From e55b03c127232de183b1e6cf3f590c84b18c29a2 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 15 Aug 2023 21:20:09 +0200 Subject: [PATCH 001/177] Update the fuzzer so it only sets values in case the random value is an empty value for fields that will be defaulted. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../apis/config/controller/fuzzer/fuzzer.go | 116 ++++++++++++------ 1 file changed, 79 insertions(+), 37 deletions(-) diff --git a/internal/apis/config/controller/fuzzer/fuzzer.go b/internal/apis/config/controller/fuzzer/fuzzer.go index 4fe34b75b99..bc79e7d59c1 100644 --- a/internal/apis/config/controller/fuzzer/fuzzer.go +++ b/internal/apis/config/controller/fuzzer/fuzzer.go @@ -33,45 +33,87 @@ var Funcs = func(codecs runtimeserializer.CodecFactory) []interface{} { func(s *controller.ControllerConfiguration, c fuzz.Continue) { c.FuzzNoCustom(s) // fuzz self without calling this function again - defaultTime := 60 * time.Second - s.APIServerHost = "defaultHost" - s.KubeConfig = "defaultConfig" - s.KubernetesAPIQPS = 10 - s.KubernetesAPIBurst = 10 - s.ClusterResourceNamespace = "defaultClusterResourceNamespace" - s.Namespace = "defaultNamespace" - s.LeaderElectionConfig.Enabled = true - s.LeaderElectionConfig.Namespace = "defaultLeaderElectionNamespace" - s.LeaderElectionConfig.LeaseDuration = defaultTime - s.LeaderElectionConfig.RenewDeadline = defaultTime - s.LeaderElectionConfig.RetryPeriod = defaultTime - s.Controllers = []string{"*"} - s.ACMEHTTP01Config.SolverImage = "defaultACMEHTTP01SolverImage" - s.ACMEHTTP01Config.SolverResourceRequestCPU = "10m" - s.ACMEHTTP01Config.SolverResourceRequestMemory = "64Mi" - s.ACMEHTTP01Config.SolverResourceLimitsCPU = "100m" - s.ACMEHTTP01Config.SolverResourceLimitsMemory = "64Mi" - s.ACMEHTTP01Config.SolverRunAsNonRoot = true - s.ACMEHTTP01Config.SolverNameservers = []string{"8.8.8.8:53"} - s.ClusterIssuerAmbientCredentials = true - s.IssuerAmbientCredentials = true - s.IngressShimConfig.DefaultIssuerName = "defaultTLSACMEIssuerName" - s.IngressShimConfig.DefaultIssuerKind = "defaultIssuerKind" - s.IngressShimConfig.DefaultIssuerGroup = "defaultTLSACMEIssuerGroup" - s.IngressShimConfig.DefaultAutoCertificateAnnotations = []string{"kubernetes.io/tls-acme"} - s.ACMEDNS01Config.RecursiveNameservers = []string{"8.8.8.8:53"} - s.ACMEDNS01Config.RecursiveNameserversOnly = true - s.EnableCertificateOwnerRef = true - s.NumberOfConcurrentWorkers = 1 - s.MaxConcurrentChallenges = 1 - s.MetricsListenAddress = "0.0.0.0:9402" - s.HealthzListenAddress = "0.0.0.0:9402" - s.LeaderElectionConfig.HealthzTimeout = defaultTime - s.EnablePprof = true - s.PprofAddress = "something:1234" - s.CopiedAnnotationPrefixes = []string{"*", "-kubectl.kubernetes.io/", "-fluxcd.io/", "-argocd.argoproj.io/"} + if s.ClusterResourceNamespace == "" { + s.ClusterResourceNamespace = "test-roundtrip" + } + + if len(s.Controllers) == 0 { + s.Controllers = []string{"test-roundtrip"} + } + + if len(s.CopiedAnnotationPrefixes) == 0 { + s.CopiedAnnotationPrefixes = []string{"test-roundtrip"} + } + + if s.MetricsListenAddress == "" { + s.MetricsListenAddress = "test-roundtrip" + } + + if s.HealthzListenAddress == "" { + s.HealthzListenAddress = "test-roundtrip" + } + + if s.PprofAddress == "" { + s.PprofAddress = "test-roundtrip" + } logsapi.SetRecommendedLoggingConfiguration(&s.Logging) + + if s.LeaderElectionConfig.Namespace == "" { + s.LeaderElectionConfig.Namespace = "test-roundtrip" + } + + if s.LeaderElectionConfig.LeaseDuration == time.Duration(0) { + s.LeaderElectionConfig.LeaseDuration = time.Second * 8875 + } + + if s.LeaderElectionConfig.RenewDeadline == time.Duration(0) { + s.LeaderElectionConfig.RenewDeadline = time.Second * 8875 + } + + if s.LeaderElectionConfig.RetryPeriod == time.Duration(0) { + s.LeaderElectionConfig.RetryPeriod = time.Second * 8875 + } + + if s.LeaderElectionConfig.HealthzTimeout == time.Duration(0) { + s.LeaderElectionConfig.HealthzTimeout = time.Second * 8875 + } + + if s.IngressShimConfig.DefaultIssuerKind == "" { + s.IngressShimConfig.DefaultIssuerKind = "test-roundtrip" + } + + if s.IngressShimConfig.DefaultIssuerGroup == "" { + s.IngressShimConfig.DefaultIssuerGroup = "test-roundtrip" + } + + if len(s.IngressShimConfig.DefaultAutoCertificateAnnotations) == 0 { + s.IngressShimConfig.DefaultAutoCertificateAnnotations = []string{"test-roundtrip"} + } + + if s.ACMEHTTP01Config.SolverImage == "" { + s.ACMEHTTP01Config.SolverImage = "test-roundtrip" + } + + if s.ACMEHTTP01Config.SolverResourceRequestCPU == "" { + s.ACMEHTTP01Config.SolverResourceRequestCPU = "test-roundtrip" + } + + if s.ACMEHTTP01Config.SolverResourceRequestMemory == "" { + s.ACMEHTTP01Config.SolverResourceRequestMemory = "test-roundtrip" + } + + if s.ACMEHTTP01Config.SolverResourceLimitsCPU == "" { + s.ACMEHTTP01Config.SolverResourceLimitsCPU = "test-roundtrip" + } + + if s.ACMEHTTP01Config.SolverResourceLimitsMemory == "" { + s.ACMEHTTP01Config.SolverResourceLimitsMemory = "test-roundtrip" + } + + if s.ACMEDNS01Config.CheckRetryPeriod == time.Duration(0) { + s.ACMEDNS01Config.CheckRetryPeriod = time.Second * 8875 + } }, } } From ed80c5be9018ff0355ad2177cb1c5808ac0a6b92 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 7 Feb 2024 09:39:36 +0100 Subject: [PATCH 002/177] add new testcase that generates a non-critical SAN extension to the GenerateCSR tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/util/pki/csr_test.go | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/pkg/util/pki/csr_test.go b/pkg/util/pki/csr_test.go index 6ad2f22792b..03364962979 100644 --- a/pkg/util/pki/csr_test.go +++ b/pkg/util/pki/csr_test.go @@ -435,6 +435,33 @@ func TestGenerateCSR(t *testing.T) { RawSubject: subjectGenerator(t, pkix.Name{}), }, }, + { + name: "Generate CSR from certificate with subject and DNS", + crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{ + Subject: &cmapi.X509Subject{Organizations: []string{"example inc."}}, + DNSNames: []string{"example.org"}, + }}, + want: &x509.CertificateRequest{ + Version: 0, + SignatureAlgorithm: x509.SHA256WithRSA, + PublicKeyAlgorithm: x509.RSA, + ExtraExtensions: []pkix.Extension{ + sansGenerator( + t, + []asn1.RawValue{ + {Tag: nameTypeDNSName, Class: 2, Bytes: []byte("example.org")}, + }, + false, // SAN is NOT critical as the Subject is not empty + ), + { + Id: OIDExtensionKeyUsage, + Value: asn1DefaultKeyUsage, + Critical: true, + }, + }, + RawSubject: subjectGenerator(t, pkix.Name{Organization: []string{"example inc."}}), + }, + }, { name: "Generate CSR from certificate with only CN", crt: &cmapi.Certificate{Spec: cmapi.CertificateSpec{CommonName: "example.org"}}, From 48759b271cb5950de5f4eac83195746c386af5ff Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 22 Feb 2024 15:51:25 +0100 Subject: [PATCH 003/177] bugfix: LiteralSubject match function was broken Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/util/pki/match.go | 11 ++--- pkg/util/pki/match_test.go | 87 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 93 insertions(+), 5 deletions(-) diff --git a/pkg/util/pki/match.go b/pkg/util/pki/match.go index b735cab9ffd..d01d76d1f1e 100644 --- a/pkg/util/pki/match.go +++ b/pkg/util/pki/match.go @@ -17,6 +17,7 @@ limitations under the License. package pki import ( + "bytes" "crypto" "crypto/ecdsa" "crypto/ed25519" @@ -191,20 +192,20 @@ func RequestMatchesSpec(req *cmapi.CertificateRequest, spec cmapi.CertificateSpe } } else { - // we have a LiteralSubject - // parse the subject of the csr in the same way as we parse LiteralSubject and see whether the RDN Sequences match + // we have a LiteralSubject, generate the RDNSequence and encode it to compare + // with the request's subject - rdnSequenceFromCertificateRequest, err := UnmarshalRawDerBytesToRDNSequence(x509req.RawSubject) + rdnSequenceFromCertificate, err := UnmarshalSubjectStringToRDNSequence(spec.LiteralSubject) if err != nil { return nil, err } - rdnSequenceFromCertificate, err := UnmarshalSubjectStringToRDNSequence(spec.LiteralSubject) + asn1Sequence, err := asn1.Marshal(rdnSequenceFromCertificate) if err != nil { return nil, err } - if !reflect.DeepEqual(rdnSequenceFromCertificate, rdnSequenceFromCertificateRequest) { + if !bytes.Equal(x509req.RawSubject, asn1Sequence) { violations = append(violations, "spec.literalSubject") } } diff --git a/pkg/util/pki/match_test.go b/pkg/util/pki/match_test.go index 50516aff4ec..43c3e2fe059 100644 --- a/pkg/util/pki/match_test.go +++ b/pkg/util/pki/match_test.go @@ -20,6 +20,7 @@ import ( "bytes" "crypto" "crypto/x509" + "encoding/asn1" "encoding/pem" "reflect" "testing" @@ -225,6 +226,92 @@ func TestCertificateRequestOtherNamesMatchSpec(t *testing.T) { } } +func TestRequestMatchesSpecSubject(t *testing.T) { + createCSRBlob := func(literalSubject string) []byte { + pk, err := GenerateRSAPrivateKey(2048) + if err != nil { + t.Fatal(err) + } + + seq, err := UnmarshalSubjectStringToRDNSequence(literalSubject) + if err != nil { + t.Fatal(err) + } + + asn1Seq, err := asn1.Marshal(seq) + if err != nil { + t.Fatal(err) + } + + csr := &x509.CertificateRequest{ + RawSubject: asn1Seq, + } + + csrBytes, err := x509.CreateCertificateRequest(bytes.NewBuffer(nil), csr, pk) + if err != nil { + t.Fatal(err) + } + + return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE REQUEST", Bytes: csrBytes}) + } + + tests := []struct { + name string + subject *cmapi.X509Subject + literalSubject string + x509CSR []byte + err string + violations []string + }{ + { + name: "Matching LiteralSubjects", + literalSubject: "CN=example.com,OU=example,O=example,L=example,ST=example,C=US", + x509CSR: createCSRBlob("CN=example.com,OU=example,O=example,L=example,ST=example,C=US"), + }, + { + name: "Matching LiteralSubjects", + literalSubject: "ST=example,C=US", + x509CSR: createCSRBlob("ST=example"), + violations: []string{"spec.literalSubject"}, + }, + { + name: "Matching LiteralSubjects", + literalSubject: "ST=example,C=US,O=#04024869", + x509CSR: createCSRBlob("ST=example,C=US,O=#04024869"), + }, + } + + for _, test := range tests { + test := test + t.Run(test.name, func(t *testing.T) { + violations, err := RequestMatchesSpec( + &cmapi.CertificateRequest{ + Spec: cmapi.CertificateRequestSpec{ + Request: test.x509CSR, + }, + }, + cmapi.CertificateSpec{ + Subject: test.subject, + LiteralSubject: test.literalSubject, + }, + ) + if err != nil { + if test.err == "" { + t.Errorf("Unexpected error: %s", err.Error()) + } else { + if test.err != err.Error() { + t.Errorf("Expected error: %s but got: %s instead", err.Error(), test.err) + } + } + } + + if !reflect.DeepEqual(violations, test.violations) { + t.Errorf("violations did not match, got=%s, exp=%s", violations, test.violations) + } + }) + } +} + func TestSecretDataAltNamesMatchSpec(t *testing.T) { tests := map[string]struct { data []byte From b32382fead301a09f2cff4516a6b3db99b30e19f Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 21 Feb 2024 20:10:13 +0100 Subject: [PATCH 004/177] improve the dynamic source implementation and add a lot of unit tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/server/tls/authority/authority.go | 72 ++-- pkg/server/tls/dynamic_source.go | 246 ++++++++------ pkg/server/tls/dynamic_source_test.go | 315 ++++++++++++++++++ .../webhook/dynamic_source_test.go | 11 +- 4 files changed, 505 insertions(+), 139 deletions(-) create mode 100644 pkg/server/tls/dynamic_source_test.go diff --git a/pkg/server/tls/authority/authority.go b/pkg/server/tls/authority/authority.go index c0080fa1adf..1db51b52dee 100644 --- a/pkg/server/tls/authority/authority.go +++ b/pkg/server/tls/authority/authority.go @@ -84,7 +84,7 @@ type DynamicAuthority struct { ensureMutex sync.Mutex // watchMutex gates access to the slice of watch channels watchMutex sync.Mutex - watches []chan struct{} + watches []chan<- struct{} } type SignFunc func(template *x509.Certificate) (*x509.Certificate, error) @@ -146,9 +146,16 @@ func (d *DynamicAuthority) Run(ctx context.Context) error { // this poll only ends when stopCh is closed. return false, nil }); err != nil { + if err == context.Canceled { + // context was cancelled, return nil + return nil + } + return err } + factory.Shutdown() + return nil } @@ -207,24 +214,25 @@ func (d *DynamicAuthority) Sign(template *x509.Certificate) (*x509.Certificate, // certificate is rotated/updated. // This can be used to automatically trigger rotation of leaf certificates // when the root CA changes. -func (d *DynamicAuthority) WatchRotation(stopCh <-chan struct{}) <-chan struct{} { +func (d *DynamicAuthority) WatchRotation(output chan<- struct{}) { d.watchMutex.Lock() defer d.watchMutex.Unlock() - ch := make(chan struct{}, 1) - d.watches = append(d.watches, ch) - go func() { - defer close(ch) - <-stopCh - d.watchMutex.Lock() - defer d.watchMutex.Unlock() - for i, c := range d.watches { - if c == ch { - d.watches = append(d.watches[:i], d.watches[i+1:]...) - return - } + + // Add the output channel to the list of watches + d.watches = append(d.watches, output) +} + +func (d *DynamicAuthority) StopWatchingRotation(output chan<- struct{}) { + d.watchMutex.Lock() + defer d.watchMutex.Unlock() + + // Remove the output channel from the list of watches + for i, c := range d.watches { + if c == output { + d.watches = append(d.watches[:i], d.watches[i+1:]...) + return } - }() - return ch + } } func (d *DynamicAuthority) ensureCA(ctx context.Context) error { @@ -253,21 +261,25 @@ func (d *DynamicAuthority) notifyWatches(newCertData, newPrivateKeyData []byte) d.log.V(logf.DebugLevel).Info("Detected change in CA secret data, notifying watchers...") - d.watchMutex.Lock() - defer d.watchMutex.Unlock() - for _, ch := range d.watches { - // the watch channels have a buffer of 1 - drop events to slow - // consumers - select { - case ch <- struct{}{}: - default: + func() { + d.watchMutex.Lock() + defer d.watchMutex.Unlock() + for _, ch := range d.watches { + // the watch channels have a buffer of 1 - drop events to slow + // consumers + select { + case ch <- struct{}{}: + default: + } } - } + }() - d.signMutex.Lock() - defer d.signMutex.Unlock() - d.currentCertData = newCertData - d.currentPrivateKeyData = newPrivateKeyData + func() { + d.signMutex.Lock() + defer d.signMutex.Unlock() + d.currentCertData = newCertData + d.currentPrivateKeyData = newPrivateKeyData + }() } // caRequiresRegeneration will check data in a Secret resource and return true @@ -303,7 +315,7 @@ func (d *DynamicAuthority) caRequiresRegeneration(s *corev1.Secret) bool { return true } // renew the root CA when the current one is 2/3 of the way through its life - if x509Cert.NotAfter.Sub(time.Now()) < (d.CADuration / 3) { + if time.Until(x509Cert.NotAfter) < (x509Cert.NotBefore.Sub(x509Cert.NotAfter) / 3) { d.log.V(logf.InfoLevel).Info("Root CA certificate is nearing expiry. Regenerating...") return true } diff --git a/pkg/server/tls/dynamic_source.go b/pkg/server/tls/dynamic_source.go index 897ff6fd1ee..62a9fad5216 100644 --- a/pkg/server/tls/dynamic_source.go +++ b/pkg/server/tls/dynamic_source.go @@ -26,14 +26,32 @@ import ( "time" "github.com/go-logr/logr" + "golang.org/x/sync/errgroup" "k8s.io/apimachinery/pkg/util/wait" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" logf "github.com/cert-manager/cert-manager/pkg/logs" - "github.com/cert-manager/cert-manager/pkg/server/tls/authority" "github.com/cert-manager/cert-manager/pkg/util/pki" ) +type Authority interface { + // Run starts the authority and blocks until it is stopped or an error occurs. + Run(ctx context.Context) error + + // WatchRotation adds a watcher to the authority that will notify the given + // channel when the root CA has been rotated. It is guaranteed to post a message + // to the channel when the root CA has been rotated and the channel is not full. + WatchRotation(ch chan<- struct{}) + + // StopWatchingRotation removes the watcher from the authority. + StopWatchingRotation(ch chan<- struct{}) + + // Sign signs the given certificate template and returns the signed certificate. + // WARNING: The WatchRotation method should be called before Sign to ensure that + // the rotation of the CA used to sign the certificate in this call is detected. + Sign(template *x509.Certificate) (*x509.Certificate, error) +} + // DynamicSource provides certificate data for a golang HTTP server by // automatically generating certificates using an authority.SignFunc. type DynamicSource struct { @@ -41,7 +59,9 @@ type DynamicSource struct { DNSNames []string // The authority used to sign certificate templates. - Authority *authority.DynamicAuthority + Authority Authority + + RetryInterval time.Duration log logr.Logger @@ -51,131 +71,137 @@ type DynamicSource struct { var _ CertificateSource = &DynamicSource{} +// Copied from https://github.com/kubernetes-sigs/controller-runtime/blob/56159419231e985c091ef3e7a8a3dee40ddf1d73/pkg/manager/manager.go#L287 +var _ interface { + Start(context.Context) error +} = &DynamicSource{} + +var _ interface { + NeedLeaderElection() bool +} = &DynamicSource{} + func (f *DynamicSource) Start(ctx context.Context) error { f.log = logf.FromContext(ctx) - // Run the authority in a separate goroutine - authorityErrChan := make(chan error) - go func() { - defer close(authorityErrChan) - authorityErrChan <- f.Authority.Run(ctx) - }() + if f.RetryInterval == 0 { + f.RetryInterval = 1 * time.Second + } + + group, ctx := errgroup.WithContext(ctx) + group.Go(func() error { + if err := f.Authority.Run(ctx); err != nil { + return fmt.Errorf("failed to run certificate authority: %w", err) + } + + if ctx.Err() == nil { + return fmt.Errorf("certificate authority stopped unexpectedly") + } + + // Context was cancelled, return nil + return nil + }) + + // channel which will be notified when the authority has rotated its root CA + // We start watching the rotation of the root CA before we start generating + // certificates to ensure we don't miss any rotations. + rotationChan := make(chan struct{}, 1) + f.Authority.WatchRotation(rotationChan) + defer f.Authority.StopWatchingRotation(rotationChan) nextRenewCh := make(chan time.Time, 1) // initially fetch a certificate from the signing CA - interval := time.Second - if err := wait.PollUntilContextCancel(ctx, interval, true, func(ctx context.Context) (done bool, err error) { - // check for errors from the authority here too, to prevent retrying - // if the authority has failed to start - select { - case err, ok := <-authorityErrChan: - if err != nil { - return true, fmt.Errorf("failed to run certificate authority: %w", err) - } - if !ok { - return true, context.Canceled - } - default: - // this case avoids blocking if the authority is still running + if err := f.tryRegenerateCertificate(ctx, nextRenewCh); err != nil { + if err := group.Wait(); err != nil { + return err } - if err := f.regenerateCertificate(nextRenewCh); err != nil { - f.log.Error(err, "Failed to generate initial serving certificate, retrying...", "interval", interval) - return false, nil + if err == context.Canceled { + return nil } - return true, nil - }); err != nil { - // In case of an error, the stopCh is closed; wait for authorityErrChan to be closed too - <-authorityErrChan return err } - // watch for changes to the root CA - rotationChan := f.Authority.WatchRotation(ctx.Done()) - renewalChan := func() <-chan struct{} { - ch := make(chan struct{}) - go func() { - defer close(ch) - - var renewMoment time.Time - select { - case renewMoment = <-nextRenewCh: - // We recevieved a renew moment - default: - // This should never happen - panic("Unreacheable") - } + // channel which will be notified when the leaf certificate reaches 2/3 of its lifetime + // and needs to be renewed + renewalChan := make(chan struct{}) + group.Go(func() error { + // At this point, we expect to have one renewal moment + // in the channel, so we can start the timer with that value + var renewMoment time.Time + select { + case renewMoment = <-nextRenewCh: + // We recevieved a renew moment + default: + // This should never happen + panic("Unreacheable") + } - for { + for { + if done := func() bool { timer := time.NewTimer(time.Until(renewMoment)) defer timer.Stop() + // Wait for the timer to expire, or for a new renewal moment to be received select { case <-ctx.Done(): - return + // context was cancelled, return nil + return true case <-timer.C: - // Try to send a message on ch, but also allow for a stop signal or - // a new renewMoment to be received - select { - case <-ctx.Done(): - return - case ch <- struct{}{}: - // Message was sent on channel - case renewMoment = <-nextRenewCh: - // We recevieved a renew moment, next loop iteration will update the timer - } + // Continue to the next select to try to send a message on renewalChan case renewMoment = <-nextRenewCh: // We recevieved a renew moment, next loop iteration will update the timer + return false } - } - }() - return ch - }() - // check the current certificate every 10s in case it needs updating - if err := wait.PollUntilContextCancel(ctx, time.Second*10, true, func(ctx context.Context) (done bool, err error) { - // regenerate the serving certificate if the root CA has been rotated - select { - // if the authority has stopped for whatever reason, exit and return the error - case err, ok := <-authorityErrChan: - if err != nil { - return true, fmt.Errorf("failed to run certificate authority: %w", err) - } - if !ok { - return true, context.Canceled - } - // trigger regeneration if the root CA has been rotated - case _, ok := <-rotationChan: - if !ok { - return true, context.Canceled + // Try to send a message on renewalChan, but also allow for the context to be + // cancelled. + select { + case <-ctx.Done(): + // context was cancelled, return nil + return true + case renewalChan <- struct{}{}: + // Message was sent on channel + } + + return false + }(); done { + return nil } - f.log.V(logf.InfoLevel).Info("Detected root CA rotation - regenerating serving certificates") - if err := f.regenerateCertificate(nextRenewCh); err != nil { - f.log.Error(err, "Failed to regenerate serving certificate") - // Return an error here and stop the source running - this case should never - // occur, and if it does, indicates some form of internal error. - return false, err + } + }) + + // check the current certificate in case it needs updating + if err := func() error { + for { + // regenerate the serving certificate if the root CA has been rotated + select { + // check if the context has been cancelled + case <-ctx.Done(): + return ctx.Err() + + // trigger regeneration if the root CA has been rotated + case <-rotationChan: + f.log.V(logf.InfoLevel).Info("Detected root CA rotation - regenerating serving certificates") + + // trigger regeneration if a renewal is required + case <-renewalChan: + f.log.V(logf.InfoLevel).Info("cert-manager webhook certificate requires renewal, regenerating", "DNSNames", f.DNSNames) } - // trigger regeneration if a renewal is required - case <-renewalChan: - f.log.V(logf.InfoLevel).Info("cert-manager webhook certificate requires renewal, regenerating", "DNSNames", f.DNSNames) - if err := f.regenerateCertificate(nextRenewCh); err != nil { - f.log.Error(err, "Failed to regenerate serving certificate") - // Return an error here and stop the source running - this case should never - // occur, and if it does, indicates some form of internal error. - return false, err + + if err := f.tryRegenerateCertificate(ctx, nextRenewCh); err != nil { + return err } - case <-ctx.Done(): - return true, context.Canceled } - return false, nil - }); err != nil { - // In case of an error, the stopCh is closed; wait for all channels to close - <-authorityErrChan - <-rotationChan - <-renewalChan + }(); err != nil { + if err := group.Wait(); err != nil { + return err + } + + if err == context.Canceled { + return nil + } return err } @@ -183,6 +209,10 @@ func (f *DynamicSource) Start(ctx context.Context) error { return nil } +func (f *DynamicSource) NeedLeaderElection() bool { + return false +} + func (f *DynamicSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, error) { f.lock.Lock() defer f.lock.Unlock() @@ -196,6 +226,17 @@ func (f *DynamicSource) Healthy() bool { return f.cachedCertificate != nil } +func (f *DynamicSource) tryRegenerateCertificate(ctx context.Context, nextRenewCh chan<- time.Time) error { + return wait.PollUntilContextCancel(ctx, f.RetryInterval, true, func(ctx context.Context) (done bool, err error) { + if err := f.regenerateCertificate(nextRenewCh); err != nil { + f.log.Error(err, "Failed to generate serving certificate, retrying...", "interval", f.RetryInterval) + return false, nil + } + + return true, nil + }) +} + // regenerateCertificate will trigger the cached certificate and private key to // be regenerated by requesting a new certificate from the authority. func (f *DynamicSource) regenerateCertificate(nextRenew chan<- time.Time) error { @@ -223,13 +264,10 @@ func (f *DynamicSource) regenerateCertificate(nextRenew chan<- time.Time) error f.log.V(logf.DebugLevel).Info("Signed new serving certificate") - if err := f.updateCertificate(pk, cert, nextRenew); err != nil { - return err - } - return nil + return f.updateCertificate(pk, cert, nextRenew) } -func (f *DynamicSource) updateCertificate(pk crypto.Signer, cert *x509.Certificate, nextRenew chan<- time.Time) error { +func (f *DynamicSource) updateCertificate(pk crypto.Signer, cert *x509.Certificate, nextRenewCh chan<- time.Time) error { f.lock.Lock() defer f.lock.Unlock() @@ -251,7 +289,7 @@ func (f *DynamicSource) updateCertificate(pk crypto.Signer, cert *x509.Certifica f.cachedCertificate = &bundle certDuration := cert.NotAfter.Sub(cert.NotBefore) // renew the certificate 1/3 of the time before its expiry - nextRenew <- cert.NotAfter.Add(certDuration / -3) + nextRenewCh <- cert.NotAfter.Add(certDuration / -3) f.log.V(logf.InfoLevel).Info("Updated cert-manager TLS certificate", "DNSNames", f.DNSNames) return nil diff --git a/pkg/server/tls/dynamic_source_test.go b/pkg/server/tls/dynamic_source_test.go new file mode 100644 index 00000000000..20bf462d0bf --- /dev/null +++ b/pkg/server/tls/dynamic_source_test.go @@ -0,0 +1,315 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package tls + +import ( + "context" + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/tls" + "crypto/x509" + "crypto/x509/pkix" + "fmt" + "math/big" + "testing" + "time" + + "github.com/cert-manager/cert-manager/pkg/server/tls/authority" + "github.com/cert-manager/cert-manager/pkg/util/pki" + "github.com/stretchr/testify/assert" + "golang.org/x/sync/errgroup" +) + +func signUsingTempCA(t *testing.T, template *x509.Certificate) *x509.Certificate { + // generate random ca private key + caPrivateKey, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) + if err != nil { + t.Fatal(err) + } + + caCRT := &x509.Certificate{ + SerialNumber: big.NewInt(1), + Subject: pkix.Name{ + Organization: []string{"Acme Co"}, + }, + NotBefore: time.Now(), + NotAfter: time.Now().Add(time.Hour * 24 * 180), + + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + } + + _, cert, err := pki.SignCertificate(template, caCRT, template.PublicKey.(crypto.PublicKey), caPrivateKey) + if err != nil { + t.Fatal(err) + } + + return cert +} + +type mockAuthority struct { + doneCh chan error + notifyCh chan<- struct{} + signFunc authority.SignFunc +} + +func (m *mockAuthority) Run(ctx context.Context) error { + select { + case <-ctx.Done(): + return nil + case err := <-m.doneCh: + return err + } +} + +func (m *mockAuthority) WatchRotation(ch chan<- struct{}) { + m.notifyCh = ch +} + +func (m *mockAuthority) StopWatchingRotation(ch chan<- struct{}) {} + +func (m *mockAuthority) Sign(template *x509.Certificate) (*x509.Certificate, error) { + return m.signFunc(template) +} + +func TestDynamicSource_FailingSign(t *testing.T) { + type testCase struct { + name string + signFunc authority.SignFunc + testFn func(t *testing.T, source *DynamicSource, mockAuth *mockAuthority) + cancelAtEnd bool + expStartErr string + } + + tests := []testCase{ + { + name: "sign function returns error", + signFunc: func(template *x509.Certificate) (*x509.Certificate, error) { + return nil, fmt.Errorf("mock error") + }, + testFn: func(t *testing.T, source *DynamicSource, mockAuth *mockAuthority) { + // Call the GetCertificate method, should return a non-ready error + cert, err := source.GetCertificate(&tls.ClientHelloInfo{}) + assert.Nil(t, cert) + assert.Error(t, err) + assert.Contains(t, err.Error(), "no tls.Certificate available") + + // The authority is now failing because of the faulty sign function, + // we now stop the authority and wait for the DynamicSource to stop + mockAuth.doneCh <- fmt.Errorf("mock error") + }, + expStartErr: "mock error", + }, + { + name: "certificate authority stopped unexpectedly", + signFunc: func(template *x509.Certificate) (*x509.Certificate, error) { + return nil, fmt.Errorf("mock error") + }, + testFn: func(t *testing.T, source *DynamicSource, mockAuth *mockAuthority) { + // Stop the authority + mockAuth.doneCh <- nil + }, + expStartErr: "certificate authority stopped unexpectedly", + }, + { + name: "sign function returns error (retry, then success)", + signFunc: func() authority.SignFunc { + var called int + return func(template *x509.Certificate) (*x509.Certificate, error) { + called++ + if called != 5 { + return nil, fmt.Errorf("mock error") + } + + template.Version = 3 + template.SerialNumber = big.NewInt(10) + template.NotBefore = time.Now() + template.NotAfter = template.NotBefore.Add(time.Minute) + + return signUsingTempCA(t, template), nil + } + }(), + testFn: func(t *testing.T, source *DynamicSource, mockAuth *mockAuthority) { + for !source.Healthy() { + time.Sleep(50 * time.Millisecond) + } + + // Call the GetCertificate method, should return a certificate + cert, err := source.GetCertificate(&tls.ClientHelloInfo{}) + assert.NoError(t, err) + assert.NotNil(t, cert) + }, + cancelAtEnd: true, + }, + { + name: "don't rotate root", + signFunc: func(template *x509.Certificate) (*x509.Certificate, error) { + template.Version = 3 + template.SerialNumber = big.NewInt(10) + template.NotBefore = time.Now() + template.NotAfter = template.NotBefore.Add(time.Minute) + + return signUsingTempCA(t, template), nil + }, + testFn: func(t *testing.T, source *DynamicSource, mockAuth *mockAuthority) { + for !source.Healthy() { + time.Sleep(50 * time.Millisecond) + } + + // Call the GetCertificate method, should return a certificate + cert, err := source.GetCertificate(&tls.ClientHelloInfo{}) + assert.NoError(t, err) + assert.NotNil(t, cert) + + // Sleep for a short time to allow the DynamicSource to generate a new certificate + // Which it should not do, as the root CA has not been rotated + time.Sleep(50 * time.Millisecond) + + // Call the GetCertificate method, should return a NEW certificate + cert2, err := source.GetCertificate(&tls.ClientHelloInfo{}) + assert.NoError(t, err) + assert.NotNil(t, cert2) + + assert.Equal(t, cert.Certificate[0], cert2.Certificate[0]) + }, + cancelAtEnd: true, + }, + { + name: "rotate root", + signFunc: func(template *x509.Certificate) (*x509.Certificate, error) { + template.Version = 3 + template.SerialNumber = big.NewInt(10) + template.NotBefore = time.Now() + template.NotAfter = template.NotBefore.Add(time.Minute) + + return signUsingTempCA(t, template), nil + }, + testFn: func(t *testing.T, source *DynamicSource, mockAuth *mockAuthority) { + for !source.Healthy() { + time.Sleep(50 * time.Millisecond) + } + + // Call the GetCertificate method, should return a certificate + cert, err := source.GetCertificate(&tls.ClientHelloInfo{}) + assert.NoError(t, err) + assert.NotNil(t, cert) + + for i := 0; i < 10; i++ { + // Rotate the root + mockAuth.notifyCh <- struct{}{} + + // Sleep for a short time to allow the DynamicSource to generate a new certificate + time.Sleep(50 * time.Millisecond) + + // Call the GetCertificate method, should return a NEW certificate + cert2, err := source.GetCertificate(&tls.ClientHelloInfo{}) + assert.NoError(t, err) + assert.NotNil(t, cert2) + + assert.NotEqual(t, cert.Certificate[0], cert2.Certificate[0]) + } + }, + cancelAtEnd: true, + }, + { + name: "expire leaf", + signFunc: func(template *x509.Certificate) (*x509.Certificate, error) { + template.Version = 3 + template.SerialNumber = big.NewInt(10) + template.NotBefore = time.Now() + template.NotAfter = template.NotBefore.Add(150 * time.Millisecond) + + signedCert := signUsingTempCA(t, template) + // Reset the NotBefor and NotAfter so we have high percision values here + signedCert.NotBefore = time.Now() + signedCert.NotAfter = signedCert.NotBefore.Add(150 * time.Millisecond) + + // Should renew at 100ms after the NotBefore time + + return signedCert, nil + }, + testFn: func(t *testing.T, source *DynamicSource, mockAuth *mockAuthority) { + for !source.Healthy() { + time.Sleep(50 * time.Millisecond) + } + + // Call the GetCertificate method, should return a certificate + cert, err := source.GetCertificate(&tls.ClientHelloInfo{}) + assert.NoError(t, err) + assert.NotNil(t, cert) + + for i := 0; i < 5; i++ { + // Sleep for a short time to allow the DynamicSource to generate a new certificate + time.Sleep(100 * time.Millisecond) + + // Call the GetCertificate method, should return a NEW certificate + cert2, err := source.GetCertificate(&tls.ClientHelloInfo{}) + assert.NoError(t, err) + assert.NotNil(t, cert2) + + assert.NotEqual(t, cert.Certificate[0], cert2.Certificate[0]) + } + }, + cancelAtEnd: true, + }, + } + + for _, tc := range tests { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + // Create a mock authority + mockAuth := &mockAuthority{ + doneCh: make(chan error), + signFunc: tc.signFunc, + } + + // Create a DynamicSource instance with the mock authority + source := &DynamicSource{ + Authority: mockAuth, + RetryInterval: 1 * time.Millisecond, + } + + // Start the DynamicSource + ctx, cancel := context.WithCancel(context.Background()) + group, gctx := errgroup.WithContext(ctx) + group.Go(func() error { + return source.Start(gctx) + }) + t.Cleanup(func() { + if tc.cancelAtEnd { + cancel() + } else { + defer cancel() + } + err := group.Wait() + if tc.expStartErr == "" { + assert.NoError(t, err) + } else { + assert.Error(t, err) + assert.Contains(t, err.Error(), tc.expStartErr) + } + }) + + tc.testFn(t, source, mockAuth) + }) + } +} diff --git a/test/integration/webhook/dynamic_source_test.go b/test/integration/webhook/dynamic_source_test.go index a0b6ddf54a5..85ac31e0fa7 100644 --- a/test/integration/webhook/dynamic_source_test.go +++ b/test/integration/webhook/dynamic_source_test.go @@ -113,9 +113,10 @@ func TestDynamicSource_CARotation(t *testing.T) { kubeClient, _, _, _, _ := framework.NewClients(t, config) - namespace := "testns" + secretName := "testsecret" + secretNamespace := "testns" - ns := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}} + ns := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: secretNamespace}} _, err := kubeClient.CoreV1().Namespaces().Create(ctx, ns, metav1.CreateOptions{}) if err != nil { t.Fatal(err) @@ -124,8 +125,8 @@ func TestDynamicSource_CARotation(t *testing.T) { source := tls.DynamicSource{ DNSNames: []string{"example.com"}, Authority: &authority.DynamicAuthority{ - SecretNamespace: namespace, - SecretName: "testsecret", + SecretName: secretName, + SecretNamespace: secretNamespace, RESTConfig: config, }, } @@ -175,7 +176,7 @@ func TestDynamicSource_CARotation(t *testing.T) { } cl := kubernetes.NewForConfigOrDie(config) - if err := cl.CoreV1().Secrets(source.Authority.SecretNamespace).Delete(ctx, source.Authority.SecretName, metav1.DeleteOptions{}); err != nil { + if err := cl.CoreV1().Secrets(secretNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}); err != nil { t.Fatalf("Failed to delete CA secret: %v", err) } From f4ae942b8e5dca2d60e94702dc27015fdfb02ee9 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 11 Mar 2024 19:22:38 +0100 Subject: [PATCH 005/177] add test that validates leaderelection behavior Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/server/tls/dynamic_source.go | 11 +-- .../webhook/dynamic_source_test.go | 90 +++++++++++++++++++ 2 files changed, 92 insertions(+), 9 deletions(-) diff --git a/pkg/server/tls/dynamic_source.go b/pkg/server/tls/dynamic_source.go index 62a9fad5216..5593865c572 100644 --- a/pkg/server/tls/dynamic_source.go +++ b/pkg/server/tls/dynamic_source.go @@ -71,15 +71,7 @@ type DynamicSource struct { var _ CertificateSource = &DynamicSource{} -// Copied from https://github.com/kubernetes-sigs/controller-runtime/blob/56159419231e985c091ef3e7a8a3dee40ddf1d73/pkg/manager/manager.go#L287 -var _ interface { - Start(context.Context) error -} = &DynamicSource{} - -var _ interface { - NeedLeaderElection() bool -} = &DynamicSource{} - +// Implements Runnable (https://github.com/kubernetes-sigs/controller-runtime/blob/56159419231e985c091ef3e7a8a3dee40ddf1d73/pkg/manager/manager.go#L287) func (f *DynamicSource) Start(ctx context.Context) error { f.log = logf.FromContext(ctx) @@ -209,6 +201,7 @@ func (f *DynamicSource) Start(ctx context.Context) error { return nil } +// Implements LeaderElectionRunnable (https://github.com/kubernetes-sigs/controller-runtime/blob/56159419231e985c091ef3e7a8a3dee40ddf1d73/pkg/manager/manager.go#L305) func (f *DynamicSource) NeedLeaderElection() bool { return false } diff --git a/test/integration/webhook/dynamic_source_test.go b/test/integration/webhook/dynamic_source_test.go index 85ac31e0fa7..e5b08e82321 100644 --- a/test/integration/webhook/dynamic_source_test.go +++ b/test/integration/webhook/dynamic_source_test.go @@ -22,19 +22,24 @@ import ( "errors" "fmt" "math/big" + "sync/atomic" "testing" "time" "github.com/go-logr/logr" logtesting "github.com/go-logr/logr/testing" + "golang.org/x/sync/errgroup" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" + "sigs.k8s.io/controller-runtime/pkg/manager" + "sigs.k8s.io/controller-runtime/pkg/metrics/server" "github.com/cert-manager/cert-manager/integration-tests/framework" "github.com/cert-manager/cert-manager/pkg/server/tls" "github.com/cert-manager/cert-manager/pkg/server/tls/authority" + "github.com/cert-manager/cert-manager/test/apiserver" ) // Ensure that when the source is running against an apiserver, it bootstraps @@ -212,3 +217,88 @@ func TestDynamicSource_CARotation(t *testing.T) { return } } + +// Make sure that controller-runtime leader election does not cause the authority +// to not start on non-leader managers. +func TestDynamicSource_leaderelection(t *testing.T) { + const nrManagers = 2 // number of managers to start for this test + + ctx, cancel := context.WithTimeout(logr.NewContext(context.Background(), logtesting.NewTestLogger(t)), time.Second*40) + defer cancel() + + env, stop := apiserver.RunBareControlPlane(t) + defer stop() + + var started int64 + + gctx, cancel := context.WithCancel(ctx) + defer cancel() + group, gctx := errgroup.WithContext(gctx) + + for i := 0; i < nrManagers; i++ { + i := i + group.Go(func() error { + mgr, err := manager.New(env.Config, manager.Options{ + Metrics: server.Options{BindAddress: "0"}, + BaseContext: func() context.Context { return gctx }, + + LeaderElection: true, + LeaderElectionID: "leader-test", + LeaderElectionNamespace: "default", + }) + if err != nil { + return err + } + + if err := mgr.Add(&tls.DynamicSource{ + DNSNames: []string{"example.com"}, + Authority: &testAuthority{ + id: fmt.Sprintf("manager-%d", i), + started: &started, + }, + }); err != nil { + return err + } + + return mgr.Start(gctx) + }) + } + + time.Sleep(4 * time.Second) + + cancel() + + if err := group.Wait(); err != nil { + t.Fatal(err) + } + + startCount := atomic.LoadInt64(&started) + + if startCount != nrManagers { + t.Error("all managers should have started the authority, but only", startCount, "did") + } +} + +type testAuthority struct { + id string + started *int64 +} + +func (m *testAuthority) Run(ctx context.Context) error { + if ctx.Err() != nil { + return nil // context was cancelled, we are shutting down + } + + fmt.Println("Starting authority with id", m.id) + atomic.AddInt64(m.started, 1) + <-ctx.Done() + return nil +} + +func (m *testAuthority) WatchRotation(ch chan<- struct{}) {} + +func (m *testAuthority) StopWatchingRotation(ch chan<- struct{}) {} + +func (m *testAuthority) Sign(template *x509.Certificate) (*x509.Certificate, error) { + return nil, fmt.Errorf("not implemented") +} From 9dcb422164114d5d4828c44ebad6ac4e5b20132f Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 11 Mar 2024 19:33:01 +0100 Subject: [PATCH 006/177] use errors.Is() Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/server/tls/authority/authority.go | 3 ++- pkg/server/tls/dynamic_source.go | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/pkg/server/tls/authority/authority.go b/pkg/server/tls/authority/authority.go index 1db51b52dee..5b9b32550e4 100644 --- a/pkg/server/tls/authority/authority.go +++ b/pkg/server/tls/authority/authority.go @@ -24,6 +24,7 @@ import ( "crypto/tls" "crypto/x509" "crypto/x509/pkix" + "errors" "fmt" "math/big" "sync" @@ -146,7 +147,7 @@ func (d *DynamicAuthority) Run(ctx context.Context) error { // this poll only ends when stopCh is closed. return false, nil }); err != nil { - if err == context.Canceled { + if errors.Is(err, context.Canceled) { // context was cancelled, return nil return nil } diff --git a/pkg/server/tls/dynamic_source.go b/pkg/server/tls/dynamic_source.go index 5593865c572..92db364605d 100644 --- a/pkg/server/tls/dynamic_source.go +++ b/pkg/server/tls/dynamic_source.go @@ -21,6 +21,7 @@ import ( "crypto" "crypto/tls" "crypto/x509" + "errors" "fmt" "sync" "time" @@ -108,7 +109,7 @@ func (f *DynamicSource) Start(ctx context.Context) error { return err } - if err == context.Canceled { + if errors.Is(err, context.Canceled) { return nil } @@ -191,7 +192,7 @@ func (f *DynamicSource) Start(ctx context.Context) error { return err } - if err == context.Canceled { + if errors.Is(err, context.Canceled) { return nil } From efe2e0628862f559f2313e48f2f766c070bb5910 Mon Sep 17 00:00:00 2001 From: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com> Date: Tue, 5 Mar 2024 18:20:13 +0000 Subject: [PATCH 007/177] New Ingress annotation for copying custom annotations to secret template Signed-off-by: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com> --- pkg/apis/certmanager/v1/types.go | 5 +++++ pkg/controller/certificate-shim/helper.go | 22 ++++++++++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/pkg/apis/certmanager/v1/types.go b/pkg/apis/certmanager/v1/types.go index 276722793e9..9e8b6902521 100644 --- a/pkg/apis/certmanager/v1/types.go +++ b/pkg/apis/certmanager/v1/types.go @@ -145,6 +145,11 @@ const ( // controller only processes Ingresses with this annotation either unset, or // set to either the configured value or the empty string. IngressClassAnnotationKey = "kubernetes.io/ingress.class" + + // IngressSecretTemplateAnnotations specifies arbitrary annotations on the Ingress resource to be set in the + // generated Certificate resource's secretTemplate. Existing annotations with the same key are overridden. + // The value is a regex that must fully match the annotation key. + IngressSecretTemplateAnnotations = "cert-manager.io/secret-template-annotations" ) // Annotation names for CertificateRequests diff --git a/pkg/controller/certificate-shim/helper.go b/pkg/controller/certificate-shim/helper.go index 198bee84e9c..eab05db7dd0 100644 --- a/pkg/controller/certificate-shim/helper.go +++ b/pkg/controller/certificate-shim/helper.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "reflect" + "regexp" "strconv" "strings" "time" @@ -268,5 +269,26 @@ func translateAnnotations(crt *cmapi.Certificate, ingLikeAnnotations map[string] } } + if customAnnotationsRegexString, found := ingLikeAnnotations[cmapi.IngressSecretTemplateAnnotations]; found { + customAnnotationsRegex, err := regexp.Compile(customAnnotationsRegexString) + if err != nil { + return fmt.Errorf("%w %q: error parsing regexp: %q", errInvalidIngressAnnotation, cmapi.IngressSecretTemplateAnnotations, customAnnotationsRegexString) + } + for annotationKey, annotationValue := range ingLikeAnnotations { + match := customAnnotationsRegex.FindString(annotationKey) + if len(match) == len(annotationKey) { + if strings.HasPrefix(annotationKey, "cert-manager.io/") { + return fmt.Errorf("%w %q: regex must not match cert-manager.io/ annotations: %q", errInvalidIngressAnnotation, cmapi.IngressSecretTemplateAnnotations, customAnnotationsRegexString) + } + if crt.Spec.SecretTemplate == nil { + crt.Spec.SecretTemplate = &cmapi.CertificateSecretTemplate{ + Annotations: map[string]string{}, + } + } + crt.Spec.SecretTemplate.Annotations[annotationKey] = annotationValue + } + } + } + return nil } From 717269e80945c4b5c2f07067e925b1dca5d866cb Mon Sep 17 00:00:00 2001 From: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com> Date: Thu, 7 Mar 2024 00:00:59 +0000 Subject: [PATCH 008/177] Add tests Signed-off-by: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com> --- pkg/controller/certificate-shim/sync_test.go | 101 +++++++++++++++++++ 1 file changed, 101 insertions(+) diff --git a/pkg/controller/certificate-shim/sync_test.go b/pkg/controller/certificate-shim/sync_test.go index 4914d5b0e33..2f39d5c7a50 100644 --- a/pkg/controller/certificate-shim/sync_test.go +++ b/pkg/controller/certificate-shim/sync_test.go @@ -536,6 +536,107 @@ func TestSync(t *testing.T) { }, }, }, + { + Name: "return a single HTTP01 Certificate for an ingress with a single valid TLS entry and valid secret template annotation", + Issuer: acmeClusterIssuer, + IngressLike: &networkingv1.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ingress-name", + Namespace: gen.DefaultTestNamespace, + Annotations: map[string]string{ + cmapi.IngressClusterIssuerNameAnnotationKey: "issuer-name", + cmapi.IngressSecretTemplateAnnotations: "secret-reflector.com.*", + "secret-replicator.com/ignored-annotation": "ignored-value", + "www.secret-reflector.com/ignored-annotation": "ignored-value", + "secret-reflector.com/reflection-enabled": "true", + "secret-reflector.com/reflection-enabled-namespaces": "example-namespace", + }, + UID: types.UID("ingress-name"), + }, + Spec: networkingv1.IngressSpec{ + TLS: []networkingv1.IngressTLS{ + { + Hosts: []string{"example.com", "www.example.com"}, + SecretName: "example-com-tls", + }, + }, + }, + }, + ClusterIssuerLister: []runtime.Object{acmeClusterIssuer}, + ExpectedEvents: []string{`Normal CreateCertificate Successfully created Certificate "example-com-tls"`}, + ExpectedCreate: []*cmapi.Certificate{ + { + ObjectMeta: metav1.ObjectMeta{ + Name: "example-com-tls", + Namespace: gen.DefaultTestNamespace, + OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + }, + Spec: cmapi.CertificateSpec{ + DNSNames: []string{"example.com", "www.example.com"}, + SecretName: "example-com-tls", + SecretTemplate: &cmapi.CertificateSecretTemplate{ + Annotations: map[string]string{ + "secret-reflector.com/reflection-enabled": "true", + "secret-reflector.com/reflection-enabled-namespaces": "example-namespace", + }, + }, + IssuerRef: cmmeta.ObjectReference{ + Name: "issuer-name", + Kind: "ClusterIssuer", + }, + Usages: cmapi.DefaultKeyUsages(), + }, + }, + }, + }, + { + Name: "secret template annotation should not match cert-manager.io/ annotations", + Issuer: acmeClusterIssuer, + IngressLike: &networkingv1.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ingress-name", + Namespace: gen.DefaultTestNamespace, + Annotations: map[string]string{ + cmapi.IngressClusterIssuerNameAnnotationKey: "issuer-name", + cmapi.IngressSecretTemplateAnnotations: ".*cert-manager.io/.*", + }, + UID: types.UID("ingress-name"), + }, + Spec: networkingv1.IngressSpec{ + TLS: []networkingv1.IngressTLS{ + { + Hosts: []string{"example.com", "www.example.com"}, + SecretName: "example-com-tls", + }, + }, + }, + }, + Err: true, + }, + { + Name: "secret template annotation should have valid regex", + Issuer: acmeClusterIssuer, + IngressLike: &networkingv1.Ingress{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ingress-name", + Namespace: gen.DefaultTestNamespace, + Annotations: map[string]string{ + cmapi.IngressClusterIssuerNameAnnotationKey: "issuer-name", + cmapi.IngressSecretTemplateAnnotations: ")invalid] [regex(", + }, + UID: types.UID("ingress-name"), + }, + Spec: networkingv1.IngressSpec{ + TLS: []networkingv1.IngressTLS{ + { + Hosts: []string{"example.com", "www.example.com"}, + SecretName: "example-com-tls", + }, + }, + }, + }, + Err: true, + }, { Name: "edit-in-place set to false should not trigger editing the ingress in-place", Issuer: acmeClusterIssuer, From f3bfc93bbaf98058302f16b452c68e31a3d60a06 Mon Sep 17 00:00:00 2001 From: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com> Date: Wed, 13 Mar 2024 14:17:00 +0000 Subject: [PATCH 009/177] JSON encoded secretTemplate as Ingress annotation Signed-off-by: Mangesh Hambarde <1411192+mangeshhambarde@users.noreply.github.com> --- pkg/apis/certmanager/v1/types.go | 7 ++--- pkg/controller/certificate-shim/helper.go | 31 +++++++++----------- pkg/controller/certificate-shim/sync_test.go | 22 +++++++------- 3 files changed, 27 insertions(+), 33 deletions(-) diff --git a/pkg/apis/certmanager/v1/types.go b/pkg/apis/certmanager/v1/types.go index 9e8b6902521..31e737c60fa 100644 --- a/pkg/apis/certmanager/v1/types.go +++ b/pkg/apis/certmanager/v1/types.go @@ -146,10 +146,9 @@ const ( // set to either the configured value or the empty string. IngressClassAnnotationKey = "kubernetes.io/ingress.class" - // IngressSecretTemplateAnnotations specifies arbitrary annotations on the Ingress resource to be set in the - // generated Certificate resource's secretTemplate. Existing annotations with the same key are overridden. - // The value is a regex that must fully match the annotation key. - IngressSecretTemplateAnnotations = "cert-manager.io/secret-template-annotations" + // IngressSecretTemplate can be used to set the secretTemplate field in the generated Certificate. + // The value is a JSON representation of secretTemplate and must not have any unknown fields. + IngressSecretTemplate = "cert-manager.io/secret-template" ) // Annotation names for CertificateRequests diff --git a/pkg/controller/certificate-shim/helper.go b/pkg/controller/certificate-shim/helper.go index eab05db7dd0..ce6f59152e0 100644 --- a/pkg/controller/certificate-shim/helper.go +++ b/pkg/controller/certificate-shim/helper.go @@ -17,10 +17,10 @@ limitations under the License. package shimhelper import ( + "encoding/json" "errors" "fmt" "reflect" - "regexp" "strconv" "strings" "time" @@ -269,25 +269,22 @@ func translateAnnotations(crt *cmapi.Certificate, ingLikeAnnotations map[string] } } - if customAnnotationsRegexString, found := ingLikeAnnotations[cmapi.IngressSecretTemplateAnnotations]; found { - customAnnotationsRegex, err := regexp.Compile(customAnnotationsRegexString) - if err != nil { - return fmt.Errorf("%w %q: error parsing regexp: %q", errInvalidIngressAnnotation, cmapi.IngressSecretTemplateAnnotations, customAnnotationsRegexString) + if secretTemplateJson, found := ingLikeAnnotations[cmapi.IngressSecretTemplate]; found { + decoder := json.NewDecoder(strings.NewReader(secretTemplateJson)) + decoder.DisallowUnknownFields() + + var secretTemplate = new(cmapi.CertificateSecretTemplate) + if err := decoder.Decode(secretTemplate); err != nil { + return fmt.Errorf("%w %q: error parsing secret template JSON: %v", errInvalidIngressAnnotation, cmapi.IngressSecretTemplate, err) } - for annotationKey, annotationValue := range ingLikeAnnotations { - match := customAnnotationsRegex.FindString(annotationKey) - if len(match) == len(annotationKey) { - if strings.HasPrefix(annotationKey, "cert-manager.io/") { - return fmt.Errorf("%w %q: regex must not match cert-manager.io/ annotations: %q", errInvalidIngressAnnotation, cmapi.IngressSecretTemplateAnnotations, customAnnotationsRegexString) - } - if crt.Spec.SecretTemplate == nil { - crt.Spec.SecretTemplate = &cmapi.CertificateSecretTemplate{ - Annotations: map[string]string{}, - } - } - crt.Spec.SecretTemplate.Annotations[annotationKey] = annotationValue + for annotationKey := range secretTemplate.Annotations { + if strings.HasPrefix(annotationKey, "cert-manager.io/") { + return fmt.Errorf("%w %q: secretTemplate must not have cert-manager.io/ annotations: %q", errInvalidIngressAnnotation, cmapi.IngressSecretTemplate, annotationKey) } } + if len(secretTemplate.Annotations) > 0 || len(secretTemplate.Labels) > 0 { + crt.Spec.SecretTemplate = secretTemplate + } } return nil diff --git a/pkg/controller/certificate-shim/sync_test.go b/pkg/controller/certificate-shim/sync_test.go index 2f39d5c7a50..bd98f36267c 100644 --- a/pkg/controller/certificate-shim/sync_test.go +++ b/pkg/controller/certificate-shim/sync_test.go @@ -544,12 +544,8 @@ func TestSync(t *testing.T) { Name: "ingress-name", Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ - cmapi.IngressClusterIssuerNameAnnotationKey: "issuer-name", - cmapi.IngressSecretTemplateAnnotations: "secret-reflector.com.