {(charts: models.HelmChart[]) => ( -
    -
    - chart.name), - filterSuggestions: true - }} - /> -
    - { - const chartInfo = data.charts.find(chart => chart.name === data.chart); - return (chartInfo && chartInfo.versions) || new Array(); - }}> - {(versions: string[]) => ( -
    - - -
    - )} -     -
    - )} -     - ) - }); - } else { - attributes.push({ - title: 'TARGET REVISION', - view: , - edit: (formApi: FormApi) => - }); - attributes.push({ - title: 'PATH', - view: ( - - {processPath(source.path)} - - ), - edit: (formApi: FormApi) => - }); - attributes.push({ - title: 'REF', - view: {source.ref}, - edit: (formApi: FormApi) => - }); - } - } - return attributes; -} + let attributes: EditablePanelItem[] = []; + const isValuesObject = source?.helm?.valuesObject; + const helmValues = isValuesObject ? jsYaml.safeDump(source.helm.valuesObject) : source?.helm?.values; + const [appParamsDeletedState, setAppParamsDeletedState] = React.useState([]); -function gatherDetails( - ind: number, - repoDetails: models.RepoAppDetails, - attributes: EditablePanelItem[], - source: models.ApplicationSource, - app: models.Application, - setRemovedOverrides: any, - removedOverrides: any, - appParamsDeletedState: any[], - setAppParamsDeletedState: any, - isMultiSource: boolean -): EditablePanelItem[] { - if (repoDetails.type === 'Kustomize' && repoDetails.kustomize) { + if (props.details.type === 'Kustomize' && props.details.kustomize) { attributes.push({ title: 'VERSION', view: (source.kustomize && source.kustomize.version) || default, @@ -600,12 +143,7 @@ function gatherDetails( services.authService.settings()}> {settings => ((settings.kustomizeVersions || []).length > 0 && ( - + )) || default } @@ -615,28 +153,22 @@ function gatherDetails( attributes.push({ title: 'NAME PREFIX', view: source.kustomize && source.kustomize.namePrefix, - edit: (formApi: FormApi) => ( - - ) + edit: (formApi: FormApi) => }); attributes.push({ title: 'NAME SUFFIX', view: source.kustomize && source.kustomize.nameSuffix, - edit: (formApi: FormApi) => ( - - ) + edit: (formApi: FormApi) => }); attributes.push({ title: 'NAMESPACE', - view: source.kustomize && source.kustomize.namespace, - edit: (formApi: FormApi) => ( - - ) + view: app.spec.source.kustomize && app.spec.source.kustomize.namespace, + edit: (formApi: FormApi) => }); - const srcImages = ((repoDetails && repoDetails.kustomize && repoDetails.kustomize.images) || []).map(val => kustomize.parse(val)); + const srcImages = ((props.details && props.details.kustomize && props.details.kustomize.images) || []).map(val => kustomize.parse(val)); const images = ((source.kustomize && source.kustomize.images) || []).map(val => kustomize.parse(val)); if (srcImages.length > 0) { @@ -650,7 +182,7 @@ function gatherDetails( getParamsEditableItems( app, 'IMAGES', - isMultiSource ? 'spec.sources[' + ind + '].kustomize.images' : 'spec.source.kustomize.images', + 'spec.source.kustomize.images', removedOverrides, setRemovedOverrides, distinct(imagesByName.keys(), overridesByName.keys()).map(name => { @@ -667,19 +199,17 @@ function gatherDetails( ) ); } - } else if (repoDetails.type === 'Helm' && repoDetails.helm) { - const isValuesObject = source?.helm?.valuesObject; - const helmValues = isValuesObject ? jsYaml.dump(source.helm.valuesObject) : source?.helm?.values; + } else if (props.details.type === 'Helm' && props.details.helm) { attributes.push({ title: 'VALUES FILES', view: (source.helm && (source.helm.valueFiles || []).join(', ')) || 'No values files selected', edit: (formApi: FormApi) => ( @@ -701,21 +231,21 @@ function gatherDetails( return ( 
    -                            
+
    ); } }); const paramsByName = new Map(); - (repoDetails.helm.parameters || []).forEach(param => paramsByName.set(param.name, param)); + (props.details.helm.parameters || []).forEach(param => paramsByName.set(param.name, param)); const overridesByName = new Map(); ((source.helm && source.helm.parameters) || []).forEach((override, i) => overridesByName.set(override.name, i)); attributes = attributes.concat( getParamsEditableItems( app, 'PARAMETERS', - isMultiSource ? 'spec.sources[' + ind + '].helm.parameters' : 'spec.source.helm.parameters', + 'spec.source.helm.parameters', removedOverrides, setRemovedOverrides, distinct(paramsByName.keys(), overridesByName.keys()).map(name => { @@ -731,14 +261,14 @@ function gatherDetails( ) ); const fileParamsByName = new Map(); - (repoDetails.helm.fileParameters || []).forEach(param => fileParamsByName.set(param.name, param)); + (props.details.helm.fileParameters || []).forEach(param => fileParamsByName.set(param.name, param)); const fileOverridesByName = new Map(); ((source.helm && source.helm.fileParameters) || []).forEach((override, i) => fileOverridesByName.set(override.name, i)); attributes = attributes.concat( getParamsEditableItems( app, 'PARAMETERS', - isMultiSource ? 'spec.sources[' + ind + '].helm.parameters' : 'spec.source.helm.parameters', + 'spec.source.helm.parameters', removedOverrides, setRemovedOverrides, distinct(fileParamsByName.keys(), fileOverridesByName.keys()).map(name => { @@ -753,19 +283,14 @@ function gatherDetails( }) ) ); - } else if (repoDetails.type === 'Plugin') { + } else if (props.details.type === 'Plugin') { attributes.push({ title: 'NAME', view:
    {ValueEditor(app.spec.source?.plugin?.name, null)}
    , edit: (formApi: FormApi) => ( services.authService.plugins()}> {(plugins: Plugin[]) => ( - p.name)}} - /> + p.name)}} /> )} ) @@ -781,13 +306,11 @@ function gatherDetails( ))}
    ), - edit: (formApi: FormApi) => ( - - ) + edit: (formApi: FormApi) => }); const parametersSet = new Set(); - if (repoDetails?.plugin?.parametersAnnouncement) { - for (const announcement of repoDetails.plugin.parametersAnnouncement) { + if (props.details?.plugin?.parametersAnnouncement) { + for (const announcement of props.details.plugin.parametersAnnouncement) { parametersSet.add(announcement.name); } } @@ -801,7 +324,7 @@ function gatherDetails( parametersSet.delete(key); } parametersSet.forEach(name => { - const announcement = repoDetails.plugin.parametersAnnouncement?.find(param => param.name === name); + const announcement = props.details.plugin.parametersAnnouncement?.find(param => param.name === name); const liveParam = app.spec.source?.plugin?.parameters?.find(param => param.name === name); const pluginIcon = announcement && liveParam ? 