From 1b5bd572d68f56ef3f81551f3303982d9f5e0f6d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 16:39:04 +0000 Subject: [PATCH 01/41] Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 in /cmd/controller Dependabot couldn't find the original pull request head commit, efebabf8bb658fcc70b4477c79e782cb9e7f248c. --- cmd/controller/go.mod | 2 +- cmd/controller/go.sum | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index f015e45ea20..6243464a210 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -56,7 +56,7 @@ require ( github.com/digitalocean/godo v1.109.0 // indirect github.com/emicklei/go-restful/v3 v3.11.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-jose/go-jose/v3 v3.0.1 // indirect + github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index c76993c5eb9..d2d601d35b3 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -101,8 +101,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -318,7 +318,6 @@ github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -380,7 +379,6 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -396,6 +394,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -409,6 +408,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -420,6 +421,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -433,16 +435,22 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -457,6 +465,7 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From b1a2574ed6eba9c1764e60a1696acab69d8b12e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 18:33:32 +0000 Subject: [PATCH 02/41] Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 Dependabot couldn't find the original pull request head commit, 7e7d6c6dcc361bdf74b7863647fde1ff1714f8e6. --- go.mod | 2 +- go.sum | 17 +++++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/go.mod b/go.mod index 680a7c29150..ee3b8c66dad 100644 --- a/go.mod +++ b/go.mod @@ -83,7 +83,7 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/frankban/quicktest v1.14.6 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.1 // indirect + github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect diff --git a/go.sum b/go.sum index 04051711640..5dffa738df2 100644 --- a/go.sum +++ b/go.sum @@ -107,8 +107,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -328,7 +328,6 @@ github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -391,7 +390,6 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -407,6 +405,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -420,6 +419,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -431,6 +432,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -444,17 +446,23 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -469,6 +477,7 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From f304f4cff0515e83ebc8c840e6c66ccb50c2b187 Mon Sep 17 00:00:00 2001 From: Logan Davis <38335829+logand22@users.noreply.github.com> Date: Mon, 11 Mar 2024 15:38:13 -0500 Subject: [PATCH 03/41] Allow concurrent same-FQDN DNS-01 challenges when using route53 (#22) --- cmd/controller/app/controller.go | 1 + cmd/controller/app/options/options.go | 3 + internal/apis/config/controller/types.go | 4 ++ .../config/controller/v1alpha1/defaults.go | 5 ++ .../v1alpha1/zz_generated.conversion.go | 2 + pkg/apis/config/controller/v1alpha1/types.go | 4 ++ .../acmechallenges/scheduler/scheduler.go | 19 ++++++ .../scheduler/scheduler_test.go | 58 +++++++++++++++++++ pkg/controller/context.go | 3 + pkg/issuer/acme/dns/dns.go | 7 ++- test/unit/gen/challenge.go | 14 +++++ 11 files changed, 117 insertions(+), 3 deletions(-) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 1788ae70f0b..1dc041dc7fe 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -333,6 +333,7 @@ func buildControllerContextFactory(ctx context.Context, opts *config.ControllerC DNS01Nameservers: nameservers, DNS01CheckRetryPeriod: opts.ACMEDNS01Config.CheckRetryPeriod, DNS01CheckAuthoritative: !opts.ACMEDNS01Config.RecursiveNameserversOnly, + DNS01PropagationTime: opts.ACMEDNS01Config.PropagationTime, AccountRegistry: acmeAccountRegistry, }, diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8fa78c1395e..4afb0dcbacc 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -166,6 +166,9 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) { fs.DurationVar(&c.ACMEDNS01Config.CheckRetryPeriod, "dns01-check-retry-period", c.ACMEDNS01Config.CheckRetryPeriod, ""+ "The duration the controller should wait between a propagation check. Despite the name, this flag is used to configure the wait period for both DNS01 and HTTP01 challenge propagation checks. For DNS01 challenges the propagation check verifies that a TXT record with the challenge token has been created. For HTTP01 challenges the propagation check verifies that the challenge token is served at the challenge URL."+ "This should be a valid duration string, for example 180s or 1h") + fs.DurationVar(&c.ACMEDNS01Config.PropagationTime, "dns01-propagation-time", c.ACMEDNS01Config.PropagationTime, ""+ + "The duration the controller should wait after determining that an ACME dns entry exists."+ + "This should be a valid duration string, for example 180s or 1h") fs.BoolVar(&c.EnableCertificateOwnerRef, "enable-certificate-owner-ref", c.EnableCertificateOwnerRef, ""+ "Whether to set the certificate resource as an owner of secret where the tls certificate is stored. "+ diff --git a/internal/apis/config/controller/types.go b/internal/apis/config/controller/types.go index a9f7f0e1835..6dfc4ffa598 100644 --- a/internal/apis/config/controller/types.go +++ b/internal/apis/config/controller/types.go @@ -232,6 +232,10 @@ type ACMEDNS01Config struct { // token is served at the challenge URL. This should be a valid duration // string, for example 180s or 1h CheckRetryPeriod time.Duration + + // The duration the controller should wait after determining that an ACME dns entry exists. + // This should be a valid duration string, for example 180s or 1h + PropagationTime time.Duration } // TLSConfig configures how TLS certificates are sourced for serving. diff --git a/internal/apis/config/controller/v1alpha1/defaults.go b/internal/apis/config/controller/v1alpha1/defaults.go index 7384cef6385..876b375961a 100644 --- a/internal/apis/config/controller/v1alpha1/defaults.go +++ b/internal/apis/config/controller/v1alpha1/defaults.go @@ -82,6 +82,7 @@ var ( defaultDNS01RecursiveNameserversOnly = false defaultDNS01RecursiveNameservers = []string{} defaultDNS01CheckRetryPeriod = 10 * time.Second + defaultDNS01PropagationTime = 60 * time.Second defaultNumberOfConcurrentWorkers int32 = 5 defaultMaxConcurrentChallenges int32 = 60 @@ -332,4 +333,8 @@ func SetDefaults_ACMEDNS01Config(obj *v1alpha1.ACMEDNS01Config) { if obj.CheckRetryPeriod == time.Duration(0) { obj.CheckRetryPeriod = defaultDNS01CheckRetryPeriod } + + if obj.PropagationTime == time.Duration(0) { + obj.PropagationTime = defaultDNS01PropagationTime + } } diff --git a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go index 382d3c4089c..90554a72f65 100644 --- a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go @@ -148,6 +148,7 @@ func autoConvert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in *v1al return err } out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod) + out.PropagationTime = time.Duration(in.PropagationTime) return nil } @@ -162,6 +163,7 @@ func autoConvert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in *cont return err } out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod) + out.PropagationTime = time.Duration(in.PropagationTime) return nil } diff --git a/pkg/apis/config/controller/v1alpha1/types.go b/pkg/apis/config/controller/v1alpha1/types.go index 6884af223af..19326868799 100644 --- a/pkg/apis/config/controller/v1alpha1/types.go +++ b/pkg/apis/config/controller/v1alpha1/types.go @@ -252,6 +252,10 @@ type ACMEDNS01Config struct { // token is served at the challenge URL. This should be a valid duration // string, for example 180s or 1h CheckRetryPeriod time.Duration `json:"checkRetryPeriod,omitempty"` + + // The duration the controller should wait after determining that an ACME dns entry exists. + // This should be a valid duration string, for example 180s or 1h + PropagationTime time.Duration `json:"propagationTime,omitempty"` } // TLSConfig configures how TLS certificates are sourced for serving. diff --git a/pkg/controller/acmechallenges/scheduler/scheduler.go b/pkg/controller/acmechallenges/scheduler/scheduler.go index 94509844438..ebc67c3085d 100644 --- a/pkg/controller/acmechallenges/scheduler/scheduler.go +++ b/pkg/controller/acmechallenges/scheduler/scheduler.go @@ -200,6 +200,25 @@ func compareChallenges(l, r *cmacme.Challenge) int { return 1 } + // Explicitly allow parallel DNS-01 reqs for the same DNSNames using Route53, + // as the route53 package is capable of handling these. + // We could assume different solvers are safe to schedule in parallel, + // but this might not always be true (e.g., with custom webhooks) + if l.Spec.Type == cmacme.ACMEChallengeTypeDNS01 && + l.Spec.Solver.DNS01 != nil && + l.Spec.Solver.DNS01.Route53 != nil && + r.Spec.Solver.DNS01 != nil && + r.Spec.Solver.DNS01.Route53 != nil { + + // Use key to guarantee that different requests are never equal + if l.Spec.Key < r.Spec.Key { + return -1 + } + if l.Spec.Key > r.Spec.Key { + return 1 + } + } + // TODO: check the http01.ingressClass attribute and allow two challenges // with different ingress classes specified to be scheduled at once diff --git a/pkg/controller/acmechallenges/scheduler/scheduler_test.go b/pkg/controller/acmechallenges/scheduler/scheduler_test.go index b24ea13f7d3..37dc34f2145 100644 --- a/pkg/controller/acmechallenges/scheduler/scheduler_test.go +++ b/pkg/controller/acmechallenges/scheduler/scheduler_test.go @@ -267,6 +267,64 @@ func TestScheduleN(t *testing.T) { gen.SetChallengeWildcard(true)), }, }, + { + name: "schedule parallel DNS-01 challenges when using route53", + n: 5, + challenges: []*cmacme.Challenge{ + gen.Challenge("test1", + gen.SetChallengeDNSName("example.com"), + gen.SetChallengeType(cmacme.ACMEChallengeTypeDNS01), + gen.SetChallengeSolver(cmacme.ACMEChallengeSolver{ + DNS01: &cmacme.ACMEChallengeSolverDNS01{ + Route53: &cmacme.ACMEIssuerDNS01ProviderRoute53{}, + }, + }), + gen.SetChallengeKey("2"), + ), + gen.Challenge("test2", + gen.SetChallengeDNSName("example.com"), + gen.SetChallengeType(cmacme.ACMEChallengeTypeDNS01), + gen.SetChallengeSolver(cmacme.ACMEChallengeSolver{ + DNS01: &cmacme.ACMEChallengeSolverDNS01{ + Route53: &cmacme.ACMEIssuerDNS01ProviderRoute53{}, + }, + }), + gen.SetChallengeKey("1"), + ), + gen.Challenge("test3", + gen.SetChallengeDNSName("example.com"), + gen.SetChallengeType(cmacme.ACMEChallengeTypeDNS01), + gen.SetChallengeSolver(cmacme.ACMEChallengeSolver{ + DNS01: &cmacme.ACMEChallengeSolverDNS01{ + Cloudflare: &cmacme.ACMEIssuerDNS01ProviderCloudflare{}, + }, + }), + gen.SetChallengeCreationTimestamp(time.Unix(1, 1)), + ), + }, + expected: []*cmacme.Challenge{ + gen.Challenge("test2", + gen.SetChallengeDNSName("example.com"), + gen.SetChallengeType(cmacme.ACMEChallengeTypeDNS01), + gen.SetChallengeSolver(cmacme.ACMEChallengeSolver{ + DNS01: &cmacme.ACMEChallengeSolverDNS01{ + Route53: &cmacme.ACMEIssuerDNS01ProviderRoute53{}, + }, + }), + gen.SetChallengeKey("1"), + ), + gen.Challenge("test1", + gen.SetChallengeDNSName("example.com"), + gen.SetChallengeType(cmacme.ACMEChallengeTypeDNS01), + gen.SetChallengeSolver(cmacme.ACMEChallengeSolver{ + DNS01: &cmacme.ACMEChallengeSolverDNS01{ + Route53: &cmacme.ACMEIssuerDNS01ProviderRoute53{}, + }, + }), + gen.SetChallengeKey("2"), + ), + }, + }, { name: "don't schedule when total number of scheduled challenges exceeds global maximum", n: 5, diff --git a/pkg/controller/context.go b/pkg/controller/context.go index ae22bc4dc3f..eda7c53f7ba 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -208,6 +208,9 @@ type ACMEOptions struct { // DNS01CheckRetryPeriod is the time the controller should wait between checking if a ACME dns entry exists. DNS01CheckRetryPeriod time.Duration + + // The duration the controller should wait after determining that an ACME dns entry exists. + DNS01PropagationTime time.Duration } // IngressShimOptions contain default Issuer GVK config for the certificate-shim controllers. diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go index 1364a63d59c..eff745ba559 