*", - "secret-replicator.com/ignored-annotation": "ignored-value", - "www.secret-reflector.com/ignored-annotation": "ignored-value", - "secret-reflector.com/reflection-enabled": "true", - "secret-reflector.com/reflection-enabled-namespaces": "example-namespace", + cmapi.IngressClusterIssuerNameAnnotationKey: "issuer-name", + cmapi.IngressSecretTemplate: `{ "annotations": { "example-annotation" : "dummy-value" }, "labels": { "example-label" : "dummy-value" } }`, }, UID: types.UID("ingress-name"), }, @@ -576,8 +572,10 @@ func TestSync(t *testing.T) { SecretName: "example-com-tls", SecretTemplate: &cmapi.CertificateSecretTemplate{ Annotations: map[string]string{ - "secret-reflector.com/reflection-enabled": "true", - "secret-reflector.com/reflection-enabled-namespaces": "example-namespace", + "example-annotation": "dummy-value", + }, + Labels: map[string]string{ + "example-label": "dummy-value", }, }, IssuerRef: cmmeta.ObjectReference{ @@ -590,7 +588,7 @@ func TestSync(t *testing.T) { }, }, { - Name: "secret template annotation should not match cert-manager.io/ annotations", + Name: "secret template annotation should not allow cert-manager.io/ annotations", Issuer: acmeClusterIssuer, IngressLike: &networkingv1.Ingress{ ObjectMeta: metav1.ObjectMeta{ @@ -598,7 +596,7 @@ func TestSync(t *testing.T) { Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ cmapi.IngressClusterIssuerNameAnnotationKey: "issuer-name", - cmapi.IngressSecretTemplateAnnotations: ".*cert-manager.io/.*", + cmapi.IngressSecretTemplate: `{ "annotations": { "cert-manager.io/disallowed-annotation" : "dummy-value" } }`, }, UID: types.UID("ingress-name"), }, @@ -614,7 +612,7 @@ func TestSync(t *testing.T) { Err: true, }, { - Name: "secret template annotation should have valid regex", + Name: "secret template annotation should not allow unknown fields", Issuer: acmeClusterIssuer, IngressLike: &networkingv1.Ingress{ ObjectMeta: metav1.ObjectMeta{ @@ -622,7 +620,7 @@ func TestSync(t *testing.T) { Namespace: gen.DefaultTestNamespace, Annotations: map[string]string{ cmapi.IngressClusterIssuerNameAnnotationKey: "issuer-name", - cmapi.IngressSecretTemplateAnnotations: ")invalid] [regex(", + cmapi.IngressSecretTemplate: `{ "unknown-field": "true" }`, }, UID: types.UID("ingress-name"), }, From 4314c3ae78b50338fc25e84865fe2f3d55596df8 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Thu, 14 Mar 2024 14:23:41 +0000 Subject: [PATCH 010/177] Bump github.com/go-jose/go-jose to v3.0.3 to fix CVE-2024-28180 find . -name go.mod -execdir go get github.com/go-jose/go-jose/v3@v3.0.3 \; make tidy Signed-off-by: Richard Wall --- cmd/controller/go.mod | 2 +- cmd/controller/go.sum | 17 +++++++++++++---- go.mod | 2 +- go.sum | 17 +++++++++++++---- 4 files changed, 28 insertions(+), 10 deletions(-) diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index f015e45ea20..6243464a210 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -56,7 +56,7 @@ require ( github.com/digitalocean/godo v1.109.0 // indirect github.com/emicklei/go-restful/v3 v3.11.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/go-jose/go-jose/v3 v3.0.1 // indirect + github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index c76993c5eb9..d2d601d35b3 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -101,8 +101,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -318,7 +318,6 @@ github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -380,7 +379,6 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -396,6 +394,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -409,6 +408,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -420,6 +421,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -433,16 +435,22 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -457,6 +465,7 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/go.mod b/go.mod index 680a7c29150..ee3b8c66dad 100644 --- a/go.mod +++ b/go.mod @@ -83,7 +83,7 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/frankban/quicktest v1.14.6 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.1 // indirect + github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect diff --git a/go.sum b/go.sum index 04051711640..5dffa738df2 100644 --- a/go.sum +++ b/go.sum @@ -107,8 +107,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -328,7 +328,6 @@ github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -391,7 +390,6 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -407,6 +405,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -420,6 +419,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -431,6 +432,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -444,17 +446,23 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -469,6 +477,7 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 6e784bb6f4ac562d719734935937f9a2b0689c2a Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Thu, 14 Mar 2024 14:51:38 +0000 Subject: [PATCH 011/177] make update-licenses Signed-off-by: Richard Wall --- LICENSES | 4 ++-- cmd/controller/LICENSES | 4 ++-- cmd/webhook/LICENSES | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/LICENSES b/LICENSES index d34829c0b13..49a9bce7b73 100644 --- a/LICENSES +++ b/LICENSES @@ -47,8 +47,8 @@ github.com/evanphx/json-patch,https://github.com/evanphx/json-patch/blob/v5.9.0/ github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause -github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.1/LICENSE,Apache-2.0 -github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.1/json/LICENSE,BSD-3-Clause +github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.3/LICENSE,Apache-2.0 +github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.3/json/LICENSE,BSD-3-Clause github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index 27c029b46f6..a6df2654bf8 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -42,8 +42,8 @@ github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.109.0/ github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.109.0/LICENSE.txt,BSD-3-Clause github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT -github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.1/LICENSE,Apache-2.0 -github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.1/json/LICENSE,BSD-3-Clause +github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.3/LICENSE,Apache-2.0 +github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.3/json/LICENSE,BSD-3-Clause github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index a50ad1421ad..bbfdfaddffa 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -56,7 +56,7 @@ golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.19. golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sync/singleflight,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause +golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause From 112c7b2e9e4107a7715ac465e58dd4eecfd6bd97 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 20 Mar 2024 10:24:47 +0000 Subject: [PATCH 012/177] An http.RoundTripper which adds the HTTP User-Agent header to all requests This code existed in cert-manager once before and I'm reviving it. Here's the history: * Added: https://github.com/cert-manager/cert-manager/pull/422 * Moved: https://github.com/cert-manager/cert-manager/pull/432 * Obsoleted: https://github.com/cert-manager/cert-manager/pull/797 * Deleted: https://github.com/cert-manager/cert-manager/pull/966 Signed-off-by: Richard Wall --- pkg/util/useragent.go | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/pkg/util/useragent.go b/pkg/util/useragent.go index 34a5a757bee..7372031a12a 100644 --- a/pkg/util/useragent.go +++ b/pkg/util/useragent.go @@ -19,6 +19,7 @@ package util import ( "bytes" "fmt" + "net/http" "strings" "unicode" "unicode/utf8" @@ -58,3 +59,25 @@ func PrefixFromUserAgent(u string) string { } return buf.String() } + +// UserAgentRoundTripper implements the http.RoundTripper interface and adds a User-Agent +// header. +type userAgentRoundTripper struct { + inner http.RoundTripper + userAgent string +} + +// UserAgentRoundTripper returns a RoundTripper that functions identically to +// the provided 'inner' round tripper, other than also setting a user agent. +func UserAgentRoundTripper(inner http.RoundTripper, userAgent string) http.RoundTripper { + return userAgentRoundTripper{ + inner: inner, + userAgent: userAgent, + } +} + +// RoundTrip implements http.RoundTripper +func (u userAgentRoundTripper) RoundTrip(req *http.Request) (*http.Response, error) { + req.Header.Set("User-Agent", u.userAgent) + return u.inner.RoundTrip(req) +} From 04ee7fe0e966a1a609d9ac9ef5caf20fbfe6c46c Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 20 Mar 2024 10:47:31 +0000 Subject: [PATCH 013/177] Set the User-Agent header in all Venafi API requests Signed-off-by: Richard Wall --- pkg/issuer/venafi/client/venaficlient.go | 25 +++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/pkg/issuer/venafi/client/venaficlient.go b/pkg/issuer/venafi/client/venaficlient.go index 33b78ef760f..acfad2f311e 100644 --- a/pkg/issuer/venafi/client/venaficlient.go +++ b/pkg/issuer/venafi/client/venaficlient.go @@ -35,6 +35,7 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" "github.com/cert-manager/cert-manager/pkg/issuer/venafi/client/api" "github.com/cert-manager/cert-manager/pkg/metrics" + "github.com/cert-manager/cert-manager/pkg/util" ) const ( @@ -128,6 +129,8 @@ func New(namespace string, secretsLister internalinformers.SecretLister, issuer // that can be used to instantiate an API client. func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.SecretLister, namespace string) (*vcert.Config, error) { venCfg := iss.GetSpec().Venafi + var vcertConfig *vcert.Config + switch { case venCfg.TPP != nil: tpp := venCfg.TPP @@ -140,7 +143,7 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se password := string(tppSecret.Data[tppPasswordKey]) accessToken := string(tppSecret.Data[tppAccessTokenKey]) - return &vcert.Config{ + vcertConfig = &vcert.Config{ ConnectorType: endpoint.ConnectorTypeTPP, BaseUrl: tpp.URL, Zone: venCfg.Zone, @@ -160,7 +163,7 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se AccessToken: accessToken, }, Client: httpClientForVcertTPP(tpp.CABundle), - }, nil + } case venCfg.Cloud != nil: cloud := venCfg.Cloud cloudSecret, err := secretsLister.Secrets(namespace).Get(cloud.APITokenSecretRef.Name) @@ -174,7 +177,7 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se } apiKey := string(cloudSecret.Data[k]) - return &vcert.Config{ + vcertConfig = &vcert.Config{ ConnectorType: endpoint.ConnectorTypeCloud, BaseUrl: cloud.URL, Zone: venCfg.Zone, @@ -183,11 +186,19 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se Credentials: &endpoint.Authentication{ APIKey: apiKey, }, - }, nil + } + default: + // API validation in webhook and in the ClusterIssuer and Issuer controller + // Sync functions should make this unreachable in production. + return nil, fmt.Errorf("neither Venafi Cloud or TPP configuration found") + } - // API validation in webhook and in the ClusterIssuer and Issuer controller - // Sync functions should make this unreachable in production. - return nil, fmt.Errorf("neither Venafi Cloud or TPP configuration found") + + // Set the user-agent header + vcertConfig.Client.Transport = util.UserAgentRoundTripper(vcertConfig.Client.Transport, "cert-manager/v0.0.0") + + return vcertConfig, nil + } // httpClientForVcertTPP creates an HTTP client and customises it to allow client TLS renegotiation. From cca333d1db052fe2c6f1089da4ccb898e9c4ef95 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 20 Mar 2024 11:35:10 +0000 Subject: [PATCH 014/177] Supply User-Agent string to the Venafi controllers Signed-off-by: Richard Wall --- .../certificaterequests/venafi/venafi.go | 6 ++++- .../certificaterequests/venafi/venafi_test.go | 2 +- .../venafi/venafi.go | 6 ++++- .../venafi/venafi_test.go | 24 +++++++++---------- pkg/issuer/venafi/client/venaficlient.go | 10 ++++---- pkg/issuer/venafi/client/venaficlient_test.go | 2 +- pkg/issuer/venafi/setup.go | 2 +- pkg/issuer/venafi/setup_test.go | 10 ++++---- pkg/issuer/venafi/venafi.go | 4 ++++ 9 files changed, 39 insertions(+), 27 deletions(-) diff --git a/pkg/controller/certificaterequests/venafi/venafi.go b/pkg/controller/certificaterequests/venafi/venafi.go index d75537fa3e1..657ba6a3480 100644 --- a/pkg/controller/certificaterequests/venafi/venafi.go +++ b/pkg/controller/certificaterequests/venafi/venafi.go @@ -54,6 +54,9 @@ type Venafi struct { clientBuilder venaficlient.VenafiClientBuilder metrics *metrics.Metrics + + // userAgent is the string used as the UserAgent when making HTTP calls. + userAgent string } func init() { @@ -73,6 +76,7 @@ func NewVenafi(ctx *controllerpkg.Context) certificaterequests.Issuer { clientBuilder: venaficlient.New, metrics: ctx.Metrics, cmClient: ctx.CMClient, + userAgent: ctx.RESTConfig.UserAgent, } } @@ -80,7 +84,7 @@ func (v *Venafi) Sign(ctx context.Context, cr *cmapi.CertificateRequest, issuerO log := logf.FromContext(ctx, "sign") log = logf.WithRelatedResource(log, issuerObj) - client, err := v.clientBuilder(v.issuerOptions.ResourceNamespace(issuerObj), v.secretsLister, issuerObj, v.metrics, log) + client, err := v.clientBuilder(v.issuerOptions.ResourceNamespace(issuerObj), v.secretsLister, issuerObj, v.metrics, log, v.userAgent) if k8sErrors.IsNotFound(err) { message := "Required secret resource not found" diff --git a/pkg/controller/certificaterequests/venafi/venafi_test.go b/pkg/controller/certificaterequests/venafi/venafi_test.go index 2fc7dee6e9e..ccee780f2bb 100644 --- a/pkg/controller/certificaterequests/venafi/venafi_test.go +++ b/pkg/controller/certificaterequests/venafi/venafi_test.go @@ -824,7 +824,7 @@ func runTest(t *testing.T, test testT) { if test.fakeClient != nil { v.clientBuilder = func(namespace string, secretsLister internalinformers.SecretLister, - issuer cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (client.Interface, error) { + issuer cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (client.Interface, error) { return test.fakeClient, nil } } diff --git a/pkg/controller/certificatesigningrequests/venafi/venafi.go b/pkg/controller/certificatesigningrequests/venafi/venafi.go index fa7ce524e31..282399ffe68 100644 --- a/pkg/controller/certificatesigningrequests/venafi/venafi.go +++ b/pkg/controller/certificatesigningrequests/venafi/venafi.go @@ -63,6 +63,9 @@ type Venafi struct { // fieldManager is the manager name used for the Apply operations. fieldManager string + + // userAgent is the string used as the UserAgent when making HTTP calls. + userAgent string } func init() { @@ -82,6 +85,7 @@ func NewVenafi(ctx *controllerpkg.Context) certificatesigningrequests.Signer { clientBuilder: venaficlient.New, fieldManager: ctx.FieldManager, metrics: ctx.Metrics, + userAgent: ctx.RESTConfig.UserAgent, } } @@ -99,7 +103,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin resourceNamespace := v.issuerOptions.ResourceNamespace(issuerObj) - client, err := v.clientBuilder(resourceNamespace, v.secretsLister, issuerObj, v.metrics, log) + client, err := v.clientBuilder(resourceNamespace, v.secretsLister, issuerObj, v.metrics, log, v.userAgent) if apierrors.IsNotFound(err) { message := "Required secret resource not found" v.recorder.Event(csr, corev1.EventTypeWarning, "SecretNotFound", message) diff --git a/pkg/controller/certificatesigningrequests/venafi/venafi_test.go b/pkg/controller/certificatesigningrequests/venafi/venafi_test.go index b9f7016c4d2..534836fbe07 100644 --- a/pkg/controller/certificatesigningrequests/venafi/venafi_test.go +++ b/pkg/controller/certificatesigningrequests/venafi/venafi_test.go @@ -164,7 +164,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return nil, apierrors.NewNotFound(schema.GroupResource{}, "test-secret") }, builder: &testpkg.Builder{ @@ -206,7 +206,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return nil, errors.New("generic error") }, expectedErr: true, @@ -252,7 +252,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{}, nil }, builder: &testpkg.Builder{ @@ -320,7 +320,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{}, nil }, builder: &testpkg.Builder{ @@ -388,7 +388,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) { return "", venaficlient.ErrCustomFieldsType{Type: "test-type"} @@ -459,7 +459,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) { return "", errors.New("generic error") @@ -530,7 +530,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) { return "test-pickup-id", nil @@ -592,7 +592,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { return nil, endpoint.ErrCertificatePending{} @@ -643,7 +643,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { return nil, endpoint.ErrRetrieveCertificateTimeout{} @@ -694,7 +694,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { return nil, errors.New("generic error") @@ -745,7 +745,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { return []byte("garbage"), nil @@ -818,7 +818,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger) (venaficlient.Interface, error) { + clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { return []byte(fmt.Sprintf("%s%s", certBundle.ChainPEM, certBundle.CAPEM)), nil diff --git a/pkg/issuer/venafi/client/venaficlient.go b/pkg/issuer/venafi/client/venaficlient.go index acfad2f311e..d53bdbcb67b 100644 --- a/pkg/issuer/venafi/client/venaficlient.go +++ b/pkg/issuer/venafi/client/venaficlient.go @@ -47,7 +47,7 @@ const ( ) type VenafiClientBuilder func(namespace string, secretsLister internalinformers.SecretLister, - issuer cmapi.GenericIssuer, metrics *metrics.Metrics, logger logr.Logger) (Interface, error) + issuer cmapi.GenericIssuer, metrics *metrics.Metrics, logger logr.Logger, userAgent string) (Interface, error) // Interface implements a Venafi client type Interface interface { @@ -86,8 +86,8 @@ type connector interface { // New constructs a Venafi client Interface. Errors may be network errors and // should be considered for retrying. -func New(namespace string, secretsLister internalinformers.SecretLister, issuer cmapi.GenericIssuer, metrics *metrics.Metrics, logger logr.Logger) (Interface, error) { - cfg, err := configForIssuer(issuer, secretsLister, namespace) +func New(namespace string, secretsLister internalinformers.SecretLister, issuer cmapi.GenericIssuer, metrics *metrics.Metrics, logger logr.Logger, userAgent string) (Interface, error) { + cfg, err := configForIssuer(issuer, secretsLister, namespace, userAgent) if err != nil { return nil, err } @@ -127,7 +127,7 @@ func New(namespace string, secretsLister internalinformers.SecretLister, issuer // configForIssuer will convert a cert-manager Venafi issuer into a vcert.Config // that can be used to instantiate an API client. -func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.SecretLister, namespace string) (*vcert.Config, error) { +func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.SecretLister, namespace string, userAgent string) (*vcert.Config, error) { venCfg := iss.GetSpec().Venafi var vcertConfig *vcert.Config @@ -195,7 +195,7 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se } // Set the user-agent header - vcertConfig.Client.Transport = util.UserAgentRoundTripper(vcertConfig.Client.Transport, "cert-manager/v0.0.0") + vcertConfig.Client.Transport = util.UserAgentRoundTripper(vcertConfig.Client.Transport, userAgent) return vcertConfig, nil diff --git a/pkg/issuer/venafi/client/venaficlient_test.go b/pkg/issuer/venafi/client/venaficlient_test.go index 1fe8e72fec4..9a44ea042e1 100644 --- a/pkg/issuer/venafi/client/venaficlient_test.go +++ b/pkg/issuer/venafi/client/venaficlient_test.go @@ -223,7 +223,7 @@ type testConfigForIssuerT struct { } func (c *testConfigForIssuerT) runTest(t *testing.T) { - resp, err := configForIssuer(c.iss, c.secretsLister, "test-namespace") + resp, err := configForIssuer(c.iss, c.secretsLister, "test-namespace", "cert-manager/v0.0.0") if err != nil && !c.expectedErr { t.Errorf("expected to not get an error, but got: %v", err) } diff --git a/pkg/issuer/venafi/setup.go b/pkg/issuer/venafi/setup.go index cbdc72ba595..1e92cbc8c0f 100644 --- a/pkg/issuer/venafi/setup.go +++ b/pkg/issuer/venafi/setup.go @@ -38,7 +38,7 @@ func (v *Venafi) Setup(ctx context.Context) (err error) { } }() - client, err := v.clientBuilder(v.resourceNamespace, v.secretsLister, v.issuer, v.Metrics, v.log) + client, err := v.clientBuilder(v.resourceNamespace, v.secretsLister, v.issuer, v.Metrics, v.log, v.userAgent) if err != nil { return fmt.Errorf("error building client: %v", err) } diff --git a/pkg/issuer/venafi/setup_test.go b/pkg/issuer/venafi/setup_test.go index 681d7ed250e..a8ee70d95a7 100644 --- a/pkg/issuer/venafi/setup_test.go +++ b/pkg/issuer/venafi/setup_test.go @@ -41,12 +41,12 @@ func TestSetup(t *testing.T) { baseIssuer := gen.Issuer("test-issuer") failingClientBuilder := func(string, internalinformers.SecretLister, - cmapi.GenericIssuer, *metrics.Metrics, logr.Logger) (client.Interface, error) { + cmapi.GenericIssuer, *metrics.Metrics, logr.Logger, string) (client.Interface, error) { return nil, errors.New("this is an error") } failingPingClient := func(string, internalinformers.SecretLister, - cmapi.GenericIssuer, *metrics.Metrics, logr.Logger) (client.Interface, error) { + cmapi.GenericIssuer, *metrics.Metrics, logr.Logger, string) (client.Interface, error) { return &internalvenafifake.Venafi{ PingFn: func() error { return errors.New("this is a ping error") @@ -55,7 +55,7 @@ func TestSetup(t *testing.T) { } pingClient := func(string, internalinformers.SecretLister, - cmapi.GenericIssuer, *metrics.Metrics, logr.Logger) (client.Interface, error) { + cmapi.GenericIssuer, *metrics.Metrics, logr.Logger, string) (client.Interface, error) { return &internalvenafifake.Venafi{ PingFn: func() error { return nil @@ -63,7 +63,7 @@ func TestSetup(t *testing.T) { }, nil } - verifyCredentialsClient := func(string, internalinformers.SecretLister, cmapi.GenericIssuer, *metrics.Metrics, logr.Logger) (client.Interface, error) { + verifyCredentialsClient := func(string, internalinformers.SecretLister, cmapi.GenericIssuer, *metrics.Metrics, logr.Logger, string) (client.Interface, error) { return &internalvenafifake.Venafi{ PingFn: func() error { return nil @@ -74,7 +74,7 @@ func TestSetup(t *testing.T) { }, nil } - failingVerifyCredentialsClient := func(string, internalinformers.SecretLister, cmapi.GenericIssuer, *metrics.Metrics, logr.Logger) (client.Interface, error) { + failingVerifyCredentialsClient := func(string, internalinformers.SecretLister, cmapi.GenericIssuer, *metrics.Metrics, logr.Logger, string) (client.Interface, error) { return &internalvenafifake.Venafi{ PingFn: func() error { return nil diff --git a/pkg/issuer/venafi/venafi.go b/pkg/issuer/venafi/venafi.go index d18fbe18936..7fba4cfeebe 100644 --- a/pkg/issuer/venafi/venafi.go +++ b/pkg/issuer/venafi/venafi.go @@ -43,6 +43,9 @@ type Venafi struct { clientBuilder client.VenafiClientBuilder log logr.Logger + + // userAgent is the string used as the UserAgent when making HTTP calls. + userAgent string } func NewVenafi(ctx *controller.Context, issuer cmapi.GenericIssuer) (issuer.Interface, error) { @@ -53,6 +56,7 @@ func NewVenafi(ctx *controller.Context, issuer cmapi.GenericIssuer) (issuer.Inte clientBuilder: client.New, Context: ctx, log: logf.Log.WithName("venafi"), + userAgent: ctx.RESTConfig.UserAgent, }, nil } From 95a347cbc25c10b25cc2832279d5a84aebb32218 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 20 Mar 2024 12:21:48 +0000 Subject: [PATCH 015/177] Supply tests with a non-nil REST config in controller.Context Signed-off-by: Richard Wall --- pkg/controller/certificaterequests/venafi/venafi_test.go | 2 +- pkg/controller/certificatesigningrequests/venafi/venafi_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/controller/certificaterequests/venafi/venafi_test.go b/pkg/controller/certificaterequests/venafi/venafi_test.go index ccee780f2bb..644cdb3b1ac 100644 --- a/pkg/controller/certificaterequests/venafi/venafi_test.go +++ b/pkg/controller/certificaterequests/venafi/venafi_test.go @@ -813,7 +813,7 @@ type testT struct { func runTest(t *testing.T, test testT) { test.builder.T = t - test.builder.Init() + test.builder.InitWithRESTConfig() defer test.builder.Stop() v := NewVenafi(test.builder.Context).(*Venafi) diff --git a/pkg/controller/certificatesigningrequests/venafi/venafi_test.go b/pkg/controller/certificatesigningrequests/venafi/venafi_test.go index 534836fbe07..3bed8097609 100644 --- a/pkg/controller/certificatesigningrequests/venafi/venafi_test.go +++ b/pkg/controller/certificatesigningrequests/venafi/venafi_test.go @@ -884,7 +884,7 @@ func TestProcessItem(t *testing.T) { fixedClock.SetTime(fixedClockStart) test.builder.Clock = fixedClock test.builder.T = t - test.builder.Init() + test.builder.InitWithRESTConfig() // Always return true for SubjectAccessReviews in tests test.builder.FakeKubeClient().PrependReactor("create", "*", func(action coretesting.Action) (bool, runtime.Object, error) { From dd0762e71b0e5292dec960d798952d87cc645ed5 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 20 Mar 2024 13:15:38 +0000 Subject: [PATCH 016/177] Refactor the httpClientForVcert function so that it can also be used for Venafi Cloud Signed-off-by: Richard Wall --- pkg/issuer/venafi/client/venaficlient.go | 83 ++++++++++++++++-------- 1 file changed, 57 insertions(+), 26 deletions(-) diff --git a/pkg/issuer/venafi/client/venaficlient.go b/pkg/issuer/venafi/client/venaficlient.go index d53bdbcb67b..a82003cd7fd 100644 --- a/pkg/issuer/venafi/client/venaficlient.go +++ b/pkg/issuer/venafi/client/venaficlient.go @@ -30,6 +30,7 @@ import ( "github.com/Venafi/vcert/v5/pkg/venafi/cloud" "github.com/Venafi/vcert/v5/pkg/venafi/tpp" "github.com/go-logr/logr" + "k8s.io/utils/ptr" internalinformers "github.com/cert-manager/cert-manager/internal/informers" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" @@ -129,7 +130,6 @@ func New(namespace string, secretsLister internalinformers.SecretLister, issuer // that can be used to instantiate an API client. func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.SecretLister, namespace string, userAgent string) (*vcert.Config, error) { venCfg := iss.GetSpec().Venafi - var vcertConfig *vcert.Config switch { case venCfg.TPP != nil: @@ -143,7 +143,7 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se password := string(tppSecret.Data[tppPasswordKey]) accessToken := string(tppSecret.Data[tppAccessTokenKey]) - vcertConfig = &vcert.Config{ + return &vcert.Config{ ConnectorType: endpoint.ConnectorTypeTPP, BaseUrl: tpp.URL, Zone: venCfg.Zone, @@ -162,8 +162,12 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se Password: password, AccessToken: accessToken, }, - Client: httpClientForVcertTPP(tpp.CABundle), - } + Client: httpClientForVcert(&httpClientForVcertOptions{ + UserAgent: ptr.To(userAgent), + CABundle: tpp.CABundle, + TLSRenegotiationSupport: ptr.To(tls.RenegotiateOnceAsClient), + }), + }, nil case venCfg.Cloud != nil: cloud := venCfg.Cloud cloudSecret, err := secretsLister.Secrets(namespace).Get(cloud.APITokenSecretRef.Name) @@ -177,7 +181,7 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se } apiKey := string(cloudSecret.Data[k]) - vcertConfig = &vcert.Config{ + return &vcert.Config{ ConnectorType: endpoint.ConnectorTypeCloud, BaseUrl: cloud.URL, Zone: venCfg.Zone, @@ -186,24 +190,42 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se Credentials: &endpoint.Authentication{ APIKey: apiKey, }, - } - default: - // API validation in webhook and in the ClusterIssuer and Issuer controller - // Sync functions should make this unreachable in production. - return nil, fmt.Errorf("neither Venafi Cloud or TPP configuration found") - + Client: httpClientForVcert(&httpClientForVcertOptions{ + UserAgent: ptr.To(userAgent), + }), + }, nil } + // API validation in webhook and in the ClusterIssuer and Issuer controller + // Sync functions should make this unreachable in production. + return nil, fmt.Errorf("neither Venafi Cloud or TPP configuration found") +} - // Set the user-agent header - vcertConfig.Client.Transport = util.UserAgentRoundTripper(vcertConfig.Client.Transport, userAgent) - - return vcertConfig, nil - +// httpClientForVcertOptions contains options for `httpClientForVcert`, to allow +// you to customize the HTTP client. +type httpClientForVcertOptions struct { + // UserAgent will add a User-Agent header to all HTTP requests. + UserAgent *string + // CABundle will override the CA certificates used to verify server + // certificates. + CABundle []byte + // TLSRenegotiationSupport will override the TLSRenegotiationSupport setting + // of the client. + TLSRenegotiationSupport *tls.RenegotiationSupport } -// httpClientForVcertTPP creates an HTTP client and customises it to allow client TLS renegotiation. +// httpClientForVcert creates an HTTP client which matches the default HTTP client of vcert, +// but allows you to customize client TLS renegotiation, and User-Agent. +// +// Why is it necessary to create our own HTTP client for vcert? // -// Here's why: +// 1. We need to customize the client TLS renegotiation setting when connecting +// to certain TPP servers. +// 2. We need to customize the User-Agent header for all HTTP requests to Venafi +// REST API endpoints. +// 3. The vcert package does not currently provide an easier way to change those +// settings. +// +// Why is it necessary to customize the client TLS renegotiation? // // 1. The TPP API server is served by Microsoft Windows Server and IIS. // 2. IIS uses TLS-1.2 by default[1] and it uses a @@ -228,16 +250,19 @@ func configForIssuer(iss cmapi.GenericIssuer, secretsLister internalinformers.Se // because cert-manager establishes a new HTTPS connection for each API // request and therefore should only ever need to renegotiate once in this // scenario. -// 5. But overriding the HTTP client causes vcert to ignore the +// +// Why do we supply CA bundle in the HTTP client **and** in the vcert.Config? +// +// 1. Overriding the HTTP client causes vcert to ignore the // `vcert.Config.ConnectionTrust` field, so we also have to set up the root // CA trust pool ourselves. -// 6. And the value of RootCAs MUST be nil unless the user has supplied a +// 2. And the value of RootCAs MUST be nil unless the user has supplied a // custom CA, because a nil value causes the Go HTTP client to load the // system default root CAs. // // [1] TLS protocol version support in Microsoft Windows: https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-#tls-protocol-version-support // [2] Should I use SSL/TLS renegotiation?: https://security.stackexchange.com/a/24569 -func httpClientForVcertTPP(caBundle []byte) *http.Client { +func httpClientForVcert(options *httpClientForVcertOptions) *http.Client { // Copy vcert's default HTTP transport, which is mostly identical to the // http.DefaultTransport settings in Go's stdlib. // https://github.com/Venafi/vcert/blob/89645a7710a7b529765274cb60dc5e28066217a1/pkg/venafi/tpp/tpp.go#L481-L513 @@ -261,20 +286,26 @@ func httpClientForVcertTPP(caBundle []byte) *http.Client { if tlsClientConfig == nil { tlsClientConfig = &tls.Config{} } - if len(caBundle) > 0 { + if len(options.CABundle) > 0 { rootCAs := x509.NewCertPool() - rootCAs.AppendCertsFromPEM(caBundle) + rootCAs.AppendCertsFromPEM(options.CABundle) tlsClientConfig.RootCAs = rootCAs } transport.TLSClientConfig = tlsClientConfig - // Enable TLS 1.2 renegotiation (see earlier comment for justification). - transport.TLSClientConfig.Renegotiation = tls.RenegotiateOnceAsClient + if options.TLSRenegotiationSupport != nil { + transport.TLSClientConfig.Renegotiation = *options.TLSRenegotiationSupport + } + + var roundTripper http.RoundTripper = transport + if options.UserAgent != nil { + roundTripper = util.UserAgentRoundTripper(transport, *options.UserAgent) + } // Copy vcert's initialization of the HTTP client, which overrides the default timeout. // https://github.com/Venafi/vcert/blob/89645a7710a7b529765274cb60dc5e28066217a1/pkg/venafi/tpp/tpp.go#L481-L513 return &http.Client{ - Transport: transport, + Transport: roundTripper, Timeout: time.Second * 30, } } From 30db9e2ad514c2f948da783e4bee36e4f19767ed Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 20 Mar 2024 14:16:38 +0000 Subject: [PATCH 017/177] Link to upstream vcert issues that would allow us to simplify the cert-manager code Signed-off-by: Richard Wall --- pkg/issuer/venafi/client/venaficlient.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/pkg/issuer/venafi/client/venaficlient.go b/pkg/issuer/venafi/client/venaficlient.go index a82003cd7fd..be42f4a6117 100644 --- a/pkg/issuer/venafi/client/venaficlient.go +++ b/pkg/issuer/venafi/client/venaficlient.go @@ -223,7 +223,9 @@ type httpClientForVcertOptions struct { // 2. We need to customize the User-Agent header for all HTTP requests to Venafi // REST API endpoints. // 3. The vcert package does not currently provide an easier way to change those -// settings. +// settings. See: +// * https://github.com/Venafi/vcert/issues/437 +// * https://github.com/Venafi/vcert/issues/438 // // Why is it necessary to customize the client TLS renegotiation? // From e50052adedcd5a668348f3ea8f4db1b0526635e4 Mon Sep 17 00:00:00 2001 From: deterclosed Date: Sat, 23 Mar 2024 13:37:59 +0800 Subject: [PATCH 018/177] chore: remove repetitive words Signed-off-by: deterclosed --- .../apis/certmanager/validation/util/nameserver_test.go | 6 +++--- pkg/controller/cainjector/setup.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/apis/certmanager/validation/util/nameserver_test.go b/internal/apis/certmanager/validation/util/nameserver_test.go index 94eb2f08095..09b4849af54 100644 --- a/internal/apis/certmanager/validation/util/nameserver_test.go +++ b/internal/apis/certmanager/validation/util/nameserver_test.go @@ -28,7 +28,7 @@ func TestValidNameserver(t *testing.T) { wantErr bool }{ { - name: "IPv4 with no port should should return port 53", + name: "IPv4 with no port should return port 53", nameserver: "8.8.8.8", want: "8.8.8.8:53", }, @@ -43,7 +43,7 @@ func TestValidNameserver(t *testing.T) { want: "8.8.8.8:5353", }, { - name: "IPv6 with no port should should return port 53", + name: "IPv6 with no port should return port 53", nameserver: "[2001:db8::1]", want: "[2001:db8::1]:53", }, @@ -58,7 +58,7 @@ func TestValidNameserver(t *testing.T) { want: "[2001:db8::1]:5353", }, { - name: "DNS name with no port should should return port 53", + name: "DNS name with no port should return port 53", nameserver: "nameserver.com", want: "nameserver.com:53", }, diff --git a/pkg/controller/cainjector/setup.go b/pkg/controller/cainjector/setup.go index 33ce1f94852..2b51a325e11 100644 --- a/pkg/controller/cainjector/setup.go +++ b/pkg/controller/cainjector/setup.go @@ -50,7 +50,7 @@ const ( // setup is setup for a reconciler for a particular injectable type type setup struct { resourceName string - // newInjectableTarget knows how to create an an InjectableTarget for a particular injectable type + // newInjectableTarget knows how to create an InjectableTarget for a particular injectable type newInjectableTarget NewInjectableTarget listType runtime.Object objType client.Object From bfd7a5161818a76cea71e0f7444ecddfc0e7885c Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Sat, 23 Mar 2024 14:21:33 +0100 Subject: [PATCH 019/177] BUGFIX: exit with correct exit codes Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- internal/cmd/util/exit_test.go | 56 ++++++++++++++ internal/cmd/util/signal.go | 4 +- internal/cmd/util/signal_test.go | 126 +++++++++++++++++++++++++++++++ 3 files changed, 184 insertions(+), 2 deletions(-) create mode 100644 internal/cmd/util/exit_test.go create mode 100644 internal/cmd/util/signal_test.go diff --git a/internal/cmd/util/exit_test.go b/internal/cmd/util/exit_test.go new file mode 100644 index 00000000000..ea276961a0a --- /dev/null +++ b/internal/cmd/util/exit_test.go @@ -0,0 +1,56 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import ( + "context" + "errors" + "fmt" + "testing" +) + +func TestSetExitCode(t *testing.T) { + tests := []struct { + name string + err error + expCode int + }{ + {"Test context.Canceled", context.Canceled, 0}, + {"Test wrapped context.Canceled", fmt.Errorf("wrapped: %w", context.Canceled), 0}, + {"Test context.DeadlineExceeded", context.DeadlineExceeded, 124}, + {"Test wrapped context.DeadlineExceeded", fmt.Errorf("wrapped: %w", context.DeadlineExceeded), 124}, + {"Test error", errors.New("error"), 1}, + {"Test nil", nil, 0}, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + // Every testExitCode call has to be run in its own test, because + // it calls the test again filtered by the name of the subtest with + // the variable BE_CRASHER=1. + exitCode := testExitCode(t, func(t *testing.T) { + SetExitCode(tt.err) + + _, complete := SetupExitHandler(context.Background(), AlwaysErrCode) + complete() + }) + + if exitCode != tt.expCode { + t.Errorf("Test %s: expected exit code %d, got %d", tt.name, tt.expCode, exitCode) + } + }) + } +} diff --git a/internal/cmd/util/signal.go b/internal/cmd/util/signal.go index b7a4673f6b0..7994417e49d 100644 --- a/internal/cmd/util/signal.go +++ b/internal/cmd/util/signal.go @@ -59,7 +59,7 @@ func SetupExitHandler(parentCtx context.Context, exitBehavior ExitBehavior) (con // first signal. Cancel context and pass exit code to errorExitCodeChannel. signalInt := int((<-c).(syscall.Signal)) if exitBehavior == AlwaysErrCode { - errorExitCodeChannel <- signalInt + errorExitCodeChannel <- (128 + signalInt) } cancel(fmt.Errorf("received signal %d", signalInt)) // second signal. Exit directly. @@ -70,7 +70,7 @@ func SetupExitHandler(parentCtx context.Context, exitBehavior ExitBehavior) (con return ctx, func() { select { case signalInt := <-errorExitCodeChannel: - os.Exit(128 + signalInt) + os.Exit(signalInt) default: // Do not exit, there are no exit codes in the channel, // so just continue and let the main function go out of diff --git a/internal/cmd/util/signal_test.go b/internal/cmd/util/signal_test.go new file mode 100644 index 00000000000..34915b86c3a --- /dev/null +++ b/internal/cmd/util/signal_test.go @@ -0,0 +1,126 @@ +//go:build !windows + +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package util + +import ( + "context" + "os" + "os/exec" + "syscall" + "testing" +) + +// based on https://go.dev/talks/2014/testing.slide#23 and +// https://stackoverflow.com/a/33404435 +func testExitCode( + t *testing.T, + fn func(t *testing.T), +) int { + if os.Getenv("BE_CRASHER") == "1" { + fn(t) + os.Exit(0) + } + + cmd := exec.Command(os.Args[0], "-test.run="+t.Name()) + cmd.Env = append(os.Environ(), "BE_CRASHER=1") + cmd.Stdout = os.Stdout + cmd.Stderr = os.Stderr + err := cmd.Run() + + if e, ok := err.(*exec.ExitError); ok { + return e.ExitCode() + } + + return 0 +} + +func TestSetupExitHandlerAlwaysErrCodeSIGTERM(t *testing.T) { + exitCode := testExitCode(t, func(t *testing.T) { + ctx := context.Background() + ctx, complete := SetupExitHandler(ctx, AlwaysErrCode) + defer complete() + + if err := syscall.Kill(syscall.Getpid(), syscall.SIGTERM); err != nil { + t.Fatal(err) + os.Exit(99) + } + + // Wait for the program to shut down. + <-ctx.Done() + + if context.Cause(ctx).Error() != "received signal 15" { + t.Errorf("expected signal 15, got %s", ctx.Err().Error()) + os.Exit(99) + } + }) + + if exitCode != 143 { + t.Errorf("expected exit code 143, got %d", exitCode) + } +} + +func TestSetupExitHandlerAlwaysErrCodeSIGINT(t *testing.T) { + exitCode := testExitCode(t, func(t *testing.T) { + ctx := context.Background() + ctx, complete := SetupExitHandler(ctx, AlwaysErrCode) + defer complete() + + if err := syscall.Kill(syscall.Getpid(), syscall.SIGINT); err != nil { + t.Fatal(err) + os.Exit(99) + } + + // Wait for the program to shut down. + <-ctx.Done() + + if context.Cause(ctx).Error() != "received signal 2" { + t.Errorf("expected signal 2, got %s", ctx.Err().Error()) + os.Exit(99) + } + }) + + if exitCode != 130 { + t.Errorf("expected exit code 130, got %d", exitCode) + } +} + +func TestSetupExitHandlerGracefulShutdownSIGINT(t *testing.T) { + exitCode := testExitCode(t, func(t *testing.T) { + ctx := context.Background() + ctx, complete := SetupExitHandler(ctx, GracefulShutdown) + defer complete() + + if err := syscall.Kill(syscall.Getpid(), syscall.SIGINT); err != nil { + t.Fatal(err) + os.Exit(99) + } + + // Wait for the program to shut down. + <-ctx.Done() + + if context.Cause(ctx).Error() != "received signal 2" { + t.Errorf("expected signal 2, got %s", ctx.Err().Error()) + os.Exit(99) + } + }) + + if exitCode != 0 { + t.Errorf("expected exit code 0, got %d", exitCode) + } +} From d17c9cc5131f05d747753d07a5d796689e50dc78 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Tue, 26 Mar 2024 10:27:14 +0000 Subject: [PATCH 020/177] limit DigitalOcean records for cleanup to TXT only Signed-off-by: Ashley Davis --- pkg/issuer/acme/dns/digitalocean/digitalocean.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/issuer/acme/dns/digitalocean/digitalocean.go b/pkg/issuer/acme/dns/digitalocean/digitalocean.go index da0636d83aa..20b0ba40774 100644 --- a/pkg/issuer/acme/dns/digitalocean/digitalocean.go +++ b/pkg/issuer/acme/dns/digitalocean/digitalocean.go @@ -138,9 +138,10 @@ func (c *DNSProvider) findTxtRecord(fqdn string) ([]godo.DomainRecord, error) { return nil, err } - allRecords, _, err := c.client.Domains.Records( + allRecords, _, err := c.client.Domains.RecordsByType( context.Background(), util.UnFqdn(zoneName), + "TXT", nil, ) From 55d546c111cb670bfa2bfb06de3e1fffa593c3c7 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Sat, 6 Apr 2024 18:52:43 +0200 Subject: [PATCH 021/177] feat: add support for dual stack clusters Signed-off-by: Ludovic Ortega --- deploy/charts/cert-manager/templates/service.yaml | 6 ++++++ .../cert-manager/templates/webhook-service.yaml | 6 ++++++ deploy/charts/cert-manager/values.yaml | 14 ++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/deploy/charts/cert-manager/templates/service.yaml b/deploy/charts/cert-manager/templates/service.yaml index 3d5df905e85..98db47e76ae 100644 --- a/deploy/charts/cert-manager/templates/service.yaml +++ b/deploy/charts/cert-manager/templates/service.yaml @@ -19,6 +19,12 @@ metadata: {{- end }} spec: type: ClusterIP + {{- if .Values.serviceIpFamilyPolicy }} + ipFamilyPolicy: {{ .Values.serviceIpFamilyPolicy }} + {{- end }} + {{- if .Values.serviceIpFamilies }} + ipFamilies: {{ .Values.serviceIpFamilies | toYaml | nindent 2 }} + {{- end }} ports: - protocol: TCP port: 9402 diff --git a/deploy/charts/cert-manager/templates/webhook-service.yaml b/deploy/charts/cert-manager/templates/webhook-service.yaml index 5f93950495f..f7de5cee101 100644 --- a/deploy/charts/cert-manager/templates/webhook-service.yaml +++ b/deploy/charts/cert-manager/templates/webhook-service.yaml @@ -18,6 +18,12 @@ metadata: {{- end }} spec: type: {{ .Values.webhook.serviceType }} + {{- if .Values.webhook.ipFamilyPolicy }} + ipFamilyPolicy: {{ .Values.webhook.ipFamilyPolicy }} + {{- end }} + {{- if .Values.webhook.ipFamilies }} + ipFamilies: {{ .Values.webhook.ipFamilies | toYaml | nindent 2 }} + {{- end }} {{- with .Values.webhook.loadBalancerIP }} loadBalancerIP: {{ . }} {{- end }} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 91397f1af5a..5686dc11a57 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -309,6 +309,14 @@ podLabels: {} # +docs:property # serviceLabels: {} +# Optional set the ip family policy to the controller Service to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). +# +docs:property +# serviceIpFamilyPolicy: "" + +# Optional sets the families to the controller Service that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. +# +docs:property +# serviceIpFamilies: [] + # Optional DNS settings. These are useful if you have a public and private DNS zone for # the same domain on Route 53. The following is an example of ensuring # cert-manager can access an ingress or DNS TXT records at all times. @@ -759,6 +767,12 @@ webhook: # Optional additional labels to add to the Webhook Service. serviceLabels: {} + # Optional set the ip family policy to the Webhook Service to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). + ipFamilyPolicy: "" + + # Optional sets the families to the Webhook Service that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. + ipFamilies: [] + image: # The container registry to pull the webhook image from. # +docs:property From 4c0536c1c3786ea04d547f14b8d5d7de6d259297 Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Mon, 8 Apr 2024 15:07:28 +0100 Subject: [PATCH 022/177] chore: add @ThatsMrTalbot as approver Signed-off-by: Adam Talbot --- OWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/OWNERS b/OWNERS index 71c31c32462..a929ba919e9 100644 --- a/OWNERS +++ b/OWNERS @@ -7,6 +7,7 @@ approvers: - irbekrm - sgtcodfish - inteon +- thatsmrtalbot reviewers: - munnerz - joshvanl From a7e5df718260448cec141b378c416553c7b0383f Mon Sep 17 00:00:00 2001 From: Jason Costello Date: Mon, 8 Apr 2024 18:24:00 -0400 Subject: [PATCH 023/177] Adding API defaults unit test + testfile fixture Signed-off-by: Jason Costello --- .../cainjector/v1alpha1/defaults_test.go | 40 +++++++++++++++++++ .../cainjector/v1alpha1/test/apidefaults.go | 23 +++++++++++ .../cainjector/v1alpha1/test/defaults.json | 1 + make/test.mk | 4 ++ 4 files changed, 68 insertions(+) create mode 100644 internal/apis/config/cainjector/v1alpha1/defaults_test.go create mode 100644 internal/apis/config/cainjector/v1alpha1/test/apidefaults.go create mode 100644 internal/apis/config/cainjector/v1alpha1/test/defaults.json diff --git a/internal/apis/config/cainjector/v1alpha1/defaults_test.go b/internal/apis/config/cainjector/v1alpha1/defaults_test.go new file mode 100644 index 00000000000..5aa29a68148 --- /dev/null +++ b/internal/apis/config/cainjector/v1alpha1/defaults_test.go @@ -0,0 +1,40 @@ +package v1alpha1 + +import ( + "encoding/json" + "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" + "os" + "reflect" + "testing" +) + +func TestCAInjectorConfigurationDefaults(t *testing.T) { + tests := []struct { + name string + config *v1alpha1.CAInjectorConfiguration + }{ + { + "cainjection", + &v1alpha1.CAInjectorConfiguration{}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + SetObjectDefaults_CAInjectorConfiguration(tt.config) + + var expected *v1alpha1.CAInjectorConfiguration + expectedData, err := os.ReadFile("./test/defaults.json") + err = json.Unmarshal(expectedData, &expected) + + if err != nil { + t.Errorf("testfile not found") + } + + if !reflect.DeepEqual(tt.config, expected) { + prettyExpected, _ := json.MarshalIndent(expected, "", "\t") + prettyGot, _ := json.MarshalIndent(tt.config, "", "\t") + t.Errorf("expected defaults\n %v \n but got \n %v", string(prettyExpected), string(prettyGot)) + } + }) + } +} diff --git a/internal/apis/config/cainjector/v1alpha1/test/apidefaults.go b/internal/apis/config/cainjector/v1alpha1/test/apidefaults.go new file mode 100644 index 00000000000..d157545a01e --- /dev/null +++ b/internal/apis/config/cainjector/v1alpha1/test/apidefaults.go @@ -0,0 +1,23 @@ +package main + +import ( + "encoding/json" + "fmt" + v1alpha1_pkg "github.com/cert-manager/cert-manager/internal/apis/config/cainjector/v1alpha1" + "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" + "os" +) + +func main() { + config := &v1alpha1.CAInjectorConfiguration{} + v1alpha1_pkg.SetObjectDefaults_CAInjectorConfiguration(config) + data, err := json.Marshal(config) + if err != nil { + panic(err) + } + err = os.WriteFile("./defaults.json", data, 0644) + if err != nil { + panic(err) + } + fmt.Println("cainjector api defaults updated") +} diff --git a/internal/apis/config/cainjector/v1alpha1/test/defaults.json b/internal/apis/config/cainjector/v1alpha1/test/defaults.json new file mode 100644 index 00000000000..eb726c08e83 --- /dev/null +++ b/internal/apis/config/cainjector/v1alpha1/test/defaults.json @@ -0,0 +1 @@ +{"leaderElectionConfig":{"enabled":true,"namespace":"kube-system","leaseDuration":60000000000,"renewDeadline":40000000000,"retryPeriod":15000000000},"enableDataSourceConfig":{"certificates":true},"enableInjectableConfig":{"validatingWebhookConfigurations":true,"mutatingWebhookConfigurations":true,"customResourceDefinitions":true,"apiServices":true},"enablePprof":false,"pprofAddress":"localhost:6060","logging":{"format":"text","flushFrequency":"5s","verbosity":0,"options":{"json":{"infoBufferSize":"0"}}}} \ No newline at end of file diff --git a/make/test.mk b/make/test.mk index 32d288717cb..e02d0768e28 100644 --- a/make/test.mk +++ b/make/test.mk @@ -87,6 +87,10 @@ unit-test-controller: | $(NEEDS_GOTESTSUM) unit-test-webhook: | $(NEEDS_GOTESTSUM) cd cmd/webhook && $(GOTESTSUM) ./... +.PHONY: update-apidefaults-cainjector +update-apidefaults-cainjector: + cd internal/apis/config/cainjector/v1alpha1/test && bash -c "$(GO) run apidefaults.go" + .PHONY: setup-integration-tests setup-integration-tests: templated-crds From 01b298a580877d9d61641096c4a3d54bea9f8169 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 28 Mar 2024 08:33:39 +0100 Subject: [PATCH 024/177] move to Makefile modules Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .github/dependabot.yaml | 20 + .github/workflows/golangci-lint.yml | 38 -- .github/workflows/make-self-upgrade.yaml | 86 +++ LICENSE | 1 - Makefile | 152 ++--- OWNERS | 18 +- OWNERS_ALIASES | 13 + hack/build/.kazelcfg.json | 5 - hack/build/nogo_config.json | 107 ---- hack/build/print-workspace-status.sh | 53 -- hack/check-crds.sh | 74 --- hack/fetch-old-crd.sh | 57 -- hack/verify-goimports.sh | 14 +- klone.yaml | 39 ++ make/00_mod.mk | 54 ++ make/02_mod.mk | 37 ++ make/_shared/boilerplate/00_mod.mk | 17 + make/_shared/boilerplate/01_mod.mk | 21 + .../boilerplate/template/boilerplate.go.txt | 15 + make/_shared/generate-verify/00_mod.mk | 17 + make/_shared/generate-verify/02_mod.mk | 33 ++ make/_shared/generate-verify/util/verify.sh | 63 ++ make/_shared/help/01_mod.mk | 22 + make/_shared/help/help.sh | 113 ++++ make/_shared/klone/01_mod.mk | 27 + make/_shared/repository-base/01_mod.mk | 23 + .../base/.github/dependabot.yaml | 20 + .../.github/workflows/make-self-upgrade.yaml | 86 +++ make/_shared/repository-base/base/LICENSE | 201 +++++++ make/_shared/repository-base/base/Makefile | 109 ++++ .../repository-base/base/OWNERS_ALIASES | 13 + make/{tools.mk => _shared/tools/00_mod.mk} | 553 ++++++++++-------- .../_shared/tools}/util/checkhash.sh | 6 +- {hack => make/_shared/tools}/util/hash.sh | 7 +- make/ci.mk | 138 ++--- make/containers.mk | 10 +- make/e2e-setup.mk | 7 +- make/git.mk | 12 +- make/help.mk | 118 ---- make/ko.mk | 2 +- make/licenses.mk | 26 +- make/manifests.mk | 28 +- make/release.mk | 16 +- make/test.mk | 3 +- make/util.mk | 12 +- .../webhook/openapi/zz_generated.openapi.go | 20 +- .../informers/externalversions/factory.go | 10 + 47 files changed, 1571 insertions(+), 945 deletions(-) create mode 100644 .github/dependabot.yaml delete mode 100644 .github/workflows/golangci-lint.yml create mode 100644 .github/workflows/make-self-upgrade.yaml create mode 100644 OWNERS_ALIASES delete mode 100644 hack/build/.kazelcfg.json delete mode 100644 hack/build/nogo_config.json delete mode 100755 hack/build/print-workspace-status.sh delete mode 100755 hack/check-crds.sh delete mode 100755 hack/fetch-old-crd.sh create mode 100644 klone.yaml create mode 100644 make/00_mod.mk create mode 100644 make/02_mod.mk create mode 100644 make/_shared/boilerplate/00_mod.mk create mode 100644 make/_shared/boilerplate/01_mod.mk create mode 100644 make/_shared/boilerplate/template/boilerplate.go.txt create mode 100644 make/_shared/generate-verify/00_mod.mk create mode 100644 make/_shared/generate-verify/02_mod.mk create mode 100755 make/_shared/generate-verify/util/verify.sh create mode 100644 make/_shared/help/01_mod.mk create mode 100755 make/_shared/help/help.sh create mode 100644 make/_shared/klone/01_mod.mk create mode 100644 make/_shared/repository-base/01_mod.mk create mode 100644 make/_shared/repository-base/base/.github/dependabot.yaml create mode 100644 make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml create mode 100644 make/_shared/repository-base/base/LICENSE create mode 100644 make/_shared/repository-base/base/Makefile create mode 100644 make/_shared/repository-base/base/OWNERS_ALIASES rename make/{tools.mk => _shared/tools/00_mod.mk} (54%) rename {hack => make/_shared/tools}/util/checkhash.sh (89%) rename {hack => make/_shared/tools}/util/hash.sh (82%) delete mode 100644 make/help.mk diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml new file mode 100644 index 00000000000..35367ea5cee --- /dev/null +++ b/.github/dependabot.yaml @@ -0,0 +1,20 @@ +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead. + +# Update Go dependencies and GitHub Actions dependencies weekly. +version: 2 +updates: +- package-ecosystem: gomod + directory: / + schedule: + interval: weekly + groups: + all: + patterns: ["*"] +- package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + groups: + all: + patterns: ["*"] diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml deleted file mode 100644 index 6dc93afe58b..00000000000 --- a/.github/workflows/golangci-lint.