diff --git a/.changelog/945.txt b/.changelog/945.txt new file mode 100644 index 0000000000..3f6176bf65 --- /dev/null +++ b/.changelog/945.txt @@ -0,0 +1,3 @@ +```release-note:note +Upgrade Helm to v3.9.4 +``` diff --git a/go.mod b/go.mod index d92b4baf08..07976892db 100644 --- a/go.mod +++ b/go.mod @@ -10,7 +10,7 @@ require ( github.com/pkg/errors v0.9.1 github.com/stretchr/testify v1.8.0 golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d - helm.sh/helm/v3 v3.9.0 + helm.sh/helm/v3 v3.9.4 k8s.io/api v0.24.2 k8s.io/apimachinery v0.24.2 k8s.io/client-go v0.24.2 @@ -22,8 +22,8 @@ require ( cloud.google.com/go v0.99.0 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest v0.11.20 // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.15 // indirect + github.com/Azure/go-autorest/autorest v0.11.24 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.18 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect @@ -32,7 +32,7 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.2 // indirect - github.com/Masterminds/squirrel v1.5.2 // indirect + github.com/Masterminds/squirrel v1.5.3 // indirect github.com/PuerkitoBio/purell v1.1.1 // indirect github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect github.com/agext/levenshtein v1.2.2 // indirect @@ -47,14 +47,15 @@ require ( github.com/containerd/containerd v1.6.6 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/cli v20.10.11+incompatible // indirect + github.com/docker/cli v20.10.17+incompatible // indirect github.com/docker/distribution v2.8.1+incompatible // indirect - github.com/docker/docker v20.10.14+incompatible // indirect + github.com/docker/docker v20.10.17+incompatible // indirect github.com/docker/docker-credential-helpers v0.6.4 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/go-units v0.4.0 // indirect github.com/emicklei/go-restful v2.9.5+incompatible // indirect + github.com/emicklei/go-restful/v3 v3.8.0 // indirect github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.13.0 // indirect @@ -66,7 +67,7 @@ require ( github.com/go-openapi/swag v0.19.14 // indirect github.com/gobwas/glob v0.2.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.0.0 // indirect + github.com/golang-jwt/jwt/v4 v4.2.0 // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect @@ -98,13 +99,13 @@ require ( github.com/huandu/xstrings v1.3.2 // indirect github.com/imdario/mergo v0.3.13 // indirect github.com/inconshreveable/mousetrap v1.0.0 // indirect - github.com/jmoiron/sqlx v1.3.4 // indirect + github.com/jmoiron/sqlx v1.3.5 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.13.6 // indirect github.com/lann/builder v0.0.0-20180802200727-47ae307949d0 // indirect github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 // indirect - github.com/lib/pq v1.10.4 // indirect + github.com/lib/pq v1.10.6 // indirect github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect github.com/mailru/easyjson v0.7.6 // indirect github.com/mattn/go-colorable v0.1.12 // indirect @@ -152,9 +153,9 @@ require ( github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect github.com/zclconf/go-cty v1.10.0 // indirect go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect - golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd // indirect + golang.org/x/net v0.0.0-20220225172249-27dd8689420f // indirect golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8 // indirect - golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect + golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f // indirect golang.org/x/sys v0.0.0-20220627191245-f75cf1eec38b // indirect golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect golang.org/x/text v0.3.7 // indirect @@ -166,15 +167,15 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.24.0 // indirect - k8s.io/apiserver v0.24.0 // indirect - k8s.io/cli-runtime v0.24.0 // indirect - k8s.io/component-base v0.24.0 // indirect + k8s.io/apiextensions-apiserver v0.24.2 // indirect + k8s.io/apiserver v0.24.2 // indirect + k8s.io/cli-runtime v0.24.2 // indirect + k8s.io/component-base v0.24.2 // indirect k8s.io/klog/v2 v2.60.1 // indirect - k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect - k8s.io/kubectl v0.24.0 // indirect + k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 // indirect + k8s.io/kubectl v0.24.2 // indirect k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 // indirect - oras.land/oras-go v1.1.0 // indirect + oras.land/oras-go v1.2.0 // indirect sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect sigs.k8s.io/kustomize/api v0.11.4 // indirect sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect diff --git a/go.sum b/go.sum index 4c8960de07..6605a0fb03 100644 --- a/go.sum +++ b/go.sum @@ -53,9 +53,13 @@ github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSW github.com/Azure/go-autorest/autorest v0.11.18/go.mod h1:dSiJPy22c3u0OtOKDNttNgqpNFY/GeWa7GH/Pz56QRA= github.com/Azure/go-autorest/autorest v0.11.20 h1:s8H1PbCZSqg/DH7JMlOz6YMig6htWLNPsjDdlLqCx3M= github.com/Azure/go-autorest/autorest v0.11.20/go.mod h1:o3tqFY+QR40VOlk+pV4d77mORO64jOXSgEnPQgLK6JY= +github.com/Azure/go-autorest/autorest v0.11.24 h1:1fIGgHKqVm54KIPT+q8Zmd1QlVsmHqeUGso5qm2BqqE= +github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= github.com/Azure/go-autorest/autorest/adal v0.9.13/go.mod h1:W/MM4U6nLxnIskrw4UwWzlHfGjwUS50aOsc/I3yuU8M= github.com/Azure/go-autorest/autorest/adal v0.9.15 h1:X+p2GF0GWyOiSmqohIaEeuNFNDY4I4EOlVuUQvFdWMk= github.com/Azure/go-autorest/autorest/adal v0.9.15/go.mod h1:tGMin8I49Yij6AQ+rvV+Xa/zwxYQB5hmsd6DkfAx2+A= +github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ= +github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= github.com/Azure/go-autorest/autorest/date v0.3.0/go.mod h1:BI0uouVdmngYNUzGWeSYnokU+TrmwEsOqdt8Y6sso74= github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk= @@ -83,6 +87,8 @@ github.com/Masterminds/sprig/v3 v3.2.2 h1:17jRggJu518dr3QaafizSXOjKYp94wKfABxUmy github.com/Masterminds/sprig/v3 v3.2.2/go.mod h1:UoaO7Yp8KlPnJIYWTFkMaqPUYKTfGFPhxNuwnnxkKlk= github.com/Masterminds/squirrel v1.5.2 h1:UiOEi2ZX4RCSkpiNDQN5kro/XIBpSRk9iTqdIRPzUXE= github.com/Masterminds/squirrel v1.5.2/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= +github.com/Masterminds/squirrel v1.5.3 h1:YPpoceAcxuzIljlr5iWpNKaql7hLeG1KLSrhvdHpkZc= +github.com/Masterminds/squirrel v1.5.3/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.4.14/go.mod h1:qXqCSQ3Xa7+6tgxaGTIe4Kpcdsi+P8jBhyzoq1bpyYA= github.com/Microsoft/go-winio v0.4.16/go.mod h1:XB6nPKklQyQ7GC9LdcBEcBl8PF76WugXOPRXwdLnMv0= github.com/Microsoft/go-winio v0.5.1 h1:aPJp2QD7OOrhO5tQXqQoGSJc+DjDtWTGLOmNyAm6FgY= @@ -191,12 +197,17 @@ github.com/denisenkom/go-mssqldb v0.9.0/go.mod h1:xbL0rPBG9cCiLr28tMa8zpbdarY27N github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= github.com/distribution/distribution/v3 v3.0.0-20211118083504-a29a3c99a684 h1:DBZ2sN7CK6dgvHVpQsQj4sRMCbWTmd17l+5SUCjnQSY= +github.com/distribution/distribution/v3 v3.0.0-20220526142353-ffbd94cbe269 h1:hbCT8ZPPMqefiAWD2ZKjn7ypokIGViTvBBg/ExLSdCk= github.com/docker/cli v20.10.11+incompatible h1:tXU1ezXcruZQRrMP8RN2z9N91h+6egZTS1gsPsKantc= github.com/docker/cli v20.10.11+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v20.10.17+incompatible h1:eO2KS7ZFeov5UJeaDmIs1NFEDRf32PaqRpvoEkKBy5M= +github.com/docker/cli v20.10.17+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.14+incompatible h1:+T9/PRYWNDo5SZl5qS1r9Mo/0Q8AwxKKPtu9S1yxM0w= github.com/docker/docker v20.10.14+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/docker v20.10.17+incompatible h1:JYCuMrWaVNophQTOrMMoSwudOVEfcegoZZrleKc1xwE= +github.com/docker/docker v20.10.17+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.6.4 h1:axCks+yV+2MR3/kZhAmy07yC56WZ2Pwu/fKWtKuZB0o= github.com/docker/docker-credential-helpers v0.6.4/go.mod h1:ofX3UI0Gz1TteYBjtgs07O36Pyasyp66D2uKT7H8W1c= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= @@ -214,6 +225,8 @@ github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkg github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= +github.com/emicklei/go-restful/v3 v3.8.0 h1:eCZ8ulSerjdAiaNpF7GxXIE7ZCMo1moN1qX+S609eVw= +github.com/emicklei/go-restful/v3 v3.8.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg= github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -287,6 +300,8 @@ github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/ github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-sql-driver/mysql v1.5.0 h1:ozyZYNQW3x3HtqT1jira07DN2PArx2v7/mN66gGcHOs= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= +github.com/go-sql-driver/mysql v1.6.0 h1:BCTh4TKNUYmOmMUcQ3IipzF5prigylS7XXjEkfCHuOE= +github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-test/deep v1.0.3 h1:ZrJSEWsXzPOxaZnFteGEfooLba+ju3FYIbOrS+rQd68= github.com/gobuffalo/logger v1.0.6 h1:nnZNpxYo0zx+Aj9RfMPBm+x9zAU2OayFh/xrAWi34HU= @@ -306,6 +321,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0 h1:RAqyYixv1p7uEnocuy8P1nru5wprCh/MH2BIlW5z5/o= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= +github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= +github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= @@ -499,6 +516,8 @@ github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= github.com/jmoiron/sqlx v1.3.4 h1:wv+0IJZfL5z0uZoUjlpKgHkgaFSYD+r9CfrXjEXsO7w= github.com/jmoiron/sqlx v1.3.4/go.mod h1:2BljVx/86SuTyjE+aPYlHCTNvZrnJXghYGpNiXLBMCQ= +github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g= +github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= @@ -548,6 +567,8 @@ github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/lib/pq v1.10.0/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/lib/pq v1.10.4 h1:SO9z7FRPzA03QhHKJrH5BXA6HU1rS4V2nIVrrNC1iYk= github.com/lib/pq v1.10.4/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= +github.com/lib/pq v1.10.6 h1:jbk+ZieJ0D7EVGJYpL9QTz7/YW6UHbmdnZWYyK5cdBs= +github.com/lib/pq v1.10.6/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de h1:9TO3cAIGXtEhnIaL+V+BEER86oLrvS+kWobKpbJuye0= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lithammer/dedent v1.1.0/go.mod h1:jrXYCQtgg0nJiN+StA2KgR7w6CiQNv9Fd/Z9BP0jIOc= @@ -652,6 +673,7 @@ github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGV github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY= github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo= github.com/onsi/gomega v1.15.0 h1:WjP/FQ/sk43MRmnEcT+MlDw2TFvkrXlprrPST/IudjU= +github.com/onsi/gomega v1.19.0 h1:4ieX6qQjPP/BfC3mpsAtIGGlxTWPeA3Inl/7DtXw1tw= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.0.3-0.20211202183452-c5a74bcca799 h1:rc3tiVYb5z54aKaDfakKn0dDjIyPpTtszkjuMzyt7ec= @@ -663,6 +685,7 @@ github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCko github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc= +github.com/phayes/freeport v0.0.0-20220201140144-74d24b5ae9f5 h1:Ii+DKncOVM8Cu1Hc+ETb5K+23HdAMvESYE3ZJ5b5cMI= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -872,6 +895,7 @@ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -965,6 +989,8 @@ golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd h1:O7DYs+zxREGLKzKoMQrtrEacpb0ZVXA5rIwylE2Xchk= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f h1:oA4XRj0qtSt8Yo1Zms0CUlsT3KG69V2UGQWPBxujDmc= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -995,6 +1021,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f h1:Ax0t5p6N38Ga0dThY21weqDEyz2oklo4IvDkpigvkD8= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -1348,6 +1376,8 @@ gotest.tools/v3 v3.0.3 h1:4AuOwCGf4lLR9u3YOe2awrHygurzhO/HeQ6laiA6Sx0= gotest.tools/v3 v3.0.3/go.mod h1:Z7Lb0S5l+klDB31fvDQX8ss/FlKDxtlFlw3Oa8Ymbl8= helm.sh/helm/v3 v3.9.0 h1:qDSWViuF6SzZX5s5AB/NVRGWmdao7T5j4S4ebIkMGag= helm.sh/helm/v3 v3.9.0/go.mod h1:fzZfyslcPAWwSdkXrXlpKexFeE2Dei8N27FFQWt+PN0= +helm.sh/helm/v3 v3.9.4 h1:TCI1QhJUeLVOdccfdw+vnSEO3Td6gNqibptB04QtExY= +helm.sh/helm/v3 v3.9.4/go.mod h1:3eaWAIqzvlRSD06gR9MMwmp2KBKwlu9av1/1BZpjeWY= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -1360,20 +1390,30 @@ k8s.io/api v0.24.2 h1:g518dPU/L7VRLxWfcadQn2OnsiGWVOadTLpdnqgY2OI= k8s.io/api v0.24.2/go.mod h1:AHqbSkTm6YrQ0ObxjO3Pmp/ubFF/KuM7jU+3khoBsOg= k8s.io/apiextensions-apiserver v0.24.0 h1:JfgFqbA8gKJ/uDT++feAqk9jBIwNnL9YGdQvaI9DLtY= k8s.io/apiextensions-apiserver v0.24.0/go.mod h1:iuVe4aEpe6827lvO6yWQVxiPSpPoSKVjkq+MIdg84cM= +k8s.io/apiextensions-apiserver v0.24.2 h1:/4NEQHKlEz1MlaK/wHT5KMKC9UKYz6NZz6JE6ov4G6k= +k8s.io/apiextensions-apiserver v0.24.2/go.mod h1:e5t2GMFVngUEHUd0wuCJzw8YDwZoqZfJiGOW6mm2hLQ= k8s.io/apimachinery v0.24.0/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM= k8s.io/apimachinery v0.24.2 h1:5QlH9SL2C8KMcrNJPor+LbXVTaZRReml7svPEh4OKDM= k8s.io/apimachinery v0.24.2/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM= k8s.io/apiserver v0.24.0 h1:GR7kGsjOMfilRvlG3Stxv/3uz/ryvJ/aZXc5pqdsNV0= k8s.io/apiserver v0.24.0/go.mod h1:WFx2yiOMawnogNToVvUYT9nn1jaIkMKj41ZYCVycsBA= +k8s.io/apiserver v0.24.2 h1:orxipm5elPJSkkFNlwH9ClqaKEDJJA3yR2cAAlCnyj4= +k8s.io/apiserver v0.24.2/go.mod h1:pSuKzr3zV+L+MWqsEo0kHHYwCo77AT5qXbFXP2jbvFI= k8s.io/cli-runtime v0.24.0 h1:ot3Qf49T852uEyNApABO1UHHpFIckKK/NqpheZYN2gM= k8s.io/cli-runtime v0.24.0/go.mod h1:9XxoZDsEkRFUThnwqNviqzljtT/LdHtNWvcNFrAXl0A= +k8s.io/cli-runtime v0.24.2 h1:KxY6tSgPGsahA6c1/dmR3uF5jOxXPx2QQY6C5ZrLmtE= +k8s.io/cli-runtime v0.24.2/go.mod h1:1LIhKL2RblkhfG4v5lZEt7FtgFG5mVb8wqv5lE9m5qY= k8s.io/client-go v0.24.0/go.mod h1:VFPQET+cAFpYxh6Bq6f4xyMY80G6jKKktU6G0m00VDw= k8s.io/client-go v0.24.2 h1:CoXFSf8if+bLEbinDqN9ePIDGzcLtqhfd6jpfnwGOFA= k8s.io/client-go v0.24.2/go.mod h1:zg4Xaoo+umDsfCWr4fCnmLEtQXyCNXCvJuSsglNcV30= k8s.io/code-generator v0.24.0/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w= +k8s.io/code-generator v0.24.2/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w= k8s.io/component-base v0.24.0 h1:h5jieHZQoHrY/lHG+HyrSbJeyfuitheBvqvKwKHVC0g= k8s.io/component-base v0.24.0/go.mod h1:Dgazgon0i7KYUsS8krG8muGiMVtUZxG037l1MKyXgrA= +k8s.io/component-base v0.24.2 h1:kwpQdoSfbcH+8MPN4tALtajLDfSfYxBDYlXobNWI6OU= +k8s.io/component-base v0.24.2/go.mod h1:ucHwW76dajvQ9B7+zecZAP3BVqvrHoOxm8olHEg0nmM= k8s.io/component-helpers v0.24.0/go.mod h1:Q2SlLm4h6g6lPTC9GMMfzdywfLSvJT2f1hOnnjaWD8c= +k8s.io/component-helpers v0.24.2/go.mod h1:TRQPBQKfmqkmV6c0HAmUs8cXVNYYYLsXy4zu8eODi9g= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -1386,14 +1426,21 @@ k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw= k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 h1:Gii5eqf+GmIEwGNKQYQClCayuJCe2/4fZUvF7VG99sU= k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= +k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 h1:yEQKdMCjzAOvGeiTwG4hO/hNVNtDOuUFvMUZ0OlaIzs= +k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8/go.mod h1:mbJ+NSUoAhuR14N0S63bPkh8MGVSo3VYSGZtH/mfMe0= k8s.io/kubectl v0.24.0 h1:nA+WtMLVdXUs4wLogGd1mPTAesnLdBpCVgCmz3I7dXo= k8s.io/kubectl v0.24.0/go.mod h1:pdXkmCyHiRTqjYfyUJiXtbVNURhv0/Q1TyRhy2d5ic0= +k8s.io/kubectl v0.24.2 h1:+RfQVhth8akUmIc2Ge8krMl/pt66V7210ka3RE/p0J4= +k8s.io/kubectl v0.24.2/go.mod h1:+HIFJc0bA6Tzu5O/YcuUt45APAxnNL8LeMuXwoiGsPg= k8s.io/metrics v0.24.0/go.mod h1:jrLlFGdKl3X+szubOXPG0Lf2aVxuV3QJcbsgVRAM6fI= +k8s.io/metrics v0.24.2/go.mod h1:5NWURxZ6Lz5gj8TFU83+vdWIVASx7W8lwPpHYCqopMo= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= oras.land/oras-go v1.1.0 h1:tfWM1RT7PzUwWphqHU6ptPU3ZhwVnSw/9nEGf519rYg= oras.land/oras-go v1.1.0/go.mod h1:1A7vR/0KknT2UkJVWh+xMi95I/AhK8ZrxrnUSmXN0bQ= +oras.land/oras-go v1.2.0 h1:yoKosVIbsPoFMqAIFHTnrmOuafHal+J/r+I5bdbVWu4= +oras.land/oras-go v1.2.0/go.mod h1:pFNs7oHp2dYsYMSS82HaX5l4mpnGO7hbpPN6EWH2ltc= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/sender.go b/vendor/github.com/Azure/go-autorest/autorest/adal/sender.go index 1826a68dc8..eb649bce9f 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/sender.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/sender.go @@ -16,9 +16,11 @@ package adal import ( "crypto/tls" + "net" "net/http" "net/http/cookiejar" "sync" + "time" "github.com/Azure/go-autorest/tracing" ) @@ -72,15 +74,18 @@ func sender() Sender { // note that we can't init defaultSender in init() since it will // execute before calling code has had a chance to enable tracing defaultSenderInit.Do(func() { - // Use behaviour compatible with DefaultTransport, but require TLS minimum version. - defaultTransport := http.DefaultTransport.(*http.Transport) + // copied from http.DefaultTransport with a TLS minimum version. transport := &http.Transport{ - Proxy: defaultTransport.Proxy, - DialContext: defaultTransport.DialContext, - MaxIdleConns: defaultTransport.MaxIdleConns, - IdleConnTimeout: defaultTransport.IdleConnTimeout, - TLSHandshakeTimeout: defaultTransport.TLSHandshakeTimeout, - ExpectContinueTimeout: defaultTransport.ExpectContinueTimeout, + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + }).DialContext, + ForceAttemptHTTP2: true, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, TLSClientConfig: &tls.Config{ MinVersion: tls.VersionTLS12, }, diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go index 20767178c4..310be07ec3 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/token.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token.go @@ -676,8 +676,6 @@ const ( func (m msiType) String() string { switch m { - case msiTypeUnavailable: - return "unavailable" case msiTypeAppServiceV20170901: return "AppServiceV20170901" case msiTypeCloudShell: @@ -699,13 +697,9 @@ func getMSIType() (msiType, string, error) { } // if ONLY the env var MSI_ENDPOINT is set the msiType is CloudShell return msiTypeCloudShell, endpointEnvVar, nil - } else if msiAvailableHook(context.Background(), sender()) { - // if MSI_ENDPOINT is NOT set AND the IMDS endpoint is available the msiType is IMDS. This will timeout after 500 milliseconds - return msiTypeIMDS, msiEndpoint, nil - } else { - // if MSI_ENDPOINT is NOT set and IMDS endpoint is not available Managed Identity is not available - return msiTypeUnavailable, "", errors.New("MSI not available") } + // if MSI_ENDPOINT is NOT set assume the msiType is IMDS + return msiTypeIMDS, msiEndpoint, nil } // GetMSIVMEndpoint gets the MSI endpoint on Virtual Machines. @@ -1322,15 +1316,13 @@ func NewMultiTenantServicePrincipalTokenFromCertificate(multiTenantCfg MultiTena } // MSIAvailable returns true if the MSI endpoint is available for authentication. -func MSIAvailable(ctx context.Context, sender Sender) bool { - resp, err := getMSIEndpoint(ctx, sender) +func MSIAvailable(ctx context.Context, s Sender) bool { + if s == nil { + s = sender() + } + resp, err := getMSIEndpoint(ctx, s) if err == nil { resp.Body.Close() } return err == nil } - -// used for testing purposes -var msiAvailableHook = func(ctx context.Context, sender Sender) bool { - return MSIAvailable(ctx, sender) -} diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go index aa5ea47d9b..89190a4213 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token_1.13.go @@ -25,7 +25,7 @@ import ( ) func getMSIEndpoint(ctx context.Context, sender Sender) (*http.Response, error) { - tempCtx, cancel := context.WithTimeout(ctx, 500*time.Millisecond) + tempCtx, cancel := context.WithTimeout(ctx, 2*time.Second) defer cancel() // http.NewRequestWithContext() was added in Go 1.13 req, _ := http.NewRequestWithContext(tempCtx, http.MethodGet, msiEndpoint, nil) diff --git a/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go b/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go index 6a4690a25b..27ec4efad7 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go +++ b/vendor/github.com/Azure/go-autorest/autorest/adal/token_legacy.go @@ -24,7 +24,7 @@ import ( ) func getMSIEndpoint(ctx context.Context, sender Sender) (*http.Response, error) { - tempCtx, cancel := context.WithTimeout(ctx, 500*time.Millisecond) + tempCtx, cancel := context.WithTimeout(ctx, 2*time.Second) defer cancel() req, _ := http.NewRequest(http.MethodGet, msiEndpoint, nil) req = req.WithContext(tempCtx) diff --git a/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go b/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go index b6c6314f07..1328f1764c 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go +++ b/vendor/github.com/Azure/go-autorest/autorest/azure/azure.go @@ -68,7 +68,7 @@ func (se ServiceError) Error() string { if err != nil { result += fmt.Sprintf(" Details=%v", se.Details) } - result += fmt.Sprintf(" Details=%v", string(d)) + result += fmt.Sprintf(" Details=%s", d) } if se.InnerError != nil { @@ -76,7 +76,7 @@ func (se ServiceError) Error() string { if err != nil { result += fmt.Sprintf(" InnerError=%v", se.InnerError) } - result += fmt.Sprintf(" InnerError=%v", string(d)) + result += fmt.Sprintf(" InnerError=%s", d) } if se.AdditionalInfo != nil { @@ -84,7 +84,7 @@ func (se ServiceError) Error() string { if err != nil { result += fmt.Sprintf(" AdditionalInfo=%v", se.AdditionalInfo) } - result += fmt.Sprintf(" AdditionalInfo=%v", string(d)) + result += fmt.Sprintf(" AdditionalInfo=%s", d) } return result @@ -335,13 +335,13 @@ func WithErrorUnlessStatusCode(codes ...int) autorest.RespondDecorator { b, decodeErr := autorest.CopyAndDecode(encodedAs, resp.Body, &e) resp.Body = ioutil.NopCloser(&b) if decodeErr != nil { - return fmt.Errorf("autorest/azure: error response cannot be parsed: %q error: %v", b.String(), decodeErr) + return fmt.Errorf("autorest/azure: error response cannot be parsed: %q error: %v", b, decodeErr) } if e.ServiceError == nil { // Check if error is unwrapped ServiceError decoder := autorest.NewDecoder(encodedAs, bytes.NewReader(b.Bytes())) if err := decoder.Decode(&e.ServiceError); err != nil { - return fmt.Errorf("autorest/azure: error response cannot be parsed: %q error: %v", b.String(), err) + return fmt.Errorf("autorest/azure: error response cannot be parsed: %q error: %v", b, err) } // for example, should the API return the literal value `null` as the response @@ -364,7 +364,7 @@ func WithErrorUnlessStatusCode(codes ...int) autorest.RespondDecorator { rawBody := map[string]interface{}{} decoder := autorest.NewDecoder(encodedAs, bytes.NewReader(b.Bytes())) if err := decoder.Decode(&rawBody); err != nil { - return fmt.Errorf("autorest/azure: error response cannot be parsed: %q error: %v", b.String(), err) + return fmt.Errorf("autorest/azure: error response cannot be parsed: %q error: %v", b, err) } e.ServiceError = &ServiceError{ diff --git a/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go b/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go index 3b61a2b6e9..737950eb36 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go +++ b/vendor/github.com/Azure/go-autorest/autorest/azure/environments.go @@ -49,6 +49,8 @@ type ResourceIdentifier struct { Storage string `json:"storage"` Synapse string `json:"synapse"` ServiceBus string `json:"serviceBus"` + SQLDatabase string `json:"sqlDatabase"` + CosmosDB string `json:"cosmosDB"` } // Environment represents a set of endpoints for each of Azure's Clouds. @@ -121,6 +123,8 @@ var ( Storage: "https://storage.azure.com/", Synapse: "https://dev.azuresynapse.net", ServiceBus: "https://servicebus.azure.net/", + SQLDatabase: "https://database.windows.net/", + CosmosDB: "https://cosmos.azure.com", }, } @@ -162,6 +166,8 @@ var ( Storage: "https://storage.azure.com/", Synapse: NotAvailable, ServiceBus: "https://servicebus.azure.net/", + SQLDatabase: "https://database.usgovcloudapi.net/", + CosmosDB: "https://cosmos.azure.com", }, } @@ -203,6 +209,8 @@ var ( Storage: "https://storage.azure.com/", Synapse: "https://dev.azuresynapse.net", ServiceBus: "https://servicebus.azure.net/", + SQLDatabase: "https://database.chinacloudapi.cn/", + CosmosDB: "https://cosmos.azure.com", }, } @@ -244,6 +252,8 @@ var ( Storage: "https://storage.azure.com/", Synapse: NotAvailable, ServiceBus: "https://servicebus.azure.net/", + SQLDatabase: "https://database.cloudapi.de/", + CosmosDB: "https://cosmos.azure.com", }, } ) diff --git a/vendor/github.com/Azure/go-autorest/autorest/preparer.go b/vendor/github.com/Azure/go-autorest/autorest/preparer.go index 98574a4155..121a66fa88 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/preparer.go +++ b/vendor/github.com/Azure/go-autorest/autorest/preparer.go @@ -241,6 +241,8 @@ func WithBaseURL(baseURL string) PrepareDecorator { return r, fmt.Errorf("autorest: No scheme detected in URL %s", baseURL) } if u.RawQuery != "" { + // handle unencoded semicolons (ideally the server would send them already encoded) + u.RawQuery = strings.Replace(u.RawQuery, ";", "%3B", -1) q, err := url.ParseQuery(u.RawQuery) if err != nil { return r, err diff --git a/vendor/github.com/Azure/go-autorest/autorest/sender.go b/vendor/github.com/Azure/go-autorest/autorest/sender.go index 7a495f732a..118de81411 100644 --- a/vendor/github.com/Azure/go-autorest/autorest/sender.go +++ b/vendor/github.com/Azure/go-autorest/autorest/sender.go @@ -20,6 +20,7 @@ import ( "fmt" "log" "math" + "net" "net/http" "net/http/cookiejar" "strconv" @@ -129,15 +130,18 @@ func sender(renengotiation tls.RenegotiationSupport) Sender { // note that we can't init defaultSenders in init() since it will // execute before calling code has had a chance to enable tracing defaultSenders[renengotiation].init.Do(func() { - // Use behaviour compatible with DefaultTransport, but require TLS minimum version. - defaultTransport := http.DefaultTransport.