'This parameter has been provided by plugin, but is overridden in application manifest.' : 'This parameter is provided by the plugin.'; @@ -835,7 +358,7 @@ function gatherDetails( ), edit: (formApi: FormApi) => ( ( ( + edit: (formApi: FormApi) => }); attributes.push({ title: 'TOP-LEVEL ARGUMENTS', @@ -942,13 +464,7 @@ function gatherDetails( {i.name}='{i.value}' {i.code && 'code'} )), - edit: (formApi: FormApi) => ( - - ) + edit: (formApi: FormApi) => }); attributes.push({ title: 'EXTERNAL VARIABLES', @@ -957,51 +473,94 @@ function gatherDetails( {i.name}='{i.value}' {i.code && 'code'} )), - edit: (formApi: FormApi) => ( - - ) + edit: (formApi: FormApi) => }); attributes.push({ title: 'INCLUDE', view: directory && directory.include, - edit: (formApi: FormApi) => ( - - ) + edit: (formApi: FormApi) => }); attributes.push({ title: 'EXCLUDE', view: directory && directory.exclude, - edit: (formApi: FormApi) => ( - - ) + edit: (formApi: FormApi) => }); } - return attributes; -} -// For Sources field. Get one source with index i from the list -async function getSourceFromAppSources(aSource: models.ApplicationSource, name: string, project: string, index: number, version: number) { - const repoDetail = await services.repos.appDetails(aSource, name, project, index, version).catch(() => ({ - type: 'Directory' as models.AppSourceType, - path: aSource.path - })); - return repoDetail; -} + return ( + { + const src = getAppDefaultSource(input); -// Delete when source field is removed -async function getSingleSource(app: models.Application) { - if (app.spec.source) { - const repoDetail = await services.repos.appDetails(getAppDefaultSource(app), app.metadata.name, app.spec.project, 0, 0).catch(() => ({ - type: 'Directory' as models.AppSourceType, - path: getAppDefaultSource(app).path - })); - return repoDetail; - } - return null; -} + function isDefined(item: any) { + return item !== null && item !== undefined; + } + function isDefinedWithVersion(item: any) { + return item !== null && item !== undefined && item.match(/:/); + } + + if (src.helm && src.helm.parameters) { + src.helm.parameters = src.helm.parameters.filter(isDefined); + } + if (src.kustomize && src.kustomize.images) { + src.kustomize.images = src.kustomize.images.filter(isDefinedWithVersion); + } + + let params = input.spec?.source?.plugin?.parameters; + if (params) { + for (const param of params) { + if (param.map && param.array) { + // @ts-ignore + param.map = param.array.reduce((acc, {name, value}) => { + // @ts-ignore + acc[name] = value; + return acc; + }, {}); + delete param.array; + } + } + + params = params.filter(param => !appParamsDeletedState.includes(param.name)); + input.spec.source.plugin.parameters = params; + } + if (input.spec.source.helm && input.spec.source.helm.valuesObject) { + input.spec.source.helm.valuesObject = jsYaml.safeLoad(input.spec.source.helm.values); // Deserialize json + input.spec.source.helm.values = ''; + } + await props.save(input, {}); + setRemovedOverrides(new Array()); + }) + } + values={((props.details.plugin || app?.spec?.source?.plugin) && cloneDeep(app)) || app} + validate={updatedApp => { + const errors = {} as any; + + for (const fieldPath of ['spec.source.directory.jsonnet.tlas', 'spec.source.directory.jsonnet.extVars']) { + const invalid = ((getNestedField(updatedApp, fieldPath) || []) as Array).filter(item => !item.name && !item.code); + errors[fieldPath] = invalid.length > 0 ? 'All fields must have name' : null; + } + + if (updatedApp.spec.source.helm && updatedApp.spec.source.helm.values) { + const parsedValues = jsYaml.safeLoad(updatedApp.spec.source.helm.values); + errors['spec.source.helm.values'] = typeof parsedValues === 'object' ? null : 'Values must be a map'; + } + + return errors; + }} + onModeSwitch={ + props.details.plugin && + (() => { + setAppParamsDeletedState([]); + }) + } + title={props.details.type.toLocaleUpperCase()} + items={attributes} + noReadonlyMode={props.noReadonlyMode} + hasMultipleSources={app.spec.sources && app.spec.sources.length > 0} + /> + ); +}; diff --git a/ui/src/app/applications/components/application-parameters/kustomize-image.test.ts b/ui/src/app/applications/components/application-parameters/kustomize-image.test.ts index 75106fc301513..471228d780523 100644 --- a/ui/src/app/applications/components/application-parameters/kustomize-image.test.ts +++ b/ui/src/app/applications/components/application-parameters/kustomize-image.test.ts @@ -1,4 +1,4 @@ -import {format, parse} from './kustomize-image'; +import { format, parse } from './kustomize-image'; test('parse image version override', () => { const image = parse('foo/bar:v1.0.0'); @@ -8,7 +8,7 @@ test('parse image version override', () => { }); test('format image version override', () => { - const formatted = format({name: 'foo/bar', newTag: 'v1.0.0'}); + const formatted = format({ name: 'foo/bar', newTag: 'v1.0.0' }); expect(formatted).toBe('foo/bar:v1.0.0'); }); @@ -21,7 +21,7 @@ test('parse image name override', () => { }); test('format image name override', () => { - const formatted = format({name: 'foo/bar', newTag: 'v1.0.0', newName: 'foo/bar1'}); + const formatted = format({ name: 'foo/bar', newTag: 'v1.0.0', newName: 'foo/bar1' }); expect(formatted).toBe('foo/bar=foo/bar1:v1.0.0'); }); @@ -33,6 +33,6 @@ test('parse image digest override', () => { }); test('format image digest override', () => { - const formatted = format({name: 'foo/bar', digest: 'sha:123'}); + const formatted = format({ name: 'foo/bar', digest: 'sha:123' }); expect(formatted).toBe('foo/bar@sha:123'); }); diff --git a/ui/src/app/applications/components/application-pod-view/pod-view.tsx b/ui/src/app/applications/components/application-pod-view/pod-view.tsx index caba162b82eba..2c1bb54770abf 100644 --- a/ui/src/app/applications/components/application-pod-view/pod-view.tsx +++ b/ui/src/app/applications/components/application-pod-view/pod-view.tsx @@ -11,7 +11,7 @@ import {PodViewPreferences, services, ViewPreferences} from '../../../shared/ser import {ResourceTreeNode} from '../application-resource-tree/application-resource-tree'; import {ResourceIcon} from '../resource-icon'; import {ResourceLabel} from '../resource-label'; -import {ComparisonStatusIcon, isYoungerThanXMinutes, HealthStatusIcon, nodeKey, PodHealthIcon} from '../utils'; +import {ComparisonStatusIcon, isYoungerThanXMinutes, HealthStatusIcon, nodeKey, PodHealthIcon, deletePodAction} from '../utils'; import './pod-view.scss'; import {PodTooltip} from './pod-tooltip'; @@ -145,7 +145,9 @@ export class PodView extends React.Component {
    ) : null} - {group.info?.map(infoItem =>
    {infoItem.value}
    )} + {group.info?.map(infoItem => ( +
    {infoItem.value}
    + ))}
    )}
    @@ -157,43 +159,83 @@ export class PodView extends React.Component { )}
    - {group.pods.map( - pod => - this.props.nodeMenu && ( - ( - } - popperOptions={{ - modifiers: { - preventOverflow: { - enabled: true - }, - hide: { - enabled: false - }, - flip: { - enabled: false - } - } - }} - key={pod.metadata.name}> -