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: golangci-lint -on: - push: - branches: - - master - pull_request: - -permissions: - contents: read - -jobs: - golangci: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-go@v4 - with: - go-version-file: go.mod - # setup-go v4 uses cache automatically, which conflicts with golangci-lint's cache. - # See https://github.com/golangci/golangci-lint-action/pull/704 - cache: false - # A workspace file is needed for golangci-lint to check the sub-modules. - # https://github.com/golangci/golangci-lint-action/issues/544 - - run: make go-workspace - # To check sub-modules, you need to supply their paths as positional arguments. - # This step finds the paths and adds them to a variable which is used - # later in the args value. - # https://github.com/golangci/golangci-lint/issues/828 - - name: find-go-modules - id: find-go-modules - run: | - find . -type f -name 'go.mod' -printf '%h/...\n' \ - | jq -r -R -s 'split("\n")[:-1] | sort | join(" ") | "GO_MODULES=\(.)"' \ - >> "$GITHUB_OUTPUT" - - uses: golangci/golangci-lint-action@v3 - with: - version: v1.55.2 - args: --timeout=30m --config=.golangci.ci.yaml ${{ steps.find-go-modules.outputs.GO_MODULES }} diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml new file mode 100644 index 00000000000..ccebdb244eb --- /dev/null +++ b/.github/workflows/make-self-upgrade.yaml @@ -0,0 +1,86 @@ +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead. + +name: make-self-upgrade +concurrency: make-self-upgrade +on: + workflow_dispatch: {} + schedule: + - cron: '0 0 * * *' + +jobs: + build_images: + runs-on: ubuntu-latest + + permissions: + contents: write + pull-requests: write + + steps: + - name: Fail if branch is not main + if: github.ref != 'refs/heads/main' + run: | + echo "This workflow should not be run on a branch other than main." + exit 1 + + - uses: actions/checkout@v4 + + - id: go-version + run: | + make print-go-version >> "$GITHUB_OUTPUT" + + - uses: actions/setup-go@v5 + with: + go-version: ${{ steps.go-version.outputs.result }} + + - run: | + git checkout -B "self-upgrade" + + - run: | + make -j upgrade-klone + make -j generate + + - id: is-up-to-date + shell: bash + run: | + git_status=$(git status -s) + is_up_to_date="true" + if [ -n "$git_status" ]; then + is_up_to_date="false" + echo "The following changes will be committed:" + echo "$git_status" + fi + echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT" + + - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} + run: | + git config --global user.name "jetstack-bot" + git config --global user.email "jetstack-bot@users.noreply.github.com" + git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff + git push -f origin self-upgrade + + - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} + uses: actions/github-script@v7 + with: + script: | + const { repo, owner } = context.repo; + const pulls = await github.rest.pulls.list({ + owner: owner, + repo: repo, + head: owner + ':self-upgrade', + base: 'main', + state: 'open', + }); + + if (pulls.data.length < 1) { + await github.rest.pulls.create({ + title: '[CI] Merge self-upgrade into main', + owner: owner, + repo: repo, + head: 'self-upgrade', + base: 'main', + body: [ + 'This PR is auto-generated to bump the Makefile modules.', + ].join('\n'), + }); + } diff --git a/LICENSE b/LICENSE index d6456956733..261eeb9e9f8 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,3 @@ - Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ diff --git a/Makefile b/Makefile index d056103b227..6e1916a5a6d 100644 --- a/Makefile +++ b/Makefile @@ -12,86 +12,98 @@ # See the License for the specific language governing permissions and # limitations under the License. +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/Makefile instead. + +# NOTE FOR DEVELOPERS: "How do the Makefiles work and how can I extend them?" +# +# Shared Makefile logic lives in the make/_shared/ directory. The source of truth for these files +# lies outside of this repository, eg. in the cert-manager/makefile-modules repository. +# +# Logic specific to this repository must be defined in the make/00_mod.mk and make/02_mod.mk files: +# - The make/00_mod.mk file is included first and contains variable definitions needed by +# the shared Makefile logic. +# - The make/02_mod.mk file is included later, it can make use of most of the shared targets +# defined in the make/_shared/ directory (all targets defined in 00_mod.mk and 01_mod.mk). +# This file should be used to define targets specific to this repository. + +################################## + +# Some modules build their dependencies from variables, we want these to be +# evalutated at the last possible moment. For this we use second expansion to +# re-evaluate the generate and verify targets a second time. +# +# See https://www.gnu.org/software/make/manual/html_node/Secondary-Expansion.html +.SECONDEXPANSION: + # For details on some of these "prelude" settings, see: # https://clarkgrubb.com/makefile-style-guide - MAKEFLAGS += --warn-undefined-variables --no-builtin-rules SHELL := /usr/bin/env bash .SHELLFLAGS := -uo pipefail -c .DEFAULT_GOAL := help .DELETE_ON_ERROR: .SUFFIXES: +FORCE: + +noop: # do nothing + +################################## +# Host OS and architecture setup # +################################## + +# The reason we don't use "go env GOOS" or "go env GOARCH" is that the "go" +# binary may not be available in the PATH yet when the Makefiles are +# evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 +# and Intel). +HOST_OS ?= $(shell uname -s | tr A-Z a-z) +HOST_ARCH ?= $(shell uname -m) + +ifeq (x86_64, $(HOST_ARCH)) + HOST_ARCH = amd64 +else ifeq (aarch64, $(HOST_ARCH)) + # linux reports the arm64 arch as aarch64 + HOST_ARCH = arm64 +endif + +################################## +# Git and versioning information # +################################## + +VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false) +GITCOMMIT := $(shell git rev-parse HEAD) +GITEPOCH := $(shell git show -s --format=%ct HEAD) + +################################## +# Global variables and dirs # +################################## bin_dir := _bin -include make/util.mk - -# SOURCES contains all go files except those in $(bin_dir), the old bindir `bin`, or in -# the make dir. -# NB: we skip `bin/` since users might have a `bin` directory left over in repos they were -# using before the bin dir was renamed -SOURCES := $(call get-sources,cat -) go.mod go.sum - -## GOBUILDPROCS is passed to GOMAXPROCS when running go build; if you're running -## make in parallel using "-jN" then you'll probably want to reduce the value -## of GOBUILDPROCS or else you could end up running N parallel invocations of -## go build, each of which will spin up as many threads as are available on your -## system. -## @category Build -GOBUILDPROCS ?= - -include make/git.mk - -## By default, we don't link Go binaries to the libc. In some case, you might -## want to build libc-linked binaries, in which case you can set this to "1". -## @category Build -CGO_ENABLED ?= 0 - -## This flag is passed to `go build` to enable Go experiments. It's empty by default -## @category Build -GOEXPERIMENT ?= # empty by default - -## Extra flags passed to 'go' when building. For example, use GOFLAGS=-v to turn on the -## verbose output. -## @category Build -GOFLAGS := -trimpath - -## Extra linking flags passed to 'go' via '-ldflags' when building. -## @category Build -GOLDFLAGS := -w -s \ - -X github.com/cert-manager/cert-manager/pkg/util.AppVersion=$(RELEASE_VERSION) \ - -X github.com/cert-manager/cert-manager/pkg/util.AppGitCommit=$(GITCOMMIT) - -include make/tools.mk -include make/ci.mk -include make/test.mk -include make/base_images.mk -include make/server.mk -include make/containers.mk -include make/release.mk -include make/manifests.mk -include make/licenses.mk -include make/e2e-setup.mk -include make/scan.mk -include make/ko.mk -include make/help.mk +# The ARTIFACTS environment variable is set by the CI system to a directory +# where artifacts should be placed. These artifacts are then uploaded to a +# storage bucket by the CI system (https://docs.prow.k8s.io/docs/components/pod-utilities/). +# An example of such an artifact is a jUnit XML file containing test results. +# If the ARTIFACTS environment variable is not set, we default to a local +# directory in the _bin directory. +ARTIFACTS ?= $(bin_dir)/artifacts + +$(bin_dir) $(ARTIFACTS) $(bin_dir)/scratch: + mkdir -p $@ .PHONY: clean -## Remove the kind cluster and everything that was built. The downloaded images -## and tools are kept intact to avoid re-downloading everything. To really wipe -## out everything, use `make clean-all` instead. -## -## @category Development -clean: | $(NEEDS_KIND) - @$(eval KIND_CLUSTER_NAME ?= kind) - $(KIND) delete cluster --name=$(shell cat $(bin_dir)/scratch/kind-exists 2>/dev/null || echo $(KIND_CLUSTER_NAME)) -q 2>/dev/null || true - rm -rf $(filter-out $(bin_dir)/downloaded,$(wildcard $(bin_dir)/*)) - rm -rf bazel-bin bazel-cert-manager bazel-out bazel-testlogs - -.PHONY: clean-all -clean-all: clean - rm -rf $(bin_dir)/ - -# FORCE is a helper target to force a file to be rebuilt whenever its -# target is invoked. -FORCE: +## Clean all temporary files +## @category [shared] Tools +clean: + rm -rf $(bin_dir) + +################################## +# Include all the Makefiles # +################################## + +-include make/00_mod.mk +-include make/_shared/*/00_mod.mk +-include make/_shared/*/01_mod.mk +-include make/02_mod.mk +-include make/_shared/*/02_mod.mk diff --git a/OWNERS b/OWNERS index a929ba919e9..7716d2c4a5f 100644 --- a/OWNERS +++ b/OWNERS @@ -1,21 +1,7 @@ approvers: -- munnerz -- joshvanl -- wallrj -- jakexks -- maelvls -- irbekrm -- sgtcodfish -- inteon +- cm-maintainers - thatsmrtalbot reviewers: -- munnerz -- joshvanl -- wallrj -- jakexks -- maelvls -- irbekrm -- sgtcodfish -- inteon +- cm-maintainers - thatsmrtalbot - erikgb diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES new file mode 100644 index 00000000000..6d51f05b459 --- /dev/null +++ b/OWNERS_ALIASES @@ -0,0 +1,13 @@ +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/OWNERS_ALIASES instead. + +aliases: + cm-maintainers: + - munnerz + - joshvanl + - wallrj + - jakexks + - maelvls + - irbekrm + - sgtcodfish + - inteon diff --git a/hack/build/.kazelcfg.json b/hack/build/.kazelcfg.json deleted file mode 100644 index 45b1b2e50a6..00000000000 --- a/hack/build/.kazelcfg.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "GoPrefix": "github.com/cert-manager/cert-manager", - "AddSourcesRules": true, - "SkippedPaths": ["_bin"] -} diff --git a/hack/build/nogo_config.json b/hack/build/nogo_config.json deleted file mode 100644 index 9c0275089d4..00000000000 --- a/hack/build/nogo_config.json +++ /dev/null @@ -1,107 +0,0 @@ -{ - "structtag": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "asmdecl": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "assign": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "atomic": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "bools": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "buildtag": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "cgocall": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "composites": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "copylocks": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "httpresponse": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "loopclosure": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "lostcancel": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "nilness": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "nilfunc": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "printf": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "shift": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "stdmethods": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "tests": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "unreachable": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "unsafeptr": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - }, - "unusedresult": { - "exclude_files": { - "external/": "external tools don't pass vet" - } - } -} diff --git a/hack/build/print-workspace-status.sh b/hack/build/print-workspace-status.sh deleted file mode 100755 index 252444b5892..00000000000 --- a/hack/build/print-workspace-status.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2020 The cert-manager Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# The only argument this script should ever be called with is '--verify-only' - -set -o errexit -set -o nounset -set -o pipefail - -SCRIPT_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )" > /dev/null && pwd )" -REPO_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../../" > /dev/null && pwd )" - -source "${SCRIPT_ROOT}/version.sh" -kube::version::get_version_vars - -APP_GIT_COMMIT=${APP_GIT_COMMIT:-$(git rev-parse HEAD)} -GIT_STATE="" -if [ ! -z "$(git status --porcelain)" ]; then - GIT_STATE="dirty" -fi - -cat < " - exit 1 -} - -go=${1:-} -controllergen=${2:-} -yq=${3:-} - -if [[ -z $go ]]; then - usage_and_exit -fi - -if [[ -z $controllergen ]]; then - usage_and_exit -fi - -if [[ -z $yq ]]; then - usage_and_exit -fi - -echo "+++ verifying that generated CRDs are up-to-date..." >&2 -tmpdir="$(mktemp -d tmp-CHECKCRD-XXXXXXXXX)" -trap 'rm -r $tmpdir' EXIT - -make PATCH_CRD_OUTPUT_DIR=$tmpdir patch-crds - -# Avoid diff -N so we handle empty files correctly -diff=$(diff -upr -x README.md "./deploy/crds" "$tmpdir" 2>/dev/null || true) - -if [[ -n "${diff}" ]]; then - echo "${diff}" >&2 - echo >&2 - echo "fatal: CRDs are out of date. Run 'make update-crds'" >&2 - exit 1 -fi - -echo "+++ success: generated CRDs are up-to-date" >&2 - -# Verify that CRDs don't contain status fields as that causes issues when they -# are managed by some CD tools. This check is necessary because currently -# controller-gen adds a status field that needs to be removed manually. -# See https://github.com/cert-manager/cert-manager/pull/4379 for context - -echo "+++ verifying that CRDs don't contain .status fields..." - -for file in ${tmpdir}/*.yaml; do - name=$($yq e '.metadata.name' $file) - echo "checking $name" - # Exit 1 if status is non-null - $yq e --exit-status=1 '.status==null' $file >/dev/null -done - -echo "+++ success: generated CRDs don't contain any status fields" diff --git a/hack/fetch-old-crd.sh b/hack/fetch-old-crd.sh deleted file mode 100755 index b1f38c6a75a..00000000000 --- a/hack/fetch-old-crd.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2022 The cert-manager Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -eu -o pipefail - -# This script fetches old CRDs from GitHub releases but gracefully exits without an error -# if it encounters a 404. This handles the case where a git tag exists but no release -# exists, which would otherwise cause fetching the CRDs to fail. - -function print_help() { - echo "usage: $0 " > /dev/stderr -} - -if [[ -z "${1:-}" ]]; then - print_help - exit 1 -fi - -if [[ -z "${2:-}" ]]; then - print_help - exit 1 -fi - -url=$1 -destfile=$2 - -# make curl write to a temp file, since we don't want to write to destfile if -# we get a 404 from GitHub -outfile=$(mktemp) - -trap 'rm -f -- "$outfile"' EXIT - -STATUSCODE=$(curl --retry 3 --compressed --silent --location --output $outfile --write-out "%{http_code}" $url) - -if test $STATUSCODE -eq 404; then - # If a tag exists without a release, then we'll get a 404 here. This could happen during a release, for example. - # In this case, we don't error and don't write anything to destfile - exit 0 -elif test $STATUSCODE -ne 200; then - echo "Got status code $STATUSCODE for '$url' - possibly broken or in-progress release / GitHub down / rate limit" > /dev/stderr - exit 1 -fi - -cp $outfile $destfile diff --git a/hack/verify-goimports.sh b/hack/verify-goimports.sh index a84bed4783b..ffc1508141b 100755 --- a/hack/verify-goimports.sh +++ b/hack/verify-goimports.sh @@ -19,21 +19,27 @@ set -o nounset set -o pipefail if [[ -z "${1:-}" ]]; then - echo "usage: $0 " >&2 + echo "usage: $0 [go dirs ...]" >&2 exit 1 fi goimports=$(realpath "$1") +shift 1 + +godirs=("$@") +if [ ${#godirs[@]} -eq 0 ]; then + echo "No go dirs specified" >&2 + exit 1 +fi + # passing "-local" would be ideal, but it'll conflict with auto generated files ATM # and cause churn when we want to update those files #common_flags="-local github.com/cert-manager/cert-manager" common_flags="" -echo "+++ running goimports" >&2 - -godirs=$(make --silent print-source-dirs) +echo "+++ running goimports on [${godirs[@]}]" >&2 output=$($goimports $common_flags -l $godirs) diff --git a/klone.yaml b/klone.yaml new file mode 100644 index 00000000000..d8453decf37 --- /dev/null +++ b/klone.yaml @@ -0,0 +1,39 @@ +# This klone.yaml file describes the Makefile modules and versions that are +# cloned into the "make/_shared" folder. These modules are dynamically imported +# by the root Makefile. The "make upgrade-klone" target can be used to pull +# the latest version from the upstream repositories (using the repo_ref value). +# +# More info can be found here: https://github.com/cert-manager/makefile-modules + +targets: + make/_shared: + - folder_name: boilerplate + repo_url: https://github.com/cert-manager/makefile-modules.git + repo_ref: main + repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_path: modules/boilerplate + - folder_name: generate-verify + repo_url: https://github.com/cert-manager/makefile-modules.git + repo_ref: main + repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_path: modules/generate-verify + - folder_name: help + repo_url: https://github.com/cert-manager/makefile-modules.git + repo_ref: main + repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_path: modules/help + - folder_name: klone + repo_url: https://github.com/cert-manager/makefile-modules.git + repo_ref: main + repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_path: modules/klone + - folder_name: repository-base + repo_url: https://github.com/cert-manager/makefile-modules.git + repo_ref: main + repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_path: modules/repository-base + - folder_name: tools + repo_url: https://github.com/cert-manager/makefile-modules.git + repo_ref: main + repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_path: modules/tools diff --git a/make/00_mod.mk b/make/00_mod.mk new file mode 100644 index 00000000000..529610bf8aa --- /dev/null +++ b/make/00_mod.mk @@ -0,0 +1,54 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +include make/util.mk + +# SOURCES contains all go files except those in $(bin_dir), the old bindir `bin`, or in +# the make dir. +# NB: we skip `bin/` since users might have a `bin` directory left over in repos they were +# using before the bin dir was renamed +SOURCES := $(call get-sources,cat -) go.mod go.sum + +# SOURCE_DIRS contains all the directories that contain go files +SOURCE_DIRS := $(call get-sources,cut -d'/' -f2 | sort | uniq | tr '\n' ' ') + +## GOBUILDPROCS is passed to GOMAXPROCS when running go build; if you're running +## make in parallel using "-jN" then you'll probably want to reduce the value +## of GOBUILDPROCS or else you could end up running N parallel invocations of +## go build, each of which will spin up as many threads as are available on your +## system. +## @category Build +GOBUILDPROCS ?= + +include make/git.mk + +## By default, we don't link Go binaries to the libc. In some case, you might +## want to build libc-linked binaries, in which case you can set this to "1". +## @category Build +CGO_ENABLED ?= 0 + +## This flag is passed to `go build` to enable Go experiments. It's empty by default +## @category Build +GOEXPERIMENT ?= # empty by default + +## Extra flags passed to 'go' when building. For example, use GOFLAGS=-v to turn on the +## verbose output. +## @category Build +GOFLAGS := -trimpath + +## Extra linking flags passed to 'go' via '-ldflags' when building. +## @category Build +GOLDFLAGS := -w -s \ + -X github.com/cert-manager/cert-manager/pkg/util.AppVersion=$(VERSION) \ + -X github.com/cert-manager/cert-manager/pkg/util.AppGitCommit=$(GITCOMMIT) diff --git a/make/02_mod.mk b/make/02_mod.mk new file mode 100644 index 00000000000..0d28abea300 --- /dev/null +++ b/make/02_mod.mk @@ -0,0 +1,37 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +GOBUILD := CGO_ENABLED=$(CGO_ENABLED) GOEXPERIMENT=$(GOEXPERIMENT) GOMAXPROCS=$(GOBUILDPROCS) $(GO) build +GOTEST := CGO_ENABLED=$(CGO_ENABLED) GOEXPERIMENT=$(GOEXPERIMENT) $(GO) test + +# overwrite $(GOTESTSUM) and add relevant environment variables +GOTESTSUM := CGO_ENABLED=$(CGO_ENABLED) GOEXPERIMENT=$(GOEXPERIMENT) $(GOTESTSUM) + +# Version of Gateway API install bundle https://gateway-api.sigs.k8s.io/v1alpha2/guides/#installing-gateway-api +GATEWAY_API_VERSION=v1.0.0 + +$(bin_dir)/scratch/gateway-api-$(GATEWAY_API_VERSION).yaml: | $(bin_dir)/scratch + $(CURL) https://github.com/kubernetes-sigs/gateway-api/releases/download/$(GATEWAY_API_VERSION)/experimental-install.yaml -o $@ + +include make/ci.mk +include make/test.mk +include make/base_images.mk +include make/server.mk +include make/containers.mk +include make/release.mk +include make/manifests.mk +include make/licenses.mk +include make/e2e-setup.mk +include make/scan.mk +include make/ko.mk diff --git a/make/_shared/boilerplate/00_mod.mk b/make/_shared/boilerplate/00_mod.mk new file mode 100644 index 00000000000..46f32fc5c42 --- /dev/null +++ b/make/_shared/boilerplate/00_mod.mk @@ -0,0 +1,17 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +default_go_header_file := $(dir $(lastword $(MAKEFILE_LIST)))/template/boilerplate.go.txt + +go_header_file ?= $(default_go_header_file) diff --git a/make/_shared/boilerplate/01_mod.mk b/make/_shared/boilerplate/01_mod.mk new file mode 100644 index 00000000000..677fdff97f5 --- /dev/null +++ b/make/_shared/boilerplate/01_mod.mk @@ -0,0 +1,21 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.PHONY: verify-boilerplate +## Verify that all files have the correct boilerplate. +## @category [shared] Generate/ Verify +verify-boilerplate: | $(NEEDS_BOILERSUITE) + $(BOILERSUITE) . + +shared_verify_targets += verify-boilerplate diff --git a/make/_shared/boilerplate/template/boilerplate.go.txt b/make/_shared/boilerplate/template/boilerplate.go.txt new file mode 100644 index 00000000000..f0214588363 --- /dev/null +++ b/make/_shared/boilerplate/template/boilerplate.go.txt @@ -0,0 +1,15 @@ +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ \ No newline at end of file diff --git a/make/_shared/generate-verify/00_mod.mk b/make/_shared/generate-verify/00_mod.mk new file mode 100644 index 00000000000..9b145a95f04 --- /dev/null +++ b/make/_shared/generate-verify/00_mod.mk @@ -0,0 +1,17 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +shared_generate_targets ?= +shared_verify_targets ?= +shared_verify_targets_dirty ?= diff --git a/make/_shared/generate-verify/02_mod.mk b/make/_shared/generate-verify/02_mod.mk new file mode 100644 index 00000000000..2f2daacd976 --- /dev/null +++ b/make/_shared/generate-verify/02_mod.mk @@ -0,0 +1,33 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.PHONY: generate +## Generate all generate targets. +## @category [shared] Generate/ Verify +generate: $$(shared_generate_targets) + +verify_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/verify.sh + +# Run the supplied make target argument in a temporary workspace and diff the results. +verify-%: FORCE + $(verify_script) $(MAKE) -s $* + +verify_generated_targets = $(shared_generate_targets:%=verify-%) + +.PHONY: verify +## Verify code and generate targets. +## @category [shared] Generate/ Verify +verify: $$(verify_generated_targets) $$(shared_verify_targets) + @echo "The following targets create temporary files in the current directory, that is why they have to be run last:" + $(MAKE) noop $(shared_verify_targets_dirty) diff --git a/make/_shared/generate-verify/util/verify.sh b/make/_shared/generate-verify/util/verify.sh new file mode 100755 index 00000000000..206d3e63a7b --- /dev/null +++ b/make/_shared/generate-verify/util/verify.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env bash + +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Verify that the supplied command does not make any changes to the repository. +# +# This is called from the Makefile to verify that all code generation scripts +# have been run and that their changes have been committed to the repository. +# +# Runs any of the scripts or Make targets in this repository, after making a +# copy of the repository, then reports any changes to the files in the copy. + +# For example: +# +# make verify-helm-chart-update || \ +# make helm-chart-update +# +set -o errexit +set -o nounset +set -o pipefail + +projectdir="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../../../.." && pwd )" + +cd "${projectdir}" + +# Use short form arguments here to support BSD/macOS. `-d` instructs +# it to make a directory, `-t` provides a prefix to use for the directory name. +tmp="$(mktemp -d /tmp/verify.sh.XXXXXXXX)" + +cleanup() { + rm -rf "${tmp}" +} +trap "cleanup" EXIT SIGINT + +cp -a "${projectdir}/." "${tmp}" +pushd "${tmp}" >/dev/null + +"$@" + +popd >/dev/null + +if ! diff \ + --exclude=".git" \ + --exclude="_bin" \ + --new-file --unified --show-c-function --recursive "${projectdir}" "${tmp}" +then + echo + echo "Project '${projectdir}' is out of date." + echo "Please run '${*}'" + exit 1 +fi diff --git a/make/_shared/help/01_mod.mk b/make/_shared/help/01_mod.mk new file mode 100644 index 00000000000..1a6a3b48b24 --- /dev/null +++ b/make/_shared/help/01_mod.mk @@ -0,0 +1,22 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +help_sh := $(dir $(lastword $(MAKEFILE_LIST)))/help.sh + +.PHONY: help +help: + @MAKEFILE_LIST="$(MAKEFILE_LIST)" \ + MAKE="$(MAKE)" \ + $(help_sh) diff --git a/make/_shared/help/help.sh b/make/_shared/help/help.sh new file mode 100755 index 00000000000..96c4ad8e062 --- /dev/null +++ b/make/_shared/help/help.sh @@ -0,0 +1,113 @@ +#!/usr/bin/env bash + +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eu -o pipefail + +## 1. Build set of extracted line items + +EMPTYLINE_REGEX="^[[:space:]]*$" +DOCBLOCK_REGEX="^##[[:space:]]*(.*)$" +CATEGORY_REGEX="^##[[:space:]]*@category[[:space:]]*(.*)$" +TARGET_REGEX="^(([a-zA-Z0-9\_\/\%\$\(\)]|-)+):.*$" + +EMPTY_ITEM="" + +# shellcheck disable=SC2086 +raw_lines=$(cat ${MAKEFILE_LIST} | tr '\t' ' ' | grep -E "($TARGET_REGEX|$DOCBLOCK_REGEX|$EMPTYLINE_REGEX)") +extracted_lines="" +extracted_current="$EMPTY_ITEM" +max_target_length=0 + +## Extract all the commented targets from the Makefile +while read -r line; do + if [[ $line =~ $EMPTYLINE_REGEX ]]; then + # Reset current item. + extracted_current="$EMPTY_ITEM" + elif [[ $line =~ $CATEGORY_REGEX ]]; then + extracted_current=${extracted_current///${BASH_REMATCH[1]}} + elif [[ $line =~ $TARGET_REGEX ]]; then + # only keep the target if there is a comment + if [[ $extracted_current != *""* ]]; then + max_target_length=$(( ${#BASH_REMATCH[1]} > max_target_length ? ${#BASH_REMATCH[1]} : max_target_length )) + extracted_current=${extracted_current///${BASH_REMATCH[1]}} + extracted_lines="$extracted_lines\n$extracted_current" + fi + + extracted_current="$EMPTY_ITEM" + elif [[ $line =~ $DOCBLOCK_REGEX ]]; then + extracted_current=${extracted_current///${BASH_REMATCH[1]}} + fi +done <<< "$raw_lines" + +## 2. Build mapping for expanding targets + +ASSIGNMENT_REGEX="^(([a-zA-Z0-9\_\/\%\$\(\)]|-)+)[[:space:]]*:=[[:space:]]*(.*)$" + +raw_expansions=$(${MAKE} --dry-run --print-data-base noop | tr '\t' ' ' | grep -E "$ASSIGNMENT_REGEX") +extracted_expansions="" + +while read -r line; do + if [[ $line =~ $ASSIGNMENT_REGEX ]]; then + target=${BASH_REMATCH[1]} + expansion=${BASH_REMATCH[3]// /, } + extracted_expansions="$extracted_expansions\n$target$expansion" + fi +done <<< "$raw_expansions" + +## 3. Sort and print the extracted line items + +RULE_COLOR="$(tput setaf 6)" +CATEGORY_COLOR="$(tput setaf 3)" +CLEAR_STYLE="$(tput sgr0)" +PURPLE=$(tput setaf 125) + +extracted_lines=$(echo -e "$extracted_lines" | LC_ALL=C sort -r) +current_category="" + +## Print the help +echo "Usage: make [target1] [target2] ..." + +IFS=$'\n'; for line in $extracted_lines; do + category=$([[ $line =~ \(.*)\ ]] && echo "${BASH_REMATCH[1]}") + target=$([[ $line =~ \(.*)\ ]] && echo "${BASH_REMATCH[1]}") + comment=$([[ $line =~ \(.*)\ ]] && echo -e "${BASH_REMATCH[1]///\\n}") + + # Print the category header if it's changed + if [[ "$current_category" != "$category" ]]; then + current_category=$category + echo -e "\n${CATEGORY_COLOR}${current_category}${CLEAR_STYLE}" + fi + + # replace any $(...) with the actual value + if [[ $target =~ \$\((.*)\) ]]; then + new_target=$(echo -e "$extracted_expansions" | grep "${BASH_REMATCH[1]}" || true) + if [[ -n "$new_target" ]]; then + target=$([[ $new_target =~ \(.*)\ ]] && echo -e "${BASH_REMATCH[1]}") + fi + fi + + # Print the target and its multiline comment + is_first_line=true + while read -r comment_line; do + if [[ "$is_first_line" == true ]]; then + is_first_line=false + padding=$(( max_target_length - ${#target} )) + printf " %s%${padding}s ${PURPLE}>${CLEAR_STYLE} %s\n" "${RULE_COLOR}${target}${CLEAR_STYLE}" "" "${comment_line}" + else + printf " %${max_target_length}s %s\n" "" "${comment_line}" + fi + done <<< "$comment" +done diff --git a/make/_shared/klone/01_mod.mk b/make/_shared/klone/01_mod.mk new file mode 100644 index 00000000000..a3d07dd2778 --- /dev/null +++ b/make/_shared/klone/01_mod.mk @@ -0,0 +1,27 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +.PHONY: generate-klone +## Generate klone shared Makefiles +## @category [shared] Generate/ Verify +generate-klone: | $(NEEDS_KLONE) + $(KLONE) sync + +shared_generate_targets += generate-klone + +.PHONY: upgrade-klone +## Upgrade klone Makefile modules to latest version +## @category [shared] Self-upgrade +upgrade-klone: | $(NEEDS_KLONE) + $(KLONE) upgrade diff --git a/make/_shared/repository-base/01_mod.mk b/make/_shared/repository-base/01_mod.mk new file mode 100644 index 00000000000..251ac88e56c --- /dev/null +++ b/make/_shared/repository-base/01_mod.mk @@ -0,0 +1,23 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/ + +.PHONY: generate-base +## Generate base files in the repository +## @category [shared] Generate/ Verify +generate-base: + cp -r $(base_dir)/. ./ + +shared_generate_targets += generate-base diff --git a/make/_shared/repository-base/base/.github/dependabot.yaml b/make/_shared/repository-base/base/.github/dependabot.yaml new file mode 100644 index 00000000000..35367ea5cee --- /dev/null +++ b/make/_shared/repository-base/base/.github/dependabot.yaml @@ -0,0 +1,20 @@ +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead. + +# Update Go dependencies and GitHub Actions dependencies weekly. +version: 2 +updates: +- package-ecosystem: gomod + directory: / + schedule: + interval: weekly + groups: + all: + patterns: ["*"] +- package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + groups: + all: + patterns: ["*"] diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml new file mode 100644 index 00000000000..ccebdb244eb --- /dev/null +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -0,0 +1,86 @@ +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/workflows/make-self-upgrade.yaml instead. + +name: make-self-upgrade +concurrency: make-self-upgrade +on: + workflow_dispatch: {} + schedule: + - cron: '0 0 * * *' + +jobs: + build_images: + runs-on: ubuntu-latest + + permissions: + contents: write + pull-requests: write + + steps: + - name: Fail if branch is not main + if: github.ref != 'refs/heads/main' + run: | + echo "This workflow should not be run on a branch other than main." + exit 1 + + - uses: actions/checkout@v4 + + - id: go-version + run: | + make print-go-version >> "$GITHUB_OUTPUT" + + - uses: actions/setup-go@v5 + with: + go-version: ${{ steps.go-version.outputs.result }} + + - run: | + git checkout -B "self-upgrade" + + - run: | + make -j upgrade-klone + make -j generate + + - id: is-up-to-date + shell: bash + run: | + git_status=$(git status -s) + is_up_to_date="true" + if [ -n "$git_status" ]; then + is_up_to_date="false" + echo "The following changes will be committed:" + echo "$git_status" + fi + echo "result=$is_up_to_date" >> "$GITHUB_OUTPUT" + + - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} + run: | + git config --global user.name "jetstack-bot" + git config --global user.email "jetstack-bot@users.noreply.github.com" + git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff + git push -f origin self-upgrade + + - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} + uses: actions/github-script@v7 + with: + script: | + const { repo, owner } = context.repo; + const pulls = await github.rest.pulls.list({ + owner: owner, + repo: repo, + head: owner + ':self-upgrade', + base: 'main', + state: 'open', + }); + + if (pulls.data.length < 1) { + await github.rest.pulls.create({ + title: '[CI] Merge self-upgrade into main', + owner: owner, + repo: repo, + head: 'self-upgrade', + base: 'main', + body: [ + 'This PR is auto-generated to bump the Makefile modules.', + ].join('\n'), + }); + } diff --git a/make/_shared/repository-base/base/LICENSE b/make/_shared/repository-base/base/LICENSE new file mode 100644 index 00000000000..261eeb9e9f8 --- /dev/null +++ b/make/_shared/repository-base/base/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/make/_shared/repository-base/base/Makefile b/make/_shared/repository-base/base/Makefile new file mode 100644 index 00000000000..6e1916a5a6d --- /dev/null +++ b/make/_shared/repository-base/base/Makefile @@ -0,0 +1,109 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/Makefile instead. + +# NOTE FOR DEVELOPERS: "How do the Makefiles work and how can I extend them?" +# +# Shared Makefile logic lives in the make/_shared/ directory. The source of truth for these files +# lies outside of this repository, eg. in the cert-manager/makefile-modules repository. +# +# Logic specific to this repository must be defined in the make/00_mod.mk and make/02_mod.mk files: +# - The make/00_mod.mk file is included first and contains variable definitions needed by +# the shared Makefile logic. +# - The make/02_mod.mk file is included later, it can make use of most of the shared targets +# defined in the make/_shared/ directory (all targets defined in 00_mod.mk and 01_mod.mk). +# This file should be used to define targets specific to this repository. + +################################## + +# Some modules build their dependencies from variables, we want these to be +# evalutated at the last possible moment. For this we use second expansion to +# re-evaluate the generate and verify targets a second time. +# +# See https://www.gnu.org/software/make/manual/html_node/Secondary-Expansion.html +.SECONDEXPANSION: + +# For details on some of these "prelude" settings, see: +# https://clarkgrubb.com/makefile-style-guide +MAKEFLAGS += --warn-undefined-variables --no-builtin-rules +SHELL := /usr/bin/env bash +.SHELLFLAGS := -uo pipefail -c +.DEFAULT_GOAL := help +.DELETE_ON_ERROR: +.SUFFIXES: +FORCE: + +noop: # do nothing + +################################## +# Host OS and architecture setup # +################################## + +# The reason we don't use "go env GOOS" or "go env GOARCH" is that the "go" +# binary may not be available in the PATH yet when the Makefiles are +# evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 +# and Intel). +HOST_OS ?= $(shell uname -s | tr A-Z a-z) +HOST_ARCH ?= $(shell uname -m) + +ifeq (x86_64, $(HOST_ARCH)) + HOST_ARCH = amd64 +else ifeq (aarch64, $(HOST_ARCH)) + # linux reports the arm64 arch as aarch64 + HOST_ARCH = arm64 +endif + +################################## +# Git and versioning information # +################################## + +VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false) +GITCOMMIT := $(shell git rev-parse HEAD) +GITEPOCH := $(shell git show -s --format=%ct HEAD) + +################################## +# Global variables and dirs # +################################## + +bin_dir := _bin + +# The ARTIFACTS environment variable is set by the CI system to a directory +# where artifacts should be placed. These artifacts are then uploaded to a +# storage bucket by the CI system (https://docs.prow.k8s.io/docs/components/pod-utilities/). +# An example of such an artifact is a jUnit XML file containing test results. +# If the ARTIFACTS environment variable is not set, we default to a local +# directory in the _bin directory. +ARTIFACTS ?= $(bin_dir)/artifacts + +$(bin_dir) $(ARTIFACTS) $(bin_dir)/scratch: + mkdir -p $@ + +.PHONY: clean +## Clean all temporary files +## @category [shared] Tools +clean: + rm -rf $(bin_dir) + +################################## +# Include all the Makefiles # +################################## + +-include make/00_mod.mk +-include make/_shared/*/00_mod.mk +-include make/_shared/*/01_mod.mk +-include make/02_mod.mk +-include make/_shared/*/02_mod.mk diff --git a/make/_shared/repository-base/base/OWNERS_ALIASES b/make/_shared/repository-base/base/OWNERS_ALIASES new file mode 100644 index 00000000000..6d51f05b459 --- /dev/null +++ b/make/_shared/repository-base/base/OWNERS_ALIASES @@ -0,0 +1,13 @@ +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/OWNERS_ALIASES instead. + +aliases: + cm-maintainers: + - munnerz + - joshvanl + - wallrj + - jakexks + - maelvls + - irbekrm + - sgtcodfish + - inteon diff --git a/make/tools.mk b/make/_shared/tools/00_mod.mk similarity index 54% rename from make/tools.mk rename to make/_shared/tools/00_mod.mk index 3f82f08782b..b162a6ecc90 100644 --- a/make/tools.mk +++ b/make/_shared/tools/00_mod.mk @@ -12,6 +12,19 @@ # See the License for the specific language governing permissions and # limitations under the License. +ifndef bin_dir +$(error bin_dir is not set) +endif + +########################################## + +$(bin_dir)/scratch/image $(bin_dir)/tools $(bin_dir)/downloaded $(bin_dir)/downloaded/tools: + @mkdir -p $@ + +checkhash_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/checkhash.sh + +for_each_kv = $(foreach item,$2,$(eval $(call $1,$(word 1,$(subst =, ,$(item))),$(word 2,$(subst =, ,$(item)))))) + # To make sure we use the right version of each tool, we put symlink in # $(bin_dir)/tools, and the actual binaries are in $(bin_dir)/downloaded. When bumping # the version of the tools, this symlink gets updated. @@ -20,85 +33,119 @@ # pick up the wrong binary somewhere. Watch out, $(shell echo $$PATH) will # still print the original PATH, since GNU make does not honor exported # variables: https://stackoverflow.com/questions/54726457 -export PATH := $(PWD)/$(bin_dir)/tools:$(PATH) +export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) CTR=docker TOOLS := # https://github.com/helm/helm/releases -TOOLS += helm=v3.12.3 +TOOLS += helm=v3.14.0 # https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl -TOOLS += kubectl=v1.28.1 +TOOLS += kubectl=v1.29.1 # https://github.com/kubernetes-sigs/kind/releases -TOOLS += kind=v0.21.0 -# https://github.com/sigstore/cosign/releases -TOOLS += cosign=v2.2.0 -# https://github.com/rclone/rclone/releases -TOOLS += rclone=v1.64.0 +TOOLS += kind=v0.20.0 +# https://www.vaultproject.io/downloads +TOOLS += vault=1.15.4 +# https://github.com/Azure/azure-workload-identity/releases +TOOLS += azwi=v1.2.0 +# https://github.com/kyverno/kyverno/releases +TOOLS += kyverno=v1.11.3 +# https://github.com/mikefarah/yq/releases +TOOLS += yq=v4.40.5 +# https://github.com/ko-build/ko/releases +TOOLS += ko=0.15.1 +# https://github.com/protocolbuffers/protobuf/releases +TOOLS += protoc=25.2 # https://github.com/aquasecurity/trivy/releases TOOLS += trivy=v0.45.0 # https://github.com/vmware-tanzu/carvel-ytt/releases TOOLS += ytt=v0.45.4 -# https://github.com/mikefarah/yq/releases -TOOLS += yq=v4.35.1 -# https://github.com/ko-build/ko/releases -TOOLS += ko=v0.14.1 +# https://github.com/rclone/rclone/releases +TOOLS += rclone=v1.64.0 ### go packages # https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions TOOLS += controller-gen=v0.14.0 -# https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions -TOOLS += cmrel=fa10147dadc8c36718b7b08aed6d8c6418eb2 -# https://pkg.go.dev/k8s.io/release/cmd/release-notes?tab=versions -TOOLS += release-notes=v0.15.1 # https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions -TOOLS += goimports=v0.13.0 -# https://pkg.go.dev/github.com/google/go-licenses?tab=versions -TOOLS += go-licenses=9a41918e8c1e254f6472bdd8454b6030d445b255 +TOOLS += goimports=v0.17.0 +# https://pkg.go.dev/github.com/google/go-licenses/licenses?tab=versions +TOOLS += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5 # https://pkg.go.dev/gotest.tools/gotestsum?tab=versions -TOOLS += gotestsum=v1.10.1 -# https://pkg.go.dev/github.com/google/go-containerregistry/cmd/crane?tab=versions -TOOLS += crane=v0.16.1 +TOOLS += gotestsum=v1.11.0 +# https://pkg.go.dev/sigs.k8s.io/kustomize/kustomize/v4?tab=versions +TOOLS += kustomize=v4.5.7 +# https://pkg.go.dev/github.com/itchyny/gojq?tab=versions +TOOLS += gojq=v0.12.14 +# https://pkg.go.dev/github.com/google/go-containerregistry/pkg/crane?tab=versions +TOOLS += crane=v0.18.0 +# https://pkg.go.dev/google.golang.org/protobuf/cmd/protoc-gen-go?tab=versions +TOOLS += protoc-gen-go=v1.32.0 +# https://pkg.go.dev/github.com/norwoodj/helm-docs/cmd/helm-docs?tab=versions +TOOLS += helm-docs=v1.12.0 +# https://pkg.go.dev/github.com/sigstore/cosign/v2/cmd/cosign?tab=versions +TOOLS += cosign=v2.2.2 # https://pkg.go.dev/github.com/cert-manager/boilersuite?tab=versions TOOLS += boilersuite=v0.1.0 +# https://pkg.go.dev/github.com/princjef/gomarkdoc/cmd/gomarkdoc?tab=versions +TOOLS += gomarkdoc=v1.1.0 +# https://pkg.go.dev/oras.land/oras/cmd/oras?tab=versions +TOOLS += oras=v1.1.0 # https://pkg.go.dev/github.com/onsi/ginkgo/v2/ginkgo?tab=versions -TOOLS += ginkgo=$(shell awk '/ginkgo\/v2/ {print $$2}' go.mod) -# https://github.com/golangci/golangci-lint/releases -TOOLS += golangci-lint=v1.55.2 +# The gingko version should be kept in sync with the version used in code. +# If there is no go.mod file (which is only the case for the makefile-modules +# repo), then we default to a version that we know exists. We have to do this +# because otherwise the awk failure renders the whole makefile unusable. +TOOLS += ginkgo=$(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2") +# https://pkg.go.dev/github.com/cert-manager/klone?tab=versions +TOOLS += klone=v0.0.4 +# https://pkg.go.dev/github.com/goreleaser/goreleaser?tab=versions +TOOLS += goreleaser=v1.23.0 +# https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions +TOOLS += syft=v0.100.0 # https://github.com/cert-manager/helm-tool -TOOLS += helm-tool=v0.3.0 +TOOLS += helm-tool=v0.4.2 # https://github.com/cert-manager/cmctl TOOLS += cmctl=2f75014a7c360c319f8c7c8afe8e9ce33fe26dca - -# Version of Gateway API install bundle https://gateway-api.sigs.k8s.io/v1alpha2/guides/#installing-gateway-api -GATEWAY_API_VERSION=v1.0.0 - -K8S_CODEGEN_VERSION=v0.28.0 - -KUBEBUILDER_ASSETS_VERSION=1.28.0 +# https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions +TOOLS += cmrel=fa10147dadc8c36718b7b08aed6d8c6418eb2 +# https://github.com/golangci/golangci-lint/releases +TOOLS += golangci-lint=v1.57.1 +# https://pkg.go.dev/golang.org/x/vuln?tab=versions +TOOLS += govulncheck=v1.0.4 + +# https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions +K8S_CODEGEN_VERSION=v0.29.1 +TOOLS += client-gen=$(K8S_CODEGEN_VERSION) +TOOLS += deepcopy-gen=$(K8S_CODEGEN_VERSION) +TOOLS += informer-gen=$(K8S_CODEGEN_VERSION) +TOOLS += lister-gen=$(K8S_CODEGEN_VERSION) +TOOLS += applyconfiguration-gen=$(K8S_CODEGEN_VERSION) +TOOLS += openapi-gen=$(K8S_CODEGEN_VERSION) +TOOLS += defaulter-gen=$(K8S_CODEGEN_VERSION) +TOOLS += conversion-gen=$(K8S_CODEGEN_VERSION) + +# https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml +KUBEBUILDER_ASSETS_VERSION=1.29.0 TOOLS += etcd=$(KUBEBUILDER_ASSETS_VERSION) TOOLS += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) -VENDORED_GO_VERSION := 1.22.1 +# Additional tools can be defined to reuse the tooling in this file +ADDITIONAL_TOOLS ?= +TOOLS += $(ADDITIONAL_TOOLS) + +# https://go.dev/dl/ +VENDORED_GO_VERSION := 1.21.8 + +# Print the go version which can be used in GH actions +.PHONY: print-go-version +print-go-version: + @echo result=$(VENDORED_GO_VERSION) # When switching branches which use different versions of the tools, we # need a way to re-trigger the symlinking from $(bin_dir)/downloaded to $(bin_dir)/tools. $(bin_dir)/scratch/%_VERSION: FORCE | $(bin_dir)/scratch @test "$($*_VERSION)" == "$(shell cat $@ 2>/dev/null)" || echo $($*_VERSION) > $@ -# The reason we don't use "go env GOOS" or "go env GOARCH" is that the "go" -# binary may not be available in the PATH yet when the Makefiles are -# evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 -# and Intel). -HOST_OS ?= $(shell uname -s | tr A-Z a-z) -HOST_ARCH ?= $(shell uname -m) - -ifeq (x86_64, $(HOST_ARCH)) - HOST_ARCH = amd64 -else ifeq (aarch64, $(HOST_ARCH)) - HOST_ARCH = arm64 -endif - # --silent = don't print output like progress meters # --show-error = but do print errors when they happen # --fail = exit with a nonzero error code without the response from the server when there's an HTTP error @@ -151,10 +198,11 @@ TOOL_NAMES += $1 $(call UC,$1)_VERSION ?= $2 NEEDS_$(call UC,$1) := $$(bin_dir)/tools/$1 -$(call UC,$1) := $$(PWD)/$$(bin_dir)/tools/$1 +$(call UC,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 $$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call UC,$1)_VERSION | $$(bin_dir)/downloaded/tools/$1@$$($(call UC,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@) + @touch $$@ # making sure the target of the symlink is newer than *_VERSION endef $(foreach TOOL,$(TOOLS),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(TOOL))),$(word 2,$(subst =, ,$(TOOL)))))) @@ -179,17 +227,11 @@ NEEDS_GO := $(if $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/ ifeq ($(NEEDS_GO),) GO := go else -export GOROOT := $(PWD)/$(bin_dir)/tools/goroot -export PATH := $(PWD)/$(bin_dir)/tools/goroot/bin:$(PATH) -GO := $(PWD)/$(bin_dir)/tools/go +export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot +export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) +GO := $(CURDIR)/$(bin_dir)/tools/go endif -GOBUILD := CGO_ENABLED=$(CGO_ENABLED) GOEXPERIMENT=$(GOEXPERIMENT) GOMAXPROCS=$(GOBUILDPROCS) $(GO) build -GOTEST := CGO_ENABLED=$(CGO_ENABLED) GOEXPERIMENT=$(GOEXPERIMENT) $(GO) test - -# overwrite $(GOTESTSUM) and add relevant environment variables -GOTESTSUM := CGO_ENABLED=$(CGO_ENABLED) GOEXPERIMENT=$(GOEXPERIMENT) $(GOTESTSUM) - .PHONY: vendor-go ## By default, this Makefile uses the system's Go. You can use a "vendored" ## version of Go that will get downloaded by running this command once. To @@ -198,6 +240,7 @@ GOTESTSUM := CGO_ENABLED=$(CGO_ENABLED) GOEXPERIMENT=$(GOEXPERIMENT) $(GOTESTSUM ## ## export PATH="$PWD/$(bin_dir)/tools:$PATH" ## export GOROOT="$PWD/$(bin_dir)/tools/goroot" +## @category [shared] Tools vendor-go: $(bin_dir)/tools/go .PHONY: unvendor-go @@ -207,7 +250,8 @@ unvendor-go: $(bin_dir)/tools/go .PHONY: which-go ## Print the version and path of go which will be used for building and ## testing in Makefile commands. Vendored go will have a path in ./bin -which-go: | $(NEEDS_GO) +## @category [shared] Tools +which-go: | $(NEEDS_GO) @$(GO) version @echo "go binary used for above version information: $(GO)" @@ -238,38 +282,73 @@ $(bin_dir)/downloaded/tools/go@$(VENDORED_GO_VERSION)_%.tar.gz: | $(bin_dir)/dow GO_DEPENDENCIES := GO_DEPENDENCIES += ginkgo=github.com/onsi/ginkgo/v2/ginkgo -GO_DEPENDENCIES += cmrel=github.com/cert-manager/release/cmd/cmrel -GO_DEPENDENCIES += release-notes=k8s.io/release/cmd/release-notes GO_DEPENDENCIES += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen GO_DEPENDENCIES += goimports=golang.org/x/tools/cmd/goimports GO_DEPENDENCIES += go-licenses=github.com/google/go-licenses GO_DEPENDENCIES += gotestsum=gotest.tools/gotestsum +GO_DEPENDENCIES += kustomize=sigs.k8s.io/kustomize/kustomize/v4 +GO_DEPENDENCIES += gojq=github.com/itchyny/gojq/cmd/gojq GO_DEPENDENCIES += crane=github.com/google/go-containerregistry/cmd/crane +GO_DEPENDENCIES += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go +GO_DEPENDENCIES += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs +GO_DEPENDENCIES += cosign=github.com/sigstore/cosign/v2/cmd/cosign GO_DEPENDENCIES += boilersuite=github.com/cert-manager/boilersuite -GO_DEPENDENCIES += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint +GO_DEPENDENCIES += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc +GO_DEPENDENCIES += oras=oras.land/oras/cmd/oras +GO_DEPENDENCIES += klone=github.com/cert-manager/klone +GO_DEPENDENCIES += goreleaser=github.com/goreleaser/goreleaser +GO_DEPENDENCIES += syft=github.com/anchore/syft/cmd/syft +GO_DEPENDENCIES += client-gen=k8s.io/code-generator/cmd/client-gen +GO_DEPENDENCIES += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen +GO_DEPENDENCIES += informer-gen=k8s.io/code-generator/cmd/informer-gen +GO_DEPENDENCIES += lister-gen=k8s.io/code-generator/cmd/lister-gen +GO_DEPENDENCIES += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen +GO_DEPENDENCIES += openapi-gen=k8s.io/code-generator/cmd/openapi-gen +GO_DEPENDENCIES += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen +GO_DEPENDENCIES += conversion-gen=k8s.io/code-generator/cmd/conversion-gen GO_DEPENDENCIES += helm-tool=github.com/cert-manager/helm-tool GO_DEPENDENCIES += cmctl=github.com/cert-manager/cmctl/v2 +GO_DEPENDENCIES += cmrel=github.com/cert-manager/release/cmd/cmrel +GO_DEPENDENCIES += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint +GO_DEPENDENCIES += govulncheck=golang.org/x/vuln/cmd/govulncheck + +################# +# go build tags # +################# + +GO_TAGS := + +# Additional Go dependencies can be defined to re-use the tooling in this file +ADDITIONAL_GO_DEPENDENCIES ?