(*http.Transport) + // copied from http.DefaultTransport with a TLS minimum version. transport := &http.Transport{ - Proxy: defaultTransport.Proxy, - DialContext: defaultTransport.DialContext, - MaxIdleConns: defaultTransport.MaxIdleConns, - IdleConnTimeout: defaultTransport.IdleConnTimeout, - TLSHandshakeTimeout: defaultTransport.TLSHandshakeTimeout, - ExpectContinueTimeout: defaultTransport.ExpectContinueTimeout, + Proxy: http.ProxyFromEnvironment, + DialContext: (&net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + }).DialContext, + ForceAttemptHTTP2: true, + MaxIdleConns: 100, + IdleConnTimeout: 90 * time.Second, + TLSHandshakeTimeout: 10 * time.Second, + ExpectContinueTimeout: 1 * time.Second, TLSClientConfig: &tls.Config{ MinVersion: tls.VersionTLS12, Renegotiation: renengotiation, diff --git a/vendor/github.com/Masterminds/squirrel/part.go b/vendor/github.com/Masterminds/squirrel/part.go index f3a7b1545a..c58f68f1a4 100644 --- a/vendor/github.com/Masterminds/squirrel/part.go +++ b/vendor/github.com/Masterminds/squirrel/part.go @@ -19,7 +19,7 @@ func (p part) ToSql() (sql string, args []interface{}, err error) { case nil: // no-op case Sqlizer: - sql, args, err = pred.ToSql() + sql, args, err = nestedToSql(pred) case string: sql = pred args = p.args diff --git a/vendor/github.com/Masterminds/squirrel/squirrel_ctx.go b/vendor/github.com/Masterminds/squirrel/squirrel_ctx.go index 504e763d2e..c20148ad33 100644 --- a/vendor/github.com/Masterminds/squirrel/squirrel_ctx.go +++ b/vendor/github.com/Masterminds/squirrel/squirrel_ctx.go @@ -32,7 +32,7 @@ type QueryRowerContext interface { QueryRowContext(ctx context.Context, query string, args ...interface{}) RowScanner } -// RunnerContext groups the Runner interface, along with the Contect versions of each of +// RunnerContext groups the Runner interface, along with the Context versions of each of // its methods type RunnerContext interface { Runner diff --git a/vendor/github.com/docker/cli/cli/config/config.go b/vendor/github.com/docker/cli/cli/config/config.go index 93275f3d98..31ad117d41 100644 --- a/vendor/github.com/docker/cli/cli/config/config.go +++ b/vendor/github.com/docker/cli/cli/config/config.go @@ -104,14 +104,18 @@ func LoadFromReader(configData io.Reader) (*configfile.ConfigFile, error) { return &configFile, err } -// TODO remove this temporary hack, which is used to warn about the deprecated ~/.dockercfg file -var printLegacyFileWarning bool - // Load reads the configuration files in the given directory, and sets up // the auth config information and returns values. // FIXME: use the internal golang config parser func Load(configDir string) (*configfile.ConfigFile, error) { - printLegacyFileWarning = false + cfg, _, err := load(configDir) + return cfg, err +} + +// TODO remove this temporary hack, which is used to warn about the deprecated ~/.dockercfg file +// so we can remove the bool return value and collapse this back into `Load` +func load(configDir string) (*configfile.ConfigFile, bool, error) { + printLegacyFileWarning := false if configDir == "" { configDir = Dir() @@ -127,11 +131,11 @@ func Load(configDir string) (*configfile.ConfigFile, error) { if err != nil { err = errors.Wrap(err, filename) } - return configFile, err + return configFile, printLegacyFileWarning, err } else if !os.IsNotExist(err) { // if file is there but we can't stat it for any reason other // than it doesn't exist then stop - return configFile, errors.Wrap(err, filename) + return configFile, printLegacyFileWarning, errors.Wrap(err, filename) } // Can't find latest config file so check for the old one @@ -140,16 +144,16 @@ func Load(configDir string) (*configfile.ConfigFile, error) { printLegacyFileWarning = true defer file.Close() if err := configFile.LegacyLoadFromReader(file); err != nil { - return configFile, errors.Wrap(err, filename) + return configFile, printLegacyFileWarning, errors.Wrap(err, filename) } } - return configFile, nil + return configFile, printLegacyFileWarning, nil } // LoadDefaultConfigFile attempts to load the default config file and returns // an initialized ConfigFile struct if none is found. func LoadDefaultConfigFile(stderr io.Writer) *configfile.ConfigFile { - configFile, err := Load(Dir()) + configFile, printLegacyFileWarning, err := load(Dir()) if err != nil { fmt.Fprintf(stderr, "WARNING: Error loading config file: %v\n", err) } diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file.go b/vendor/github.com/docker/cli/cli/config/configfile/file.go index dc9f39eb7e..d6f710817a 100644 --- a/vendor/github.com/docker/cli/cli/config/configfile/file.go +++ b/vendor/github.com/docker/cli/cli/config/configfile/file.go @@ -119,7 +119,7 @@ func (configFile *ConfigFile) LegacyLoadFromReader(configData io.Reader) error { // LoadFromReader reads the configuration data given and sets up the auth config // information with given directory and populates the receiver object func (configFile *ConfigFile) LoadFromReader(configData io.Reader) error { - if err := json.NewDecoder(configData).Decode(&configFile); err != nil && !errors.Is(err, io.EOF) { + if err := json.NewDecoder(configData).Decode(configFile); err != nil && !errors.Is(err, io.EOF) { return err } var err error diff --git a/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go b/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go index 3ca65c6140..6af6718126 100644 --- a/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go +++ b/vendor/github.com/docker/cli/cli/config/configfile/file_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package configfile diff --git a/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go b/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go index 3028168ac2..c9630ea51b 100644 --- a/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go +++ b/vendor/github.com/docker/cli/cli/config/credentials/default_store_unsupported.go @@ -1,3 +1,4 @@ +//go:build !windows && !darwin && !linux // +build !windows,!darwin,!linux package credentials diff --git a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go index cf6fdf4402..24c4fa8d90 100644 --- a/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go +++ b/vendor/github.com/docker/docker/api/types/container/hostconfig_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package container // import "github.com/docker/docker/api/types/container" diff --git a/vendor/github.com/docker/docker/errdefs/http_helpers.go b/vendor/github.com/docker/docker/errdefs/http_helpers.go index 07552f1cc1..5afe486779 100644 --- a/vendor/github.com/docker/docker/errdefs/http_helpers.go +++ b/vendor/github.com/docker/docker/errdefs/http_helpers.go @@ -1,78 +1,11 @@ package errdefs // import "github.com/docker/docker/errdefs" import ( - "fmt" "net/http" - containerderrors "github.com/containerd/containerd/errdefs" - "github.com/docker/distribution/registry/api/errcode" "github.com/sirupsen/logrus" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) -// GetHTTPErrorStatusCode retrieves status code from error message. -func GetHTTPErrorStatusCode(err error) int { - if err == nil { - logrus.WithFields(logrus.Fields{"error": err}).Error("unexpected HTTP error handling") - return http.StatusInternalServerError - } - - var statusCode int - - // Stop right there - // Are you sure you should be adding a new error class here? Do one of the existing ones work? - - // Note that the below functions are already checking the error causal chain for matches. - switch { - case IsNotFound(err): - statusCode = http.StatusNotFound - case IsInvalidParameter(err): - statusCode = http.StatusBadRequest - case IsConflict(err): - statusCode = http.StatusConflict - case IsUnauthorized(err): - statusCode = http.StatusUnauthorized - case IsUnavailable(err): - statusCode = http.StatusServiceUnavailable - case IsForbidden(err): - statusCode = http.StatusForbidden - case IsNotModified(err): - statusCode = http.StatusNotModified - case IsNotImplemented(err): - statusCode = http.StatusNotImplemented - case IsSystem(err) || IsUnknown(err) || IsDataLoss(err) || IsDeadline(err) || IsCancelled(err): - statusCode = http.StatusInternalServerError - default: - statusCode = statusCodeFromGRPCError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - statusCode = statusCodeFromContainerdError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - statusCode = statusCodeFromDistributionError(err) - if statusCode != http.StatusInternalServerError { - return statusCode - } - if e, ok := err.(causer); ok { - return GetHTTPErrorStatusCode(e.Cause()) - } - - logrus.WithFields(logrus.Fields{ - "module": "api", - "error_type": fmt.Sprintf("%T", err), - }).Debugf("FIXME: Got an API for which error does not match any expected type!!!: %+v", err) - } - - if statusCode == 0 { - statusCode = http.StatusInternalServerError - } - - return statusCode -} - // FromStatusCode creates an errdef error, based on the provided HTTP status-code func FromStatusCode(err error, statusCode int) error { if err == nil { @@ -100,10 +33,10 @@ func FromStatusCode(err error, statusCode int) error { err = System(err) } default: - logrus.WithFields(logrus.Fields{ + logrus.WithError(err).WithFields(logrus.Fields{ "module": "api", - "status_code": fmt.Sprintf("%d", statusCode), - }).Debugf("FIXME: Got an status-code for which error does not match any expected type!!!: %d", statusCode) + "status_code": statusCode, + }).Debug("FIXME: Got an status-code for which error does not match any expected type!!!") switch { case statusCode >= 200 && statusCode < 400: @@ -118,74 +51,3 @@ func FromStatusCode(err error, statusCode int) error { } return err } - -// statusCodeFromGRPCError returns status code according to gRPC error -func statusCodeFromGRPCError(err error) int { - switch status.Code(err) { - case codes.InvalidArgument: // code 3 - return http.StatusBadRequest - case codes.NotFound: // code 5 - return http.StatusNotFound - case codes.AlreadyExists: // code 6 - return http.StatusConflict - case codes.PermissionDenied: // code 7 - return http.StatusForbidden - case codes.FailedPrecondition: // code 9 - return http.StatusBadRequest - case codes.Unauthenticated: // code 16 - return http.StatusUnauthorized - case codes.OutOfRange: // code 11 - return http.StatusBadRequest - case codes.Unimplemented: // code 12 - return http.StatusNotImplemented - case codes.Unavailable: // code 14 - return http.StatusServiceUnavailable - default: - // codes.Canceled(1) - // codes.Unknown(2) - // codes.DeadlineExceeded(4) - // codes.ResourceExhausted(8) - // codes.Aborted(10) - // codes.Internal(13) - // codes.DataLoss(15) - return http.StatusInternalServerError - } -} - -// statusCodeFromDistributionError returns status code according to registry errcode -// code is loosely based on errcode.ServeJSON() in docker/distribution -func statusCodeFromDistributionError(err error) int { - switch errs := err.(type) { - case errcode.Errors: - if len(errs) < 1 { - return http.StatusInternalServerError - } - if _, ok := errs[0].(errcode.ErrorCoder); ok { - return statusCodeFromDistributionError(errs[0]) - } - case errcode.ErrorCoder: - return errs.ErrorCode().Descriptor().HTTPStatusCode - } - return http.StatusInternalServerError -} - -// statusCodeFromContainerdError returns status code for containerd errors when -// consumed directly (not through gRPC) -func statusCodeFromContainerdError(err error) int { - switch { - case containerderrors.IsInvalidArgument(err): - return http.StatusBadRequest - case containerderrors.IsNotFound(err): - return http.StatusNotFound - case containerderrors.IsAlreadyExists(err): - return http.StatusConflict - case containerderrors.IsFailedPrecondition(err): - return http.StatusPreconditionFailed - case containerderrors.IsUnavailable(err): - return http.StatusServiceUnavailable - case containerderrors.IsNotImplemented(err): - return http.StatusNotImplemented - default: - return http.StatusInternalServerError - } -} diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go index 67ab9e9b31..fc48e674c1 100644 --- a/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go +++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_others.go @@ -1,3 +1,4 @@ +//go:build !linux // +build !linux package homedir // import "github.com/docker/docker/pkg/homedir" diff --git a/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go b/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go index 441bd727b6..d1732dee52 100644 --- a/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go +++ b/vendor/github.com/docker/docker/pkg/homedir/homedir_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package homedir // import "github.com/docker/docker/pkg/homedir" diff --git a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go index dc894f9131..4e67ec2f53 100644 --- a/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go +++ b/vendor/github.com/docker/docker/pkg/ioutils/temp_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package ioutils // import "github.com/docker/docker/pkg/ioutils" diff --git a/vendor/github.com/docker/docker/registry/config_unix.go b/vendor/github.com/docker/docker/registry/config_unix.go index 8ee8fedfc1..b5bb31cfa6 100644 --- a/vendor/github.com/docker/docker/registry/config_unix.go +++ b/vendor/github.com/docker/docker/registry/config_unix.go @@ -1,3 +1,4 @@ +//go:build !windows // +build !windows package registry // import "github.com/docker/docker/registry" diff --git a/vendor/github.com/emicklei/go-restful/.travis.yml b/vendor/github.com/emicklei/go-restful/.travis.yml deleted file mode 100644 index b22f8f547e..0000000000 --- a/vendor/github.com/emicklei/go-restful/.travis.yml +++ /dev/null @@ -1,6 +0,0 @@ -language: go - -go: - - 1.x - -script: go test -v \ No newline at end of file diff --git a/vendor/github.com/emicklei/go-restful/Makefile b/vendor/github.com/emicklei/go-restful/Makefile deleted file mode 100644 index b40081cc0e..0000000000 --- a/vendor/github.com/emicklei/go-restful/Makefile +++ /dev/null @@ -1,7 +0,0 @@ -all: test - -test: - go test -v . - -ex: - cd examples && ls *.go | xargs go build -o /tmp/ignore \ No newline at end of file diff --git a/vendor/github.com/emicklei/go-restful/.gitignore b/vendor/github.com/emicklei/go-restful/v3/.gitignore similarity index 99% rename from vendor/github.com/emicklei/go-restful/.gitignore rename to vendor/github.com/emicklei/go-restful/v3/.gitignore index cece7be664..446be09b4d 100644 --- a/vendor/github.com/emicklei/go-restful/.gitignore +++ b/vendor/github.com/emicklei/go-restful/v3/.gitignore @@ -68,3 +68,4 @@ examples/restful-html-template s.html restful-path-tail +.idea diff --git a/vendor/github.com/emicklei/go-restful/v3/.goconvey b/vendor/github.com/emicklei/go-restful/v3/.goconvey new file mode 100644 index 0000000000..8485e986e4 --- /dev/null +++ b/vendor/github.com/emicklei/go-restful/v3/.goconvey @@ -0,0 +1 @@ +ignore \ No newline at end of file diff --git a/vendor/github.com/emicklei/go-restful/v3/.travis.yml b/vendor/github.com/emicklei/go-restful/v3/.travis.yml new file mode 100644 index 0000000000..3a0bf5ff1b --- /dev/null +++ b/vendor/github.com/emicklei/go-restful/v3/.travis.yml @@ -0,0 +1,13 @@ +language: go + +go: + - 1.x + +before_install: + - go test -v + +script: + - go test -race -coverprofile=coverage.txt -covermode=atomic + +after_success: + - bash <(curl -s https://codecov.io/bash) \ No newline at end of file diff --git a/vendor/github.com/emicklei/go-restful/CHANGES.md b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md similarity index 74% rename from vendor/github.com/emicklei/go-restful/CHANGES.md rename to vendor/github.com/emicklei/go-restful/v3/CHANGES.md index e525296313..38169cfd63 100644 --- a/vendor/github.com/emicklei/go-restful/CHANGES.md +++ b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md @@ -1,7 +1,106 @@ -## Change history of go-restful +# Change history of go-restful +## [v3.8.0] - 20221-06-06 + +- use exact matching of allowed domain entries, issue #489 (#493) + - this changes fixes [security] Authorization Bypass Through User-Controlled Key + by changing the behaviour of the AllowedDomains setting in the CORS filter. + To support the previous behaviour, the CORS filter type now has a AllowedDomainFunc + callback mechanism which is called when a simple domain match fails. +- add test and fix for POST without body and Content-type, issue #492 (#496) +- [Minor] Bad practice to have a mix of Receiver types. (#491) + +## [v3.7.2] - 2021-11-24 + +- restored FilterChain (#482 by SVilgelm) + + +## [v3.7.1] - 2021-10-04 + +- fix problem with contentEncodingEnabled setting (#479) + +## [v3.7.0] - 2021-09-24 + +- feat(parameter): adds additional openapi mappings (#478) + +## [v3.6.0] - 2021-09-18 + +- add support for vendor extensions (#477 thx erraggy) + +## [v3.5.2] - 2021-07-14 + +- fix removing absent route from webservice (#472) + +## [v3.5.1] - 2021-04-12 + +- fix handling no match access selected path +- remove obsolete field + +## [v3.5.0] - 2021-04-10 + +- add check for wildcard (#463) in CORS +- add access to Route from Request, issue #459 (#462) + +## [v3.4.0] - 2020-11-10 + +- Added OPTIONS to WebService + +## [v3.3.2] - 2020-01-23 + +- Fixed duplicate compression in dispatch. #449 + + +## [v3.3.1] - 2020-08-31 + +- Added check on writer to prevent compression of response twice. #447 + +## [v3.3.0] - 2020-08-19 + +- Enable content encoding on Handle and ServeHTTP (#446) +- List available representations in 406 body (#437) +- Convert to string using rune() (#443) + +## [v3.2.0] - 2020-06-21 + +- 405 Method Not Allowed must have Allow header (#436) (thx Bracken ) +- add field allowedMethodsWithoutContentType (#424) + +## [v3.1.0] + +- support describing response headers (#426) +- fix openapi examples (#425) + +v3.0.0 + +- fix: use request/response resulting from filter chain +- add Go module + Module consumer should use github.com/emicklei/go-restful/v3 as import path + +v2.10.0 + +- support for Custom Verbs (thanks Vinci Xu <277040271@qq.com>) +- fixed static example (thanks Arthur ) +- simplify code (thanks Christian Muehlhaeuser ) +- added JWT HMAC with SHA-512 authentication code example (thanks Amim Knabben ) + +v2.9.6 + +- small optimization in filter code + +v2.11.1 + +- fix WriteError return value (#415) + +v2.11.0 + +- allow prefix and suffix in path variable expression (#414) + +v2.9.6 + +- support google custome verb (#413) v2.9.5 + - fix panic in Response.WriteError if err == nil v2.9.4 diff --git a/vendor/github.com/emicklei/go-restful/LICENSE b/vendor/github.com/emicklei/go-restful/v3/LICENSE similarity index 100% rename from vendor/github.com/emicklei/go-restful/LICENSE rename to vendor/github.com/emicklei/go-restful/v3/LICENSE diff --git a/vendor/github.com/emicklei/go-restful/v3/Makefile b/vendor/github.com/emicklei/go-restful/v3/Makefile new file mode 100644 index 0000000000..16d0b80bb0 --- /dev/null +++ b/vendor/github.com/emicklei/go-restful/v3/Makefile @@ -0,0 +1,8 @@ +all: test + +test: + go vet . + go test -cover -v . + +ex: + find ./examples -type f -name "*.go" | xargs -I {} go build -o /tmp/ignore {} \ No newline at end of file diff --git a/vendor/github.com/emicklei/go-restful/README.md b/vendor/github.com/emicklei/go-restful/v3/README.md similarity index 76% rename from vendor/github.com/emicklei/go-restful/README.md rename to vendor/github.com/emicklei/go-restful/v3/README.md index f52c25acf6..23166d3b47 100644 --- a/vendor/github.com/emicklei/go-restful/README.md +++ b/vendor/github.com/emicklei/go-restful/v3/README.md @@ -4,9 +4,10 @@ package for building REST-style Web Services using Google Go [![Build Status](https://travis-ci.org/emicklei/go-restful.png)](https://travis-ci.org/emicklei/go-restful) [![Go Report Card](https://goreportcard.com/badge/github.com/emicklei/go-restful)](https://goreportcard.com/report/github.com/emicklei/go-restful) -[![GoDoc](https://godoc.org/github.com/emicklei/go-restful?status.svg)](https://godoc.org/github.com/emicklei/go-restful) +[![GoDoc](https://godoc.org/github.com/emicklei/go-restful?status.svg)](https://pkg.go.dev/github.com/emicklei/go-restful) +[![codecov](https://codecov.io/gh/emicklei/go-restful/branch/master/graph/badge.svg)](https://codecov.io/gh/emicklei/go-restful) -- [Code examples](https://github.com/emicklei/go-restful/tree/master/examples) +- [Code examples use v3](https://github.com/emicklei/go-restful/tree/v3/examples) REST asks developers to use HTTP methods explicitly and in a way that's consistent with the protocol definition. This basic REST design principle establishes a one-to-one mapping between create, read, update, and delete (CRUD) operations and HTTP methods. According to this mapping: @@ -18,6 +19,28 @@ REST asks developers to use HTTP methods explicitly and in a way that's consiste - PATCH = Update partial content of a resource - OPTIONS = Get information about the communication options for the request URI +### Usage + +#### Without Go Modules + +All versions up to `v2.*.*` (on the master) are not supporting Go modules. + +``` +import ( + restful "github.com/emicklei/go-restful" +) +``` + +#### Using Go Modules + +As of version `v3.0.0` (on the v3 branch), this package supports Go modules. + +``` +import ( + restful "github.com/emicklei/go-restful/v3" +) +``` + ### Example ```Go @@ -39,15 +62,15 @@ func (u UserResource) findUser(request *restful.Request, response *restful.Respo } ``` -[Full API of a UserResource](https://github.com/emicklei/go-restful/tree/master/examples/restful-user-resource.go) +[Full API of a UserResource](https://github.com/emicklei/go-restful/blob/v3/examples/user-resource/restful-user-resource.go) ### Features -- Routes for request → function mapping with path parameter (e.g. {id}) support +- Routes for request → function mapping with path parameter (e.g. {id} but also prefix_{var} and {var}_suffix) support - Configurable router: - - (default) Fast routing algorithm that allows static elements, regular expressions and dynamic parameters in the URL path (e.g. /meetings/{id} or /static/{subpath:*} + - (default) Fast routing algorithm that allows static elements, [google custom method](https://cloud.google.com/apis/design/custom_methods), regular expressions and dynamic parameters in the URL path (e.g. /resource/name:customVerb, /meetings/{id} or /static/{subpath:*}) - Routing algorithm after [JSR311](http://jsr311.java.net/nonav/releases/1.1/spec/spec.html) that is implemented using (but does **not** accept) regular expressions -- Request API for reading structs from JSON/XML and accesing parameters (path,query,header) +- Request API for reading structs from JSON/XML and accessing parameters (path,query,header) - Response API for writing structs to JSON/XML and setting headers - Customizable encoding using EntityReaderWriter registration - Filters for intercepting the request → response flow on Service or Route level @@ -71,12 +94,11 @@ There are several hooks to customize the behavior of the go-restful package. - Trace logging - Compression - Encoders for other serializers -- Use [jsoniter](https://github.com/json-iterator/go) by build this package using a tag, e.g. `go build -tags=jsoniter .` - -TODO: write examples of these. +- Use [jsoniter](https://github.com/json-iterator/go) by build this package using a tag, e.g. `go build -tags=jsoniter .` ## Resources +- [Example programs](./examples) - [Example posted on blog](http://ernestmicklei.com/2012/11/go-restful-first-working-example/) - [Design explained on blog](http://ernestmicklei.com/2012/11/go-restful-api-design/) - [sourcegraph](https://sourcegraph.com/github.com/emicklei/go-restful) @@ -85,4 +107,4 @@ TODO: write examples of these. Type ```git shortlog -s``` for a full list of contributors. -© 2012 - 2018, http://ernestmicklei.com. MIT License. Contributions are welcome. +© 2012 - 2022, http://ernestmicklei.com. MIT License. Contributions are welcome. diff --git a/vendor/github.com/emicklei/go-restful/v3/SECURITY.md b/vendor/github.com/emicklei/go-restful/v3/SECURITY.md new file mode 100644 index 0000000000..810d3b5108 --- /dev/null +++ b/vendor/github.com/emicklei/go-restful/v3/SECURITY.md @@ -0,0 +1,13 @@ +# Security Policy + +## Supported Versions + +| Version | Supported | +| ------- | ------------------ | +| v3.7.x | :white_check_mark: | +| < v3.0.1 | :x: | + +## Reporting a Vulnerability + +Create an Issue and put the label `[security]` in the title of the issue. +Valid reported security issues are expected to be solved within a week. diff --git a/vendor/github.com/emicklei/go-restful/Srcfile b/vendor/github.com/emicklei/go-restful/v3/Srcfile similarity index 100% rename from vendor/github.com/emicklei/go-restful/Srcfile rename to vendor/github.com/emicklei/go-restful/v3/Srcfile diff --git a/vendor/github.com/emicklei/go-restful/bench_test.sh b/vendor/github.com/emicklei/go-restful/v3/bench_test.sh similarity index 100% rename from vendor/github.com/emicklei/go-restful/bench_test.sh rename to vendor/github.com/emicklei/go-restful/v3/bench_test.sh diff --git a/vendor/github.com/emicklei/go-restful/compress.go b/vendor/github.com/emicklei/go-restful/v3/compress.go similarity index 92% rename from vendor/github.com/emicklei/go-restful/compress.go rename to vendor/github.com/emicklei/go-restful/v3/compress.go index 220b37712f..1ff239f99f 100644 --- a/vendor/github.com/emicklei/go-restful/compress.go +++ b/vendor/github.com/emicklei/go-restful/v3/compress.go @@ -83,7 +83,11 @@ func (c *CompressingResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error } // WantsCompressedResponse reads the Accept-Encoding header to see if and which encoding is requested. -func wantsCompressedResponse(httpRequest *http.Request) (bool, string) { +// It also inspects the httpWriter whether its content-encoding is already set (non-empty). +func wantsCompressedResponse(httpRequest *http.Request, httpWriter http.ResponseWriter) (bool, string) { + if contentEncoding := httpWriter.Header().Get(HEADER_ContentEncoding); contentEncoding != "" { + return false, "" + } header := httpRequest.Header.Get(HEADER_AcceptEncoding) gi := strings.Index(header, ENCODING_GZIP) zi := strings.Index(header, ENCODING_DEFLATE) diff --git a/vendor/github.com/emicklei/go-restful/compressor_cache.go b/vendor/github.com/emicklei/go-restful/v3/compressor_cache.