    - {isYoungerThanXMinutes(pod, 30) && ( - - )} -
    - -
    -
    -     - )}> - {() => this.props.nodeMenu(pod)} -     - ) - )} + {group.pods.map(pod => ( + ( + } + popperOptions={{ + modifiers: { + preventOverflow: { + enabled: true + }, + hide: { + enabled: false + }, + flip: { + enabled: false + } + } + }} + key={pod.metadata.name}> +
    + {isYoungerThanXMinutes(pod, 30) && ( + + )} +
    + +
    +
    +     + )} + items={[ + { + title: ( + + Info + + ), + action: () => this.props.onItemClick(pod.fullName) + }, + { + title: ( + + Logs + + ), + action: () => { + this.appContext.apis.navigation.goto('.', {node: pod.fullName, tab: 'logs'}, {replace: true}); + } + }, + { + title: ( + + Exec + + ), + action: () => { + this.appContext.apis.navigation.goto('.', {node: pod.fullName, tab: 'exec'}, {replace: true}); + } + }, + { + title: ( + + Delete + + ), + action: () => { + deletePodAction( + pod, + this.appContext, + this.props.app.metadata.name, + this.props.app.metadata.namespace + ); + } + } + ]} + /> + ))}
    PODS
    {(podPrefs.sortMode === 'parentResource' || podPrefs.sortMode === 'topLevelResource') && ( diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.test.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.test.tsx index 45a7797aa9a0f..d9918fb28523d 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.test.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.test.tsx @@ -1,109 +1,93 @@ -import {compareNodes, describeNode, ResourceTreeNode} from './application-resource-tree'; +import {compareNodes, describeNode, ResourceTreeNode} from "./application-resource-tree"; -test('describeNode.NoImages', () => { - expect( - describeNode({ - kind: 'my-kind', - name: 'my-name', - namespace: 'my-ns', - } as ResourceTreeNode), - ).toBe(`Kind: my-kind +test("describeNode.NoImages", () => { + expect(describeNode({ + kind: "my-kind", + name: "my-name", + namespace: "my-ns", + } as ResourceTreeNode)).toBe(`Kind: my-kind Namespace: my-ns -Name: my-name`); +Name: my-name`) }); -test('describeNode.Images', () => { - expect( - describeNode({ - kind: 'my-kind', - name: 'my-name', - namespace: 'my-ns', - images: ['my-image:v1'], - } as ResourceTreeNode), - ).toBe(`Kind: my-kind +test("describeNode.Images", () => { + expect(describeNode({ + kind: "my-kind", + name: "my-name", + namespace: "my-ns", + images: ['my-image:v1'], + } as ResourceTreeNode)).toBe(`Kind: my-kind Namespace: my-ns Name: my-name Images: -- my-image:v1`); +- my-image:v1`) }); -test('compareNodes', () => { +test("compareNodes", () => { const nodes = [ - { - resourceVersion: '1', - name: 'a', - info: [ - { - name: 'Revision', - value: 'Rev:1', - }, - ], - } as ResourceTreeNode, - { - orphaned: false, - resourceVersion: '1', - name: 'a', - info: [ - { - name: 'Revision', - value: 'Rev:1', - }, - ], - } as ResourceTreeNode, - { - orphaned: false, - resourceVersion: '1', - name: 'b', - info: [ - { - name: 'Revision', - value: 'Rev:1', - }, - ], - } as ResourceTreeNode, - { - orphaned: false, - resourceVersion: '2', - name: 'a', - info: [ - { - name: 'Revision', - value: 'Rev:2', - }, - ], - } as ResourceTreeNode, - { - orphaned: false, - resourceVersion: '2', - name: 'b', - info: [ - { - name: 'Revision', - value: 'Rev:2', - }, - ], - } as ResourceTreeNode, - { - orphaned: true, - resourceVersion: '1', - name: 'a', - info: [ - { - name: 'Revision', - value: 'Rev:1', - }, - ], - } as ResourceTreeNode, + { + resourceVersion: "1", + name: "a", + info: [{ + "name": "Revision", + "value": "Rev:1" + }], + } as ResourceTreeNode, + { + orphaned: false, + resourceVersion: "1", + name: "a", + info: [{ + "name": "Revision", + "value": "Rev:1" + }], + } as ResourceTreeNode, + { + orphaned: false, + resourceVersion: "1", + name: "b", + info: [{ + "name": "Revision", + "value": "Rev:1" + }], + } as ResourceTreeNode, + { + orphaned: false, + resourceVersion: "2", + name: "a", + info: [{ + "name": "Revision", + "value": "Rev:2" + }], + } as ResourceTreeNode, + { + orphaned: false, + resourceVersion: "2", + name: "b", + info: [{ + "name": "Revision", + "value": "Rev:2" + }], + } as ResourceTreeNode, + { + orphaned: true, + resourceVersion: "1", + name: "a", + info: [{ + "name": "Revision", + "value": "Rev:1" + }], + } as ResourceTreeNode, ]; - expect(compareNodes(nodes[0], nodes[1])).toBe(0); - expect(compareNodes(nodes[2], nodes[1])).toBe(1); - expect(compareNodes(nodes[1], nodes[2])).toBe(-1); - expect(compareNodes(nodes[3], nodes[2])).toBe(-1); - expect(compareNodes(nodes[2], nodes[3])).toBe(1); - expect(compareNodes(nodes[4], nodes[3])).toBe(1); - expect(compareNodes(nodes[3], nodes[4])).toBe(-1); - expect(compareNodes(nodes[5], nodes[4])).toBe(1); - expect(compareNodes(nodes[4], nodes[5])).toBe(-1); - expect(compareNodes(nodes[0], nodes[4])).toBe(-1); - expect(compareNodes(nodes[4], nodes[0])).toBe(1); + expect(compareNodes(nodes[0], nodes[1])).toBe(0) + expect(compareNodes(nodes[2], nodes[1])).toBe(1) + expect(compareNodes(nodes[1], nodes[2])).toBe(-1) + expect(compareNodes(nodes[3], nodes[2])).toBe(-1) + expect(compareNodes(nodes[2], nodes[3])).toBe(1) + expect(compareNodes(nodes[4], nodes[3])).toBe(1) + expect(compareNodes(nodes[3], nodes[4])).toBe(-1) + expect(compareNodes(nodes[5], nodes[4])).toBe(1) + expect(compareNodes(nodes[4], nodes[5])).toBe(-1) + expect(compareNodes(nodes[0], nodes[4])).toBe(-1) + expect(compareNodes(nodes[4], nodes[0])).toBe(1) }); diff --git a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx index 0e1cfb9a00783..06ba5e331e041 100644 --- a/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx +++ b/ui/src/app/applications/components/application-resource-tree/application-resource-tree.tsx @@ -1,4 +1,4 @@ -import {DropDown, Tooltip} from 'argo-ui'; +import {DropDown, DropDownMenu, Tooltip} from 'argo-ui'; import * as classNames from 'classnames'; import * as dagre from 'dagre'; import * as React from 'react'; @@ -15,6 +15,7 @@ import {ResourceLabel} from '../resource-label'; import { BASE_COLORS, ComparisonStatusIcon, + deletePodAction, getAppOverridesCount, HealthStatusIcon, isAppNode, @@ -93,7 +94,15 @@ const NODE_TYPES = { podGroup: 'pod_group' }; // generate lots of colors with different darkness -const TRAFFIC_COLORS = [0, 0.25, 0.4, 0.6].map(darken => BASE_COLORS.map(item => color(item).darken(darken).hex())).reduce((first, second) => first.concat(second), []); +const TRAFFIC_COLORS = [0, 0.25, 0.4, 0.6] + .map(darken => + BASE_COLORS.map(item => + color(item) + .darken(darken) + .hex() + ) + ) + .reduce((first, second) => first.concat(second), []); function getGraphSize(nodes: dagre.Node[]): {width: number; height: number} { let width = 0; @@ -591,58 +600,83 @@ function renderPodGroupByStatus(props: ApplicationResourceTreeProps, node: any,