= +ADDITIONAL_GO_TAGS ?= +GO_DEPENDENCIES += $(ADDITIONAL_GO_DEPENDENCIES) +GO_TAGS += $(ADDITIONAL_GO_TAGS) + +go_tags_init = go_tags_$1 := +$(call for_each_kv,go_tags_init,$(GO_DEPENDENCIES)) + +go_tags_defs = go_tags_$1 += $2 +$(call for_each_kv,go_tags_defs,$(GO_TAGS)) define go_dependency $$(bin_dir)/downloaded/tools/$1@$($(call UC,$1)_VERSION)_%: | $$(NEEDS_GO) $$(bin_dir)/downloaded/tools - GOBIN=$$(PWD)/$$(dir $$@) $$(GO) install $2@$($(call UC,$1)_VERSION) - @mv $$(PWD)/$$(dir $$@)/$1 $$@ + GOWORK=off GOBIN=$$(CURDIR)/$$(dir $$@) $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call UC,$1)_VERSION) + @mv $$(CURDIR)/$$(dir $$@)/$1 $$@ endef - -$(foreach GO_DEPENDENCY,$(GO_DEPENDENCIES),$(eval $(call go_dependency,$(word 1,$(subst =, ,$(GO_DEPENDENCY))),$(word 2,$(subst =, ,$(GO_DEPENDENCY)))))) +$(call for_each_kv,go_dependency,$(GO_DEPENDENCIES)) ######## # Helm # ######## -HELM_linux_amd64_SHA256SUM=1b2313cd198d45eab00cc37c38f6b1ca0a948ba279c29e322bdf426d406129b5 -HELM_darwin_amd64_SHA256SUM=1bdbbeec5a12dd0c1cd4efd8948a156d33e1e2f51140e2a51e1e5e7b11b81d47 -HELM_darwin_arm64_SHA256SUM=240b0a7da9cae208000eff3d3fb95e0fa1f4903d95be62c3f276f7630b12dae1 -HELM_linux_arm64_SHA256SUM=79ef06935fb47e432c0c91bdefd140e5b543ec46376007ca14a52e5ed3023088 +HELM_linux_amd64_SHA256SUM=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651 +HELM_linux_arm64_SHA256SUM=b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952 +HELM_darwin_amd64_SHA256SUM=804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120 +HELM_darwin_arm64_SHA256SUM=c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d $(bin_dir)/downloaded/tools/helm@$(HELM_VERSION)_%: | $(bin_dir)/downloaded/tools $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz - ./hack/util/checkhash.sh $@.tar.gz $(HELM_$*_SHA256SUM) + $(checkhash_script) $@.tar.gz $(HELM_$*_SHA256SUM) @# O writes the specified file to stdout tar xfO $@.tar.gz $(subst _,-,$*)/helm > $@ chmod +x $@ @@ -279,201 +358,206 @@ $(bin_dir)/downloaded/tools/helm@$(HELM_VERSION)_%: | $(bin_dir)/downloaded/tool # kubectl # ########### -# Example commands to discover new kubectl versions and their SHAs: -# gsutil ls gs://kubernetes-release/release/ -# gsutil cat gs://kubernetes-release/release//bin///kubectl.sha256 -KUBECTL_linux_amd64_SHA256SUM=e7a7d6f9d06fab38b4128785aa80f65c54f6675a0d2abef655259ddd852274e1 -KUBECTL_darwin_amd64_SHA256SUM=d6b8f2bac5f828478eade0acf15fb7dde02d7613fc9e644dc019a7520d822a1a -KUBECTL_darwin_arm64_SHA256SUM=8fe9f753383574863959335d8b830908e67a40c3f51960af63892d969bfc1b10 -KUBECTL_linux_arm64_SHA256SUM=46954a604b784a8b0dc16754cfc3fa26aabca9fd4ffd109cd028bfba99d492f6 +KUBECTL_linux_amd64_SHA256SUM=69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f +KUBECTL_linux_arm64_SHA256SUM=96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b +KUBECTL_darwin_amd64_SHA256SUM=c4da86e5c0fc9415db14a48d9ef1515b0b472346cbc9b7f015175b6109505d2c +KUBECTL_darwin_arm64_SHA256SUM=c31b99d7bf0faa486a6554c5f96e36af4821a488e90176a12ba18298bc4c8fb0 $(bin_dir)/downloaded/tools/kubectl@$(KUBECTL_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://storage.googleapis.com/kubernetes-release/release/$(KUBECTL_VERSION)/bin/$(subst _,/,$*)/kubectl -o $@ - ./hack/util/checkhash.sh $@ $(KUBECTL_$*_SHA256SUM) + $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(subst _,/,$*)/kubectl -o $@ + $(checkhash_script) $@ $(KUBECTL_$*_SHA256SUM) chmod +x $@ ######## # kind # ######## -KIND_linux_amd64_SHA256SUM=7bf22d258142eaa0e53899ded3ad06bae1b3e8ae5425a5e4dc5c8f9f263094a7 -KIND_darwin_amd64_SHA256SUM=09bc4cc9db750f874d12d333032e6e087f3ad06bff48131230865c5caee627af -KIND_darwin_arm64_SHA256SUM=d9c7c5d0cf6b9953be73207a0ad798ec6f015305b1aa6ee9f61468b222acbf99 -KIND_linux_arm64_SHA256SUM=d56d98fe8a22b5a9a12e35d5ff7be254ae419b0cfe93b6241d0d14ece8f5adc8 +KIND_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded +KIND_linux_arm64_SHA256SUM=639f7808443559aa30c3642d9913b1615d611a071e34f122340afeda97b8f422 +KIND_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad +KIND_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf $(bin_dir)/downloaded/tools/kind@$(KIND_VERSION)_%: | $(bin_dir)/downloaded/tools $(bin_dir)/tools - $(CURL) https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(subst _,-,$*) -o $@ - ./hack/util/checkhash.sh $@ $(KIND_$*_SHA256SUM) + $(CURL) -sSfL https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(subst _,-,$*) -o $@ + $(checkhash_script) $@ $(KIND_$*_SHA256SUM) chmod +x $@ -########## -# cosign # -########## +######### +# vault # +######### -COSIGN_linux_amd64_SHA256SUM=5e4791fb7a5efaaa98da651534789ec985ce8ac9c31910a810fc249f86ba2ef9 -COSIGN_darwin_amd64_SHA256SUM=a2eea673456929a3f3809b492691183d9af0ea4216ac07410290bff76494cba4 -COSIGN_darwin_arm64_SHA256SUM=b4d323090efb98eded011ef17fe8228194eed8912f8e205361aaec8e6e6d044a -COSIGN_linux_arm64_SHA256SUM=b4d323090efb98eded011ef17fe8228194eed8912f8e205361aaec8e6e6d044a +VAULT_linux_amd64_SHA256SUM=f42f550713e87cceef2f29a4e2b754491697475e3d26c0c5616314e40edd8e1b +VAULT_linux_arm64_SHA256SUM=79aee168078eb8c0dbb31c283e1136a7575f59fe36fccbb1f1ef6a16e0b67fdb +VAULT_darwin_amd64_SHA256SUM=a9d7c6e76d7d5c9be546e9a74860b98db6486fc0df095d8b00bc7f63fb1f6c1c +VAULT_darwin_arm64_SHA256SUM=4bf594a231bef07fbcfbf7329c8004acb8d219ce6a7aff186e0bac7027a0ab25 -# TODO: cosign also provides signatures on all of its binaries, but they can't be validated without already having cosign -# available! We could do something like "if system cosign is available, verify using that", but for now we'll skip -$(bin_dir)/downloaded/tools/cosign@$(COSIGN_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/sigstore/cosign/releases/download/$(COSIGN_VERSION)/cosign-$(subst _,-,$*) -o $@ - ./hack/util/checkhash.sh $@ $(COSIGN_$*_SHA256SUM) +$(bin_dir)/downloaded/tools/vault@$(VAULT_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$*.zip -o $@.zip + $(checkhash_script) $@.zip $(VAULT_$*_SHA256SUM) + unzip -qq -c $@.zip > $@ chmod +x $@ + rm -f $@.zip -########## -# rclone # -########## +######## +# azwi # +######## -RCLONE_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7 -RCLONE_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640 -RCLONE_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a -RCLONE_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749 +AZWI_linux_amd64_SHA256SUM=d2ef0f27609b7157595fe62b13c03381a481f833c1e1b6290df560454890d337 +AZWI_linux_arm64_SHA256SUM=72e34bc96611080095e90ecce58a72e50debf846106b13976f2972bf06ae12df +AZWI_darwin_amd64_SHA256SUM=2be5f18c0acfb213a22db5a149dd89c7d494690988cb8e8a785dd6915f7094d0 +AZWI_darwin_arm64_SHA256SUM=d0b01768102dd472c72c98bb51ae990af8779e811c9f7ab1db48ccefc9988f4c -$(bin_dir)/downloaded/tools/rclone@$(RCLONE_VERSION)_%: | $(bin_dir)/downloaded/tools - $(eval OS_AND_ARCH := $(subst darwin,osx,$*)) - $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(subst _,-,$(OS_AND_ARCH)).zip -o $@.zip - ./hack/util/checkhash.sh $@.zip $(RCLONE_$*_SHA256SUM) - @# -p writes to stdout, the second file arg specifies the sole file we - @# want to extract - unzip -p $@.zip rclone-$(RCLONE_VERSION)-$(subst _,-,$(OS_AND_ARCH))/rclone > $@ - chmod +x $@ - rm -f $@.zip +$(bin_dir)/downloaded/tools/azwi@$(AZWI_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz + $(checkhash_script) $@.tar.gz $(AZWI_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $@.tar.gz azwi > $@ && chmod 775 $@ + rm -f $@.tar.gz -######### -# trivy # -######### +############################ +# kubebuilder-tools assets # +# kube-apiserver / etcd # +############################ -TRIVY_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d -TRIVY_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3 -TRIVY_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45 -TRIVY_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b +KUBEBUILDER_TOOLS_linux_amd64_SHA256SUM=e9899574fb92fd4a4ca27539d15a30f313f8a482b61b46cb874a07f2ba4f9bcb +KUBEBUILDER_TOOLS_linux_arm64_SHA256SUM=ef22e16c439b45f3e116498f7405be311bab92c3345766ab2142e86458cda92e +KUBEBUILDER_TOOLS_darwin_amd64_SHA256SUM=e5796637cc8e40029f0def639bbe7d99193c1872555c919d2b76c32e0e34378f +KUBEBUILDER_TOOLS_darwin_arm64_SHA256SUM=9734b90206f17a46f4dd0a7e3bb107d44aec9e79b7b135c6eb7c8a250ffd5e03 -$(bin_dir)/downloaded/tools/trivy@$(TRIVY_VERSION)_%: | $(bin_dir)/downloaded/tools - $(eval OS_AND_ARCH := $(subst darwin,macOS,$*)) - $(eval OS_AND_ARCH := $(subst linux,Linux,$(OS_AND_ARCH))) - $(eval OS_AND_ARCH := $(subst arm64,ARM64,$(OS_AND_ARCH))) - $(eval OS_AND_ARCH := $(subst amd64,64bit,$(OS_AND_ARCH))) +$(bin_dir)/downloaded/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools + $(checkhash_script) $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $< kubebuilder/bin/etcd > $@ && chmod 775 $@ - $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(subst _,-,$(OS_AND_ARCH)).tar.gz -o $@.tar.gz - ./hack/util/checkhash.sh $@.tar.gz $(TRIVY_$*_SHA256SUM) - tar xfO $@.tar.gz trivy > $@ - chmod +x $@ - rm $@.tar.gz +$(bin_dir)/downloaded/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools + $(checkhash_script) $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $< kubebuilder/bin/kube-apiserver > $@ && chmod 775 $@ -####### -# ytt # -####### +$(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(bin_dir)/downloaded/tools + $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $@ -YTT_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8 -YTT_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76 -YTT_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9 -YTT_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b +########### +# kyverno # +########### -$(bin_dir)/downloaded/tools/ytt@$(YTT_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(subst _,-,$*) -o $@ - ./hack/util/checkhash.sh $@ $(YTT_$*_SHA256SUM) +KYVERNO_linux_amd64_SHA256SUM=08cf3640b847e3bbd41c5014ece4e0aa6c39915f5c199eeac8d80267955676e6 +KYVERNO_linux_arm64_SHA256SUM=31805a52e98733b390c60636f209e0bda3174bd09e764ba41fa971126b98d2fc +KYVERNO_darwin_amd64_SHA256SUM=21fa0733d1a73d510fa0e30ac10310153b7124381aa21224b54fe34a38239542 +KYVERNO_darwin_arm64_SHA256SUM=022bc2640f05482cab290ca8cd28a67f55b24c14b93076bd144c37a1732e6d7e + +$(bin_dir)/downloaded/tools/kyverno@$(KYVERNO_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(subst amd64,x86_64,$*).tar.gz -fsSL -o $@.tar.gz + $(checkhash_script) $@.tar.gz $(KYVERNO_$*_SHA256SUM) + @# O writes the specified file to stdout + tar xfO $@.tar.gz kyverno > $@ chmod +x $@ + rm -f $@.tar.gz ###### # yq # ###### -YQ_linux_amd64_SHA256SUM=bd695a6513f1196aeda17b174a15e9c351843fb1cef5f9be0af170f2dd744f08 -YQ_darwin_amd64_SHA256SUM=b2ff70e295d02695b284755b2a41bd889cfb37454e1fa71abc3a6ec13b2676cf -YQ_darwin_arm64_SHA256SUM=e9fc15db977875de982e0174ba5dc2cf5ae4a644e18432a4262c96d4439b1686 -YQ_linux_arm64_SHA256SUM=1d830254fe5cc2fb046479e6c781032976f5cf88f9d01a6385898c29182f9bed +YQ_linux_amd64_SHA256SUM=0d6aaf1cf44a8d18fbc7ed0ef14f735a8df8d2e314c4cc0f0242d35c0a440c95 +YQ_linux_arm64_SHA256SUM=9431f0fa39a0af03a152d7fe19a86e42e9ff28d503ed4a70598f9261ec944a97 +YQ_darwin_amd64_SHA256SUM=7f88b959c3fd2755e77dbf5bd92780dc3626c1c00ac45d5b5134f04189a142dc +YQ_darwin_arm64_SHA256SUM=1ef0022ed6d0769d19e2d391dd731162034b0e0ba2c9b53dda039d16cec1c26a $(bin_dir)/downloaded/tools/yq@$(YQ_VERSION)_%: | $(bin_dir)/downloaded/tools $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$* -o $@ - ./hack/util/checkhash.sh $@ $(YQ_$*_SHA256SUM) + $(checkhash_script) $@ $(YQ_$*_SHA256SUM) chmod +x $@ ###### # ko # ###### -KO_linux_amd64_SHA256SUM=3f8f8e3fb4b78a4dfc0708df2b58f202c595a66c34195786f9a279ea991f4eae -KO_darwin_amd64_SHA256SUM=b879ea58255c9f2be2d4d6c4f6bd18209c78e9e0b890dbce621954ee0d63c4e5 -KO_darwin_arm64_SHA256SUM=8d41c228da3e04e3de293f0f5bfe1775a4c74582ba21c86ad32244967095189f -KO_linux_arm64_SHA256SUM=9a355b8a9fe88e9d65d3aa1116d943746e3cea86944f4566e47886fd260dd3e9 +KO_linux_amd64_SHA256SUM=5b06079590371954cceadf0ddcfa8471afb039c29a2e971043915957366a2f39 +KO_linux_arm64_SHA256SUM=fcbb736f7440d686ca1cf8b4c3f6b9b80948eb17d6cef7c14242eddd275cab42 +KO_darwin_amd64_SHA256SUM=4f388a4b08bde612a20d799045a57a9b8847483baf1a1590d3c32735e7c30c16 +KO_darwin_arm64_SHA256SUM=45f2c1a50fdadb7ef38abbb479897d735c95238ec25c4f505177d77d60ed91d6 $(bin_dir)/downloaded/tools/ko@$(KO_VERSION)_%: | $(bin_dir)/downloaded/tools - $(eval OS_AND_ARCH := $(subst darwin,Darwin,$*)) - $(eval OS_AND_ARCH := $(subst linux,Linux,$(OS_AND_ARCH))) - $(eval OS_AND_ARCH := $(subst amd64,x86_64,$(OS_AND_ARCH))) - - $(CURL) https://github.com/ko-build/ko/releases/download/$(KO_VERSION)/ko_$(patsubst v%,%,$(KO_VERSION))_$(OS_AND_ARCH).tar.gz -o $@.tar.gz - ./hack/util/checkhash.sh $@.tar.gz $(KO_$*_SHA256SUM) + $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(subst linux,Linux,$(subst darwin,Darwin,$(subst amd64,x86_64,$*))).tar.gz -o $@.tar.gz + $(checkhash_script) $@.tar.gz $(KO_$*_SHA256SUM) tar xfO $@.tar.gz ko > $@ chmod +x $@ - rm $@.tar.gz + rm -f $@.tar.gz -##################### -# k8s codegen tools # -##################### +########## +# protoc # +########## -K8S_CODEGEN_TOOLS := client-gen conversion-gen deepcopy-gen defaulter-gen informer-gen lister-gen openapi-gen -K8S_CODEGEN_TOOLS_PATHS := $(K8S_CODEGEN_TOOLS:%=$(bin_dir)/tools/%) -K8S_CODEGEN_TOOLS_DOWNLOADS := $(K8S_CODEGEN_TOOLS:%=$(bin_dir)/downloaded/tools/%@$(K8S_CODEGEN_VERSION)) +PROTOC_linux_amd64_SHA256SUM=78ab9c3288919bdaa6cfcec6127a04813cf8a0ce406afa625e48e816abee2878 +PROTOC_linux_arm64_SHA256SUM=07683afc764e4efa3fa969d5f049fbc2bdfc6b4e7786a0b233413ac0d8753f6b +PROTOC_darwin_amd64_SHA256SUM=5fe89993769616beff1ed77408d1335216379ce7010eee80284a01f9c87c8888 +PROTOC_darwin_arm64_SHA256SUM=8822b090c396800c96ac652040917eb3fbc5e542538861aad7c63b8457934b20 -.PHONY: k8s-codegen-tools -k8s-codegen-tools: $(K8S_CODEGEN_TOOLS_PATHS) +$(bin_dir)/downloaded/tools/protoc@$(PROTOC_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(subst darwin,osx,$(subst arm64,aarch_64,$(subst amd64,x86_64,$(subst _,-,$*)))).zip -o $@.zip + $(checkhash_script) $@.zip $(PROTOC_$*_SHA256SUM) + unzip -qq -c $@.zip bin/protoc > $@ + chmod +x $@ + rm -f $@.zip -$(K8S_CODEGEN_TOOLS_PATHS): $(bin_dir)/tools/%-gen: $(bin_dir)/scratch/K8S_CODEGEN_VERSION | $(bin_dir)/downloaded/tools/%-gen@$(K8S_CODEGEN_VERSION) $(bin_dir)/tools - cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$(word 1,$|)) $(notdir $@) +######### +# trivy # +######### -$(K8S_CODEGEN_TOOLS_DOWNLOADS): $(bin_dir)/downloaded/tools/%-gen@$(K8S_CODEGEN_VERSION): $(NEEDS_GO) | $(bin_dir)/downloaded/tools - GOBIN=$(PWD)/$(dir $@) $(GO) install k8s.io/code-generator/cmd/$(notdir $@) - @mv $(subst @$(K8S_CODEGEN_VERSION),,$@) $@ +TRIVY_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d +TRIVY_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b +TRIVY_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3 +TRIVY_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45 -############################ -# kubebuilder-tools assets # -# kube-apiserver / etcd # -# The SHAs for the same version of kubebuilder tools can change as new versions are published for changes merged to https://github.com/kubernetes-sigs/kubebuilder/tree/tools-releases # -# You can use ./hack/latest-kubebuilder-shas.sh to get latest SHAs for a particular version of kubebuilder tools # -############################ +$(bin_dir)/downloaded/tools/trivy@$(TRIVY_VERSION)_%: | $(bin_dir)/downloaded/tools + $(eval OS_AND_ARCH := $(subst darwin,macOS,$*)) + $(eval OS_AND_ARCH := $(subst linux,Linux,$(OS_AND_ARCH))) + $(eval OS_AND_ARCH := $(subst arm64,ARM64,$(OS_AND_ARCH))) + $(eval OS_AND_ARCH := $(subst amd64,64bit,$(OS_AND_ARCH))) -# Kubebuilder tools can get re-pushed for the same version of Kubernetes, so it -# is possible that these SHAs change, whilst the version does not. To verify the -# change that has been made to the tools look at -# https://github.com/kubernetes-sigs/kubebuilder/tree/tools-releases -KUBEBUILDER_TOOLS_linux_amd64_SHA256SUM=8c816871604cbe119ca9dd8072b576552ae369b96eebc3cdaaf50edd7e3c0c7b -KUBEBUILDER_TOOLS_darwin_amd64_SHA256SUM=a02e33a3981712c8d2702520f95357bd6c7d03d24b83a4f8ac1c89a9ba4d78c1 -KUBEBUILDER_TOOLS_darwin_arm64_SHA256SUM=c87c6b3c0aec4233e68a12dc9690bcbe2f8d6cd72c23e670602b17b2d7118325 -KUBEBUILDER_TOOLS_linux_arm64_SHA256SUM=69bfcdfa468a066d005b0207a07347078f4546f89060f7d9a6131d305d229aad + $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(subst _,-,$(OS_AND_ARCH)).tar.gz -o $@.tar.gz + $(checkhash_script) $@.tar.gz $(TRIVY_$*_SHA256SUM) + tar xfO $@.tar.gz trivy > $@ + chmod +x $@ + rm $@.tar.gz -$(bin_dir)/downloaded/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools - ./hack/util/checkhash.sh $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $< kubebuilder/bin/etcd > $@ && chmod 775 $@ +####### +# ytt # +####### -$(bin_dir)/downloaded/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools - ./hack/util/checkhash.sh $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $< kubebuilder/bin/kube-apiserver > $@ && chmod 775 $@ +YTT_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8 +YTT_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b +YTT_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76 +YTT_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9 -$(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(bin_dir)/downloaded/tools - $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $@ +$(bin_dir)/downloaded/tools/ytt@$(YTT_VERSION)_%: | $(bin_dir)/downloaded/tools + $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(subst _,-,$*) -o $@ + $(checkhash_script) $@ $(YTT_$*_SHA256SUM) + chmod +x $@ -############## -# gatewayapi # -############## +########## +# rclone # +########## -GATEWAY_API_SHA256SUM=6c601dced7872a940d76fa667ae126ba718cb4c6db970d0bab49128ecc1192a3 +RCLONE_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7 +RCLONE_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749 +RCLONE_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640 +RCLONE_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a -$(bin_dir)/downloaded/gateway-api-$(GATEWAY_API_VERSION).yaml: | $(bin_dir)/downloaded - $(CURL) https://github.com/kubernetes-sigs/gateway-api/releases/download/$(GATEWAY_API_VERSION)/experimental-install.yaml -o $@ - ./hack/util/checkhash.sh $(bin_dir)/downloaded/gateway-api-$(GATEWAY_API_VERSION).yaml $(GATEWAY_API_SHA256SUM) +$(bin_dir)/downloaded/tools/rclone@$(RCLONE_VERSION)_%: | $(bin_dir)/downloaded/tools + $(eval OS_AND_ARCH := $(subst darwin,osx,$*)) + $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(subst _,-,$(OS_AND_ARCH)).zip -o $@.zip + $(checkhash_script) $@.zip $(RCLONE_$*_SHA256SUM) + @# -p writes to stdout, the second file arg specifies the sole file we + @# want to extract + unzip -p $@.zip rclone-$(RCLONE_VERSION)-$(subst _,-,$(OS_AND_ARCH))/rclone > $@ + chmod +x $@ + rm -f $@.zip ################# # Other Targets # ################# -$(bin_dir) $(bin_dir)/tools $(bin_dir)/downloaded $(bin_dir)/downloaded/tools: - @mkdir -p $@ - # Although we "vendor" most tools in $(bin_dir)/tools, we still require some binaries # to be available on the system. The vendor-go MAKECMDGOALS trick prevents the # check for the presence of Go when 'make vendor-go' is run. @@ -484,8 +568,7 @@ $(bin_dir) $(bin_dir)/tools $(bin_dir)/downloaded $(bin_dir)/downloaded/tools: # That means we need to pass vendor-go at the top level if go is not installed (i.e. "make vendor-go abc") MISSING=$(shell (command -v curl >/dev/null || echo curl) \ - && (command -v jq >/dev/null || echo jq) \ - && (command -v sha256sum >/dev/null || echo sha256sum) \ + && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ @@ -495,51 +578,19 @@ $(error Missing required tools: $(MISSING)) endif .PHONY: tools -tools: $(TOOLS_PATHS) $(K8S_CODEGEN_TOOLS_PATHS) ## install all tools - -.PHONY: update-kind-images -update-kind-images: - ./hack/latest-kind-images.sh $(KIND_VERSION) - -.PHONY: update-base-images -update-base-images: $(bin_dir)/tools/crane - CRANE=./$(bin_dir)/tools/crane ./hack/latest-base-images.sh - -.PHONY: tidy -## Run "go mod tidy" on each module in this repo -## -## @category Development -tidy: - go mod tidy - cd cmd/acmesolver && go mod tidy - cd cmd/cainjector && go mod tidy - cd cmd/controller && go mod tidy - cd cmd/startupapicheck && go mod tidy - cd cmd/webhook && go mod tidy - cd test/integration && go mod tidy - cd test/e2e && go mod tidy - -.PHONY: go-workspace -go-workspace: export GOWORK?=$(abspath go.work) -## Create a go.work file in the repository root (or GOWORK) -## -## @category Development -go-workspace: - @rm -f $(GOWORK) - go work init - go work use . ./cmd/acmesolver ./cmd/cainjector ./cmd/controller ./cmd/startupapicheck ./cmd/webhook ./test/integration ./test/e2e - -.PHONY: learn-sha-tools -## Re-download all tools and update the tools.mk file with the -## sha256sums of the downloaded tools. This is useful when you -## update the version of a tool in the Makefile, and want to -## automatically update the sha256sums in the tools.mk file. -## -## @category Development -learn-sha-tools: - rm -rf ./$(bin_dir) - mkdir ./$(bin_dir) - $(eval export LEARN_FILE=$(PWD)/$(bin_dir)/learn_file) +## Download and setup all tools +## @category [shared] Tools +tools: $(TOOLS_PATHS) + +self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk + +# This target is used to learn the sha256sum of the tools. It is used only +# in the makefile-modules repo, and should not be used in any other repo. +.PHONY: tools-learn-sha +tools-learn-sha: | $(bin_dir) + rm -rf ./$(bin_dir)/ + mkdir -p ./$(bin_dir)/scratch/ + $(eval export LEARN_FILE=$(CURDIR)/$(bin_dir)/scratch/learn_tools_file) echo -n "" > "$(LEARN_FILE)" HOST_OS=linux HOST_ARCH=amd64 $(MAKE) tools @@ -548,5 +599,5 @@ learn-sha-tools: HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools while read p; do \ - sed -i "$$p" ./make/tools.mk; \ + sed -i "$$p" $(self_file); \ done <"$(LEARN_FILE)" diff --git a/hack/util/checkhash.sh b/make/_shared/tools/util/checkhash.sh similarity index 89% rename from hack/util/checkhash.sh rename to make/_shared/tools/util/checkhash.sh index 3c1d57a409d..f626f6f9cfe 100755 --- a/hack/util/checkhash.sh +++ b/make/_shared/tools/util/checkhash.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright 2021 The cert-manager Authors. +# Copyright 2023 The cert-manager Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -16,6 +16,8 @@ set -eu -o pipefail +SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" + # This script takes the hash of its first argument and verifies it against the # hex hash given in its second argument @@ -36,7 +38,7 @@ if [[ -z $EXPECTED_HASH ]]; then usage_and_exit fi -SHASUM=$(./hack/util/hash.sh "$1") +SHASUM=$("${SCRIPT_DIR}/hash.sh" "$HASH_TARGET") if [[ "$SHASUM" == "$EXPECTED_HASH" ]]; then exit 0 diff --git a/hack/util/hash.sh b/make/_shared/tools/util/hash.sh similarity index 82% rename from hack/util/hash.sh rename to make/_shared/tools/util/hash.sh index 63add100942..3e58bfcb8f5 100755 --- a/hack/util/hash.sh +++ b/make/_shared/tools/util/hash.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -# Copyright 2021 The cert-manager Authors. +# Copyright 2023 The cert-manager Authors. # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -19,4 +19,7 @@ set -eu -o pipefail # This script is a wrapper for outputting purely the sha256 hash of the input file, # ideally in a portable way. -sha256sum $1 | cut -d" " -f1 +case "$(uname -s)" in + Darwin*) shasum -a 256 "$1";; + *) sha256sum "$1" +esac | cut -d" " -f1 \ No newline at end of file diff --git a/make/ci.mk b/make/ci.mk index 9f2258ebbbc..9aecaa414d9 100644 --- a/make/ci.mk +++ b/make/ci.mk @@ -12,117 +12,101 @@ # See the License for the specific language governing permissions and # limitations under the License. -.PHONY: ci-presubmit -## Run all checks (but not Go tests) which should pass before any given pull -## request or change is merged. -## -## @category CI -ci-presubmit: verify-imports verify-errexit verify-boilerplate verify-codegen verify-crds verify-modules verify-helm-docs - .PHONY: verify-golangci-lint verify-golangci-lint: | $(NEEDS_GOLANGCI-LINT) find . -name go.mod -not \( -path "./$(bin_dir)/*" -prune \) -execdir $(GOLANGCI-LINT) run --timeout=30m --config=$(CURDIR)/.golangci.ci.yaml \; +shared_verify_targets += verify-golangci-lint + .PHONY: verify-modules verify-modules: | $(NEEDS_CMREL) $(CMREL) validate-gomod --path $(shell pwd) --no-dummy-modules github.com/cert-manager/cert-manager/integration-tests +shared_verify_targets += verify-modules + .PHONY: verify-imports verify-imports: | $(NEEDS_GOIMPORTS) - ./hack/verify-goimports.sh $(GOIMPORTS) + ./hack/verify-goimports.sh $(GOIMPORTS) $(SOURCE_DIRS) + +shared_verify_targets += verify-imports .PHONY: verify-chart -verify-chart: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz +verify-chart: $(bin_dir)/cert-manager-$(VERSION).tgz DOCKER=$(CTR) ./hack/verify-chart-version.sh $< .PHONY: verify-errexit verify-errexit: ./hack/verify-errexit.sh -.PHONY: verify-boilerplate -verify-boilerplate: | $(NEEDS_BOILERSUITE) - $(BOILERSUITE) . +shared_verify_targets += verify-errexit -.PHONY: verify-licenses -## Check that the LICENSES file is up to date; must pass before a change to go.mod can be merged -## -## @category CI -verify-licenses: $(bin_dir)/scratch/LATEST-LICENSES $(bin_dir)/scratch/LATEST-LICENSES-acmesolver $(bin_dir)/scratch/LATEST-LICENSES-cainjector $(bin_dir)/scratch/LATEST-LICENSES-controller $(bin_dir)/scratch/LATEST-LICENSES-startupapicheck $(bin_dir)/scratch/LATEST-LICENSES-webhook $(bin_dir)/scratch/LATEST-LICENSES-integration-tests $(bin_dir)/scratch/LATEST-LICENSES-e2e-tests - @diff $(bin_dir)/scratch/LATEST-LICENSES LICENSES >/dev/null || (echo -e "\033[0;33mLICENSES seems to be out of date; update with 'make update-licenses'\033[0m" && exit 1) - @diff $(bin_dir)/scratch/LATEST-LICENSES-acmesolver cmd/acmesolver/LICENSES >/dev/null || (echo -e "\033[0;33mcmd/acmesolver/LICENSES seems to be out of date; update with 'make update-licenses'\033[0m" && exit 1) - @diff $(bin_dir)/scratch/LATEST-LICENSES-cainjector cmd/cainjector/LICENSES >/dev/null || (echo -e "\033[0;33mcmd/cainjector/LICENSES seems to be out of date; update with 'make update-licenses'\033[0m" && exit 1) - @diff $(bin_dir)/scratch/LATEST-LICENSES-startupapicheck cmd/startupapicheck/LICENSES >/dev/null || (echo -e "\033[0;33mcmd/startupapicheck/LICENSES seems to be out of date; update with 'make update-licenses'\033[0m" && exit 1) - @diff $(bin_dir)/scratch/LATEST-LICENSES-controller cmd/controller/LICENSES >/dev/null || (echo -e "\033[0;33mcmd/controller/LICENSES seems to be out of date; update with 'make update-licenses'\033[0m" && exit 1) - @diff $(bin_dir)/scratch/LATEST-LICENSES-webhook cmd/webhook/LICENSES >/dev/null || (echo -e "\033[0;33mcmd/webhook/LICENSES seems to be out of date; update with 'make update-licenses'\033[0m" && exit 1) - @diff $(bin_dir)/scratch/LATEST-LICENSES-integration-tests test/integration/LICENSES >/dev/null || (echo -e "\033[0;33mtest/integration/LICENSES seems to be out of date; update with 'make update-licenses'\033[0m" && exit 1) - @diff $(bin_dir)/scratch/LATEST-LICENSES-e2e-tests test/e2e/LICENSES >/dev/null || (echo -e "\033[0;33mtest/e2e/LICENSES seems to be out of date; update with 'make update-licenses'\033[0m" && exit 1) - -.PHONY: verify-crds -verify-crds: | $(NEEDS_GO) $(NEEDS_CONTROLLER-GEN) $(NEEDS_YQ) - ./hack/check-crds.sh $(GO) $(CONTROLLER-GEN) $(YQ) - -.PHONY: update-licenses -update-licenses: +.PHONY: generate-licenses +generate-licenses: rm -rf LICENSES cmd/acmesolver/LICENSES cmd/cainjector/LICENSES cmd/controller/LICENSES cmd/webhook/LICENSES cmd/startupapicheck/LICENSES test/integration/LICENSES test/e2e/LICENSES $(MAKE) LICENSES cmd/acmesolver/LICENSES cmd/cainjector/LICENSES cmd/controller/LICENSES cmd/webhook/LICENSES cmd/startupapicheck/LICENSES test/integration/LICENSES test/e2e/LICENSES -.PHONY: update-crds -update-crds: patch-crds +shared_generate_targets += generate-licenses -PATCH_CRD_OUTPUT_DIR=./deploy/crds -.PHONY: patch-crds -patch-crds: | $(NEEDS_CONTROLLER-GEN) +.PHONY: generate-crds +generate-crds: | $(NEEDS_CONTROLLER-GEN) $(CONTROLLER-GEN) \ schemapatch:manifests=./deploy/crds \ - output:dir=$(PATCH_CRD_OUTPUT_DIR) \ + output:dir=./deploy/crds \ paths=./pkg/apis/... +shared_generate_targets += generate-crds + .PHONY: verify-codegen -verify-codegen: | k8s-codegen-tools $(NEEDS_GO) +verify-codegen: | $(NEEDS_GO) $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_INFORMER-GEN) $(NEEDS_LISTER-GEN) $(NEEDS_DEFAULTER-GEN) $(NEEDS_CONVERSION-GEN) $(NEEDS_OPENAPI-GEN) VERIFY_ONLY="true" ./hack/k8s-codegen.sh \ $(GO) \ - ./$(bin_dir)/tools/client-gen \ - ./$(bin_dir)/tools/deepcopy-gen \ - ./$(bin_dir)/tools/informer-gen \ - ./$(bin_dir)/tools/lister-gen \ - ./$(bin_dir)/tools/defaulter-gen \ - ./$(bin_dir)/tools/conversion-gen \ - ./$(bin_dir)/tools/openapi-gen - -.PHONY: update-codegen -update-codegen: | k8s-codegen-tools $(NEEDS_GO) + $(CLIENT-GEN) \ + $(DEEPCOPY-GEN) \ + $(INFORMER-GEN) \ + $(LISTER-GEN) \ + $(DEFAULTER-GEN) \ + $(CONVERSION-GEN) \ + $(OPENAPI-GEN) + +shared_verify_targets += verify-codegen + +.PHONY: generate-codegen +generate-codegen: | $(NEEDS_GO) $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_INFORMER-GEN) $(NEEDS_LISTER-GEN) $(NEEDS_DEFAULTER-GEN) $(NEEDS_CONVERSION-GEN) $(NEEDS_OPENAPI-GEN) ./hack/k8s-codegen.sh \ $(GO) \ - ./$(bin_dir)/tools/client-gen \ - ./$(bin_dir)/tools/deepcopy-gen \ - ./$(bin_dir)/tools/informer-gen \ - ./$(bin_dir)/tools/lister-gen \ - ./$(bin_dir)/tools/defaulter-gen \ - ./$(bin_dir)/tools/conversion-gen \ - ./$(bin_dir)/tools/openapi-gen - -# inject_helm_docs performs `helm-tool inject` using $1 as the output file and $2 as the values input -define inject_helm_docs -$(HELM-TOOL) inject --header-search '^' --footer-search '^' -i $2 -o $1 -endef - -.PHONY: update-helm-docs -update-helm-docs: deploy/charts/cert-manager/README.template.md deploy/charts/cert-manager/values.yaml | $(NEEDS_HELM-TOOL) - $(call inject_helm_docs,deploy/charts/cert-manager/README.template.md,deploy/charts/cert-manager/values.yaml) - -.PHONY: verify-helm-docs -verify-helm-docs: | $(NEEDS_HELM-TOOL) - @if ! git diff --exit-code -- deploy/charts/cert-manager/README.template.md > /dev/null ; then \ - echo "\033[0;33mdeploy/charts/cert-manager/README.template.md has been modified and could be out of date; update with 'make update-helm-docs'\033[0m" ; \ - exit 1 ; \ - fi - @cp deploy/charts/cert-manager/README.template.md $(bin_dir)/scratch/LATEST_HELM_README-$(HELM-TOOL_VERSION) && $(call inject_helm_docs,$(bin_dir)/scratch/LATEST_HELM_README-$(HELM-TOOL_VERSION),deploy/charts/cert-manager/values.yaml) - @diff $(bin_dir)/scratch/LATEST_HELM_README-$(HELM-TOOL_VERSION) deploy/charts/cert-manager/README.template.md || (echo -e "\033[0;33mdeploy/charts/cert-manager/README.template.md seems to be out of date; update with 'make update-helm-docs'\033[0m" && exit 1) - -.PHONY: update-all + $(CLIENT-GEN) \ + $(DEEPCOPY-GEN) \ + $(INFORMER-GEN) \ + $(LISTER-GEN) \ + $(DEFAULTER-GEN) \ + $(CONVERSION-GEN) \ + $(OPENAPI-GEN) + +shared_generate_targets += generate-codegen + +.PHONY: generate-helm-docs +generate-helm-docs: deploy/charts/cert-manager/README.template.md deploy/charts/cert-manager/values.yaml | $(NEEDS_HELM-TOOL) + $(HELM-TOOL) inject \ + --header-search '^' \ + --footer-search '^' \ + -i deploy/charts/cert-manager/values.yaml \ + -o deploy/charts/cert-manager/README.template.md + +shared_generate_targets += generate-helm-docs + +.PHONY: ci-presubmit +## Run all checks (but not Go tests) which should pass before any given pull +## request or change is merged. +## +## @category CI +ci-presubmit: + $(MAKE) -j1 $(findstring vendor-go,$(MAKECMDGOALS)) verify + +.PHONY: generate-all ## Update CRDs, code generation and licenses to the latest versions. ## This is provided as a convenience to run locally before creating a PR, to ensure ## that everything is up-to-date. ## ## @category Development -update-all: update-crds update-codegen update-licenses update-helm-docs +generate-all: + $(MAKE) -j1 $(findstring vendor-go,$(MAKECMDGOALS)) generate diff --git a/make/containers.mk b/make/containers.mk index fefc766d4b2..66b8562e936 100644 --- a/make/containers.mk +++ b/make/containers.mk @@ -55,7 +55,7 @@ all-containers: cert-manager-controller-linux cert-manager-webhook-linux cert-ma cert-manager-controller-linux: $(bin_dir)/containers/cert-manager-controller-linux-amd64.tar.gz $(bin_dir)/containers/cert-manager-controller-linux-arm64.tar.gz $(bin_dir)/containers/cert-manager-controller-linux-s390x.tar.gz $(bin_dir)/containers/cert-manager-controller-linux-ppc64le.tar.gz $(bin_dir)/containers/cert-manager-controller-linux-arm.tar.gz $(bin_dir)/containers/cert-manager-controller-linux-amd64.tar $(bin_dir)/containers/cert-manager-controller-linux-arm64.tar $(bin_dir)/containers/cert-manager-controller-linux-s390x.tar $(bin_dir)/containers/cert-manager-controller-linux-ppc64le.tar $(bin_dir)/containers/cert-manager-controller-linux-arm.tar: $(bin_dir)/containers/cert-manager-controller-linux-%.tar: $(bin_dir)/scratch/build-context/cert-manager-controller-linux-%/controller hack/containers/Containerfile.controller $(bin_dir)/scratch/build-context/cert-manager-controller-linux-%/cert-manager.license $(bin_dir)/scratch/build-context/cert-manager-controller-linux-%/cert-manager.licenses_notice $(bin_dir)/release-version | $(bin_dir)/containers - @$(eval TAG := cert-manager-controller-$*:$(RELEASE_VERSION)) + @$(eval TAG := cert-manager-controller-$*:$(VERSION)) @$(eval BASE := BASE_IMAGE_controller-linux-$*) $(CTR) build --quiet \ -f hack/containers/Containerfile.controller \ @@ -68,7 +68,7 @@ $(bin_dir)/containers/cert-manager-controller-linux-amd64.tar $(bin_dir)/contain cert-manager-webhook-linux: $(bin_dir)/containers/cert-manager-webhook-linux-amd64.tar.gz $(bin_dir)/containers/cert-manager-webhook-linux-arm64.tar.gz $(bin_dir)/containers/cert-manager-webhook-linux-s390x.tar.gz $(bin_dir)/containers/cert-manager-webhook-linux-ppc64le.tar.gz $(bin_dir)/containers/cert-manager-webhook-linux-arm.tar.gz $(bin_dir)/containers/cert-manager-webhook-linux-amd64.tar $(bin_dir)/containers/cert-manager-webhook-linux-arm64.tar $(bin_dir)/containers/cert-manager-webhook-linux-s390x.tar $(bin_dir)/containers/cert-manager-webhook-linux-ppc64le.tar $(bin_dir)/containers/cert-manager-webhook-linux-arm.tar: $(bin_dir)/containers/cert-manager-webhook-linux-%.tar: $(bin_dir)/scratch/build-context/cert-manager-webhook-linux-%/webhook hack/containers/Containerfile.webhook $(bin_dir)/scratch/build-context/cert-manager-webhook-linux-%/cert-manager.license $(bin_dir)/scratch/build-context/cert-manager-webhook-linux-%/cert-manager.licenses_notice $(bin_dir)/release-version | $(bin_dir)/containers - @$(eval TAG := cert-manager-webhook-$*:$(RELEASE_VERSION)) + @$(eval TAG := cert-manager-webhook-$*:$(VERSION)) @$(eval BASE := BASE_IMAGE_webhook-linux-$*) $(CTR) build --quiet \ -f hack/containers/Containerfile.webhook \ @@ -81,7 +81,7 @@ $(bin_dir)/containers/cert-manager-webhook-linux-amd64.tar $(bin_dir)/containers cert-manager-cainjector-linux: $(bin_dir)/containers/cert-manager-cainjector-linux-amd64.tar.gz $(bin_dir)/containers/cert-manager-cainjector-linux-arm64.tar.gz $(bin_dir)/containers/cert-manager-cainjector-linux-s390x.tar.gz $(bin_dir)/containers/cert-manager-cainjector-linux-ppc64le.tar.gz $(bin_dir)/containers/cert-manager-cainjector-linux-arm.tar.gz $(bin_dir)/containers/cert-manager-cainjector-linux-amd64.tar $(bin_dir)/containers/cert-manager-cainjector-linux-arm64.tar $(bin_dir)/containers/cert-manager-cainjector-linux-s390x.tar $(bin_dir)/containers/cert-manager-cainjector-linux-ppc64le.tar $(bin_dir)/containers/cert-manager-cainjector-linux-arm.tar: $(bin_dir)/containers/cert-manager-cainjector-linux-%.tar: $(bin_dir)/scratch/build-context/cert-manager-cainjector-linux-%/cainjector hack/containers/Containerfile.cainjector $(bin_dir)/scratch/build-context/cert-manager-cainjector-linux-%/cert-manager.license $(bin_dir)/scratch/build-context/cert-manager-cainjector-linux-%/cert-manager.licenses_notice $(bin_dir)/release-version | $(bin_dir)/containers - @$(eval TAG := cert-manager-cainjector-$*:$(RELEASE_VERSION)) + @$(eval TAG := cert-manager-cainjector-$*:$(VERSION)) @$(eval BASE := BASE_IMAGE_cainjector-linux-$*) $(CTR) build --quiet \ -f hack/containers/Containerfile.cainjector \ @@ -94,7 +94,7 @@ $(bin_dir)/containers/cert-manager-cainjector-linux-amd64.tar $(bin_dir)/contain cert-manager-acmesolver-linux: $(bin_dir)/containers/cert-manager-acmesolver-linux-amd64.tar.gz $(bin_dir)/containers/cert-manager-acmesolver-linux-arm64.tar.gz $(bin_dir)/containers/cert-manager-acmesolver-linux-s390x.tar.gz $(bin_dir)/containers/cert-manager-acmesolver-linux-ppc64le.tar.gz $(bin_dir)/containers/cert-manager-acmesolver-linux-arm.tar.gz $(bin_dir)/containers/cert-manager-acmesolver-linux-amd64.tar $(bin_dir)/containers/cert-manager-acmesolver-linux-arm64.tar $(bin_dir)/containers/cert-manager-acmesolver-linux-s390x.tar $(bin_dir)/containers/cert-manager-acmesolver-linux-ppc64le.tar $(bin_dir)/containers/cert-manager-acmesolver-linux-arm.tar: $(bin_dir)/containers/cert-manager-acmesolver-linux-%.tar: $(bin_dir)/scratch/build-context/cert-manager-acmesolver-linux-%/acmesolver hack/containers/Containerfile.acmesolver $(bin_dir)/scratch/build-context/cert-manager-acmesolver-linux-%/cert-manager.license $(bin_dir)/scratch/build-context/cert-manager-acmesolver-linux-%/cert-manager.licenses_notice $(bin_dir)/release-version | $(bin_dir)/containers - @$(eval TAG := cert-manager-acmesolver-$*:$(RELEASE_VERSION)) + @$(eval TAG := cert-manager-acmesolver-$*:$(VERSION)) @$(eval BASE := BASE_IMAGE_acmesolver-linux-$*) $(CTR) build --quiet \ -f hack/containers/Containerfile.acmesolver \ @@ -107,7 +107,7 @@ $(bin_dir)/containers/cert-manager-acmesolver-linux-amd64.tar $(bin_dir)/contain cert-manager-startupapicheck-linux: $(bin_dir)/containers/cert-manager-startupapicheck-linux-amd64.tar.gz $(bin_dir)/containers/cert-manager-startupapicheck-linux-arm64.tar.gz $(bin_dir)/containers/cert-manager-startupapicheck-linux-s390x.tar.gz $(bin_dir)/containers/cert-manager-startupapicheck-linux-ppc64le.tar.gz $(bin_dir)/containers/cert-manager-startupapicheck-linux-arm.tar.gz $(bin_dir)/containers/cert-manager-startupapicheck-linux-amd64.tar $(bin_dir)/containers/cert-manager-startupapicheck-linux-arm64.tar $(bin_dir)/containers/cert-manager-startupapicheck-linux-s390x.tar $(bin_dir)/containers/cert-manager-startupapicheck-linux-ppc64le.tar $(bin_dir)/containers/cert-manager-startupapicheck-linux-arm.tar: $(bin_dir)/containers/cert-manager-startupapicheck-linux-%.tar: $(bin_dir)/scratch/build-context/cert-manager-startupapicheck-linux-%/startupapicheck hack/containers/Containerfile.startupapicheck $(bin_dir)/scratch/build-context/cert-manager-startupapicheck-linux-%/cert-manager.license $(bin_dir)/scratch/build-context/cert-manager-startupapicheck-linux-%/cert-manager.licenses_notice $(bin_dir)/release-version | $(bin_dir)/containers - @$(eval TAG := cert-manager-startupapicheck-$*:$(RELEASE_VERSION)) + @$(eval TAG := cert-manager-startupapicheck-$*:$(VERSION)) @$(eval BASE := BASE_IMAGE_startupapicheck-linux-$*) $(CTR) build --quiet \ -f hack/containers/Containerfile.startupapicheck \ diff --git a/make/e2e-setup.mk b/make/e2e-setup.mk index 7ca0cf29bb1..206167ad36e 100644 --- a/make/e2e-setup.mk +++ b/make/e2e-setup.mk @@ -350,8 +350,8 @@ e2e-setup-bind: $(call image-tar,bind) load-$(call image-tar,bind) $(wildcard ma sed -e "s|{SERVICE_IP_PREFIX}|$(SERVICE_IP_PREFIX)|g" -e "s|{IMAGE}|$(IMAGE)|g" make/config/bind/*.yaml | $(KUBECTL) apply -n bind -f - >/dev/null .PHONY: e2e-setup-gatewayapi -e2e-setup-gatewayapi: $(bin_dir)/downloaded/gateway-api-$(GATEWAY_API_VERSION).yaml $(bin_dir)/scratch/kind-exists $(NEEDS_KUBECTL) - $(KUBECTL) apply --server-side -f $(bin_dir)/downloaded/gateway-api-$(GATEWAY_API_VERSION).yaml > /dev/null +e2e-setup-gatewayapi: $(bin_dir)/scratch/gateway-api-$(GATEWAY_API_VERSION).yaml $(bin_dir)/scratch/kind-exists $(NEEDS_KUBECTL) + $(KUBECTL) apply --server-side -f $(bin_dir)/scratch/gateway-api-$(GATEWAY_API_VERSION).yaml > /dev/null # v1 NGINX-Ingress by default only watches Ingresses with Ingress class @@ -496,6 +496,3 @@ kind-logs: $(bin_dir)/scratch/kind-exists | $(NEEDS_KIND) rm -rf $(ARTIFACTS)/cert-manager-e2e-logs mkdir -p $(ARTIFACTS)/cert-manager-e2e-logs $(KIND) export logs $(ARTIFACTS)/cert-manager-e2e-logs --name=$(shell cat $(bin_dir)/scratch/kind-exists) - -$(bin_dir)/scratch: - @mkdir -p $@ diff --git a/make/git.mk b/make/git.mk index 51c9f1c755e..51d55e91cd4 100644 --- a/make/git.mk +++ b/make/git.mk @@ -12,24 +12,18 @@ # See the License for the specific language governing permissions and # limitations under the License. -RELEASE_VERSION := $(shell git describe --tags --match='v*' --abbrev=14) - -GITCOMMIT := $(shell git rev-parse HEAD) - IS_TAGGED_RELEASE := $(shell git describe --exact-match HEAD >/dev/null 2>&1 && echo "true" || echo "false") -IS_PRERELEASE := $(shell echo $(RELEASE_VERSION) | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$$' - && echo "false" || echo "true") - .PHONY: gitver gitver: - @echo "Release version: \"$(RELEASE_VERSION)\"" + @echo "Release version: \"$(VERSION)\"" @echo "Is tagged release: \"$(IS_TAGGED_RELEASE)\"" @echo "Is prerelease: \"$(IS_PRERELEASE)\"" @echo "Git commit hash: \"$(GITCOMMIT)\"" .PHONY: release-version release-version: - @echo "$(RELEASE_VERSION)" + @echo "$(VERSION)" # The file "release-version" gets updated whenever git describe --tags changes. # This is used by the $(bin_dir)/containers/*.tar.gz targets to make sure that the @@ -43,7 +37,7 @@ release-version: # be used to check whether targets should be rebuilt, and they would get # constantly rebuilt. $(bin_dir)/release-version: FORCE | $(bin_dir) - @test "$(RELEASE_VERSION)" == "$(shell cat $@ 2>/dev/null)" || echo $(RELEASE_VERSION) > $@ + @test "$(VERSION)" == "$(shell cat $@ 2>/dev/null)" || echo $(VERSION) > $@ $(bin_dir)/scratch/git: @mkdir -p $@ diff --git a/make/help.mk b/make/help.mk deleted file mode 100644 index 01307a4c421..00000000000 --- a/make/help.mk +++ /dev/null @@ -1,118 +0,0 @@ -# Copyright 2023 The cert-manager Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -# Inspired from -# https://github.com/Mischback/django-calingen/blob/3f0e6db6/Makefile -# and https://gist.github.com/klmr/575726c7e05d8780505a - -# fancy colors -cyan := "$$(tput setaf 6)" -green := "$$(tput setaf 2)" -red := "$$(tput setaf 1)" -yel := "$$(tput setaf 3)" -gray := "$$(tput setaf 8)" -grayb := "$$(printf "\033[1m"; tput setaf 8)" -end := "$$(tput sgr0)" -TARGET_STYLED_HELP_NAME = "$(cyan)TARGET$(end)" -ARGUMENTS_HELP_NAME = "$(green)ARGUMENT$(end)=$(red)VALUE$(end)" - -# This mountrous sed is compatible with both GNU sed and BSD sed (for macOS). -# That's why "-E", "|", "+", "\s", "?", and "\t" aren't used. See the details -# about BSD sed vs. GNU sed: https://riptutorial.com/sed/topic/9436 - -target_regex := [a-zA-Z0-9%_\/%-][a-zA-Z0-9%_\/%-]* -variable_regex := [^:= ][^:= ]* -variable_assignment_regex := [ ]*:*[+:!\?]*= * -value_regex := .* -category_annotation_regex := @category * -category_regex := [^<][^<]* - -# We first parse and markup with these ad-hoc tags, and then we turn the markup -# into a colorful output. -target_tag_start := -target_tag_end := -target_variable_tag_start := -target_variable_tag_end := -variable_tag_start := -variable_tag_end := -global_variable_tag_start := -global_variable_tag_end := -value_tag_start := -value_tag_end := -prerequisites_tag_start := -prerequisites_tag_end := -doc_tag_start := -doc_tag_indented_start := -doc_tag_indented_end := -doc_tag_end := -category_tag_start := -category_tag_end := -default_category_tag_start := -default_category_tag_end := - -DEFAULT_CATEGORY = General - -.PHONY: help -help: - @echo "Usage: make [$(TARGET_STYLED_HELP_NAME) [$(TARGET_STYLED_HELP_NAME) ...]] [$(ARGUMENTS_HELP_NAME) [$(ARGUMENTS_HELP_NAME) ...]]" - @cat ${MAKEFILE_LIST} \ - | tr '\t' ' ' \ - | sed -n -e "/^## / { \ - h; \ - s/.*/##/; \ - :doc" \ - -e "H; \ - n; \ - s|^## *\(.*\)|$(doc_tag_start)$(doc_tag_indented_start)\1$(doc_tag_indented_end)$(doc_tag_end)|; \ - s|^## *\(.*\)|$(doc_tag_start)\1$(doc_tag_end)|; \ - t doc" \ - -e "s| *#[^#].*||; " \ - -e "s|^\(define *\)\($(variable_regex)\)$(variable_assignment_regex)\($(value_regex)\)|$(global_variable_tag_start)\2$(global_variable_tag_end)$(value_tag_start)\3$(value_tag_end)|;" \ - -e "s|^\($(variable_regex)\)$(variable_assignment_regex)\($(value_regex)\)|$(global_variable_tag_start)\1$(global_variable_tag_end)$(value_tag_start)\2$(value_tag_end)|;" \ - -e "s|^\($(target_regex)\) *: *\(\($(variable_regex)\)$(variable_assignment_regex)\($(value_regex)\)\)|$(target_variable_tag_start)\1$(target_variable_tag_end)$(variable_tag_start)\3$(variable_tag_end)$(value_tag_start)\4$(value_tag_end)|;" \ - -e "s|^\($(target_regex)\) *: *\($(target_regex)\( *$(target_regex)\)*\) *\(\| *\( *$(target_regex)\)*\)|$(target_tag_start)\1$(target_tag_end)$(prerequisites_tag_start)\2$(prerequisites_tag_end)|;" \ - -e "s|^\($(target_regex)\) *: *\($(target_regex)\( *$(target_regex)\)*\)|$(target_tag_start)\1$(target_tag_end)$(prerequisites_tag_start)\2$(prerequisites_tag_end)|;" \ - -e "s|^\($(target_regex)\) *: *\(\| *\( *$(target_regex)\)*\)|$(target_tag_start)\1$(target_tag_end)|;" \ - -e "s|^\($(target_regex)\) *: *|$(target_tag_start)\1$(target_tag_end)|;" \ - -e " \ - G; \ - s|## *\(.*\) *##|$(doc_tag_start)\1$(doc_tag_end)|; \ - s|\\n||g;" \ - -e "/$(category_annotation_regex)/!s|.*|$(default_category_tag_start)$(DEFAULT_CATEGORY)$(default_category_tag_end)&|" \ - -e "s|^\(.*\)$(doc_tag_start)$(category_annotation_regex)\($(category_regex)\)$(doc_tag_end)|$(category_tag_start)\2$(category_tag_end)\1|" \ - -e "p; \ - }" \ - | sort \ - | sed -n \ - -e "s|$(default_category_tag_start)|$(category_tag_start)|" \ - -e "s|$(default_category_tag_end)|$(category_tag_end)|" \ - -e "{G; s|\($(category_tag_start)$(category_regex)$(category_tag_end)\)\(.*\)\n\1|\2|; s|\n.*||; H; }" \ - -e "s|$(category_tag_start)||" \ - -e "s|$(category_tag_end)|:\n|" \ - -e "s|$(target_variable_tag_start)|$(target_tag_start)|" \ - -e "s|$(target_variable_tag_end)|$(target_tag_end)|" \ - -e "s|$(target_tag_start)| $(cyan)|" \ - -e "s|$(target_tag_end)|$(end) |" \ - -e "s|$(prerequisites_tag_start).*$(prerequisites_tag_end)||" \ - -e "s|$(variable_tag_start)|$(green)|g" \ - -e "s|$(variable_tag_end)|$(end)|" \ - -e "s|$(global_variable_tag_start)| $(green)|g" \ - -e "s|$(global_variable_tag_end)|$(end)|" \ - -e "s|$(value_tag_start)| (default: $(red)|" \ - -e "s|$(value_tag_end)|$(end))|" \ - -e "s|$(doc_tag_indented_start)|$(grayb)|g" \ - -e "s|$(doc_tag_indented_end)|$(end)|g" \ - -e "s|$(doc_tag_start)|\n |g" \ - -e "s|$(doc_tag_end)||g" \ - -e "p" diff --git a/make/ko.mk b/make/ko.mk index 93f62942c01..bddc068f88d 100644 --- a/make/ko.mk +++ b/make/ko.mk @@ -60,7 +60,7 @@ $(KO_IMAGE_REFS): _bin/scratch/ko/%.yaml: FORCE | $(NEEDS_KO) $(NEEDS_YQ) --bare \ --sbom=$(KO_SBOM) \ --platform=$(KO_PLATFORM) \ - --tags=$(RELEASE_VERSION) \ + --tags=$(VERSION) \ | $(YQ) 'capture("(?P(?P[^:]+):(?P[^@]+)@(?P.