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/compressor_cache.go rename to vendor/github.com/emicklei/go-restful/v3/compressor_cache.go diff --git a/vendor/github.com/emicklei/go-restful/compressor_pools.go b/vendor/github.com/emicklei/go-restful/v3/compressor_pools.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/compressor_pools.go rename to vendor/github.com/emicklei/go-restful/v3/compressor_pools.go diff --git a/vendor/github.com/emicklei/go-restful/compressors.go b/vendor/github.com/emicklei/go-restful/v3/compressors.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/compressors.go rename to vendor/github.com/emicklei/go-restful/v3/compressors.go diff --git a/vendor/github.com/emicklei/go-restful/constants.go b/vendor/github.com/emicklei/go-restful/v3/constants.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/constants.go rename to vendor/github.com/emicklei/go-restful/v3/constants.go diff --git a/vendor/github.com/emicklei/go-restful/container.go b/vendor/github.com/emicklei/go-restful/v3/container.go similarity index 78% rename from vendor/github.com/emicklei/go-restful/container.go rename to vendor/github.com/emicklei/go-restful/v3/container.go index 061a8d7189..dd56246ddc 100644 --- a/vendor/github.com/emicklei/go-restful/container.go +++ b/vendor/github.com/emicklei/go-restful/v3/container.go @@ -14,7 +14,7 @@ import ( "strings" "sync" - "github.com/emicklei/go-restful/log" + "github.com/emicklei/go-restful/v3/log" ) // Container holds a collection of WebServices and a http.ServeMux to dispatch http requests. @@ -185,6 +185,11 @@ func logStackOnRecover(panicReason interface{}, httpWriter http.ResponseWriter) // when a ServiceError is returned during route selection. Default implementation // calls resp.WriteErrorString(err.Code, err.Message) func writeServiceError(err ServiceError, req *Request, resp *Response) { + for header, values := range err.Header { + for _, value := range values { + resp.Header().Add(header, value) + } + } resp.WriteErrorString(err.Code, err.Message) } @@ -201,6 +206,7 @@ func (c *Container) Dispatch(httpWriter http.ResponseWriter, httpRequest *http.R // Dispatch the incoming Http Request to a matching WebService. func (c *Container) dispatch(httpWriter http.ResponseWriter, httpRequest *http.Request) { + // so we can assign a compressing one later writer := httpWriter // CompressingResponseWriter should be closed after all operations are done @@ -231,28 +237,8 @@ func (c *Container) dispatch(httpWriter http.ResponseWriter, httpRequest *http.R c.webServices, httpRequest) }() - - // Detect if compression is needed - // assume without compression, test for override - contentEncodingEnabled := c.contentEncodingEnabled - if route != nil && route.contentEncodingEnabled != nil { - contentEncodingEnabled = *route.contentEncodingEnabled - } - if contentEncodingEnabled { - doCompress, encoding := wantsCompressedResponse(httpRequest) - if doCompress { - var err error - writer, err = NewCompressingResponseWriter(httpWriter, encoding) - if err != nil { - log.Print("unable to install compressor: ", err) - httpWriter.WriteHeader(http.StatusInternalServerError) - return - } - } - } - if err != nil { - // a non-200 response has already been written + // a non-200 response (may be compressed) has already been written // run container filters anyway ; they should not touch the response... chain := FilterChain{Filters: c.containerFilters, Target: func(req *Request, resp *Response) { switch err.(type) { @@ -265,6 +251,29 @@ func (c *Container) dispatch(httpWriter http.ResponseWriter, httpRequest *http.R chain.ProcessFilter(NewRequest(httpRequest), NewResponse(writer)) return } + + // Unless httpWriter is already an CompressingResponseWriter see if we need to install one + if _, isCompressing := httpWriter.(*CompressingResponseWriter); !isCompressing { + // Detect if compression is needed + // assume without compression, test for override + contentEncodingEnabled := c.contentEncodingEnabled + if route != nil && route.contentEncodingEnabled != nil { + contentEncodingEnabled = *route.contentEncodingEnabled + } + if contentEncodingEnabled { + doCompress, encoding := wantsCompressedResponse(httpRequest, httpWriter) + if doCompress { + var err error + writer, err = NewCompressingResponseWriter(httpWriter, encoding) + if err != nil { + log.Print("unable to install compressor: ", err) + httpWriter.WriteHeader(http.StatusInternalServerError) + return + } + } + } + } + pathProcessor, routerProcessesPath := c.router.(PathProcessor) if !routerProcessesPath { pathProcessor = defaultPathProcessor{} @@ -272,16 +281,18 @@ func (c *Container) dispatch(httpWriter http.ResponseWriter, httpRequest *http.R pathParams := pathProcessor.ExtractParameters(route, webService, httpRequest.URL.Path) wrappedRequest, wrappedResponse := route.wrapRequestResponse(writer, httpRequest, pathParams) // pass through filters (if any) - if len(c.containerFilters)+len(webService.filters)+len(route.Filters) > 0 { + if size := len(c.containerFilters) + len(webService.filters) + len(route.Filters); size > 0 { // compose filter chain - allFilters := []FilterFunction{} + allFilters := make([]FilterFunction, 0, size) allFilters = append(allFilters, c.containerFilters...) allFilters = append(allFilters, webService.filters...) allFilters = append(allFilters, route.Filters...) - chain := FilterChain{Filters: allFilters, Target: func(req *Request, resp *Response) { - // handle request by route after passing all filters - route.Function(wrappedRequest, wrappedResponse) - }} + chain := FilterChain{ + Filters: allFilters, + Target: route.Function, + ParameterDocs: route.ParameterDocs, + Operation: route.Operation, + } chain.ProcessFilter(wrappedRequest, wrappedResponse) } else { // no filters, handle request by route @@ -299,13 +310,75 @@ func fixedPrefixPath(pathspec string) string { } // ServeHTTP implements net/http.Handler therefore a Container can be a Handler in a http.Server -func (c *Container) ServeHTTP(httpwriter http.ResponseWriter, httpRequest *http.Request) { - c.ServeMux.ServeHTTP(httpwriter, httpRequest) +func (c *Container) ServeHTTP(httpWriter http.ResponseWriter, httpRequest *http.Request) { + // Skip, if content encoding is disabled + if !c.contentEncodingEnabled { + c.ServeMux.ServeHTTP(httpWriter, httpRequest) + return + } + // content encoding is enabled + + // Skip, if httpWriter is already an CompressingResponseWriter + if _, ok := httpWriter.(*CompressingResponseWriter); ok { + c.ServeMux.ServeHTTP(httpWriter, httpRequest) + return + } + + writer := httpWriter + // CompressingResponseWriter should be closed after all operations are done + defer func() { + if compressWriter, ok := writer.(*CompressingResponseWriter); ok { + compressWriter.Close() + } + }() + + doCompress, encoding := wantsCompressedResponse(httpRequest, httpWriter) + if doCompress { + var err error + writer, err = NewCompressingResponseWriter(httpWriter, encoding) + if err != nil { + log.Print("unable to install compressor: ", err) + httpWriter.WriteHeader(http.StatusInternalServerError) + return + } + } + + c.ServeMux.ServeHTTP(writer, httpRequest) } // Handle registers the handler for the given pattern. If a handler already exists for pattern, Handle panics. func (c *Container) Handle(pattern string, handler http.Handler) { - c.ServeMux.Handle(pattern, handler) + c.ServeMux.Handle(pattern, http.HandlerFunc(func(httpWriter http.ResponseWriter, httpRequest *http.Request) { + // Skip, if httpWriter is already an CompressingResponseWriter + if _, ok := httpWriter.(*CompressingResponseWriter); ok { + handler.ServeHTTP(httpWriter, httpRequest) + return + } + + writer := httpWriter + + // CompressingResponseWriter should be closed after all operations are done + defer func() { + if compressWriter, ok := writer.(*CompressingResponseWriter); ok { + compressWriter.Close() + } + }() + + if c.contentEncodingEnabled { + doCompress, encoding := wantsCompressedResponse(httpRequest, httpWriter) + if doCompress { + var err error + writer, err = NewCompressingResponseWriter(httpWriter, encoding) + if err != nil { + log.Print("unable to install compressor: ", err) + httpWriter.WriteHeader(http.StatusInternalServerError) + return + } + } + } + + handler.ServeHTTP(writer, httpRequest) + })) } // HandleWithFilter registers the handler for the given pattern. @@ -319,7 +392,7 @@ func (c *Container) HandleWithFilter(pattern string, handler http.Handler) { } chain := FilterChain{Filters: c.containerFilters, Target: func(req *Request, resp *Response) { - handler.ServeHTTP(httpResponse, httpRequest) + handler.ServeHTTP(resp, req.Request) }} chain.ProcessFilter(NewRequest(httpRequest), NewResponse(httpResponse)) } diff --git a/vendor/github.com/emicklei/go-restful/cors_filter.go b/vendor/github.com/emicklei/go-restful/v3/cors_filter.go similarity index 81% rename from vendor/github.com/emicklei/go-restful/cors_filter.go rename to vendor/github.com/emicklei/go-restful/v3/cors_filter.go index 1efeef072d..9d18dfb7b4 100644 --- a/vendor/github.com/emicklei/go-restful/cors_filter.go +++ b/vendor/github.com/emicklei/go-restful/v3/cors_filter.go @@ -18,9 +18,22 @@ import ( // http://enable-cors.org/server.html // http://www.html5rocks.com/en/tutorials/cors/#toc-handling-a-not-so-simple-request type CrossOriginResourceSharing struct { - ExposeHeaders []string // list of Header names - AllowedHeaders []string // list of Header names - AllowedDomains []string // list of allowed values for Http Origin. An allowed value can be a regular expression to support subdomain matching. If empty all are allowed. + ExposeHeaders []string // list of Header names + + // AllowedHeaders is alist of Header names. Checking is case-insensitive. + // The list may contain the special wildcard string ".*" ; all is allowed + AllowedHeaders []string + + // AllowedDomains is a list of allowed values for Http Origin. + // The list may contain the special wildcard string ".*" ; all is allowed + // If empty all are allowed. + AllowedDomains []string + + // AllowedDomainFunc is optional and is a function that will do the check + // when the origin is not part of the AllowedDomains and it does not contain the wildcard ".*". + AllowedDomainFunc func(origin string) bool + + // AllowedMethods is either empty or has a list of http methods names. Checking is case-insensitive. AllowedMethods []string MaxAge int // number of seconds before requiring new Options request CookiesAllowed bool @@ -119,36 +132,24 @@ func (c CrossOriginResourceSharing) isOriginAllowed(origin string) bool { if len(origin) == 0 { return false } + lowerOrigin := strings.ToLower(origin) if len(c.AllowedDomains) == 0 { + if c.AllowedDomainFunc != nil { + return c.AllowedDomainFunc(lowerOrigin) + } return true } - allowed := false + // exact match on each allowed domain for _, domain := range c.AllowedDomains { - if domain == origin { - allowed = true - break + if domain == ".*" || strings.ToLower(domain) == lowerOrigin { + return true } } - - if !allowed { - if len(c.allowedOriginPatterns) == 0 { - // compile allowed domains to allowed origin patterns - allowedOriginRegexps, err := compileRegexps(c.AllowedDomains) - if err != nil { - return false - } - c.allowedOriginPatterns = allowedOriginRegexps - } - - for _, pattern := range c.allowedOriginPatterns { - if allowed = pattern.MatchString(origin); allowed { - break - } - } + if c.AllowedDomainFunc != nil { + return c.AllowedDomainFunc(origin) } - - return allowed + return false } func (c CrossOriginResourceSharing) setAllowOriginHeader(req *Request, resp *Response) { @@ -184,19 +185,9 @@ func (c CrossOriginResourceSharing) isValidAccessControlRequestHeader(header str if strings.ToLower(each) == strings.ToLower(header) { return true } - } - return false -} - -// Take a list of strings and compile them into a list of regular expressions. -func compileRegexps(regexpStrings []string) ([]*regexp.Regexp, error) { - regexps := []*regexp.Regexp{} - for _, regexpStr := range regexpStrings { - r, err := regexp.Compile(regexpStr) - if err != nil { - return regexps, err + if each == "*" { + return true } - regexps = append(regexps, r) } - return regexps, nil + return false } diff --git a/vendor/github.com/emicklei/go-restful/coverage.sh b/vendor/github.com/emicklei/go-restful/v3/coverage.sh similarity index 100% rename from vendor/github.com/emicklei/go-restful/coverage.sh rename to vendor/github.com/emicklei/go-restful/v3/coverage.sh diff --git a/vendor/github.com/emicklei/go-restful/curly.go b/vendor/github.com/emicklei/go-restful/v3/curly.go similarity index 93% rename from vendor/github.com/emicklei/go-restful/curly.go rename to vendor/github.com/emicklei/go-restful/v3/curly.go index 14d5b76bf0..ba1fc5d5f1 100644 --- a/vendor/github.com/emicklei/go-restful/curly.go +++ b/vendor/github.com/emicklei/go-restful/v3/curly.go @@ -47,7 +47,7 @@ func (c CurlyRouter) SelectRoute( func (c CurlyRouter) selectRoutes(ws *WebService, requestTokens []string) sortableCurlyRoutes { candidates := make(sortableCurlyRoutes, 0, 8) for _, each := range ws.routes { - matches, paramCount, staticCount := c.matchesRouteByPathTokens(each.pathParts, requestTokens) + matches, paramCount, staticCount := c.matchesRouteByPathTokens(each.pathParts, requestTokens, each.hasCustomVerb) if matches { candidates.add(curlyRoute{each, paramCount, staticCount}) // TODO make sure Routes() return pointers? } @@ -57,7 +57,7 @@ func (c CurlyRouter) selectRoutes(ws *WebService, requestTokens []string) sortab } // matchesRouteByPathTokens computes whether it matches, howmany parameters do match and what the number of static path elements are. -func (c CurlyRouter) matchesRouteByPathTokens(routeTokens, requestTokens []string) (matches bool, paramCount int, staticCount int) { +func (c CurlyRouter) matchesRouteByPathTokens(routeTokens, requestTokens []string, routeHasCustomVerb bool) (matches bool, paramCount int, staticCount int) { if len(routeTokens) < len(requestTokens) { // proceed in matching only if last routeToken is wildcard count := len(routeTokens) @@ -72,6 +72,15 @@ func (c CurlyRouter) matchesRouteByPathTokens(routeTokens, requestTokens []strin return false, 0, 0 } requestToken := requestTokens[i] + if routeHasCustomVerb && hasCustomVerb(routeToken){ + if !isMatchCustomVerb(routeToken, requestToken) { + return false, 0, 0 + } + staticCount++ + requestToken = removeCustomVerb(requestToken) + routeToken = removeCustomVerb(routeToken) + } + if strings.HasPrefix(routeToken, "{") { paramCount++ if colon := strings.Index(routeToken, ":"); colon != -1 { diff --git a/vendor/github.com/emicklei/go-restful/curly_route.go b/vendor/github.com/emicklei/go-restful/v3/curly_route.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/curly_route.go rename to vendor/github.com/emicklei/go-restful/v3/curly_route.go diff --git a/vendor/github.com/emicklei/go-restful/v3/custom_verb.go b/vendor/github.com/emicklei/go-restful/v3/custom_verb.go new file mode 100644 index 0000000000..bfc17efde8 --- /dev/null +++ b/vendor/github.com/emicklei/go-restful/v3/custom_verb.go @@ -0,0 +1,29 @@ +package restful + +import ( + "fmt" + "regexp" +) + +var ( + customVerbReg = regexp.MustCompile(":([A-Za-z]+)$") +) + +func hasCustomVerb(routeToken string) bool { + return customVerbReg.MatchString(routeToken) +} + +func isMatchCustomVerb(routeToken string, pathToken string) bool { + rs := customVerbReg.FindStringSubmatch(routeToken) + if len(rs) < 2 { + return false + } + + customVerb := rs[1] + specificVerbReg := regexp.MustCompile(fmt.Sprintf(":%s$", customVerb)) + return specificVerbReg.MatchString(pathToken) +} + +func removeCustomVerb(str string) string { + return customVerbReg.ReplaceAllString(str, "") +} diff --git a/vendor/github.com/emicklei/go-restful/doc.go b/vendor/github.com/emicklei/go-restful/v3/doc.go similarity index 95% rename from vendor/github.com/emicklei/go-restful/doc.go rename to vendor/github.com/emicklei/go-restful/v3/doc.go index f7c16b01fe..69b13057d0 100644 --- a/vendor/github.com/emicklei/go-restful/doc.go +++ b/vendor/github.com/emicklei/go-restful/v3/doc.go @@ -28,7 +28,7 @@ This package has the logic to find the best matching Route and if found, call it The (*Request, *Response) arguments provide functions for reading information from the request and writing information back to the response. -See the example https://github.com/emicklei/go-restful/blob/master/examples/restful-user-resource.go with a full implementation. +See the example https://github.com/emicklei/go-restful/blob/v3/examples/user-resource/restful-user-resource.go with a full implementation. Regular expression matching Routes @@ -82,7 +82,7 @@ These are processed before calling the function associated with the Route. // install 2 chained route filters (processed before calling findUser) ws.Route(ws.GET("/{user-id}").Filter(routeLogging).Filter(NewCountFilter().routeCounter).To(findUser)) -See the example https://github.com/emicklei/go-restful/blob/master/examples/restful-filters.go with full implementations. +See the example https://github.com/emicklei/go-restful/blob/v3/examples/filters/restful-filters.go with full implementations. Response Encoding @@ -93,7 +93,7 @@ Two encodings are supported: gzip and deflate. To enable this for all responses: If a Http request includes the Accept-Encoding header then the response content will be compressed using the specified encoding. Alternatively, you can create a Filter that performs the encoding and install it per WebService or Route. -See the example https://github.com/emicklei/go-restful/blob/master/examples/restful-encoding-filter.go +See the example https://github.com/emicklei/go-restful/blob/v3/examples/encoding/restful-encoding-filter.go OPTIONS support diff --git a/vendor/github.com/emicklei/go-restful/entity_accessors.go b/vendor/github.com/emicklei/go-restful/v3/entity_accessors.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/entity_accessors.go rename to vendor/github.com/emicklei/go-restful/v3/entity_accessors.go diff --git a/vendor/github.com/emicklei/go-restful/v3/extensions.go b/vendor/github.com/emicklei/go-restful/v3/extensions.go new file mode 100644 index 0000000000..5023fa049b --- /dev/null +++ b/vendor/github.com/emicklei/go-restful/v3/extensions.go @@ -0,0 +1,21 @@ +package restful + +// Copyright 2021 Ernest Micklei. All rights reserved. +// Use of this source code is governed by a license +// that can be found in the LICENSE file. + +// ExtensionProperties provides storage of vendor extensions for entities +type ExtensionProperties struct { + // Extensions vendor extensions used to describe extra functionality + // (https://swagger.io/docs/specification/2-0/swagger-extensions/) + Extensions map[string]interface{} +} + +// AddExtension adds or updates a key=value pair to the extension map. +func (ep *ExtensionProperties) AddExtension(key string, value interface{}) { + if ep.Extensions == nil { + ep.Extensions = map[string]interface{}{key: value} + } else { + ep.Extensions[key] = value + } +} diff --git a/vendor/github.com/emicklei/go-restful/filter.go b/vendor/github.com/emicklei/go-restful/v3/filter.go similarity index 79% rename from vendor/github.com/emicklei/go-restful/filter.go rename to vendor/github.com/emicklei/go-restful/v3/filter.go index c23bfb591a..fd88c536c8 100644 --- a/vendor/github.com/emicklei/go-restful/filter.go +++ b/vendor/github.com/emicklei/go-restful/v3/filter.go @@ -6,9 +6,11 @@ package restful // FilterChain is a request scoped object to process one or more filters before calling the target RouteFunction. type FilterChain struct { - Filters []FilterFunction // ordered list of FilterFunction - Index int // index into filters that is currently in progress - Target RouteFunction // function to call after passing all filters + Filters []FilterFunction // ordered list of FilterFunction + Index int // index into filters that is currently in progress + Target RouteFunction // function to call after passing all filters + ParameterDocs []*Parameter // the parameter docs for the route + Operation string // the name of the operation } // ProcessFilter passes the request,response pair through the next of Filters. diff --git a/vendor/github.com/emicklei/go-restful/json.go b/vendor/github.com/emicklei/go-restful/v3/json.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/json.go rename to vendor/github.com/emicklei/go-restful/v3/json.go diff --git a/vendor/github.com/emicklei/go-restful/jsoniter.go b/vendor/github.com/emicklei/go-restful/v3/jsoniter.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/jsoniter.go rename to vendor/github.com/emicklei/go-restful/v3/jsoniter.go diff --git a/vendor/github.com/emicklei/go-restful/jsr311.go b/vendor/github.com/emicklei/go-restful/v3/jsr311.go similarity index 89% rename from vendor/github.com/emicklei/go-restful/jsr311.go rename to vendor/github.com/emicklei/go-restful/v3/jsr311.go index 3ede1891ec..07a0c91e94 100644 --- a/vendor/github.com/emicklei/go-restful/jsr311.go +++ b/vendor/github.com/emicklei/go-restful/v3/jsr311.go @@ -9,6 +9,7 @@ import ( "fmt" "net/http" "sort" + "strings" ) // RouterJSR311 implements the flow for matching Requests to Routes (and consequently Resource Functions) @@ -98,7 +99,18 @@ func (r RouterJSR311) detectRoute(routes []Route, httpRequest *http.Request) (*R if trace { traceLogger.Printf("no Route found (in %d routes) that matches HTTP method %s\n", len(previous), httpRequest.Method) } - return nil, NewError(http.StatusMethodNotAllowed, "405: Method Not Allowed") + allowed := []string{} + allowedLoop: + for _, candidate := range previous { + for _, method := range allowed { + if method == candidate.Method { + continue allowedLoop + } + } + allowed = append(allowed, candidate.Method) + } + header := http.Header{"Allow": []string{strings.Join(allowed, ", ")}} + return nil, NewErrorWithHeader(http.StatusMethodNotAllowed, "405: Method Not Allowed", header) } // content-type @@ -135,7 +147,24 @@ func (r RouterJSR311) detectRoute(routes []Route, httpRequest *http.Request) (*R if trace { traceLogger.Printf("no Route found (from %d) that matches HTTP Accept: %s\n", len(previous), accept) } - return nil, NewError(http.StatusNotAcceptable, "406: Not Acceptable") + available := []string{} + for _, candidate := range previous { + available = append(available, candidate.Produces...) + } + // if POST,PUT,PATCH without body + method, length := httpRequest.Method, httpRequest.Header.Get("Content-Length") + if (method == http.MethodPost || + method == http.MethodPut || + method == http.MethodPatch) && length == "" { + return nil, NewError( + http.StatusUnsupportedMediaType, + fmt.Sprintf("415: Unsupported Media Type\n\nAvailable representations: %s", strings.Join(available, ", ")), + ) + } + return nil, NewError( + http.StatusNotAcceptable, + fmt.Sprintf("406: Not Acceptable\n\nAvailable representations: %s", strings.Join(available, ", ")), + ) } // return r.bestMatchByMedia(outputMediaOk, contentType, accept), nil return candidates[0], nil diff --git a/vendor/github.com/emicklei/go-restful/log/log.go b/vendor/github.com/emicklei/go-restful/v3/log/log.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/log/log.go rename to vendor/github.com/emicklei/go-restful/v3/log/log.go diff --git a/vendor/github.com/emicklei/go-restful/logger.go b/vendor/github.com/emicklei/go-restful/v3/logger.go similarity index 95% rename from vendor/github.com/emicklei/go-restful/logger.go rename to vendor/github.com/emicklei/go-restful/v3/logger.go index 6595df0029..29202726f6 100644 --- a/vendor/github.com/emicklei/go-restful/logger.go +++ b/vendor/github.com/emicklei/go-restful/v3/logger.go @@ -4,7 +4,7 @@ package restful // Use of this source code is governed by a license // that can be found in the LICENSE file. import ( - "github.com/emicklei/go-restful/log" + "github.com/emicklei/go-restful/v3/log" ) var trace bool = false diff --git a/vendor/github.com/emicklei/go-restful/mime.go b/vendor/github.com/emicklei/go-restful/v3/mime.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/mime.go rename to vendor/github.com/emicklei/go-restful/v3/mime.go diff --git a/vendor/github.com/emicklei/go-restful/options_filter.go b/vendor/github.com/emicklei/go-restful/v3/options_filter.