100644 --- a/pkg/issuer/acme/dns/dns.go +++ b/pkg/issuer/acme/dns/dns.go @@ -123,9 +123,10 @@ func (s *Solver) Check(ctx context.Context, issuer v1.GenericIssuer, ch *cmacme. return fmt.Errorf("DNS record for %q not yet propagated", ch.Spec.DNSName) } - ttl := 60 - log.V(logf.DebugLevel).Info("waiting DNS record TTL to allow the DNS01 record to propagate for domain", "ttl", ttl, "fqdn", fqdn) - time.Sleep(time.Second * time.Duration(ttl)) + if s.DNS01PropagationTime > 0 { + log.V(logf.DebugLevel).Info("waiting DNS01 record to propagate for domain", "duration", s.DNS01PropagationTime, "fqdn", fqdn) + time.Sleep(s.DNS01PropagationTime) + } log.V(logf.DebugLevel).Info("ACME DNS01 validation record propagated", "fqdn", fqdn) return nil diff --git a/test/unit/gen/challenge.go b/test/unit/gen/challenge.go index 64a5fc95230..8028fd72a44 100644 --- a/test/unit/gen/challenge.go +++ b/test/unit/gen/challenge.go @@ -17,6 +17,8 @@ limitations under the License. package gen import ( + "time" + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -79,6 +81,18 @@ func SetChallengeDNSName(dnsName string) ChallengeModifier { } } +func SetChallengeSolver(s cmacme.ACMEChallengeSolver) ChallengeModifier { + return func(ch *cmacme.Challenge) { + ch.Spec.Solver = s + } +} + +func SetChallengeCreationTimestamp(t time.Time) ChallengeModifier { + return func(ch *cmacme.Challenge) { + ch.CreationTimestamp.Time = t + } +} + func SetChallengePresented(p bool) ChallengeModifier { return func(ch *cmacme.Challenge) { ch.Status.Presented = p From 396d8c75505bac1163475d8d1da345638e1a09c1 Mon Sep 17 00:00:00 2001 From: Mike Jensen Date: Mon, 11 Mar 2024 10:44:40 -0600 Subject: [PATCH 04/41] Add CodeQL Workflow for golang scanning --- .github/workflows/codeql.yml | 47 ++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000000..b817369139e --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,47 @@ +name: "CodeQL" + +on: + push: + branches: + - teleport + pull_request: + branches: + - teleport + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: [ 'go' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + + - name: Set up Go + uses: actions/setup-go@v5 + with: + cache: false + go-version-file: go.mod + if: ${{ matrix.language == 'go' }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{matrix.language}}" From 5266624c6ca5f5cfff5574fbec74426714c93e88 Mon Sep 17 00:00:00 2001 From: Mike Jensen Date: Mon, 11 Mar 2024 12:14:02 -0600 Subject: [PATCH 05/41] Add Dependency Review CI --- .github/workflows/dependency-review.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 .github/workflows/dependency-review.yaml diff --git a/.github/workflows/dependency-review.yaml b/.github/workflows/dependency-review.yaml new file mode 100644 index 00000000000..5eb64ee3c73 --- /dev/null +++ b/.github/workflows/dependency-review.yaml @@ -0,0 +1,10 @@ +name: Dependency Review + +on: + pull_request: + +jobs: + dependency-review: + uses: gravitational/shared-workflows/.github/workflows/dependency-review.yaml@main + permissions: + contents: read From 8f475f6ef8d60ef55efb501cd0d51f4784f42091 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Thu, 23 May 2024 11:45:44 +0000 Subject: [PATCH 06/41] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- make/_shared/tools/00_mod.mk | 18 +++++++++--------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/klone.yaml b/klone.yaml index eeabcf7c545..6486653b1a5 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index e9c7cfb4d86..e2400990825 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -143,8 +143,8 @@ tools += conversion-gen=$(K8S_CODEGEN_VERSION) # https://github.com/kubernetes/kube-openapi tools += openapi-gen=f0e62f92d13f418e2732b21c952fd17cab771c75 -# https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml -KUBEBUILDER_ASSETS_VERSION := 1.30.0 +# https://raw.githubusercontent.com/kubernetes-sigs/controller-tools/master/envtest-releases.yaml +KUBEBUILDER_ASSETS_VERSION := v1.30.0 tools += etcd=$(KUBEBUILDER_ASSETS_VERSION) tools += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) @@ -439,24 +439,24 @@ $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD tar xfO $(outfile).tar.gz azwi > $(outfile) && chmod 775 $(outfile); \ rm -f $(outfile).tar.gz -kubebuilder_tools_linux_amd64_SHA256SUM=d51dae845397b7548444157903f2d573493afb6f90ce9417c0f5c61d4b1f908d -kubebuilder_tools_linux_arm64_SHA256SUM=83123010f603390ee0f417ad1cf2a715f5bff335c5841dcd4221764e52732336 -kubebuilder_tools_darwin_amd64_SHA256SUM=46f5a680f28b6db9fdaaab4659dee68a1f2e04a0d9a39f9b0176562a9e95167b -kubebuilder_tools_darwin_arm64_SHA256SUM=ce37b6fcd7678d78a610da1ae5e8e68777025b2bf046558820f967fe7a8f0dfd +kubebuilder_tools_linux_amd64_SHA256SUM=2a9792cb5f1403f524543ce94c3115e3c4a4229f0e86af55fd26c078da448164 +kubebuilder_tools_linux_arm64_SHA256SUM=39cc7274a3075a650a20fcd24b9e2067375732bebaf5356088a8efb35155f068 +kubebuilder_tools_darwin_amd64_SHA256SUM=85890b864330baec88f53aabfc1d5d94a8ca8c17483f34f4823dec0fae7c6e3a +kubebuilder_tools_darwin_arm64_SHA256SUM=849362d26105b64193b4142982c710306d90248272731a81fb83efac27c5a750 .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ - $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ + $(CURL) https://github.com/kubernetes-sigs/controller-tools/releases/download/envtest-$(KUBEBUILDER_ASSETS_VERSION)/envtest-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ $(checkhash_script) $(outfile) $(kubebuilder_tools_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) $(DOWNLOAD_DIR)/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ - tar xfO $< kubebuilder/bin/etcd > $(outfile) && chmod 775 $(outfile) + tar xfO $< controller-tools/envtest/etcd > $(outfile) && chmod 775 $(outfile) $(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ - tar xfO $< kubebuilder/bin/kube-apiserver > $(outfile) && chmod 775 $(outfile) + tar xfO $< controller-tools/envtest/kube-apiserver > $(outfile) && chmod 775 $(outfile) kyverno_linux_amd64_SHA256SUM=a5f6e9070c17acc47168c8ce4db78e45258376551b8bf68ad2d5ed27454cf666 kyverno_linux_arm64_SHA256SUM=007e828d622e73614365f5f7e8e107e36ae686e97e8982b1eeb53511fb2363c3 From c92fb1cf782625b552c05d2b0e7577e11191a4ea Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 13:35:19 +0200 Subject: [PATCH 07/41] add Helm options to extend auto-approval or disable it Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../cert-manager/templates/deployment.yaml | 3 +++ deploy/charts/cert-manager/templates/rbac.yaml | 11 ++++++++++- deploy/charts/cert-manager/values.yaml | 17 +++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/deploy/charts/cert-manager/templates/deployment.yaml b/deploy/charts/cert-manager/templates/deployment.yaml index 8c7403dd90e..a33c171d7c4 100644 --- a/deploy/charts/cert-manager/templates/deployment.yaml +++ b/deploy/charts/cert-manager/templates/deployment.yaml @@ -137,6 +137,9 @@ spec: {{- with .Values.dns01RecursiveNameservers }} - --dns01-recursive-nameservers={{ . }} {{- end }} + {{- if .Values.disableAutoApproval }} + - --controllers=-certificaterequests-approver + {{- end }} ports: - containerPort: 9402 name: http-metrics diff --git a/deploy/charts/cert-manager/templates/rbac.yaml b/deploy/charts/cert-manager/templates/rbac.yaml index 94b0950b7f3..7a27d4f7af1 100644 --- a/deploy/charts/cert-manager/templates/rbac.yaml +++ b/deploy/charts/cert-manager/templates/rbac.yaml @@ -474,6 +474,8 @@ rules: --- +{{- if not .Values.disableAutoApproval -}} + # Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -489,7 +491,12 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + {{- with .Values.approveSignerNames }} + resourceNames: + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} --- @@ -514,6 +521,8 @@ subjects: --- +{{- end -}} + # Permission to: # - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers # - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 958e3589b59..7630c048e0d 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -241,6 +241,23 @@ dns01RecursiveNameservers: "" # Enabling this option could cause the DNS01 self check to take longer owing to caching performed by the recursive nameservers. dns01RecursiveNameserversOnly: false +# Option to disable cert-manager's build-in auto-approver. The auto-approver +# approves all CertificateRequests that reference issuers matching the 'approveSignerNames' +# option. This 'disableAutoApproval' option is useful when you want to make all approval decisions +# using a different approver (like approver-policy - https://github.com/cert-manager/approver-policy). +disableAutoApproval: false + +# List of signer names that cert-manager will approve by default. CertificateRequests +# referencing these signer names will be auto-approved by cert-manager. Defaults to just +# approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty +# array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, +# because eg. you are using approver-policy, you can enable 'disableAutoApproval'. +# ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval +# +docs:property +approveSignerNames: +- issuers.cert-manager.io/* +- clusterissuers.cert-manager.io/* + # Additional command line flags to pass to cert-manager controller binary. # To see all available flags run `docker run quay.io/jetstack/cert-manager-controller: --help`. # From dadd37dc204eb613a8add764e812c8eb48edfe28 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 13:40:51 +0200 Subject: [PATCH 08/41] run 'make generate-helm-docs' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- deploy/charts/cert-manager/README.template.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index ab0073bfdd9..85edf689f6a 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -387,6 +387,23 @@ A comma-separated string with the host and port of the recursive nameservers cer > ``` Forces cert-manager to use only the recursive nameservers for verification. Enabling this option could cause the DNS01 self check to take longer owing to caching performed by the recursive nameservers. +#### **disableAutoApproval** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Option to disable cert-manager's build-in auto-approver. The auto-approver approves all CertificateRequests that reference issuers matching the 'approveSignerNames' option. This 'disableAutoApproval' option is useful when you want to make all approval decisions using a different approver (like approver-policy - https://github.com/cert-manager/approver-policy). +#### **approveSignerNames** ~ `array` +> Default value: +> ```yaml +> - issuers.cert-manager.io/* +> - clusterissuers.cert-manager.io/* +> ``` + +List of signer names that cert-manager will approve by default. CertificateRequests referencing these signer names will be auto-approved by cert-manager. Defaults to just approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, because eg. you are using approver-policy, you can enable 'disableAutoApproval'. +ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval + #### **extraArgs** ~ `array` > Default value: > ```yaml From dfce6b9183109a5dfdc1313b6615b6bdbd8dad53 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 24 May 2024 09:03:15 +0200 Subject: [PATCH 09/41] if list of controllers only contains disabled controllers, implicitly enable all default controllers Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- cmd/controller/app/options/options.go | 5 +++++ cmd/controller/app/options/options_test.go | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 9a6d1e15971..4798b247245 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -243,6 +243,11 @@ func EnabledControllers(o *config.ControllerConfiguration) sets.Set[string] { } } + // Detect if "*" was implied (in case only disabled controllers were specified) + if len(disabled) > 0 && len(enabled) == 0 { + enabled = enabled.Insert(defaults.DefaultEnabledControllers...) + } + enabled = enabled.Delete(disabled...) if utilfeature.DefaultFeatureGate.Enabled(feature.ExperimentalCertificateSigningRequestControllers) { diff --git a/cmd/controller/app/options/options_test.go b/cmd/controller/app/options/options_test.go index 8c86f308c87..99256498e1f 100644 --- a/cmd/controller/app/options/options_test.go +++ b/cmd/controller/app/options/options_test.go @@ -50,6 +50,14 @@ func TestEnabledControllers(t *testing.T) { controllers: []string{"*", "-clusterissuers", "-issuers"}, expEnabled: sets.New(defaults.DefaultEnabledControllers...).Delete("clusterissuers", "issuers"), }, + "if only disabled controllers are specified, implicitly enable all default controllers": { + controllers: []string{"-clusterissuers", "-issuers"}, + expEnabled: sets.New(defaults.DefaultEnabledControllers...).Delete("clusterissuers", "issuers"), + }, + "if both enabled and disabled controllers are specified, return specified controllers": { + controllers: []string{"foo", "-bar"}, + expEnabled: sets.New("foo"), + }, } for name, test := range tests { From c392ea86a46dc0af68e5af61bb3639a826a6ef5a Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 28 May 2024 12:34:57 +0200 Subject: [PATCH 10/41] BUGFIX: correctly mount config files for components Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../templates/cainjector-deployment.yaml | 20 +++++++++++++++++-- .../cert-manager/templates/deployment.yaml | 8 ++++---- .../templates/webhook-deployment.yaml | 8 ++++---- 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml index a2f7243e830..8f9f7f3315f 100644 --- a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml +++ b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml @@ -66,6 +66,9 @@ spec: {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }} - --v={{ .Values.global.logLevel }} {{- end }} + {{- if .Values.cainjector.config }} + - --config=/var/cert-manager/config/config.yaml + {{- end }} {{- with .Values.global.leaderElection }} - --leader-election-namespace={{ .namespace }} {{- if .leaseDuration }} @@ -97,9 +100,15 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.cainjector.volumeMounts }} + {{- if or .Values.cainjector.config .Values.cainjector.volumeMounts }} volumeMounts: + {{- if .Values.cainjector.config }} + - name: config + mountPath: /var/cert-manager/config + {{- end }} + {{- with .Values.cainjector.volumeMounts }} {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} {{- with .Values.cainjector.nodeSelector }} nodeSelector: @@ -117,8 +126,15 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.cainjector.volumes }} + {{- if or .Values.cainjector.volumes .Values.cainjector.config }} volumes: + {{- if .Values.cainjector.config }} + - name: config + configMap: + name: {{ include "cainjector.fullname" . }} + {{- end }} + {{ with .Values.cainjector.volumes }} {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/deploy/charts/cert-manager/templates/deployment.yaml b/deploy/charts/cert-manager/templates/deployment.yaml index 8c7403dd90e..4a37c72223f 100644 --- a/deploy/charts/cert-manager/templates/deployment.yaml +++ b/deploy/charts/cert-manager/templates/deployment.yaml @@ -66,10 +66,10 @@ spec: {{- end }} {{- if or .Values.volumes .Values.config}} volumes: - {{- if .Values.config }} + {{- if .Values.config }} - name: config configMap: - name: {{ include "cert-manager.fullname" . }} + name: {{ include "cert-manager.fullname" . }} {{- end }} {{ with .Values.volumes }} {{- toYaml . | nindent 8 }} @@ -150,11 +150,11 @@ spec: {{- end }} {{- if or .Values.config .Values.volumeMounts }} volumeMounts: - {{- if .Values.config}} + {{- if .Values.config }} - name: config mountPath: /var/cert-manager/config {{- end }} - {{- with .Values.volumeMounts }} + {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} diff --git a/deploy/charts/cert-manager/templates/webhook-deployment.yaml b/deploy/charts/cert-manager/templates/webhook-deployment.yaml index e55cd436183..ae5399e90ce 100644 --- a/deploy/charts/cert-manager/templates/webhook-deployment.yaml +++ b/deploy/charts/cert-manager/templates/webhook-deployment.yaml @@ -159,8 +159,8 @@ spec: - name: config mountPath: /var/cert-manager/config {{- end }} - {{- if .Values.webhook.volumeMounts }} - {{- toYaml .Values.webhook.volumeMounts | nindent 12 }} + {{- with .Values.webhook.volumeMounts }} + {{- toYaml . | nindent 12 }} {{- end }} {{- end }} {{- with .Values.webhook.nodeSelector }} @@ -186,7 +186,7 @@ spec: configMap: name: {{ include "webhook.fullname" . }} {{- end }} - {{- if .Values.webhook.volumes }} - {{- toYaml .Values.webhook.volumes | nindent 8 }} + {{- with .Values.webhook.volumes }} + {{- toYaml . | nindent 8 }} {{- end }} {{- end }} From 7ec86d2e240acbf9c1c216aa25de7ecd4e4f06a4 Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Thu, 13 Jun 2024 14:49:41 +0100 Subject: [PATCH 11/41] feat: normalize azure errors Signed-off-by: Adam Talbot --- pkg/issuer/acme/dns/azuredns/azuredns.go | 74 ++++++++++++++----- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 15 ++-- 2 files changed, 60 insertions(+), 29 deletions(-) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index 27994c73be5..c6148feff0d 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -11,11 +11,9 @@ this directory. package azuredns import ( - "bytes" "context" "errors" "fmt" - "io" "net/http" "os" "strings" @@ -279,27 +277,63 @@ func stabilizeError(err error) error { return nil } - redactResponse := func(resp *http.Response) *http.Response { - if resp == nil { - return nil + return NormalizedError{ + Cause: err, + } +} + +type NormalizedError struct { + Cause error +} + +func (e NormalizedError) Error() string { + var ( + authErr *azidentity.AuthenticationFailedError + respErr *azcore.ResponseError + ) + + switch { + case errors.As(e.Cause, &authErr): + msg := new(strings.Builder) + fmt.Fprintln(msg, "authentication failed:") + + if authErr.RawResponse != nil { + if authErr.RawResponse.Request != nil { + fmt.Fprintf(msg, "%s %s://%s%s\n", authErr.RawResponse.Request.Method, authErr.RawResponse.Request.URL.Scheme, authErr.RawResponse.Request.URL.Host, authErr.RawResponse.Request.URL.Path) + } + + fmt.Fprintln(msg, "--------------------------------------------------------------------------------") + fmt.Fprintf(msg, "RESPONSE %s\n", authErr.RawResponse.Status) + fmt.Fprintln(msg, "--------------------------------------------------------------------------------") } - response := *resp - response.Body = io.NopCloser(bytes.NewReader([]byte(""))) - return &response - } + fmt.Fprint(msg, "see logs for more information") - var authErr *azidentity.AuthenticationFailedError - if errors.As(err, &authErr) { - //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. - authErr.RawResponse = redactResponse(authErr.RawResponse) - } + return msg.String() + case errors.As(e.Cause, &respErr): + msg := new(strings.Builder) + fmt.Fprintln(msg, "request error:") - var respErr *azcore.ResponseError - if errors.As(err, &respErr) { - //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. - respErr.RawResponse = redactResponse(respErr.RawResponse) - } + if respErr.RawResponse != nil { + if respErr.RawResponse.Request != nil { + fmt.Fprintf(msg, "%s %s://%s%s\n", respErr.RawResponse.Request.Method, respErr.RawResponse.Request.URL.Scheme, respErr.RawResponse.Request.URL.Host, respErr.RawResponse.Request.URL.Path) + } - return err + fmt.Fprintln(msg, "--------------------------------------------------------------------------------") + fmt.Fprintf(msg, "RESPONSE %s\n", respErr.RawResponse.Status) + if respErr.ErrorCode != "" { + fmt.Fprintf(msg, "ERROR CODE: %s\n", respErr.ErrorCode) + } else { + fmt.Fprintln(msg, "ERROR CODE UNAVAILABLE") + } + fmt.Fprintln(msg, "--------------------------------------------------------------------------------") + } + + fmt.Fprint(msg, "see logs for more information") + + return msg.String() + + default: + return e.Cause.Error() + } } diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index 0cd7c0c31b2..5823bab9836 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -356,14 +356,12 @@ func TestGetAuthorizationFederatedSPT(t *testing.T) { _, err = spt.GetToken(context.TODO(), policy.TokenRequestOptions{Scopes: []string{"test"}}) err = stabilizeError(err) assert.Error(t, err) - assert.ErrorContains(t, err, fmt.Sprintf(`WorkloadIdentityCredential authentication failed + assert.ErrorContains(t, err, fmt.Sprintf(`authentication failed: POST %s/adfs/oauth2/token -------------------------------------------------------------------------------- RESPONSE 502 Bad Gateway -------------------------------------------------------------------------------- - --------------------------------------------------------------------------------- -To troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#workload`, ts.URL)) +see logs for more information`, ts.URL)) }) } @@ -406,12 +404,11 @@ func TestStabilizeResponseError(t *testing.T) { err = dnsProvider.Present(context.TODO(), "test.com", "fqdn.test.com.", "test123") require.Error(t, err) - require.ErrorContains(t, err, fmt.Sprintf(`Zone test.com. not found in AzureDNS for domain fqdn.test.com.. Err: GET %s/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Network/dnsZones/test.com + require.ErrorContains(t, err, fmt.Sprintf(`Zone test.com. not found in AzureDNS for domain fqdn.test.com.. Err: request error: +GET %s/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Network/dnsZones/test.com -------------------------------------------------------------------------------- -RESPONSE 502: 502 Bad Gateway +RESPONSE 502 Bad Gateway ERROR CODE: TEST_ERROR_CODE -------------------------------------------------------------------------------- - --------------------------------------------------------------------------------- -`, ts.URL)) +see logs for more information`, ts.URL)) } From 48bf30a1a43ebe9204054705b7408c68c276a635 Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Thu, 13 Jun 2024 17:30:47 +0100 Subject: [PATCH 12/41] chore: updating github.com/Azure/azure-sdk-for-go/sdk/azidentity to address CVE-2024-35255 Signed-off-by: Adam Talbot --- LICENSES | 16 ++++++++-------- cmd/acmesolver/LICENSES | 6 +++--- cmd/acmesolver/go.mod | 6 +++--- cmd/acmesolver/go.sum | 12 ++++++------ cmd/cainjector/LICENSES | 8 ++++---- cmd/cainjector/go.mod | 8 ++++---- cmd/cainjector/go.sum | 20 ++++++++++---------- cmd/controller/LICENSES | 16 ++++++++-------- cmd/controller/go.mod | 18 +++++++++--------- cmd/controller/go.sum | 36 ++++++++++++++++++------------------ cmd/startupapicheck/LICENSES | 8 ++++---- cmd/startupapicheck/go.mod | 8 ++++---- cmd/startupapicheck/go.sum | 20 ++++++++++---------- cmd/webhook/LICENSES | 10 +++++----- cmd/webhook/go.mod | 12 ++++++------ cmd/webhook/go.sum | 24 ++++++++++++------------ go.mod | 18 +++++++++--------- go.sum | 36 ++++++++++++++++++------------------ test/e2e/LICENSES | 10 +++++----- test/e2e/go.mod | 12 ++++++------ test/e2e/go.sum | 24 ++++++++++++------------ test/integration/LICENSES | 10 +++++----- test/integration/go.mod | 12 ++++++------ test/integration/go.sum | 24 ++++++++++++------------ 24 files changed, 187 insertions(+), 187 deletions(-) diff --git a/LICENSES b/LICENSES index 90a4eb776fe..0c479641b72 100644 --- a/LICENSES +++ b/LICENSES @@ -1,9 +1,9 @@ cloud.google.com/go/auth,https://github.com/googleapis/google-cloud-go/blob/auth/v0.4.2/auth/LICENSE,Apache-2.0 cloud.google.com/go/auth/oauth2adapt,https://github.com/googleapis/google-cloud-go/blob/auth/oauth2adapt/v0.2.2/auth/oauth2adapt/LICENSE,Apache-2.0 cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.3.0/compute/metadata/LICENSE,Apache-2.0 -github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.11.1/sdk/azcore/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.2/sdk/azidentity/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.8.0/sdk/internal/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.12.0/sdk/azcore/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.6.0/sdk/azidentity/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.9.0/sdk/internal/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.2/LICENSE,MIT @@ -136,14 +136,14 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/LICENSE,BSD-3-Clause diff --git a/cmd/acmesolver/LICENSES b/cmd/acmesolver/LICENSES index 39d66194d11..9311e6191e4 100644 --- a/cmd/acmesolver/LICENSES +++ b/cmd/acmesolver/LICENSES @@ -20,9 +20,9 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 diff --git a/cmd/acmesolver/go.mod b/cmd/acmesolver/go.mod index d90d9dc7ad5..b24cf5084b2 100644 --- a/cmd/acmesolver/go.mod +++ b/cmd/acmesolver/go.mod @@ -39,9 +39,9 @@ require ( github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/cmd/acmesolver/go.sum b/cmd/acmesolver/go.sum index 93d827325f0..a615ff81e45 100644 --- a/cmd/acmesolver/go.sum +++ b/cmd/acmesolver/go.sum @@ -75,20 +75,20 