    ) : ( - pods.map( - pod => - props.nodeMenu && ( - ( - - {pod.metadata.name} -
    Health: {pod.health}
    - {pod.createdAt && ( - - Created: - - {pod.createdAt} - - ago ({{pod.createdAt}}) - - )} -
    + pods.map(pod => ( + ( + + {pod.metadata.name} +
    Health: {pod.health}
    + {pod.createdAt && ( + + Created: + + {pod.createdAt} + + ago ({{pod.createdAt}}) + + )} +
    + } + popperOptions={{ + modifiers: { + preventOverflow: { + enabled: true + }, + hide: { + enabled: false + }, + flip: { + enabled: false } - popperOptions={{ - modifiers: { - preventOverflow: { - enabled: true - }, - hide: { - enabled: false - }, - flip: { - enabled: false - } - } - }} - key={pod.metadata.name}> -
    - {isYoungerThanXMinutes(pod, 30) && ( - - )} -
    - -
    -
    - - )}> - {() => props.nodeMenu(pod)} - - ) - ) + } + }} + key={pod.metadata.name}> +
    + {isYoungerThanXMinutes(pod, 30) && ( + + )} +
    + +
    +
    + + )} + items={[ + { + title: ( + + Info + + ), + action: () => props.onNodeClick(pod.fullName) + }, + { + title: ( + + Logs + + ), + action: () => { + props.appContext.apis.navigation.goto('.', {node: pod.fullName, tab: 'logs'}, {replace: true}); + } + }, + { + title: ( + + Delete + + ), + action: () => { + deletePodAction(pod, props.appContext, props.app.metadata.name, props.app.metadata.namespace); + } + } + ]} + /> + )) )}
    ); @@ -858,8 +892,7 @@ export const ApplicationResourceTree = (props: ApplicationResourceTreeProps) => resourceVersion: props.app.metadata.resourceVersion, group: 'argoproj.io', version: '', - // @ts-expect-error its not any - children: [], + children: Array(), status: props.app.status.sync.status, health: props.app.status.health, uid: props.app.kind + '-' + props.app.metadata.namespace + '-' + props.app.metadata.name, @@ -1002,7 +1035,7 @@ export const ApplicationResourceTree = (props: ApplicationResourceTreeProps) => const loadBalancers = root.networkingInfo.ingress.map(ingress => ingress.hostname || ingress.ip); const colorByService = new Map(); (childrenByParentKey.get(treeNodeKey(root)) || []).forEach((child, i) => colorByService.set(treeNodeKey(child), TRAFFIC_COLORS[i % TRAFFIC_COLORS.length])); - (childrenByParentKey.get(treeNodeKey(root)) || []).sort(compareNodes).forEach(child => { + (childrenByParentKey.get(treeNodeKey(root)) || []).sort(compareNodes).forEach((child, i) => { processNode(child, root, [colorByService.get(treeNodeKey(child))]); }); if (root.podGroup && props.showCompactNodes) { diff --git a/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx b/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx index f21dbe326fa41..18eb941981a37 100644 --- a/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx +++ b/ui/src/app/applications/components/application-resources-diff/application-resources-diff.tsx @@ -20,8 +20,8 @@ export const ApplicationResourcesDiff = (props: ApplicationResourcesDiffProps) = const diffText = props.states .map(state => { return { - a: state.normalizedLiveState ? jsYaml.dump(state.normalizedLiveState, {indent: 2}) : '', - b: state.predictedLiveState ? jsYaml.dump(state.predictedLiveState, {indent: 2}) : '', + a: state.normalizedLiveState ? jsYaml.safeDump(state.normalizedLiveState, {indent: 2}) : '', + b: state.predictedLiveState ? jsYaml.safeDump(state.predictedLiveState, {indent: 2}) : '', hook: state.hook, // doubles as sort order name: (state.group || '') + '/' + state.kind + '/' + (state.namespace ? state.namespace + '/' : '') + state.name diff --git a/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx b/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx index c9e6f9265f208..48b72de19551e 100644 --- a/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx +++ b/ui/src/app/applications/components/application-retry-options/application-retry-options.tsx @@ -1,4 +1,3 @@ -/* eslint-disable no-prototype-builtins */ import * as React from 'react'; import {FormApi, NestedForm, Text, Form} from 'react-form'; import {Checkbox, FormField} from 'argo-ui'; @@ -8,7 +7,6 @@ import * as models from '../../../shared/models'; import './application-retry-options.scss'; -// eslint-disable-next-line no-useless-escape const durationRegex = /^([\d\.]+[HMS])+$/i; const durationRegexError = 'Should be 1h10m10s/10h10m/10m/10s'; diff --git a/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx b/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx index 0baeca32ce6ee..a97d9d5b98609 100644 --- a/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx +++ b/ui/src/app/applications/components/application-retry-view/application-retry-view.tsx @@ -21,6 +21,6 @@ const retryOptionsView: Array<(initData: models.RetryStrategy) => React.ReactNod ]; export const ApplicationRetryView = ({initValues}: {initValues?: models.RetryStrategy}) => { - const result = !initValues ? 'Retry disabled' : retryOptionsView.map(render => render(initValues)); + const result = !initValues ? 'Retry disabled' : retryOptionsView.map((render, i) => render(initValues)); return
    {result}
    ; }; diff --git a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx index 643e24034d54a..956e8c679bf20 100644 --- a/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/application-status-panel.tsx @@ -5,10 +5,9 @@ import {Revision} from '../../../shared/components/revision'; import {Timestamp} from '../../../shared/components/timestamp'; import * as models from '../../../shared/models'; import {services} from '../../../shared/services'; -import {ApplicationSyncWindowStatusIcon, ComparisonStatusIcon, getAppDefaultSource, getAppDefaultSyncRevisionExtra, getAppOperationState} from '../utils'; -import {getConditionCategory, HealthStatusIcon, OperationState, syncStatusMessage, getAppDefaultSyncRevision, getAppDefaultOperationSyncRevision} from '../utils'; +import {ApplicationSyncWindowStatusIcon, ComparisonStatusIcon, getAppDefaultSource, getAppOperationState} from '../utils'; +import {getConditionCategory, HealthStatusIcon, OperationState, syncStatusMessage, helpTip} from '../utils'; import {RevisionMetadataPanel} from './revision-metadata-panel'; -import * as utils from '../utils'; import './application-status-panel.scss'; @@ -33,12 +32,13 @@ const sectionLabel = (info: SectionInfo) => ( ); -const sectionHeader = (info: SectionInfo, onClick?: () => any) => { +const sectionHeader = (info: SectionInfo, hasMultipleSources: boolean, onClick?: () => any) => { return (