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/options_filter.go rename to vendor/github.com/emicklei/go-restful/v3/options_filter.go diff --git a/vendor/github.com/emicklei/go-restful/parameter.go b/vendor/github.com/emicklei/go-restful/v3/parameter.go similarity index 58% rename from vendor/github.com/emicklei/go-restful/parameter.go rename to vendor/github.com/emicklei/go-restful/v3/parameter.go index e8793304b1..0e658af5ff 100644 --- a/vendor/github.com/emicklei/go-restful/parameter.go +++ b/vendor/github.com/emicklei/go-restful/v3/parameter.go @@ -1,5 +1,7 @@ package restful +import "sort" + // Copyright 2013 Ernest Micklei. All rights reserved. // Use of this source code is governed by a license // that can be found in the LICENSE file. @@ -52,13 +54,25 @@ type Parameter struct { // ParameterData represents the state of a Parameter. // It is made public to make it accessible to e.g. the Swagger package. type ParameterData struct { + ExtensionProperties Name, Description, DataType, DataFormat string Kind int Required bool - AllowableValues map[string]string - AllowMultiple bool - DefaultValue string - CollectionFormat string + // AllowableValues is deprecated. Use PossibleValues instead + AllowableValues map[string]string + PossibleValues []string + AllowMultiple bool + AllowEmptyValue bool + DefaultValue string + CollectionFormat string + Pattern string + Minimum *float64 + Maximum *float64 + MinLength *int64 + MaxLength *int64 + MinItems *int64 + MaxItems *int64 + UniqueItems bool } // Data returns the state of the Parameter @@ -106,9 +120,38 @@ func (p *Parameter) AllowMultiple(multiple bool) *Parameter { return p } -// AllowableValues sets the allowableValues field and returns the receiver +// AddExtension adds or updates a key=value pair to the extension map +func (p *Parameter) AddExtension(key string, value interface{}) *Parameter { + p.data.AddExtension(key, value) + return p +} + +// AllowEmptyValue sets the AllowEmptyValue field and returns the receiver +func (p *Parameter) AllowEmptyValue(multiple bool) *Parameter { + p.data.AllowEmptyValue = multiple + return p +} + +// AllowableValues is deprecated. Use PossibleValues instead. Both will be set. func (p *Parameter) AllowableValues(values map[string]string) *Parameter { p.data.AllowableValues = values + + allowableSortedKeys := make([]string, 0, len(values)) + for k := range values { + allowableSortedKeys = append(allowableSortedKeys, k) + } + sort.Strings(allowableSortedKeys) + + p.data.PossibleValues = make([]string, 0, len(values)) + for _, k := range allowableSortedKeys { + p.data.PossibleValues = append(p.data.PossibleValues, values[k]) + } + return p +} + +// PossibleValues sets the possible values field and returns the receiver +func (p *Parameter) PossibleValues(values []string) *Parameter { + p.data.PossibleValues = values return p } @@ -141,3 +184,51 @@ func (p *Parameter) CollectionFormat(format CollectionFormat) *Parameter { p.data.CollectionFormat = format.String() return p } + +// Pattern sets the pattern field and returns the receiver +func (p *Parameter) Pattern(pattern string) *Parameter { + p.data.Pattern = pattern + return p +} + +// Minimum sets the minimum field and returns the receiver +func (p *Parameter) Minimum(minimum float64) *Parameter { + p.data.Minimum = &minimum + return p +} + +// Maximum sets the maximum field and returns the receiver +func (p *Parameter) Maximum(maximum float64) *Parameter { + p.data.Maximum = &maximum + return p +} + +// MinLength sets the minLength field and returns the receiver +func (p *Parameter) MinLength(minLength int64) *Parameter { + p.data.MinLength = &minLength + return p +} + +// MaxLength sets the maxLength field and returns the receiver +func (p *Parameter) MaxLength(maxLength int64) *Parameter { + p.data.MaxLength = &maxLength + return p +} + +// MinItems sets the minItems field and returns the receiver +func (p *Parameter) MinItems(minItems int64) *Parameter { + p.data.MinItems = &minItems + return p +} + +// MaxItems sets the maxItems field and returns the receiver +func (p *Parameter) MaxItems(maxItems int64) *Parameter { + p.data.MaxItems = &maxItems + return p +} + +// UniqueItems sets the uniqueItems field and returns the receiver +func (p *Parameter) UniqueItems(uniqueItems bool) *Parameter { + p.data.UniqueItems = uniqueItems + return p +} diff --git a/vendor/github.com/emicklei/go-restful/path_expression.go b/vendor/github.com/emicklei/go-restful/v3/path_expression.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/path_expression.go rename to vendor/github.com/emicklei/go-restful/v3/path_expression.go diff --git a/vendor/github.com/emicklei/go-restful/path_processor.go b/vendor/github.com/emicklei/go-restful/v3/path_processor.go similarity index 79% rename from vendor/github.com/emicklei/go-restful/path_processor.go rename to vendor/github.com/emicklei/go-restful/v3/path_processor.go index 357c723a7a..1415732450 100644 --- a/vendor/github.com/emicklei/go-restful/path_processor.go +++ b/vendor/github.com/emicklei/go-restful/v3/path_processor.go @@ -29,7 +29,12 @@ func (d defaultPathProcessor) ExtractParameters(r *Route, _ *WebService, urlPath } else { value = urlParts[i] } - if strings.HasPrefix(key, "{") { // path-parameter + if r.hasCustomVerb && hasCustomVerb(key) { + key = removeCustomVerb(key) + value = removeCustomVerb(value) + } + + if strings.Index(key, "{") > -1 { // path-parameter if colon := strings.Index(key, ":"); colon != -1 { // extract by regex regPart := key[colon+1 : len(key)-1] @@ -42,7 +47,13 @@ func (d defaultPathProcessor) ExtractParameters(r *Route, _ *WebService, urlPath } } else { // without enclosing {} - pathParameters[key[1:len(key)-1]] = value + startIndex := strings.Index(key, "{") + endKeyIndex := strings.Index(key, "}") + + suffixLength := len(key) - endKeyIndex - 1 + endValueIndex := len(value) - suffixLength + + pathParameters[key[startIndex+1:endKeyIndex]] = value[startIndex:endValueIndex] } } } diff --git a/vendor/github.com/emicklei/go-restful/request.go b/vendor/github.com/emicklei/go-restful/v3/request.go similarity index 85% rename from vendor/github.com/emicklei/go-restful/request.go rename to vendor/github.com/emicklei/go-restful/v3/request.go index a20730febf..5725a07595 100644 --- a/vendor/github.com/emicklei/go-restful/request.go +++ b/vendor/github.com/emicklei/go-restful/v3/request.go @@ -13,10 +13,10 @@ var defaultRequestContentType string // Request is a wrapper for a http Request that provides convenience methods type Request struct { - Request *http.Request - pathParameters map[string]string - attributes map[string]interface{} // for storing request-scoped values - selectedRoutePath string // root path + route path that matched the request, e.g. /meetings/{id}/attendees + Request *http.Request + pathParameters map[string]string + attributes map[string]interface{} // for storing request-scoped values + selectedRoute *Route // is nil when no route was matched } func NewRequest(httpRequest *http.Request) *Request { @@ -113,6 +113,20 @@ func (r Request) Attribute(name string) interface{} { } // SelectedRoutePath root path + route path that matched the request, e.g. /meetings/{id}/attendees +// If no route was matched then return an empty string. func (r Request) SelectedRoutePath() string { - return r.selectedRoutePath + if r.selectedRoute == nil { + return "" + } + // skip creating an accessor + return r.selectedRoute.Path +} + +// SelectedRoute returns a reader to access the selected Route by the container +// Returns nil if no route was matched. +func (r Request) SelectedRoute() RouteReader { + if r.selectedRoute == nil { + return nil + } + return routeAccessor{route: r.selectedRoute} } diff --git a/vendor/github.com/emicklei/go-restful/response.go b/vendor/github.com/emicklei/go-restful/v3/response.go similarity index 96% rename from vendor/github.com/emicklei/go-restful/response.go rename to vendor/github.com/emicklei/go-restful/v3/response.go index fbb48f2da8..8f0b56aa2d 100644 --- a/vendor/github.com/emicklei/go-restful/response.go +++ b/vendor/github.com/emicklei/go-restful/v3/response.go @@ -174,15 +174,16 @@ func (r *Response) WriteHeaderAndJson(status int, value interface{}, contentType return writeJSON(r, status, contentType, value) } -// WriteError write the http status and the error string on the response. err can be nil. -func (r *Response) WriteError(httpStatus int, err error) error { +// WriteError writes the http status and the error string on the response. err can be nil. +// Return an error if writing was not successful. +func (r *Response) WriteError(httpStatus int, err error) (writeErr error) { r.err = err if err == nil { - r.WriteErrorString(httpStatus, "") + writeErr = r.WriteErrorString(httpStatus, "") } else { - r.WriteErrorString(httpStatus, err.Error()) + writeErr = r.WriteErrorString(httpStatus, err.Error()) } - return err + return writeErr } // WriteServiceError is a convenience method for a responding with a status and a ServiceError diff --git a/vendor/github.com/emicklei/go-restful/route.go b/vendor/github.com/emicklei/go-restful/v3/route.go similarity index 84% rename from vendor/github.com/emicklei/go-restful/route.go rename to vendor/github.com/emicklei/go-restful/v3/route.go index 6d15dbf66f..193f4a6b01 100644 --- a/vendor/github.com/emicklei/go-restful/route.go +++ b/vendor/github.com/emicklei/go-restful/v3/route.go @@ -19,6 +19,7 @@ type RouteSelectionConditionFunction func(httpRequest *http.Request) bool // Route binds a HTTP Method,Path,Consumes combination to a RouteFunction. type Route struct { + ExtensionProperties Method string Produces []string Consumes []string @@ -49,35 +50,33 @@ type Route struct { //Overrides the container.contentEncodingEnabled contentEncodingEnabled *bool + + // indicate route path has custom verb + hasCustomVerb bool + + // if a request does not include a content-type header then + // depending on the method, it may return a 415 Unsupported Media + // Must have uppercase HTTP Method names such as GET,HEAD,OPTIONS,... + allowedMethodsWithoutContentType []string } // Initialize for Route func (r *Route) postBuild() { r.pathParts = tokenizePath(r.Path) + r.hasCustomVerb = hasCustomVerb(r.Path) } // Create Request and Response from their http versions func (r *Route) wrapRequestResponse(httpWriter http.ResponseWriter, httpRequest *http.Request, pathParams map[string]string) (*Request, *Response) { wrappedRequest := NewRequest(httpRequest) wrappedRequest.pathParameters = pathParams - wrappedRequest.selectedRoutePath = r.Path + wrappedRequest.selectedRoute = r wrappedResponse := NewResponse(httpWriter) wrappedResponse.requestAccept = httpRequest.Header.Get(HEADER_Accept) wrappedResponse.routeProduces = r.Produces return wrappedRequest, wrappedResponse } -// dispatchWithFilters call the function after passing through its own filters -func (r *Route) dispatchWithFilters(wrappedRequest *Request, wrappedResponse *Response) { - if len(r.Filters) > 0 { - chain := FilterChain{Filters: r.Filters, Target: r.Function} - chain.ProcessFilter(wrappedRequest, wrappedResponse) - } else { - // unfiltered - r.Function(wrappedRequest, wrappedResponse) - } -} - func stringTrimSpaceCutset(r rune) bool { return r == ' ' } @@ -121,8 +120,17 @@ func (r Route) matchesContentType(mimeTypes string) bool { if len(mimeTypes) == 0 { // idempotent methods with (most-likely or guaranteed) empty content match missing Content-Type m := r.Method - if m == "GET" || m == "HEAD" || m == "OPTIONS" || m == "DELETE" || m == "TRACE" { - return true + // if route specifies less or non-idempotent methods then use that + if len(r.allowedMethodsWithoutContentType) > 0 { + for _, each := range r.allowedMethodsWithoutContentType { + if m == each { + return true + } + } + } else { + if m == "GET" || m == "HEAD" || m == "OPTIONS" || m == "DELETE" || m == "TRACE" { + return true + } } // proceed with default mimeTypes = MIME_OCTET @@ -160,11 +168,11 @@ func tokenizePath(path string) []string { } // for debugging -func (r Route) String() string { +func (r *Route) String() string { return r.Method + " " + r.Path } // EnableContentEncoding (default=false) allows for GZIP or DEFLATE encoding of responses. Overrides the container.contentEncodingEnabled value. -func (r Route) EnableContentEncoding(enabled bool) { +func (r *Route) EnableContentEncoding(enabled bool) { r.contentEncodingEnabled = &enabled } diff --git a/vendor/github.com/emicklei/go-restful/route_builder.go b/vendor/github.com/emicklei/go-restful/v3/route_builder.go similarity index 75% rename from vendor/github.com/emicklei/go-restful/route_builder.go rename to vendor/github.com/emicklei/go-restful/v3/route_builder.go index 0fccf61e94..23641b6dd5 100644 --- a/vendor/github.com/emicklei/go-restful/route_builder.go +++ b/vendor/github.com/emicklei/go-restful/v3/route_builder.go @@ -12,19 +12,20 @@ import ( "strings" "sync/atomic" - "github.com/emicklei/go-restful/log" + "github.com/emicklei/go-restful/v3/log" ) // RouteBuilder is a helper to construct Routes. type RouteBuilder struct { - rootPath string - currentPath string - produces []string - consumes []string - httpMethod string // required - function RouteFunction // required - filters []FilterFunction - conditions []RouteSelectionConditionFunction + rootPath string + currentPath string + produces []string + consumes []string + httpMethod string // required + function RouteFunction // required + filters []FilterFunction + conditions []RouteSelectionConditionFunction + allowedMethodsWithoutContentType []string // see Route typeNameHandleFunc TypeNameHandleFunction // required @@ -37,6 +38,7 @@ type RouteBuilder struct { errorMap map[int]ResponseError defaultResponse *ResponseError metadata map[string]interface{} + extensions map[string]interface{} deprecated bool contentEncodingEnabled *bool } @@ -176,6 +178,15 @@ func (b *RouteBuilder) Returns(code int, message string, model interface{}) *Rou return b } +// ReturnsWithHeaders is similar to Returns, but can specify response headers +func (b *RouteBuilder) ReturnsWithHeaders(code int, message string, model interface{}, headers map[string]Header) *RouteBuilder { + b.Returns(code, message, model) + err := b.errorMap[code] + err.Headers = headers + b.errorMap[code] = err + return b +} + // DefaultReturns is a special Returns call that sets the default of the response. func (b *RouteBuilder) DefaultReturns(message string, model interface{}) *RouteBuilder { b.defaultResponse = &ResponseError{ @@ -194,20 +205,57 @@ func (b *RouteBuilder) Metadata(key string, value interface{}) *RouteBuilder { return b } +// AddExtension adds or updates a key=value pair to the extensions map. +func (b *RouteBuilder) AddExtension(key string, value interface{}) *RouteBuilder { + if b.extensions == nil { + b.extensions = map[string]interface{}{} + } + b.extensions[key] = value + return b +} + // Deprecate sets the value of deprecated to true. Deprecated routes have a special UI treatment to warn against use func (b *RouteBuilder) Deprecate() *RouteBuilder { b.deprecated = true return b } +// AllowedMethodsWithoutContentType overrides the default list GET,HEAD,OPTIONS,DELETE,TRACE +// If a request does not include a content-type header then +// depending on the method, it may return a 415 Unsupported Media. +// Must have uppercase HTTP Method names such as GET,HEAD,OPTIONS,... +func (b *RouteBuilder) AllowedMethodsWithoutContentType(methods []string) *RouteBuilder { + b.allowedMethodsWithoutContentType = methods + return b +} + // ResponseError represents a response; not necessarily an error. type ResponseError struct { + ExtensionProperties Code int Message string Model interface{} + Headers map[string]Header IsDefault bool } +// Header describes a header for a response of the API +// +// For more information: http://goo.gl/8us55a#headerObject +type Header struct { + *Items + Description string +} + +// Items describe swagger simple schemas for headers +type Items struct { + Type string + Format string + Items *Items + CollectionFormat string + Default interface{} +} + func (b *RouteBuilder) servicePath(path string) *RouteBuilder { b.rootPath = path return b @@ -276,27 +324,29 @@ func (b *RouteBuilder) Build() Route { operationName = nameOfFunction(b.function) } route := Route{ - Method: b.httpMethod, - Path: concatPath(b.rootPath, b.currentPath), - Produces: b.produces, - Consumes: b.consumes, - Function: b.function, - Filters: b.filters, - If: b.conditions, - relativePath: b.currentPath, - pathExpr: pathExpr, - Doc: b.doc, - Notes: b.notes, - Operation: operationName, - ParameterDocs: b.parameters, - ResponseErrors: b.errorMap, - DefaultResponse: b.defaultResponse, - ReadSample: b.readSample, - WriteSample: b.writeSample, - Metadata: b.metadata, - Deprecated: b.deprecated, - contentEncodingEnabled: b.contentEncodingEnabled, + Method: b.httpMethod, + Path: concatPath(b.rootPath, b.currentPath), + Produces: b.produces, + Consumes: b.consumes, + Function: b.function, + Filters: b.filters, + If: b.conditions, + relativePath: b.currentPath, + pathExpr: pathExpr, + Doc: b.doc, + Notes: b.notes, + Operation: operationName, + ParameterDocs: b.parameters, + ResponseErrors: b.errorMap, + DefaultResponse: b.defaultResponse, + ReadSample: b.readSample, + WriteSample: b.writeSample, + Metadata: b.metadata, + Deprecated: b.deprecated, + contentEncodingEnabled: b.contentEncodingEnabled, + allowedMethodsWithoutContentType: b.allowedMethodsWithoutContentType, } + route.Extensions = b.extensions route.postBuild() return route } diff --git a/vendor/github.com/emicklei/go-restful/v3/route_reader.go b/vendor/github.com/emicklei/go-restful/v3/route_reader.go new file mode 100644 index 0000000000..c9f4ee75f3 --- /dev/null +++ b/vendor/github.com/emicklei/go-restful/v3/route_reader.go @@ -0,0 +1,66 @@ +package restful + +// Copyright 2021 Ernest Micklei. All rights reserved. +// Use of this source code is governed by a license +// that can be found in the LICENSE file. + +type RouteReader interface { + Method() string + Consumes() []string + Path() string + Doc() string + Notes() string + Operation() string + ParameterDocs() []*Parameter + // Returns a copy + Metadata() map[string]interface{} + Deprecated() bool +} + +type routeAccessor struct { + route *Route +} + +func (r routeAccessor) Method() string { + return r.route.Method +} +func (r routeAccessor) Consumes() []string { + return r.route.Consumes[:] +} +func (r routeAccessor) Path() string { + return r.route.Path +} +func (r routeAccessor) Doc() string { + return r.route.Doc +} +func (r routeAccessor) Notes() string { + return r.route.Notes +} +func (r routeAccessor) Operation() string { + return r.route.Operation +} +func (r routeAccessor) ParameterDocs() []*Parameter { + return r.route.ParameterDocs[:] +} + +// Returns a copy +func (r routeAccessor) Metadata() map[string]interface{} { + return copyMap(r.route.Metadata) +} +func (r routeAccessor) Deprecated() bool { + return r.route.Deprecated +} + +// https://stackoverflow.com/questions/23057785/how-to-copy-a-map +func copyMap(m map[string]interface{}) map[string]interface{} { + cp := make(map[string]interface{}) + for k, v := range m { + vm, ok := v.(map[string]interface{}) + if ok { + cp[k] = copyMap(vm) + } else { + cp[k] = v + } + } + return cp +} diff --git a/vendor/github.com/emicklei/go-restful/router.go b/vendor/github.com/emicklei/go-restful/v3/router.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/router.go rename to vendor/github.com/emicklei/go-restful/v3/router.go diff --git a/vendor/github.com/emicklei/go-restful/service_error.go b/vendor/github.com/emicklei/go-restful/v3/service_error.go similarity index 70% rename from vendor/github.com/emicklei/go-restful/service_error.go rename to vendor/github.com/emicklei/go-restful/v3/service_error.go index 62d1108bbd..a415754694 100644 --- a/vendor/github.com/emicklei/go-restful/service_error.go +++ b/vendor/github.com/emicklei/go-restful/v3/service_error.go @@ -4,12 +4,16 @@ package restful // Use of this source code is governed by a license // that can be found in the LICENSE file. -import "fmt" +import ( + "fmt" + "net/http" +) // ServiceError is a transport object to pass information about a non-Http error occurred in a WebService while processing a request. type ServiceError struct { Code int Message string + Header http.Header } // NewError returns a ServiceError using the code and reason @@ -17,6 +21,11 @@ func NewError(code int, message string) ServiceError { return ServiceError{Code: code, Message: message} } +// NewErrorWithHeader returns a ServiceError using the code, reason and header +func NewErrorWithHeader(code int, message string, header http.Header) ServiceError { + return ServiceError{Code: code, Message: message, Header: header} +} + // Error returns a text representation of the service error func (s ServiceError) Error() string { return fmt.Sprintf("[ServiceError:%v] %v", s.Code, s.Message) diff --git a/vendor/github.com/emicklei/go-restful/web_service.go b/vendor/github.com/emicklei/go-restful/v3/web_service.go similarity index 93% rename from vendor/github.com/emicklei/go-restful/web_service.go rename to vendor/github.com/emicklei/go-restful/v3/web_service.go index 77ba9a8cfc..0bf5d1e5f7 100644 --- a/vendor/github.com/emicklei/go-restful/web_service.go +++ b/vendor/github.com/emicklei/go-restful/v3/web_service.go @@ -6,7 +6,7 @@ import ( "reflect" "sync" - "github.com/emicklei/go-restful/log" + "github.com/emicklei/go-restful/v3/log" ) // Copyright 2013 Ernest Micklei. All rights reserved. @@ -176,22 +176,20 @@ func (w *WebService) Route(builder *RouteBuilder) *WebService { // RemoveRoute removes the specified route, looks for something that matches 'path' and 'method' func (w *WebService) RemoveRoute(path, method string) error { - if !w.dynamicRoutes { - return errors.New("dynamic routes are not enabled.") - } - w.routesLock.Lock() - defer w.routesLock.Unlock() - newRoutes := make([]Route, (len(w.routes) - 1)) - current := 0 - for ix := range w.routes { - if w.routes[ix].Method == method && w.routes[ix].Path == path { - continue - } - newRoutes[current] = w.routes[ix] - current = current + 1 - } - w.routes = newRoutes - return nil + if !w.dynamicRoutes { + return errors.New("dynamic routes are not enabled.") + } + w.routesLock.Lock() + defer w.routesLock.Unlock() + newRoutes := []Route{} + for _, route := range w.routes { + if route.Method == method && route.Path == path { + continue + } + newRoutes = append(newRoutes, route) + } + w.routes = newRoutes + return nil } // Method creates a new RouteBuilder and initialize its http method @@ -288,3 +286,8 @@ func (w *WebService) PATCH(subPath string) *RouteBuilder { func (w *WebService) DELETE(subPath string) *RouteBuilder { return new(RouteBuilder).typeNameHandler(w.typeNameHandleFunc).servicePath(w.rootPath).Method("DELETE").Path(subPath) } + +// OPTIONS is a shortcut for .Method("OPTIONS").Path(subPath) +func (w *WebService) OPTIONS(subPath string) *RouteBuilder { + return new(RouteBuilder).typeNameHandler(w.typeNameHandleFunc).servicePath(w.rootPath).Method("OPTIONS").Path(subPath) +} diff --git a/vendor/github.com/emicklei/go-restful/web_service_container.go b/vendor/github.com/emicklei/go-restful/v3/web_service_container.go similarity index 100% rename from vendor/github.com/emicklei/go-restful/web_service_container.go rename to vendor/github.com/emicklei/go-restful/v3/web_service_container.go diff --git a/vendor/github.com/golang-jwt/jwt/v4/MIGRATION_GUIDE.md b/vendor/github.com/golang-jwt/jwt/v4/MIGRATION_GUIDE.md index 0b62149300..32966f5981 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/MIGRATION_GUIDE.md +++ b/vendor/github.com/golang-jwt/jwt/v4/MIGRATION_GUIDE.md @@ -1,6 +1,6 @@ ## Migration Guide (v4.0.0) -Starting from [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0]), the import path will be: +Starting from [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0), the import path will be: "github.com/golang-jwt/jwt/v4" @@ -19,4 +19,4 @@ go mod tidy ## Older releases (before v3.2.0) -The original migration guide for older releases can be found at https://github.com/dgrijalva/jwt-go/blob/master/MIGRATION_GUIDE.md. \ No newline at end of file +The original migration guide for older releases can be found at https://github.com/dgrijalva/jwt-go/blob/master/MIGRATION_GUIDE.md. diff --git a/vendor/github.com/golang-jwt/jwt/v4/README.md b/vendor/github.com/golang-jwt/jwt/v4/README.md index 96fe3b9780..3072d24a9d 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/README.md +++ b/vendor/github.com/golang-jwt/jwt/v4/README.md @@ -1,12 +1,12 @@ # jwt-go [![build](https://github.com/golang-jwt/jwt/actions/workflows/build.yml/badge.svg)](https://github.com/golang-jwt/jwt/actions/workflows/build.yml) -[![Go Reference](https://pkg.go.dev/badge/github.com/golang-jwt/jwt.svg)](https://pkg.go.dev/github.com/golang-jwt/jwt) +[![Go Reference](https://pkg.go.dev/badge/github.com/golang-jwt/jwt/v4.svg)](https://pkg.go.dev/github.com/golang-jwt/jwt/v4) A [go](http://www.golang.org) (or 'golang' for search engine friendliness) implementation of [JSON Web Tokens](https://datatracker.ietf.org/doc/html/rfc7519). -Starting with [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0) this