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= diff --git a/cmd/cainjector/LICENSES b/cmd/cainjector/LICENSES index c416ceb023a..69e0e4246cc 100644 --- a/cmd/cainjector/LICENSES +++ b/cmd/cainjector/LICENSES @@ -37,11 +37,11 @@ github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3- go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause diff --git a/cmd/cainjector/go.mod b/cmd/cainjector/go.mod index 4576c68f436..61b2692ac1b 100644 --- a/cmd/cainjector/go.mod +++ b/cmd/cainjector/go.mod @@ -65,11 +65,11 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.1 // indirect diff --git a/cmd/cainjector/go.sum b/cmd/cainjector/go.sum index 3a8b2162889..0d757483816 100644 --- a/cmd/cainjector/go.sum +++ b/cmd/cainjector/go.sum @@ -118,8 +118,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -128,22 +128,22 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index e6de9f70e53..8d0b7212ff9 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -1,9 +1,9 @@ cloud.google.com/go/auth,https://github.com/googleapis/google-cloud-go/blob/auth/v0.4.2/auth/LICENSE,Apache-2.0 cloud.google.com/go/auth/oauth2adapt,https://github.com/googleapis/google-cloud-go/blob/auth/oauth2adapt/v0.2.2/auth/oauth2adapt/LICENSE,Apache-2.0 cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.3.0/compute/metadata/LICENSE,Apache-2.0 -github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.11.1/sdk/azcore/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.2/sdk/azidentity/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.8.0/sdk/internal/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.12.0/sdk/azcore/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.6.0/sdk/azidentity/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.9.0/sdk/internal/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.2/LICENSE,MIT @@ -127,13 +127,13 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/LICENSE,BSD-3-Clause google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index 0386c690cfd..a6afde90d82 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -36,9 +36,9 @@ require ( cloud.google.com/go/auth v0.4.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect @@ -148,15 +148,15 @@ require ( go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect google.golang.org/api v0.181.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index c7a392534bf..be02917d25e 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -5,12 +5,12 @@ cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKF cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= @@ -406,8 +406,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= @@ -437,8 +437,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -466,24 +466,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -497,8 +497,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/cmd/startupapicheck/LICENSES b/cmd/startupapicheck/LICENSES index dd5015014fb..c5032b4af67 100644 --- a/cmd/startupapicheck/LICENSES +++ b/cmd/startupapicheck/LICENSES @@ -48,12 +48,12 @@ go.starlark.net,https://github.com/google/starlark-go/blob/f457c4c2b267/LICENSE, go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause diff --git a/cmd/startupapicheck/go.mod b/cmd/startupapicheck/go.mod index d502997aaa1..c387a9ac37b 100644 --- a/cmd/startupapicheck/go.mod +++ b/cmd/startupapicheck/go.mod @@ -77,12 +77,12 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.1 // indirect diff --git a/cmd/startupapicheck/go.sum b/cmd/startupapicheck/go.sum index e25d1c2b86b..91269310837 100644 --- a/cmd/startupapicheck/go.sum +++ b/cmd/startupapicheck/go.sum @@ -151,8 +151,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -164,22 +164,22 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index daaf3a4c2a5..5d0fc7316d0 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -55,14 +55,14 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 64bb16f3606..2f07315697c 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -23,7 +23,6 @@ replace github.com/cert-manager/cert-manager => ../../ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 - k8s.io/apimachinery v0.30.1 k8s.io/component-base v0.30.1 sigs.k8s.io/controller-runtime v0.18.2 ) @@ -82,14 +81,14 @@ require ( go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect @@ -101,6 +100,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/api v0.30.1 // indirect k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/apimachinery v0.30.1 // indirect k8s.io/apiserver v0.30.1 // indirect k8s.io/client-go v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index 48fdfa92e6b..2f03222064a 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -177,8 +177,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -197,8 +197,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -219,24 +219,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -245,8 +245,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/go.mod b/go.mod index 9cdb5c9a19e..21c84a6d66e 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ replace github.com/prometheus/client_golang => github.com/prometheus/client_gola replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 github.com/Venafi/vcert/v5 v5.6.4 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 @@ -45,7 +45,7 @@ require ( github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 - golang.org/x/crypto v0.23.0 + golang.org/x/crypto v0.24.0 golang.org/x/oauth2 v0.20.0 golang.org/x/sync v0.7.0 google.golang.org/api v0.181.0 @@ -69,7 +69,7 @@ require ( cloud.google.com/go/auth v0.4.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect @@ -173,12 +173,12 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect diff --git a/go.sum b/go.sum index 85982c57585..deeca85169d 100644 --- a/go.sum +++ b/go.sum @@ -5,12 +5,12 @@ cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKF cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= @@ -416,8 +416,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= @@ -447,8 +447,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -476,24 +476,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -507,8 +507,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index 838b42075ac..3f825478209 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -54,12 +54,12 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 0f8b3d0814f..541e7ff9ed4 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -94,15 +94,15 @@ require ( github.com/spf13/cobra v1.8.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index 718b48b8115..2a98e9b3c29 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -186,8 +186,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -206,8 +206,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -226,24 +226,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -252,8 +252,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/test/integration/LICENSES b/test/integration/LICENSES index 8b9f343dbed..890bb787e10 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -62,14 +62,14 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 diff --git a/test/integration/go.mod b/test/integration/go.mod index 5371e7ec810..1c766c4f20c 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -29,7 +29,7 @@ require ( github.com/munnerz/crd-schema-fuzz v1.0.0 github.com/segmentio/encoding v0.4.0 github.com/stretchr/testify v1.9.0 - golang.org/x/crypto v0.23.0 + golang.org/x/crypto v0.24.0 golang.org/x/sync v0.7.0 k8s.io/api v0.30.1 k8s.io/apiextensions-apiserver v0.30.1 @@ -108,13 +108,13 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 64bdfd89f23..9440b80bf1c 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -1289,8 +1289,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1426,8 +1426,8 @@ golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1577,8 +1577,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1594,8 +1594,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1615,8 +1615,8 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1696,8 +1696,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From c91273a9d56a3375ef44097f7308344f1335f789 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 17 Jun 2024 16:51:53 +0200 Subject: [PATCH 13/41] BUGFIX: retry signing when encountering transient error Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/controller/certificaterequests/vault/vault.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/certificaterequests/vault/vault.go b/pkg/controller/certificaterequests/vault/vault.go index 242f923a576..194ef736ddd 100644 --- a/pkg/controller/certificaterequests/vault/vault.go +++ b/pkg/controller/certificaterequests/vault/vault.go @@ -92,7 +92,7 @@ func (v *Vault) Sign(ctx context.Context, cr *v1.CertificateRequest, issuerObj v message := "Failed to initialise vault client for signing" v.reporter.Pending(cr, err, "VaultInitError", message) log.Error(err, message) - return nil, nil + return nil, err // Return error to requeue and retry } certDuration := apiutil.DefaultCertDuration(cr.Spec.Duration) From c680694215ec846a3ffc5191d6b264a7b110a54a Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 18 Jun 2024 10:12:50 +0200 Subject: [PATCH 14/41] only retry when encountering a Vault non-InvalidData error Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- internal/vault/vault.go | 3 ++- pkg/controller/certificaterequests/vault/vault.go | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/internal/vault/vault.go b/internal/vault/vault.go index 5bf82cebd9b..479023800ca 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -38,6 +38,7 @@ import ( internalinformers "github.com/cert-manager/cert-manager/internal/informers" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors" "github.com/cert-manager/cert-manager/pkg/util/pki" ) @@ -220,7 +221,7 @@ func (v *Vault) setToken(ctx context.Context, client Client) error { return nil } - return fmt.Errorf("error initializing Vault client: tokenSecretRef, appRoleSecretRef, or Kubernetes auth role not set") + return cmerrors.NewInvalidData("error initializing Vault client: tokenSecretRef, appRoleSecretRef, or Kubernetes auth role not set") } func (v *Vault) newConfig() (*vault.Config, error) { diff --git a/pkg/controller/certificaterequests/vault/vault.go b/pkg/controller/certificaterequests/vault/vault.go index 194ef736ddd..419b1cdd7c5 100644 --- a/pkg/controller/certificaterequests/vault/vault.go +++ b/pkg/controller/certificaterequests/vault/vault.go @@ -30,6 +30,7 @@ import ( crutil "github.com/cert-manager/cert-manager/pkg/controller/certificaterequests/util" "github.com/cert-manager/cert-manager/pkg/issuer" logf "github.com/cert-manager/cert-manager/pkg/logs" + cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors" ) const ( @@ -87,11 +88,15 @@ func (v *Vault) Sign(ctx context.Context, cr *v1.CertificateRequest, issuerObj v return nil, nil } - // TODO: distinguish between network errors and other which might warrant a failure. if err != nil { message := "Failed to initialise vault client for signing" v.reporter.Pending(cr, err, "VaultInitError", message) log.Error(err, message) + + if cmerrors.IsInvalidData(err) { + return nil, nil // Don't retry, wait for the issuer to be updated + } + return nil, err // Return error to requeue and retry } From db2a8f5f9cb0365edaa065282248f446834e4b71 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 19 Jun 2024 16:59:03 +0200 Subject: [PATCH 15/41] add testcase Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../certificaterequests/vault/vault_test.go | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/pkg/controller/certificaterequests/vault/vault_test.go b/pkg/controller/certificaterequests/vault/vault_test.go index 6996b4c6713..2f28114c5d4 100644 --- a/pkg/controller/certificaterequests/vault/vault_test.go +++ b/pkg/controller/certificaterequests/vault/vault_test.go @@ -329,6 +329,47 @@ func TestSign(t *testing.T) { }, }, }, + "a client with a token secret referenced with token but temporary failed to authenticate should report pending and return error": { + certificateRequest: baseCR.DeepCopy(), + builder: &testpkg.Builder{ + KubeObjects: []runtime.Object{tokenSecret}, + CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), gen.IssuerFrom(baseIssuer, + gen.SetIssuerVault(cmapi.VaultIssuer{ + Auth: cmapi.VaultAuth{ + TokenSecretRef: &cmmeta.SecretKeySelector{ + Key: "my-token-key", + LocalObjectReference: cmmeta.LocalObjectReference{ + Name: "token-secret", + }, + }, + }, + }), + )}, + ExpectedEvents: []string{ + "Normal VaultInitError Failed to initialise vault client for signing: failed to create vault client, temporary auth failure", + }, + ExpectedActions: []testpkg.Action{ + testpkg.NewAction(coretesting.NewUpdateSubresourceAction( + cmapi.SchemeGroupVersion.WithResource("certificaterequests"), + "status", + gen.DefaultTestNamespace, + gen.CertificateRequestFrom(baseCR, + gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{ + Type: cmapi.CertificateRequestConditionReady, + Status: cmmeta.ConditionFalse, + Reason: cmapi.CertificateRequestReasonPending, + Message: "Failed to initialise vault client for signing: failed to create vault client, temporary auth failure", + LastTransitionTime: &metaFixedClockStart, + }), + ), + )), + }, + }, + fakeVault: fakevault.New().WithNew(func(string, internalinformers.SecretLister, cmapi.GenericIssuer) (*fakevault.Vault, error) { + return nil, errors.New("failed to create vault client, temporary auth failure") + }), + expectedErr: true, + }, "a client with a token secret referenced with token but failed to sign should report fail": { certificateRequest: baseCR.DeepCopy(), builder: &testpkg.Builder{ From 7936ff00e5cdd9dc4cf34a67c0defece52328c2d Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Tue, 25 Jun 2024 12:28:06 +0100 Subject: [PATCH 16/41] [release-1.15] Bump go-retryablehttp to address CVE-2024-6104 Signed-off-by: Ashley Davis --- LICENSES | 2 +- cmd/controller/LICENSES | 2 +- cmd/controller/go.mod | 2 +- cmd/controller/go.sum | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- test/e2e/LICENSES | 2 +- test/e2e/go.mod | 2 +- test/e2e/go.sum | 4 ++-- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/LICENSES b/LICENSES index 0c479641b72..803503815e4 100644 --- a/LICENSES +++ b/LICENSES @@ -81,7 +81,7 @@ github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.7/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.8/parseutil/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index 8d0b7212ff9..ed6a341ca46 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -74,7 +74,7 @@ github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.7/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.8/parseutil/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index a6afde90d82..574f8c6a208 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -97,7 +97,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.6 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index be02917d25e..d355d7f50a8 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -208,8 +208,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= -github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= diff --git a/go.mod b/go.mod index 21c84a6d66e..39c55251332 100644 --- a/go.mod +++ b/go.mod @@ -122,7 +122,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.6 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect diff --git a/go.sum b/go.sum index deeca85169d..84363adf070 100644 --- a/go.sum +++ b/go.sum @@ -216,8 +216,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= -github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index 3f825478209..2ebfc6a580f 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -25,7 +25,7 @@ github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Ap github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.1/LICENSE,BSD-3-Clause github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.7/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 github.com/hashicorp/vault-client-go,https://github.com/hashicorp/vault-client-go/blob/v0.4.3/LICENSE,MPL-2.0 diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 541e7ff9ed4..ef7d52d0ade 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -69,7 +69,7 @@ require ( github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.1 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.6 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/imdario/mergo v0.3.16 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index 2a98e9b3c29..67507a9dfef 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -76,8 +76,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= -github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= From a1ad797611087dfcc566ec939040a8f0206447f6 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Wed, 10 Jul 2024 10:09:10 +0000 Subject: [PATCH 17/41] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- make/_shared/go/01_mod.mk | 35 +++++++++++++++++++++++++++++++++++ make/_shared/tools/00_mod.mk | 12 ++++++------ 3 files changed, 48 insertions(+), 13 deletions(-) diff --git a/klone.yaml b/klone.yaml index 6486653b1a5..3ee4c0d986e 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/tools diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk index 0e4d4185cae..9a28ed31835 100644 --- a/make/_shared/go/01_mod.mk +++ b/make/_shared/go/01_mod.mk @@ -23,6 +23,41 @@ endif go_base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/ golangci_lint_override := $(dir $(lastword $(MAKEFILE_LIST)))/.golangci.override.yaml +.PHONY: go-workspace +go-workspace: export GOWORK?=$(abspath go.work) +## Create a go.work file in the repository root (or GOWORK) +## +## @category Development +go-workspace: | $(NEEDS_GO) + @rm -f $(GOWORK) + $(GO) work init + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ + | while read d; do \ + target=$$(dirname $${d}); \ + $(GO) work use "$${target}"; \ + done + +.PHONY: go-tidy +## Alias for `make generate-go-mod-tidy` +## @category [shared] Generate/ Verify +go-tidy: generate-go-mod-tidy + +.PHONY: generate-go-mod-tidy +## Run `go mod tidy` on all Go modules +## @category [shared] Generate/ Verify +generate-go-mod-tidy: | $(NEEDS_GO) + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ + | while read d; do \ + target=$$(dirname $${d}); \ + echo "Running 'go mod tidy' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ + $(GO) mod tidy || exit; \ + popd >/dev/null; \ + echo ""; \ + done + +shared_generate_targets += generate-go-mod-tidy + .PHONY: generate-govulncheck ## Generate base files in the repository ## @category [shared] Generate/ Verify diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index e2400990825..39d76d50785 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -111,7 +111,7 @@ tools += goreleaser=v1.25.1 # https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions tools += syft=v0.100.0 # https://github.com/cert-manager/helm-tool -tools += helm-tool=v0.4.2 +tools += helm-tool=v0.5.1 # https://github.com/cert-manager/cmctl tools += cmctl=v2.0.0 # https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions @@ -153,7 +153,7 @@ ADDITIONAL_TOOLS ?= tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.22.3 +VENDORED_GO_VERSION := 1.22.5 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -363,10 +363,10 @@ $(call for_each_kv,go_dependency,$(go_dependencies)) # File downloads # ################## -go_linux_amd64_SHA256SUM=8920ea521bad8f6b7bc377b4824982e011c19af27df88a815e3586ea895f1b36 -go_linux_arm64_SHA256SUM=6c33e52a5b26e7aa021b94475587fce80043a727a54ceb0eee2f9fc160646434 -go_darwin_amd64_SHA256SUM=610e48c1df4d2f852de8bc2e7fd2dc1521aac216f0c0026625db12f67f192024 -go_darwin_arm64_SHA256SUM=02abeab3f4b8981232237ebd88f0a9bad933bc9621791cd7720a9ca29eacbe9d +go_linux_amd64_SHA256SUM=904b924d435eaea086515bc63235b192ea441bd8c9b198c507e85009e6e4c7f0 +go_linux_arm64_SHA256SUM=8d21325bfcf431be3660527c1a39d3d9ad71535fabdf5041c826e44e31642b5a +go_darwin_amd64_SHA256SUM=95d9933cdcf45f211243c42c7705c37353cccd99f27eb4d8e2d1bf2f4165cb50 +go_darwin_arm64_SHA256SUM=4cd1bcb05be03cecb77bccd765785d5ff69d79adf4dd49790471d00c06b41133 .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools From d313a2075130aea0c368954447bfb40767d03461 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 10 Jul 2024 12:12:28 +0200 Subject: [PATCH 18/41] remove duplicate make targets Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- make/02_mod.mk | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/make/02_mod.mk b/make/02_mod.mk index e9259b44ee9..e429520623e 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -36,29 +36,8 @@ include make/e2e-setup.mk include make/scan.mk include make/ko.mk -.PHONY: go-workspace -go-workspace: export GOWORK?=$(abspath go.work) -## Create a go.work file in the repository root (or GOWORK) -## -## @category Development -go-workspace: | $(NEEDS_GO) - @rm -f $(GOWORK) - $(GO) work init - $(GO) work use . ./cmd/acmesolver ./cmd/cainjector ./cmd/controller ./cmd/startupapicheck ./cmd/webhook ./test/integration ./test/e2e - .PHONY: tidy -## Run "go mod tidy" on each module in this repo -## -## @category Development -tidy: | $(NEEDS_GO) - $(GO) mod tidy - cd cmd/acmesolver && $(GO) mod tidy - cd cmd/cainjector && $(GO) mod tidy - cd cmd/controller && $(GO) mod tidy - cd cmd/startupapicheck && $(GO) mod tidy - cd cmd/webhook && $(GO) mod tidy - cd test/integration && $(GO) mod tidy - cd test/e2e && $(GO) mod tidy +tidy: generate-go-mod-tidy .PHONY: update-base-images update-base-images: | $(NEEDS_CRANE) From a3f47806404a602d91673a254c4db13a224266e1 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Wed, 10 Jul 2024 12:14:25 +0100 Subject: [PATCH 19/41] [release-1.15] bump go-grpc to fix GHSA-xr7q-jx4m-x55m Signed-off-by: Ashley Davis --- LICENSES | 2 +- cmd/controller/LICENSES | 2 +- cmd/controller/go.mod | 2 +- cmd/controller/go.sum | 4 ++-- cmd/webhook/LICENSES | 2 +- cmd/webhook/go.mod | 2 +- cmd/webhook/go.sum | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- test/integration/LICENSES | 2 +- test/integration/go.mod | 2 +- test/integration/go.sum | 4 ++-- 12 files changed, 16 insertions(+), 16 deletions(-) diff --git a/LICENSES b/LICENSES index 803503815e4..a1645b38151 100644 --- a/LICENSES +++ b/LICENSES @@ -150,7 +150,7 @@ google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0 google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index ed6a341ca46..196f9568c4e 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -139,7 +139,7 @@ google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0 google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index 574f8c6a208..ce8ca2a69a6 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -160,7 +160,7 @@ require ( google.golang.org/api v0.181.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index d355d7f50a8..3ba69cc13f9 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -523,8 +523,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index 5d0fc7316d0..2e3ab7de91a 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -67,7 +67,7 @@ golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,B gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 2f07315697c..b9fb1dfb565 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -93,7 +93,7 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index 2f03222064a..2d5ea797a54 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -257,8 +257,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1: google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/go.mod b/go.mod index 39c55251332..39186e51382 100644 --- a/go.mod +++ b/go.mod @@ -183,7 +183,7 @@ require ( google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 84363adf070..90f95f5a083 100644 --- a/go.sum +++ b/go.sum @@ -533,8 +533,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/test/integration/LICENSES b/test/integration/LICENSES index 890bb787e10..26d55bc5dc8 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -74,7 +74,7 @@ golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,B gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 diff --git a/test/integration/go.mod b/test/integration/go.mod index 1c766c4f20c..d029754d981 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -118,7 +118,7 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 9440b80bf1c..912462f2e51 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -1976,8 +1976,8 @@ google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From a475a5f7642664a97cffee65e71646c68c9cb48f Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Tue, 16 Jul 2024 11:17:40 +0100 Subject: [PATCH 20/41] test: adds test for getHTTPRouteForChallenge Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 114 +++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 pkg/issuer/acme/http/httproute_test.go diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go new file mode 100644 index 00000000000..061bfee1995 --- /dev/null +++ b/pkg/issuer/acme/http/httproute_test.go @@ -0,0 +1,114 @@ +package http + +import ( + "context" + "reflect" + "testing" + + gwapi "sigs.k8s.io/gateway-api/apis/v1" + + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" +) + +func TestGetGatewayHTTPRouteForChallenge(t *testing.T) { + const createdHTTPRouteKey = "createdHTTPRoute" + tests := map[string]solverFixture{ + "should return one httproute that matches": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + httpRoute, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + s.testResources[createdHTTPRouteKey] = httpRoute + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + createdHTTPRoute := s.testResources[createdHTTPRouteKey].