    {sectionLabel(info)} {onClick && ( - )} @@ -66,13 +66,11 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh const statusExtensions = services.extensions.getStatusPanelExtensions(); - const revision = getAppDefaultSyncRevision(application); - const operationStateRevision = getAppDefaultOperationSyncRevision(application); const infos = cntByCategory.get('info'); const warnings = cntByCategory.get('warning'); const errors = cntByCategory.get('error'); const source = getAppDefaultSource(application); - const hasMultipleSources = application.spec.sources?.length > 0; + const hasMultipleSources = application.spec.sources && application.spec.sources.length > 0; return (
    @@ -91,7 +89,8 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh title: 'SYNC STATUS', helpContent: 'Whether or not the version of your app is up to date with your repo. You may wish to sync your app if it is out-of-sync.' }, - () => showMetadataInfo(application.status.sync ? 'SYNC_STATUS_REVISION' : null) + hasMultipleSources, + () => showMetadataInfo(application.status.sync ? application.status.sync.revision : '') )}
    @@ -112,14 +111,13 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh application.status.sync && (hasMultipleSources ? application.status.sync.revisions && application.status.sync.revisions[0] && application.spec.sources && !application.spec.sources[0].chart - : application.status.sync.revision && !application.spec.source.chart) && ( + : application.status.sync.revision && !application.spec.source?.chart) && (
    )} @@ -136,33 +134,29 @@ export const ApplicationStatusPanel = ({application, showDiff, showOperation, sh daysSinceLastSynchronized + ' days since last sync. Click for the status of that sync.' }, - () => - showMetadataInfo( - appOperationState.syncResult && (appOperationState.syncResult.revisions || appOperationState.syncResult.revision) - ? 'OPERATION_STATE_REVISION' - : null - ) + hasMultipleSources, + () => showMetadataInfo(appOperationState.syncResult ? appOperationState.syncResult.revision : '') )}
    showOperation && showOperation()}> {' '} - {appOperationState.syncResult && (appOperationState.syncResult.revision || appOperationState.syncResult.revisions) && ( + {appOperationState.syncResult && appOperationState.syncResult.revision && (
    - to {getAppDefaultSyncRevisionExtra(application)} + to
    )}
    +
    {appOperationState.phase}
    - {(appOperationState.syncResult && operationStateRevision && ( + {(appOperationState.syncResult && appOperationState.syncResult.revision && ( )) ||
    {appOperationState.message}
    } diff --git a/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx b/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx index 085958d0f1cf5..fea9a0c8e2c4b 100644 --- a/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx +++ b/ui/src/app/applications/components/application-status-panel/revision-metadata-panel.tsx @@ -3,12 +3,12 @@ import * as React from 'react'; import {Timestamp} from '../../../shared/components/timestamp'; import {services} from '../../../shared/services'; -export const RevisionMetadataPanel = (props: {appName: string; appNamespace: string; type: string; revision: string; versionId: number}) => { +export const RevisionMetadataPanel = (props: {appName: string; appNamespace: string; type: string; revision: string}) => { if (props.type === 'helm') { return ; } return ( - services.applications.revisionMetadata(props.appName, props.appNamespace, props.revision, 0, props.versionId)} errorRenderer={() =>
    }> + services.applications.revisionMetadata(props.appName, props.appNamespace, props.revision)} errorRenderer={() =>
    }> {m => ( { title: 'CREATED AT', view: formatCreationTimestamp(app.metadata.creationTimestamp) }, - !hasMultipleSources && { + { title: 'REPO URL', view: , - edit: (formApi: FormApi) => + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('REPO URL is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + + ) }, - ...(!hasMultipleSources - ? isHelm - ? [ - { - title: 'CHART', - view: ( - - {source.chart}:{source.targetRevision} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - services.repos.charts(src.repoURL).catch(() => new Array())}> - {(charts: models.HelmChart[]) => ( -
    -
    - chart.name), - filterSuggestions: true - }} - /> -
    - { - const chartInfo = data.charts.find(chart => chart.name === data.chart); - return (chartInfo && chartInfo.versions) || new Array(); - }}> - {(versions: string[]) => ( -
    - - -
    - )} -     + ...(isHelm + ? [ + { + title: 'CHART', + view: ( + + {source.chart}:{source.targetRevision} + + ), + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('CHART is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + services.repos.charts(src.repoURL).catch(() => new Array())}> + {(charts: models.HelmChart[]) => ( +
    +
    + chart.name), + filterSuggestions: true + }} + />
    - )} - - ) - } - ] - : [ - { - title: 'TARGET REVISION', - view: , - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - }, - { - title: 'PATH', - view: ( - - {processPath(source.path)} - - ), - edit: (formApi: FormApi) => - hasMultipleSources ? ( - helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') - ) : ( - - ) - } - ] - : []), + { + const chartInfo = data.charts.find(chart => chart.name === data.chart); + return (chartInfo && chartInfo.versions) || new Array(); + }}> + {(versions: string[]) => ( +
    + + +
    + )} +     +
    + )} +     + ) + } + ] + : [ + { + title: 'TARGET REVISION', + view: , + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('TARGET REVISION is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + + ) + }, + { + title: 'PATH', + view: ( + + {processPath(source.path)} + + ), + edit: (formApi: FormApi) => + hasMultipleSources ? ( + helpTip('PATH is not editable for applications with multiple sources. You can edit them in the "Manifest" tab.') + ) : ( + + ) + } + ]), + { title: 'REVISION HISTORY LIMIT', view: app.spec.revisionHistoryLimit, edit: (formApi: FormApi) => (
    - +
    -
    - {urls - .map(item => item.split('|')) - .map((parts, i) => ( - - ))} -
    + {urls.map((url, i) => { + return ( + + {url.title}   + + ); + })} ) }); @@ -489,7 +493,6 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {
    This is a multi-source app, see the Sources tab for repository URLs and source-related information. : <>} validate={input => ({ 'spec.project': !input.spec.project && 'Project name is required', 'spec.destination.server': !input.spec.destination.server && input.spec.destination.hasOwnProperty('server') && 'Cluster server is required', @@ -506,7 +509,7 @@ export const ApplicationSummary = (props: ApplicationSummaryProps) => {

    SYNC POLICY

    -
    {(app.spec.syncPolicy && app.spec.syncPolicy.automated && AUTOMATED) || NONE}
    +
    {(app.spec.syncPolicy && app.spec.syncPolicy.automated && AUTOMATED) || MANUAL}