project adds Go module support, but maintains backwards compataibility with older `v3.x.y` tags and upstream `github.com/dgrijalva/jwt-go`. -See the `MIGRATION_GUIDE.md` for more information. +Starting with [v4.0.0](https://github.com/golang-jwt/jwt/releases/tag/v4.0.0) this project adds Go module support, but maintains backwards compatibility with older `v3.x.y` tags and upstream `github.com/dgrijalva/jwt-go`. +See the [`MIGRATION_GUIDE.md`](./MIGRATION_GUIDE.md) for more information. > After the original author of the library suggested migrating the maintenance of `jwt-go`, a dedicated team of open source maintainers decided to clone the existing library into this repository. See [dgrijalva/jwt-go#462](https://github.com/dgrijalva/jwt-go/issues/462) for a detailed discussion on this topic. @@ -52,7 +52,7 @@ Here's an example of an extension that integrates with multiple Google Cloud Pla ## Compliance -This library was last reviewed to comply with [RTF 7519](https://datatracker.ietf.org/doc/html/rfc7519) dated May 2015 with a few notable differences: +This library was last reviewed to comply with [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) dated May 2015 with a few notable differences: * In order to protect against accidental use of [Unsecured JWTs](https://datatracker.ietf.org/doc/html/rfc7519#section-6), tokens using `alg=none` will only be accepted if the constant `jwt.UnsafeAllowNoneSignatureType` is provided as the key. @@ -91,6 +91,7 @@ Each signing method expects a different object type for its signing keys. See th * The [HMAC signing method](https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodHMAC) (`HS256`,`HS384`,`HS512`) expect `[]byte` values for signing and validation * The [RSA signing method](https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodRSA) (`RS256`,`RS384`,`RS512`) expect `*rsa.PrivateKey` for signing and `*rsa.PublicKey` for validation * The [ECDSA signing method](https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodECDSA) (`ES256`,`ES384`,`ES512`) expect `*ecdsa.PrivateKey` for signing and `*ecdsa.PublicKey` for validation +* The [EdDSA signing method](https://pkg.go.dev/github.com/golang-jwt/jwt#SigningMethodEd25519) (`Ed25519`) expect `ed25519.PrivateKey` for signing and `ed25519.PublicKey` for validation ### JWT and OAuth diff --git a/vendor/github.com/golang-jwt/jwt/v4/claims.go b/vendor/github.com/golang-jwt/jwt/v4/claims.go index 7c2f33bcbe..41cc826563 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/claims.go +++ b/vendor/github.com/golang-jwt/jwt/v4/claims.go @@ -12,9 +12,122 @@ type Claims interface { Valid() error } -// StandardClaims are a structured version of the Claims Section, as referenced at -// https://tools.ietf.org/html/rfc7519#section-4.1 -// See examples for how to use this with your own claim types +// RegisteredClaims are a structured version of the JWT Claims Set, +// restricted to Registered Claim Names, as referenced at +// https://datatracker.ietf.org/doc/html/rfc7519#section-4.1 +// +// This type can be used on its own, but then additional private and +// public claims embedded in the JWT will not be parsed. The typical usecase +// therefore is to embedded this in a user-defined claim type. +// +// See examples for how to use this with your own claim types. +type RegisteredClaims struct { + // the `iss` (Issuer) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.1 + Issuer string `json:"iss,omitempty"` + + // the `sub` (Subject) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.2 + Subject string `json:"sub,omitempty"` + + // the `aud` (Audience) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3 + Audience ClaimStrings `json:"aud,omitempty"` + + // the `exp` (Expiration Time) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4 + ExpiresAt *NumericDate `json:"exp,omitempty"` + + // the `nbf` (Not Before) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.5 + NotBefore *NumericDate `json:"nbf,omitempty"` + + // the `iat` (Issued At) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.6 + IssuedAt *NumericDate `json:"iat,omitempty"` + + // the `jti` (JWT ID) claim. See https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.7 + ID string `json:"jti,omitempty"` +} + +// Valid validates time based claims "exp, iat, nbf". +// There is no accounting for clock skew. +// As well, if any of the above claims are not in the token, it will still +// be considered a valid claim. +func (c RegisteredClaims) Valid() error { + vErr := new(ValidationError) + now := TimeFunc() + + // The claims below are optional, by default, so if they are set to the + // default value in Go, let's not fail the verification for them. + if !c.VerifyExpiresAt(now, false) { + delta := now.Sub(c.ExpiresAt.Time) + vErr.Inner = fmt.Errorf("token is expired by %v", delta) + vErr.Errors |= ValidationErrorExpired + } + + if !c.VerifyIssuedAt(now, false) { + vErr.Inner = fmt.Errorf("token used before issued") + vErr.Errors |= ValidationErrorIssuedAt + } + + if !c.VerifyNotBefore(now, false) { + vErr.Inner = fmt.Errorf("token is not valid yet") + vErr.Errors |= ValidationErrorNotValidYet + } + + if vErr.valid() { + return nil + } + + return vErr +} + +// VerifyAudience compares the aud claim against cmp. +// If required is false, this method will return true if the value matches or is unset +func (c *RegisteredClaims) VerifyAudience(cmp string, req bool) bool { + return verifyAud(c.Audience, cmp, req) +} + +// VerifyExpiresAt compares the exp claim against cmp (cmp < exp). +// If req is false, it will return true, if exp is unset. +func (c *RegisteredClaims) VerifyExpiresAt(cmp time.Time, req bool) bool { + if c.ExpiresAt == nil { + return verifyExp(nil, cmp, req) + } + + return verifyExp(&c.ExpiresAt.Time, cmp, req) +} + +// VerifyIssuedAt compares the iat claim against cmp (cmp >= iat). +// If req is false, it will return true, if iat is unset. +func (c *RegisteredClaims) VerifyIssuedAt(cmp time.Time, req bool) bool { + if c.IssuedAt == nil { + return verifyIat(nil, cmp, req) + } + + return verifyIat(&c.IssuedAt.Time, cmp, req) +} + +// VerifyNotBefore compares the nbf claim against cmp (cmp >= nbf). +// If req is false, it will return true, if nbf is unset. +func (c *RegisteredClaims) VerifyNotBefore(cmp time.Time, req bool) bool { + if c.NotBefore == nil { + return verifyNbf(nil, cmp, req) + } + + return verifyNbf(&c.NotBefore.Time, cmp, req) +} + +// VerifyIssuer compares the iss claim against cmp. +// If required is false, this method will return true if the value matches or is unset +func (c *RegisteredClaims) VerifyIssuer(cmp string, req bool) bool { + return verifyIss(c.Issuer, cmp, req) +} + +// StandardClaims are a structured version of the JWT Claims Set, as referenced at +// https://datatracker.ietf.org/doc/html/rfc7519#section-4. They do not follow the +// specification exactly, since they were based on an earlier draft of the +// specification and not updated. The main difference is that they only +// support integer-based date fields and singular audiences. This might lead to +// incompatibilities with other JWT implementations. The use of this is discouraged, instead +// the newer RegisteredClaims struct should be used. +// +// Deprecated: Use RegisteredClaims instead for a forward-compatible way to access registered claims in a struct. type StandardClaims struct { Audience string `json:"aud,omitempty"` ExpiresAt int64 `json:"exp,omitempty"` @@ -41,7 +154,7 @@ func (c StandardClaims) Valid() error { } if !c.VerifyIssuedAt(now, false) { - vErr.Inner = fmt.Errorf("Token used before issued") + vErr.Inner = fmt.Errorf("token used before issued") vErr.Errors |= ValidationErrorIssuedAt } @@ -63,16 +176,37 @@ func (c *StandardClaims) VerifyAudience(cmp string, req bool) bool { return verifyAud([]string{c.Audience}, cmp, req) } -// VerifyExpiresAt compares the exp claim against cmp. -// If required is false, this method will return true if the value matches or is unset +// VerifyExpiresAt compares the exp claim against cmp (cmp < exp). +// If req is false, it will return true, if exp is unset. func (c *StandardClaims) VerifyExpiresAt(cmp int64, req bool) bool { - return verifyExp(c.ExpiresAt, cmp, req) + if c.ExpiresAt == 0 { + return verifyExp(nil, time.Unix(cmp, 0), req) + } + + t := time.Unix(c.ExpiresAt, 0) + return verifyExp(&t, time.Unix(cmp, 0), req) } -// VerifyIssuedAt compares the iat claim against cmp. -// If required is false, this method will return true if the value matches or is unset +// VerifyIssuedAt compares the iat claim against cmp (cmp >= iat). +// If req is false, it will return true, if iat is unset. func (c *StandardClaims) VerifyIssuedAt(cmp int64, req bool) bool { - return verifyIat(c.IssuedAt, cmp, req) + if c.IssuedAt == 0 { + return verifyIat(nil, time.Unix(cmp, 0), req) + } + + t := time.Unix(c.IssuedAt, 0) + return verifyIat(&t, time.Unix(cmp, 0), req) +} + +// VerifyNotBefore compares the nbf claim against cmp (cmp >= nbf). +// If req is false, it will return true, if nbf is unset. +func (c *StandardClaims) VerifyNotBefore(cmp int64, req bool) bool { + if c.NotBefore == 0 { + return verifyNbf(nil, time.Unix(cmp, 0), req) + } + + t := time.Unix(c.NotBefore, 0) + return verifyNbf(&t, time.Unix(cmp, 0), req) } // VerifyIssuer compares the iss claim against cmp. @@ -81,12 +215,6 @@ func (c *StandardClaims) VerifyIssuer(cmp string, req bool) bool { return verifyIss(c.Issuer, cmp, req) } -// VerifyNotBefore compares the nbf claim against cmp. -// If required is false, this method will return true if the value matches or is unset -func (c *StandardClaims) VerifyNotBefore(cmp int64, req bool) bool { - return verifyNbf(c.NotBefore, cmp, req) -} - // ----- helpers func verifyAud(aud []string, cmp string, required bool) bool { @@ -112,18 +240,25 @@ func verifyAud(aud []string, cmp string, required bool) bool { return result } -func verifyExp(exp int64, now int64, required bool) bool { - if exp == 0 { +func verifyExp(exp *time.Time, now time.Time, required bool) bool { + if exp == nil { + return !required + } + return now.Before(*exp) +} + +func verifyIat(iat *time.Time, now time.Time, required bool) bool { + if iat == nil { return !required } - return now <= exp + return now.After(*iat) || now.Equal(*iat) } -func verifyIat(iat int64, now int64, required bool) bool { - if iat == 0 { +func verifyNbf(nbf *time.Time, now time.Time, required bool) bool { + if nbf == nil { return !required } - return now >= iat + return now.After(*nbf) || now.Equal(*nbf) } func verifyIss(iss string, cmp string, required bool) bool { @@ -136,10 +271,3 @@ func verifyIss(iss string, cmp string, required bool) bool { return false } } - -func verifyNbf(nbf int64, now int64, required bool) bool { - if nbf == 0 { - return !required - } - return now >= nbf -} diff --git a/vendor/github.com/golang-jwt/jwt/v4/ed25519.go b/vendor/github.com/golang-jwt/jwt/v4/ed25519.go index 9f40dc0c73..07d3aacd63 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/ed25519.go +++ b/vendor/github.com/golang-jwt/jwt/v4/ed25519.go @@ -3,7 +3,9 @@ package jwt import ( "errors" + "crypto" "crypto/ed25519" + "crypto/rand" ) var ( @@ -62,20 +64,22 @@ func (m *SigningMethodEd25519) Verify(signingString, signature string, key inter // Sign implements token signing for the SigningMethod. // For this signing method, key must be an ed25519.PrivateKey func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) { - var ed25519Key ed25519.PrivateKey + var ed25519Key crypto.Signer var ok bool - if ed25519Key, ok = key.(ed25519.PrivateKey); !ok { + if ed25519Key, ok = key.(crypto.Signer); !ok { return "", ErrInvalidKeyType } - // ed25519.Sign panics if private key not equal to ed25519.PrivateKeySize - // this allows to avoid recover usage - if len(ed25519Key) != ed25519.PrivateKeySize { + if _, ok := ed25519Key.Public().(ed25519.PublicKey); !ok { return "", ErrInvalidKey } // Sign the string and return the encoded result - sig := ed25519.Sign(ed25519Key, []byte(signingString)) + // ed25519 performs a two-pass hash as part of its algorithm. Therefore, we need to pass a non-prehashed message into the Sign function, as indicated by crypto.Hash(0) + sig, err := ed25519Key.Sign(rand.Reader, []byte(signingString), crypto.Hash(0)) + if err != nil { + return "", err + } return EncodeSegment(sig), nil } diff --git a/vendor/github.com/golang-jwt/jwt/v4/errors.go b/vendor/github.com/golang-jwt/jwt/v4/errors.go index f309878b30..b9d18e498e 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/errors.go +++ b/vendor/github.com/golang-jwt/jwt/v4/errors.go @@ -53,6 +53,11 @@ func (e ValidationError) Error() string { } } +// Unwrap gives errors.Is and errors.As access to the inner error. +func (e *ValidationError) Unwrap() error { + return e.Inner +} + // No errors func (e *ValidationError) valid() bool { return e.Errors == 0 diff --git a/vendor/github.com/golang-jwt/jwt/v4/map_claims.go b/vendor/github.com/golang-jwt/jwt/v4/map_claims.go index 7e00e753dd..e7da633b93 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/map_claims.go +++ b/vendor/github.com/golang-jwt/jwt/v4/map_claims.go @@ -3,6 +3,7 @@ package jwt import ( "encoding/json" "errors" + "time" // "fmt" ) @@ -31,65 +32,92 @@ func (m MapClaims) VerifyAudience(cmp string, req bool) bool { return verifyAud(aud, cmp, req) } -// VerifyExpiresAt compares the exp claim against cmp. -// If required is false, this method will return true if the value matches or is unset +// VerifyExpiresAt compares the exp claim against cmp (cmp <= exp). +// If req is false, it will return true, if exp is unset. func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool { - exp, ok := m["exp"] + cmpTime := time.Unix(cmp, 0) + + v, ok := m["exp"] if !ok { return !req } - switch expType := exp.(type) { + + switch exp := v.(type) { case float64: - return verifyExp(int64(expType), cmp, req) + if exp == 0 { + return verifyExp(nil, cmpTime, req) + } + + return verifyExp(&newNumericDateFromSeconds(exp).Time, cmpTime, req) case json.Number: - v, _ := expType.Int64() - return verifyExp(v, cmp, req) + v, _ := exp.Float64() + + return verifyExp(&newNumericDateFromSeconds(v).Time, cmpTime, req) } + return false } -// VerifyIssuedAt compares the iat claim against cmp. -// If required is false, this method will return true if the value matches or is unset +// VerifyIssuedAt compares the exp claim against cmp (cmp >= iat). +// If req is false, it will return true, if iat is unset. func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool { - iat, ok := m["iat"] + cmpTime := time.Unix(cmp, 0) + + v, ok := m["iat"] if !ok { return !req } - switch iatType := iat.(type) { + + switch iat := v.(type) { case float64: - return verifyIat(int64(iatType), cmp, req) + if iat == 0 { + return verifyIat(nil, cmpTime, req) + } + + return verifyIat(&newNumericDateFromSeconds(iat).Time, cmpTime, req) case json.Number: - v, _ := iatType.Int64() - return verifyIat(v, cmp, req) + v, _ := iat.Float64() + + return verifyIat(&newNumericDateFromSeconds(v).Time, cmpTime, req) } - return false -} -// VerifyIssuer compares the iss claim against cmp. -// If required is false, this method will return true if the value matches or is unset -func (m MapClaims) VerifyIssuer(cmp string, req bool) bool { - iss, _ := m["iss"].(string) - return verifyIss(iss, cmp, req) + return false } -// VerifyNotBefore compares the nbf claim against cmp. -// If required is false, this method will return true if the value matches or is unset +// VerifyNotBefore compares the nbf claim against cmp (cmp >= nbf). +// If req is false, it will return true, if nbf is unset. func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool { - nbf, ok := m["nbf"] + cmpTime := time.Unix(cmp, 0) + + v, ok := m["nbf"] if !ok { return !req } - switch nbfType := nbf.(type) { + + switch nbf := v.(type) { case float64: - return verifyNbf(int64(nbfType), cmp, req) + if nbf == 0 { + return verifyNbf(nil, cmpTime, req) + } + + return verifyNbf(&newNumericDateFromSeconds(nbf).Time, cmpTime, req) case json.Number: - v, _ := nbfType.Int64() - return verifyNbf(v, cmp, req) + v, _ := nbf.Float64() + + return verifyNbf(&newNumericDateFromSeconds(v).Time, cmpTime, req) } + return false } -// Valid calidates time based claims "exp, iat, nbf". +// VerifyIssuer compares the iss claim against cmp. +// If required is false, this method will return true if the value matches or is unset +func (m MapClaims) VerifyIssuer(cmp string, req bool) bool { + iss, _ := m["iss"].(string) + return verifyIss(iss, cmp, req) +} + +// Valid validates time based claims "exp, iat, nbf". // There is no accounting for clock skew. // As well, if any of the above claims are not in the token, it will still // be considered a valid claim. diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser.go b/vendor/github.com/golang-jwt/jwt/v4/parser.go index 0c811f311b..2f61a69d7f 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/parser.go +++ b/vendor/github.com/golang-jwt/jwt/v4/parser.go @@ -8,14 +8,36 @@ import ( ) type Parser struct { - ValidMethods []string // If populated, only these methods will be considered valid - UseJSONNumber bool // Use JSON Number format in JSON decoder - SkipClaimsValidation bool // Skip claims validation during token parsing + // If populated, only these methods will be considered valid. + // + // Deprecated: In future releases, this field will not be exported anymore and should be set with an option to NewParser instead. + ValidMethods []string + + // Use JSON Number format in JSON decoder. + // + // Deprecated: In future releases, this field will not be exported anymore and should be set with an option to NewParser instead. + UseJSONNumber bool + + // Skip claims validation during token parsing. + // + // Deprecated: In future releases, this field will not be exported anymore and should be set with an option to NewParser instead. + SkipClaimsValidation bool } -// Parse parses, validates, and returns a token. +// NewParser creates a new Parser with the specified options +func NewParser(options ...ParserOption) *Parser { + p := &Parser{} + + // loop through our parsing options and apply them + for _, option := range options { + option(p) + } + + return p +} + +// Parse parses, validates, verifies the signature and returns the parsed token. // keyFunc will receive the parsed token and should return the key for validating. -// If everything is kosher, err will be nil func (p *Parser) Parse(tokenString string, keyFunc Keyfunc) (*Token, error) { return p.ParseWithClaims(tokenString, MapClaims{}, keyFunc) } diff --git a/vendor/github.com/golang-jwt/jwt/v4/parser_option.go b/vendor/github.com/golang-jwt/jwt/v4/parser_option.go new file mode 100644 index 0000000000..0fede4f15c --- /dev/null +++ b/vendor/github.com/golang-jwt/jwt/v4/parser_option.go @@ -0,0 +1,29 @@ +package jwt + +// ParserOption is used to implement functional-style options that modify the behaviour of the parser. To add +// new options, just create a function (ideally beginning with With or Without) that returns an anonymous function that +// takes a *Parser type as input and manipulates its configuration accordingly. +type ParserOption func(*Parser) + +// WithValidMethods is an option to supply algorithm methods that the parser will check. Only those methods will be considered valid. +// It is heavily encouraged to use this option in order to prevent attacks such as https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/. +func WithValidMethods(methods []string) ParserOption { + return func(p *Parser) { + p.ValidMethods = methods + } +} + +// WithJSONNumber is an option to configure the underyling JSON parser with UseNumber +func WithJSONNumber() ParserOption { + return func(p *Parser) { + p.UseJSONNumber = true + } +} + +// WithoutClaimsValidation is an option to disable claims validation. This option should only be used if you exactly know +// what you are doing. +func WithoutClaimsValidation() ParserOption { + return func(p *Parser) { + p.SkipClaimsValidation = true + } +} diff --git a/vendor/github.com/golang-jwt/jwt/v4/signing_method.go b/vendor/github.com/golang-jwt/jwt/v4/signing_method.go index 3269170f31..241ae9c60d 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/signing_method.go +++ b/vendor/github.com/golang-jwt/jwt/v4/signing_method.go @@ -33,3 +33,14 @@ func GetSigningMethod(alg string) (method SigningMethod) { } return } + +// GetAlgorithms returns a list of registered "alg" names +func GetAlgorithms() (algs []string) { + signingMethodLock.RLock() + defer signingMethodLock.RUnlock() + + for alg := range signingMethods { + algs = append(algs, alg) + } + return +} diff --git a/vendor/github.com/golang-jwt/jwt/v4/token.go b/vendor/github.com/golang-jwt/jwt/v4/token.go index b896acb0b4..12344138be 100644 --- a/vendor/github.com/golang-jwt/jwt/v4/token.go +++ b/vendor/github.com/golang-jwt/jwt/v4/token.go @@ -7,6 +7,14 @@ import ( "time" ) + +// DecodePaddingAllowed will switch the codec used for decoding JWTs respectively. Note that the JWS RFC7515 +// states that the tokens will utilize a Base64url encoding with no padding. Unfortunately, some implementations +// of JWT are producing non-standard tokens, and thus require support for decoding. Note that this is a global +// variable, and updating it will change the behavior on a package level, and is also NOT go-routine safe. +// To use the non-recommended decoding, set this boolean to `true` prior to using this package. +var DecodePaddingAllowed bool + // TimeFunc provides the current time when parsing token to validate "exp" claim (expiration time). // You can override it to use another time value. This is useful for testing or if your // server uses a different time zone than your tokens. @@ -29,11 +37,12 @@ type Token struct { Valid bool // Is the token valid? Populated when you Parse/Verify a token } -// New creates a new Token. Takes a signing method +// New creates a new Token with the specified signing method and an empty map of claims. func New(method SigningMethod) *Token { return NewWithClaims(method, MapClaims{}) } +// NewWithClaims creates a new Token with the specified signing method and claims. func NewWithClaims(method SigningMethod, claims Claims) *Token { return &Token{ Header: map[string]interface{}{ @@ -45,7 +54,8 @@ func NewWithClaims(method SigningMethod, claims Claims) *Token { } } -// SignedString retrieves the complete, signed token +// SignedString creates and returns a complete, signed JWT. +// The token is signed using the SigningMethod specified in the token. func (t *Token) SignedString(key interface{}) (string, error) { var sig, sstr string var err error @@ -82,15 +92,19 @@ func (t *Token) SigningString() (string, error) { return strings.Join(parts, "."), nil } -// Parse parses, validates, and returns a token. -// keyFunc will receive the parsed token and should return the key for validating. -// If everything is kosher, err will be nil -func Parse(tokenString string, keyFunc Keyfunc) (*Token, error) { - return new(Parser).Parse(tokenString, keyFunc) +// Parse parses, validates, verifies the signature and returns the parsed token. +// keyFunc will receive the parsed token and should return the cryptographic key +// for verifying the signature. +// The caller is strongly encouraged to set the WithValidMethods option to +// validate the 'alg' claim in the token matches the expected algorithm. +// For more details about the importance of validating the 'alg' claim, +// see https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/ +func Parse(tokenString string, keyFunc Keyfunc, options ...ParserOption) (*Token, error) { + return NewParser(options...).Parse(tokenString, keyFunc) } -func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token, error) { - return new(Parser).ParseWithClaims(tokenString, claims, keyFunc) +func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc, options ...ParserOption) (*Token, error) { + return NewParser(options...).ParseWithClaims(tokenString, claims, keyFunc) } // EncodeSegment encodes a JWT specific base64url encoding with padding stripped @@ -106,5 +120,12 @@ func EncodeSegment(seg []byte) string { // Deprecated: In a future release, we will demote this function to a non-exported function, since it // should only be used internally func DecodeSegment(seg string) ([]byte, error) { + if DecodePaddingAllowed { + if l := len(seg) % 4; l > 0 { + seg += strings.Repeat("=", 4-l) + } + return base64.URLEncoding.DecodeString(seg) + } + return base64.RawURLEncoding.DecodeString(seg) } diff --git a/vendor/github.com/golang-jwt/jwt/v4/types.go b/vendor/github.com/golang-jwt/jwt/v4/types.go new file mode 100644 index 0000000000..80b1b96948 --- /dev/null +++ b/vendor/github.com/golang-jwt/jwt/v4/types.go @@ -0,0 +1,127 @@ +package jwt + +import ( + "encoding/json" + "fmt" + "math" + "reflect" + "strconv" + "time" +) + +// TimePrecision sets the precision of times and dates within this library. +// This has an influence on the precision of times when comparing expiry or +// other related time fields. Furthermore, it is also the precision of times +// when serializing. +// +// For backwards compatibility the default precision is set to seconds, so that +// no fractional timestamps are generated. +var TimePrecision = time.Second + +// MarshalSingleStringAsArray modifies the behaviour of the ClaimStrings type, especially +// its MarshalJSON function. +// +// If it is set to true (the default), it will always serialize the type as an +// array of strings, even if it just contains one element, defaulting to the behaviour +// of the underlying []string. If it is set to false, it will serialize to a single +// string, if it contains one element. Otherwise, it will serialize to an array of strings. +var MarshalSingleStringAsArray = true + +// NumericDate represents a JSON numeric date value, as referenced at +// https://datatracker.ietf.org/doc/html/rfc7519#section-2. +type NumericDate struct { + time.Time +} + +// NewNumericDate constructs a new *NumericDate from a standard library time.Time struct. +// It will truncate the timestamp according to the precision specified in TimePrecision. +func NewNumericDate(t time.Time) *NumericDate { + return &NumericDate{t.Truncate(TimePrecision)} +} + +// newNumericDateFromSeconds creates a new *NumericDate out of a float64 representing a +// UNIX epoch with the float fraction representing non-integer seconds. +func newNumericDateFromSeconds(f float64) *NumericDate { + round, frac := math.Modf(f) + return NewNumericDate(time.Unix(int64(round), int64(frac*1e9))) +} + +// MarshalJSON is an implementation of the json.RawMessage interface and serializes the UNIX epoch +// represented in NumericDate to a byte array, using the precision specified in TimePrecision. +func (date NumericDate) MarshalJSON() (b []byte, err error) { + f := float64(date.Truncate(TimePrecision).UnixNano()) / float64(time.Second) + + return []byte(strconv.FormatFloat(f, 'f', -1, 64)), nil +} + +// UnmarshalJSON is an implementation of the json.RawMessage interface and deserializses a +// NumericDate from a JSON representation, i.e. a json.Number. This number represents an UNIX epoch +// with either integer or non-integer seconds. +func (date *NumericDate) UnmarshalJSON(b []byte) (err error) { + var ( + number json.Number + f float64 + ) + + if err = json.Unmarshal(b, &number); err != nil { + return fmt.Errorf("could not parse NumericData: %w", err) + } + + if f, err = number.Float64(); err != nil { + return fmt.Errorf("could not convert json number value to float: %w", err) + } + + n := newNumericDateFromSeconds(f) + *date = *n + + return nil +} + +// ClaimStrings is basically just a slice of strings, but it can be either serialized from a string array or just a string. +// This type is necessary, since the "aud" claim can either be a single string or an array. +type ClaimStrings []string + +func (s *ClaimStrings) UnmarshalJSON(data []byte) (err error) { + var value interface{} + + if err = json.Unmarshal(data, &value); err != nil { + return err + } + + var aud []string + + switch v := value.