(*gwapi.HTTPRoute) + gotHttpRoute := args[0].(*gwapi.HTTPRoute) + if !reflect.DeepEqual(gotHttpRoute, createdHTTPRoute) { + t.Errorf("Expected %v to equal %v", gotHttpRoute, createdHTTPRoute) + } + }, + }, + "should return one httproute for IP that matches": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "10.0.0.1", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + httpRoute, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + s.testResources[createdHTTPRouteKey] = httpRoute + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + createdHTTPRoute := s.testResources[createdHTTPRouteKey].(*gwapi.HTTPRoute) + gotHttpRoute := args[0].(*gwapi.HTTPRoute) + if !reflect.DeepEqual(gotHttpRoute, createdHTTPRoute) { + t.Errorf("Expected %v to equal %v", gotHttpRoute, createdHTTPRoute) + } + }, + }, + "should not return an httproute for the same certificate but different domain": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + differentChallenge := s.Challenge.DeepCopy() + differentChallenge.Spec.DNSName = "notexample.com" + _, err := s.Solver.createGatewayHTTPRoute(context.TODO(), differentChallenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + gotHttpRoute := args[0].(*gwapi.HTTPRoute) + if gotHttpRoute != nil { + t.Errorf("Expected function to not return an HTTPRoute, but got: %v", gotHttpRoute) + } + }, + }, + } + for name, test := range tests { + t.Run(name, func(t *testing.T) { + test.Setup(t) + resp, err := test.Solver.getGatewayHTTPRoute(context.TODO(), test.Challenge) + if err != nil && !test.Err { + t.Errorf("Expected function to not error, but got: %v", err) + } + if err == nil && test.Err { + t.Errorf("Expected function to get an error, but got: %v", err) + } + test.Finish(t, resp, err) + }) + } +} From a55f51d7831892933f17185310615e180a91de30 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Tue, 16 Jul 2024 16:24:48 +0100 Subject: [PATCH 21/41] fix: checkAndUpdateGatewayHTTPRoute function Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/issuer/acme/http/httproute.go b/pkg/issuer/acme/http/httproute.go index cf761b75d4e..6bd694fed40 100644 --- a/pkg/issuer/acme/http/httproute.go +++ b/pkg/issuer/acme/http/httproute.go @@ -117,7 +117,7 @@ func (s *Solver) checkAndUpdateGatewayHTTPRoute(ctx context.Context, ch *cmacme. for k, v := range ch.Spec.Solver.HTTP01.GatewayHTTPRoute.Labels { expectedLabels[k] = v } - actualLabels := ch.Labels + actualLabels := httpRoute.Labels if reflect.DeepEqual(expectedSpec, actualSpec) && reflect.DeepEqual(expectedLabels, actualLabels) { return httpRoute, nil } @@ -132,6 +132,7 @@ func (s *Solver) checkAndUpdateGatewayHTTPRoute(ctx context.Context, ch *cmacme. newHTTPRoute := oldHTTPRoute.DeepCopy() newHTTPRoute.Spec = expectedSpec newHTTPRoute.Labels = expectedLabels + newHTTPRoute.GenerateName = "" ret, err = s.GWClient.GatewayV1().HTTPRoutes(newHTTPRoute.Namespace).Update(ctx, newHTTPRoute, metav1.UpdateOptions{}) if err != nil { return err From 8365f8e3c29c2774ff86ac59271f30ff6b010073 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Tue, 16 Jul 2024 16:25:42 +0100 Subject: [PATCH 22/41] test: add test for ensureGatewayHTTPRoute Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 58 ++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go index 061bfee1995..3bf470164c4 100644 --- a/pkg/issuer/acme/http/httproute_test.go +++ b/pkg/issuer/acme/http/httproute_test.go @@ -5,6 +5,8 @@ import ( "reflect" "testing" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/utils/diff" gwapi "sigs.k8s.io/gateway-api/apis/v1" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" @@ -112,3 +114,59 @@ func TestGetGatewayHTTPRouteForChallenge(t *testing.T) { }) } } + +func TestEnsureGatewayHTTPRoute(t *testing.T) { + tests := map[string]solverFixture{ + "should update challenge httproute if service changes": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + _, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "anotherfakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + httpRoutes, err := s.Solver.httpRouteLister.List(labels.NewSelector()) + if err != nil { + t.Errorf("error listing HTTPRoutes: %v", err) + t.Fail() + return + } + + if len(httpRoutes) != 1 { + t.Errorf("Expected 1 HTTPRoute, but got: %v", len(httpRoutes)) + } + + gotHTTPRouteSpec := httpRoutes[0].Spec + expectedHTTPRoute := generateHTTPRouteSpec(s.Challenge, "fakeservice") + if !reflect.DeepEqual(gotHTTPRouteSpec, expectedHTTPRoute) { + t.Errorf("Expected HTTPRoute specs to match, but got diff:\n%v", + diff.ObjectDiff(gotHTTPRouteSpec, expectedHTTPRoute)) + } + }, + }, + } + for name, test := range tests { + t.Run(name, func(t *testing.T) { + test.Setup(t) + resp, err := test.Solver.ensureGatewayHTTPRoute(context.TODO(), test.Challenge, "fakeservice") + if err != nil && !test.Err { + t.Errorf("Expected function to not error, but got: %v", err) + } + if err == nil && test.Err { + t.Errorf("Expected function to get an error, but got: %v", err) + } + test.Finish(t, resp, err) + }) + } +} From 580044ba178846674b938ac1d3b4e56fa07404b5 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Tue, 16 Jul 2024 22:03:49 +0100 Subject: [PATCH 23/41] test: add test for multiple httproute resources Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 38 ++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go index 3bf470164c4..773bf3d7f4b 100644 --- a/pkg/issuer/acme/http/httproute_test.go +++ b/pkg/issuer/acme/http/httproute_test.go @@ -117,6 +117,44 @@ func TestGetGatewayHTTPRouteForChallenge(t *testing.T) { func TestEnsureGatewayHTTPRoute(t *testing.T) { tests := map[string]solverFixture{ + "should not create another httproute if one exists": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + _, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + httpRoutes, err := s.Solver.httpRouteLister.List(labels.NewSelector()) + if err != nil { + t.Errorf("error listing HTTPRoutes: %v", err) + t.Fail() + return + } + + if len(httpRoutes) != 1 { + t.Errorf("Expected 1 HTTPRoute, but got: %v", len(httpRoutes)) + } + + gotHTTPRouteSpec := httpRoutes[0].Spec + expectedHTTPRoute := generateHTTPRouteSpec(s.Challenge, "fakeservice") + if !reflect.DeepEqual(gotHTTPRouteSpec, expectedHTTPRoute) { + t.Errorf("Expected HTTPRoute specs to match, but got diff:\n%v", + diff.ObjectDiff(gotHTTPRouteSpec, expectedHTTPRoute)) + } + }, + }, "should update challenge httproute if service changes": { Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ From 586e484efd847d4dc300cfd26736f29188dc3925 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Wed, 17 Jul 2024 11:39:51 +0100 Subject: [PATCH 24/41] test: check for httproute clean-up Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 37 ++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go index 773bf3d7f4b..bc325d5e5b0 100644 --- a/pkg/issuer/acme/http/httproute_test.go +++ b/pkg/issuer/acme/http/httproute_test.go @@ -99,6 +99,43 @@ func TestGetGatewayHTTPRouteForChallenge(t *testing.T) { } }, }, + "should clean-up if there are multiple httproute resources": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + Err: true, + PreFn: func(t *testing.T, s *solverFixture) { + _, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + _, err = s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + httpRoutes, err := s.Solver.httpRouteLister.List(labels.NewSelector()) + if err != nil { + t.Errorf("error listing HTTPRoutes: %v", err) + t.Fail() + return + } + if len(httpRoutes) != 1 { + t.Errorf("Expected 1 HTTPRoute, but got: %v", len(httpRoutes)) + } + }, + }, } for name, test := range tests { t.Run(name, func(t *testing.T) { From cb975ffa8bd291d5dce1e1180dea117a7d50c68c Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Wed, 17 Jul 2024 11:40:17 +0100 Subject: [PATCH 25/41] fix: add missing hyphen to generateName Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/issuer/acme/http/httproute.go b/pkg/issuer/acme/http/httproute.go index 6bd694fed40..8f150e0de2d 100644 --- a/pkg/issuer/acme/http/httproute.go +++ b/pkg/issuer/acme/http/httproute.go @@ -95,7 +95,7 @@ func (s *Solver) createGatewayHTTPRoute(ctx context.Context, ch *cmacme.Challeng } httpRoute := &gwapi.HTTPRoute{ ObjectMeta: metav1.ObjectMeta{ - GenerateName: "cm-acme-http-solver", + GenerateName: "cm-acme-http-solver-", Namespace: ch.Namespace, Labels: labels, OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(ch, challengeGvk)}, From bdb4f1e8f4c9c325749999ff2bb6fe54ad699ccd Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Wed, 17 Jul 2024 12:23:30 +0100 Subject: [PATCH 26/41] fix: httproute spec deep equal Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/issuer/acme/http/httproute.go b/pkg/issuer/acme/http/httproute.go index 8f150e0de2d..a55ed8ab063 100644 --- a/pkg/issuer/acme/http/httproute.go +++ b/pkg/issuer/acme/http/httproute.go @@ -166,6 +166,7 @@ func generateHTTPRouteSpec(ch *cmacme.Challenge, svcName string) gwapi.HTTPRoute { BackendRef: gwapi.BackendRef{ BackendObjectReference: gwapi.BackendObjectReference{ + Group: func() *gwapi.Group { g := gwapi.Group(""); return &g }(), Kind: func() *gwapi.Kind { k := gwapi.Kind("Service"); return &k }(), Name: gwapi.ObjectName(svcName), Namespace: func() *gwapi.Namespace { n := gwapi.Namespace(ch.Namespace); return &n }(), From 8dc99995898ddacd6831aa276120265019c9665b Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Wed, 17 Jul 2024 17:57:33 +0100 Subject: [PATCH 27/41] revert: remove override for generate name Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/issuer/acme/http/httproute.go b/pkg/issuer/acme/http/httproute.go index a55ed8ab063..d6059d053fd 100644 --- a/pkg/issuer/acme/http/httproute.go +++ b/pkg/issuer/acme/http/httproute.go @@ -132,7 +132,6 @@ func (s *Solver) checkAndUpdateGatewayHTTPRoute(ctx context.Context, ch *cmacme. newHTTPRoute := oldHTTPRoute.DeepCopy() newHTTPRoute.Spec = expectedSpec newHTTPRoute.Labels = expectedLabels - newHTTPRoute.GenerateName = "" ret, err = s.GWClient.GatewayV1().HTTPRoutes(newHTTPRoute.Namespace).Update(ctx, newHTTPRoute, metav1.UpdateOptions{}) if err != nil { return err From e218851d862b5c71b2b1c169e5e77dace4ceb56c Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Thu, 18 Jul 2024 11:49:27 +0100 Subject: [PATCH 28/41] fix: do not present challenge for Gateway API if feature not enabled Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/http.