*))")' > $@ .PHONY: ko-images-push diff --git a/make/licenses.mk b/make/licenses.mk index 59375abb4f1..5fff99bcafc 100644 --- a/make/licenses.mk +++ b/make/licenses.mk @@ -47,16 +47,22 @@ $(bin_dir)/scratch/cert-manager.licenses_notice: $(bin_dir)/scratch/license-foot # https://github.com/cert-manager/cert-manager/pull/5935 LICENSES_GO_WORK := $(bin_dir)/scratch/LICENSES.go.work $(LICENSES_GO_WORK): $(bin_dir)/scratch - $(MAKE) go-workspace GOWORK=$(abspath $@) + GOWORK=$(abspath $@) \ + $(MAKE) go-workspace -LICENSES $(bin_dir)/scratch/LATEST-LICENSES: export GOWORK=$(abspath $(LICENSES_GO_WORK)) -LICENSES $(bin_dir)/scratch/LATEST-LICENSES: $(LICENSES_GO_WORK) go.mod go.sum | $(NEEDS_GO-LICENSES) - GOOS=linux GOARCH=amd64 $(GO-LICENSES) csv ./... > $@ +LICENSES: $(LICENSES_GO_WORK) go.mod go.sum | $(NEEDS_GO-LICENSES) + GOWORK=$(abspath $(LICENSES_GO_WORK)) \ + GOOS=linux GOARCH=amd64 \ + $(GO-LICENSES) csv ./... > $@ -cmd/%/LICENSES $(bin_dir)/scratch/LATEST-LICENSES-%: export GOWORK=$(abspath $(LICENSES_GO_WORK)) -cmd/%/LICENSES $(bin_dir)/scratch/LATEST-LICENSES-%: $(LICENSES_GO_WORK) cmd/%/go.mod cmd/%/go.sum | $(NEEDS_GO-LICENSES) - cd cmd/$* && GOOS=linux GOARCH=amd64 $(GO-LICENSES) csv ./... > ../../$@ +cmd/%/LICENSES: $(LICENSES_GO_WORK) cmd/%/go.mod cmd/%/go.sum | $(NEEDS_GO-LICENSES) + cd cmd/$* && \ + GOWORK=$(abspath $(LICENSES_GO_WORK)) \ + GOOS=linux GOARCH=amd64 \ + $(GO-LICENSES) csv ./... > ../../$@ -test/%/LICENSES $(bin_dir)/scratch/LATEST-LICENSES-%-tests: export GOWORK=$(abspath $(LICENSES_GO_WORK)) -test/%/LICENSES $(bin_dir)/scratch/LATEST-LICENSES-%-tests: $(LICENSES_GO_WORK) test/%/go.mod test/%/go.sum | $(NEEDS_GO-LICENSES) - cd test/$* && GOOS=linux GOARCH=amd64 $(GO-LICENSES) csv ./... > ../../$@ +test/%/LICENSES: $(LICENSES_GO_WORK) test/%/go.mod test/%/go.sum | $(NEEDS_GO-LICENSES) + cd test/$* && \ + GOWORK=$(abspath $(LICENSES_GO_WORK)) \ + GOOS=linux GOARCH=amd64 \ + $(GO-LICENSES) csv ./... > ../../$@ diff --git a/make/manifests.mk b/make/manifests.mk index 580569beb41..e424e254fa1 100644 --- a/make/manifests.mk +++ b/make/manifests.mk @@ -25,13 +25,13 @@ HELM_TEMPLATE_TARGETS=$(patsubst deploy/charts/cert-manager/templates/%,$(bin_di # These targets provide friendly names for the various manifests / charts we build .PHONY: helm-chart -helm-chart: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz +helm-chart: $(bin_dir)/cert-manager-$(VERSION).tgz -$(bin_dir)/cert-manager.tgz: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz +$(bin_dir)/cert-manager.tgz: $(bin_dir)/cert-manager-$(VERSION).tgz @ln -s -f $(notdir $<) $@ .PHONY: helm-chart-signature -helm-chart-signature: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz.prov +helm-chart-signature: $(bin_dir)/cert-manager-$(VERSION).tgz.prov .PHONY: static-manifests static-manifests: $(bin_dir)/yaml/cert-manager.crds.yaml $(bin_dir)/yaml/cert-manager.yaml @@ -55,19 +55,19 @@ release-manifests: $(bin_dir)/scratch/cert-manager-manifests-unsigned.tar.gz ## @category Release release-manifests-signed: $(bin_dir)/release/cert-manager-manifests.tar.gz $(bin_dir)/metadata/cert-manager-manifests.tar.gz.metadata.json -$(bin_dir)/release/cert-manager-manifests.tar.gz: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz $(bin_dir)/yaml/cert-manager.crds.yaml $(bin_dir)/yaml/cert-manager.yaml $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz.prov | $(bin_dir)/scratch/manifests-signed $(bin_dir)/release +$(bin_dir)/release/cert-manager-manifests.tar.gz: $(bin_dir)/cert-manager-$(VERSION).tgz $(bin_dir)/yaml/cert-manager.crds.yaml $(bin_dir)/yaml/cert-manager.yaml $(bin_dir)/cert-manager-$(VERSION).tgz.prov | $(bin_dir)/scratch/manifests-signed $(bin_dir)/release mkdir -p $(bin_dir)/scratch/manifests-signed/deploy/chart/ mkdir -p $(bin_dir)/scratch/manifests-signed/deploy/manifests/ - cp $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz.prov $(bin_dir)/scratch/manifests-signed/deploy/chart/ + cp $(bin_dir)/cert-manager-$(VERSION).tgz $(bin_dir)/cert-manager-$(VERSION).tgz.prov $(bin_dir)/scratch/manifests-signed/deploy/chart/ cp $(bin_dir)/yaml/cert-manager.crds.yaml $(bin_dir)/yaml/cert-manager.yaml $(bin_dir)/scratch/manifests-signed/deploy/manifests/ # removes leading ./ from archived paths find $(bin_dir)/scratch/manifests-signed -maxdepth 1 -mindepth 1 | sed 's|.*/||' | tar czf $@ -C $(bin_dir)/scratch/manifests-signed -T - rm -rf $(bin_dir)/scratch/manifests-signed -$(bin_dir)/scratch/cert-manager-manifests-unsigned.tar.gz: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz $(bin_dir)/yaml/cert-manager.crds.yaml $(bin_dir)/yaml/cert-manager.yaml | $(bin_dir)/scratch/manifests-unsigned +$(bin_dir)/scratch/cert-manager-manifests-unsigned.tar.gz: $(bin_dir)/cert-manager-$(VERSION).tgz $(bin_dir)/yaml/cert-manager.crds.yaml $(bin_dir)/yaml/cert-manager.yaml | $(bin_dir)/scratch/manifests-unsigned mkdir -p $(bin_dir)/scratch/manifests-unsigned/deploy/chart/ mkdir -p $(bin_dir)/scratch/manifests-unsigned/deploy/manifests/ - cp $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz $(bin_dir)/scratch/manifests-unsigned/deploy/chart/ + cp $(bin_dir)/cert-manager-$(VERSION).tgz $(bin_dir)/scratch/manifests-unsigned/deploy/chart/ cp $(bin_dir)/yaml/cert-manager.crds.yaml $(bin_dir)/yaml/cert-manager.yaml $(bin_dir)/scratch/manifests-unsigned/deploy/manifests/ # removes leading ./ from archived paths find $(bin_dir)/scratch/manifests-unsigned -maxdepth 1 -mindepth 1 | sed 's|.*/||' | tar czf $@ -C $(bin_dir)/scratch/manifests-unsigned -T - @@ -86,10 +86,10 @@ $(bin_dir)/metadata/cert-manager-manifests.tar.gz.metadata.json: $(bin_dir)/rele # These targets provide for building and signing the cert-manager helm chart. -$(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz: $(bin_dir)/helm/cert-manager/README.md $(bin_dir)/helm/cert-manager/Chart.yaml $(bin_dir)/helm/cert-manager/values.yaml $(HELM_TEMPLATE_TARGETS) $(bin_dir)/helm/cert-manager/templates/NOTES.txt $(bin_dir)/helm/cert-manager/templates/_helpers.tpl $(bin_dir)/helm/cert-manager/templates/crds.yaml | $(NEEDS_HELM) $(bin_dir)/helm/cert-manager - $(HELM) package --app-version=$(RELEASE_VERSION) --version=$(RELEASE_VERSION) --destination "$(dir $@)" ./$(bin_dir)/helm/cert-manager +$(bin_dir)/cert-manager-$(VERSION).tgz: $(bin_dir)/helm/cert-manager/README.md $(bin_dir)/helm/cert-manager/Chart.yaml $(bin_dir)/helm/cert-manager/values.yaml $(HELM_TEMPLATE_TARGETS) $(bin_dir)/helm/cert-manager/templates/NOTES.txt $(bin_dir)/helm/cert-manager/templates/_helpers.tpl $(bin_dir)/helm/cert-manager/templates/crds.yaml | $(NEEDS_HELM) $(bin_dir)/helm/cert-manager + $(HELM) package --app-version=$(VERSION) --version=$(VERSION) --destination "$(dir $@)" ./$(bin_dir)/helm/cert-manager -$(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz.prov: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz | $(NEEDS_CMREL) $(bin_dir)/helm/cert-manager +$(bin_dir)/cert-manager-$(VERSION).tgz.prov: $(bin_dir)/cert-manager-$(VERSION).tgz | $(NEEDS_CMREL) $(bin_dir)/helm/cert-manager ifeq ($(strip $(CMREL_KEY)),) $(error Trying to sign helm chart but CMREL_KEY is empty) endif @@ -111,7 +111,7 @@ $(bin_dir)/helm/cert-manager/values.yaml: deploy/charts/cert-manager/values.yaml cp $< $@ $(bin_dir)/helm/cert-manager/README.md: deploy/charts/cert-manager/README.template.md | $(bin_dir)/helm/cert-manager - sed -e "s:{{RELEASE_VERSION}}:$(RELEASE_VERSION):g" < $< > $@ + sed -e "s:{{RELEASE_VERSION}}:$(VERSION):g" < $< > $@ $(bin_dir)/helm/cert-manager/Chart.yaml: deploy/charts/cert-manager/Chart.template.yaml deploy/charts/cert-manager/signkey_annotation.txt | $(NEEDS_YQ) $(bin_dir)/helm/cert-manager @# this horrible mess is taken from the YQ manual's example of multiline string blocks from a file: @@ -119,7 +119,7 @@ $(bin_dir)/helm/cert-manager/Chart.yaml: deploy/charts/cert-manager/Chart.templa @# we set a bash variable called SIGNKEY_ANNOTATION using read, and then use that bash variable in yq IFS= read -rd '' SIGNKEY_ANNOTATION < <(cat deploy/charts/cert-manager/signkey_annotation.txt) ; \ SIGNKEY_ANNOTATION=$$SIGNKEY_ANNOTATION $(YQ) eval \ - '.annotations."artifacthub.io/signKey" = strenv(SIGNKEY_ANNOTATION) | .annotations."artifacthub.io/prerelease" = "$(IS_PRERELEASE)" | .version = "$(RELEASE_VERSION)" | .appVersion = "$(RELEASE_VERSION)"' \ + '.annotations."artifacthub.io/signKey" = strenv(SIGNKEY_ANNOTATION) | .annotations."artifacthub.io/prerelease" = "$(IS_PRERELEASE)" | .version = "$(VERSION)" | .appVersion = "$(VERSION)"' \ $< > $@ ############################################################ @@ -131,12 +131,12 @@ $(bin_dir)/helm/cert-manager/Chart.yaml: deploy/charts/cert-manager/Chart.templa # with templating completed, and then concatenate with the cert-manager namespace and the CRDs. # Renders all resources except the namespace and the CRDs -$(bin_dir)/scratch/yaml/cert-manager.noncrd.unlicensed.yaml: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz | $(NEEDS_HELM) $(bin_dir)/scratch/yaml +$(bin_dir)/scratch/yaml/cert-manager.noncrd.unlicensed.yaml: $(bin_dir)/cert-manager-$(VERSION).tgz | $(NEEDS_HELM) $(bin_dir)/scratch/yaml @# The sed command removes the first line but only if it matches "---", which helm adds $(HELM) template --api-versions="" --namespace=cert-manager --set="creator=static" --set="startupapicheck.enabled=false" cert-manager $< | \ sed -e "1{/^---$$/d;}" > $@ -$(bin_dir)/scratch/yaml/cert-manager.all.unlicensed.yaml: $(bin_dir)/cert-manager-$(RELEASE_VERSION).tgz | $(NEEDS_HELM) $(bin_dir)/scratch/yaml +$(bin_dir)/scratch/yaml/cert-manager.all.unlicensed.yaml: $(bin_dir)/cert-manager-$(VERSION).tgz | $(NEEDS_HELM) $(bin_dir)/scratch/yaml @# The sed command removes the first line but only if it matches "---", which helm adds $(HELM) template --api-versions="" --namespace=cert-manager --set="crds.enabled=true" --set="creator=static" --set="startupapicheck.enabled=false" cert-manager $< | \ sed -e "1{/^---$$/d;}" > $@ diff --git a/make/release.mk b/make/release.mk index 91429e53bf1..12f405fe922 100644 --- a/make/release.mk +++ b/make/release.mk @@ -64,13 +64,13 @@ upload-release: release | $(NEEDS_RCLONE) ifeq ($(strip $(RELEASE_TARGET_BUCKET)),) $(error Trying to upload-release but RELEASE_TARGET_BUCKET is empty) endif - $(RCLONE) copyto ./$(bin_dir)/release :gcs:$(RELEASE_TARGET_BUCKET)/stage/gcb/release/$(RELEASE_VERSION) + $(RCLONE) copyto ./$(bin_dir)/release :gcs:$(RELEASE_TARGET_BUCKET)/stage/gcb/release/$(VERSION) # Takes all metadata files in $(bin_dir)/metadata and combines them into one. $(bin_dir)/release/metadata.json: $(wildcard $(bin_dir)/metadata/*.json) | $(bin_dir)/release jq -n \ - --arg releaseVersion "$(RELEASE_VERSION)" \ + --arg releaseVersion "$(VERSION)" \ --arg buildSource "make" \ --arg gitCommitRef "$(GITCOMMIT)" \ '.releaseVersion = $$releaseVersion | .gitCommitRef = $$gitCommitRef | .buildSource = $$buildSource | .artifacts += [inputs]' $^ > $@ @@ -86,12 +86,12 @@ $(bin_dir)/release/cert-manager-server-linux-amd64.tar.gz $(bin_dir)/release/cer @$(eval CTR_BASENAME := $(basename $(basename $(notdir $@)))) @$(eval CTR_SCRATCHDIR := $(bin_dir)/scratch/release-container-bundle/$(CTR_BASENAME)) mkdir -p $(CTR_SCRATCHDIR)/server/images - echo "$(RELEASE_VERSION)" > $(CTR_SCRATCHDIR)/version - echo "$(RELEASE_VERSION)" > $(CTR_SCRATCHDIR)/server/images/acmesolver.docker_tag - echo "$(RELEASE_VERSION)" > $(CTR_SCRATCHDIR)/server/images/cainjector.docker_tag - echo "$(RELEASE_VERSION)" > $(CTR_SCRATCHDIR)/server/images/controller.docker_tag - echo "$(RELEASE_VERSION)" > $(CTR_SCRATCHDIR)/server/images/webhook.docker_tag - echo "$(RELEASE_VERSION)" > $(CTR_SCRATCHDIR)/server/images/startupapicheck.docker_tag + echo "$(VERSION)" > $(CTR_SCRATCHDIR)/version + echo "$(VERSION)" > $(CTR_SCRATCHDIR)/server/images/acmesolver.docker_tag + echo "$(VERSION)" > $(CTR_SCRATCHDIR)/server/images/cainjector.docker_tag + echo "$(VERSION)" > $(CTR_SCRATCHDIR)/server/images/controller.docker_tag + echo "$(VERSION)" > $(CTR_SCRATCHDIR)/server/images/webhook.docker_tag + echo "$(VERSION)" > $(CTR_SCRATCHDIR)/server/images/startupapicheck.docker_tag cp $(bin_dir)/scratch/cert-manager.license $(CTR_SCRATCHDIR)/LICENSES gunzip -c $(bin_dir)/containers/cert-manager-acmesolver-linux-$*.tar.gz >$(CTR_SCRATCHDIR)/server/images/acmesolver.tar gunzip -c $(bin_dir)/containers/cert-manager-cainjector-linux-$*.tar.gz >$(CTR_SCRATCHDIR)/server/images/cainjector.tar diff --git a/make/test.mk b/make/test.mk index 32d288717cb..4feb9618996 100644 --- a/make/test.mk +++ b/make/test.mk @@ -119,8 +119,7 @@ E2E_OPENSHIFT ?= false ## ## @category Development e2e: $(bin_dir)/scratch/kind-exists | $(NEEDS_KUBECTL) $(NEEDS_GINKGO) - BINDIR=$(bin_dir) \ - make/e2e.sh + make/e2e.sh .PHONY: e2e-ci e2e-ci: | $(NEEDS_GO) diff --git a/make/util.mk b/make/util.mk index 174c9987920..836dc8141cd 100644 --- a/make/util.mk +++ b/make/util.mk @@ -31,4 +31,14 @@ print-sources: .PHONY: print-source-dirs print-source-dirs: - @echo $(call get-sources,cut -d'/' -f2 | sort | uniq | tr '\n' ' ') + @echo $(SOURCE_DIRS) + +.PHONY: go-workspace +go-workspace: export GOWORK?=$(abspath go.work) +## Create a go.work file in the repository root (or GOWORK) +## +## @category Development +go-workspace: + @rm -f $(GOWORK) + go work init + go work use . ./cmd/acmesolver ./cmd/cainjector ./cmd/controller ./cmd/startupapicheck ./cmd/webhook ./test/integration ./test/e2e diff --git a/pkg/acme/webhook/openapi/zz_generated.openapi.go b/pkg/acme/webhook/openapi/zz_generated.openapi.go index 70ba2f5aa25..59b7a6dbc6d 100644 --- a/pkg/acme/webhook/openapi/zz_generated.openapi.go +++ b/pkg/acme/webhook/openapi/zz_generated.openapi.go @@ -317,8 +317,7 @@ func schema_pkg_apis_apiextensions_v1_ConversionRequest(ref common.ReferenceCall Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -355,8 +354,7 @@ func schema_pkg_apis_apiextensions_v1_ConversionResponse(ref common.ReferenceCal Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -585,7 +583,6 @@ func schema_pkg_apis_apiextensions_v1_CustomResourceDefinitionCondition(ref comm "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime last time the condition transitioned from one status to another.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -1203,8 +1200,7 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSON"), }, }, }, @@ -1325,8 +1321,7 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba Allows: true, Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSONSchemaPropsOrStringArray"), + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSONSchemaPropsOrStringArray"), }, }, }, @@ -2091,7 +2086,6 @@ func schema_pkg_apis_meta_v1_Condition(ref common.ReferenceCallback) common.Open "lastTransitionTime": { SchemaProps: spec.SchemaProps{ Description: "lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -2647,8 +2641,7 @@ func schema_pkg_apis_meta_v1_List(ref common.ReferenceCallback) common.OpenAPIDe Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), + Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, }, @@ -2934,7 +2927,6 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "creationTimestamp": { SchemaProps: spec.SchemaProps{ Description: "CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.\n\nPopulated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.Time"), }, }, @@ -3716,7 +3708,6 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA "object": { SchemaProps: spec.SchemaProps{ Description: "This field contains the requested additional information about each object based on the includeObject policy when requesting the Table. If \"None\", this field is empty, if \"Object\" this will be the default serialization of the object for the current API version, and if \"Metadata\" (the default) will contain the object metadata. Check the returned kind and apiVersion of the object before parsing. The media type of the object will always match the enclosing list - if this as a JSON table, these will be JSON encoded objects.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, @@ -3915,7 +3906,6 @@ func schema_pkg_apis_meta_v1_WatchEvent(ref common.ReferenceCallback) common.Ope "object": { SchemaProps: spec.SchemaProps{ Description: "Object is:\n * If Type is Added or Modified: the new state of the object.\n * If Type is Deleted: the state of the object immediately before deletion.\n * If Type is Error: *Status is recommended; other types may make sense\n depending on context.", - Default: map[string]interface{}{}, Ref: ref("k8s.io/apimachinery/pkg/runtime.RawExtension"), }, }, diff --git a/pkg/client/informers/externalversions/factory.go b/pkg/client/informers/externalversions/factory.go index 1752fd687a3..be308feb85b 100644 --- a/pkg/client/informers/externalversions/factory.go +++ b/pkg/client/informers/externalversions/factory.go @@ -43,6 +43,7 @@ type sharedInformerFactory struct { lock sync.Mutex defaultResync time.Duration customResync map[reflect.Type]time.Duration + transform cache.TransformFunc informers map[reflect.Type]cache.SharedIndexInformer // startedInformers is used for tracking which informers have been started. @@ -81,6 +82,14 @@ func WithNamespace(namespace string) SharedInformerOption { } } +// WithTransform sets a transform on all informers. +func WithTransform(transform cache.TransformFunc) SharedInformerOption { + return func(factory *sharedInformerFactory) *sharedInformerFactory { + factory.transform = transform + return factory + } +} + // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces. func NewSharedInformerFactory(client versioned.Interface, defaultResync time.Duration) SharedInformerFactory { return NewSharedInformerFactoryWithOptions(client, defaultResync) @@ -185,6 +194,7 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal } informer = newFunc(f.client, resyncPeriod) + informer.SetTransform(f.transform) f.informers[informerType] = informer return informer From bcac7c43cc3f1a8908d14748f7ee0acc96905e50 Mon Sep 17 00:00:00 2001 From: Jason Costello Date: Thu, 11 Apr 2024 17:17:48 -0400 Subject: [PATCH 025/177] Tidying test + update defaults mode Signed-off-by: Jason Costello --- .../cainjector/v1alpha1/defaults_test.go | 18 +++++++++++++-- .../cainjector/v1alpha1/test/apidefaults.go | 23 ------------------- .../v1alpha1/{test => testdata}/defaults.json | 0 make/test.mk | 4 ++-- 4 files changed, 18 insertions(+), 27 deletions(-) delete mode 100644 internal/apis/config/cainjector/v1alpha1/test/apidefaults.go rename internal/apis/config/cainjector/v1alpha1/{test => testdata}/defaults.json (100%) diff --git a/internal/apis/config/cainjector/v1alpha1/defaults_test.go b/internal/apis/config/cainjector/v1alpha1/defaults_test.go index 5aa29a68148..a35d3ce934c 100644 --- a/internal/apis/config/cainjector/v1alpha1/defaults_test.go +++ b/internal/apis/config/cainjector/v1alpha1/defaults_test.go @@ -8,7 +8,21 @@ import ( "testing" ) +const TestFileLocation = "testdata/defaults.json" + func TestCAInjectorConfigurationDefaults(t *testing.T) { + if os.Getenv("UPDATE_DEFAULTS") == "true" { + config := &v1alpha1.CAInjectorConfiguration{} + SetObjectDefaults_CAInjectorConfiguration(config) + defaultData, err := json.Marshal(config) + if err != nil { + panic(err) + } + if err := os.WriteFile(TestFileLocation, defaultData, 0644); err != nil { + t.Fatal(err) + } + t.Log("cainjector api defaults updated") + } tests := []struct { name string config *v1alpha1.CAInjectorConfiguration @@ -23,11 +37,11 @@ func TestCAInjectorConfigurationDefaults(t *testing.T) { SetObjectDefaults_CAInjectorConfiguration(tt.config) var expected *v1alpha1.CAInjectorConfiguration - expectedData, err := os.ReadFile("./test/defaults.json") + expectedData, err := os.ReadFile(TestFileLocation) err = json.Unmarshal(expectedData, &expected) if err != nil { - t.Errorf("testfile not found") + t.Fatal("testfile not found") } if !reflect.DeepEqual(tt.config, expected) { diff --git a/internal/apis/config/cainjector/v1alpha1/test/apidefaults.go b/internal/apis/config/cainjector/v1alpha1/test/apidefaults.go deleted file mode 100644 index d157545a01e..00000000000 --- a/internal/apis/config/cainjector/v1alpha1/test/apidefaults.go +++ /dev/null @@ -1,23 +0,0 @@ -package main - -import ( - "encoding/json" - "fmt" - v1alpha1_pkg "github.com/cert-manager/cert-manager/internal/apis/config/cainjector/v1alpha1" - "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" - "os" -) - -func main() { - config := &v1alpha1.CAInjectorConfiguration{} - v1alpha1_pkg.SetObjectDefaults_CAInjectorConfiguration(config) - data, err := json.Marshal(config) - if err != nil { - panic(err) - } - err = os.WriteFile("./defaults.json", data, 0644) - if err != nil { - panic(err) - } - fmt.Println("cainjector api defaults updated") -} diff --git a/internal/apis/config/cainjector/v1alpha1/test/defaults.json b/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json similarity index 100% rename from internal/apis/config/cainjector/v1alpha1/test/defaults.json rename to internal/apis/config/cainjector/v1alpha1/testdata/defaults.json diff --git a/make/test.mk b/make/test.mk index e02d0768e28..4f4ade00676 100644 --- a/make/test.mk +++ b/make/test.mk @@ -88,8 +88,8 @@ unit-test-webhook: | $(NEEDS_GOTESTSUM) cd cmd/webhook && $(GOTESTSUM) ./... .PHONY: update-apidefaults-cainjector -update-apidefaults-cainjector: - cd internal/apis/config/cainjector/v1alpha1/test && bash -c "$(GO) run apidefaults.go" +update-apidefaults-cainjector: | $(NEEDS_GOTESTSUM) + cd internal/apis/config/cainjector/v1alpha1/ && UPDATE_DEFAULTS=true $(GOTESTSUM) . && echo "cainjector api defaults updated" .PHONY: setup-integration-tests setup-integration-tests: templated-crds From 2e30c87d31ba2d6f53bb0b072bba6b82cf7dbcc6 Mon Sep 17 00:00:00 2001 From: Jason Costello Date: Thu, 11 Apr 2024 17:29:22 -0400 Subject: [PATCH 026/177] Fixing boilerplate on test Signed-off-by: Jason Costello --- .../config/cainjector/v1alpha1/defaults_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/internal/apis/config/cainjector/v1alpha1/defaults_test.go b/internal/apis/config/cainjector/v1alpha1/defaults_test.go index a35d3ce934c..aaea66e1d20 100644 --- a/internal/apis/config/cainjector/v1alpha1/defaults_test.go +++ b/internal/apis/config/cainjector/v1alpha1/defaults_test.go @@ -1,3 +1,19 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package v1alpha1 import ( From f447eb18768fb98be58b9e1efbaf52101b67009d Mon Sep 17 00:00:00 2001 From: Jason Costello Date: Thu, 11 Apr 2024 17:58:57 -0400 Subject: [PATCH 027/177] Fixing from goimports Signed-off-by: Jason Costello --- internal/apis/config/cainjector/v1alpha1/defaults_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/internal/apis/config/cainjector/v1alpha1/defaults_test.go b/internal/apis/config/cainjector/v1alpha1/defaults_test.go index aaea66e1d20..b407bc2530b 100644 --- a/internal/apis/config/cainjector/v1alpha1/defaults_test.go +++ b/internal/apis/config/cainjector/v1alpha1/defaults_test.go @@ -18,10 +18,11 @@ package v1alpha1 import ( "encoding/json" - "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" "os" "reflect" "testing" + + "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" ) const TestFileLocation = "testdata/defaults.json" From 487c79e9b39304d292d1431fbc2feff8cfa738da Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 16:18:58 +0000 Subject: [PATCH 028/177] Bump the all group with 3 updates Bumps the all group with 3 updates: [ossf/scorecard-action](https://github.com/ossf/scorecard-action), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action). Updates `ossf/scorecard-action` from 2.0.6 to 2.3.1 - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/99c53751e09b9529366343771cc321ec74e9bd3d...0864cf19026789058feabb7e87baa5f140aac736) Updates `actions/upload-artifact` from 3.0.0 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/6673cd052c4cd6fcf4b4e6e60ea986c889389535...5d5d22a31266ced268874388b861e4b58bb5c2f3) Updates `github/codeql-action` from 1.0.26 to 3.25.0 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/5f532563584d71fdef14ee64d17bafb34f751ce5...df5a14dc28094dc936e103b37d749c6628682b60) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major dependency-group: all - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major dependency-group: all ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 33b738b3f15..acb50dfd7b5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -27,7 +27,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6 + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # tag=v2.3.1 with: results_file: results.sarif results_format: sarif @@ -41,7 +41,7 @@ jobs: # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF # format to the repository Actions tab. - name: "Upload artifact" - uses: actions/upload-artifact@6673cd052c4cd6fcf4b4e6e60ea986c889389535 # tag=v3.0.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # tag=v4.3.1 with: name: SARIF file path: results.sarif @@ -49,6 +49,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@5f532563584d71fdef14ee64d17bafb34f751ce5 # tag=v1.0.26 + uses: github/codeql-action/upload-sarif@df5a14dc28094dc936e103b37d749c6628682b60 # tag=v3.25.0 with: sarif_file: results.sarif From 48ddce76f298de761017f9093b457aa63da2eeaa Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 15 Apr 2024 18:46:13 +0200 Subject: [PATCH 029/177] disable rclone gcs bucket ACL Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- make/release.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make/release.mk b/make/release.mk index 12f405fe922..bc38921d745 100644 --- a/make/release.mk +++ b/make/release.mk @@ -64,7 +64,7 @@ upload-release: release | $(NEEDS_RCLONE) ifeq ($(strip $(RELEASE_TARGET_BUCKET)),) $(error Trying to upload-release but RELEASE_TARGET_BUCKET is empty) endif - $(RCLONE) copyto ./$(bin_dir)/release :gcs:$(RELEASE_TARGET_BUCKET)/stage/gcb/release/$(VERSION) + $(RCLONE) --gcs-bucket-policy-only copyto ./$(bin_dir)/release :gcs:$(RELEASE_TARGET_BUCKET)/stage/gcb/release/$(VERSION) # Takes all metadata files in $(bin_dir)/metadata and combines them into one. From a35af1f05b36a6e849d4d8342e9e0c48c71a3b3d Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 18 Apr 2024 11:46:44 +0200 Subject: [PATCH 030/177] change prow url to new prow cluster for badge Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 4b3fc300882..29f1d49799c 100644 --- a/README.md +++ b/README.md @@ -6,9 +6,9 @@ as well as in Helm charts, etc. if you change its location or name, you'll need to update several other repos too! --> -

+

-Build Status +Build Status Go Report Card From 01cf2d41551d3af87b899bd40d86e30b55aef89a Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 18 Apr 2024 12:42:29 +0100 Subject: [PATCH 031/177] rename some certificate validation tests and test explicit default group Signed-off-by: Ashley Davis --- .../validation/certificate_test.go | 20 ++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/internal/apis/certmanager/validation/certificate_test.go b/internal/apis/certmanager/validation/certificate_test.go index 4f40648dabf..e5ffec6c7b8 100644 --- a/internal/apis/certmanager/validation/certificate_test.go +++ b/internal/apis/certmanager/validation/certificate_test.go @@ -77,7 +77,7 @@ func TestValidateCertificate(t *testing.T) { }, a: someAdmissionRequest, }, - "valid with blank issuerRef kind": { + "valid with blank issuerRef kind and no group": { cfg: &internalcmapi.Certificate{ Spec: internalcmapi.CertificateSpec{ CommonName: "testcn", @@ -89,7 +89,7 @@ func TestValidateCertificate(t *testing.T) { }, a: someAdmissionRequest, }, - "valid with 'Issuer' issuerRef kind": { + "valid with 'Issuer' issuerRef kind and no group": { cfg: &internalcmapi.Certificate{ Spec: internalcmapi.CertificateSpec{ CommonName: "testcn", @@ -115,6 +115,20 @@ func TestValidateCertificate(t *testing.T) { }, a: someAdmissionRequest, }, + "valid with 'Issuer' issuerRef kind and explicit internal group": { + cfg: &internalcmapi.Certificate{ + Spec: internalcmapi.CertificateSpec{ + CommonName: "testcn", + SecretName: "abc", + IssuerRef: cmmeta.ObjectReference{ + Name: "valid", + Kind: "Issuer", + Group: "cert-manager.io", + }, + }, + }, + a: someAdmissionRequest, + }, "invalid issuerRef kind": { cfg: &internalcmapi.Certificate{ Spec: internalcmapi.CertificateSpec{ @@ -168,7 +182,7 @@ func TestValidateCertificate(t *testing.T) { field.Invalid(fldPath, "", "at least one of commonName (from the commonName field or from a literalSubject), dnsNames, uriSANs, ipAddresses, emailSANs or otherNames must be set"), }, }, - "certificate with no issuerRef": { + "invalid with no issuerRef": { cfg: &internalcmapi.Certificate{ Spec: internalcmapi.CertificateSpec{ CommonName: "testcn", From 8e70778f4f2eb0391e1fc33afb361b9ac01d1b52 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 18 Apr 2024 12:43:08 +0100 Subject: [PATCH 032/177] use existing object in more tests Signed-off-by: Ashley Davis --- .../validation/certificate_test.go | 32 +++++-------------- 1 file changed, 8 insertions(+), 24 deletions(-) diff --git a/internal/apis/certmanager/validation/certificate_test.go b/internal/apis/certmanager/validation/certificate_test.go index e5ffec6c7b8..09d8f7ab789 100644 --- a/internal/apis/certmanager/validation/certificate_test.go +++ b/internal/apis/certmanager/validation/certificate_test.go @@ -615,9 +615,7 @@ func TestValidateCertificate(t *testing.T) { Annotations: map[string]string{}, Labels: map[string]string{}, }, - IssuerRef: cmmeta.ObjectReference{ - Name: "valid", - }, + IssuerRef: validIssuerRef, }, }, a: someAdmissionRequest, @@ -635,9 +633,7 @@ func TestValidateCertificate(t *testing.T) { "my-label.com/foo": "evn-production", }, }, - IssuerRef: cmmeta.ObjectReference{ - Name: "valid", - }, + IssuerRef: validIssuerRef, }, }, a: someAdmissionRequest, @@ -655,9 +651,7 @@ func TestValidateCertificate(t *testing.T) { "cert-manager.io/allow-direct-injection": "true", }, }, - IssuerRef: cmmeta.ObjectReference{ - Name: "invalid", - }, + IssuerRef: validIssuerRef, }, }, a: someAdmissionRequest, @@ -676,9 +670,7 @@ func TestValidateCertificate(t *testing.T) { "app.com/invalid": strings.Repeat("0", maxSecretTemplateAnnotationsBytesLimit), }, }, - IssuerRef: cmmeta.ObjectReference{ - Name: "invalid", - }, + IssuerRef: validIssuerRef, }, }, a: someAdmissionRequest, @@ -696,9 +688,7 @@ func TestValidateCertificate(t *testing.T) { "app.com/invalid-chars": "invalid=chars", }, }, - IssuerRef: cmmeta.ObjectReference{ - Name: "invalid", - }, + IssuerRef: validIssuerRef, }, }, a: someAdmissionRequest, @@ -720,9 +710,7 @@ func TestValidateCertificate(t *testing.T) { DNSDomains: []string{"example.com"}, }, }, - IssuerRef: cmmeta.ObjectReference{ - Name: "valid", - }, + IssuerRef: validIssuerRef, }, }, a: someAdmissionRequest, @@ -735,9 +723,7 @@ func TestValidateCertificate(t *testing.T) { SecretName: "abc", IsCA: true, NameConstraints: &internalcmapi.NameConstraints{}, - IssuerRef: cmmeta.ObjectReference{ - Name: "valid", - }, + IssuerRef: validIssuerRef, }, }, a: someAdmissionRequest, @@ -758,9 +744,7 @@ func TestValidateCertificate(t *testing.T) { DNSDomains: []string{"example.com"}, }, }, - IssuerRef: cmmeta.ObjectReference{ - Name: "valid", - }, + IssuerRef: validIssuerRef, }, }, a: someAdmissionRequest, From 288fd1cc2e085f545bac17712309c83e323a2ca7 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 18 Apr 2024 12:51:46 +0100 Subject: [PATCH 033/177] organize imports Signed-off-by: Ashley Davis --- internal/apis/certmanager/validation/certificate_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/apis/certmanager/validation/certificate_test.go b/internal/apis/certmanager/validation/certificate_test.go index 09d8f7ab789..652a04073ee 100644 --- a/internal/apis/certmanager/validation/certificate_test.go +++ b/internal/apis/certmanager/validation/certificate_test.go @@ -22,6 +22,7 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" admissionv1 "k8s.io/api/admission/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/validation/field" @@ -32,7 +33,6 @@ import ( "github.com/cert-manager/cert-manager/internal/webhook/feature" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" - "github.com/stretchr/testify/assert" ) var ( From 0f5689e1203765b6c157c30c7a2c90738d141f07 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 18 Apr 2024 12:52:01 +0100 Subject: [PATCH 034/177] replace custom pointer functions with k8s ptr.To Signed-off-by: Ashley Davis --- .../apis/certmanager/validation/certificate_test.go | 13 +++---------- internal/apis/certmanager/validation/issuer_test.go | 11 ++++++----- 2 files changed, 9 insertions(+), 15 deletions(-) diff --git a/internal/apis/certmanager/validation/certificate_test.go b/internal/apis/certmanager/validation/certificate_test.go index 652a04073ee..51cfbd627b5 100644 --- a/internal/apis/certmanager/validation/certificate_test.go +++ b/internal/apis/certmanager/validation/certificate_test.go @@ -27,6 +27,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/validation/field" featuregatetesting "k8s.io/component-base/featuregate/testing" + "k8s.io/utils/ptr" internalcmapi "github.com/cert-manager/cert-manager/internal/apis/certmanager" cmmeta "github.com/cert-manager/cert-manager/internal/apis/meta" @@ -50,14 +51,6 @@ var ( maxSecretTemplateAnnotationsBytesLimit = 256 * (1 << 10) // 256 kB ) -func strPtr(s string) *string { - return &s -} - -func int32Ptr(i int32) *int32 { - return &i -} - func TestValidateCertificate(t *testing.T) { fldPath := field.NewPath("spec") scenarios := map[string]struct { @@ -587,7 +580,7 @@ func TestValidateCertificate(t *testing.T) { CommonName: "abc", SecretName: "abc", IssuerRef: validIssuerRef, - RevisionHistoryLimit: int32Ptr(1), + RevisionHistoryLimit: ptr.To(int32(1)), }, }, a: someAdmissionRequest, @@ -598,7 +591,7 @@ func TestValidateCertificate(t *testing.T) { CommonName: "abc", SecretName: "abc", IssuerRef: validIssuerRef, - RevisionHistoryLimit: int32Ptr(0), + RevisionHistoryLimit: ptr.To(int32(0)), }, }, a: someAdmissionRequest, diff --git a/internal/apis/certmanager/validation/issuer_test.go b/internal/apis/certmanager/validation/issuer_test.go index a875bec810c..9fb182485e9 100644 --- a/internal/apis/certmanager/validation/issuer_test.go +++ b/internal/apis/certmanager/validation/issuer_test.go @@ -25,6 +25,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/utils/clock" + "k8s.io/utils/ptr" gwapi "sigs.k8s.io/gateway-api/apis/v1" cmacme "github.com/cert-manager/cert-manager/internal/apis/acme" @@ -833,12 +834,12 @@ func TestValidateACMEIssuerHTTP01Config(t *testing.T) { }, "ingress class field specified": { cfg: &cmacme.ACMEChallengeSolverHTTP01{ - Ingress: &cmacme.ACMEChallengeSolverHTTP01Ingress{Class: strPtr("abc")}, + Ingress: &cmacme.ACMEChallengeSolverHTTP01Ingress{Class: ptr.To("abc")}, }, }, "ingressClassName field specified": { cfg: &cmacme.ACMEChallengeSolverHTTP01{ - Ingress: &cmacme.ACMEChallengeSolverHTTP01Ingress{IngressClassName: strPtr("abc")}, + Ingress: &cmacme.ACMEChallengeSolverHTTP01Ingress{IngressClassName: ptr.To("abc")}, }, }, "neither field specified": { @@ -856,8 +857,8 @@ func TestValidateACMEIssuerHTTP01Config(t *testing.T) { cfg: &cmacme.ACMEChallengeSolverHTTP01{ Ingress: &cmacme.ACMEChallengeSolverHTTP01Ingress{ Name: "abc", - Class: strPtr("abc"), - IngressClassName: strPtr("abc"), + Class: ptr.To("abc"), + IngressClassName: ptr.To("abc"), }, }, errs: []*field.Error{ @@ -867,7 +868,7 @@ func TestValidateACMEIssuerHTTP01Config(t *testing.T) { "ingressClassName is invalid": { cfg: &cmacme.ACMEChallengeSolverHTTP01{ Ingress: &cmacme.ACMEChallengeSolverHTTP01Ingress{ - IngressClassName: strPtr("azure/application-gateway"), + IngressClassName: ptr.To("azure/application-gateway"), }, }, errs: []*field.Error{ From b8e40825ce812f537c7d4aa7ba0ed91bb6f6b945 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 18 Apr 2024 13:04:46 +0100 Subject: [PATCH 035/177] add comments explaining issuerRef validation logic Signed-off-by: Ashley Davis --- internal/apis/certmanager/validation/certificate.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/internal/apis/certmanager/validation/certificate.go b/internal/apis/certmanager/validation/certificate.go index c79eeca7cee..3bba759cede 100644 --- a/internal/apis/certmanager/validation/certificate.go +++ b/internal/apis/certmanager/validation/certificate.go @@ -216,16 +216,27 @@ func validateIssuerRef(issuerRef cmmeta.ObjectReference, fldPath *field.Path) fi issuerRefPath := fldPath.Child("issuerRef") if issuerRef.Name == "" { + // all issuerRefs must specify a name el = append(el, field.Required(issuerRefPath.Child("name"), "must be specified")) } + if issuerRef.Group == "" || issuerRef.Group == internalcmapi.SchemeGroupVersion.Group { + // if the user leaves the group blank, it's effectively defaulted to the built-in issuers (i.e. cert-manager.io) + // if the cert-manager.io group is used, we can do extra validation on the Kind + // if an external group is used, we don't have a mechanism currently to determine which Kinds are valid for those groups + // so we don't check switch issuerRef.Kind { case "": + // do nothing + case "Issuer", "ClusterIssuer": + // do nothing + default: el = append(el, field.Invalid(issuerRefPath.Child("kind"), issuerRef.Kind, "must be one of Issuer or ClusterIssuer")) } } + return el } From 61710e3c5589b25607c8e70a07cca1b4feb06482 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 18 Apr 2024 13:14:21 +0100 Subject: [PATCH 036/177] add explicit test of external issuers Signed-off-by: Ashley Davis --- .../validation/certificate_test.go | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/internal/apis/certmanager/validation/certificate_test.go b/internal/apis/certmanager/validation/certificate_test.go index 51cfbd627b5..1e6f67fa931 100644 --- a/internal/apis/certmanager/validation/certificate_test.go +++ b/internal/apis/certmanager/validation/certificate_test.go @@ -122,22 +122,36 @@ func TestValidateCertificate(t *testing.T) { }, a: someAdmissionRequest, }, - "invalid issuerRef kind": { + "invalid with external issuerRef kind and empty group": { cfg: &internalcmapi.Certificate{ Spec: internalcmapi.CertificateSpec{ CommonName: "testcn", SecretName: "abc", IssuerRef: cmmeta.ObjectReference{ - Name: "valid", - Kind: "invalid", + Name: "abc", + Kind: "AWSPCAClusterIssuer", }, }, }, a: someAdmissionRequest, errs: []*field.Error{ - field.Invalid(fldPath.Child("issuerRef", "kind"), "invalid", "must be one of Issuer or ClusterIssuer"), + field.Invalid(fldPath.Child("issuerRef", "kind"), "AWSPCAClusterIssuer", "must be one of Issuer or ClusterIssuer"), }, }, + "valid with external issuerRef kind and external group": { + cfg: &internalcmapi.Certificate{ + Spec: internalcmapi.CertificateSpec{ + CommonName: "testcn", + SecretName: "abc", + IssuerRef: cmmeta.ObjectReference{ + Name: "abc", + Kind: "AWSPCAClusterIssuer", + Group: "awspca.cert-manager.io", + }, + }, + }, + a: someAdmissionRequest, + }, "certificate missing secretName": { cfg: &internalcmapi.Certificate{ Spec: internalcmapi.CertificateSpec{ From 8ee7ada5fa543ab20a2f9cd53e9cb8f1dbfe3a8f Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 18 Apr 2024 14:43:40 +0200 Subject: [PATCH 037/177] running make in a make target causes concurrent download of dependencies yielding broken files and downloads Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- make/ci.mk | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/make/ci.mk b/make/ci.mk index 9aecaa414d9..e24e5b7d499 100644 --- a/make/ci.mk +++ b/make/ci.mk @@ -99,8 +99,8 @@ shared_generate_targets += generate-helm-docs ## request or change is merged. ## ## @category CI -ci-presubmit: - $(MAKE) -j1 $(findstring vendor-go,$(MAKECMDGOALS)) verify +ci-presubmit: $(NEEDS_GO) + $(MAKE) -j1 verify .PHONY: generate-all ## Update CRDs, code generation and licenses to the latest versions. @@ -108,5 +108,4 @@ ci-presubmit: ## that everything is up-to-date. ## ## @category Development -generate-all: - $(MAKE) -j1 $(findstring vendor-go,$(MAKECMDGOALS)) generate +generate-all: generate From 65cc7cb0df9b0385c4ab0ea5b4b235f214ce5c88 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Fri, 19 Apr 2024 10:34:10 +0200 Subject: [PATCH 038/177] fix: add suggestion Signed-off-by: Ludovic Ortega --- .../cert-manager/templates/webhook-service.yaml | 8 ++++---- deploy/charts/cert-manager/values.yaml | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/deploy/charts/cert-manager/templates/webhook-service.yaml b/deploy/charts/cert-manager/templates/webhook-service.yaml index f7de5cee101..8c759b0135c 100644 --- a/deploy/charts/cert-manager/templates/webhook-service.yaml +++ b/deploy/charts/cert-manager/templates/webhook-service.yaml @@ -18,11 +18,11 @@ metadata: {{- end }} spec: type: {{ .Values.webhook.serviceType }} - {{- if .Values.webhook.ipFamilyPolicy }} - ipFamilyPolicy: {{ .Values.webhook.ipFamilyPolicy }} + {{- if .Values.webhook.serviceIpFamilyPolicy }} + ipFamilyPolicy: {{ .Values.webhook.serviceIpFamilyPolicy }} {{- end }} - {{- if .Values.webhook.ipFamilies }} - ipFamilies: {{ .Values.webhook.ipFamilies | toYaml | nindent 2 }} + {{- if .Values.webhook.serviceIpFamilies }} + ipFamilies: {{ .Values.webhook.serviceIpFamilies | toYaml | nindent 2 }} {{- end }} {{- with .Values.webhook.loadBalancerIP }} loadBalancerIP: {{ . }} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 5686dc11a57..a92b2f52e21 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -309,11 +309,11 @@ podLabels: {} # +docs:property # serviceLabels: {} -# Optional set the ip family policy to the controller Service to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). +# Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). # +docs:property # serviceIpFamilyPolicy: "" -# Optional sets the families to the controller Service that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. +# Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. # +docs:property # serviceIpFamilies: [] @@ -767,11 +767,11 @@ webhook: # Optional additional labels to add to the Webhook Service. serviceLabels: {} - # Optional set the ip family policy to the Webhook Service to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). - ipFamilyPolicy: "" + # Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). + serviceIpFamilyPolicy: "" - # Optional sets the families to the Webhook Service that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. - ipFamilies: [] + # Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. + serviceIpFamilies: [] image: # The container registry to pull the webhook image from. From f5a73a9eadcb62a72ec7315464ce2d65dbdd7c10 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 18 Apr 2024 21:26:43 +0200 Subject: [PATCH 039/177] fix bug in dynamic source Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/server/tls/dynamic_source.go | 51 ++++++++++++++------------- pkg/server/tls/dynamic_source_test.go | 13 ++++--- 2 files changed, 36 insertions(+), 28 deletions(-) diff --git a/pkg/server/tls/dynamic_source.go b/pkg/server/tls/dynamic_source.go index 92db364605d..34e7ffc7655 100644 --- a/pkg/server/tls/dynamic_source.go +++ b/pkg/server/tls/dynamic_source.go @@ -118,44 +118,37 @@ func (f *DynamicSource) Start(ctx context.Context) error { // channel which will be notified when the leaf certificate reaches 2/3 of its lifetime // and needs to be renewed - renewalChan := make(chan struct{}) + renewalChan := make(chan struct{}, 1) group.Go(func() error { - // At this point, we expect to have one renewal moment - // in the channel, so we can start the timer with that value var renewMoment time.Time - select { - case renewMoment = <-nextRenewCh: - // We recevieved a renew moment - default: - // This should never happen - panic("Unreacheable") - } for { if done := func() bool { - timer := time.NewTimer(time.Until(renewMoment)) - defer timer.Stop() + var timerChannel <-chan time.Time + if !renewMoment.IsZero() { + timer := time.NewTimer(time.Until(renewMoment)) + defer timer.Stop() + + renewMoment = time.Time{} + timerChannel = timer.C + } // Wait for the timer to expire, or for a new renewal moment to be received select { case <-ctx.Done(): // context was cancelled, return nil return true - case <-timer.C: + case <-timerChannel: // Continue to the next select to try to send a message on renewalChan case renewMoment = <-nextRenewCh: // We recevieved a renew moment, next loop iteration will update the timer return false } - // Try to send a message on renewalChan, but also allow for the context to be - // cancelled. + // the renewal channel has a buffer of 1 - drop event if we are already issueing select { - case <-ctx.Done(): - // context was cancelled, return nil - return true case renewalChan <- struct{}{}: - // Message was sent on channel + default: } return false @@ -217,12 +210,14 @@ func (f *DynamicSource) GetCertificate(*tls.ClientHelloInfo) (*tls.Certificate, } func (f *DynamicSource) Healthy() bool { + f.lock.Lock() + defer f.lock.Unlock() return f.cachedCertificate != nil } func (f *DynamicSource) tryRegenerateCertificate(ctx context.Context, nextRenewCh chan<- time.Time) error { return wait.PollUntilContextCancel(ctx, f.RetryInterval, true, func(ctx context.Context) (done bool, err error) { - if err := f.regenerateCertificate(nextRenewCh); err != nil { + if err := f.regenerateCertificate(ctx, nextRenewCh); err != nil { f.log.Error(err, "Failed to generate serving certificate, retrying...", "interval", f.RetryInterval) return false, nil } @@ -233,7 +228,7 @@ func (f *DynamicSource) tryRegenerateCertificate(ctx context.Context, nextRenewC // regenerateCertificate will trigger the cached certificate and private key to // be regenerated by requesting a new certificate from the authority. -func (f *DynamicSource) regenerateCertificate(nextRenew chan<- time.Time) error { +func (f *DynamicSource) regenerateCertificate(ctx context.Context, nextRenew chan<- time.Time) error { f.log.V(logf.DebugLevel).Info("Generating new ECDSA private key") pk, err := pki.GenerateECPrivateKey(384) if err != nil { @@ -258,10 +253,10 @@ func (f *DynamicSource) regenerateCertificate(nextRenew chan<- time.Time) error f.log.V(logf.DebugLevel).Info("Signed new serving certificate") - return f.updateCertificate(pk, cert, nextRenew) + return f.updateCertificate(ctx, pk, cert, nextRenew) } -func (f *DynamicSource) updateCertificate(pk crypto.Signer, cert *x509.Certificate, nextRenewCh chan<- time.Time) error { +func (f *DynamicSource) updateCertificate(ctx context.Context, pk crypto.Signer, cert *x509.Certificate, nextRenewCh chan<- time.Time) error { f.lock.Lock() defer f.lock.Unlock() @@ -283,7 +278,15 @@ func (f *DynamicSource) updateCertificate(pk crypto.Signer, cert *x509.Certifica f.cachedCertificate = &bundle certDuration := cert.NotAfter.Sub(cert.NotBefore) // renew the certificate 1/3 of the time before its expiry - nextRenewCh <- cert.NotAfter.Add(certDuration / -3) + renewMoment := cert.NotAfter.Add(certDuration / -3) + + select { + case <-ctx.Done(): + return nil + + case nextRenewCh <- renewMoment: + } + f.log.V(logf.InfoLevel).Info("Updated cert-manager TLS certificate", "DNSNames", f.DNSNames) return nil diff --git a/pkg/server/tls/dynamic_source_test.go b/pkg/server/tls/dynamic_source_test.go index 20bf462d0bf..4f7898c7b07 100644 --- a/pkg/server/tls/dynamic_source_test.go +++ b/pkg/server/tls/dynamic_source_test.go @@ -257,14 +257,19 @@ func TestDynamicSource_FailingSign(t *testing.T) { for i := 0; i < 5; i++ { // Sleep for a short time to allow the DynamicSource to generate a new certificate - time.Sleep(100 * time.Millisecond) + // The certificate should get renewed after 100ms, we wait for 200ms to allow for + // possible delays of max 100ms (based on experiments, we noticed that issuance of + // a cert takes about 30ms, so 100ms should be a large enough margin). + time.Sleep(200 * time.Millisecond) // Call the GetCertificate method, should return a NEW certificate - cert2, err := source.GetCertificate(&tls.ClientHelloInfo{}) + newCert, err := source.GetCertificate(&tls.ClientHelloInfo{}) assert.NoError(t, err) - assert.NotNil(t, cert2) + assert.NotNil(t, newCert) - assert.NotEqual(t, cert.Certificate[0], cert2.Certificate[0]) + assert.NotEqual(t, cert.Certificate[0], newCert.Certificate[0]) + + cert = newCert } }, cancelAtEnd: true, From 8f54e130bd7afee2714543f38d81f2ba85e5cb25 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Fri, 19 Apr 2024 11:26:00 +0100 Subject: [PATCH 040/177] re-add mistakenly removed make tidy target Signed-off-by: Ashley Davis --- make/02_mod.mk | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/make/02_mod.mk b/make/02_mod.mk index 0d28abea300..51e24227b0b 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -35,3 +35,18 @@ include make/licenses.mk include make/e2e-setup.mk include make/scan.mk include make/ko.mk + + +.PHONY: tidy +## Run "go mod tidy" on each module in this repo +## +## @category Development +tidy: + go mod tidy + cd cmd/acmesolver && go mod tidy + cd cmd/cainjector && go mod tidy + cd cmd/controller && go mod tidy + cd cmd/startupapicheck && go mod tidy + cd cmd/webhook && go mod tidy + cd test/integration && go mod tidy + cd test/e2e && go mod tidy From 8bef1c9583f3fea38d26e756147440bd709a9572 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Apr 2024 13:10:00 +0000 Subject: [PATCH 041/177] Bump the go_modules group across 7 directories with 1 update Bumps the go_modules group with 1 update in the /cmd/acmesolver directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /cmd/cainjector directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /cmd/controller directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /cmd/startupapicheck directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /cmd/webhook directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /test/e2e directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 1 update in the /test/integration directory: [golang.org/x/net](https://github.com/golang/net). Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) Updates `golang.org/x/net` from 0.21.0 to 0.23.0 - [Commits](https://github.com/golang/net/compare/v0.21.0...v0.23.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] --- cmd/acmesolver/go.mod | 4 ++-- cmd/acmesolver/go.sum | 8 ++++---- cmd/cainjector/go.mod | 6 +++--- cmd/cainjector/go.sum | 12 ++++++------ cmd/controller/go.mod | 8 ++++---- cmd/controller/go.sum | 13 ++++++++----- cmd/startupapicheck/go.mod | 6 +++--- cmd/startupapicheck/go.sum | 12 ++++++------ cmd/webhook/go.mod | 8 ++++---- cmd/webhook/go.sum | 16 ++++++++-------- test/e2e/go.mod | 8 ++++---- test/e2e/go.sum | 16 ++++++++-------- test/integration/go.mod | 8 ++++---- test/integration/go.sum | 16 ++++++++-------- 14 files changed, 72 insertions(+), 69 deletions(-) diff --git a/cmd/acmesolver/go.mod b/cmd/acmesolver/go.mod index 404918bbbf0..d64bda6e53b 100644 --- a/cmd/acmesolver/go.mod +++ b/cmd/acmesolver/go.mod @@ -34,8 +34,8 @@ require ( github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/net v0.21.0 // indirect - golang.org/x/sys v0.17.0 // indirect + golang.org/x/net v0.23.0 // indirect + golang.org/x/sys v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/cmd/acmesolver/go.sum b/cmd/acmesolver/go.sum index dd80e550daf..5e12f086f37 100644 --- a/cmd/acmesolver/go.sum +++ b/cmd/acmesolver/go.sum @@ -75,16 +75,16 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= diff --git a/cmd/cainjector/go.mod b/cmd/cainjector/go.mod index 725b5137827..f55ef9a2822 100644 --- a/cmd/cainjector/go.mod +++ b/cmd/cainjector/go.mod @@ -56,10 +56,10 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/cmd/cainjector/go.sum b/cmd/cainjector/go.sum index a034fb1dfa8..e13eaae11df 100644 --- a/cmd/cainjector/go.sum +++ b/cmd/cainjector/go.sum @@ -125,8 +125,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -140,12 +140,12 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index 6243464a210..d0fadd8514b 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -131,12 +131,12 @@ require ( go.opentelemetry.io/proto/otlp v1.1.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.19.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index d2d601d35b3..e9c5ea6e591 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -383,8 +383,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= @@ -410,8 +411,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= @@ -437,14 +438,16 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/cmd/startupapicheck/go.mod b/cmd/startupapicheck/go.mod index a24d9e81b68..db3769d6ffa 100644 --- a/cmd/startupapicheck/go.mod +++ b/cmd/startupapicheck/go.mod @@ -68,11 +68,11 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/cmd/startupapicheck/go.sum b/cmd/startupapicheck/go.sum index aeb698f1177..db01d6c6684 100644 --- a/cmd/startupapicheck/go.sum +++ b/cmd/startupapicheck/go.sum @@ -158,8 +158,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -176,12 +176,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 7d2fa0246fd..579ba6915af 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -67,13 +67,13 @@ require ( go.opentelemetry.io/proto/otlp v1.1.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.19.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index 8b099d70a72..acadd30df70 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -150,8 +150,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -163,8 +163,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -180,12 +180,12 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 663fdc86ec0..6ce2cd3796e 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -79,12 +79,12 @@ require ( github.com/spf13/cobra v1.8.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.19.