    {(app.spec.syncPolicy && app.spec.syncPolicy.automated && ( )} items={[ - { - title: 'Sync', - iconClassName: 'fa fa-fw fa-sync', - action: () => props.syncApplication(app.metadata.name, app.metadata.namespace) - }, - { - title: 'Refresh', - iconClassName: 'fa fa-fw fa-redo', - action: () => props.refreshApplication(app.metadata.name, app.metadata.namespace) - }, - { - title: 'Delete', - iconClassName: 'fa fa-fw fa-times-circle', - action: () => props.deleteApplication(app.metadata.name, app.metadata.namespace) - } + {title: 'Sync', action: () => props.syncApplication(app.metadata.name, app.metadata.namespace)}, + {title: 'Refresh', action: () => props.refreshApplication(app.metadata.name, app.metadata.namespace)}, + {title: 'Delete', action: () => props.deleteApplication(app.metadata.name, app.metadata.namespace)} ]} />
    diff --git a/ui/src/app/applications/components/label-selector.ts b/ui/src/app/applications/components/label-selector.ts index 7814e068052c8..86909ee0d116b 100644 --- a/ui/src/app/applications/components/label-selector.ts +++ b/ui/src/app/applications/components/label-selector.ts @@ -1,4 +1,3 @@ -/* eslint-disable no-prototype-builtins */ type operatorFn = (labels: {[name: string]: string}, key: string, values: string[]) => boolean; const operators: {[type: string]: operatorFn} = { diff --git a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.scss b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.scss index c2dd29f93cd40..9530d82dd1146 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.scss +++ b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.scss @@ -6,8 +6,14 @@ font-size: 14px; font-family: monospace; background-color: white; + @include themify($themes){ + background-color: themed('background-2'); + } padding: 0; color: black; + @include themify($themes){ + color: themed('text-2'); + } &--inverted { background-color: black; @@ -20,7 +26,6 @@ .argo-checkbox, .argo-checkbox input, .argo-checkbox input:focus { - appearance: none; outline: none !important; border: none !important; width: 12px; @@ -36,12 +41,6 @@ } } - .argo-field { - @include themify($themes){ - background-color: themed('background-2'); - } - } - margin-bottom: 1em; > * { @@ -246,4 +245,4 @@ code { .noscroll { -ms-overflow-style: none; /* IE and Edge */ scrollbar-width: none; /* Firefox */ -} +} \ No newline at end of file diff --git a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx index 719fb42b05cf4..18778e2b848b2 100644 --- a/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx +++ b/ui/src/app/applications/components/pod-logs-viewer/pod-logs-viewer.tsx @@ -39,7 +39,6 @@ export interface PodLogsProps { timestamp?: string; containerGroups?: any[]; onClickContainer?: (group: any, i: number, tab: string) => void; - fullscreen?: boolean; } // ansi colors, see https://en.wikipedia.org/wiki/ANSI_escape_code#Colors @@ -95,7 +94,6 @@ export const PodsLogsViewer = (props: PodLogsProps) => { useEffect(() => { // https://stackoverflow.com/questions/3561493/is-there-a-regexp-escape-function-in-javascript // matchNothing this is chosen instead of empty regexp, because that would match everything and break colored logs - // eslint-disable-next-line no-useless-escape setHighlight(filter === '' ? matchNothing : new RegExp(filter.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&'), 'g')); }, [filter]); diff --git a/ui/src/app/applications/components/resource-details/resource-details.tsx b/ui/src/app/applications/components/resource-details/resource-details.tsx index 8a5d1aef554bc..52d2fef184703 100644 --- a/ui/src/app/applications/components/resource-details/resource-details.tsx +++ b/ui/src/app/applications/components/resource-details/resource-details.tsx @@ -5,7 +5,7 @@ import {EventsList, YamlEditor} from '../../../shared/components'; import * as models from '../../../shared/models'; import {ErrorBoundary} from '../../../shared/components/error-boundary/error-boundary'; import {Context} from '../../../shared/context'; -import {Application, ApplicationTree, Event, ResourceNode, State, SyncStatuses} from '../../../shared/models'; +import {Application, ApplicationTree, AppSourceType, Event, RepoAppDetails, ResourceNode, State, SyncStatuses} from '../../../shared/models'; import {services} from '../../../shared/services'; import {ResourceTabExtension} from '../../../shared/services/extensions-service'; import {NodeInfo, SelectNode} from '../application-details/application-details'; @@ -40,13 +40,6 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { const tab = new URLSearchParams(appContext.history.location.search).get('tab'); const selectedNodeInfo = NodeInfo(new URLSearchParams(appContext.history.location.search).get('node')); const selectedNodeKey = selectedNodeInfo.key; - const [pageNumber, setPageNumber] = React.useState(0); - const [collapsedSources, setCollapsedSources] = React.useState(new Array()); // For Sources tab to save collapse states - const handleCollapse = (i: number, isCollapsed: boolean) => { - const v = collapsedSources.slice(); - v[i] = isCollapsed; - setCollapsedSources(v); - }; const getResourceTabs = ( node: ResourceNode, @@ -122,7 +115,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { } ]); } - if (selectedNode?.kind === 'Pod' && execEnabled && execAllowed) { + if (selectedNode.kind === 'Pod' && execEnabled && execAllowed) { tabs = tabs.concat([ { key: 'exec', @@ -168,17 +161,26 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { content: updateApp(app, query)} /> }, { - title: application.spec.sources === undefined ? 'PARAMETERS' : 'SOURCES', + title: 'PARAMETERS', key: 'parameters', content: ( - updateApp(app, query)} - application={application} - pageNumber={pageNumber} - setPageNumber={setPageNumber} - collapsedSources={collapsedSources} - handleCollapse={handleCollapse} - /> + + services.repos.appDetails(AppUtils.getAppDefaultSource(app), app.metadata.name, app.spec.project).catch(() => ({ + type: 'Directory' as AppSourceType, + path: AppUtils.getAppDefaultSource(app).path + })) + }> + {(details: RepoAppDetails) => ( + updateApp(app, query)} + application={application} + details={details} + /> + )} + ) }, { @@ -266,7 +268,6 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { }))) || []; let podState: State; - let childResources: models.ResourceNode[] = []; if (selectedNode.kind === 'Pod') { podState = liveState; } else { @@ -274,7 +275,6 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { if (childPod) { podState = await services.applications.getResource(application.metadata.name, application.metadata.namespace, childPod).catch(() => null); } - childResources = AppUtils.findChildResources(selectedNode, tree); } const settings = await services.authService.settings(); @@ -282,7 +282,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { const logsAllowed = await services.accounts.canI('logs', 'get', application.spec.project + '/' + application.metadata.name); const execAllowed = execEnabled && (await services.accounts.canI('exec', 'create', application.spec.project + '/' + application.metadata.name)); const links = await services.applications.getResourceLinks(application.metadata.name, application.metadata.namespace, selectedNode).catch(() => null); - return {controlledState, liveState, events, podState, execEnabled, execAllowed, logsAllowed, links, childResources}; + return {controlledState, liveState, events, podState, execEnabled, execAllowed, logsAllowed, links}; }}> {data => ( @@ -307,7 +307,7 @@ export const ResourceDetails = (props: ResourceDetailsProps) => { SYNC + )} + {this.state.edit && ( + + {' '} - )} - {this.state.edit && ( - - {' '} - + + )} +