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/issuer/acme/http/http.go b/pkg/issuer/acme/http/http.go index 8858f166595..f1b71f799c3 100644 --- a/pkg/issuer/acme/http/http.go +++ b/pkg/issuer/acme/http/http.go @@ -125,6 +125,9 @@ func (s *Solver) Present(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm return utilerrors.NewAggregate([]error{podErr, svcErr, ingressErr}) } if ch.Spec.Solver.HTTP01.GatewayHTTPRoute != nil { + if !s.GatewaySolverEnabled { + return fmt.Errorf("couldn't Present challenge %s/%s: gateway api is not enabled", ch.Namespace, ch.Name) + } _, gatewayErr = s.ensureGatewayHTTPRoute(ctx, ch, svcName) return utilerrors.NewAggregate([]error{podErr, svcErr, gatewayErr}) } From ff18804cdc8a3566fa26e1b253ccf7fc909b1501 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Thu, 18 Jul 2024 11:58:24 +0100 Subject: [PATCH 29/41] fix: add boilerplate to test file Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go index bc325d5e5b0..c6e86c010ef 100644 --- a/pkg/issuer/acme/http/httproute_test.go +++ b/pkg/issuer/acme/http/httproute_test.go @@ -1,3 +1,19 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package http import ( From b37218108b461cca479267b9cdcdf2786faa8916 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 18 Jul 2024 16:58:24 +0200 Subject: [PATCH 30/41] run 'make upgrade-klone' and 'make generate' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .github/workflows/govulncheck.yaml | 7 ++- .github/workflows/make-self-upgrade.yaml | 17 +++++-- klone.yaml | 14 ++--- .../base/.github/workflows/govulncheck.yaml | 7 ++- make/_shared/help/help.sh | 8 +-- .../.github/workflows/make-self-upgrade.yaml | 17 +++++-- make/_shared/tools/00_mod.mk | 51 +++++-------------- 7 files changed, 61 insertions(+), 60 deletions(-) diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml index 405e8dec99c..1a6ffc0ee54 100644 --- a/.github/workflows/govulncheck.yaml +++ b/.github/workflows/govulncheck.yaml @@ -10,18 +10,21 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml index 93beedff044..063c3529a3c 100644 --- a/.github/workflows/make-self-upgrade.yaml +++ b/.github/workflows/make-self-upgrade.yaml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: self_upgrade: runs-on: ubuntu-latest @@ -27,13 +30,13 @@ jobs: echo "This workflow should not be run on a non-branch-head." exit 1 - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ steps.go-version.outputs.result }} @@ -64,7 +67,7 @@ jobs: git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { repo, owner } = context.repo; @@ -77,7 +80,7 @@ jobs: }); if (pulls.data.length < 1) { - await github.rest.pulls.create({ + const result = await github.rest.pulls.create({ title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, @@ -87,4 +90,10 @@ jobs: 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), }); + await github.rest.issues.addLabels({ + owner, + repo, + issue_number: result.data.number, + labels: ['skip-review'] + }); } diff --git a/klone.yaml b/klone.yaml index 3ee4c0d986e..1c4f7184395 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/tools diff --git a/make/_shared/go/base/.github/workflows/govulncheck.yaml b/make/_shared/go/base/.github/workflows/govulncheck.yaml index 405e8dec99c..1a6ffc0ee54 100644 --- a/make/_shared/go/base/.github/workflows/govulncheck.yaml +++ b/make/_shared/go/base/.github/workflows/govulncheck.yaml @@ -10,18 +10,21 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/make/_shared/help/help.sh b/make/_shared/help/help.sh index d9c831ff774..400aab3d5fe 100755 --- a/make/_shared/help/help.sh +++ b/make/_shared/help/help.sh @@ -71,10 +71,10 @@ done <<< "$raw_expansions" ## 3. Sort and print the extracted line items -RULE_COLOR="$(tput setaf 6)" -CATEGORY_COLOR="$(tput setaf 3)" -CLEAR_STYLE="$(tput sgr0)" -PURPLE=$(tput setaf 125) +RULE_COLOR="$(TERM=xterm tput setaf 6)" +CATEGORY_COLOR="$(TERM=xterm tput setaf 3)" +CLEAR_STYLE="$(TERM=xterm tput sgr0)" +PURPLE=$(TERM=xterm tput setaf 125) extracted_lines=$(echo -e "$extracted_lines" | LC_ALL=C sort -r) current_category="" diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml index 93beedff044..063c3529a3c 100644 --- a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: self_upgrade: runs-on: ubuntu-latest @@ -27,13 +30,13 @@ jobs: echo "This workflow should not be run on a non-branch-head." exit 1 - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ steps.go-version.outputs.result }} @@ -64,7 +67,7 @@ jobs: git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { repo, owner } = context.repo; @@ -77,7 +80,7 @@ jobs: }); if (pulls.data.length < 1) { - await github.rest.pulls.create({ + const result = await github.rest.pulls.create({ title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, @@ -87,4 +90,10 @@ jobs: 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), }); + await github.rest.issues.addLabels({ + owner, + repo, + issue_number: result.data.number, + labels: ['skip-review'] + }); } diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 39d76d50785..8d5ad2c96e1 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -42,7 +42,13 @@ for_each_kv = $(foreach item,$2,$(eval $(call $1,$(word 1,$(subst =, ,$(item))), # variables: https://stackoverflow.com/questions/54726457 export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) -CTR=docker +CTR ?= docker +.PHONY: __require-ctr +ifneq ($(shell command -v $(CTR) >/dev/null || echo notfound),) +__require-ctr: + @:$(error "$(CTR) (or set CTR to a docker-compatible tool)") +endif +NEEDS_CTR = __require-ctr tools := # https://github.com/helm/helm/releases @@ -241,8 +247,13 @@ detected_vendoring := $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_ export VENDOR_GO ?= $(detected_vendoring) ifeq ($(VENDOR_GO),) +.PHONY: __require-go +ifneq ($(shell command -v go >/dev/null || echo notfound),) +__require-go: + @:$(error "$(GO) (or run 'make vendor-go')") +endif GO := go -NEEDS_GO := # +NEEDS_GO = __require-go else export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) @@ -604,10 +615,7 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOW missing=$(shell (command -v curl >/dev/null || echo curl) \ && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ - && (command -v rsync >/dev/null || echo rsync) \ - && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ - || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ - && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) + && (command -v rsync >/dev/null || echo rsync)) ifneq ($(missing),) $(error Missing required tools: $(missing)) endif @@ -616,34 +624,3 @@ endif ## Download and setup all tools ## @category [shared] Tools tools: $(tools_paths) - -self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk - -# see https://stackoverflow.com/a/53408233 -sed_inplace := sed -i'' -ifeq ($(HOST_OS),darwin) - sed_inplace := sed -i '' -endif - -# This target is used to learn the sha256sum of the tools. It is used only -# in the makefile-modules repo, and should not be used in any other repo. -.PHONY: tools-learn-sha -tools-learn-sha: | $(bin_dir) - rm -rf ./$(bin_dir)/ - mkdir -p ./$(bin_dir)/scratch/ - $(eval export LEARN_FILE=$(CURDIR)/$(bin_dir)/scratch/learn_tools_file) - echo -n "" > "$(LEARN_FILE)" - - HOST_OS=linux HOST_ARCH=amd64 $(MAKE) tools - HOST_OS=linux HOST_ARCH=arm64 $(MAKE) tools - HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools - HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools - - HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go - HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go - HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go - HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) vendor-go - - while read p; do \ - $(sed_inplace) "$$p" $(self_file); \ - done <"$(LEARN_FILE)" From c54c35f9ac8c096648b2a47fba2d01d870968d92 Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Tue, 16 Jul 2024 01:23:40 +0200 Subject: [PATCH 31/41] fix: Handle case of Azure returning auth error Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index c6148feff0d..7fedb0cbd46 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -210,7 +210,7 @@ func (c *DNSProvider) updateTXTRecord(ctx context.Context, fqdn string, updater resp, err := c.recordClient.Get(ctx, c.resourceGroupName, zone, name, dns.RecordTypeTXT, nil) if err != nil { var respErr *azcore.ResponseError - if errors.As(err, &respErr); respErr.StatusCode == http.StatusNotFound { + if errors.As(err, &respErr); respErr != nil && respErr.StatusCode == http.StatusNotFound { set = &dns.RecordSet{ Properties: &dns.RecordSetProperties{ TTL: to.Ptr(int64(60)), From 7c55820030042055216e15a054d3828b90147ea3 Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Tue, 16 Jul 2024 18:26:23 +0200 Subject: [PATCH 32/41] Add test case Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index 5823bab9836..7dcf94ed7f5 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -128,6 +128,17 @@ func TestInvalidAzureDns(t *testing.T) { assert.Error(t, err) } +func TestAuthenticationError(t *testing.T) { + provider, err := NewDNSProviderCredentials("", "invalid-client-id", "invalid-client-secret", "subid", "tenid", "rg", "example.com", util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) + assert.NoError(t, err) + + err = provider.Present(context.TODO(), "example.com", "_acme-challenge.example.com.", "123d==") + assert.Error(t, err) + + err = provider.CleanUp(context.TODO(), "example.com", "_acme-challenge.example.com.", "123d==") + assert.Error(t, err) +} + func populateFederatedToken(t *testing.T, filename string, content string) { t.Helper() From b47c58b040789db934d06f7af94c290c9a0e13f1 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 19 Jun 2024 14:51:01 +0200 Subject: [PATCH 33/41] set global region when calling sts Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/issuer/acme/dns/route53/route53.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 36e375af471..ea978affa07 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -82,7 +82,6 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { switch { case d.Role != "" && d.WebIdentityToken != "": d.log.V(logf.DebugLevel).Info("using assume role with web identity") - optFns = append(optFns, config.WithRegion(d.Region)) case useAmbientCredentials: d.log.V(logf.DebugLevel).Info("using ambient credentials") // Leaving credentials unset results in a default credential chain being @@ -98,9 +97,14 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err) } + // Explicitly set the region to aws-global so that AssumeRole can be used + // with the global sts endpoint. + stsCfg := cfg.Copy() + stsCfg.Region = "aws-global" + if d.Role != "" && d.WebIdentityToken == "" { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role") - stsSvc := d.StsProvider(cfg) + stsSvc := d.StsProvider(stsCfg) result, err := stsSvc.AssumeRole(ctx, &sts.AssumeRoleInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), @@ -119,7 +123,7 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { if d.Role != "" && d.WebIdentityToken != "" { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role with web identity") - stsSvc := d.StsProvider(cfg) + stsSvc := d.StsProvider(stsCfg) result, err := stsSvc.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), From ff2a82a9a7d7305d19413df3f490550d09c36888 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 19 Jun 2024 15:00:37 +0200 Subject: [PATCH 34/41] verify that the "aws-global" is used for sts in test Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/issuer/acme/dns/route53/route53_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index 7f563dbe51f..3134318043d 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -256,7 +256,8 @@ func TestAssumeRole(t *testing.T) { for _, c := range cases { t.Run(c.name, func(t *testing.T) { - provider := makeMockSessionProvider(func(aws.Config) StsClient { + provider := makeMockSessionProvider(func(cfg aws.Config) StsClient { + assert.Equal(t, "aws-global", cfg.Region) // verify that the global sts endpoint is used return c.mockSTS }, c.key, c.secret, c.region, c.role, c.webIdentityToken, c.ambient) cfg, err := provider.GetSession(context.TODO()) From bf03ee55065e7462999bbff9dc26477946f2a7e0 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 19 Jun 2024 17:15:07 +0200 Subject: [PATCH 35/41] improve aws GetSession comments that explain when and why regions have to be set Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/issuer/acme/dns/route53/route53.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index ea978affa07..0cdec3fb546 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -97,8 +97,10 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err) } - // Explicitly set the region to aws-global so that AssumeRole can be used - // with the global sts endpoint. + // For backwards compatibility with cert-manager <= 1.14, where we used the aws-sdk-go v1 + // library, we configure the SDK here to use the global sts endpoint. This was the default + // behaviour of the SDK v1 library, but has to be explicitly set in the v2 library. For the + // route53 calls, we use the region provided by the user (see below). stsCfg := cfg.Copy() stsCfg.Region = "aws-global" @@ -142,7 +144,8 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { // If ambient credentials aren't permitted, always set the region, even if to // empty string, to avoid it falling back on the environment. - // this has to be set after session is constructed + // This has to be set after session is constructed, as a different region (aws-global) + // is used for the STS service. if d.Region != "" || !useAmbientCredentials { cfg.Region = d.Region } From ae55ea1172eff68fd8d176ded5b88b14a2830d15 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Fri, 19 Jul 2024 09:20:20 +0100 Subject: [PATCH 36/41] Fix incorrect value and indentation of the PodMonitor endpointAdditionalProperties template in the Helm chart Signed-off-by: Richard Wall --- deploy/charts/cert-manager/templates/podmonitor.