(type) { + case string: + aud = append(aud, v) + case []string: + aud = ClaimStrings(v) + case []interface{}: + for _, vv := range v { + vs, ok := vv.(string) + if !ok { + return &json.UnsupportedTypeError{Type: reflect.TypeOf(vv)} + } + aud = append(aud, vs) + } + case nil: + return nil + default: + return &json.UnsupportedTypeError{Type: reflect.TypeOf(v)} + } + + *s = aud + + return +} + +func (s ClaimStrings) MarshalJSON() (b []byte, err error) { + // This handles a special case in the JWT RFC. If the string array, e.g. used by the "aud" field, + // only contains one element, it MAY be serialized as a single string. This may or may not be + // desired based on the ecosystem of other JWT library used, so we make it configurable by the + // variable MarshalSingleStringAsArray. + if len(s) == 1 && !MarshalSingleStringAsArray { + return json.Marshal(s[0]) + } + + return json.Marshal([]string(s)) +} diff --git a/vendor/github.com/jmoiron/sqlx/sqlx.go b/vendor/github.com/jmoiron/sqlx/sqlx.go index 112ef70e9c..f7b2876834 100644 --- a/vendor/github.com/jmoiron/sqlx/sqlx.go +++ b/vendor/github.com/jmoiron/sqlx/sqlx.go @@ -878,9 +878,10 @@ func structOnlyError(t reflect.Type) error { } // scanAll scans all rows into a destination, which must be a slice of any -// type. If the destination slice type is a Struct, then StructScan will be -// used on each row. If the destination is some other kind of base type, then -// each row must only have one column which can scan into that type. This +// type. It resets the slice length to zero before appending each element to +// the slice. If the destination slice type is a Struct, then StructScan will +// be used on each row. If the destination is some other kind of base type, +// then each row must only have one column which can scan into that type. This // allows you to do something like: // // rows, _ := db.Query("select id from people;") @@ -910,6 +911,7 @@ func scanAll(rows rowsi, dest interface{}, structOnly bool) error { if err != nil { return err } + direct.SetLen(0) isPtr := slice.Elem().Kind() == reflect.Ptr base := reflectx.Deref(slice.Elem()) diff --git a/vendor/github.com/lib/pq/conn.go b/vendor/github.com/lib/pq/conn.go index e050d53586..7d83f672ba 100644 --- a/vendor/github.com/lib/pq/conn.go +++ b/vendor/github.com/lib/pq/conn.go @@ -31,8 +31,10 @@ var ( ErrNotSupported = errors.New("pq: Unsupported command") ErrInFailedTransaction = errors.New("pq: Could not complete operation in a failed transaction") ErrSSLNotSupported = errors.New("pq: SSL is not enabled on the server") - ErrSSLKeyHasWorldPermissions = errors.New("pq: Private key file has group or world access. Permissions should be u=rw (0600) or less") - ErrCouldNotDetectUsername = errors.New("pq: Could not detect default username. Please provide one explicitly") + ErrSSLKeyUnknownOwnership = errors.New("pq: Could not get owner information for private key, may not be properly protected") + ErrSSLKeyHasWorldPermissions = errors.New("pq: Private key has world access. Permissions should be u=rw,g=r (0640) if owned by root, or u=rw (0600), or less") + + ErrCouldNotDetectUsername = errors.New("pq: Could not detect default username. Please provide one explicitly") errUnexpectedReady = errors.New("unexpected ReadyForQuery") errNoRowsAffected = errors.New("no RowsAffected available after the empty statement") @@ -322,7 +324,7 @@ func DialOpen(d Dialer, dsn string) (_ driver.Conn, err error) { if err != nil { return nil, err } - c.dialer = d + c.Dialer(d) return c.open(context.Background()) } diff --git a/vendor/github.com/lib/pq/connector.go b/vendor/github.com/lib/pq/connector.go index d7d4726156..1145e12257 100644 --- a/vendor/github.com/lib/pq/connector.go +++ b/vendor/github.com/lib/pq/connector.go @@ -27,6 +27,11 @@ func (c *Connector) Connect(ctx context.Context) (driver.Conn, error) { return c.open(ctx) } +// Dialer allows change the dialer used to open connections. +func (c *Connector) Dialer(dialer Dialer) { + c.dialer = dialer +} + // Driver returns the underlying driver of this Connector. func (c *Connector) Driver() driver.Driver { return &Driver{} diff --git a/vendor/github.com/lib/pq/copy.go b/vendor/github.com/lib/pq/copy.go index c072bc3bc4..2f5c1ec8a6 100644 --- a/vendor/github.com/lib/pq/copy.go +++ b/vendor/github.com/lib/pq/copy.go @@ -1,6 +1,7 @@ package pq import ( + "context" "database/sql/driver" "encoding/binary" "errors" @@ -273,6 +274,43 @@ func (ci *copyin) Exec(v []driver.Value) (r driver.Result, err error) { return driver.RowsAffected(0), nil } +// CopyData inserts a raw string into the COPY stream. The insert is +// asynchronous and CopyData can return errors from previous CopyData calls to +// the same COPY stmt. +// +// You need to call Exec(nil) to sync the COPY stream and to get any +// errors from pending data, since Stmt.Close() doesn't return errors +// to the user. +func (ci *copyin) CopyData(ctx context.Context, line string) (r driver.Result, err error) { + if ci.closed { + return nil, errCopyInClosed + } + + if finish := ci.cn.watchCancel(ctx); finish != nil { + defer finish() + } + + if err := ci.getBad(); err != nil { + return nil, err + } + defer ci.cn.errRecover(&err) + + if err := ci.err(); err != nil { + return nil, err + } + + ci.buffer = append(ci.buffer, []byte(line)...) + ci.buffer = append(ci.buffer, '\n') + + if len(ci.buffer) > ciBufferFlushSize { + ci.flush(ci.buffer) + // reset buffer, keep bytes for message identifier and length + ci.buffer = ci.buffer[:5] + } + + return driver.RowsAffected(0), nil +} + func (ci *copyin) Close() (err error) { if ci.closed { // Don't do anything, we're already closed return nil diff --git a/vendor/github.com/lib/pq/encode.go b/vendor/github.com/lib/pq/encode.go index 210b1ec347..bffe6096af 100644 --- a/vendor/github.com/lib/pq/encode.go +++ b/vendor/github.com/lib/pq/encode.go @@ -422,7 +422,7 @@ func ParseTimestamp(currentLocation *time.Location, str string) (time.Time, erro if remainderIdx < len(str) && str[remainderIdx] == '.' { fracStart := remainderIdx + 1 - fracOff := strings.IndexAny(str[fracStart:], "-+ ") + fracOff := strings.IndexAny(str[fracStart:], "-+Z ") if fracOff < 0 { fracOff = len(str) - fracStart } @@ -432,7 +432,7 @@ func ParseTimestamp(currentLocation *time.Location, str string) (time.Time, erro remainderIdx += fracOff + 1 } if tzStart := remainderIdx; tzStart < len(str) && (str[tzStart] == '-' || str[tzStart] == '+') { - // time zone separator is always '-' or '+' (UTC is +00) + // time zone separator is always '-' or '+' or 'Z' (UTC is +00) var tzSign int switch c := str[tzStart]; c { case '-': @@ -454,7 +454,11 @@ func ParseTimestamp(currentLocation *time.Location, str string) (time.Time, erro remainderIdx += 3 } tzOff = tzSign * ((tzHours * 60 * 60) + (tzMin * 60) + tzSec) + } else if tzStart < len(str) && str[tzStart] == 'Z' { + // time zone Z separator indicates UTC is +00 + remainderIdx += 1 } + var isoYear int if isBC { diff --git a/vendor/github.com/lib/pq/error.go b/vendor/github.com/lib/pq/error.go index 5cfe9c6e9f..21b3d933c4 100644 --- a/vendor/github.com/lib/pq/error.go +++ b/vendor/github.com/lib/pq/error.go @@ -402,6 +402,11 @@ func (err *Error) Fatal() bool { return err.Severity == Efatal } +// SQLState returns the SQLState of the error. +func (err *Error) SQLState() string { + return string(err.Code) +} + // Get implements the legacy PGError interface. New code should use the fields // of the Error struct directly. func (err *Error) Get(k byte) (v string) { diff --git a/vendor/github.com/lib/pq/ssl_permissions.go b/vendor/github.com/lib/pq/ssl_permissions.go index 014af6a169..d587f102ed 100644 --- a/vendor/github.com/lib/pq/ssl_permissions.go +++ b/vendor/github.com/lib/pq/ssl_permissions.go @@ -3,7 +3,28 @@ package pq -import "os" +import ( + "errors" + "os" + "syscall" +) + +const ( + rootUserID = uint32(0) + + // The maximum permissions that a private key file owned by a regular user + // is allowed to have. This translates to u=rw. + maxUserOwnedKeyPermissions os.FileMode = 0600 + + // The maximum permissions that a private key file owned by root is allowed + // to have. This translates to u=rw,g=r. + maxRootOwnedKeyPermissions os.FileMode = 0640 +) + +var ( + errSSLKeyHasUnacceptableUserPermissions = errors.New("permissions for files not owned by root should be u=rw (0600) or less") + errSSLKeyHasUnacceptableRootPermissions = errors.New("permissions for root owned files should be u=rw,g=r (0640) or less") +) // sslKeyPermissions checks the permissions on user-supplied ssl key files. // The key file should have very little access. @@ -14,8 +35,59 @@ func sslKeyPermissions(sslkey string) error { if err != nil { return err } - if info.Mode().Perm()&0077 != 0 { - return ErrSSLKeyHasWorldPermissions + + err = hasCorrectPermissions(info) + + // return ErrSSLKeyHasWorldPermissions for backwards compatability with + // existing code. + if err == errSSLKeyHasUnacceptableUserPermissions || err == errSSLKeyHasUnacceptableRootPermissions { + err = ErrSSLKeyHasWorldPermissions } - return nil + return err +} + +// hasCorrectPermissions checks the file info (and the unix-specific stat_t +// output) to verify that the permissions on the file are correct. +// +// If the file is owned by the same user the process is running as, +// the file should only have 0600 (u=rw). If the file is owned by root, +// and the group matches the group that the process is running in, the +// permissions cannot be more than 0640 (u=rw,g=r). The file should +// never have world permissions. +// +// Returns an error when the permission check fails. +func hasCorrectPermissions(info os.FileInfo) error { + // if file's permission matches 0600, allow access. + userPermissionMask := (os.FileMode(0777) ^ maxUserOwnedKeyPermissions) + + // regardless of if we're running as root or not, 0600 is acceptable, + // so we return if we match the regular user permission mask. + if info.Mode().Perm()&userPermissionMask == 0 { + return nil + } + + // We need to pull the Unix file information to get the file's owner. + // If we can't access it, there's some sort of operating system level error + // and we should fail rather than attempting to use faulty information. + sysInfo := info.Sys() + if sysInfo == nil { + return ErrSSLKeyUnknownOwnership + } + + unixStat, ok := sysInfo.(*syscall.Stat_t) + if !ok { + return ErrSSLKeyUnknownOwnership + } + + // if the file is owned by root, we allow 0640 (u=rw,g=r) to match what + // Postgres does. + if unixStat.Uid == rootUserID { + rootPermissionMask := (os.FileMode(0777) ^ maxRootOwnedKeyPermissions) + if info.Mode().Perm()&rootPermissionMask != 0 { + return errSSLKeyHasUnacceptableRootPermissions + } + return nil + } + + return errSSLKeyHasUnacceptableUserPermissions } diff --git a/vendor/golang.org/x/net/http2/go118.go b/vendor/golang.org/x/net/http2/go118.go new file mode 100644 index 0000000000..aca4b2b31a --- /dev/null +++ b/vendor/golang.org/x/net/http2/go118.go @@ -0,0 +1,17 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build go1.18 +// +build go1.18 + +package http2 + +import ( + "crypto/tls" + "net" +) + +func tlsUnderlyingConn(tc *tls.Conn) net.Conn { + return tc.NetConn() +} diff --git a/vendor/golang.org/x/net/http2/not_go118.go b/vendor/golang.org/x/net/http2/not_go118.go new file mode 100644 index 0000000000..eab532c96b --- /dev/null +++ b/vendor/golang.org/x/net/http2/not_go118.go @@ -0,0 +1,17 @@ +// Copyright 2021 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +//go:build !go1.18 +// +build !go1.18 + +package http2 + +import ( + "crypto/tls" + "net" +) + +func tlsUnderlyingConn(tc *tls.Conn) net.Conn { + return nil +} diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index f135b0f751..4f09897637 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -735,7 +735,6 @@ func (cc *ClientConn) healthCheck() { err := cc.Ping(ctx) if err != nil { cc.closeForLostPing() - cc.t.connPool().MarkDead(cc) return } } @@ -907,6 +906,24 @@ func (cc *ClientConn) onIdleTimeout() { cc.closeIfIdle() } +func (cc *ClientConn) closeConn() error { + t := time.AfterFunc(250*time.Millisecond, cc.forceCloseConn) + defer t.Stop() + return cc.tconn.Close() +} + +// A tls.Conn.Close can hang for a long time if the peer is unresponsive. +// Try to shut it down more aggressively. +func (cc *ClientConn) forceCloseConn() { + tc, ok := cc.tconn.(*tls.Conn) + if !ok { + return + } + if nc := tlsUnderlyingConn(tc); nc != nil { + nc.Close() + } +} + func (cc *ClientConn) closeIfIdle() { cc.mu.Lock() if len(cc.streams) > 0 || cc.streamsReserved > 0 { @@ -921,7 +938,7 @@ func (cc *ClientConn) closeIfIdle() { if VerboseLogs { cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, nextID-2) } - cc.tconn.Close() + cc.closeConn() } func (cc *ClientConn) isDoNotReuseAndIdle() bool { @@ -938,7 +955,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { return err } // Wait for all in-flight streams to complete or connection to close - done := make(chan error, 1) + done := make(chan struct{}) cancelled := false // guarded by cc.mu go func() { cc.mu.Lock() @@ -946,7 +963,7 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { for { if len(cc.streams) == 0 || cc.closed { cc.closed = true - done <- cc.tconn.Close() + close(done) break } if cancelled { @@ -957,8 +974,8 @@ func (cc *ClientConn) Shutdown(ctx context.Context) error { }() shutdownEnterWaitStateHook() select { - case err := <-done: - return err + case <-done: + return cc.closeConn() case <-ctx.Done(): cc.mu.Lock() // Free the goroutine above @@ -1001,9 +1018,9 @@ func (cc *ClientConn) closeForError(err error) error { for _, cs := range cc.streams { cs.abortStreamLocked(err) } - defer cc.cond.Broadcast() - defer cc.mu.Unlock() - return cc.tconn.Close() + cc.cond.Broadcast() + cc.mu.Unlock() + return cc.closeConn() } // Close closes the client connection immediately. @@ -1978,7 +1995,7 @@ func (cc *ClientConn) forgetStreamID(id uint32) { cc.vlogf("http2: Transport closing idle conn %p (forSingleUse=%v, maxStream=%v)", cc, cc.singleUse, cc.nextStreamID-2) } cc.closed = true - defer cc.tconn.Close() + defer cc.closeConn() } cc.mu.Unlock() @@ -2025,8 +2042,8 @@ func isEOFOrNetReadError(err error) bool { func (rl *clientConnReadLoop) cleanup() { cc := rl.cc - defer cc.tconn.Close() - defer cc.t.connPool().MarkDead(cc) + cc.t.connPool().MarkDead(cc) + defer cc.closeConn() defer close(cc.readerDone) if cc.idleTimer != nil { diff --git a/vendor/golang.org/x/sync/errgroup/errgroup.go b/vendor/golang.org/x/sync/errgroup/errgroup.go index 9857fe53d3..4c0850a45a 100644 --- a/vendor/golang.org/x/sync/errgroup/errgroup.go +++ b/vendor/golang.org/x/sync/errgroup/errgroup.go @@ -8,22 +8,35 @@ package errgroup import ( "context" + "fmt" "sync" ) +type token struct{} + // A Group is a collection of goroutines working on subtasks that are part of // the same overall task. // -// A zero Group is valid and does not cancel on error. +// A zero Group is valid, has no limit on the number of active goroutines, +// and does not cancel on error. type Group struct { cancel func() wg sync.WaitGroup + sem chan token + errOnce sync.Once err error } +func (g *Group) done() { + if g.sem != nil { + <-g.sem + } + g.wg.Done() +} + // WithContext returns a new Group and an associated Context derived from ctx. // // The derived Context is canceled the first time a function passed to Go @@ -45,14 +58,48 @@ func (g *Group) Wait() error { } // Go calls the given function in a new goroutine. +// It blocks until the new goroutine can be added without the number of +// active goroutines in the group exceeding the configured limit. // // The first call to return a non-nil error cancels the group; its error will be // returned by Wait. func (g *Group) Go(f func() error) { + if g.sem != nil { + g.sem <- token{} + } + g.wg.Add(1) + go func() { + defer g.done() + + if err := f(); err != nil { + g.errOnce.Do(func() { + g.err = err + if g.cancel != nil { + g.cancel() + } + }) + } + }() +} + +// TryGo calls the given function in a new goroutine only if the number of +// active goroutines in the group is currently below the configured limit. +// +// The return value reports whether the goroutine was started. +func (g *Group) TryGo(f func() error) bool { + if g.sem != nil { + select { + case g.sem <- token{}: + // Note: this allows barging iff channels in general allow barging. + default: + return false + } + } + g.wg.Add(1) go func() { - defer g.wg.Done() + defer g.done() if err := f(); err != nil { g.errOnce.Do(func() { @@ -63,4 +110,23 @@ func (g *Group) Go(f func() error) { }) } }() + return true +} + +// SetLimit limits the number of active goroutines in this group to at most n. +// A negative value indicates no limit. +// +// Any subsequent call to the Go method will block until it can add an active +// goroutine without exceeding the configured limit. +// +// The limit must not be modified while any goroutines in the group are active. +func (g *Group) SetLimit(n int) { + if n < 0 { + g.sem = nil + return + } + if len(g.sem) != 0 { + panic(fmt.Errorf("errgroup: modify limit while %v goroutines in the group are still active", len(g.sem))) + } + g.sem = make(chan token, n) } diff --git a/vendor/helm.sh/helm/v3/pkg/action/upgrade.go b/vendor/helm.sh/helm/v3/pkg/action/upgrade.go index c98b524bc3..690397d4a1 100644 --- a/vendor/helm.sh/helm/v3/pkg/action/upgrade.go +++ b/vendor/helm.sh/helm/v3/pkg/action/upgrade.go @@ -391,6 +391,9 @@ func (u *Upgrade) releasingUpgrade(c chan<- resultMessage, upgradedRelease *rele } if u.Wait { + u.cfg.Log( + "waiting for release %s resources (created: %d updated: %d deleted: %d)", + upgradedRelease.Name, len(results.Created), len(results.Updated), len(results.Deleted)) if u.WaitForJobs { if err := u.cfg.KubeClient.WaitWithJobs(target, u.Timeout); err != nil { u.cfg.recordRelease(originalRelease) diff --git a/vendor/helm.sh/helm/v3/pkg/getter/ocigetter.go b/vendor/helm.sh/helm/v3/pkg/getter/ocigetter.go index 76c2db6283..14f5cb3ecd 100644 --- a/vendor/helm.sh/helm/v3/pkg/getter/ocigetter.go +++ b/vendor/helm.sh/helm/v3/pkg/getter/ocigetter.go @@ -63,7 +63,9 @@ func (g *OCIGetter) get(href string) (*bytes.Buffer, error) { // NewOCIGetter constructs a valid http/https client as a Getter func NewOCIGetter(ops ...Option) (Getter, error) { - registryClient, err := registry.NewClient() + registryClient, err := registry.NewClient( + registry.ClientOptEnableCache(true), + ) if err != nil { return nil, err } diff --git a/vendor/helm.sh/helm/v3/pkg/kube/ready.go b/vendor/helm.sh/helm/v3/pkg/kube/ready.go index 5d080d9bf1..0554c17293 100644 --- a/vendor/helm.sh/helm/v3/pkg/kube/ready.go +++ b/vendor/helm.sh/helm/v3/pkg/kube/ready.go @@ -353,9 +353,16 @@ func (c *ReadyChecker) crdReady(crd apiextv1.CustomResourceDefinition) bool { func (c *ReadyChecker) statefulSetReady(sts *appsv1.StatefulSet) bool { // If the update strategy is not a rolling update, there will be nothing to wait for if sts.Spec.UpdateStrategy.Type != appsv1.RollingUpdateStatefulSetStrategyType { + c.log("StatefulSet skipped ready check: %s/%s. updateStrategy is %v", sts.Namespace, sts.Name, sts.Spec.UpdateStrategy.Type) return true } + // Make sure the status is up-to-date with the StatefulSet changes + if sts.Status.ObservedGeneration < sts.Generation { + c.log("StatefulSet is not ready: %s/%s. update has not yet been observed", sts.Namespace, sts.Name) + return false + } + // Dereference all the pointers because StatefulSets like them var partition int // 1 is the default for replicas if not set @@ -386,6 +393,13 @@ func (c *ReadyChecker) statefulSetReady(sts *appsv1.StatefulSet) bool { c.log("StatefulSet is not ready: %s/%s. %d out of %d expected pods are ready", sts.Namespace, sts.Name, sts.Status.ReadyReplicas, replicas) return false } + + if sts.Status.CurrentRevision != sts.Status.UpdateRevision { + c.log("StatefulSet is not ready: %s/%s. currentRevision %s does not yet match updateRevision %s", sts.Namespace, sts.Name, sts.Status.CurrentRevision, sts.Status.UpdateRevision) + return false + } + + c.log("StatefulSet is ready: %s/%s. %d out of %d expected pods are ready", sts.Namespace, sts.Name, sts.Status.ReadyReplicas, replicas) return true } diff --git a/vendor/helm.sh/helm/v3/pkg/pusher/ocipusher.go b/vendor/helm.sh/helm/v3/pkg/pusher/ocipusher.go index 24cfd8cad2..7c90e85a48 100644 --- a/vendor/helm.sh/helm/v3/pkg/pusher/ocipusher.go +++ b/vendor/helm.sh/helm/v3/pkg/pusher/ocipusher.go @@ -85,7 +85,9 @@ func (pusher *OCIPusher) push(chartRef, href string) error { // NewOCIPusher constructs a valid OCI client as a Pusher func NewOCIPusher(ops ...Option) (Pusher, error) { - registryClient, err := registry.NewClient() + registryClient, err := registry.NewClient( + registry.ClientOptEnableCache(true), + ) if err != nil { return nil, err } diff --git a/vendor/helm.sh/helm/v3/pkg/registry/client.go b/vendor/helm.sh/helm/v3/pkg/registry/client.go index 0107136d3f..c1004f9564 100644 --- a/vendor/helm.sh/helm/v3/pkg/registry/client.go +++ b/vendor/helm.sh/helm/v3/pkg/registry/client.go @@ -53,7 +53,8 @@ a plus (+) when pulling from a registry.` type ( // Client works with OCI-compliant registries Client struct { - debug bool + debug bool + enableCache bool // path to repository config file e.g. ~/.docker/config.json credentialsFile string out io.Writer @@ -95,12 +96,18 @@ func NewClient(options ...ClientOption) (*Client, error) { } client.resolver = resolver } + + // allocate a cache if option is set + var cache registryauth.Cache + if client.enableCache { + cache = registryauth.DefaultCache + } if client.registryAuthorizer == nil { client.registryAuthorizer = ®istryauth.Client{ Header: http.Header{ "User-Agent": {version.GetUserAgent()}, }, - Cache: registryauth.DefaultCache, + Cache: cache, Credential: func(ctx context.Context, reg string) (registryauth.Credential, error) { dockerClient, ok := client.authorizer.