    + )} + {this.props.title &&

    {this.props.title}

    } + {(!this.state.edit && ( + + {this.props.view} + {this.props.items + .filter(item => item.view) + .map(item => ( + + {item.before} +
    +
    {item.customTitle || item.title}
    +
    {item.view}
    +
    - )} -
    - )} - {this.props.collapsible && ( - -
    - { - this.setState({collapsed: !this.state.collapsed}); - }} - /> -
    -     - )} - {this.props.title &&

    {this.props.title}

    } - {(!this.state.edit && ( - - {this.props.view} - {this.props.items - .filter(item => item.view) - .map(item => ( + ))} + + )) || ( +
    (this.formApi = api)} + formDidUpdate={async form => { + if (this.props.noReadonlyMode && this.props.save) { + await this.props.save(form.values as any, {}); + } + }} + onSubmit={async input => { + try { + this.setState({saving: true}); + await this.props.save(input as any, {}); + this.setState({edit: false, saving: false}); + this.onModeSwitch(); + } catch (e) { + ctx.notifications.show({ + content: , + type: NotificationType.Error + }); + } finally { + this.setState({saving: false}); + } + }} + defaultValues={this.props.values} + validateError={this.props.validate}> + {api => ( + + {this.props.edit && this.props.edit(api)} + {this.props.items.map(item => ( {item.before}
    -
    {item.customTitle || item.title}
    -
    {item.view}
    +
    {(item.titleEdit && item.titleEdit(api)) || item.customTitle || item.title}
    +
    {(item.edit && item.edit(api)) || item.view}
     ))} -     - )) || ( - (this.formApi = api)} - formDidUpdate={async form => { - if (this.props.noReadonlyMode && this.props.save) { - await this.props.save(form.values as any, {}); - } - }} - onSubmit={async input => { - try { - this.setState({saving: true}); - await this.props.save(input as any, {}); - this.setState({edit: false, saving: false}); - this.onModeSwitch(); - } catch (e) { - ctx.notifications.show({ - content: , - type: NotificationType.Error - }); - } finally { - this.setState({saving: false}); - } - }} - defaultValues={this.props.values} - validateError={this.props.validate}> - {api => ( - - {this.props.edit && this.props.edit(api)} - {this.props.items.map(item => ( - - {item.before} -
    -
    {(item.titleEdit && item.titleEdit(api)) || item.customTitle || item.title}
    -
    {(item.edit && item.edit(api)) || item.view}
    -
    -     - ))} -     - )} - - )} -
    + + )} + + )}
    - ) - } +
    + )} ); } diff --git a/ui/src/app/shared/components/editable-panel/editable-section.tsx b/ui/src/app/shared/components/editable-panel/editable-section.tsx deleted file mode 100644 index 7a5ff63aed988..0000000000000 --- a/ui/src/app/shared/components/editable-panel/editable-section.tsx +++ /dev/null @@ -1,164 +0,0 @@ -import {ErrorNotification, NotificationType} from 'argo-ui'; -import * as React from 'react'; -import {Form, FormApi} from 'react-form'; -import {ContextApis} from '../../context'; -import {EditablePanelItem} from './editable-panel'; -import {Spinner} from '../spinner'; - -export interface EditableSectionProps { - title?: string | React.ReactNode; - uniqueId: string; - values: T; - validate?: (values: T) => any; - save?: (input: T, query: {validate?: boolean}) => Promise; - items: EditablePanelItem[]; - onModeSwitch?: () => any; - noReadonlyMode?: boolean; - view?: string | React.ReactNode; - edit?: (formApi: FormApi) => React.ReactNode; - collapsible?: boolean; - ctx: ContextApis; - isTopSection?: boolean; - disabledState?: boolean; - updateButtons?: (pressed: boolean) => void; -} - -interface EditableSectionState { - isEditing: boolean; - isSaving: boolean; -} - -// Similar to editable-panel but it should be part of a white-box, editable-panel HOC and it can be reused one after another -export class EditableSection extends React.Component, EditableSectionState> { - private formApi: FormApi; - - constructor(props: EditableSectionProps) { - super(props); - this.state = {isEditing: !!props.noReadonlyMode, isSaving: false}; - } - - public UNSAFE_componentWillReceiveProps(nextProps: EditableSectionProps) { - if (this.formApi && JSON.stringify(this.props.values) !== JSON.stringify(nextProps.values)) { - if (nextProps.noReadonlyMode) { - this.formApi.setAllValues(nextProps.values); - } - } - } - - public render() { - return ( -
    - {!this.props.noReadonlyMode && this.props.save && ( -
    - {!this.state.isEditing && ( - - )} - {this.state.isEditing && ( -
    - - {' '} - - -
    - )} -
    - )} - - {this.props.title && ( -
    -

    {this.props.title}

    -
    - )} - - {(!this.state.isEditing && ( - - {this.props.view} - {this.props.items - .filter(item => item.view) - .map(item => ( - - {item.before} -
    -
    {item.customTitle || item.title}
    -
    {item.view}
    -
    -     - ))} -     - )) || ( -
    (this.formApi = api)} - formDidUpdate={async form => { - if (this.props.noReadonlyMode && this.props.save) { - await this.props.save(form.values as any, {}); - } - }} - onSubmit={async input => { - try { - this.setState({isSaving: true}); - await this.props.save(input as any, {}); - this.setState({isEditing: false, isSaving: false}); - this.props.onModeSwitch(); - } catch (e) { - this.props.ctx.notifications.show({ - content: , - type: NotificationType.Error - }); - } finally { - this.setState({isSaving: false}); - } - }} - defaultValues={this.props.values} - validateError={this.props.validate}> - {api => ( - - {this.props.edit && this.props.edit(api)} - {this.props.items?.map(item => ( - - {item.before} -
    -
    {(item.titleEdit && item.titleEdit(api)) || item.customTitle || item.title}
    -
    {(item.edit && item.edit(api)) || item.view}
    -
    -     - ))} -     - )} - - )} -