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/charts/cert-manager/templates/podmonitor.yaml b/deploy/charts/cert-manager/templates/podmonitor.yaml index 1adc0609cc5..175460ebec3 100644 --- a/deploy/charts/cert-manager/templates/podmonitor.yaml +++ b/deploy/charts/cert-manager/templates/podmonitor.yaml @@ -44,7 +44,7 @@ spec: interval: {{ .Values.prometheus.podmonitor.interval }} scrapeTimeout: {{ .Values.prometheus.podmonitor.scrapeTimeout }} honorLabels: {{ .Values.prometheus.podmonitor.honorLabels }} - {{- with .Values.prometheus.servicemonitor.endpointAdditionalProperties }} - {{- toYaml . | nindent 4 }} + {{- with .Values.prometheus.podmonitor.endpointAdditionalProperties }} + {{- toYaml . | nindent 6 }} {{- end }} {{- end }} From 243cd7899c41c1e9fab6d48417b8c41586d9f92a Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Tue, 23 Jul 2024 17:25:22 +0100 Subject: [PATCH 37/41] fix: e2e feature flags disabled test failing There is logic in a BeforeEach block to skip GatewayAPI tests if the feature is disabled. However there was a bug so this only skipped the first test of each process. This does not impact 1.14 because GatewayAPI was disabled by default and does not impact master because the tests have been refactored Signed-off-by: Adam Talbot --- test/e2e/suite/conformance/certificates/tests.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index fa60af3215f..f104a4b0e10 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -73,6 +73,11 @@ func (s *Suite) Define() { Skip("Not running public ACME tests against local cluster.") return } + + if s.HTTP01TestType == "Gateway" { + framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.ExperimentalGatewayAPISupport) + } + if s.completed { return } @@ -83,7 +88,6 @@ func (s *Suite) Define() { sharedIPAddress = f.Config.Addons.ACMEServer.IngressIP case "Gateway": sharedIPAddress = f.Config.Addons.ACMEServer.GatewayIP - framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.ExperimentalGatewayAPISupport) } }) From a94ad68d4e607443754c2dde5c2a1c6c05772b9a Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 24 Jul 2024 12:05:51 +0100 Subject: [PATCH 38/41] Update the Google CloudBuild job image Signed-off-by: Richard Wall --- gcb/build_cert_manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcb/build_cert_manager.yaml b/gcb/build_cert_manager.yaml index c866f062f39..72fea374267 100644 --- a/gcb/build_cert_manager.yaml +++ b/gcb/build_cert_manager.yaml @@ -15,7 +15,7 @@ steps: args: ['fetch', '--unshallow'] ## Build release artifacts and push to a bucket -- name: 'eu.gcr.io/jetstack-build-infra-images/make-dind:20230406-0ef4440-bullseye' +- name: 'europe-west1-docker.pkg.dev/cert-manager-tests-trusted/cert-manager-infra-images/make-dind:20240422-6b43e85-bookworm' entrypoint: bash args: - -c From 0749feea145c2ceedd35213bfd701f8c2b8c7e08 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:05:27 +0200 Subject: [PATCH 39/41] add caRequiresRegeneration unit test and fix incorrect renewal time calculation Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/server/tls/authority/authority.go | 2 +- pkg/server/tls/authority/authority_test.go | 148 +++++++++++++++++++++ 2 files changed, 149 insertions(+), 1 deletion(-) diff --git a/pkg/server/tls/authority/authority.go b/pkg/server/tls/authority/authority.go index 5b9b32550e4..c846c98ae5e 100644 --- a/pkg/server/tls/authority/authority.go +++ b/pkg/server/tls/authority/authority.go @@ -316,7 +316,7 @@ func (d *DynamicAuthority) caRequiresRegeneration(s *corev1.Secret) bool { return true } // renew the root CA when the current one is 2/3 of the way through its life - if time.Until(x509Cert.NotAfter) < (x509Cert.NotBefore.Sub(x509Cert.NotAfter) / 3) { + if time.Until(x509Cert.NotAfter) < (x509Cert.NotAfter.Sub(x509Cert.NotBefore) / 3) { d.log.V(logf.InfoLevel).Info("Root CA certificate is nearing expiry. Regenerating...") return true } diff --git a/pkg/server/tls/authority/authority_test.go b/pkg/server/tls/authority/authority_test.go index 17e4321c942..d265b0135b5 100644 --- a/pkg/server/tls/authority/authority_test.go +++ b/pkg/server/tls/authority/authority_test.go @@ -16,4 +16,152 @@ limitations under the License. package authority +import ( + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "testing" + "time" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + + cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "github.com/cert-manager/cert-manager/pkg/util/pki" +) + // Integration tests for the authority can be found in `test/integration/webhook/dynamic_authority_test.go`. + +func Test__caRequiresRegeneration(t *testing.T) { + generateSecretData := func(mod func(*x509.Certificate)) map[string][]byte { + // Generate a certificate and private key pair + pk, err := pki.GenerateECPrivateKey(384) + assert.NoError(t, err) + pkBytes, err := pki.EncodePrivateKey(pk, cmapi.PKCS8) + assert.NoError(t, err) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + assert.NoError(t, err) + cert := &x509.Certificate{ + Version: 3, + BasicConstraintsValid: true, + SerialNumber: serialNumber, + PublicKeyAlgorithm: x509.ECDSA, + Subject: pkix.Name{ + CommonName: "cert-manager-webhook-ca", + }, + IsCA: true, + NotBefore: time.Now(), + NotAfter: time.Now().Add(5 * time.Minute), + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign, + } + if mod != nil { + mod(cert) + } + _, cert, err = pki.SignCertificate(cert, cert, pk.Public(), pk) + assert.NoError(t, err) + certBytes, err := pki.EncodeX509(cert) + assert.NoError(t, err) + + return map[string][]byte{ + "tls.crt": certBytes, + "ca.crt": certBytes, + "tls.key": pkBytes, + } + } + + tests := []struct { + name string + secret *corev1.Secret + expect bool + }{ + { + name: "Missing data in CA secret (nil data)", + secret: &corev1.Secret{ + Data: nil, + }, + expect: true, + }, + { + name: "Missing data in CA secret (missing ca.crt)", + secret: &corev1.Secret{ + Data: map[string][]byte{ + "tls.key": []byte("private key"), + }, + }, + expect: true, + }, + { + name: "Different data in ca.crt and tls.crt", + secret: &corev1.Secret{ + Data: map[string][]byte{ + "tls.crt": []byte("data1"), + "ca.crt": []byte("data2"), + "tls.key": []byte("secret"), + }, + }, + expect: true, + }, + { + name: "Failed to parse data in CA secret", + secret: &corev1.Secret{ + Data: map[string][]byte{ + "tls.crt": []byte("cert"), + "ca.crt": []byte("cert"), + "tls.key": []byte("secret"), + }, + }, + expect: true, + }, + { + name: "Stored certificate is not marked as a CA", + secret: &corev1.Secret{ + Data: generateSecretData( + func(cert *x509.Certificate) { + cert.IsCA = false + }, + ), + }, + expect: true, + }, + { + name: "Root CA certificate is JUST nearing expiry", + secret: &corev1.Secret{ + Data: generateSecretData( + func(cert *x509.Certificate) { + cert.NotBefore = time.Now().Add(-2*time.Hour - 1*time.Minute) + cert.NotAfter = cert.NotBefore.Add(3 * time.Hour) + }, + ), + }, + expect: true, + }, + { + name: "Root CA certificate is ALMOST nearing expiry", + secret: &corev1.Secret{ + Data: generateSecretData( + func(cert *x509.Certificate) { + cert.NotBefore = time.Now().Add(-2*time.Hour + 1*time.Minute) + cert.NotAfter = cert.NotBefore.Add(3 * time.Hour) + }, + ), + }, + expect: false, + }, + { + name: "Ok", + secret: &corev1.Secret{ + Data: generateSecretData(nil), + }, + expect: false, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + required := (&DynamicAuthority{}).caRequiresRegeneration(test.secret) + if required != test.expect { + t.Errorf("Expected %v, but got %v", test.expect, required) + } + }) + } +} From 87f4e1a964f6de405b92e19e638a92319f966642 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:23:41 +0200 Subject: [PATCH 40/41] add test case for expired certificate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/server/tls/authority/authority_test.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkg/server/tls/authority/authority_test.go b/pkg/server/tls/authority/authority_test.go index d265b0135b5..782385755ac 100644 --- a/pkg/server/tls/authority/authority_test.go +++ b/pkg/server/tls/authority/authority_test.go @@ -147,6 +147,18 @@ func Test__caRequiresRegeneration(t *testing.T) { }, expect: false, }, + { + name: "Root CA certificate is expired", + secret: &corev1.Secret{ + Data: generateSecretData( + func(cert *x509.Certificate) { + cert.NotBefore = time.Now().Add(-1 * time.Hour) + cert.NotAfter = time.Now().Add(-1 * time.Minute) + }, + ), + }, + expect: true, + }, { name: "Ok", secret: &corev1.Secret{ From f83c826344ec1cb3cba29da49f9402daaa64085f Mon Sep 17 00:00:00 2001 From: Taras <9948629+taraspos@users.noreply.github.com> Date: Fri, 6 Sep 2024 16:29:16 +0100 Subject: [PATCH 41/41] github-actions: CI/CD (#33) --- .github/workflows/cd.yaml | 92 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 .github/workflows/cd.yaml diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml new file mode 100644 index 00000000000..4514d8cd023 --- /dev/null +++ b/.github/workflows/cd.yaml @@ -0,0 +1,92 @@ +name: CI/CD +on: + push: + +permissions: + contents: read + +jobs: + test: + name: Test application + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + - name: Setup Go + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 + with: + go-version-file: go.mod + cache: true + - name: Run tests + run: make test RELEASE_VERSION=0.0.0 + build-and-push: + name: Build and push Docker image + runs-on: ubuntu-latest + needs: [test] + env: + AWS_REGION_PUBLIC: us-east-1 + AWS_ROLE: arn:aws:iam::146628656107:role/cert-manager-controller-github-action-ecr-role + # push images only for tags like vX.X.X-teleport + PUSH_IMAGE: ${{ (startsWith(github.ref, 'refs/tags/v') && contains(github.ref, 'teleport')) }} + ECR_REPO: public.ecr.aws/gravitational/cert-manager-controller + permissions: + contents: read + id-token: write # This is required for requesting the JWT, see https://github.com/aws-actions/configure-aws-credentials#OIDC + steps: + - name: Checkout repo + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4 + with: + fetch-depth: 0 + + - name: Setup Go + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 + with: + go-version-file: go.mod + cache: true + + - name: Configure AWS credentials for ECR Public + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4 + with: + aws-region: ${{ env.AWS_REGION_PUBLIC }} + role-to-assume: ${{ env.AWS_ROLE }} + if: ${{ env.PUSH_IMAGE == 'true' }} + + - name: Login to Amazon ECR Public + id: login-ecr-public + uses: aws-actions/amazon-ecr-login@062b18b96a7aff071d4dc91bc00c4c1a7945b076 # v2 + with: + registry-type: public + if: ${{ env.PUSH_IMAGE == 'true' }} + + - name: Prepare docker labels and tags + id: meta + uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5 + with: + images: | + ${{ env.ECR_REPO }} + flavor: | + latest=false + tags: | + type=sha,prefix={{branch}}-,suffix=-{{date 'YYYYMMDDTHHmmss'}},format=short,enable=${{ startsWith(github.ref, 'refs/heads/') }} + type=semver,pattern={{version}},enable=${{ github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') }} + + - name: Build [and push] multiarch docker image + # because cert-manager build is not using buildx for simpler multiarch builds, + # but produces image per arch, we need to build them one by one and combine into multiarch-manifest + shell: bash + run: | + # https://docs.docker.com/reference/cli/docker/manifest/#create-and-push-a-manifest-list + for arch in amd64 arm64 s390x ppc64le arm; do + tag=${{ steps.meta.outputs.tags }}-$arch-linux + make _bin/containers/cert-manager-controller-linux-$arch.tar TAG=$tag + + if [ "$PUSH_IMAGE" = "true" ]; then + docker push $tag + docker manifest create -a ${{ steps.meta.outputs.tags }} $tag + fi + done + + if [ "$PUSH_IMAGE" = "true" ]; then + docker manifest push ${{ steps.meta.outputs.tags }} + fi +