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index 9dffaa31ec7..dcb2ef8561c 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -162,8 +162,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -175,8 +175,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -195,12 +195,12 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/test/integration/go.mod b/test/integration/go.mod index 4debd72ca9b..4023b0ca0fd 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -17,7 +17,7 @@ require ( github.com/munnerz/crd-schema-fuzz v1.0.0 github.com/segmentio/encoding v0.4.0 github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.19.0 + golang.org/x/crypto v0.21.0 golang.org/x/sync v0.6.0 k8s.io/api v0.29.2 k8s.io/apiextensions-apiserver v0.29.2 @@ -94,10 +94,10 @@ require ( go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.21.0 // indirect + golang.org/x/net v0.23.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index d5f41165021..07448a89f73 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -457,8 +457,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= @@ -492,8 +492,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -529,12 +529,12 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 828b8f6ce9da333bd0e99ccb677918a2241b9544 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 18 Apr 2024 15:21:44 +0100 Subject: [PATCH 042/177] improve error message for common error when configuring external issuers Signed-off-by: Ashley Davis --- .../apis/certmanager/validation/certificate.go | 15 ++++++++++++++- .../certmanager/validation/certificate_test.go | 2 +- 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/internal/apis/certmanager/validation/certificate.go b/internal/apis/certmanager/validation/certificate.go index 3bba759cede..ac308952bd3 100644 --- a/internal/apis/certmanager/validation/certificate.go +++ b/internal/apis/certmanager/validation/certificate.go @@ -233,7 +233,20 @@ func validateIssuerRef(issuerRef cmmeta.ObjectReference, fldPath *field.Path) fi // do nothing default: - el = append(el, field.Invalid(issuerRefPath.Child("kind"), issuerRef.Kind, "must be one of Issuer or ClusterIssuer")) + kindPath := issuerRefPath.Child("kind") + errMsg := "must be one of Issuer or ClusterIssuer" + + if issuerRef.Group == "" { + // Sometimes the user sets a kind for an external issuer (e.g. "AWSPCAClusterIssuer" or "VenafiIssuer") but forgets + // to set the group (an easy mistake to make - see https://github.com/cert-manager/csi-driver/issues/197). + // If the users forgets the group but otherwise has a correct Kind set for an external issuer, we can give a hint + // as to what they need to do to fix. + + // If the user explicitly set the group to the cert-manager group though, we don't give the hint + errMsg += fmt.Sprintf(" (did you forget to set %s?)", kindPath.Child("group").String()) + } + + el = append(el, field.Invalid(kindPath, issuerRef.Kind, errMsg)) } } diff --git a/internal/apis/certmanager/validation/certificate_test.go b/internal/apis/certmanager/validation/certificate_test.go index 1e6f67fa931..b41635cfe75 100644 --- a/internal/apis/certmanager/validation/certificate_test.go +++ b/internal/apis/certmanager/validation/certificate_test.go @@ -135,7 +135,7 @@ func TestValidateCertificate(t *testing.T) { }, a: someAdmissionRequest, errs: []*field.Error{ - field.Invalid(fldPath.Child("issuerRef", "kind"), "AWSPCAClusterIssuer", "must be one of Issuer or ClusterIssuer"), + field.Invalid(fldPath.Child("issuerRef", "kind"), "AWSPCAClusterIssuer", "must be one of Issuer or ClusterIssuer (did you forget to set spec.issuerRef.kind.group?)"), }, }, "valid with external issuerRef kind and external group": { From 5b4bedfa3965c473f01039960e7ede4b2a4c4d2e Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Fri, 19 Apr 2024 16:24:05 +0100 Subject: [PATCH 043/177] re-add removed targets, update base images Signed-off-by: Ashley Davis --- make/02_mod.mk | 7 +++++++ make/base_images.mk | 20 ++++++++++---------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/make/02_mod.mk b/make/02_mod.mk index 51e24227b0b..e75724ca37a 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -50,3 +50,10 @@ tidy: cd cmd/webhook && go mod tidy cd test/integration && go mod tidy cd test/e2e && go mod tidy + +.PHONY: update-base-images +update-base-images: | $(NEEDS_CRANE) + CRANE=$(CRANE) ./hack/latest-base-images.sh + +.PHONY: update-licenses +update-licenses: generate-licenses diff --git a/make/base_images.mk b/make/base_images.mk index 9d1c6719bf7..51794639d36 100644 --- a/make/base_images.mk +++ b/make/base_images.mk @@ -1,12 +1,12 @@ # +skip_license_check # autogenerated by hack/latest-base-images.sh -STATIC_BASE_IMAGE_amd64 := gcr.io/distroless/static-debian12@sha256:f8ceaf8f99c9d3b1c533135c7788db090599716b581f99a1b8f4df186927a0d0 -STATIC_BASE_IMAGE_arm64 := gcr.io/distroless/static-debian12@sha256:5edb5ed66e0e427f00f9424b25d7cbcf6b5ca49ad80f7753cc78a2d390a98636 -STATIC_BASE_IMAGE_s390x := gcr.io/distroless/static-debian12@sha256:683be24c8165368e904b25225b75ba2f09bbdc63858e865847b79de236468841 -STATIC_BASE_IMAGE_arm := gcr.io/distroless/static-debian12@sha256:f813b5a0c22a5e09e5a4b04856c138507f0a0732ecf8875a38b121b4becd02c1 -STATIC_BASE_IMAGE_ppc64le := gcr.io/distroless/static-debian12@sha256:52697bbfb7e7ed6331aadda10a08ee3342b22dc083cab3efad201d9fc8bffb14 -DYNAMIC_BASE_IMAGE_amd64 := gcr.io/distroless/base-debian12@sha256:21bba2fd3d88d655b51eafa0319fab28038330ff365705b8ae7f0dd6f948875a -DYNAMIC_BASE_IMAGE_arm64 := gcr.io/distroless/base-debian12@sha256:ada49a21f68109b496a8b194deb11fd2eade79c3611f1d90764c350d3270c7c2 -DYNAMIC_BASE_IMAGE_s390x := gcr.io/distroless/base-debian12@sha256:3fe3b0658cf5d572c8be1c6a2326696d9d5aac68a87af30f996d6aaf1b957834 -DYNAMIC_BASE_IMAGE_arm := gcr.io/distroless/base-debian12@sha256:5e48c4605a28f2221d5a97371119b898560f00579a1ae532756801f78dbaa922 -DYNAMIC_BASE_IMAGE_ppc64le := gcr.io/distroless/base-debian12@sha256:c1dde7a970a3e47b41f803b6c38d044e59db44e410ccce8cad91d0447a5a5b95 +STATIC_BASE_IMAGE_amd64 := gcr.io/distroless/static-debian12@sha256:262ae336f8e9291f8edc9a71a61d5d568466edc1ea4818752d4af3d230a7f9ef +STATIC_BASE_IMAGE_arm64 := gcr.io/distroless/static-debian12@sha256:f05686e02ba3e9ff0d947c5ec4ec9d8f00a4bfae0309a2704650db7dca8d6c48 +STATIC_BASE_IMAGE_s390x := gcr.io/distroless/static-debian12@sha256:acaf1e1916e104d8d3a53a0275f0ea3ac7cdb264b3516fd20c3a402970f56af1 +STATIC_BASE_IMAGE_arm := gcr.io/distroless/static-debian12@sha256:4d8615d6516c818404e275747ab86ac100f3fc77208b31ec8d528f86c64a3caf +STATIC_BASE_IMAGE_ppc64le := gcr.io/distroless/static-debian12@sha256:79d0937b157ae30ef2b6fba72b0c381a810a7a8e41af64fac82f295d0ef93507 +DYNAMIC_BASE_IMAGE_amd64 := gcr.io/distroless/base-debian12@sha256:a7317ec9f04dbe6b0a3bc1b8ccd21b765548e3f7c79d24b8b80827fd3c531d0e +DYNAMIC_BASE_IMAGE_arm64 := gcr.io/distroless/base-debian12@sha256:e9318eb15bde98ad72ca879dfde33f4a1ad6d336dbcf7c2a0f7d12e5d453e1f4 +DYNAMIC_BASE_IMAGE_s390x := gcr.io/distroless/base-debian12@sha256:a4cbe6fcbd38fc8aae556cf85d12ab082c1dbe4844fdf2136932dca1468c9dc2 +DYNAMIC_BASE_IMAGE_arm := gcr.io/distroless/base-debian12@sha256:abc3f175ed8ef7ff91006532d8007b3cda91b322cc1e2d0440fa7f49e6a5cacd +DYNAMIC_BASE_IMAGE_ppc64le := gcr.io/distroless/base-debian12@sha256:3e9d6b7245aa8858db11bfef3479d0cda2abca912ede1b7788933fec194f8154 From 7df6e20e5628c34d8754903190a2558aa3280853 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Fri, 19 Apr 2024 17:25:58 +0200 Subject: [PATCH 044/177] fix: helm documentation Signed-off-by: Ludovic Ortega --- deploy/charts/cert-manager/README.template.md | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index 289fdd211fc..f6ff208ce60 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -487,6 +487,14 @@ Optional annotations to add to the controller Service. Optional additional labels to add to the controller Service. +#### **serviceIpFamilyPolicy** ~ `string` + +Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). + +#### **serviceIpFamilies** ~ `array` + +Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. + #### **podDnsPolicy** ~ `string` Pod DNS policy. @@ -1067,6 +1075,20 @@ Optional additional labels to add to the Webhook Pods. > ``` Optional additional labels to add to the Webhook Service. +#### **webhook.serviceIpFamilyPolicy** ~ `string` +> Default value: +> ```yaml +> "" +> ``` + +Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). +#### **webhook.serviceIpFamilies** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. #### **webhook.image.registry** ~ `string` The container registry to pull the webhook image from. From a4aea9e30fa39f2c9177b7d3365553098f675711 Mon Sep 17 00:00:00 2001 From: Ludovic Ortega Date: Fri, 19 Apr 2024 17:51:02 +0200 Subject: [PATCH 045/177] fix: capitalise acronyms Signed-off-by: Ludovic Ortega --- deploy/charts/cert-manager/README.template.md | 8 ++++---- deploy/charts/cert-manager/templates/service.yaml | 8 ++++---- deploy/charts/cert-manager/templates/webhook-service.yaml | 8 ++++---- deploy/charts/cert-manager/values.yaml | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index f6ff208ce60..4de54c53ea2 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -487,11 +487,11 @@ Optional annotations to add to the controller Service. Optional additional labels to add to the controller Service. -#### **serviceIpFamilyPolicy** ~ `string` +#### **serviceIPFamilyPolicy** ~ `string` Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). -#### **serviceIpFamilies** ~ `array` +#### **serviceIPFamilies** ~ `array` Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. @@ -1075,14 +1075,14 @@ Optional additional labels to add to the Webhook Pods. > ``` Optional additional labels to add to the Webhook Service. -#### **webhook.serviceIpFamilyPolicy** ~ `string` +#### **webhook.serviceIPFamilyPolicy** ~ `string` > Default value: > ```yaml > "" > ``` Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). -#### **webhook.serviceIpFamilies** ~ `array` +#### **webhook.serviceIPFamilies** ~ `array` > Default value: > ```yaml > [] diff --git a/deploy/charts/cert-manager/templates/service.yaml b/deploy/charts/cert-manager/templates/service.yaml index 98db47e76ae..360ec645efd 100644 --- a/deploy/charts/cert-manager/templates/service.yaml +++ b/deploy/charts/cert-manager/templates/service.yaml @@ -19,11 +19,11 @@ metadata: {{- end }} spec: type: ClusterIP - {{- if .Values.serviceIpFamilyPolicy }} - ipFamilyPolicy: {{ .Values.serviceIpFamilyPolicy }} + {{- if .Values.serviceIPFamilyPolicy }} + ipFamilyPolicy: {{ .Values.serviceIPFamilyPolicy }} {{- end }} - {{- if .Values.serviceIpFamilies }} - ipFamilies: {{ .Values.serviceIpFamilies | toYaml | nindent 2 }} + {{- if .Values.serviceIPFamilies }} + ipFamilies: {{ .Values.serviceIPFamilies | toYaml | nindent 2 }} {{- end }} ports: - protocol: TCP diff --git a/deploy/charts/cert-manager/templates/webhook-service.yaml b/deploy/charts/cert-manager/templates/webhook-service.yaml index 8c759b0135c..86d47f1646d 100644 --- a/deploy/charts/cert-manager/templates/webhook-service.yaml +++ b/deploy/charts/cert-manager/templates/webhook-service.yaml @@ -18,11 +18,11 @@ metadata: {{- end }} spec: type: {{ .Values.webhook.serviceType }} - {{- if .Values.webhook.serviceIpFamilyPolicy }} - ipFamilyPolicy: {{ .Values.webhook.serviceIpFamilyPolicy }} + {{- if .Values.webhook.serviceIPFamilyPolicy }} + ipFamilyPolicy: {{ .Values.webhook.serviceIPFamilyPolicy }} {{- end }} - {{- if .Values.webhook.serviceIpFamilies }} - ipFamilies: {{ .Values.webhook.serviceIpFamilies | toYaml | nindent 2 }} + {{- if .Values.webhook.serviceIPFamilies }} + ipFamilies: {{ .Values.webhook.serviceIPFamilies | toYaml | nindent 2 }} {{- end }} {{- with .Values.webhook.loadBalancerIP }} loadBalancerIP: {{ . }} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index a92b2f52e21..03ef4b193dd 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -311,11 +311,11 @@ podLabels: {} # Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). # +docs:property -# serviceIpFamilyPolicy: "" +# serviceIPFamilyPolicy: "" # Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. # +docs:property -# serviceIpFamilies: [] +# serviceIPFamilies: [] # Optional DNS settings. These are useful if you have a public and private DNS zone for # the same domain on Route 53. The following is an example of ensuring @@ -768,10 +768,10 @@ webhook: serviceLabels: {} # Optionally set the IP family policy for the controller Service to configure dual-stack; see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services). - serviceIpFamilyPolicy: "" + serviceIPFamilyPolicy: "" # Optionally set the IP families for the controller Service that should be supported, in the order in which they should be applied to ClusterIP. Can be IPv4 and/or IPv6. - serviceIpFamilies: [] + serviceIPFamilies: [] image: # The container registry to pull the webhook image from. From da60405b2170b2c1ea1fd25f6127ee6b86467231 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 19 Apr 2024 18:12:12 +0200 Subject: [PATCH 046/177] run 'make upgrade-klone' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- klone.yaml | 12 ++++---- .../base/.github/dependabot.yaml | 6 ++-- .../.github/workflows/make-self-upgrade.yaml | 28 +++++++++++-------- make/_shared/tools/00_mod.mk | 21 ++++++++++---- 4 files changed, 40 insertions(+), 27 deletions(-) diff --git a/klone.yaml b/klone.yaml index d8453decf37..a63fbbf2041 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,30 +10,30 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 repo_path: modules/generate-verify - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9ce477bd5bd50415ebf74ec26d8dc3c6e06c9e03 + repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 repo_path: modules/tools diff --git a/make/_shared/repository-base/base/.github/dependabot.yaml b/make/_shared/repository-base/base/.github/dependabot.yaml index 35367ea5cee..81b92973404 100644 --- a/make/_shared/repository-base/base/.github/dependabot.yaml +++ b/make/_shared/repository-base/base/.github/dependabot.yaml @@ -1,20 +1,20 @@ # THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. # Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead. -# Update Go dependencies and GitHub Actions dependencies weekly. +# Update Go dependencies and GitHub Actions dependencies daily. version: 2 updates: - package-ecosystem: gomod directory: / schedule: - interval: weekly + interval: daily groups: all: patterns: ["*"] - package-ecosystem: github-actions directory: / schedule: - interval: weekly + interval: daily groups: all: patterns: ["*"] diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml index ccebdb244eb..fb7fe5bc309 100644 --- a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -15,12 +15,16 @@ jobs: permissions: contents: write pull-requests: write + + env: + SOURCE_BRANCH: "${{ github.ref_name }}" + SELF_UPGRADE_BRANCH: "self-upgrade-${{ github.ref_name }}" steps: - - name: Fail if branch is not main - if: github.ref != 'refs/heads/main' + - name: Fail if branch is not head of branch. + if: ${{ !startsWith(github.ref, 'refs/heads/') && env.SOURCE_BRANCH != '' && env.SELF_UPGRADE_BRANCH != '' }} run: | - echo "This workflow should not be run on a branch other than main." + echo "This workflow should not be run on a non-branch-head." exit 1 - uses: actions/checkout@v4 @@ -34,7 +38,7 @@ jobs: go-version: ${{ steps.go-version.outputs.result }} - run: | - git checkout -B "self-upgrade" + git checkout -B "$SELF_UPGRADE_BRANCH" - run: | make -j upgrade-klone @@ -54,10 +58,10 @@ jobs: - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} run: | - git config --global user.name "jetstack-bot" - git config --global user.email "jetstack-bot@users.noreply.github.com" + git config --global user.name "cert-manager-bot" + git config --global user.email "cert-manager-bot@users.noreply.github.com" git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff - git push -f origin self-upgrade + git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} uses: actions/github-script@v7 @@ -67,18 +71,18 @@ jobs: const pulls = await github.rest.pulls.list({ owner: owner, repo: repo, - head: owner + ':self-upgrade', - base: 'main', + head: owner + ':' + process.env.SELF_UPGRADE_BRANCH, + base: process.env.SOURCE_BRANCH, state: 'open', }); if (pulls.data.length < 1) { await github.rest.pulls.create({ - title: '[CI] Merge self-upgrade into main', + title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, - head: 'self-upgrade', - base: 'main', + head: process.env.SELF_UPGRADE_BRANCH, + base: process.env.SOURCE_BRANCH, body: [ 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index b162a6ecc90..3977bfae897 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -51,7 +51,7 @@ TOOLS += azwi=v1.2.0 # https://github.com/kyverno/kyverno/releases TOOLS += kyverno=v1.11.3 # https://github.com/mikefarah/yq/releases -TOOLS += yq=v4.40.5 +TOOLS += yq=v4.43.1 # https://github.com/ko-build/ko/releases TOOLS += ko=0.15.1 # https://github.com/protocolbuffers/protobuf/releases @@ -112,6 +112,12 @@ TOOLS += cmrel=fa10147dadc8c36718b7b08aed6d8c6418eb2 TOOLS += golangci-lint=v1.57.1 # https://pkg.go.dev/golang.org/x/vuln?tab=versions TOOLS += govulncheck=v1.0.4 +# https://pkg.go.dev/github.com/operator-framework/operator-sdk/cmd/operator-sdk?tab=versions +TOOLS += operator-sdk=v1.34.1 +# https://pkg.go.dev/github.com/cli/cli/v2?tab=versions +TOOLS += gh=v2.47.0 +# https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases +TOOLS += preflight=1.9.1 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions K8S_CODEGEN_VERSION=v0.29.1 @@ -134,7 +140,7 @@ ADDITIONAL_TOOLS ?= TOOLS += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.21.8 +VENDORED_GO_VERSION := 1.21.9 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -311,6 +317,9 @@ GO_DEPENDENCIES += cmctl=github.com/cert-manager/cmctl/v2 GO_DEPENDENCIES += cmrel=github.com/cert-manager/release/cmd/cmrel GO_DEPENDENCIES += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint GO_DEPENDENCIES += govulncheck=golang.org/x/vuln/cmd/govulncheck +GO_DEPENDENCIES += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk +GO_DEPENDENCIES += gh=github.com/cli/cli/v2/cmd/gh +GO_DEPENDENCIES += preflight=github.com/redhat-openshift-ecosystem/openshift-preflight/cmd/preflight ################# # go build tags # @@ -458,10 +467,10 @@ $(bin_dir)/downloaded/tools/kyverno@$(KYVERNO_VERSION)_%: | $(bin_dir)/downloade # yq # ###### -YQ_linux_amd64_SHA256SUM=0d6aaf1cf44a8d18fbc7ed0ef14f735a8df8d2e314c4cc0f0242d35c0a440c95 -YQ_linux_arm64_SHA256SUM=9431f0fa39a0af03a152d7fe19a86e42e9ff28d503ed4a70598f9261ec944a97 -YQ_darwin_amd64_SHA256SUM=7f88b959c3fd2755e77dbf5bd92780dc3626c1c00ac45d5b5134f04189a142dc -YQ_darwin_arm64_SHA256SUM=1ef0022ed6d0769d19e2d391dd731162034b0e0ba2c9b53dda039d16cec1c26a +YQ_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1 +YQ_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6 +YQ_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed +YQ_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5 $(bin_dir)/downloaded/tools/yq@$(YQ_VERSION)_%: | $(bin_dir)/downloaded/tools $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$* -o $@ From 78d44286fbca8e84ee8a3aca345dcefc326332da Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 19 Apr 2024 18:24:54 +0200 Subject: [PATCH 047/177] run 'make generate' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .github/dependabot.yaml | 6 ++--- .github/workflows/make-self-upgrade.yaml | 28 ++++++++++++++---------- 2 files changed, 19 insertions(+), 15 deletions(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 35367ea5cee..81b92973404 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -1,20 +1,20 @@ # THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. # Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead. -# Update Go dependencies and GitHub Actions dependencies weekly. +# Update Go dependencies and GitHub Actions dependencies daily. version: 2 updates: - package-ecosystem: gomod directory: / schedule: - interval: weekly + interval: daily groups: all: patterns: ["*"] - package-ecosystem: github-actions directory: / schedule: - interval: weekly + interval: daily groups: all: patterns: ["*"] diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml index ccebdb244eb..fb7fe5bc309 100644 --- a/.github/workflows/make-self-upgrade.yaml +++ b/.github/workflows/make-self-upgrade.yaml @@ -15,12 +15,16 @@ jobs: permissions: contents: write pull-requests: write + + env: + SOURCE_BRANCH: "${{ github.ref_name }}" + SELF_UPGRADE_BRANCH: "self-upgrade-${{ github.ref_name }}" steps: - - name: Fail if branch is not main - if: github.ref != 'refs/heads/main' + - name: Fail if branch is not head of branch. + if: ${{ !startsWith(github.ref, 'refs/heads/') && env.SOURCE_BRANCH != '' && env.SELF_UPGRADE_BRANCH != '' }} run: | - echo "This workflow should not be run on a branch other than main." + echo "This workflow should not be run on a non-branch-head." exit 1 - uses: actions/checkout@v4 @@ -34,7 +38,7 @@ jobs: go-version: ${{ steps.go-version.outputs.result }} - run: | - git checkout -B "self-upgrade" + git checkout -B "$SELF_UPGRADE_BRANCH" - run: | make -j upgrade-klone @@ -54,10 +58,10 @@ jobs: - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} run: | - git config --global user.name "jetstack-bot" - git config --global user.email "jetstack-bot@users.noreply.github.com" + git config --global user.name "cert-manager-bot" + git config --global user.email "cert-manager-bot@users.noreply.github.com" git add -A && git commit -m "BOT: run 'make upgrade-klone' and 'make generate'" --signoff - git push -f origin self-upgrade + git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} uses: actions/github-script@v7 @@ -67,18 +71,18 @@ jobs: const pulls = await github.rest.pulls.list({ owner: owner, repo: repo, - head: owner + ':self-upgrade', - base: 'main', + head: owner + ':' + process.env.SELF_UPGRADE_BRANCH, + base: process.env.SOURCE_BRANCH, state: 'open', }); if (pulls.data.length < 1) { await github.rest.pulls.create({ - title: '[CI] Merge self-upgrade into main', + title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, - head: 'self-upgrade', - base: 'main', + head: process.env.SELF_UPGRADE_BRANCH, + base: process.env.SOURCE_BRANCH, body: [ 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), From 74ef76a142b8fba109025cf05f1a70b97ab3c541 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 19 Apr 2024 18:44:06 +0200 Subject: [PATCH 048/177] run 'make generate' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- LICENSES | 8 ++++---- cmd/acmesolver/LICENSES | 4 ++-- cmd/cainjector/LICENSES | 6 +++--- cmd/controller/LICENSES | 8 ++++---- cmd/startupapicheck/LICENSES | 6 +++--- cmd/webhook/LICENSES | 8 ++++---- test/e2e/LICENSES | 8 ++++---- test/integration/LICENSES | 8 ++++---- 8 files changed, 28 insertions(+), 28 deletions(-) diff --git a/LICENSES b/LICENSES index 49a9bce7b73..43269af24da 100644 --- a/LICENSES +++ b/LICENSES @@ -130,13 +130,13 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/cmd/acmesolver/LICENSES b/cmd/acmesolver/LICENSES index e69f4508f82..4842c48181a 100644 --- a/cmd/acmesolver/LICENSES +++ b/cmd/acmesolver/LICENSES @@ -20,8 +20,8 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause diff --git a/cmd/cainjector/LICENSES b/cmd/cainjector/LICENSES index 65bec35cf19..2dc222d23b9 100644 --- a/cmd/cainjector/LICENSES +++ b/cmd/cainjector/LICENSES @@ -37,10 +37,10 @@ github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3- go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index a6df2654bf8..f969053534a 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -121,12 +121,12 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.165.0/LICENSE,BSD-3-Clause diff --git a/cmd/startupapicheck/LICENSES b/cmd/startupapicheck/LICENSES index e7b86923bb0..1c17cda3581 100644 --- a/cmd/startupapicheck/LICENSES +++ b/cmd/startupapicheck/LICENSES @@ -48,11 +48,11 @@ go.starlark.net,https://github.com/google/starlark-go/blob/f86470692795/LICENSE, go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index bbfdfaddffa..f120d000666 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -52,13 +52,13 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index 6a1b9cfc599..f329111ec94 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -50,11 +50,11 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause diff --git a/test/integration/LICENSES b/test/integration/LICENSES index 8eca7d34ffe..6ec8fcc4127 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -59,13 +59,13 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.17.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 From 58affa8e9df5e43ec404a64797553a01fb0bfa6d Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 19 Apr 2024 19:19:55 +0200 Subject: [PATCH 049/177] add missing verify-licenses target Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- make/02_mod.mk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/make/02_mod.mk b/make/02_mod.mk index e75724ca37a..376114e7f62 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -57,3 +57,6 @@ update-base-images: | $(NEEDS_CRANE) .PHONY: update-licenses update-licenses: generate-licenses + +.PHONY: verify-licenses +verify-licenses: verify-generate-licenses From b363fd9b3fed1d849640ef6e3677f2a2b5803c66 Mon Sep 17 00:00:00 2001 From: Jason Costello Date: Sun, 21 Apr 2024 09:15:38 -0400 Subject: [PATCH 050/177] Applying API default tests to rest of configuration modules Signed-off-by: Jason Costello --- .../cainjector/v1alpha1/defaults_test.go | 4 +- .../controller/v1alpha1/defaults_test.go | 56 +++++++++++++++++++ .../v1alpha1/testdata/defaults.json | 1 + .../config/webhook/v1alpha1/defaults_test.go | 54 ++++++++++++++++++ .../webhook/v1alpha1/testdata/defaults.json | 1 + make/test.mk | 8 ++- 6 files changed, 119 insertions(+), 5 deletions(-) create mode 100644 internal/apis/config/controller/v1alpha1/defaults_test.go create mode 100644 internal/apis/config/controller/v1alpha1/testdata/defaults.json create mode 100644 internal/apis/config/webhook/v1alpha1/defaults_test.go create mode 100644 internal/apis/config/webhook/v1alpha1/testdata/defaults.json diff --git a/internal/apis/config/cainjector/v1alpha1/defaults_test.go b/internal/apis/config/cainjector/v1alpha1/defaults_test.go index b407bc2530b..004998052bf 100644 --- a/internal/apis/config/cainjector/v1alpha1/defaults_test.go +++ b/internal/apis/config/cainjector/v1alpha1/defaults_test.go @@ -38,14 +38,14 @@ func TestCAInjectorConfigurationDefaults(t *testing.T) { if err := os.WriteFile(TestFileLocation, defaultData, 0644); err != nil { t.Fatal(err) } - t.Log("cainjector api defaults updated") + t.Log("cainjector config api defaults updated") } tests := []struct { name string config *v1alpha1.CAInjectorConfiguration }{ { - "cainjection", + "v1alpha1", &v1alpha1.CAInjectorConfiguration{}, }, } diff --git a/internal/apis/config/controller/v1alpha1/defaults_test.go b/internal/apis/config/controller/v1alpha1/defaults_test.go new file mode 100644 index 00000000000..c09d271f33e --- /dev/null +++ b/internal/apis/config/controller/v1alpha1/defaults_test.go @@ -0,0 +1,56 @@ +package v1alpha1 + +import ( + "encoding/json" + "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" + "os" + "reflect" + "testing" +) + +const TestFileLocation = "testdata/defaults.json" + +func TestControllerConfigurationDefaults(t *testing.T) { + if os.Getenv("UPDATE_DEFAULTS") == "true" { + config := &v1alpha1.ControllerConfiguration{} + SetObjectDefaults_ControllerConfiguration(config) + defaultData, err := json.Marshal(config) + if err != nil { + panic(err) + } + if err := os.WriteFile(TestFileLocation, defaultData, 0644); err != nil { + t.Fatal(err) + } + t.Log("controller api defaults updated") + } + tests := []struct { + name string + config *v1alpha1.ControllerConfiguration + }{ + { + "v1alpha1", + &v1alpha1.ControllerConfiguration{}, + }, + } + for _, tt := range tests { + SetObjectDefaults_ControllerConfiguration(tt.config) + + var expected *v1alpha1.ControllerConfiguration + expectedData, err := os.ReadFile(TestFileLocation) + err = json.Unmarshal(expectedData, &expected) + + // need re-initialised post-unmarshal to avoid nil slice + SetDefaults_ACMEHTTP01Config(&expected.ACMEHTTP01Config) + SetDefaults_ACMEDNS01Config(&expected.ACMEDNS01Config) + + if err != nil { + t.Fatal("testfile not found") + } + + if !reflect.DeepEqual(tt.config, expected) { + prettyExpected, _ := json.MarshalIndent(expected, "", "\t") + prettyGot, _ := json.MarshalIndent(tt.config, "", "\t") + t.Errorf("expected defaults\n %v \n but got \n %v", string(prettyExpected), string(prettyGot)) + } + } +} diff --git a/internal/apis/config/controller/v1alpha1/testdata/defaults.json b/internal/apis/config/controller/v1alpha1/testdata/defaults.json new file mode 100644 index 00000000000..5f9ee823dd3 --- /dev/null +++ b/internal/apis/config/controller/v1alpha1/testdata/defaults.json @@ -0,0 +1 @@ +{"kubernetesAPIQPS":20,"kubernetesAPIBurst":50,"clusterResourceNamespace":"kube-system","leaderElectionConfig":{"enabled":true,"namespace":"kube-system","leaseDuration":60000000000,"renewDeadline":40000000000,"retryPeriod":15000000000,"healthzTimeout":20000000000},"controllers":["*"],"issuerAmbientCredentials":false,"clusterIssuerAmbientCredentials":true,"enableCertificateOwnerRef":false,"copiedAnnotationPrefixes":["*","-kubectl.kubernetes.io/","-fluxcd.io/","-argocd.argoproj.io/"],"numberOfConcurrentWorkers":5,"maxConcurrentChallenges":60,"metricsListenAddress":"0.0.0.0:9402","metricsTLSConfig":{"filesystem":{},"dynamic":{"LeafDuration":0}},"healthzListenAddress":"0.0.0.0:9403","enablePprof":false,"pprofAddress":"localhost:6060","logging":{"format":"text","flushFrequency":"5s","verbosity":0,"options":{"json":{"infoBufferSize":"0"}}},"ingressShimConfig":{"defaultIssuerKind":"Issuer","defaultIssuerGroup":"cert-manager.io","defaultAutoCertificateAnnotations":["kubernetes.io/tls-acme"]},"acmeHTTP01Config":{"solverImage":"quay.io/jetstack/cert-manager-acmesolver:canary","solverResourceRequestCPU":"10m","solverResourceRequestMemory":"64Mi","solverResourceLimitsCPU":"100m","solverResourceLimitsMemory":"64Mi","solverRunAsNonRoot":true},"acmeDNS01Config":{"recursiveNameserversOnly":false,"checkRetryPeriod":10000000000}} \ No newline at end of file diff --git a/internal/apis/config/webhook/v1alpha1/defaults_test.go b/internal/apis/config/webhook/v1alpha1/defaults_test.go new file mode 100644 index 00000000000..1bb4beb026c --- /dev/null +++ b/internal/apis/config/webhook/v1alpha1/defaults_test.go @@ -0,0 +1,54 @@ +package v1alpha1 + +import ( + "encoding/json" + "github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1" + "os" + "reflect" + "testing" +) + +const TestFileLocation = "testdata/defaults.json" + +func TestWebhookConfigurationDefaults(t *testing.T) { + if os.Getenv("UPDATE_DEFAULTS") == "true" { + config := &v1alpha1.WebhookConfiguration{} + SetObjectDefaults_WebhookConfiguration(config) + defaultData, err := json.Marshal(config) + if err != nil { + panic(err) + } + if err := os.WriteFile(TestFileLocation, defaultData, 0644); err != nil { + t.Fatal(err) + } + t.Log("webhook config api defaults updated") + } + tests := []struct { + name string + config *v1alpha1.WebhookConfiguration + }{ + { + "v1alpha1", + &v1alpha1.WebhookConfiguration{}, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + SetObjectDefaults_WebhookConfiguration(tt.config) + + var expected *v1alpha1.WebhookConfiguration + expectedData, err := os.ReadFile(TestFileLocation) + err = json.Unmarshal(expectedData, &expected) + + if err != nil { + t.Fatal("testfile not found") + } + + if !reflect.DeepEqual(tt.config, expected) { + prettyExpected, _ := json.MarshalIndent(expected, "", "\t") + prettyGot, _ := json.MarshalIndent(tt.config, "", "\t") + t.Errorf("expected defaults\n %v \n but got \n %v", string(prettyExpected), string(prettyGot)) + } + }) + } +} diff --git a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json new file mode 100644 index 00000000000..a13c4232786 --- /dev/null +++ b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json @@ -0,0 +1 @@ +{"securePort":6443,"healthzPort":6080,"tlsConfig":{"filesystem":{},"dynamic":{"LeafDuration":0}},"enablePprof":false,"pprofAddress":"localhost:6060","logging":{"format":"text","flushFrequency":"5s","verbosity":0,"options":{"json":{"infoBufferSize":"0"}}}} \ No newline at end of file diff --git a/make/test.mk b/make/test.mk index 207907dc2e6..8a14f4d75c2 100644 --- a/make/test.mk +++ b/make/test.mk @@ -87,9 +87,11 @@ unit-test-controller: | $(NEEDS_GOTESTSUM) unit-test-webhook: | $(NEEDS_GOTESTSUM) cd cmd/webhook && $(GOTESTSUM) ./... -.PHONY: update-apidefaults-cainjector -update-apidefaults-cainjector: | $(NEEDS_GOTESTSUM) - cd internal/apis/config/cainjector/v1alpha1/ && UPDATE_DEFAULTS=true $(GOTESTSUM) . && echo "cainjector api defaults updated" +.PHONY: update-config-api-defaults +update-config-api-defaults: | $(NEEDS_GOTESTSUM) + cd internal/apis/config/cainjector/v1alpha1/ && UPDATE_DEFAULTS=true $(GOTESTSUM) . && echo "cainjector config api defaults updated" + cd internal/apis/config/controller/v1alpha1/ && UPDATE_DEFAULTS=true $(GOTESTSUM) . && echo "controller config api defaults updated" + cd internal/apis/config/webhook/v1alpha1/ && UPDATE_DEFAULTS=true $(GOTESTSUM) . && echo "webhook config api defaults updated" .PHONY: setup-integration-tests setup-integration-tests: templated-crds From 610a066fef26c0878c5f3d261d0a2a9a86ad681f Mon Sep 17 00:00:00 2001 From: Jason Costello Date: Sun, 21 Apr 2024 15:12:02 -0400 Subject: [PATCH 051/177] Adding missing boilerplate Signed-off-by: Jason Costello --- .../config/controller/v1alpha1/defaults_test.go | 16 ++++++++++++++++ .../config/webhook/v1alpha1/defaults_test.go | 16 ++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/internal/apis/config/controller/v1alpha1/defaults_test.go b/internal/apis/config/controller/v1alpha1/defaults_test.go index c09d271f33e..fbc3cd70d2d 100644 --- a/internal/apis/config/controller/v1alpha1/defaults_test.go +++ b/internal/apis/config/controller/v1alpha1/defaults_test.go @@ -1,3 +1,19 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package v1alpha1 import ( diff --git a/internal/apis/config/webhook/v1alpha1/defaults_test.go b/internal/apis/config/webhook/v1alpha1/defaults_test.go index 1bb4beb026c..ed2a79938ec 100644 --- a/internal/apis/config/webhook/v1alpha1/defaults_test.go +++ b/internal/apis/config/webhook/v1alpha1/defaults_test.go @@ -1,3 +1,19 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package v1alpha1 import ( From 237dfd9f0dd3c29cf23e43253c9717aa939d0aeb Mon Sep 17 00:00:00 2001 From: Youngjun Date: Mon, 22 Apr 2024 14:24:59 +0900 Subject: [PATCH 052/177] refectoring: remove unnecessary code Signed-off-by: Youngjun --- hack/prune-junit-xml/prunexml_test.go | 2 +- internal/cmd/util/signal_test.go | 3 --- internal/controller/certificates/policies/checks_test.go | 4 ++-- pkg/apis/experimental/v1alpha1/types.go | 2 +- pkg/controller/certificate-shim/sync.go | 2 +- pkg/issuer/acme/dns/akamai/akamai.go | 7 +------ 6 files changed, 6 insertions(+), 14 deletions(-) diff --git a/hack/prune-junit-xml/prunexml_test.go b/hack/prune-junit-xml/prunexml_test.go index 4b7e49d3b0e..ac6fc3df0c9 100644 --- a/hack/prune-junit-xml/prunexml_test.go +++ b/hack/prune-junit-xml/prunexml_test.go @@ -98,5 +98,5 @@ func TestPruneXML(t *testing.T) { writer := bufio.NewWriter(&output) _ = streamXML(writer, suites) _ = writer.Flush() - assert.Equal(t, outputXML, string(output.Bytes()), "xml was not pruned correctly") + assert.Equal(t, outputXML, output.String(), "xml was not pruned correctly") } diff --git a/internal/cmd/util/signal_test.go b/internal/cmd/util/signal_test.go index 34915b86c3a..fae02a54750 100644 --- a/internal/cmd/util/signal_test.go +++ b/internal/cmd/util/signal_test.go @@ -58,7 +58,6 @@ func TestSetupExitHandlerAlwaysErrCodeSIGTERM(t *testing.T) { if err := syscall.Kill(syscall.Getpid(), syscall.SIGTERM); err != nil { t.Fatal(err) - os.Exit(99) } // Wait for the program to shut down. @@ -83,7 +82,6 @@ func TestSetupExitHandlerAlwaysErrCodeSIGINT(t *testing.T) { if err := syscall.Kill(syscall.Getpid(), syscall.SIGINT); err != nil { t.Fatal(err) - os.Exit(99) } // Wait for the program to shut down. @@ -108,7 +106,6 @@ func TestSetupExitHandlerGracefulShutdownSIGINT(t *testing.T) { if err := syscall.Kill(syscall.Getpid(), syscall.SIGINT); err != nil { t.Fatal(err) - os.Exit(99) } // Wait for the program to shut down. diff --git a/internal/controller/certificates/policies/checks_test.go b/internal/controller/certificates/policies/checks_test.go index 884b653d86f..40720e409ce 100644 --- a/internal/controller/certificates/policies/checks_test.go +++ b/internal/controller/certificates/policies/checks_test.go @@ -1846,7 +1846,7 @@ func Test_SecretOwnerReferenceManagedFieldMismatch(t *testing.T) { const fieldManager = "cert-manager-test" crt := gen.Certificate("test-certificate", - gen.SetCertificateUID(types.UID("uid-123")), + gen.SetCertificateUID("uid-123"), ) tests := map[string]struct { @@ -2024,7 +2024,7 @@ func Test_SecretOwnerReferenceManagedFieldMismatch(t *testing.T) { func Test_SecretOwnerReferenceMismatch(t *testing.T) { crt := gen.Certificate("test-certificate", - gen.SetCertificateUID(types.UID("uid-123")), + gen.SetCertificateUID("uid-123"), ) tests := map[string]struct { diff --git a/pkg/apis/experimental/v1alpha1/types.go b/pkg/apis/experimental/v1alpha1/types.go index 3a6a54d7a04..7e66b9a2be1 100644 --- a/pkg/apis/experimental/v1alpha1/types.go +++ b/pkg/apis/experimental/v1alpha1/types.go @@ -34,7 +34,7 @@ const ( // the experimental.cert-manager.io/request-duration annotation. This // has to be the same as the minimum allowed value for // spec.expirationSeconds of a CertificateSigningRequest - CertificateSigningRequestMinimumDuration = time.Duration(time.Second * 600) + CertificateSigningRequestMinimumDuration = time.Second * 600 ) // SelfSigned Issuer specific Annotations diff --git a/pkg/controller/certificate-shim/sync.go b/pkg/controller/certificate-shim/sync.go index 4e116471e71..79c68e11d49 100644 --- a/pkg/controller/certificate-shim/sync.go +++ b/pkg/controller/certificate-shim/sync.go @@ -344,7 +344,7 @@ func buildCertificates( } // Gateway API hostname explicitly disallows IP addresses, so this // should be OK. - tlsHosts[secretRef] = append(tlsHosts[secretRef], fmt.Sprintf("%s", *l.Hostname)) + tlsHosts[secretRef] = append(tlsHosts[secretRef], string(*l.Hostname)) } } default: diff --git a/pkg/issuer/acme/dns/akamai/akamai.go b/pkg/issuer/acme/dns/akamai/akamai.go index b5f4f239dea..5cfac7dd06c 100644 --- a/pkg/issuer/acme/dns/akamai/akamai.go +++ b/pkg/issuer/acme/dns/akamai/akamai.go @@ -234,17 +234,12 @@ func containsValue(values []string, value string) bool { } func isNotFound(err error) bool { - if err == nil { return false } _, ok := err.(*dns.RecordError) - if ok { - return true - } - - return false + return ok } func makeTxtRecordName(fqdn, hostedDomain string) (string, error) { From be3ac3d1a445a4724322acd4ad6a64e4d3280ae0 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Mon, 22 Apr 2024 11:24:59 +0100 Subject: [PATCH 053/177] bump /x/net to fix CVE-2023-45288 Signed-off-by: Ashley Davis --- LICENSES | 8 ++++---- cmd/acmesolver/LICENSES | 4 ++-- cmd/acmesolver/go.mod | 4 ++-- cmd/acmesolver/go.sum | 8 ++++---- cmd/cainjector/LICENSES | 6 +++--- cmd/cainjector/go.mod | 6 +++--- cmd/cainjector/go.sum | 12 ++++++------ cmd/controller/LICENSES | 8 ++++---- cmd/controller/go.mod | 8 ++++---- cmd/controller/go.sum | 16 ++++++++-------- cmd/startupapicheck/LICENSES | 6 +++--- cmd/startupapicheck/go.mod | 6 +++--- cmd/startupapicheck/go.sum | 12 ++++++------ cmd/webhook/LICENSES | 8 ++++---- cmd/webhook/go.mod | 8 ++++---- cmd/webhook/go.sum | 16 ++++++++-------- go.mod | 8 ++++---- go.sum | 13 ++++++++----- test/e2e/LICENSES | 8 ++++---- test/e2e/go.mod | 8 ++++---- test/e2e/go.sum | 16 ++++++++-------- test/integration/LICENSES | 8 ++++---- test/integration/go.mod | 8 ++++---- test/integration/go.sum | 16 ++++++++-------- 24 files changed, 112 insertions(+), 109 deletions(-) diff --git a/LICENSES b/LICENSES index 43269af24da..c1ff301ba96 100644 --- a/LICENSES +++ b/LICENSES @@ -130,13 +130,13 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/cmd/acmesolver/LICENSES b/cmd/acmesolver/LICENSES index 4842c48181a..3bcd8aca4ec 100644 --- a/cmd/acmesolver/LICENSES +++ b/cmd/acmesolver/LICENSES @@ -20,8 +20,8 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause diff --git a/cmd/acmesolver/go.mod b/cmd/acmesolver/go.mod index d64bda6e53b..2c2d1d64737 100644 --- a/cmd/acmesolver/go.mod +++ b/cmd/acmesolver/go.mod @@ -34,8 +34,8 @@ require ( github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/net v0.23.0 // indirect - golang.org/x/sys v0.18.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sys v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/cmd/acmesolver/go.sum b/cmd/acmesolver/go.sum index 5e12f086f37..78e644ed633 100644 --- a/cmd/acmesolver/go.sum +++ b/cmd/acmesolver/go.sum @@ -75,16 +75,16 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= diff --git a/cmd/cainjector/LICENSES b/cmd/cainjector/LICENSES index 2dc222d23b9..0d99af6c96c 100644 --- a/cmd/cainjector/LICENSES +++ b/cmd/cainjector/LICENSES @@ -37,10 +37,10 @@ github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3- go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/cmd/cainjector/go.mod b/cmd/cainjector/go.mod index f55ef9a2822..58712114b5c 100644 --- a/cmd/cainjector/go.mod +++ b/cmd/cainjector/go.mod @@ -56,10 +56,10 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/cmd/cainjector/go.sum b/cmd/cainjector/go.sum index e13eaae11df..1eaeb9a3c2f 100644 --- a/cmd/cainjector/go.sum +++ b/cmd/cainjector/go.sum @@ -125,8 +125,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -140,12 +140,12 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index f969053534a..06f33c3dd85 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -121,12 +121,12 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.165.0/LICENSE,BSD-3-Clause diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index d0fadd8514b..7e67c89590d 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -131,12 +131,12 @@ require ( go.opentelemetry.io/proto/otlp v1.1.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.21.0 // indirect + golang.org/x/crypto v0.22.0 // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index e9c5ea6e591..9f2a0855924 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -384,8 +384,8 @@ golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= @@ -411,8 +411,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= @@ -439,15 +439,15 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/cmd/startupapicheck/LICENSES b/cmd/startupapicheck/LICENSES index 1c17cda3581..961d45b9e79 100644 --- a/cmd/startupapicheck/LICENSES +++ b/cmd/startupapicheck/LICENSES @@ -48,11 +48,11 @@ go.starlark.net,https://github.com/google/starlark-go/blob/f86470692795/LICENSE, go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/cmd/startupapicheck/go.mod b/cmd/startupapicheck/go.mod index db3769d6ffa..f7cbb53edc8 100644 --- a/cmd/startupapicheck/go.mod +++ b/cmd/startupapicheck/go.mod @@ -68,11 +68,11 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/cmd/startupapicheck/go.sum b/cmd/startupapicheck/go.sum index db01d6c6684..8420aa80330 100644 --- a/cmd/startupapicheck/go.sum +++ b/cmd/startupapicheck/go.sum @@ -158,8 +158,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -176,12 +176,12 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index f120d000666..ace44da0dd6 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -52,13 +52,13 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 579ba6915af..46a172dd518 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -67,13 +67,13 @@ require ( go.opentelemetry.io/proto/otlp v1.1.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.21.0 // indirect + golang.org/x/crypto v0.22.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index acadd30df70..3767d17c1c0 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -150,8 +150,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -163,8 +163,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -180,12 +180,12 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/go.mod b/go.mod index ee3b8c66dad..9ee89119786 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.19.0 + golang.org/x/crypto v0.22.0 golang.org/x/oauth2 v0.17.0 golang.org/x/sync v0.6.0 google.golang.org/api v0.165.0 @@ -160,9 +160,9 @@ require ( go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.21.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/net v0.24.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect diff --git a/go.sum b/go.sum index 5dffa738df2..9376f59cf69 100644 --- a/go.sum +++ b/go.sum @@ -394,8 +394,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= @@ -421,8 +422,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= @@ -449,14 +450,16 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index f329111ec94..aeee9f691ec 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -50,11 +50,11 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 6ce2cd3796e..296d3c2e005 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -79,12 +79,12 @@ require ( github.com/spf13/cobra v1.8.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.21.0 // indirect + golang.org/x/crypto v0.22.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index dcb2ef8561c..acc4edd51b5 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -162,8 +162,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -175,8 +175,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -195,12 +195,12 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/test/integration/LICENSES b/test/integration/LICENSES index 6ec8fcc4127..a684d209650 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -59,13 +59,13 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.18.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.18.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 diff --git a/test/integration/go.mod b/test/integration/go.mod index 4023b0ca0fd..514fbc1c405 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -17,7 +17,7 @@ require ( github.com/munnerz/crd-schema-fuzz v1.0.0 github.com/segmentio/encoding v0.4.0 github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.21.0 + golang.org/x/crypto v0.22.0 golang.org/x/sync v0.6.0 k8s.io/api v0.29.2 k8s.io/apiextensions-apiserver v0.29.2 @@ -94,10 +94,10 @@ require ( go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.18.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/sys v0.19.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 07448a89f73..5f8026d777d 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -457,8 +457,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= @@ -492,8 +492,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -529,12 +529,12 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= -golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= +golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 0f69abd561b0809640b9d6e4fa0899cd845753d9 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 22 Apr 2024 14:54:17 +0200 Subject: [PATCH 054/177] fix flaky dns test, make sure dns server has started before sending requests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/issuer/acme/http/http_test.go | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/pkg/issuer/acme/http/http_test.go b/pkg/issuer/acme/http/http_test.go index 9d77697c471..8dac34561b4 100644 --- a/pkg/issuer/acme/http/http_test.go +++ b/pkg/issuer/acme/http/http_test.go @@ -107,12 +107,15 @@ func TestReachabilityCustomDnsServers(t *testing.T) { t.Fatalf("Failed to resolve %s: %v", u.Host, err) } + dnsServerStarted := make(chan struct{}) dnsServerCalled := int32(0) - server := &dns.Server{Addr: "127.0.0.1:15353", Net: "udp"} + server := &dns.Server{Addr: "127.0.0.1:15353", Net: "udp", NotifyStartedFunc: func() { close(dnsServerStarted) }} defer server.Shutdown() - dns.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) { + mux := &dns.ServeMux{} + server.Handler = mux + mux.HandleFunc(".", func(w dns.ResponseWriter, r *dns.Msg) { m := new(dns.Msg) m.SetReply(r) @@ -154,7 +157,15 @@ func TestReachabilityCustomDnsServers(t *testing.T) { t.Errorf("failed to write DNS response: %v", err) } }) - go server.ListenAndServe() + + go func() { + if err := server.ListenAndServe(); err != nil { + t.Error(err) + } + }() + + // Wait for server to have started + <-dnsServerStarted key := "there is no key" From eb3b832f7ab646470adc9d6e2db55347f2aeccdf Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 22 Apr 2024 15:56:30 +0200 Subject: [PATCH 055/177] add go makefile module Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .github/workflows/govulncheck.yaml | 28 +++++ .golangci.ci.yaml | 37 ------ .golangci.yaml | 119 ++++++++++++++++++ hack/verify-goimports.sh | 51 -------- klone.yaml | 5 + make/00_mod.mk | 4 + make/_shared/go/.golangci.override.yaml | 71 +++++++++++ make/_shared/go/01_mod.mk | 107 ++++++++++++++++ make/_shared/go/README.md | 3 + .../base/.github/workflows/govulncheck.yaml | 28 +++++ make/ci.mk | 12 -- .../suite/certificates/duplicatesecretname.go | 3 +- 12 files changed, 366 insertions(+), 102 deletions(-) create mode 100644 .github/workflows/govulncheck.yaml delete mode 100644 .golangci.ci.yaml create mode 100644 .golangci.yaml delete mode 100755 hack/verify-goimports.sh create mode 100644 make/_shared/go/.golangci.override.yaml create mode 100644 make/_shared/go/01_mod.mk create mode 100644 make/_shared/go/README.md create mode 100644 make/_shared/go/base/.github/workflows/govulncheck.yaml diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml new file mode 100644 index 00000000000..405e8dec99c --- /dev/null +++ b/.github/workflows/govulncheck.yaml @@ -0,0 +1,28 @@ +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/go/base/.github/workflows/govulncheck.yaml instead. + +# Run govulncheck at midnight every night on the main branch, +# to alert us to recent vulnerabilities which affect the Go code in this +# project. +name: govulncheck +on: + workflow_dispatch: {} + schedule: + - cron: '0 0 * * *' + +jobs: + govulncheck: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - id: go-version + run: | + make print-go-version >> "$GITHUB_OUTPUT" + + - uses: actions/setup-go@v5 + with: + go-version: ${{ steps.go-version.outputs.result }} + + - run: make verify-govulncheck diff --git a/.golangci.ci.yaml b/.golangci.ci.yaml deleted file mode 100644 index 9342f2b0cf7..00000000000 --- a/.golangci.ci.