    - ); - } -} diff --git a/ui/src/app/shared/components/error-boundary/error-boundary.tsx b/ui/src/app/shared/components/error-boundary/error-boundary.tsx index a2c18d00823b0..97d2b78fe6f89 100644 --- a/ui/src/app/shared/components/error-boundary/error-boundary.tsx +++ b/ui/src/app/shared/components/error-boundary/error-boundary.tsx @@ -6,7 +6,7 @@ export class ErrorBoundary extends React.Component<{message?: string}, {hasError this.state = {hasError: false}; } - static getDerivedStateFromError() { + static getDerivedStateFromError(error: React.ErrorInfo) { return {hasError: true}; } diff --git a/ui/src/app/shared/components/layout/layout.scss b/ui/src/app/shared/components/layout/layout.scss index 5362d894ee473..ad01b89e65bf4 100644 --- a/ui/src/app/shared/components/layout/layout.scss +++ b/ui/src/app/shared/components/layout/layout.scss @@ -40,4 +40,14 @@ &__content { width: 100%; } + + &--extension { + .cd-layout__content--sb-expanded { + padding-left: $sidebar-width; + } + + .cd-layout__content--sb-collapsed { + padding-left: $collapsed-sidebar-width; + } + } } diff --git a/ui/src/app/shared/components/layout/layout.tsx b/ui/src/app/shared/components/layout/layout.tsx index e08297cb4e9e6..096fdde68e99b 100644 --- a/ui/src/app/shared/components/layout/layout.tsx +++ b/ui/src/app/shared/components/layout/layout.tsx @@ -9,6 +9,7 @@ export interface LayoutProps { onVersionClick?: () => void; children?: React.ReactNode; pref: ViewPreferences; + isExtension?: boolean; } const getBGColor = (theme: string): string => (theme === 'light' ? '#dee6eb' : '#100f0f'); @@ -22,7 +23,7 @@ export const Layout = (props: LayoutProps) => { return (
    -
    +
    {props.children} diff --git a/ui/src/app/shared/components/page/page.tsx b/ui/src/app/shared/components/page/page.tsx index 906680e19d008..bcdb37703f637 100644 --- a/ui/src/app/shared/components/page/page.tsx +++ b/ui/src/app/shared/components/page/page.tsx @@ -54,7 +54,7 @@ export const Page = (props: PageProps) => { return ( services.viewPreferences.getPreferences()}> {pref => ( -
    +
    { - const state = renderer.create( {}} percentage={0} title={''} />); + const state = renderer.create( { + }} percentage={0} title={''}/>); expect(state).toMatchSnapshot(); }); test('ProgressPopup.50%', () => { - const state = renderer.create( {}} percentage={50} title={'My Title'} />); + const state = renderer.create( { + }} percentage={50} title={'My Title'}/>); expect(state).toMatchSnapshot(); }); test('ProgressPopup.100%', () => { - const state = renderer.create( {}} percentage={100} title={''} />); + const state = renderer.create( { + }} percentage={100} title={''}/>); expect(state).toMatchSnapshot(); }); diff --git a/ui/src/app/shared/components/revision.test.tsx b/ui/src/app/shared/components/revision.test.tsx index d2c3e6f89b80e..b2ea79c97799d 100644 --- a/ui/src/app/shared/components/revision.test.tsx +++ b/ui/src/app/shared/components/revision.test.tsx @@ -1,44 +1,33 @@ import * as renderer from 'react-test-renderer'; import * as React from 'react'; -import {isSHA, Revision} from './revision'; +import {isSHA, Revision} from "./revision"; test('Revision.SHA1.Children', () => { - const tree = renderer - .create( - - foo - , - ) - .toJSON(); - - expect(tree).toMatchSnapshot(); + const tree = renderer.create(foo).toJSON(); + + expect(tree).toMatchSnapshot() }); test('Revision.SHA1.NoChildren', () => { - const tree = renderer.create().toJSON(); + const tree = renderer.create().toJSON(); - expect(tree).toMatchSnapshot(); + expect(tree).toMatchSnapshot() }); test('Revision.Branch.Children', () => { - const tree = renderer - .create( - - foo - , - ) - .toJSON(); - - expect(tree).toMatchSnapshot(); + const tree = renderer.create(foo).toJSON(); + + expect(tree).toMatchSnapshot() }); + test('Revision.Branch.NoChildren', () => { - const tree = renderer.create().toJSON(); + const tree = renderer.create().toJSON(); - expect(tree).toMatchSnapshot(); + expect(tree).toMatchSnapshot() }); test('isSHA1', () => { expect(isSHA('24eb0b24099b2e9afff72558724e88125eaa0176')).toBe(true); expect(isSHA('master')).toBe(false); -}); +}); \ No newline at end of file diff --git a/ui/src/app/shared/components/urls.test.ts b/ui/src/app/shared/components/urls.test.ts index 87df7f571fbc9..17101fe175418 100644 --- a/ui/src/app/shared/components/urls.test.ts +++ b/ui/src/app/shared/components/urls.test.ts @@ -16,8 +16,7 @@ test('github.com', () => { 'git@github.com:argoproj/argo-cd.git', '024dee09f543ce7bb5af7ca50260504d89dfda94', 'https://github.com/argoproj/argo-cd', - 'https://github.com/argoproj/argo-cd/commit/024dee09f543ce7bb5af7ca50260504d89dfda94', - ); + 'https://github.com/argoproj/argo-cd/commit/024dee09f543ce7bb5af7ca50260504d89dfda94'); }); // for enterprise github installations @@ -27,8 +26,7 @@ test('github.my-enterprise.com', () => { 'git@github.my-enterprise.com:my-org/my-repo.git', 'a06f2be80a4da89abb8ced904beab75b3ec6db0e', 'https://github.my-enterprise.com/my-org/my-repo', - 'https://github.my-enterprise.com/my-org/my-repo/commit/a06f2be80a4da89abb8ced904beab75b3ec6db0e', - ); + 'https://github.my-enterprise.com/my-org/my-repo/commit/a06f2be80a4da89abb8ced904beab75b3ec6db0e'); }); test('gitlab.com', () => { @@ -37,8 +35,7 @@ test('gitlab.com', () => { 'git@gitlab.com:alex_collins/private-repo.git', 'b1fe9426ead684d7af16958920968342ee295c1f', 'https://gitlab.com/alex_collins/private-repo', - 'https://gitlab.com/alex_collins/private-repo/-/commit/b1fe9426ead684d7af16958920968342ee295c1f', - ); + 'https://gitlab.com/alex_collins/private-repo/-/commit/b1fe9426ead684d7af16958920968342ee295c1f'); }); test('bitbucket.org', () => { @@ -47,8 +44,7 @@ test('bitbucket.org', () => { 'git@bitbucket.org:alexcollinsinuit/test-repo.git', '38fb93957deb45ff546af13399a92ac0d568c350', 'https://bitbucket.org/alexcollinsinuit/test-repo', - 'https://bitbucket.org/alexcollinsinuit/test-repo/commits/38fb93957deb45ff546af13399a92ac0d568c350', - ); + 'https://bitbucket.org/alexcollinsinuit/test-repo/commits/38fb93957deb45ff546af13399a92ac0d568c350'); }); test('empty url', () => { diff --git a/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx b/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx index 5bcdbfdf17b39..d60e13e570200 100644 --- a/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx +++ b/ui/src/app/shared/components/yaml-editor/yaml-editor.tsx @@ -32,7 +32,7 @@ export class YamlEditor extends React.Component< public render() { const props = this.props; - const yaml = props.input ? jsYaml.dump(props.input) : ''; + const yaml = props.input ? jsYaml.safeDump(props.input) : ''; return (
    @@ -74,7 +74,7 @@ export class YamlEditor extends React.Component< {' '}
    Project docker-image|haproxy
    Path haproxy:2.6.14-alpine
    Project docker-image|redis
    Path redis:7.0.11-alpine
    Package Manager apk