(*dockerauth.Client) if !ok { @@ -138,6 +145,13 @@ func ClientOptDebug(debug bool) ClientOption { } } +// ClientOptEnableCache returns a function that sets the enableCache setting on a client options set +func ClientOptEnableCache(enableCache bool) ClientOption { + return func(client *Client) { + client.enableCache = enableCache + } +} + // ClientOptWriter returns a function that sets the writer setting on client options set func ClientOptWriter(out io.Writer) ClientOption { return func(client *Client) { diff --git a/vendor/helm.sh/helm/v3/pkg/storage/driver/util.go b/vendor/helm.sh/helm/v3/pkg/storage/driver/util.go index e5b846163c..b5908e5089 100644 --- a/vendor/helm.sh/helm/v3/pkg/storage/driver/util.go +++ b/vendor/helm.sh/helm/v3/pkg/storage/driver/util.go @@ -63,7 +63,7 @@ func decodeRelease(data string) (*rspb.Release, error) { // For backwards compatibility with releases that were stored before // compression was introduced we skip decompression if the // gzip magic header is not found - if bytes.Equal(b[0:3], magicGzip) { + if len(b) > 3 && bytes.Equal(b[0:3], magicGzip) { r, err := gzip.NewReader(bytes.NewReader(b)) if err != nil { return nil, err diff --git a/vendor/helm.sh/helm/v3/pkg/strvals/parser.go b/vendor/helm.sh/helm/v3/pkg/strvals/parser.go index 457b99f94a..d8c73d03c5 100644 --- a/vendor/helm.sh/helm/v3/pkg/strvals/parser.go +++ b/vendor/helm.sh/helm/v3/pkg/strvals/parser.go @@ -29,6 +29,10 @@ import ( // ErrNotList indicates that a non-list was treated as a list. var ErrNotList = errors.New("not a list") +// MaxIndex is the maximum index that will be allowed by setIndex. +// The default value 65536 = 1024 * 64 +var MaxIndex = 65536 + // ToYAML takes a string of arguments and converts to a YAML document. func ToYAML(s string) (string, error) { m, err := Parse(s) @@ -249,6 +253,9 @@ func setIndex(list []interface{}, index int, val interface{}) (l2 []interface{}, if index < 0 { return list, fmt.Errorf("negative %d index not allowed", index) } + if index > MaxIndex { + return list, fmt.Errorf("index of %d is greater than maximum supported index of %d", index, MaxIndex) + } if len(list) <= index { newlist := make([]interface{}, index+1) copy(newlist, list) diff --git a/vendor/k8s.io/kube-openapi/pkg/common/common.go b/vendor/k8s.io/kube-openapi/pkg/common/common.go index c84ca70316..24f2b0e889 100644 --- a/vendor/k8s.io/kube-openapi/pkg/common/common.go +++ b/vendor/k8s.io/kube-openapi/pkg/common/common.go @@ -20,7 +20,7 @@ import ( "net/http" "strings" - "github.com/emicklei/go-restful" + "github.com/emicklei/go-restful/v3" "k8s.io/kube-openapi/pkg/openapiconv" "k8s.io/kube-openapi/pkg/spec3" diff --git a/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go b/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go new file mode 100644 index 0000000000..35fd579201 --- /dev/null +++ b/vendor/k8s.io/kube-openapi/pkg/validation/spec/gnostic.go @@ -0,0 +1,1515 @@ +/* +Copyright 2022 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package spec + +import ( + "errors" + "strconv" + + "github.com/go-openapi/jsonreference" + openapi_v2 "github.com/google/gnostic/openapiv2" +) + +// Interfaces +type GnosticCommonValidations interface { + GetMaximum() float64 + GetExclusiveMaximum() bool + GetMinimum() float64 + GetExclusiveMinimum() bool + GetMaxLength() int64 + GetMinLength() int64 + GetPattern() string + GetMaxItems() int64 + GetMinItems() int64 + GetUniqueItems() bool + GetMultipleOf() float64 + GetEnum() []*openapi_v2.Any +} + +func (k *CommonValidations) FromGnostic(g GnosticCommonValidations) error { + if g == nil { + return nil + } + + max := g.GetMaximum() + if max != 0 { + k.Maximum = &max + } + + k.ExclusiveMaximum = g.GetExclusiveMaximum() + + min := g.GetMinimum() + if min != 0 { + k.Minimum = &min + } + + k.ExclusiveMinimum = g.GetExclusiveMinimum() + + maxLen := g.GetMaxLength() + if maxLen != 0 { + k.MaxLength = &maxLen + } + + minLen := g.GetMinLength() + if minLen != 0 { + k.MinLength = &minLen + } + + k.Pattern = g.GetPattern() + + maxItems := g.GetMaxItems() + if maxItems != 0 { + k.MaxItems = &maxItems + } + + minItems := g.GetMinItems() + if minItems != 0 { + k.MinItems = &minItems + } + + k.UniqueItems = g.GetUniqueItems() + + multOf := g.GetMultipleOf() + if multOf != 0 { + k.MultipleOf = &multOf + } + + enums := g.GetEnum() + + if enums != nil { + k.Enum = make([]interface{}, len(enums)) + for i, v := range enums { + if v == nil { + continue + } + + var convert interface{} + if err := v.ToRawInfo().Decode(&convert); err != nil { + return err + } else { + k.Enum[i] = convert + } + } + } + + return nil +} + +type GnosticSimpleSchema interface { + GetType() string + GetFormat() string + GetItems() *openapi_v2.PrimitivesItems + GetCollectionFormat() string + GetDefault() *openapi_v2.Any +} + +func (k *SimpleSchema) FromGnostic(g GnosticSimpleSchema) error { + if g == nil { + return nil + } + + k.Type = g.GetType() + k.Format = g.GetFormat() + k.CollectionFormat = g.GetCollectionFormat() + + items := g.GetItems() + if items != nil { + k.Items = &Items{} + if err := k.Items.FromGnostic(items); err != nil { + return err + } + } + + def := g.GetDefault() + if def != nil { + var convert interface{} + if err := def.ToRawInfo().Decode(&convert); err != nil { + return err + } else { + k.Default = convert + } + } + + return nil +} + +func (k *Items) FromGnostic(g *openapi_v2.PrimitivesItems) error { + if g == nil { + return nil + } + + if err := k.SimpleSchema.FromGnostic(g); err != nil { + return err + } + + if err := k.CommonValidations.FromGnostic(g); err != nil { + return err + } + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return err + } + + return nil +} + +func (k *VendorExtensible) FromGnostic(g []*openapi_v2.NamedAny) error { + if len(g) == 0 { + return nil + } + + k.Extensions = make(Extensions, len(g)) + for _, v := range g { + if v == nil { + continue + } + + if v.Value == nil { + k.Extensions[v.Name] = nil + continue + } + + var iface interface{} + if err := v.Value.ToRawInfo().Decode(&iface); err != nil { + return err + } else { + k.Extensions[v.Name] = iface + } + } + return nil +} + +func (k *Refable) FromGnostic(g string) error { + return k.Ref.FromGnostic(g) +} + +func (k *Ref) FromGnostic(g string) error { + if g == "" { + return nil + } + + ref, err := jsonreference.New(g) + if err != nil { + return err + } + + *k = Ref{ + Ref: ref, + } + + return nil +} + +// Converts a gnostic v2 Document to a kube-openapi Swagger Document +// +// Caveats: +// +// - gnostic v2 documents treats zero as unspecified for numerical fields of +//CommonValidations fields such as Maximum, Minimum, MaximumItems, etc. +//There will always be data loss if one of the values of these fields is set to zero. +// +// Returns: +// +// - `ok`: `false` if a value was present in the gnostic document which cannot be +// roundtripped into kube-openapi types. In these instances, `ok` is set to +// `false` and the value is skipped. +// +// - `err`: an unexpected error occurred in the conversion from the gnostic type +// to kube-openapi type. +func (k *Swagger) FromGnostic(g *openapi_v2.Document) (ok bool, err error) { + ok = true + if g == nil { + return true, nil + } + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + + if nok, err := k.SwaggerProps.FromGnostic(g); err != nil { + return false, err + } else if !nok { + ok = false + } + + return ok, nil +} + +func (k *SwaggerProps) FromGnostic(g *openapi_v2.Document) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + + // openapi_v2.Document does not support "ID" field, so it will not be + // included + k.Consumes = g.Consumes + k.Produces = g.Produces + k.Schemes = g.Schemes + k.Swagger = g.Swagger + + if g.Info != nil { + k.Info = &Info{} + if nok, err := k.Info.FromGnostic(g.Info); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + k.Host = g.Host + k.BasePath = g.BasePath + + if g.Paths != nil { + k.Paths = &Paths{} + if nok, err := k.Paths.FromGnostic(g.Paths); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Definitions != nil { + k.Definitions = make(Definitions, len(g.Definitions.AdditionalProperties)) + for _, v := range g.Definitions.AdditionalProperties { + if v == nil { + continue + } + converted := Schema{} + if nok, err := converted.FromGnostic(v.Value); err != nil { + return false, err + } else if !nok { + ok = false + } + k.Definitions[v.Name] = converted + + } + } + + if g.Parameters != nil { + k.Parameters = make( + map[string]Parameter, + len(g.Parameters.AdditionalProperties)) + for _, v := range g.Parameters.AdditionalProperties { + if v == nil { + continue + } + p := Parameter{} + if nok, err := p.FromGnostic(v.Value); err != nil { + return false, err + } else if !nok { + ok = false + } + + k.Parameters[v.Name] = p + } + } + + if g.Responses != nil { + k.Responses = make( + map[string]Response, + len(g.Responses.AdditionalProperties)) + + for _, v := range g.Responses.AdditionalProperties { + if v == nil { + continue + } + p := Response{} + if nok, err := p.FromGnostic(v.Value); err != nil { + return false, err + } else if !nok { + ok = false + } + + k.Responses[v.Name] = p + } + } + + if g.SecurityDefinitions != nil { + k.SecurityDefinitions = make(SecurityDefinitions) + if err := k.SecurityDefinitions.FromGnostic(g.SecurityDefinitions); err != nil { + return false, err + } + } + + if g.Security != nil { + k.Security = make([]map[string][]string, len(g.Security)) + for i, v := range g.Security { + if v == nil || v.AdditionalProperties == nil { + continue + } + + k.Security[i] = make(map[string][]string, len(v.AdditionalProperties)) + converted := k.Security[i] + for _, p := range v.AdditionalProperties { + if p == nil { + continue + } + if p.Value != nil { + converted[p.Name] = p.Value.Value + } else { + converted[p.Name] = nil + } + } + } + } + + if g.Tags != nil { + k.Tags = make([]Tag, len(g.Tags)) + for i, v := range g.Tags { + if v == nil { + continue + } else if nok, err := k.Tags[i].FromGnostic(v); err != nil { + return false, err + } else if !nok { + ok = false + } + } + } + + if g.ExternalDocs != nil { + k.ExternalDocs = &ExternalDocumentation{} + if nok, err := k.ExternalDocs.FromGnostic(g.ExternalDocs); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + return ok, nil +} + +// Info + +func (k *Info) FromGnostic(g *openapi_v2.Info) (ok bool, err error) { + ok = true + if g == nil { + return true, nil + } + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + + if nok, err := k.InfoProps.FromGnostic(g); err != nil { + return false, err + } else if !nok { + ok = false + } + + return ok, nil +} + +func (k *InfoProps) FromGnostic(g *openapi_v2.Info) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + + k.Description = g.Description + k.Title = g.Title + k.TermsOfService = g.TermsOfService + + if g.Contact != nil { + k.Contact = &ContactInfo{} + + if nok, err := k.Contact.FromGnostic(g.Contact); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.License != nil { + k.License = &License{} + if nok, err := k.License.FromGnostic(g.License); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + k.Version = g.Version + return ok, nil +} + +func (k *License) FromGnostic(g *openapi_v2.License) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + + k.Name = g.Name + k.URL = g.Url + + // License does not embed to VendorExtensible! + // data loss from g.VendorExtension + if len(g.VendorExtension) != 0 { + ok = false + } + + return ok, nil +} + +func (k *ContactInfo) FromGnostic(g *openapi_v2.Contact) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + + k.Name = g.Name + k.URL = g.Url + k.Email = g.Email + + // ContactInfo does not embed to VendorExtensible! + // data loss from g.VendorExtension + if len(g.VendorExtension) != 0 { + ok = false + } + + return ok, nil +} + +// Paths + +func (k *Paths) FromGnostic(g *openapi_v2.Paths) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + + if g.Path != nil { + k.Paths = make(map[string]PathItem, len(g.Path)) + for _, v := range g.Path { + if v == nil { + continue + } + + converted := PathItem{} + if nok, err := converted.FromGnostic(v.Value); err != nil { + return false, err + } else if !nok { + ok = false + } + + k.Paths[v.Name] = converted + } + } + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + return ok, nil +} + +func (k *PathItem) FromGnostic(g *openapi_v2.PathItem) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + + if nok, err := k.PathItemProps.FromGnostic(g); err != nil { + return false, err + } else if !nok { + ok = false + } + + if err := k.Refable.FromGnostic(g.XRef); err != nil { + return false, err + } + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + return ok, nil +} + +func (k *PathItemProps) FromGnostic(g *openapi_v2.PathItem) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + if g.Get != nil { + k.Get = &Operation{} + if nok, err := k.Get.FromGnostic(g.Get); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Put != nil { + k.Put = &Operation{} + if nok, err := k.Put.FromGnostic(g.Put); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Post != nil { + k.Post = &Operation{} + if nok, err := k.Post.FromGnostic(g.Post); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Delete != nil { + k.Delete = &Operation{} + if nok, err := k.Delete.FromGnostic(g.Delete); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Options != nil { + k.Options = &Operation{} + if nok, err := k.Options.FromGnostic(g.Options); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Head != nil { + k.Head = &Operation{} + if nok, err := k.Head.FromGnostic(g.Head); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Patch != nil { + k.Patch = &Operation{} + if nok, err := k.Patch.FromGnostic(g.Patch); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Parameters != nil { + k.Parameters = make([]Parameter, len(g.Parameters)) + for i, v := range g.Parameters { + if v == nil { + continue + } else if nok, err := k.Parameters[i].FromGnosticParametersItem(v); err != nil { + return false, err + } else if !nok { + ok = false + } + } + } + + return ok, nil +} + +func (k *Operation) FromGnostic(g *openapi_v2.Operation) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + + if nok, err := k.OperationProps.FromGnostic(g); err != nil { + return false, err + } else if !nok { + ok = false + } + + return ok, nil +} + +func (k *OperationProps) FromGnostic(g *openapi_v2.Operation) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + + k.Description = g.Description + k.Consumes = g.Consumes + k.Produces = g.Produces + k.Schemes = g.Schemes + k.Tags = g.Tags + k.Summary = g.Summary + + if g.ExternalDocs != nil { + k.ExternalDocs = &ExternalDocumentation{} + if nok, err := k.ExternalDocs.FromGnostic(g.ExternalDocs); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + k.ID = g.OperationId + k.Deprecated = g.Deprecated + + if g.Security != nil { + k.Security = make([]map[string][]string, len(g.Security)) + for i, v := range g.Security { + if v == nil || v.AdditionalProperties == nil { + continue + } + + k.Security[i] = make(map[string][]string, len(v.AdditionalProperties)) + converted := k.Security[i] + for _, p := range v.AdditionalProperties { + if p == nil { + continue + } + + if p.Value != nil { + converted[p.Name] = p.Value.Value + } else { + converted[p.Name] = nil + } + } + } + } + + if g.Parameters != nil { + k.Parameters = make([]Parameter, len(g.Parameters)) + for i, v := range g.Parameters { + if v == nil { + continue + } else if nok, err := k.Parameters[i].FromGnosticParametersItem(v); err != nil { + return false, err + } else if !nok { + ok = false + } + } + } + + if g.Responses != nil { + k.Responses = &Responses{} + if nok, err := k.Responses.FromGnostic(g.Responses); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + return ok, nil +} + +// Responses + +func (k *Responses) FromGnostic(g *openapi_v2.Responses) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + + if nok, err := k.ResponsesProps.FromGnostic(g); err != nil { + return false, err + } else if !nok { + ok = false + } + + return ok, nil +} + +func (k *ResponsesProps) FromGnostic(g *openapi_v2.Responses) (ok bool, err error) { + if g == nil { + return true, nil + } else if g.ResponseCode == nil { + return ok, nil + } + + ok = true + for _, v := range g.ResponseCode { + if v == nil { + continue + } + if v.Name == "default" { + k.Default = &Response{} + if nok, err := k.Default.FromGnosticResponseValue(v.Value); err != nil { + return false, err + } else if !nok { + ok = false + } + } else if nk, err := strconv.Atoi(v.Name); err != nil { + // This should actually never fail, unless gnostic struct was + // manually/purposefully tampered with at runtime. + // Gnostic's ParseDocument validates that all StatusCodeResponses + // keys adhere to the following regex ^([0-9]{3})$|^(default)$ + ok = false + } else { + if k.StatusCodeResponses == nil { + k.StatusCodeResponses = map[int]Response{} + } + + res := Response{} + if nok, err := res.FromGnosticResponseValue(v.Value); err != nil { + return false, err + } else if !nok { + ok = false + } + k.StatusCodeResponses[nk] = res + } + } + + return ok, nil +} + +func (k *Response) FromGnostic(g *openapi_v2.Response) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + // Refable case handled in FromGnosticResponseValue + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + + if nok, err := k.ResponseProps.FromGnostic(g); err != nil { + return false, err + } else if !nok { + ok = false + } + + return ok, nil +} + +func (k *Response) FromGnosticResponseValue(g *openapi_v2.ResponseValue) (ok bool, err error) { + ok = true + if ref := g.GetJsonReference(); ref != nil { + k.Description = ref.Description + + if err := k.Refable.FromGnostic(ref.XRef); err != nil { + return false, err + } + } else if nok, err := k.FromGnostic(g.GetResponse()); err != nil { + return false, err + } else if !nok { + ok = false + } + + return ok, nil +} + +func (k *ResponseProps) FromGnostic(g *openapi_v2.Response) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + k.Description = g.Description + + if g.Schema != nil { + k.Schema = &Schema{} + if nok, err := k.Schema.FromGnosticSchemaItem(g.Schema); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Headers != nil { + k.Headers = make(map[string]Header, len(g.Headers.AdditionalProperties)) + for _, v := range g.Headers.AdditionalProperties { + if v == nil { + continue + } + + converted := Header{} + if err := converted.FromGnostic(v.GetValue()); err != nil { + return false, err + } + + k.Headers[v.Name] = converted + } + } + + if g.Examples != nil { + k.Examples = make(map[string]interface{}, len(g.Examples.AdditionalProperties)) + for _, v := range g.Examples.AdditionalProperties { + if v == nil { + continue + } else if v.Value == nil { + k.Examples[v.Name] = nil + continue + } + + var iface interface{} + if err := v.Value.ToRawInfo().Decode(&iface); err != nil { + return false, err + } else { + k.Examples[v.Name] = iface + } + } + } + + return ok, nil +} + +// Header + +func (k *Header) FromGnostic(g *openapi_v2.Header) (err error) { + if g == nil { + return nil + } + + if err := k.CommonValidations.FromGnostic(g); err != nil { + return err + } + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return err + } + + if err := k.SimpleSchema.FromGnostic(g); err != nil { + return err + } + + if err := k.HeaderProps.FromGnostic(g); err != nil { + return err + } + + return nil +} + +func (k *HeaderProps) FromGnostic(g *openapi_v2.Header) error { + if g == nil { + return nil + } + + // All other fields of openapi_v2.Header are handled by + // the embeded fields, commonvalidations, etc. + k.Description = g.Description + return nil +} + +// Parameters + +func (k *Parameter) FromGnostic(g *openapi_v2.Parameter) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + switch p := g.Oneof.(type) { + case *openapi_v2.Parameter_BodyParameter: + if nok, err := k.ParamProps.FromGnostic(p.BodyParameter); err != nil { + return false, err + } else if !nok { + ok = false + } + + if err := k.VendorExtensible.FromGnostic(p.BodyParameter.GetVendorExtension()); err != nil { + return false, err + } + + return ok, nil + case *openapi_v2.Parameter_NonBodyParameter: + switch nb := g.GetNonBodyParameter().Oneof.(type) { + case *openapi_v2.NonBodyParameter_HeaderParameterSubSchema: + if nok, err := k.ParamProps.FromGnostic(nb.HeaderParameterSubSchema); err != nil { + return false, err + } else if !nok { + ok = false + } + + if err := k.SimpleSchema.FromGnostic(nb.HeaderParameterSubSchema); err != nil { + return false, err + } + + if err := k.CommonValidations.FromGnostic(nb.HeaderParameterSubSchema); err != nil { + return false, err + } + + if err := k.VendorExtensible.FromGnostic(nb.HeaderParameterSubSchema.GetVendorExtension()); err != nil { + return false, err + } + + return ok, nil + case *openapi_v2.NonBodyParameter_FormDataParameterSubSchema: + if nok, err := k.ParamProps.FromGnostic(nb.FormDataParameterSubSchema); err != nil { + return false, err + } else if !nok { + ok = false + } + + if err := k.SimpleSchema.FromGnostic(nb.FormDataParameterSubSchema); err != nil { + return false, err + } + + if err := k.CommonValidations.FromGnostic(nb.FormDataParameterSubSchema); err != nil { + return false, err + } + + if err := k.VendorExtensible.FromGnostic(nb.FormDataParameterSubSchema.GetVendorExtension()); err != nil { + return false, err + } + + return ok, nil + case *openapi_v2.NonBodyParameter_QueryParameterSubSchema: + if nok, err := k.ParamProps.FromGnostic(nb.QueryParameterSubSchema); err != nil { + return false, err + } else if !nok { + ok = false + } + + if err := k.SimpleSchema.FromGnostic(nb.QueryParameterSubSchema); err != nil { + return false, err + } + + if err := k.CommonValidations.FromGnostic(nb.QueryParameterSubSchema); err != nil { + return false, err + } + + if err := k.VendorExtensible.FromGnostic(nb.QueryParameterSubSchema.GetVendorExtension()); err != nil { + return false, err + } + + return ok, nil + case *openapi_v2.NonBodyParameter_PathParameterSubSchema: + if nok, err := k.ParamProps.FromGnostic(nb.PathParameterSubSchema); err != nil { + return false, err + } else if !nok { + ok = false + } + + if err := k.SimpleSchema.FromGnostic(nb.PathParameterSubSchema); err != nil { + return false, err + } + + if err := k.CommonValidations.FromGnostic(nb.PathParameterSubSchema); err != nil { + return false, err + } + + if err := k.VendorExtensible.FromGnostic(nb.PathParameterSubSchema.GetVendorExtension()); err != nil { + return false, err + } + + return ok, nil + default: + return false, errors.New("unrecognized nonbody type for Parameter") + } + default: + return false, errors.New("unrecognized type for Parameter") + } +} + +type GnosticCommonParamProps interface { + GetName() string + GetRequired() bool + GetIn() string + GetDescription() string +} + +type GnosticCommonParamPropsBodyParameter interface { + GetSchema() *openapi_v2.Schema +} + +type GnosticCommonParamPropsFormData interface { + GetAllowEmptyValue() bool +} + +func (k *ParamProps) FromGnostic(g GnosticCommonParamProps) (ok bool, err error) { + ok = true + k.Description = g.GetDescription() + k.In = g.GetIn() + k.Name = g.GetName() + k.Required = g.GetRequired() + + if formDataParameter, success := g.(GnosticCommonParamPropsFormData); success { + k.AllowEmptyValue = formDataParameter.GetAllowEmptyValue() + } + + if bodyParameter, success := g.(GnosticCommonParamPropsBodyParameter); success { + if bodyParameter.GetSchema() != nil { + k.Schema = &Schema{} + if nok, err := k.Schema.FromGnostic(bodyParameter.GetSchema()); err != nil { + return false, err + } else if !nok { + ok = false + } + } + } + + return ok, nil +} + +// PB types use a different structure than we do for "refable". For PB, there is +// a wrappign oneof type that could be a ref or the type +func (k *Parameter) FromGnosticParametersItem(g *openapi_v2.ParametersItem) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + if ref := g.GetJsonReference(); ref != nil { + k.Description = ref.Description + + if err := k.Refable.FromGnostic(ref.XRef); err != nil { + return false, err + } + } else if nok, err := k.FromGnostic(g.GetParameter()); err != nil { + return false, err + } else if !nok { + ok = false + } + + return ok, nil +} + +// Schema + +func (k *Schema) FromGnostic(g *openapi_v2.Schema) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + + // SwaggerSchemaProps + k.Discriminator = g.Discriminator + k.ReadOnly = g.ReadOnly + k.Description = g.Description + if g.ExternalDocs != nil { + k.ExternalDocs = &ExternalDocumentation{} + if nok, err := k.ExternalDocs.FromGnostic(g.ExternalDocs); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Example != nil { + if err := g.Example.ToRawInfo().Decode(&k.Example); err != nil { + return false, err + } + } + + // SchemaProps + if err := k.Ref.FromGnostic(g.XRef); err != nil { + return false, err + } + k.Type = g.Type.GetValue() + k.Format = g.GetFormat() + k.Title = g.GetTitle() + + // These below fields are not available in gnostic types, so will never + // be populated. This means roundtrips which make use of these + // (non-official, kube-only) fields will lose information. + // + // Schema.ID is not available in official spec + // Schema.$schema + // Schema.Nullable - in openapiv3, not v2 + // Schema.AnyOf - in openapiv3, not v2 + // Schema.OneOf - in openapiv3, not v2 + // Schema.Not - in openapiv3, not v2 + // Schema.PatternProperties - in openapiv3, not v2 + // Schema.Dependencies - in openapiv3, not v2 + // Schema.AdditionalItems + // Schema.Definitions - not part of spec + // Schema.ExtraProps - gnostic parser rejects any keys it does not recognize + + if g.GetDefault() != nil { + if err := g.GetDefault().ToRawInfo().Decode(&k.Default); err != nil { + return false, err + } + } + + // These conditionals (!