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# This golangci-lint configuration is for use in CI. -# It has a non-standard filename so that maintainers can still easily run the -# full `golangci-lint` suite locally on their laptops. -# This configuration limits golangci-lint to check only for those issues that -# have already been fixed. to allow us to incrementally fix the remaining -# issues. -# Please contribute small PRs where a new linter is added or a particular -# exclude is removed in the first commit, wait for golangci-lint-action to -# report the issues and then fix those issues in a subsequent commit. -linters: - disable-all: true - enable: - - gosec - - staticcheck -issues: - # When we enable a new linter or a new issue check, we want to show **all** - # instances of each issue in the GitHub UI or in the CLI report. This allows - # the all the issues to be addressed in a single commit or addressed in a - # series of followup commits grouped per-package or per-module. - # By default golangci-lint only shows 50 issues per linter and only shows the - # first three instances of any particular issue. Why? We do not know, but - # perhaps it's to avoid overwhelming the user when there are a large number of - # issues. - # The value 0 below means show all. - max-issues-per-linter: 0 - max-same-issues: 0 - # Ignore some of the gosec warnings until we have time to address them. - exclude-rules: - - linters: - - gosec - text: "G(101|107|204|306|402)" - - linters: - - staticcheck - text: "SA(1002|1006|4000|4006)" - - linters: - - staticcheck - text: "(NewCertManagerBasicCertificateRequest|DeprecatedCertificateTemplateFromCertificateRequestAndAllowInsecureCSRUsageDefinition)" diff --git a/.golangci.yaml b/.golangci.yaml new file mode 100644 index 00000000000..7c830b1f029 --- /dev/null +++ b/.golangci.yaml @@ -0,0 +1,119 @@ +issues: + exclude-rules: + - linters: + - dogsled + - errcheck + - misspell + - contextcheck + - unparam + - promlinter + - errname + - tenv + - exhaustive + - gocritic + - gci + - nilerr + - tagalign + - dupword + - bodyclose + - loggercheck + - forbidigo + - interfacebloat + - predeclared + - unused + - unconvert + - usestdlibvars + - noctx + - nilnil + - gosimple + - nakedret + - asasalint + - ginkgolinter + - goprintffuncname + - ineffassign + - musttag + - wastedassign + - nosprintfhostport + - exportloopref + - gomoddirectives + text: ".*" + - linters: + - gosec + text: "G(101|107|204|306|402)" + - linters: + - staticcheck + text: "SA(1002|1006|4000|4006)" + - linters: + - staticcheck + text: "(NewCertManagerBasicCertificateRequest|DeprecatedCertificateTemplateFromCertificateRequestAndAllowInsecureCSRUsageDefinition)" +linters: + # Explicitly define all enabled linters + disable-all: true + enable: + - asasalint + - asciicheck + - bidichk + - bodyclose + - contextcheck + - decorder + - dogsled + - dupword + - durationcheck + - errcheck + - errchkjson + - errname + - execinquery + - exhaustive + - exportloopref + - forbidigo + - gci + - ginkgolinter + - gocheckcompilerdirectives + - gochecksumtype + - gocritic + - gofmt + - goheader + - gomoddirectives + - gomodguard + - goprintffuncname + - gosec + - gosimple + - gosmopolitan + - govet + - grouper + - importas + - ineffassign + - interfacebloat + - loggercheck + - makezero + - mirror + - misspell + - musttag + - nakedret + - nilerr + - nilnil + - noctx + - nosprintfhostport + - predeclared + - promlinter + - protogetter + - reassign + - sloglint + - staticcheck + - tagalign + - tenv + - testableexamples + - typecheck + - unconvert + - unparam + - unused + - usestdlibvars + - wastedassign +linters-settings: + gci: + sections: + - standard # Standard section: captures all standard packages. + - default # Default section: contains all imports that could not be matched to another section type. + - prefix(github.com/cert-manager/cert-manager) # Custom section: groups all imports with the specified Prefix. + - blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled. + - dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled. diff --git a/hack/verify-goimports.sh b/hack/verify-goimports.sh deleted file mode 100755 index ffc1508141b..00000000000 --- a/hack/verify-goimports.sh +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/env bash - -# Copyright 2022 The cert-manager Authors. -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -set -o errexit -set -o nounset -set -o pipefail - -if [[ -z "${1:-}" ]]; then - echo "usage: $0 [go dirs ...]" >&2 - exit 1 -fi - -goimports=$(realpath "$1") - -shift 1 - -godirs=("$@") -if [ ${#godirs[@]} -eq 0 ]; then - echo "No go dirs specified" >&2 - exit 1 -fi - -# passing "-local" would be ideal, but it'll conflict with auto generated files ATM -# and cause churn when we want to update those files -#common_flags="-local github.com/cert-manager/cert-manager" - -common_flags="" - -echo "+++ running goimports on [${godirs[@]}]" >&2 - -output=$($goimports $common_flags -l $godirs) - -if [ ! -z "${output}" ]; then - echo "${output}" | sed "s/^/goimports: broken file: /" - echo "+++ goimports failed; the following command may fix:" >&2 - echo "+++ $goimports $common_flags -w $godirs" >&2 - exit 1 -fi diff --git a/klone.yaml b/klone.yaml index a63fbbf2041..badaa9de9a0 100644 --- a/klone.yaml +++ b/klone.yaml @@ -17,6 +17,11 @@ targets: repo_ref: main repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 repo_path: modules/generate-verify + - folder_name: go + repo_url: https://github.com/cert-manager/makefile-modules.git + repo_ref: main + repo_hash: fa9c9274d1d852de501461b9442f7206aaf74007 + repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main diff --git a/make/00_mod.mk b/make/00_mod.mk index 529610bf8aa..b5f380ef72d 100644 --- a/make/00_mod.mk +++ b/make/00_mod.mk @@ -12,6 +12,8 @@ # See the License for the specific language governing permissions and # limitations under the License. +repo_name := github.com/cert-manager/cert-manager + include make/util.mk # SOURCES contains all go files except those in $(bin_dir), the old bindir `bin`, or in @@ -52,3 +54,5 @@ GOFLAGS := -trimpath GOLDFLAGS := -w -s \ -X github.com/cert-manager/cert-manager/pkg/util.AppVersion=$(VERSION) \ -X github.com/cert-manager/cert-manager/pkg/util.AppGitCommit=$(GITCOMMIT) + +golangci_lint_config := .golangci.yaml diff --git a/make/_shared/go/.golangci.override.yaml b/make/_shared/go/.golangci.override.yaml new file mode 100644 index 00000000000..e569eff7209 --- /dev/null +++ b/make/_shared/go/.golangci.override.yaml @@ -0,0 +1,71 @@ +linters: + # Explicitly define all enabled linters + disable-all: true + enable: + - asasalint + - asciicheck + - bidichk + - bodyclose + - contextcheck + - decorder + - dogsled + - dupword + - durationcheck + - errcheck + - errchkjson + - errname + - execinquery + - exhaustive + - exportloopref + - forbidigo + - gci + - ginkgolinter + - gocheckcompilerdirectives + - gochecksumtype + - gocritic + - gofmt + - goheader + - gomoddirectives + - gomodguard + - goprintffuncname + - gosec + - gosimple + - gosmopolitan + - govet + - grouper + - importas + - ineffassign + - interfacebloat + - loggercheck + - makezero + - mirror + - misspell + - musttag + - nakedret + - nilerr + - nilnil + - noctx + - nosprintfhostport + - predeclared + - promlinter + - protogetter + - reassign + - sloglint + - staticcheck + - tagalign + - tenv + - testableexamples + - typecheck + - unconvert + - unparam + - unused + - usestdlibvars + - wastedassign +linters-settings: + gci: + sections: + - standard # Standard section: captures all standard packages. + - default # Default section: contains all imports that could not be matched to another section type. + - prefix({{REPO-NAME}}) # Custom section: groups all imports with the specified Prefix. + - blank # Blank section: contains all blank imports. This section is not present unless explicitly enabled. + - dot # Dot section: contains all dot imports. This section is not present unless explicitly enabled. diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk new file mode 100644 index 00000000000..e12d51e82e4 --- /dev/null +++ b/make/_shared/go/01_mod.mk @@ -0,0 +1,107 @@ +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +ifndef bin_dir +$(error bin_dir is not set) +endif + +ifndef repo_name +$(error repo_name is not set) +endif + +go_base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/ +golangci_lint_override := $(dir $(lastword $(MAKEFILE_LIST)))/.golangci.override.yaml + +.PHONY: generate-govulncheck +## Generate base files in the repository +## @category [shared] Generate/ Verify +generate-govulncheck: + cp -r $(go_base_dir)/. ./ + +shared_generate_targets += generate-govulncheck + +.PHONY: verify-govulncheck +## Verify all Go modules for vulnerabilities using govulncheck +## @category [shared] Generate/ Verify +# +# Runs `govulncheck` on all Go modules related to the project. +# Ignores Go modules among the temporary build artifacts in _bin, to avoid +# scanning the code of the vendored Go, after running make vendor-go. +# Ignores Go modules in make/_shared, because those will be checked in centrally +# in the makefile_modules repository. +# +# `verify-govulncheck` not added to the `shared_verify_targets` variable and is +# not run by `make verify`, because `make verify` is run for each PR, and we do +# not want new vulnerabilities in existing code to block the merging of PRs. +# Instead `make verify-govulnecheck` is intended to be run periodically by a CI job. +verify-govulncheck: | $(NEEDS_GOVULNCHECK) + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + | while read d; do \ + echo "Running 'GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(bin_dir)/tools/govulncheck ./...' in directory '$${d}'"; \ + pushd "$${d}" >/dev/null; \ + GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(GOVULNCHECK) ./... || exit; \ + popd >/dev/null; \ + echo ""; \ + done + +ifdef golangci_lint_config + +.PHONY: generate-golangci-lint-config +## Generate a golangci-lint configuration file +## @category [shared] Generate/ Verify +generate-golangci-lint-config: | $(NEEDS_YQ) $(bin_dir)/scratch + cp $(golangci_lint_config) $(bin_dir)/scratch/golangci-lint.yaml.tmp + $(YQ) -i 'del(.linters.enable)' $(bin_dir)/scratch/golangci-lint.yaml.tmp + $(YQ) eval-all -i '. as $$item ireduce ({}; . * $$item)' $(bin_dir)/scratch/golangci-lint.yaml.tmp $(golangci_lint_override) + $(YQ) -i '(.. | select(tag == "!!str")) |= sub("{{REPO-NAME}}", "$(repo_name)")' $(bin_dir)/scratch/golangci-lint.yaml.tmp + mv $(bin_dir)/scratch/golangci-lint.yaml.tmp $(golangci_lint_config) + +shared_generate_targets += generate-golangci-lint-config + +.PHONY: verify-golangci-lint +## Verify all Go modules using golangci-lint +## @category [shared] Generate/ Verify +verify-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/scratch + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + | while read d; do \ + echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config)' in directory '$${d}'"; \ + pushd "$${d}" >/dev/null; \ + $(GOLANGCI-LINT) run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --timeout 4m || exit; \ + popd >/dev/null; \ + echo ""; \ + done + +shared_verify_targets_dirty += verify-golangci-lint + +.PHONY: fix-golangci-lint +## Fix all Go modules using golangci-lint +## @category [shared] Generate/ Verify +fix-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/scratch + gci write \ + -s "standard" \ + -s "default" \ + -s "prefix($(repo_name))" \ + -s "blank" \ + -s "dot" . + + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + | while read d; do \ + echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --fix' in directory '$${d}'"; \ + pushd "$${d}" >/dev/null; \ + $(GOLANGCI-LINT) run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --fix || exit; \ + popd >/dev/null; \ + echo ""; \ + done + +endif diff --git a/make/_shared/go/README.md b/make/_shared/go/README.md new file mode 100644 index 00000000000..ad1962ba1dc --- /dev/null +++ b/make/_shared/go/README.md @@ -0,0 +1,3 @@ +# README + +A module for various Go static checks. diff --git a/make/_shared/go/base/.github/workflows/govulncheck.yaml b/make/_shared/go/base/.github/workflows/govulncheck.yaml new file mode 100644 index 00000000000..405e8dec99c --- /dev/null +++ b/make/_shared/go/base/.github/workflows/govulncheck.yaml @@ -0,0 +1,28 @@ +# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. +# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/go/base/.github/workflows/govulncheck.yaml instead. + +# Run govulncheck at midnight every night on the main branch, +# to alert us to recent vulnerabilities which affect the Go code in this +# project. +name: govulncheck +on: + workflow_dispatch: {} + schedule: + - cron: '0 0 * * *' + +jobs: + govulncheck: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - id: go-version + run: | + make print-go-version >> "$GITHUB_OUTPUT" + + - uses: actions/setup-go@v5 + with: + go-version: ${{ steps.go-version.outputs.result }} + + - run: make verify-govulncheck diff --git a/make/ci.mk b/make/ci.mk index e24e5b7d499..d329f6d1523 100644 --- a/make/ci.mk +++ b/make/ci.mk @@ -12,24 +12,12 @@ # See the License for the specific language governing permissions and # limitations under the License. -.PHONY: verify-golangci-lint -verify-golangci-lint: | $(NEEDS_GOLANGCI-LINT) - find . -name go.mod -not \( -path "./$(bin_dir)/*" -prune \) -execdir $(GOLANGCI-LINT) run --timeout=30m --config=$(CURDIR)/.golangci.ci.yaml \; - -shared_verify_targets += verify-golangci-lint - .PHONY: verify-modules verify-modules: | $(NEEDS_CMREL) $(CMREL) validate-gomod --path $(shell pwd) --no-dummy-modules github.com/cert-manager/cert-manager/integration-tests shared_verify_targets += verify-modules -.PHONY: verify-imports -verify-imports: | $(NEEDS_GOIMPORTS) - ./hack/verify-goimports.sh $(GOIMPORTS) $(SOURCE_DIRS) - -shared_verify_targets += verify-imports - .PHONY: verify-chart verify-chart: $(bin_dir)/cert-manager-$(VERSION).tgz DOCKER=$(CTR) ./hack/verify-chart-version.sh $< diff --git a/test/e2e/suite/certificates/duplicatesecretname.go b/test/e2e/suite/certificates/duplicatesecretname.go index b97b1cb2750..fee2e531882 100644 --- a/test/e2e/suite/certificates/duplicatesecretname.go +++ b/test/e2e/suite/certificates/duplicatesecretname.go @@ -129,8 +129,7 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( Expect(err).NotTo(HaveOccurred()) var ownedReqs int for _, req := range reqs.Items { - // #nosec G601 -- False positive. See https://github.com/golang/go/discussions/56010 - if predicate.ResourceOwnedBy(crt)(&req) { + if predicate.ResourceOwnedBy(crt)(&req) /* #nosec G601 -- False positive. See https://github.com/golang/go/discussions/56010 */ { ownedReqs++ } } From d2988a906ac703124c7f75f448a41822aa71f993 Mon Sep 17 00:00:00 2001 From: Youngjun Date: Mon, 22 Apr 2024 14:36:53 +0900 Subject: [PATCH 056/177] refectoring: remove deprecated function - remove deprecated function - comment update beta to ga (and version) Signed-off-by: Youngjun --- internal/webhook/feature/features.go | 4 ++-- pkg/controller/certificaterequests/ca/ca.go | 6 ------ .../certificaterequests/selfsigned/selfsigned.go | 8 +------- 3 files changed, 3 insertions(+), 15 deletions(-) diff --git a/internal/webhook/feature/features.go b/internal/webhook/feature/features.go index 89105eb9db0..873084507ed 100644 --- a/internal/webhook/feature/features.go +++ b/internal/webhook/feature/features.go @@ -55,7 +55,7 @@ const ( LiteralCertificateSubject featuregate.Feature = "LiteralCertificateSubject" // Owner: @inteon - // Beta: v1.13 + // GA: v1.15 // // DisallowInsecureCSRUsageDefinition will prevent the webhook from allowing // CertificateRequest's usages to be only defined in the CSR, while leaving @@ -91,7 +91,7 @@ func init() { // // Where utilfeature is github.com/cert-manager/cert-manager/pkg/util/feature. var webhookFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ - DisallowInsecureCSRUsageDefinition: {Default: true, PreRelease: featuregate.Beta}, + DisallowInsecureCSRUsageDefinition: {Default: true, PreRelease: featuregate.GA}, AdditionalCertificateOutputFormats: {Default: false, PreRelease: featuregate.Alpha}, LiteralCertificateSubject: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/pkg/controller/certificaterequests/ca/ca.go b/pkg/controller/certificaterequests/ca/ca.go index f4c7876c75c..eafd1933b8a 100644 --- a/pkg/controller/certificaterequests/ca/ca.go +++ b/pkg/controller/certificaterequests/ca/ca.go @@ -24,7 +24,6 @@ import ( k8sErrors "k8s.io/apimachinery/pkg/api/errors" - "github.com/cert-manager/cert-manager/internal/controller/feature" internalinformers "github.com/cert-manager/cert-manager/internal/informers" apiutil "github.com/cert-manager/cert-manager/pkg/api/util" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" @@ -34,7 +33,6 @@ import ( issuerpkg "github.com/cert-manager/cert-manager/pkg/issuer" logf "github.com/cert-manager/cert-manager/pkg/logs" cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/pkg/util/kube" "github.com/cert-manager/cert-manager/pkg/util/pki" ) @@ -72,10 +70,6 @@ func NewCA(ctx *controllerpkg.Context) certificaterequests.Issuer { secretsLister: ctx.KubeSharedInformerFactory.Secrets().Lister(), reporter: crutil.NewReporter(ctx.Clock, ctx.Recorder), templateGenerator: func(cr *cmapi.CertificateRequest) (*x509.Certificate, error) { - if !utilfeature.DefaultMutableFeatureGate.Enabled(feature.DisallowInsecureCSRUsageDefinition) { - return pki.DeprecatedCertificateTemplateFromCertificateRequestAndAllowInsecureCSRUsageDefinition(cr) - } - return pki.CertificateTemplateFromCertificateRequest(cr) }, signingFn: pki.SignCSRTemplate, diff --git a/pkg/controller/certificaterequests/selfsigned/selfsigned.go b/pkg/controller/certificaterequests/selfsigned/selfsigned.go index 97617473190..abceef660e4 100644 --- a/pkg/controller/certificaterequests/selfsigned/selfsigned.go +++ b/pkg/controller/certificaterequests/selfsigned/selfsigned.go @@ -29,7 +29,6 @@ import ( "k8s.io/client-go/tools/record" "k8s.io/client-go/util/workqueue" - "github.com/cert-manager/cert-manager/internal/controller/feature" internalinformers "github.com/cert-manager/cert-manager/internal/informers" apiutil "github.com/cert-manager/cert-manager/pkg/api/util" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" @@ -39,7 +38,6 @@ import ( "github.com/cert-manager/cert-manager/pkg/issuer" logf "github.com/cert-manager/cert-manager/pkg/logs" cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/pkg/util/kube" "github.com/cert-manager/cert-manager/pkg/util/pki" "github.com/go-logr/logr" @@ -150,11 +148,7 @@ func (s *SelfSigned) Sign(ctx context.Context, cr *cmapi.CertificateRequest, iss } var template *x509.Certificate - if !utilfeature.DefaultMutableFeatureGate.Enabled(feature.DisallowInsecureCSRUsageDefinition) { - template, err = pki.DeprecatedCertificateTemplateFromCertificateRequestAndAllowInsecureCSRUsageDefinition(cr) - } else { - template, err = pki.CertificateTemplateFromCertificateRequest(cr) - } + template, err = pki.CertificateTemplateFromCertificateRequest(cr) if err != nil { message := "Error generating certificate template" s.reporter.Failed(cr, err, "ErrorGenerating", message) From 6a2b7a7c44d1883e852eeec8b5631849096733f1 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 22 Apr 2024 17:59:28 +0200 Subject: [PATCH 057/177] remove docker custom network hack, since the test environment itself has been patched Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- make/cluster.sh | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/make/cluster.sh b/make/cluster.sh index df0e8223e13..156a50606d9 100755 --- a/make/cluster.sh +++ b/make/cluster.sh @@ -123,26 +123,6 @@ if [ -n "$show_image" ]; then fi setup_kind() { - # When running in our CI environment the Docker network's subnet choice will - # cause issues with routing, which can manifest in errors such as this one: - # - # dial tcp: lookup charts.jetstack.io on 10.8.240.10:53: read udp 10.8.0.2:54823->10.8.240.10:53: i/o timeout - # - # as seen in the build [1]. We create this custom network as a workaround - # until we have a way to properly patch this. - # - # [1]: https://prow.build-infra.jetstack.net/view/gs/jetstack-logs/pr-logs/pull/cert-manager_approver-policy/36/pull-cert-manager-approver-policy-smoke/1447565895923666944#1:build-log.txt%3A222 - if printenv CI >/dev/null; then - if ! docker network inspect kind >/dev/null 2>&1; then - docker network create --driver=bridge --subnet=192.168.0.0/16 --gateway 192.168.0.1 kind - fi - - # Wait for the network to be created so kind does not overwrite it. - while ! docker network inspect kind >/dev/null; do - sleep 100ms - done - fi - # (1) Does the kind cluster already exist? if ! kind get clusters -q | grep -q "^$kind_cluster_name\$"; then trace kind create cluster --config "make/config/kind/cluster.yaml" \ From 11ce045d31f8d40c977f622977dea72ba34fa4cb Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 22 Apr 2024 16:52:50 +0200 Subject: [PATCH 058/177] upgrade repository-base Makefile module and disable dependabot Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .github/workflows/make-self-upgrade.yaml | 2 +- klone.yaml | 2 +- make/00_mod.mk | 2 ++ make/_shared/repository-base/01_mod.mk | 10 ++++++++++ .../base-dependabot/.github}/dependabot.yaml | 0 .../base/.github/dependabot.yaml | 20 ------------------- .../.github/workflows/make-self-upgrade.yaml | 2 +- 7 files changed, 15 insertions(+), 23 deletions(-) rename {.github => make/_shared/repository-base/base-dependabot/.github}/dependabot.yaml (100%) delete mode 100644 make/_shared/repository-base/base/.github/dependabot.yaml diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml index fb7fe5bc309..93beedff044 100644 --- a/.github/workflows/make-self-upgrade.yaml +++ b/.github/workflows/make-self-upgrade.yaml @@ -9,7 +9,7 @@ on: - cron: '0 0 * * *' jobs: - build_images: + self_upgrade: runs-on: ubuntu-latest permissions: diff --git a/klone.yaml b/klone.yaml index badaa9de9a0..b10b0b22ebe 100644 --- a/klone.yaml +++ b/klone.yaml @@ -35,7 +35,7 @@ targets: - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 + repo_hash: e9363accaaee20a995bbf8f1c9cba2ea77da8935 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git diff --git a/make/00_mod.mk b/make/00_mod.mk index b5f380ef72d..e9e382aaee7 100644 --- a/make/00_mod.mk +++ b/make/00_mod.mk @@ -56,3 +56,5 @@ GOLDFLAGS := -w -s \ -X github.com/cert-manager/cert-manager/pkg/util.AppGitCommit=$(GITCOMMIT) golangci_lint_config := .golangci.yaml + +repository_base_no_dependabot := 1 diff --git a/make/_shared/repository-base/01_mod.mk b/make/_shared/repository-base/01_mod.mk index 251ac88e56c..aa6b7ee2e34 100644 --- a/make/_shared/repository-base/01_mod.mk +++ b/make/_shared/repository-base/01_mod.mk @@ -13,11 +13,21 @@ # limitations under the License. base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/ +base_dependabot_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base-dependabot/ +ifdef repository_base_no_dependabot .PHONY: generate-base ## Generate base files in the repository ## @category [shared] Generate/ Verify generate-base: cp -r $(base_dir)/. ./ +else +.PHONY: generate-base +## Generate base files in the repository +## @category [shared] Generate/ Verify +generate-base: + cp -r $(base_dir)/. ./ + cp -r $(base_dependabot_dir)/. ./ +endif shared_generate_targets += generate-base diff --git a/.github/dependabot.yaml b/make/_shared/repository-base/base-dependabot/.github/dependabot.yaml similarity index 100% rename from .github/dependabot.yaml rename to make/_shared/repository-base/base-dependabot/.github/dependabot.yaml diff --git a/make/_shared/repository-base/base/.github/dependabot.yaml b/make/_shared/repository-base/base/.github/dependabot.yaml deleted file mode 100644 index 81b92973404..00000000000 --- a/make/_shared/repository-base/base/.github/dependabot.yaml +++ /dev/null @@ -1,20 +0,0 @@ -# THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT. -# Edit https://github.com/cert-manager/makefile-modules/blob/main/modules/repository-base/base/.github/dependabot.yaml instead. - -# Update Go dependencies and GitHub Actions dependencies daily. -version: 2 -updates: -- package-ecosystem: gomod - directory: / - schedule: - interval: daily - groups: - all: - patterns: ["*"] -- package-ecosystem: github-actions - directory: / - schedule: - interval: daily - groups: - all: - patterns: ["*"] diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml index fb7fe5bc309..93beedff044 100644 --- a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -9,7 +9,7 @@ on: - cron: '0 0 * * *' jobs: - build_images: + self_upgrade: runs-on: ubuntu-latest permissions: From a26e2dc21e24e140b55fa721f76c0b7f09b51dc3 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 23 Apr 2024 13:02:55 +0200 Subject: [PATCH 059/177] cleanup code Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../cainjector/v1alpha1/defaults_test.go | 45 ++++++------- .../v1alpha1/testdata/defaults.json | 31 ++++++++- .../controller/v1alpha1/defaults_test.go | 48 ++++++------- .../v1alpha1/testdata/defaults.json | 67 ++++++++++++++++++- .../config/webhook/v1alpha1/defaults_test.go | 48 ++++++------- .../webhook/v1alpha1/testdata/defaults.json | 23 ++++++- make/test.mk | 8 +-- 7 files changed, 182 insertions(+), 88 deletions(-) diff --git a/internal/apis/config/cainjector/v1alpha1/defaults_test.go b/internal/apis/config/cainjector/v1alpha1/defaults_test.go index 004998052bf..4fa0b377ebc 100644 --- a/internal/apis/config/cainjector/v1alpha1/defaults_test.go +++ b/internal/apis/config/cainjector/v1alpha1/defaults_test.go @@ -19,53 +19,46 @@ package v1alpha1 import ( "encoding/json" "os" - "reflect" "testing" "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" + "github.com/stretchr/testify/require" ) -const TestFileLocation = "testdata/defaults.json" - func TestCAInjectorConfigurationDefaults(t *testing.T) { - if os.Getenv("UPDATE_DEFAULTS") == "true" { - config := &v1alpha1.CAInjectorConfiguration{} - SetObjectDefaults_CAInjectorConfiguration(config) - defaultData, err := json.Marshal(config) - if err != nil { - panic(err) - } - if err := os.WriteFile(TestFileLocation, defaultData, 0644); err != nil { - t.Fatal(err) - } - t.Log("cainjector config api defaults updated") - } tests := []struct { - name string - config *v1alpha1.CAInjectorConfiguration + name string + config *v1alpha1.CAInjectorConfiguration + jsonFilePath string }{ { "v1alpha1", &v1alpha1.CAInjectorConfiguration{}, + "testdata/defaults.json", }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { SetObjectDefaults_CAInjectorConfiguration(tt.config) - var expected *v1alpha1.CAInjectorConfiguration - expectedData, err := os.ReadFile(TestFileLocation) - err = json.Unmarshal(expectedData, &expected) - + defaultData, err := json.MarshalIndent(tt.config, "", "\t") if err != nil { - t.Fatal("testfile not found") + t.Fatal(err) } - if !reflect.DeepEqual(tt.config, expected) { - prettyExpected, _ := json.MarshalIndent(expected, "", "\t") - prettyGot, _ := json.MarshalIndent(tt.config, "", "\t") - t.Errorf("expected defaults\n %v \n but got \n %v", string(prettyExpected), string(prettyGot)) + if os.Getenv("UPDATE_DEFAULTS") == "true" { + if err := os.WriteFile(tt.jsonFilePath, defaultData, 0644); err != nil { + t.Fatal(err) + } + t.Log("cainjector config api defaults updated") } + + expectedData, err := os.ReadFile(tt.jsonFilePath) + if err != nil { + t.Fatal(err) + } + + require.Equal(t, expectedData, defaultData) }) } } diff --git a/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json b/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json index eb726c08e83..ee6066438be 100644 --- a/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json @@ -1 +1,30 @@ -{"leaderElectionConfig":{"enabled":true,"namespace":"kube-system","leaseDuration":60000000000,"renewDeadline":40000000000,"retryPeriod":15000000000},"enableDataSourceConfig":{"certificates":true},"enableInjectableConfig":{"validatingWebhookConfigurations":true,"mutatingWebhookConfigurations":true,"customResourceDefinitions":true,"apiServices":true},"enablePprof":false,"pprofAddress":"localhost:6060","logging":{"format":"text","flushFrequency":"5s","verbosity":0,"options":{"json":{"infoBufferSize":"0"}}}} \ No newline at end of file +{ + "leaderElectionConfig": { + "enabled": true, + "namespace": "kube-system", + "leaseDuration": 60000000000, + "renewDeadline": 40000000000, + "retryPeriod": 15000000000 + }, + "enableDataSourceConfig": { + "certificates": true + }, + "enableInjectableConfig": { + "validatingWebhookConfigurations": true, + "mutatingWebhookConfigurations": true, + "customResourceDefinitions": true, + "apiServices": true + }, + "enablePprof": false, + "pprofAddress": "localhost:6060", + "logging": { + "format": "text", + "flushFrequency": "5s", + "verbosity": 0, + "options": { + "json": { + "infoBufferSize": "0" + } + } + } +} \ No newline at end of file diff --git a/internal/apis/config/controller/v1alpha1/defaults_test.go b/internal/apis/config/controller/v1alpha1/defaults_test.go index fbc3cd70d2d..a6927829f0d 100644 --- a/internal/apis/config/controller/v1alpha1/defaults_test.go +++ b/internal/apis/config/controller/v1alpha1/defaults_test.go @@ -18,55 +18,47 @@ package v1alpha1 import ( "encoding/json" - "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" "os" - "reflect" "testing" + + "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" + "github.com/stretchr/testify/require" ) const TestFileLocation = "testdata/defaults.json" func TestControllerConfigurationDefaults(t *testing.T) { - if os.Getenv("UPDATE_DEFAULTS") == "true" { - config := &v1alpha1.ControllerConfiguration{} - SetObjectDefaults_ControllerConfiguration(config) - defaultData, err := json.Marshal(config) - if err != nil { - panic(err) - } - if err := os.WriteFile(TestFileLocation, defaultData, 0644); err != nil { - t.Fatal(err) - } - t.Log("controller api defaults updated") - } tests := []struct { - name string - config *v1alpha1.ControllerConfiguration + name string + config *v1alpha1.ControllerConfiguration + jsonFilePath string }{ { "v1alpha1", &v1alpha1.ControllerConfiguration{}, + "testdata/defaults.json", }, } for _, tt := range tests { SetObjectDefaults_ControllerConfiguration(tt.config) - var expected *v1alpha1.ControllerConfiguration - expectedData, err := os.ReadFile(TestFileLocation) - err = json.Unmarshal(expectedData, &expected) + defaultData, err := json.MarshalIndent(tt.config, "", "\t") + if err != nil { + t.Fatal(err) + } - // need re-initialised post-unmarshal to avoid nil slice - SetDefaults_ACMEHTTP01Config(&expected.ACMEHTTP01Config) - SetDefaults_ACMEDNS01Config(&expected.ACMEDNS01Config) + if os.Getenv("UPDATE_DEFAULTS") == "true" { + if err := os.WriteFile(tt.jsonFilePath, defaultData, 0644); err != nil { + t.Fatal(err) + } + t.Log("cainjector config api defaults updated") + } + expectedData, err := os.ReadFile(tt.jsonFilePath) if err != nil { - t.Fatal("testfile not found") + t.Fatal(err) } - if !reflect.DeepEqual(tt.config, expected) { - prettyExpected, _ := json.MarshalIndent(expected, "", "\t") - prettyGot, _ := json.MarshalIndent(tt.config, "", "\t") - t.Errorf("expected defaults\n %v \n but got \n %v", string(prettyExpected), string(prettyGot)) - } + require.Equal(t, expectedData, defaultData) } } diff --git a/internal/apis/config/controller/v1alpha1/testdata/defaults.json b/internal/apis/config/controller/v1alpha1/testdata/defaults.json index 5f9ee823dd3..1004ab5d9e1 100644 --- a/internal/apis/config/controller/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/controller/v1alpha1/testdata/defaults.json @@ -1 +1,66 @@ -{"kubernetesAPIQPS":20,"kubernetesAPIBurst":50,"clusterResourceNamespace":"kube-system","leaderElectionConfig":{"enabled":true,"namespace":"kube-system","leaseDuration":60000000000,"renewDeadline":40000000000,"retryPeriod":15000000000,"healthzTimeout":20000000000},"controllers":["*"],"issuerAmbientCredentials":false,"clusterIssuerAmbientCredentials":true,"enableCertificateOwnerRef":false,"copiedAnnotationPrefixes":["*","-kubectl.kubernetes.io/","-fluxcd.io/","-argocd.argoproj.io/"],"numberOfConcurrentWorkers":5,"maxConcurrentChallenges":60,"metricsListenAddress":"0.0.0.0:9402","metricsTLSConfig":{"filesystem":{},"dynamic":{"LeafDuration":0}},"healthzListenAddress":"0.0.0.0:9403","enablePprof":false,"pprofAddress":"localhost:6060","logging":{"format":"text","flushFrequency":"5s","verbosity":0,"options":{"json":{"infoBufferSize":"0"}}},"ingressShimConfig":{"defaultIssuerKind":"Issuer","defaultIssuerGroup":"cert-manager.io","defaultAutoCertificateAnnotations":["kubernetes.io/tls-acme"]},"acmeHTTP01Config":{"solverImage":"quay.io/jetstack/cert-manager-acmesolver:canary","solverResourceRequestCPU":"10m","solverResourceRequestMemory":"64Mi","solverResourceLimitsCPU":"100m","solverResourceLimitsMemory":"64Mi","solverRunAsNonRoot":true},"acmeDNS01Config":{"recursiveNameserversOnly":false,"checkRetryPeriod":10000000000}} \ No newline at end of file +{ + "kubernetesAPIQPS": 20, + "kubernetesAPIBurst": 50, + "clusterResourceNamespace": "kube-system", + "leaderElectionConfig": { + "enabled": true, + "namespace": "kube-system", + "leaseDuration": 60000000000, + "renewDeadline": 40000000000, + "retryPeriod": 15000000000, + "healthzTimeout": 20000000000 + }, + "controllers": [ + "*" + ], + "issuerAmbientCredentials": false, + "clusterIssuerAmbientCredentials": true, + "enableCertificateOwnerRef": false, + "copiedAnnotationPrefixes": [ + "*", + "-kubectl.kubernetes.io/", + "-fluxcd.io/", + "-argocd.argoproj.io/" + ], + "numberOfConcurrentWorkers": 5, + "maxConcurrentChallenges": 60, + "metricsListenAddress": "0.0.0.0:9402", + "metricsTLSConfig": { + "filesystem": {}, + "dynamic": { + "LeafDuration": 0 + } + }, + "healthzListenAddress": "0.0.0.0:9403", + "enablePprof": false, + "pprofAddress": "localhost:6060", + "logging": { + "format": "text", + "flushFrequency": "5s", + "verbosity": 0, + "options": { + "json": { + "infoBufferSize": "0" + } + } + }, + "ingressShimConfig": { + "defaultIssuerKind": "Issuer", + "defaultIssuerGroup": "cert-manager.io", + "defaultAutoCertificateAnnotations": [ + "kubernetes.io/tls-acme" + ] + }, + "acmeHTTP01Config": { + "solverImage": "quay.io/jetstack/cert-manager-acmesolver:canary", + "solverResourceRequestCPU": "10m", + "solverResourceRequestMemory": "64Mi", + "solverResourceLimitsCPU": "100m", + "solverResourceLimitsMemory": "64Mi", + "solverRunAsNonRoot": true + }, + "acmeDNS01Config": { + "recursiveNameserversOnly": false, + "checkRetryPeriod": 10000000000 + } +} \ No newline at end of file diff --git a/internal/apis/config/webhook/v1alpha1/defaults_test.go b/internal/apis/config/webhook/v1alpha1/defaults_test.go index ed2a79938ec..d25842d3476 100644 --- a/internal/apis/config/webhook/v1alpha1/defaults_test.go +++ b/internal/apis/config/webhook/v1alpha1/defaults_test.go @@ -18,53 +18,47 @@ package v1alpha1 import ( "encoding/json" - "github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1" "os" - "reflect" "testing" -) -const TestFileLocation = "testdata/defaults.json" + "github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1" + "github.com/stretchr/testify/require" +) func TestWebhookConfigurationDefaults(t *testing.T) { - if os.Getenv("UPDATE_DEFAULTS") == "true" { - config := &v1alpha1.WebhookConfiguration{} - SetObjectDefaults_WebhookConfiguration(config) - defaultData, err := json.Marshal(config) - if err != nil { - panic(err) - } - if err := os.WriteFile(TestFileLocation, defaultData, 0644); err != nil { - t.Fatal(err) - } - t.Log("webhook config api defaults updated") - } tests := []struct { - name string - config *v1alpha1.WebhookConfiguration + name string + config *v1alpha1.WebhookConfiguration + jsonFilePath string }{ { "v1alpha1", &v1alpha1.WebhookConfiguration{}, + "testdata/defaults.json", }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { SetObjectDefaults_WebhookConfiguration(tt.config) - var expected *v1alpha1.WebhookConfiguration - expectedData, err := os.ReadFile(TestFileLocation) - err = json.Unmarshal(expectedData, &expected) - + defaultData, err := json.MarshalIndent(tt.config, "", "\t") if err != nil { - t.Fatal("testfile not found") + t.Fatal(err) } - if !reflect.DeepEqual(tt.config, expected) { - prettyExpected, _ := json.MarshalIndent(expected, "", "\t") - prettyGot, _ := json.MarshalIndent(tt.config, "", "\t") - t.Errorf("expected defaults\n %v \n but got \n %v", string(prettyExpected), string(prettyGot)) + if os.Getenv("UPDATE_DEFAULTS") == "true" { + if err := os.WriteFile(tt.jsonFilePath, defaultData, 0644); err != nil { + t.Fatal(err) + } + t.Log("cainjector config api defaults updated") } + + expectedData, err := os.ReadFile(tt.jsonFilePath) + if err != nil { + t.Fatal(err) + } + + require.Equal(t, expectedData, defaultData) }) } } diff --git a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json index a13c4232786..4537a3e9314 100644 --- a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json @@ -1 +1,22 @@ -{"securePort":6443,"healthzPort":6080,"tlsConfig":{"filesystem":{},"dynamic":{"LeafDuration":0}},"enablePprof":false,"pprofAddress":"localhost:6060","logging":{"format":"text","flushFrequency":"5s","verbosity":0,"options":{"json":{"infoBufferSize":"0"}}}} \ No newline at end of file +{ + "securePort": 6443, + "healthzPort": 6080, + "tlsConfig": { + "filesystem": {}, + "dynamic": { + "LeafDuration": 0 + } + }, + "enablePprof": false, + "pprofAddress": "localhost:6060", + "logging": { + "format": "text", + "flushFrequency": "5s", + "verbosity": 0, + "options": { + "json": { + "infoBufferSize": "0" + } + } + } +} \ No newline at end of file diff --git a/make/test.mk b/make/test.mk index 8a14f4d75c2..fdf688b273b 100644 --- a/make/test.mk +++ b/make/test.mk @@ -88,10 +88,10 @@ unit-test-webhook: | $(NEEDS_GOTESTSUM) cd cmd/webhook && $(GOTESTSUM) ./... .PHONY: update-config-api-defaults -update-config-api-defaults: | $(NEEDS_GOTESTSUM) - cd internal/apis/config/cainjector/v1alpha1/ && UPDATE_DEFAULTS=true $(GOTESTSUM) . && echo "cainjector config api defaults updated" - cd internal/apis/config/controller/v1alpha1/ && UPDATE_DEFAULTS=true $(GOTESTSUM) . && echo "controller config api defaults updated" - cd internal/apis/config/webhook/v1alpha1/ && UPDATE_DEFAULTS=true $(GOTESTSUM) . && echo "webhook config api defaults updated" +update-config-api-defaults: | $(NEEDS_GO) + cd internal/apis/config/cainjector/v1alpha1/ && UPDATE_DEFAULTS=true $(GO) test . && echo "cainjector config api defaults updated" + cd internal/apis/config/controller/v1alpha1/ && UPDATE_DEFAULTS=true $(GO) test . && echo "controller config api defaults updated" + cd internal/apis/config/webhook/v1alpha1/ && UPDATE_DEFAULTS=true $(GO) test . && echo "webhook config api defaults updated" .PHONY: setup-integration-tests setup-integration-tests: templated-crds From 76c976bc2d03bc7857859083b72311e5fba4b3ff Mon Sep 17 00:00:00 2001 From: Guillaume Plessis Date: Tue, 17 Oct 2023 08:51:36 -0700 Subject: [PATCH 060/177] Allow the creation of extra manifests via values Signed-off-by: Guillaume Plessis --- .../templates/extras-manifests.yaml | 4 ++++ deploy/charts/cert-manager/values.yaml | 17 +++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 deploy/charts/cert-manager/templates/extras-manifests.yaml diff --git a/deploy/charts/cert-manager/templates/extras-manifests.yaml b/deploy/charts/cert-manager/templates/extras-manifests.yaml new file mode 100644 index 00000000000..a9bb3b6ba8e --- /dev/null +++ b/deploy/charts/cert-manager/templates/extras-manifests.yaml @@ -0,0 +1,4 @@ +{{ range .Values.extraObjects }} +--- +{{ tpl (toYaml .) $ }} +{{ end }} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 03ef4b193dd..3aa3fc55ad5 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -1308,3 +1308,20 @@ startupapicheck: # injected into pod's environment variables, matching the syntax of Docker # links. enableServiceLinks: false + +# Create a dynamic manifests via values: +extraObjects: [] + # - apiVersion: cert-manager.io/v1 + # kind: ClusterIssuer + # metadata: + # name: letsencrypt-prod + # spec: + # acme: + # email: foo@bar.com + # server: https://acme-v02.api.letsencrypt.org/directory + # privateKeySecretRef: + # name: letsencrypt-prod + # solvers: + # - http01: + # ingress: + # class: nginx From 3d58fb701981ec55f076f504cc754b0ccfdaea7c Mon Sep 17 00:00:00 2001 From: Guillaume Plessis Date: Tue, 26 Mar 2024 15:38:35 -0700 Subject: [PATCH 061/177] Remove the tpl fuction to allow more complex use cases Signed-off-by: Guillaume Plessis --- deploy/charts/cert-manager/templates/extras-manifests.yaml | 2 +- deploy/charts/cert-manager/values.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/deploy/charts/cert-manager/templates/extras-manifests.yaml b/deploy/charts/cert-manager/templates/extras-manifests.yaml index a9bb3b6ba8e..9ec3a7e9b2b 100644 --- a/deploy/charts/cert-manager/templates/extras-manifests.yaml +++ b/deploy/charts/cert-manager/templates/extras-manifests.yaml @@ -1,4 +1,4 @@ {{ range .Values.extraObjects }} --- -{{ tpl (toYaml .) $ }} +{{ tpl . $ }} {{ end }} diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 3aa3fc55ad5..9e0dde18731 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -1311,7 +1311,8 @@ startupapicheck: # Create a dynamic manifests via values: extraObjects: [] - # - apiVersion: cert-manager.io/v1 + # - | + # apiVersion: cert-manager.io/v1 # kind: ClusterIssuer # metadata: # name: letsencrypt-prod From fd2645776c7b577b813ac6dec1b3cc48c36ad375 Mon Sep 17 00:00:00 2001 From: Guillaume Plessis Date: Tue, 26 Mar 2024 15:39:10 -0700 Subject: [PATCH 062/177] Update the documentation Signed-off-by: Guillaume Plessis --- deploy/charts/cert-manager/README.template.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index 4de54c53ea2..c1867de1215 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -1805,6 +1805,13 @@ Additional volume mounts to add to the cert-manager controller container. > ``` enableServiceLinks indicates whether information about services should be injected into pod's environment variables, matching the syntax of Docker links. +#### **extraObjects** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Create a dynamic manifests via values: ### Default Security Contexts From f98cfacd1c2a3d00329239f1d43b884fe8cede97 Mon Sep 17 00:00:00 2001 From: Guillaume Plessis Date: Tue, 26 Mar 2024 15:40:59 -0700 Subject: [PATCH 063/177] Fix a typo Signed-off-by: Guillaume Plessis --- deploy/charts/cert-manager/README.template.md | 2 +- deploy/charts/cert-manager/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index c1867de1215..43a7c16c803 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -1811,7 +1811,7 @@ enableServiceLinks indicates whether information about services should be inject > [] > ``` -Create a dynamic manifests via values: +Create dynamic manifests via values: ### Default Security Contexts diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 9e0dde18731..6ae8cb5f39b 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -1309,7 +1309,7 @@ startupapicheck: # links. enableServiceLinks: false -# Create a dynamic manifests via values: +# Create dynamic manifests via values: extraObjects: [] # - | # apiVersion: cert-manager.io/v1 From b1767b4aa9b308d6a87bc0de19809f296a64a6b6 Mon Sep 17 00:00:00 2001 From: Guillaume Plessis Date: Tue, 23 Apr 2024 14:58:28 -0700 Subject: [PATCH 064/177] Address comments from @wallrj Signed-off-by: Guillaume Plessis --- deploy/charts/cert-manager/README.template.md | 13 +++++++++- ...ras-manifests.yaml => extras-objects.yaml} | 0 deploy/charts/cert-manager/values.yaml | 25 +++++++------------ 3 files changed, 21 insertions(+), 17 deletions(-) rename deploy/charts/cert-manager/templates/{extras-manifests.yaml => extras-objects.yaml} (100%) diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index 43a7c16c803..0edb2719045 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -1811,7 +1811,18 @@ enableServiceLinks indicates whether information about services should be inject > [] > ``` -Create dynamic manifests via values: +Create dynamic manifests via values. + +For example: + +```yaml +extraObjects: + - | + apiVersion: v1 + kind: ConfigMap + metadata: + name: '{{ template "cert-manager.name" . }}-extra-configmap' +``` ### Default Security Contexts diff --git a/deploy/charts/cert-manager/templates/extras-manifests.yaml b/deploy/charts/cert-manager/templates/extras-objects.yaml similarity index 100% rename from deploy/charts/cert-manager/templates/extras-manifests.yaml rename to deploy/charts/cert-manager/templates/extras-objects.yaml diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 6ae8cb5f39b..9540fb9d2dd 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -1309,20 +1309,13 @@ startupapicheck: # links. enableServiceLinks: false -# Create dynamic manifests via values: +# Create dynamic manifests via values. +# +# For example: +# extraObjects: +# - | +# apiVersion: v1 +# kind: ConfigMap +# metadata: +# name: '{{ template "cert-manager.name" . }}-extra-configmap' extraObjects: [] - # - | - # apiVersion: cert-manager.io/v1 - # kind: ClusterIssuer - # metadata: - # name: letsencrypt-prod - # spec: - # acme: - # email: foo@bar.com - # server: https://acme-v02.api.letsencrypt.org/directory - # privateKeySecretRef: - # name: letsencrypt-prod - # solvers: - # - http01: - # ingress: - # class: nginx From ad21989f127c4cf903d6bd068a22f7610d7bfaf0 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 24 Apr 2024 16:32:19 +0200 Subject: [PATCH 065/177] improve Makefile generate and verify targets (make them parallelizable) Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- hack/k8s-codegen.sh | 28 +- klone.yaml | 14 +- make/02_mod.mk | 27 +- make/_shared/generate-verify/00_mod.mk | 1 + make/_shared/generate-verify/02_mod.mk | 12 +- make/_shared/generate-verify/util/verify.sh | 1 + make/_shared/go/01_mod.mk | 2 +- make/_shared/tools/00_mod.mk | 308 ++++++++++---------- make/_shared/tools/util/lock.sh | 71 +++++ make/ci.mk | 17 +- make/util.mk | 10 - 11 files changed, 279 insertions(+), 212 deletions(-) create mode 100755 make/_shared/tools/util/lock.sh diff --git a/hack/k8s-codegen.sh b/hack/k8s-codegen.sh index cc7a6ca6aee..40c887060de 100755 --- a/hack/k8s-codegen.sh +++ b/hack/k8s-codegen.sh @@ -18,15 +18,13 @@ set -o errexit set -o nounset set -o pipefail -go=$1 - -clientgen=$2 -deepcopygen=$3 -informergen=$4 -listergen=$5 -defaultergen=$6 -conversiongen=$7 -openapigen=$8 +clientgen=$1 +deepcopygen=$2 +informergen=$3 +listergen=$4 +defaultergen=$5 +conversiongen=$6 +openapigen=$7 # If the envvar "VERIFY_ONLY" is set, we only check if everything's up to date # and don't actually generate anything @@ -124,18 +122,8 @@ clean() { find "$path" -name "$name" -delete } -mkcp() { - src="$1" - dst="$2" - mkdir -p "$(dirname "$dst")" - cp "$src" "$dst" -} - -# Export mkcp for use in sub-shells -export -f mkcp - gen-openapi-acme() { - clean pkg/acme/webhook/openapi '*.go' + clean pkg/acme/webhook/openapi 'zz_generated.openapi.go' echo "+++ ${VERB} ACME openapi..." >&2 mkdir -p hack/openapi_reports "$openapigen" \ diff --git a/klone.yaml b/klone.yaml index b10b0b22ebe..859a441e202 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 + repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 + repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fa9c9274d1d852de501461b9442f7206aaf74007 + repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 + repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 + repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e9363accaaee20a995bbf8f1c9cba2ea77da8935 + repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 04f424fa90aa8ca570278cf0c07b18dea607b542 + repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de repo_path: modules/tools diff --git a/make/02_mod.mk b/make/02_mod.mk index 376114e7f62..e9259b44ee9 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -36,20 +36,29 @@ include make/e2e-setup.mk include make/scan.mk include make/ko.mk +.PHONY: go-workspace +go-workspace: export GOWORK?=$(abspath go.work) +## Create a go.work file in the repository root (or GOWORK) +## +## @category Development +go-workspace: | $(NEEDS_GO) + @rm -f $(GOWORK) + $(GO) work init + $(GO) work use . ./cmd/acmesolver ./cmd/cainjector ./cmd/controller ./cmd/startupapicheck ./cmd/webhook ./test/integration ./test/e2e .PHONY: tidy ## Run "go mod tidy" on each module in this repo ## ## @category Development -tidy: - go mod tidy - cd cmd/acmesolver && go mod tidy - cd cmd/cainjector && go mod tidy - cd cmd/controller && go mod tidy - cd cmd/startupapicheck && go mod tidy - cd cmd/webhook && go mod tidy - cd test/integration && go mod tidy - cd test/e2e && go mod tidy +tidy: | $(NEEDS_GO) + $(GO) mod tidy + cd cmd/acmesolver && $(GO) mod tidy + cd cmd/cainjector && $(GO) mod tidy + cd cmd/controller && $(GO) mod tidy + cd cmd/startupapicheck && $(GO) mod tidy + cd cmd/webhook && $(GO) mod tidy + cd test/integration && $(GO) mod tidy + cd test/e2e && $(GO) mod tidy .PHONY: update-base-images update-base-images: | $(NEEDS_CRANE) diff --git a/make/_shared/generate-verify/00_mod.mk b/make/_shared/generate-verify/00_mod.mk index 9b145a95f04..435551388ad 100644 --- a/make/_shared/generate-verify/00_mod.mk +++ b/make/_shared/generate-verify/00_mod.mk @@ -13,5 +13,6 @@ # limitations under the License. shared_generate_targets ?= +shared_generate_targets_dirty ?= shared_verify_targets ?= shared_verify_targets_dirty ?= diff --git a/make/_shared/generate-verify/02_mod.mk b/make/_shared/generate-verify/02_mod.mk index 2f2daacd976..c1ed5e2bb62 100644 --- a/make/_shared/generate-verify/02_mod.mk +++ b/make/_shared/generate-verify/02_mod.mk @@ -16,18 +16,24 @@ ## Generate all generate targets. ## @category [shared] Generate/ Verify generate: $$(shared_generate_targets) + @echo "The following targets cannot be run simultaniously with each other or other generate scripts:" + $(foreach TARGET,$(shared_generate_targets_dirty), $(MAKE) $(TARGET)) verify_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/verify.sh # Run the supplied make target argument in a temporary workspace and diff the results. verify-%: FORCE - $(verify_script) $(MAKE) -s $* + +$(verify_script) $(MAKE) $* verify_generated_targets = $(shared_generate_targets:%=verify-%) +verify_generated_targets_dirty = $(shared_generate_targets_dirty:%=verify-%) + +verify_targets = $(sort $(verify_generated_targets) $(shared_verify_targets)) +verify_targets_dirty = $(sort $(verify_generated_targets_dirty) $(shared_verify_targets_dirty)) .PHONY: verify ## Verify code and generate targets. ## @category [shared] Generate/ Verify -verify: $$(verify_generated_targets) $$(shared_verify_targets) +verify: $$(verify_targets) @echo "The following targets create temporary files in the current directory, that is why they have to be run last:" - $(MAKE) noop $(shared_verify_targets_dirty) + $(foreach TARGET,$(verify_targets_dirty), $(MAKE) $(TARGET)) diff --git a/make/_shared/generate-verify/util/verify.sh b/make/_shared/generate-verify/util/verify.sh index 206d3e63a7b..0416c671da4 100755 --- a/make/_shared/generate-verify/util/verify.sh +++ b/make/_shared/generate-verify/util/verify.sh @@ -45,6 +45,7 @@ cleanup() { trap "cleanup" EXIT SIGINT cp -a "${projectdir}/." "${tmp}" +rm -rf "${tmp}/_bin" # clear all cached files pushd "${tmp}" >/dev/null "$@" diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk index e12d51e82e4..70f576bf6ea 100644 --- a/make/_shared/go/01_mod.mk +++ b/make/_shared/go/01_mod.mk @@ -72,7 +72,7 @@ shared_generate_targets += generate-golangci-lint-config .PHONY: verify-golangci-lint ## Verify all Go modules using golangci-lint ## @category [shared] Generate/ Verify -verify-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/scratch +verify-golangci-lint: | $(NEEDS_GO) $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/scratch @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ | while read d; do \ echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config)' in directory '$${d}'"; \ diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 3977bfae897..2e76fd16feb 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -18,10 +18,17 @@ endif ########################################## -$(bin_dir)/scratch/image $(bin_dir)/tools $(bin_dir)/downloaded $(bin_dir)/downloaded/tools: +export DOWNLOAD_DIR ?