= 0) follow gnostic's logic for ToRawInfo + // The keys in gnostic source are only included if nonzero. + + if g.Maximum != 0.0 { + k.Maximum = &g.Maximum + } + + if g.Minimum != 0.0 { + k.Minimum = &g.Minimum + } + + k.ExclusiveMaximum = g.ExclusiveMaximum + k.ExclusiveMinimum = g.ExclusiveMinimum + + if g.MaxLength != 0 { + k.MaxLength = &g.MaxLength + } + + if g.MinLength != 0 { + k.MinLength = &g.MinLength + } + + k.Pattern = g.GetPattern() + + if g.MaxItems != 0 { + k.MaxItems = &g.MaxItems + } + + if g.MinItems != 0 { + k.MinItems = &g.MinItems + } + k.UniqueItems = g.UniqueItems + + if g.MultipleOf != 0 { + k.MultipleOf = &g.MultipleOf + } + + for _, v := range g.GetEnum() { + if v == nil { + continue + } + + var convert interface{} + if err := v.ToRawInfo().Decode(&convert); err != nil { + return false, err + } + k.Enum = append(k.Enum, convert) + } + + if g.MaxProperties != 0 { + k.MaxProperties = &g.MaxProperties + } + + if g.MinProperties != 0 { + k.MinProperties = &g.MinProperties + } + + k.Required = g.Required + + if g.GetItems() != nil { + k.Items = &SchemaOrArray{} + for _, v := range g.Items.GetSchema() { + if v == nil { + continue + } + + schema := Schema{} + if nok, err := schema.FromGnostic(v); err != nil { + return false, err + } else if !nok { + ok = false + } + k.Items.Schemas = append(k.Items.Schemas, schema) + } + + if len(k.Items.Schemas) == 1 { + k.Items.Schema = &k.Items.Schemas[0] + k.Items.Schemas = nil + } + } + + for i, v := range g.GetAllOf() { + if v == nil { + continue + } + + k.AllOf = append(k.AllOf, Schema{}) + if nok, err := k.AllOf[i].FromGnostic(v); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if g.Properties != nil { + k.Properties = make(map[string]Schema) + for _, namedSchema := range g.Properties.AdditionalProperties { + if namedSchema == nil { + continue + } + val := &Schema{} + if nok, err := val.FromGnostic(namedSchema.Value); err != nil { + return false, err + } else if !nok { + ok = false + } + + k.Properties[namedSchema.Name] = *val + } + } + + if g.AdditionalProperties != nil { + k.AdditionalProperties = &SchemaOrBool{} + if g.AdditionalProperties.GetSchema() == nil { + k.AdditionalProperties.Allows = g.AdditionalProperties.GetBoolean() + } else { + k.AdditionalProperties.Schema = &Schema{} + if nok, err := k.AdditionalProperties.Schema.FromGnostic(g.AdditionalProperties.GetSchema()); err != nil { + return false, err + } else if !nok { + ok = false + } + } + } + + return ok, nil +} + +func (k *Schema) FromGnosticSchemaItem(g *openapi_v2.SchemaItem) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + + switch p := g.Oneof.(type) { + case *openapi_v2.SchemaItem_FileSchema: + fileSchema := p.FileSchema + + if err := k.VendorExtensible.FromGnostic(fileSchema.VendorExtension); err != nil { + return false, err + } + + k.Format = fileSchema.Format + k.Title = fileSchema.Title + k.Description = fileSchema.Description + k.Required = fileSchema.Required + k.Type = []string{fileSchema.Type} + k.ReadOnly = fileSchema.ReadOnly + + if fileSchema.ExternalDocs != nil { + k.ExternalDocs = &ExternalDocumentation{} + if nok, err := k.ExternalDocs.FromGnostic(fileSchema.ExternalDocs); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + if fileSchema.Example != nil { + if err := fileSchema.Example.ToRawInfo().Decode(&k.Example); err != nil { + return false, err + } + } + + if fileSchema.Default != nil { + if err := fileSchema.Default.ToRawInfo().Decode(&k.Default); err != nil { + return false, err + } + } + + case *openapi_v2.SchemaItem_Schema: + schema := p.Schema + + if nok, err := k.FromGnostic(schema); err != nil { + return false, err + } else if !nok { + ok = false + } + default: + return false, errors.New("unrecognized type for SchemaItem") + } + + return ok, nil +} + +// SecurityDefinitions + +func (k SecurityDefinitions) FromGnostic(g *openapi_v2.SecurityDefinitions) error { + for _, v := range g.GetAdditionalProperties() { + if v == nil { + continue + } + secScheme := &SecurityScheme{} + if err := secScheme.FromGnostic(v.Value); err != nil { + return err + } + k[v.Name] = secScheme + } + + return nil +} + +type GnosticCommonSecurityDefinition interface { + GetType() string + GetDescription() string +} + +func (k *SecuritySchemeProps) FromGnostic(g GnosticCommonSecurityDefinition) error { + k.Type = g.GetType() + k.Description = g.GetDescription() + + if hasName, success := g.(interface{ GetName() string }); success { + k.Name = hasName.GetName() + } + + if hasIn, success := g.(interface{ GetIn() string }); success { + k.In = hasIn.GetIn() + } + + if hasFlow, success := g.(interface{ GetFlow() string }); success { + k.Flow = hasFlow.GetFlow() + } + + if hasAuthURL, success := g.(interface{ GetAuthorizationUrl() string }); success { + k.AuthorizationURL = hasAuthURL.GetAuthorizationUrl() + } + + if hasTokenURL, success := g.(interface{ GetTokenUrl() string }); success { + k.TokenURL = hasTokenURL.GetTokenUrl() + } + + if hasScopes, success := g.(interface { + GetScopes() *openapi_v2.Oauth2Scopes + }); success { + scopes := hasScopes.GetScopes() + if scopes != nil { + k.Scopes = make(map[string]string, len(scopes.AdditionalProperties)) + for _, v := range scopes.AdditionalProperties { + if v == nil { + continue + } + + k.Scopes[v.Name] = v.Value + } + } + } + + return nil +} + +func (k *SecurityScheme) FromGnostic(g *openapi_v2.SecurityDefinitionsItem) error { + if g == nil { + return nil + } + + switch s := g.Oneof.(type) { + case *openapi_v2.SecurityDefinitionsItem_ApiKeySecurity: + if err := k.SecuritySchemeProps.FromGnostic(s.ApiKeySecurity); err != nil { + return err + } + if err := k.VendorExtensible.FromGnostic(s.ApiKeySecurity.VendorExtension); err != nil { + return err + } + return nil + case *openapi_v2.SecurityDefinitionsItem_BasicAuthenticationSecurity: + if err := k.SecuritySchemeProps.FromGnostic(s.BasicAuthenticationSecurity); err != nil { + return err + } + if err := k.VendorExtensible.FromGnostic(s.BasicAuthenticationSecurity.VendorExtension); err != nil { + return err + } + return nil + case *openapi_v2.SecurityDefinitionsItem_Oauth2AccessCodeSecurity: + if err := k.SecuritySchemeProps.FromGnostic(s.Oauth2AccessCodeSecurity); err != nil { + return err + } + if err := k.VendorExtensible.FromGnostic(s.Oauth2AccessCodeSecurity.VendorExtension); err != nil { + return err + } + return nil + case *openapi_v2.SecurityDefinitionsItem_Oauth2ApplicationSecurity: + if err := k.SecuritySchemeProps.FromGnostic(s.Oauth2ApplicationSecurity); err != nil { + return err + } + if err := k.VendorExtensible.FromGnostic(s.Oauth2ApplicationSecurity.VendorExtension); err != nil { + return err + } + return nil + case *openapi_v2.SecurityDefinitionsItem_Oauth2ImplicitSecurity: + if err := k.SecuritySchemeProps.FromGnostic(s.Oauth2ImplicitSecurity); err != nil { + return err + } + if err := k.VendorExtensible.FromGnostic(s.Oauth2ImplicitSecurity.VendorExtension); err != nil { + return err + } + return nil + case *openapi_v2.SecurityDefinitionsItem_Oauth2PasswordSecurity: + if err := k.SecuritySchemeProps.FromGnostic(s.Oauth2PasswordSecurity); err != nil { + return err + } + if err := k.VendorExtensible.FromGnostic(s.Oauth2PasswordSecurity.VendorExtension); err != nil { + return err + } + return nil + default: + return errors.New("unrecognized SecurityDefinitionsItem") + } +} + +// Tag + +func (k *Tag) FromGnostic(g *openapi_v2.Tag) (ok bool, err error) { + if g == nil { + return true, nil + } + + ok = true + + if nok, err := k.TagProps.FromGnostic(g); err != nil { + return false, err + } else if !nok { + ok = false + } + + if err := k.VendorExtensible.FromGnostic(g.VendorExtension); err != nil { + return false, err + } + return ok, nil +} + +func (k *TagProps) FromGnostic(g *openapi_v2.Tag) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + k.Description = g.Description + k.Name = g.Name + + if g.ExternalDocs != nil { + k.ExternalDocs = &ExternalDocumentation{} + if nok, err := k.ExternalDocs.FromGnostic(g.ExternalDocs); err != nil { + return false, err + } else if !nok { + ok = false + } + } + + return ok, nil +} + +// ExternalDocumentation + +func (k *ExternalDocumentation) FromGnostic(g *openapi_v2.ExternalDocs) (ok bool, err error) { + if g == nil { + return true, nil + } + ok = true + k.Description = g.Description + k.URL = g.Url + + // data loss! g.VendorExtension + if len(g.VendorExtension) != 0 { + ok = false + } + + return ok, nil +} diff --git a/vendor/k8s.io/kubectl/pkg/util/templates/templater.go b/vendor/k8s.io/kubectl/pkg/util/templates/templater.go index 3ef297c85c..2e9f942a57 100644 --- a/vendor/k8s.io/kubectl/pkg/util/templates/templater.go +++ b/vendor/k8s.io/kubectl/pkg/util/templates/templater.go @@ -223,7 +223,7 @@ func flagsUsages(f *flag.FlagSet) (string, error) { flagBuf := new(bytes.Buffer) wrapLimit, err := term.GetWordWrapperLimit() if err != nil { - return "", err + wrapLimit = 0 } printer := NewHelpFlagPrinter(flagBuf, wrapLimit) diff --git a/vendor/modules.txt b/vendor/modules.txt index 2df70a2610..41b2aaa8f9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -8,11 +8,11 @@ github.com/Azure/go-ansiterm/winterm # github.com/Azure/go-autorest v14.2.0+incompatible ## explicit github.com/Azure/go-autorest -# github.com/Azure/go-autorest/autorest v0.11.20 +# github.com/Azure/go-autorest/autorest v0.11.24 ## explicit; go 1.15 github.com/Azure/go-autorest/autorest github.com/Azure/go-autorest/autorest/azure -# github.com/Azure/go-autorest/autorest/adal v0.9.15 +# github.com/Azure/go-autorest/autorest/adal v0.9.18 ## explicit; go 1.15 github.com/Azure/go-autorest/autorest/adal # github.com/Azure/go-autorest/autorest/date v0.3.0 @@ -40,7 +40,7 @@ github.com/Masterminds/semver/v3 # github.com/Masterminds/sprig/v3 v3.2.2 ## explicit; go 1.13 github.com/Masterminds/sprig/v3 -# github.com/Masterminds/squirrel v1.5.2 +# github.com/Masterminds/squirrel v1.5.3 ## explicit; go 1.14 github.com/Masterminds/squirrel # github.com/PuerkitoBio/purell v1.1.1 @@ -103,7 +103,7 @@ github.com/cyphar/filepath-securejoin # github.com/davecgh/go-spew v1.1.1 ## explicit github.com/davecgh/go-spew/spew -# github.com/docker/cli v20.10.11+incompatible +# github.com/docker/cli v20.10.17+incompatible ## explicit github.com/docker/cli/cli/config github.com/docker/cli/cli/config/configfile @@ -123,7 +123,7 @@ github.com/docker/distribution/registry/client/auth/challenge github.com/docker/distribution/registry/client/transport github.com/docker/distribution/registry/storage/cache github.com/docker/distribution/registry/storage/cache/memory -# github.com/docker/docker v20.10.14+incompatible +# github.com/docker/docker v20.10.17+incompatible ## explicit github.com/docker/docker/api/types github.com/docker/docker/api/types/blkiodev @@ -160,8 +160,10 @@ github.com/docker/go-metrics github.com/docker/go-units # github.com/emicklei/go-restful v2.9.5+incompatible ## explicit -github.com/emicklei/go-restful -github.com/emicklei/go-restful/log +# github.com/emicklei/go-restful/v3 v3.8.0 +## explicit; go 1.13 +github.com/emicklei/go-restful/v3 +github.com/emicklei/go-restful/v3/log # github.com/evanphx/json-patch v4.12.0+incompatible ## explicit github.com/evanphx/json-patch @@ -203,7 +205,7 @@ github.com/gobwas/glob/util/strings ## explicit; go 1.15 github.com/gogo/protobuf/proto github.com/gogo/protobuf/sortkeys -# github.com/golang-jwt/jwt/v4 v4.0.0 +# github.com/golang-jwt/jwt/v4 v4.2.0 ## explicit; go 1.15 github.com/golang-jwt/jwt/v4 # github.com/golang/protobuf v1.5.2 @@ -389,7 +391,7 @@ github.com/imdario/mergo # github.com/inconshreveable/mousetrap v1.0.0 ## explicit github.com/inconshreveable/mousetrap -# github.com/jmoiron/sqlx v1.3.4 +# github.com/jmoiron/sqlx v1.3.5 ## explicit; go 1.10 github.com/jmoiron/sqlx github.com/jmoiron/sqlx/reflectx @@ -413,7 +415,7 @@ github.com/lann/builder # github.com/lann/ps v0.0.0-20150810152359-62de8c46ede0 ## explicit github.com/lann/ps -# github.com/lib/pq v1.10.4 +# github.com/lib/pq v1.10.6 ## explicit; go 1.13 github.com/lib/pq github.com/lib/pq/oid @@ -622,7 +624,7 @@ golang.org/x/crypto/scrypt golang.org/x/crypto/sha3 golang.org/x/crypto/ssh golang.org/x/crypto/ssh/internal/bcrypt_pbkdf -# golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd +# golang.org/x/net v0.0.0-20220225172249-27dd8689420f ## explicit; go 1.17 golang.org/x/net/context golang.org/x/net/context/ctxhttp @@ -643,7 +645,7 @@ golang.org/x/oauth2/google/internal/externalaccount golang.org/x/oauth2/internal golang.org/x/oauth2/jws golang.org/x/oauth2/jwt -# golang.org/x/sync v0.0.0-20210220032951-036812b2e83c +# golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f ## explicit golang.org/x/sync/errgroup golang.org/x/sync/semaphore @@ -790,7 +792,7 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# helm.sh/helm/v3 v3.9.0 +# helm.sh/helm/v3 v3.9.4 ## explicit; go 1.17 helm.sh/helm/v3/internal/fileutil helm.sh/helm/v3/internal/ignore @@ -879,7 +881,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.24.0 +# k8s.io/apiextensions-apiserver v0.24.2 ## explicit; go 1.16 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 @@ -938,10 +940,10 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.24.0 +# k8s.io/apiserver v0.24.2 ## explicit; go 1.16 k8s.io/apiserver/pkg/endpoints/deprecation -# k8s.io/cli-runtime v0.24.0 +# k8s.io/cli-runtime v0.24.2 ## explicit; go 1.16 k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers @@ -1088,7 +1090,7 @@ k8s.io/client-go/util/homedir k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.24.0 +# k8s.io/component-base v0.24.2 ## explicit; go 1.16 k8s.io/component-base/version # k8s.io/klog v1.0.0 @@ -1101,8 +1103,8 @@ k8s.io/klog/v2/internal/buffer k8s.io/klog/v2/internal/clock k8s.io/klog/v2/internal/serialize k8s.io/klog/v2/internal/severity -# k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 -## explicit; go 1.16 +# k8s.io/kube-openapi v0.0.0-20220627174259-011e075b9cb8 +## explicit; go 1.18 k8s.io/kube-openapi/pkg/builder3/util k8s.io/kube-openapi/pkg/common k8s.io/kube-openapi/pkg/handler3 @@ -1114,7 +1116,7 @@ k8s.io/kube-openapi/pkg/spec3 k8s.io/kube-openapi/pkg/util/proto k8s.io/kube-openapi/pkg/util/proto/validation k8s.io/kube-openapi/pkg/validation/spec -# k8s.io/kubectl v0.24.0 +# k8s.io/kubectl v0.24.2 ## explicit; go 1.16 k8s.io/kubectl/pkg/cmd/util k8s.io/kubectl/pkg/scheme @@ -1137,7 +1139,7 @@ k8s.io/utils/net k8s.io/utils/pointer k8s.io/utils/strings/slices k8s.io/utils/trace -# oras.land/oras-go v1.1.0 +# oras.land/oras-go v1.2.0 ## explicit; go 1.17 oras.land/oras-go/pkg/artifact oras.land/oras-go/pkg/auth diff --git a/vendor/oras.land/oras-go/pkg/auth/client_opts.go b/vendor/oras.land/oras-go/pkg/auth/client_opts.go index 4f71454b94..f385b24085 100644 --- a/vendor/oras.land/oras-go/pkg/auth/client_opts.go +++ b/vendor/oras.land/oras-go/pkg/auth/client_opts.go @@ -30,6 +30,9 @@ type ( Hostname string Username string Secret string + CertFile string + KeyFile string + CAFile string Insecure bool UserAgent string } @@ -70,6 +73,15 @@ func WithLoginInsecure() LoginOption { } } +// WithLoginTLS returns a function that sets the tls settings on login. +func WithLoginTLS(certFile, keyFile, caFile string) LoginOption { + return func(settings *LoginSettings) { + settings.CertFile = certFile + settings.KeyFile = keyFile + settings.CAFile = caFile + } +} + // WithLoginUserAgent returns a function that sets the UserAgent setting on login. func WithLoginUserAgent(userAgent string) LoginOption { return func(settings *LoginSettings) { diff --git a/vendor/oras.land/oras-go/pkg/auth/docker/login.go b/vendor/oras.land/oras-go/pkg/auth/docker/login.go index 4e1d1ee6c1..bd155e5300 100644 --- a/vendor/oras.land/oras-go/pkg/auth/docker/login.go +++ b/vendor/oras.land/oras-go/pkg/auth/docker/login.go @@ -25,6 +25,8 @@ import ( iface "oras.land/oras-go/pkg/auth" ) +const IndexHostname = "index.docker.io" + // Login logs in to a docker registry identified by the hostname. // Deprecated: use LoginWithOpts func (c *Client) Login(ctx context.Context, hostname, username, secret string, insecure bool) error { @@ -78,9 +80,19 @@ func (c *Client) login(settings *iface.LoginSettings) error { if userAgent == "" { userAgent = "oras" } - if _, token, err := remote.Auth(ctx, &cred, userAgent); err != nil { + + var token string + if (settings.CertFile != "" && settings.KeyFile != "") || settings.CAFile != "" { + _, token, err = c.loginWithTLS(ctx, remote, settings.CertFile, settings.KeyFile, settings.CAFile, &cred, userAgent) + } else { + _, token, err = remote.Auth(ctx, &cred, userAgent) + } + + if err != nil { return err - } else if token != "" { + } + + if token != "" { cred.Username = "" cred.Password = "" cred.IdentityToken = token diff --git a/vendor/oras.land/oras-go/pkg/auth/docker/login_tls.go b/vendor/oras.land/oras-go/pkg/auth/docker/login_tls.go new file mode 100644 index 0000000000..cb92df8187 --- /dev/null +++ b/vendor/oras.land/oras-go/pkg/auth/docker/login_tls.go @@ -0,0 +1,220 @@ +/* +Copyright The ORAS Authors. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + +http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package docker + +import ( + "context" + "crypto/tls" + "fmt" + "net" + "net/http" + "net/url" + "strings" + "time" + + "github.com/docker/distribution/registry/api/errcode" + "github.com/docker/distribution/registry/client/auth" + "github.com/docker/distribution/registry/client/transport" + "github.com/docker/docker/api/types" + "github.com/docker/docker/errdefs" + "github.com/docker/docker/registry" + "github.com/docker/go-connections/tlsconfig" + "github.com/pkg/errors" + "github.com/sirupsen/logrus" +) + +// The following functions are adapted from github.com/docker/docker/registry +// We need these to support passing in a transport that has custom TLS configuration +// They are not exposed in the docker/registry package that's why they are copied here + +type loginCredentialStore struct { + authConfig *types.AuthConfig +} + +func (lcs loginCredentialStore) Basic(*url.URL) (string, string) { + return lcs.authConfig.Username, lcs.authConfig.Password +} + +func (lcs loginCredentialStore) RefreshToken(*url.URL, string) string { + return lcs.authConfig.IdentityToken +} + +func (lcs loginCredentialStore) SetRefreshToken(u *url.URL, service, token string) { + lcs.authConfig.IdentityToken = token +} + +// loginWithTLS tries to login to the v2 registry server. +// A custom tls.Config is used to override the default TLS configuration of the different registry endpoints. +// The tls.Config is created using the provided certificate, certificate key and certificate authority. +func (c *Client) loginWithTLS(ctx context.Context, service registry.Service, certFile, keyFile, caFile string, authConfig *types.AuthConfig, userAgent string) (string, string, error) { + tlsConfig, err := tlsconfig.Client(tlsconfig.Options{CAFile: caFile, CertFile: certFile, KeyFile: keyFile}) + if err != nil { + return "", "", err + } + + endpoints, err := c.getEndpoints(authConfig.ServerAddress, service) + if err != nil { + return "", "", err + } + + var status, token string + for _, endpoint := range endpoints { + endpoint.TLSConfig = tlsConfig + status, token, err = loginV2(authConfig, endpoint, userAgent) + + if err != nil { + if isNotAuthorizedError(err) { + return "", "", err + } + + logrus.WithError(err).Infof("Error logging in to endpoint, trying next endpoint") + continue + } + + return status, token, nil + } + + return "", "", err +} + +// getEndpoints returns the endpoints for the given hostname. +func (c *Client) getEndpoints(address string, service registry.Service) ([]registry.APIEndpoint, error) { + var registryHostName = IndexHostname + + if address != "" { + if !strings.HasPrefix(address, "https://") && !strings.HasPrefix(address, "http://") { + address = fmt.Sprintf("https://%s", address) + } + u, err := url.Parse(address) + if err != nil { + return nil, errdefs.InvalidParameter(errors.Wrapf(err, "unable to parse server address")) + } + registryHostName = u.Host + } + + // Lookup endpoints for authentication using "LookupPushEndpoints", which + // excludes mirrors to prevent sending credentials of the upstream registry + // to a mirror. + endpoints, err := service.LookupPushEndpoints(registryHostName) + if err != nil { + return nil, errdefs.InvalidParameter(err) + } + + return endpoints, nil +} + +// loginV2 tries to login to the v2 registry server. The given registry +// endpoint will be pinged to get authorization challenges. These challenges +// will be used to authenticate against the registry to validate credentials. +func loginV2(authConfig *types.AuthConfig, endpoint registry.APIEndpoint, userAgent string) (string, string, error) { + var ( + endpointStr = strings.TrimRight(endpoint.URL.String(), "/") + "/v2/" + modifiers = registry.Headers(userAgent, nil) + authTransport = transport.NewTransport(newTransport(endpoint.TLSConfig), modifiers...) + credentialAuthConfig = *authConfig + creds = loginCredentialStore{authConfig: &credentialAuthConfig} + ) + + logrus.Debugf("attempting v2 login to registry endpoint %s", endpointStr) + + loginClient, err := v2AuthHTTPClient(endpoint.URL, authTransport, modifiers, creds, nil) + if err != nil { + return "", "", err + } + + req, err := http.NewRequest(http.MethodGet, endpointStr, nil) + if err != nil { + return "", "", err + } + + resp, err := loginClient.Do(req) + if err != nil { + err = translateV2AuthError(err) + return "", "", err + } + defer resp.Body.Close() + + if resp.StatusCode == http.StatusOK { + return "Login Succeeded", credentialAuthConfig.IdentityToken, nil + } + + // TODO(dmcgowan): Attempt to further interpret result, status code and error code string + return "", "", errors.Errorf("login attempt to %s failed with status: %d %s", endpointStr, resp.StatusCode, http.StatusText(resp.StatusCode)) +} + +// newTransport returns a new HTTP transport. If tlsConfig is nil, it uses the +// default TLS configuration. +func newTransport(tlsConfig *tls.Config) *http.Transport { + if tlsConfig == nil { + tlsConfig = tlsconfig.ServerDefault() + } + + direct := &net.Dialer{ + Timeout: 30 * time.Second, + KeepAlive: 30 * time.Second, + } + + return &http.Transport{ + Proxy: http.ProxyFromEnvironment, + DialContext: direct.DialContext, + TLSHandshakeTimeout: 10 * time.Second, + TLSClientConfig: tlsConfig, + // TODO(dmcgowan): Call close idle connections when complete and use keep alive + DisableKeepAlives: true, + } +} + +func v2AuthHTTPClient(endpoint *url.URL, authTransport http.RoundTripper, modifiers []transport.RequestModifier, creds auth.CredentialStore, scopes []auth.Scope) (*http.Client, error) { + challengeManager, _, err := registry.PingV2Registry(endpoint, authTransport) + if err != nil { + return nil, err + } + + tokenHandlerOptions := auth.TokenHandlerOptions{ + Transport: authTransport, + Credentials: creds, + OfflineAccess: true, + ClientID: registry.AuthClientID, + Scopes: scopes, + } + tokenHandler := auth.NewTokenHandlerWithOptions(tokenHandlerOptions) + basicHandler := auth.NewBasicHandler(creds) + modifiers = append(modifiers, auth.NewAuthorizer(challengeManager, tokenHandler, basicHandler)) + + return &http.Client{ + Transport: transport.NewTransport(authTransport, modifiers...), + Timeout: 15 * time.Second, + }, nil +} + +func translateV2AuthError(err error) error { + switch e := err.(type) { + case *url.Error: + switch e2 := e.Err.(type) { + case errcode.Error: + switch e2.Code { + case errcode.ErrorCodeUnauthorized: + return errdefs.Unauthorized(err) + } + } + } + + return err +} + +func isNotAuthorizedError(err error) bool { + return strings.Contains(err.Error(), "401 Unauthorized") +} diff --git a/vendor/oras.land/oras-go/pkg/content/file.go b/vendor/oras.land/oras-go/pkg/content/file.go index e313175185..70f46d1ae9 100644 --- a/vendor/oras.land/oras-go/pkg/content/file.go +++ b/vendor/oras.land/oras-go/pkg/content/file.go @@ -312,7 +312,10 @@ func (s *File) Close() error { } return true }) - return errors.New(strings.Join(errs, "; ")) + if len(errs) > 0 { + return errors.New(strings.Join(errs, "; ")) + } + return nil } func (s *File) resolveWritePath(name string) (string, error) { diff --git a/vendor/oras.land/oras-go/pkg/content/oci.go b/vendor/oras.land/oras-go/pkg/content/oci.go index 1512449673..b643f61f4d 100644 --- a/vendor/oras.land/oras-go/pkg/content/oci.go +++ b/vendor/oras.land/oras-go/pkg/content/oci.go @@ -276,10 +276,9 @@ func (s *OCI) Walk(ctx context.Context, fn content.WalkFunc, filters ...string) return errors.New("not yet implemented: Walk (content.Store interface)") } -// TODO: implement (needed to create a content.Store) // Delete removes the content from the store. func (s *OCI) Delete(ctx context.Context, dgst digest.Digest) error { - return errors.New("not yet implemented: Delete (content.Store interface)") + return s.Store.Delete(ctx, dgst) } // TODO: implement (needed to create a content.Store) diff --git a/vendor/oras.land/oras-go/pkg/oras/provider.go b/vendor/oras.land/oras-go/pkg/oras/provider.go index db16d75f2c..97736ad3c7 100644 --- a/vendor/oras.land/oras-go/pkg/oras/provider.go +++ b/vendor/oras.land/oras-go/pkg/oras/provider.go @@ -70,7 +70,7 @@ func (f *fetcherReaderAt) ReadAt(p []byte, off int64) (n int, err error) { f.rc = rc } - n, err = f.rc.Read(p) + n, err = io.ReadFull(f.rc, p) if err != nil { return n, err }