= $(CURDIR)/$(bin_dir)/downloaded +export GOVENDOR_DIR ?= $(CURDIR)/$(bin_dir)/go_vendor + +$(bin_dir)/scratch/image $(bin_dir)/tools $(DOWNLOAD_DIR)/tools: @mkdir -p $@ checkhash_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/checkhash.sh +lock_script := $(dir $(lastword $(MAKEFILE_LIST)))/util/lock.sh + +# $outfile is a variable in the lock script +outfile := $$outfile for_each_kv = $(foreach item,$2,$(eval $(call $1,$(word 1,$(subst =, ,$(item))),$(word 2,$(subst =, ,$(item)))))) @@ -140,7 +147,7 @@ ADDITIONAL_TOOLS ?= TOOLS += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.21.9 +VENDORED_GO_VERSION := 1.22.2 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -206,8 +213,8 @@ $(call UC,$1)_VERSION ?= $2 NEEDS_$(call UC,$1) := $$(bin_dir)/tools/$1 $(call UC,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 -$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call UC,$1)_VERSION | $$(bin_dir)/downloaded/tools/$1@$$($(call UC,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools - cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@) +$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call UC,$1)_VERSION | $$(DOWNLOAD_DIR)/tools/$1@$$($(call UC,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools + @cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@) @touch $$@ # making sure the target of the symlink is newer than *_VERSION endef @@ -229,13 +236,14 @@ TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%) # or when "make vendor-go" was previously run, in which case $(NEEDS_GO) is set # to $(bin_dir)/tools/go, since $(bin_dir)/tools/go is a prerequisite of # any target depending on Go when "make vendor-go" was run. -NEEDS_GO := $(if $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes), $(bin_dir)/tools/go,) +export NEEDS_GO ?= $(if $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes), $(bin_dir)/tools/go,) ifeq ($(NEEDS_GO),) GO := go else export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) GO := $(CURDIR)/$(bin_dir)/tools/go +MAKE := $(MAKE) vendor-go endif .PHONY: vendor-go @@ -262,25 +270,22 @@ which-go: | $(NEEDS_GO) @echo "go binary used for above version information: $(GO)" $(bin_dir)/tools/go: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(bin_dir)/tools/goroot $(bin_dir)/tools - cd $(dir $@) && $(LN) ./goroot/bin/go $(notdir $@) + @cd $(dir $@) && $(LN) ./goroot/bin/go $(notdir $@) @touch $@ # making sure the target of the symlink is newer than *_VERSION # The "_" in "_bin" prevents "go mod tidy" from trying to tidy the vendored goroot. -$(bin_dir)/tools/goroot: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(bin_dir)/go_vendor/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot $(bin_dir)/tools +$(bin_dir)/tools/goroot: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot $(bin_dir)/tools @rm -rf $(bin_dir)/tools/goroot - cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$(word 1,$|)) $(notdir $@) + @cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$(word 1,$|)) $(notdir $@) @touch $@ # making sure the target of the symlink is newer than *_VERSION -# Extract the tar to the _bin/go directory, this directory is not cached across CI runs. -$(bin_dir)/go_vendor/go@$(VENDORED_GO_VERSION)_%/goroot: | $(bin_dir)/downloaded/tools/go@$(VENDORED_GO_VERSION)_%.tar.gz - @rm -rf $@ && mkdir -p $(dir $@) - tar xzf $| -C $(dir $@) - mv $(dir $@)/go $(dir $@)/goroot - -# Keep the downloaded tar so it is cached across CI runs. -.PRECIOUS: $(bin_dir)/downloaded/tools/go@$(VENDORED_GO_VERSION)_%.tar.gz -$(bin_dir)/downloaded/tools/go@$(VENDORED_GO_VERSION)_%.tar.gz: | $(bin_dir)/downloaded/tools - $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(subst _,-,$*).tar.gz -o $@ +# Extract the tar to the $(GOVENDOR_DIR) directory, this directory is not cached across CI runs. +$(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot: | $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz + @source $(lock_script) $@; \ + mkdir -p $(outfile).dir; \ + tar xzf $| -C $(outfile).dir; \ + mv $(outfile).dir/go $(outfile); \ + rm -rf $(outfile).dir ################### # go dependencies # @@ -340,228 +345,220 @@ go_tags_defs = go_tags_$1 += $2 $(call for_each_kv,go_tags_defs,$(GO_TAGS)) define go_dependency -$$(bin_dir)/downloaded/tools/$1@$($(call UC,$1)_VERSION)_%: | $$(NEEDS_GO) $$(bin_dir)/downloaded/tools - GOWORK=off GOBIN=$$(CURDIR)/$$(dir $$@) $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call UC,$1)_VERSION) - @mv $$(CURDIR)/$$(dir $$@)/$1 $$@ +$$(DOWNLOAD_DIR)/tools/$1@$($(call UC,$1)_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $$(NEEDS_GO) $$(DOWNLOAD_DIR)/tools + @source $$(lock_script) $$@; \ + mkdir -p $$(outfile).dir; \ + GOWORK=off GOBIN=$$(outfile).dir $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call UC,$1)_VERSION); \ + mv $$(outfile).dir/$1 $$(outfile); \ + rm -rf $$(outfile).dir endef $(call for_each_kv,go_dependency,$(GO_DEPENDENCIES)) -######## -# Helm # -######## +################## +# File downloads # +################## + +GO_linux_amd64_SHA256SUM=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17 +GO_linux_arm64_SHA256SUM=4d169d9cf3dde1692b81c0fd9484fa28d8bc98f672d06bf9db9c75ada73c5fbc +GO_darwin_amd64_SHA256SUM=c0599a349b8d4a1afa3a1721478bb21136ab96c0d75b5f0a0b5fdc9e3b736880 +GO_darwin_arm64_SHA256SUM=3411600bd7596c57ae29cfdb4978e5d45cafa3f428a44a526ad5a2d5ad870506 + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz +$(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ + $(checkhash_script) $(outfile) $(GO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) HELM_linux_amd64_SHA256SUM=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651 HELM_linux_arm64_SHA256SUM=b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952 HELM_darwin_amd64_SHA256SUM=804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120 HELM_darwin_arm64_SHA256SUM=c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d -$(bin_dir)/downloaded/tools/helm@$(HELM_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(HELM_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $@.tar.gz $(subst _,-,$*)/helm > $@ - chmod +x $@ - rm -f $@.tar.gz - -########### -# kubectl # -########### +.PRECIOUS: $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(HELM_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz $(HOST_OS)-$(HOST_ARCH)/helm > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).tar.gz KUBECTL_linux_amd64_SHA256SUM=69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f KUBECTL_linux_arm64_SHA256SUM=96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b KUBECTL_darwin_amd64_SHA256SUM=c4da86e5c0fc9415db14a48d9ef1515b0b472346cbc9b7f015175b6109505d2c KUBECTL_darwin_arm64_SHA256SUM=c31b99d7bf0faa486a6554c5f96e36af4821a488e90176a12ba18298bc4c8fb0 -$(bin_dir)/downloaded/tools/kubectl@$(KUBECTL_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(subst _,/,$*)/kubectl -o $@ - $(checkhash_script) $@ $(KUBECTL_$*_SHA256SUM) - chmod +x $@ - -######## -# kind # -######## +.PRECIOUS: $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(HOST_OS)/$(HOST_ARCH)/kubectl -o $(outfile); \ + $(checkhash_script) $(outfile) $(KUBECTL_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) KIND_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded KIND_linux_arm64_SHA256SUM=639f7808443559aa30c3642d9913b1615d611a071e34f122340afeda97b8f422 KIND_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad KIND_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf -$(bin_dir)/downloaded/tools/kind@$(KIND_VERSION)_%: | $(bin_dir)/downloaded/tools $(bin_dir)/tools - $(CURL) -sSfL https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(subst _,-,$*) -o $@ - $(checkhash_script) $@ $(KIND_$*_SHA256SUM) - chmod +x $@ - -######### -# vault # -######### +.PRECIOUS: $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools $(bin_dir)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \ + $(checkhash_script) $(outfile) $(KIND_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) VAULT_linux_amd64_SHA256SUM=f42f550713e87cceef2f29a4e2b754491697475e3d26c0c5616314e40edd8e1b VAULT_linux_arm64_SHA256SUM=79aee168078eb8c0dbb31c283e1136a7575f59fe36fccbb1f1ef6a16e0b67fdb VAULT_darwin_amd64_SHA256SUM=a9d7c6e76d7d5c9be546e9a74860b98db6486fc0df095d8b00bc7f63fb1f6c1c VAULT_darwin_arm64_SHA256SUM=4bf594a231bef07fbcfbf7329c8004acb8d219ce6a7aff186e0bac7027a0ab25 -$(bin_dir)/downloaded/tools/vault@$(VAULT_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$*.zip -o $@.zip - $(checkhash_script) $@.zip $(VAULT_$*_SHA256SUM) - unzip -qq -c $@.zip > $@ - chmod +x $@ - rm -f $@.zip - -######## -# azwi # -######## +.PRECIOUS: $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH).zip -o $(outfile).zip; \ + $(checkhash_script) $(outfile).zip $(VAULT_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + unzip -qq -c $(outfile).zip > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).zip AZWI_linux_amd64_SHA256SUM=d2ef0f27609b7157595fe62b13c03381a481f833c1e1b6290df560454890d337 AZWI_linux_arm64_SHA256SUM=72e34bc96611080095e90ecce58a72e50debf846106b13976f2972bf06ae12df AZWI_darwin_amd64_SHA256SUM=2be5f18c0acfb213a22db5a149dd89c7d494690988cb8e8a785dd6915f7094d0 AZWI_darwin_arm64_SHA256SUM=d0b01768102dd472c72c98bb51ae990af8779e811c9f7ab1db48ccefc9988f4c -$(bin_dir)/downloaded/tools/azwi@$(AZWI_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(subst _,-,$*).tar.gz -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(AZWI_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $@.tar.gz azwi > $@ && chmod 775 $@ - rm -f $@.tar.gz - -############################ -# kubebuilder-tools assets # -# kube-apiserver / etcd # -############################ +.PRECIOUS: $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(AZWI_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz azwi > $(outfile) && chmod 775 $(outfile); \ + rm -f $(outfile).tar.gz KUBEBUILDER_TOOLS_linux_amd64_SHA256SUM=e9899574fb92fd4a4ca27539d15a30f313f8a482b61b46cb874a07f2ba4f9bcb KUBEBUILDER_TOOLS_linux_arm64_SHA256SUM=ef22e16c439b45f3e116498f7405be311bab92c3345766ab2142e86458cda92e KUBEBUILDER_TOOLS_darwin_amd64_SHA256SUM=e5796637cc8e40029f0def639bbe7d99193c1872555c919d2b76c32e0e34378f KUBEBUILDER_TOOLS_darwin_arm64_SHA256SUM=9734b90206f17a46f4dd0a7e3bb107d44aec9e79b7b135c6eb7c8a250ffd5e03 -$(bin_dir)/downloaded/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools - $(checkhash_script) $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $< kubebuilder/bin/etcd > $@ && chmod 775 $@ +.PRECIOUS: $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz +$(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ + $(checkhash_script) $(outfile) $(KUBEBUILDER_TOOLS_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) -$(bin_dir)/downloaded/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_%: $(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_%.tar.gz | $(bin_dir)/downloaded/tools - $(checkhash_script) $< $(KUBEBUILDER_TOOLS_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $< kubebuilder/bin/kube-apiserver > $@ && chmod 775 $@ +$(DOWNLOAD_DIR)/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + tar xfO $< kubebuilder/bin/etcd > $(outfile) && chmod 775 $(outfile) -$(bin_dir)/downloaded/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(bin_dir)/downloaded/tools - $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $@ - -########### -# kyverno # -########### +$(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + tar xfO $< kubebuilder/bin/kube-apiserver > $(outfile) && chmod 775 $(outfile) KYVERNO_linux_amd64_SHA256SUM=08cf3640b847e3bbd41c5014ece4e0aa6c39915f5c199eeac8d80267955676e6 KYVERNO_linux_arm64_SHA256SUM=31805a52e98733b390c60636f209e0bda3174bd09e764ba41fa971126b98d2fc KYVERNO_darwin_amd64_SHA256SUM=21fa0733d1a73d510fa0e30ac10310153b7124381aa21224b54fe34a38239542 KYVERNO_darwin_arm64_SHA256SUM=022bc2640f05482cab290ca8cd28a67f55b24c14b93076bd144c37a1732e6d7e -$(bin_dir)/downloaded/tools/kyverno@$(KYVERNO_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(subst amd64,x86_64,$*).tar.gz -fsSL -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(KYVERNO_$*_SHA256SUM) - @# O writes the specified file to stdout - tar xfO $@.tar.gz kyverno > $@ - chmod +x $@ - rm -f $@.tar.gz +.PRECIOUS: $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval ARCH := $(subst amd64,x86_64,$(HOST_ARCH))) -###### -# yq # -###### + @source $(lock_script) $@; \ + $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(HOST_OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(KYVERNO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz kyverno > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).tar.gz YQ_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1 YQ_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6 YQ_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed YQ_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5 -$(bin_dir)/downloaded/tools/yq@$(YQ_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$* -o $@ - $(checkhash_script) $@ $(YQ_$*_SHA256SUM) - chmod +x $@ - -###### -# ko # -###### +.PRECIOUS: $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(HOST_OS)_$(HOST_ARCH) -o $(outfile); \ + $(checkhash_script) $(outfile) $(YQ_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) KO_linux_amd64_SHA256SUM=5b06079590371954cceadf0ddcfa8471afb039c29a2e971043915957366a2f39 KO_linux_arm64_SHA256SUM=fcbb736f7440d686ca1cf8b4c3f6b9b80948eb17d6cef7c14242eddd275cab42 KO_darwin_amd64_SHA256SUM=4f388a4b08bde612a20d799045a57a9b8847483baf1a1590d3c32735e7c30c16 KO_darwin_arm64_SHA256SUM=45f2c1a50fdadb7ef38abbb479897d735c95238ec25c4f505177d77d60ed91d6 -$(bin_dir)/downloaded/tools/ko@$(KO_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(subst linux,Linux,$(subst darwin,Darwin,$(subst amd64,x86_64,$*))).tar.gz -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(KO_$*_SHA256SUM) - tar xfO $@.tar.gz ko > $@ - chmod +x $@ - rm -f $@.tar.gz +.PRECIOUS: $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst linux,Linux,$(subst darwin,Darwin,$(HOST_OS)))) + $(eval ARCH := $(subst amd64,x86_64,$(HOST_ARCH))) -########## -# protoc # -########## + @source $(lock_script) $@; \ + $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(KO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz ko > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).tar.gz PROTOC_linux_amd64_SHA256SUM=78ab9c3288919bdaa6cfcec6127a04813cf8a0ce406afa625e48e816abee2878 PROTOC_linux_arm64_SHA256SUM=07683afc764e4efa3fa969d5f049fbc2bdfc6b4e7786a0b233413ac0d8753f6b PROTOC_darwin_amd64_SHA256SUM=5fe89993769616beff1ed77408d1335216379ce7010eee80284a01f9c87c8888 PROTOC_darwin_arm64_SHA256SUM=8822b090c396800c96ac652040917eb3fbc5e542538861aad7c63b8457934b20 -$(bin_dir)/downloaded/tools/protoc@$(PROTOC_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(subst darwin,osx,$(subst arm64,aarch_64,$(subst amd64,x86_64,$(subst _,-,$*)))).zip -o $@.zip - $(checkhash_script) $@.zip $(PROTOC_$*_SHA256SUM) - unzip -qq -c $@.zip bin/protoc > $@ - chmod +x $@ - rm -f $@.zip +.PRECIOUS: $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst darwin,osx,$(HOST_OS))) + $(eval ARCH := $(subst arm64,aarch_64,$(subst amd64,x86_64,$(HOST_ARCH)))) -######### -# trivy # -######### + @source $(lock_script) $@; \ + $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(OS)-$(ARCH).zip -o $(outfile).zip; \ + $(checkhash_script) $(outfile).zip $(PROTOC_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + unzip -qq -c $(outfile).zip bin/protoc > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).zip TRIVY_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d TRIVY_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b TRIVY_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3 TRIVY_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45 -$(bin_dir)/downloaded/tools/trivy@$(TRIVY_VERSION)_%: | $(bin_dir)/downloaded/tools - $(eval OS_AND_ARCH := $(subst darwin,macOS,$*)) - $(eval OS_AND_ARCH := $(subst linux,Linux,$(OS_AND_ARCH))) - $(eval OS_AND_ARCH := $(subst arm64,ARM64,$(OS_AND_ARCH))) - $(eval OS_AND_ARCH := $(subst amd64,64bit,$(OS_AND_ARCH))) - - $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(subst _,-,$(OS_AND_ARCH)).tar.gz -o $@.tar.gz - $(checkhash_script) $@.tar.gz $(TRIVY_$*_SHA256SUM) - tar xfO $@.tar.gz trivy > $@ - chmod +x $@ - rm $@.tar.gz +.PRECIOUS: $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst linux,Linux,$(subst darwin,macOS,$(HOST_OS)))) + $(eval ARCH := $(subst amd64,64bit,$(subst arm64,ARM64,$(HOST_ARCH)))) -####### -# ytt # -####### + @source $(lock_script) $@; \ + $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(OS)-$(ARCH).tar.gz -o $(outfile).tar.gz; \ + $(checkhash_script) $(outfile).tar.gz $(TRIVY_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + tar xfO $(outfile).tar.gz trivy > $(outfile); \ + chmod +x $(outfile); \ + rm $(outfile).tar.gz YTT_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8 YTT_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b YTT_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76 YTT_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9 -$(bin_dir)/downloaded/tools/ytt@$(YTT_VERSION)_%: | $(bin_dir)/downloaded/tools - $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(subst _,-,$*) -o $@ - $(checkhash_script) $@ $(YTT_$*_SHA256SUM) - chmod +x $@ - -########## -# rclone # -########## +.PRECIOUS: $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \ + $(checkhash_script) $(outfile) $(YTT_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) RCLONE_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7 RCLONE_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749 RCLONE_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640 RCLONE_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a -$(bin_dir)/downloaded/tools/rclone@$(RCLONE_VERSION)_%: | $(bin_dir)/downloaded/tools - $(eval OS_AND_ARCH := $(subst darwin,osx,$*)) - $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(subst _,-,$(OS_AND_ARCH)).zip -o $@.zip - $(checkhash_script) $@.zip $(RCLONE_$*_SHA256SUM) - @# -p writes to stdout, the second file arg specifies the sole file we - @# want to extract - unzip -p $@.zip rclone-$(RCLONE_VERSION)-$(subst _,-,$(OS_AND_ARCH))/rclone > $@ - chmod +x $@ - rm -f $@.zip +.PRECIOUS: $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + $(eval OS := $(subst darwin,osx,$(HOST_OS))) + + @source $(lock_script) $@; \ + $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH).zip -o $(outfile).zip; \ + $(checkhash_script) $(outfile).zip $(RCLONE_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + unzip -p $(outfile).zip rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH)/rclone > $(outfile); \ + chmod +x $(outfile); \ + rm -f $(outfile).zip ################# # Other Targets # @@ -606,6 +603,11 @@ tools-learn-sha: | $(bin_dir) HOST_OS=linux HOST_ARCH=arm64 $(MAKE) tools HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools + + HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go + HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go + HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go + HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) vendor-go while read p; do \ sed -i "$$p" $(self_file); \ diff --git a/make/_shared/tools/util/lock.sh b/make/_shared/tools/util/lock.sh new file mode 100755 index 00000000000..6c6a7b84ca9 --- /dev/null +++ b/make/_shared/tools/util/lock.sh @@ -0,0 +1,71 @@ +#!/usr/bin/env bash + +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -eu -o pipefail + +# This script is used to lock a file while it is being downloaded. It prevents +# multiple processes from downloading the same file at the same time or from reading +# a half-downloaded file. +# We need this solution because we have recursive $(MAKE) calls in our makefile +# which each will try to download a set of tools. To prevent them from all downloading +# the same files, we re-use the same downloads folder for all $(MAKE) invocations and +# use this script to deduplicate the download processes. + +finalfile="$1" +lockfile="$finalfile.lock" +# Timeout in seconds. +timeout=60 + +# On OSX, flock is not installed, we just skip locking in that case, +# this means that running verify in parallel without downloading all +# tools first will not work. +flock_installed=$(command -v flock >/dev/null && echo "yes" || echo "no") + +if [[ "$flock_installed" == "yes" ]]; then + mkdir -p "$(dirname "$lockfile")" + touch "$lockfile" + exec {FD}<>"$lockfile" + + # wait for the file to be unlocked + if ! flock -x -w $timeout $FD; then + echo "Failed to obtain a lock for $lockfile within $timeout seconds" + exit 1 + fi +fi + +# now that we have the lock, check if file is already there +if [[ -e "$finalfile" ]]; then + exit 0 +fi + +# use a temporary file to prevent Make from thinking the file is ready +# while in reality is is only a partial download +# shellcheck disable=SC2034 +outfile="$finalfile.tmp" + +finish() { + rv=$? + if [[ $rv -eq 0 ]]; then + mv "$outfile" "$finalfile" + echo "[info]: downloaded $finalfile" + else + rm -rf "$outfile" || true + rm -rf "$finalfile" || true + fi + rm -rf "$lockfile" || true + exit $rv +} +trap finish EXIT diff --git a/make/ci.mk b/make/ci.mk index d329f6d1523..e5ae383d32e 100644 --- a/make/ci.mk +++ b/make/ci.mk @@ -44,10 +44,11 @@ generate-crds: | $(NEEDS_CONTROLLER-GEN) shared_generate_targets += generate-crds -.PHONY: verify-codegen -verify-codegen: | $(NEEDS_GO) $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_INFORMER-GEN) $(NEEDS_LISTER-GEN) $(NEEDS_DEFAULTER-GEN) $(NEEDS_CONVERSION-GEN) $(NEEDS_OPENAPI-GEN) +# Overwrite the verify-generate-codegen target with this +# optimised target. +.PHONY: verify-generate-codegen +verify-generate-codegen: | $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_INFORMER-GEN) $(NEEDS_LISTER-GEN) $(NEEDS_DEFAULTER-GEN) $(NEEDS_CONVERSION-GEN) $(NEEDS_OPENAPI-GEN) VERIFY_ONLY="true" ./hack/k8s-codegen.sh \ - $(GO) \ $(CLIENT-GEN) \ $(DEEPCOPY-GEN) \ $(INFORMER-GEN) \ @@ -56,12 +57,11 @@ verify-codegen: | $(NEEDS_GO) $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_ $(CONVERSION-GEN) \ $(OPENAPI-GEN) -shared_verify_targets += verify-codegen +shared_verify_targets += verify-generate-codegen .PHONY: generate-codegen -generate-codegen: | $(NEEDS_GO) $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_INFORMER-GEN) $(NEEDS_LISTER-GEN) $(NEEDS_DEFAULTER-GEN) $(NEEDS_CONVERSION-GEN) $(NEEDS_OPENAPI-GEN) +generate-codegen: | $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_INFORMER-GEN) $(NEEDS_LISTER-GEN) $(NEEDS_DEFAULTER-GEN) $(NEEDS_CONVERSION-GEN) $(NEEDS_OPENAPI-GEN) ./hack/k8s-codegen.sh \ - $(GO) \ $(CLIENT-GEN) \ $(DEEPCOPY-GEN) \ $(INFORMER-GEN) \ @@ -70,7 +70,7 @@ generate-codegen: | $(NEEDS_GO) $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEED $(CONVERSION-GEN) \ $(OPENAPI-GEN) -shared_generate_targets += generate-codegen +shared_generate_targets_dirty += generate-codegen .PHONY: generate-helm-docs generate-helm-docs: deploy/charts/cert-manager/README.template.md deploy/charts/cert-manager/values.yaml | $(NEEDS_HELM-TOOL) @@ -87,8 +87,7 @@ shared_generate_targets += generate-helm-docs ## request or change is merged. ## ## @category CI -ci-presubmit: $(NEEDS_GO) - $(MAKE) -j1 verify +ci-presubmit: verify .PHONY: generate-all ## Update CRDs, code generation and licenses to the latest versions. diff --git a/make/util.mk b/make/util.mk index 836dc8141cd..a33003fb6dc 100644 --- a/make/util.mk +++ b/make/util.mk @@ -32,13 +32,3 @@ print-sources: .PHONY: print-source-dirs print-source-dirs: @echo $(SOURCE_DIRS) - -.PHONY: go-workspace -go-workspace: export GOWORK?=$(abspath go.work) -## Create a go.work file in the repository root (or GOWORK) -## -## @category Development -go-workspace: - @rm -f $(GOWORK) - go work init - go work use . ./cmd/acmesolver ./cmd/cainjector ./cmd/controller ./cmd/startupapicheck ./cmd/webhook ./test/integration ./test/e2e From 14be70b77ae6135549d163641733fa5566f85419 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 25 Apr 2024 09:58:47 +0100 Subject: [PATCH 066/177] ignore CVE-2020-8559 in trivy scans Signed-off-by: Ashley Davis --- .trivyignore | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .trivyignore diff --git a/.trivyignore b/.trivyignore new file mode 100644 index 00000000000..1f32ed27a4e --- /dev/null +++ b/.trivyignore @@ -0,0 +1,4 @@ +# CVE-2020-8559 is a vuln in old Kubernetes versions which seems to be incorrectly flagged by trivy. It seems like +# the version detection is wrongly looking at apiserver packages with versions < 1 - but all apiserver packages have +# a major version of 0. In any case this is a vuln in Kubernetes clusters, not in our code. +CVE-2020-8559 From 8122c024091ab58c713925795187ade46853909e Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Thu, 25 Apr 2024 15:24:26 +0000 Subject: [PATCH 067/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- Makefile | 4 ++++ klone.yaml | 14 +++++++------- make/_shared/generate-verify/util/verify.sh | 3 +-- make/_shared/help/help.sh | 4 +++- make/_shared/repository-base/base/Makefile | 4 ++++ make/_shared/tools/00_mod.mk | 1 + make/_shared/tools/util/checkhash.sh | 4 +++- make/_shared/tools/util/hash.sh | 4 +++- make/_shared/tools/util/lock.sh | 7 ++++--- 9 files changed, 30 insertions(+), 15 deletions(-) diff --git a/Makefile b/Makefile index 6e1916a5a6d..b1a838aaea9 100644 --- a/Makefile +++ b/Makefile @@ -48,6 +48,10 @@ FORCE: noop: # do nothing +# Set empty value for MAKECMDGOALS to prevent the "warning: undefined variable 'MAKECMDGOALS'" +# warning from happening when running make without arguments +MAKECMDGOALS ?= + ################################## # Host OS and architecture setup # ################################## diff --git a/klone.yaml b/klone.yaml index 859a441e202..e58d7c9f7c1 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de + repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de + repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de + repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de + repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de + repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de + repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ad721163bbe8d8d755d54c88a2b2475aeb7c79de + repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 repo_path: modules/tools diff --git a/make/_shared/generate-verify/util/verify.sh b/make/_shared/generate-verify/util/verify.sh index 0416c671da4..4dbaefa269a 100755 --- a/make/_shared/generate-verify/util/verify.sh +++ b/make/_shared/generate-verify/util/verify.sh @@ -44,8 +44,7 @@ cleanup() { } trap "cleanup" EXIT SIGINT -cp -a "${projectdir}/." "${tmp}" -rm -rf "${tmp}/_bin" # clear all cached files +rsync -aEq "${projectdir}/." "${tmp}" --exclude "_bin/" pushd "${tmp}" >/dev/null "$@" diff --git a/make/_shared/help/help.sh b/make/_shared/help/help.sh index 96c4ad8e062..d9c831ff774 100755 --- a/make/_shared/help/help.sh +++ b/make/_shared/help/help.sh @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -eu -o pipefail +set -o errexit +set -o nounset +set -o pipefail ## 1. Build set of extracted line items diff --git a/make/_shared/repository-base/base/Makefile b/make/_shared/repository-base/base/Makefile index 6e1916a5a6d..b1a838aaea9 100644 --- a/make/_shared/repository-base/base/Makefile +++ b/make/_shared/repository-base/base/Makefile @@ -48,6 +48,10 @@ FORCE: noop: # do nothing +# Set empty value for MAKECMDGOALS to prevent the "warning: undefined variable 'MAKECMDGOALS'" +# warning from happening when running make without arguments +MAKECMDGOALS ?= + ################################## # Host OS and architecture setup # ################################## diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 2e76fd16feb..7a7ed44796a 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -576,6 +576,7 @@ $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN MISSING=$(shell (command -v curl >/dev/null || echo curl) \ && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ + && (command -v rsync >/dev/null || echo rsync) \ && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) diff --git a/make/_shared/tools/util/checkhash.sh b/make/_shared/tools/util/checkhash.sh index f626f6f9cfe..62e5489bad4 100755 --- a/make/_shared/tools/util/checkhash.sh +++ b/make/_shared/tools/util/checkhash.sh @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -eu -o pipefail +set -o errexit +set -o nounset +set -o pipefail SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" diff --git a/make/_shared/tools/util/hash.sh b/make/_shared/tools/util/hash.sh index 3e58bfcb8f5..21d006fc8fa 100755 --- a/make/_shared/tools/util/hash.sh +++ b/make/_shared/tools/util/hash.sh @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -eu -o pipefail +set -o errexit +set -o nounset +set -o pipefail # This script is a wrapper for outputting purely the sha256 hash of the input file, # ideally in a portable way. diff --git a/make/_shared/tools/util/lock.sh b/make/_shared/tools/util/lock.sh index 6c6a7b84ca9..d3c437ef2c2 100755 --- a/make/_shared/tools/util/lock.sh +++ b/make/_shared/tools/util/lock.sh @@ -14,7 +14,9 @@ # See the License for the specific language governing permissions and # limitations under the License. -set -eu -o pipefail +set -o errexit +set -o nounset +set -o pipefail # This script is used to lock a file while it is being downloaded. It prevents # multiple processes from downloading the same file at the same time or from reading @@ -66,6 +68,5 @@ finish() { rm -rf "$finalfile" || true fi rm -rf "$lockfile" || true - exit $rv } -trap finish EXIT +trap finish EXIT SIGINT From a7f089b64c130a7215f87af99a5ee7713bb68043 Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Thu, 25 Apr 2024 16:52:14 +0100 Subject: [PATCH 068/177] feat: graduate gateway-api to beta and enable by default Signed-off-by: Adam Talbot --- cmd/controller/app/controller.go | 6 +++++- cmd/controller/app/options/options.go | 5 ++++- internal/apis/config/controller/types.go | 5 +++++ .../apis/config/controller/v1alpha1/defaults.go | 5 +++++ .../controller/v1alpha1/testdata/defaults.json | 1 + .../controller/v1alpha1/zz_generated.conversion.go | 6 ++++++ internal/controller/feature/features.go | 3 ++- make/e2e-setup.mk | 4 ++-- pkg/apis/config/controller/v1alpha1/types.go | 5 +++++ .../controller/v1alpha1/zz_generated.deepcopy.go | 5 +++++ pkg/controller/context.go | 14 ++++++++++---- 11 files changed, 50 insertions(+), 9 deletions(-) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 1788ae70f0b..e45f320e9c1 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -259,7 +259,7 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error { ctx.KubeSharedInformerFactory.Start(rootCtx.Done()) ctx.HTTP01ResourceMetadataInformersFactory.Start(rootCtx.Done()) - if utilfeature.DefaultFeatureGate.Enabled(feature.ExperimentalGatewayAPISupport) { + if utilfeature.DefaultFeatureGate.Enabled(feature.ExperimentalGatewayAPISupport) && opts.EnableGatewayAPI { ctx.GWShared.Start(rootCtx.Done()) } @@ -358,6 +358,10 @@ func buildControllerContextFactory(ctx context.Context, opts *config.ControllerC EnableOwnerRef: opts.EnableCertificateOwnerRef, CopiedAnnotationPrefixes: opts.CopiedAnnotationPrefixes, }, + + ConfigOptions: controller.ConfigOptions{ + EnableGatewayAPI: opts.EnableGatewayAPI, + }, }) if err != nil { return nil, err diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 8fa78c1395e..f98500787e9 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -170,6 +170,9 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) { fs.BoolVar(&c.EnableCertificateOwnerRef, "enable-certificate-owner-ref", c.EnableCertificateOwnerRef, ""+ "Whether to set the certificate resource as an owner of secret where the tls certificate is stored. "+ "When this flag is enabled, the secret will be automatically removed when the certificate resource is deleted.") + fs.BoolVar(&c.EnableGatewayAPI, "enable-gateway-api", c.EnableGatewayAPI, ""+ + "Whether gateway API integration is enabled within cert-manager. The ExperimentalGatewayAPISupport "+ + "feature gate must also be enabled (default as of 1.15).") fs.StringSliceVar(&c.CopiedAnnotationPrefixes, "copied-annotation-prefixes", c.CopiedAnnotationPrefixes, "Specify which annotations should/shouldn't be copied"+ "from Certificate to CertificateRequest and Order, as well as from CertificateSigningRequest to Order, by passing a list of annotation key prefixes."+ "A prefix starting with a dash(-) specifies an annotation that shouldn't be copied. Example: '*,-kubectl.kuberenetes.io/'- all annotations"+ @@ -249,7 +252,7 @@ func EnabledControllers(o *config.ControllerConfiguration) sets.Set[string] { enabled = enabled.Insert(defaults.ExperimentalCertificateSigningRequestControllers...) } - if utilfeature.DefaultFeatureGate.Enabled(feature.ExperimentalGatewayAPISupport) { + if utilfeature.DefaultFeatureGate.Enabled(feature.ExperimentalGatewayAPISupport) && o.EnableGatewayAPI { logf.Log.Info("enabling the sig-network Gateway API certificate-shim and HTTP-01 solver") enabled = enabled.Insert(shimgatewaycontroller.ControllerName) } diff --git a/internal/apis/config/controller/types.go b/internal/apis/config/controller/types.go index a9f7f0e1835..8f46c03d9ae 100644 --- a/internal/apis/config/controller/types.go +++ b/internal/apis/config/controller/types.go @@ -79,6 +79,11 @@ type ControllerConfiguration struct { // automatically removed when the certificate resource is deleted. EnableCertificateOwnerRef bool + // Whether gateway API integration is enabled within cert-manager. The + // ExperimentalGatewayAPISupport feature gate must also be enabled (default + // as of 1.15). + EnableGatewayAPI bool + // Specify which annotations should/shouldn't be copied from Certificate to // CertificateRequest and Order, as well as from CertificateSigningRequest to // Order, by passing a list of annotation key prefixes. A prefix starting with diff --git a/internal/apis/config/controller/v1alpha1/defaults.go b/internal/apis/config/controller/v1alpha1/defaults.go index 7384cef6385..a7741ca014c 100644 --- a/internal/apis/config/controller/v1alpha1/defaults.go +++ b/internal/apis/config/controller/v1alpha1/defaults.go @@ -78,6 +78,7 @@ var ( defaultTLSACMEIssuerKind = "Issuer" defaultTLSACMEIssuerGroup = cm.GroupName defaultEnableCertificateOwnerRef = false + defaultEnableGatewayAPI = false defaultDNS01RecursiveNameserversOnly = false defaultDNS01RecursiveNameservers = []string{} @@ -213,6 +214,10 @@ func SetDefaults_ControllerConfiguration(obj *v1alpha1.ControllerConfiguration) obj.EnableCertificateOwnerRef = &defaultEnableCertificateOwnerRef } + if obj.EnableGatewayAPI == nil { + obj.EnableGatewayAPI = &defaultEnableGatewayAPI + } + if len(obj.CopiedAnnotationPrefixes) == 0 { obj.CopiedAnnotationPrefixes = defaultCopiedAnnotationPrefixes } diff --git a/internal/apis/config/controller/v1alpha1/testdata/defaults.json b/internal/apis/config/controller/v1alpha1/testdata/defaults.json index 1004ab5d9e1..00931d0630c 100644 --- a/internal/apis/config/controller/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/controller/v1alpha1/testdata/defaults.json @@ -16,6 +16,7 @@ "issuerAmbientCredentials": false, "clusterIssuerAmbientCredentials": true, "enableCertificateOwnerRef": false, + "enableGatewayAPI": false, "copiedAnnotationPrefixes": [ "*", "-kubectl.kubernetes.io/", diff --git a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go index 382d3c4089c..ba253403258 100644 --- a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go @@ -230,6 +230,9 @@ func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfig if err := v1.Convert_Pointer_bool_To_bool(&in.EnableCertificateOwnerRef, &out.EnableCertificateOwnerRef, s); err != nil { return err } + if err := v1.Convert_Pointer_bool_To_bool(&in.EnableGatewayAPI, &out.EnableGatewayAPI, s); err != nil { + return err + } out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes)) if err := Convert_Pointer_int32_To_int(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil { return err @@ -289,6 +292,9 @@ func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfig if err := v1.Convert_bool_To_Pointer_bool(&in.EnableCertificateOwnerRef, &out.EnableCertificateOwnerRef, s); err != nil { return err } + if err := v1.Convert_bool_To_Pointer_bool(&in.EnableGatewayAPI, &out.EnableGatewayAPI, s); err != nil { + return err + } out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes)) if err := Convert_int_To_Pointer_int32(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil { return err diff --git a/internal/controller/feature/features.go b/internal/controller/feature/features.go index dcaa66de577..52650700602 100644 --- a/internal/controller/feature/features.go +++ b/internal/controller/feature/features.go @@ -56,6 +56,7 @@ const ( // Owner: N/A // Alpha: v1.5 + // Beta: v1.15 // // ExperimentalGatewayAPISupport enables the gateway-shim controller and adds support for // the Gateway API to the HTTP-01 challenge solver. @@ -150,7 +151,7 @@ var defaultCertManagerFeatureGates = map[featuregate.Feature]featuregate.Feature ValidateCAA: {Default: false, PreRelease: featuregate.Alpha}, ExperimentalCertificateSigningRequestControllers: {Default: false, PreRelease: featuregate.Alpha}, - ExperimentalGatewayAPISupport: {Default: false, PreRelease: featuregate.Alpha}, + ExperimentalGatewayAPISupport: {Default: true, PreRelease: featuregate.Beta}, AdditionalCertificateOutputFormats: {Default: false, PreRelease: featuregate.Alpha}, ServerSideApply: {Default: false, PreRelease: featuregate.Alpha}, LiteralCertificateSubject: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/make/e2e-setup.mk b/make/e2e-setup.mk index 206167ad36e..e51ded52d93 100644 --- a/make/e2e-setup.mk +++ b/make/e2e-setup.mk @@ -306,7 +306,7 @@ e2e-setup-certmanager: e2e-setup-gatewayapi $(E2E_SETUP_OPTION_DEPENDENCIES) $(b $(addprefix --version,$(E2E_CERT_MANAGER_VERSION)) \ --set crds.enabled=true \ --set featureGates="$(feature_gates_controller)" \ - --set "extraArgs={--kube-api-qps=9000,--kube-api-burst=9000,--concurrent-workers=200}" \ + --set "extraArgs={--kube-api-qps=9000,--kube-api-burst=9000,--concurrent-workers=200,--enable-gateway-api}" \ --set webhook.featureGates="$(feature_gates_webhook)" \ --set "cainjector.extraArgs={--feature-gates=$(feature_gates_cainjector)}" \ --set "dns01RecursiveNameservers=$(SERVICE_IP_PREFIX).16:53" \ @@ -334,7 +334,7 @@ e2e-setup-certmanager: $(bin_dir)/cert-manager.tgz $(foreach binaryname,controll --set startupapicheck.image.tag="$(TAG)" \ --set crds.enabled=true \ --set featureGates="$(feature_gates_controller)" \ - --set "extraArgs={--kube-api-qps=9000,--kube-api-burst=9000,--concurrent-workers=200}" \ + --set "extraArgs={--kube-api-qps=9000,--kube-api-burst=9000,--concurrent-workers=200,--enable-gateway-api}" \ --set webhook.featureGates="$(feature_gates_webhook)" \ --set "cainjector.extraArgs={--feature-gates=$(feature_gates_cainjector)}" \ --set "dns01RecursiveNameservers=$(SERVICE_IP_PREFIX).16:53" \ diff --git a/pkg/apis/config/controller/v1alpha1/types.go b/pkg/apis/config/controller/v1alpha1/types.go index 6884af223af..718dceac524 100644 --- a/pkg/apis/config/controller/v1alpha1/types.go +++ b/pkg/apis/config/controller/v1alpha1/types.go @@ -81,6 +81,11 @@ type ControllerConfiguration struct { // automatically removed when the certificate resource is deleted. EnableCertificateOwnerRef *bool `json:"enableCertificateOwnerRef,omitempty"` + // Whether gateway API integration is enabled within cert-manager. The + // ExperimentalGatewayAPISupport feature gate must also be enabled (default + // as of 1.15). + EnableGatewayAPI *bool `json:"enableGatewayAPI,omitempty"` + // Specify which annotations should/shouldn't be copied from Certificate to // CertificateRequest and Order, as well as from CertificateSigningRequest to // Order, by passing a list of annotation key prefixes. A prefix starting with diff --git a/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go index 5745d606307..dea240802a8 100644 --- a/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go @@ -112,6 +112,11 @@ func (in *ControllerConfiguration) DeepCopyInto(out *ControllerConfiguration) { *out = new(bool) **out = **in } + if in.EnableGatewayAPI != nil { + in, out := &in.EnableGatewayAPI, &out.EnableGatewayAPI + *out = new(bool) + **out = **in + } if in.CopiedAnnotationPrefixes != nil { in, out := &in.CopiedAnnotationPrefixes, &out.CopiedAnnotationPrefixes *out = make([]string, len(*in)) diff --git a/pkg/controller/context.go b/pkg/controller/context.go index ae22bc4dc3f..bb76b295c10 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -153,6 +153,12 @@ type ContextOptions struct { IngressShimOptions CertificateOptions SchedulerOptions + ConfigOptions +} + +type ConfigOptions struct { + // EnableGatewayAPI indicates if the user has enabled GatewayAPI support. + EnableGatewayAPI bool } type IssuerOptions struct { @@ -275,7 +281,7 @@ func NewContextFactory(ctx context.Context, opts ContextOptions) (*ContextFactor restConfig.RateLimiter = flowcontrol.NewTokenBucketRateLimiter(restConfig.QPS, restConfig.Burst) } - clients, err := buildClients(restConfig) + clients, err := buildClients(restConfig, opts) if err != nil { return nil, err } @@ -331,7 +337,7 @@ func (c *ContextFactory) Build(component ...string) (*Context, error) { cmscheme.AddToScheme(scheme) gwscheme.AddToScheme(scheme) - clients, err := buildClients(restConfig) + clients, err := buildClients(restConfig, c.ctx.ContextOptions) if err != nil { return nil, err } @@ -371,7 +377,7 @@ type contextClients struct { // buildClients builds all required clients for the context using the given // REST config. -func buildClients(restConfig *rest.Config) (contextClients, error) { +func buildClients(restConfig *rest.Config, opts ContextOptions) (contextClients, error) { httpClient, err := rest.HTTPClientFor(restConfig) if err != nil { return contextClients{}, fmt.Errorf("error creating HTTP client: %w", err) @@ -397,7 +403,7 @@ func buildClients(restConfig *rest.Config) (contextClients, error) { var gatewayAvailable bool // Check if the Gateway API feature gate was enabled - if utilfeature.DefaultFeatureGate.Enabled(feature.ExperimentalGatewayAPISupport) { + if utilfeature.DefaultFeatureGate.Enabled(feature.ExperimentalGatewayAPISupport) && opts.EnableGatewayAPI { // Check if the gateway API CRDs are available. If they are not found // return an error which will cause cert-manager to crashloopbackoff. d := kubeClient.Discovery() From f9f2e1cd8f2e228f14da81ef894297fad687b10a Mon Sep 17 00:00:00 2001 From: findnature Date: Wed, 24 Apr 2024 12:03:19 +0800 Subject: [PATCH 069/177] chore: remove repetitive words Signed-off-by: findnature --- design/20190708.certificate-request-crd.md | 2 +- internal/controller/feature/features.go | 2 +- test/integration/certificates/issuing_controller_test.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/design/20190708.certificate-request-crd.md b/design/20190708.certificate-request-crd.md index 9b990c830e5..1d960946b24 100644 --- a/design/20190708.certificate-request-crd.md +++ b/design/20190708.certificate-request-crd.md @@ -111,7 +111,7 @@ same code base and repository. - This proposal does not document or explore possible or planned integrations using this new functionality. - This proposal will not investigate possible alignment or merging with the - Kubernetes internal `CertificateSigningRequest` resource. Although is is of + Kubernetes internal `CertificateSigningRequest` resource. Although it is of interest, the motivation is mostly in order to get a built-in approval workflow for CertificateRequests. The feasibility of being able to implement a solution using the built-in type in the near future however is small, so we'd rather diff --git a/internal/controller/feature/features.go b/internal/controller/feature/features.go index dcaa66de577..011ef373aa6 100644 --- a/internal/controller/feature/features.go +++ b/internal/controller/feature/features.go @@ -107,7 +107,7 @@ const ( // `controller.cert-manager.io/fao` label. By default all Certificate // Secrets are labelled with controller.cert-manager.io/fao label. Users // can also label other Secrets, such as issuer credentials Secrets that - // they know cert-manager will need access to to speed up issuance. + // they know cert-manager will need to access, to speed up issuance. // See https://github.com/cert-manager/cert-manager/blob/master/design/20221205-memory-management.md SecretsFilteredCaching featuregate.Feature = "SecretsFilteredCaching" diff --git a/test/integration/certificates/issuing_controller_test.go b/test/integration/certificates/issuing_controller_test.go index 9ce8130ddb7..1a51377e53e 100644 --- a/test/integration/certificates/issuing_controller_test.go +++ b/test/integration/certificates/issuing_controller_test.go @@ -943,7 +943,7 @@ func Test_IssuingController_AdditionalOutputFormats(t *testing.T) { pkDER := block.Bytes combinedPEM := append(append(pkBytes, '\n'), certPEM...) - // Wait for the additional output format values to to be observed on the Secret. + // Wait for the additional output format values to be observed on the Secret. err = wait.PollUntilContextCancel(ctx, time.Millisecond*100, true, func(ctx context.Context) (done bool, err error) { secret, err := kubeClient.CoreV1().Secrets(namespace).Get(ctx, secretName, metav1.GetOptions{}) if err != nil { From 38cd0accdbd7259b47350ff164d58840c81ad157 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 26 Apr 2024 16:14:31 +0200 Subject: [PATCH 070/177] graduate 'DisallowInsecureCSRUsageDefinition' to GA Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 2 +- .../validation/certificaterequest.go | 34 +--- internal/controller/feature/features.go | 3 +- internal/webhook/feature/features.go | 1 + pkg/util/pki/certificatetemplate.go | 43 ++--- .../validation/certificaterequest_test.go | 165 ------------------ 6 files changed, 25 insertions(+), 223 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 7c830b1f029..2f87f07917d 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -45,7 +45,7 @@ issues: text: "SA(1002|1006|4000|4006)" - linters: - staticcheck - text: "(NewCertManagerBasicCertificateRequest|DeprecatedCertificateTemplateFromCertificateRequestAndAllowInsecureCSRUsageDefinition)" + text: "(NewCertManagerBasicCertificateRequest)" linters: # Explicitly define all enabled linters disable-all: true diff --git a/internal/apis/certmanager/validation/certificaterequest.go b/internal/apis/certmanager/validation/certificaterequest.go index 9db156ec87c..a57c984adbf 100644 --- a/internal/apis/certmanager/validation/certificaterequest.go +++ b/internal/apis/certmanager/validation/certificaterequest.go @@ -27,11 +27,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/internal/apis/certmanager" cmmeta "github.com/cert-manager/cert-manager/internal/apis/meta" - "github.com/cert-manager/cert-manager/internal/webhook/feature" "github.com/cert-manager/cert-manager/pkg/apis/acme" "github.com/cert-manager/cert-manager/pkg/apis/certmanager" cmapiv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/pkg/util/pki" ) @@ -109,30 +107,14 @@ func validateCertificateRequestSpecRequest(crSpec *cmapi.CertificateRequestSpec, return el } - // If DisallowInsecureCSRUsageDefinition is disabled and usages is empty, - // then we should allow the request to be created without requiring that the - // CSR usages match the default usages, instead we only validate that the - // BasicConstraints are valid. - // TODO: simplify this logic when we remove the feature gate - if !utilfeature.DefaultMutableFeatureGate.Enabled(feature.DisallowInsecureCSRUsageDefinition) && len(crSpec.Usages) == 0 { - _, err = pki.CertificateTemplateFromCSRPEM( - crSpec.Request, - pki.CertificateTemplateValidateAndOverrideBasicConstraints(crSpec.IsCA, nil), - ) - if err != nil { - el = append(el, field.Invalid(fldPath.Child("request"), crSpec.Request, err.Error())) - return el - } - } else { - _, err = pki.CertificateTemplateFromCSRPEM( - crSpec.Request, - pki.CertificateTemplateValidateAndOverrideBasicConstraints(crSpec.IsCA, nil), - pki.CertificateTemplateValidateAndOverrideKeyUsages(keyUsage, extKeyUsage), - ) - if err != nil { - el = append(el, field.Invalid(fldPath.Child("request"), crSpec.Request, err.Error())) - return el - } + _, err = pki.CertificateTemplateFromCSRPEM( + crSpec.Request, + pki.CertificateTemplateValidateAndOverrideBasicConstraints(crSpec.IsCA, nil), + pki.CertificateTemplateValidateAndOverrideKeyUsages(keyUsage, extKeyUsage), + ) + if err != nil { + el = append(el, field.Invalid(fldPath.Child("request"), crSpec.Request, err.Error())) + return el } return el diff --git a/internal/controller/feature/features.go b/internal/controller/feature/features.go index 011ef373aa6..d069f0b9013 100644 --- a/internal/controller/feature/features.go +++ b/internal/controller/feature/features.go @@ -113,6 +113,7 @@ const ( // Owner: @inteon // Beta: v1.13 + // GA: v1.15 // // DisallowInsecureCSRUsageDefinition will prevent the webhook from allowing // CertificateRequest's usages to be only defined in the CSR, while leaving @@ -144,7 +145,7 @@ func init() { // To add a new feature, define a key for it above and add it here. The features will be // available on the cert-manager controller binary. var defaultCertManagerFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ - DisallowInsecureCSRUsageDefinition: {Default: true, PreRelease: featuregate.Beta}, + DisallowInsecureCSRUsageDefinition: {Default: true, PreRelease: featuregate.GA}, StableCertificateRequestName: {Default: true, PreRelease: featuregate.Beta}, SecretsFilteredCaching: {Default: true, PreRelease: featuregate.Beta}, diff --git a/internal/webhook/feature/features.go b/internal/webhook/feature/features.go index 873084507ed..4e8729525d3 100644 --- a/internal/webhook/feature/features.go +++ b/internal/webhook/feature/features.go @@ -55,6 +55,7 @@ const ( LiteralCertificateSubject featuregate.Feature = "LiteralCertificateSubject" // Owner: @inteon + // Beta: v1.13 // GA: v1.15 // // DisallowInsecureCSRUsageDefinition will prevent the webhook from allowing diff --git a/pkg/util/pki/certificatetemplate.go b/pkg/util/pki/certificatetemplate.go index 89f963ce397..f92184df23c 100644 --- a/pkg/util/pki/certificatetemplate.go +++ b/pkg/util/pki/certificatetemplate.go @@ -321,39 +321,22 @@ func CertificateTemplateFromCertificate(crt *v1.Certificate) (*x509.Certificate, ) } -func makeCertificateTemplateFromCertificateRequestFunc(allowInsecureCSRUsageDefinition bool) func(cr *v1.CertificateRequest) (*x509.Certificate, error) { - return func(cr *v1.CertificateRequest) (*x509.Certificate, error) { - certDuration := apiutil.DefaultCertDuration(cr.Spec.Duration) - keyUsage, extKeyUsage, err := KeyUsagesForCertificateOrCertificateRequest(cr.Spec.Usages, cr.Spec.IsCA) - if err != nil { - return nil, err - } - - return CertificateTemplateFromCSRPEM( - cr.Spec.Request, - CertificateTemplateOverrideDuration(certDuration), - CertificateTemplateValidateAndOverrideBasicConstraints(cr.Spec.IsCA, nil), // Override the basic constraints, but make sure they match the constraints in the CSR if present - (func() CertificateTemplateValidatorMutator { - if allowInsecureCSRUsageDefinition && len(cr.Spec.Usages) == 0 { - // If the CertificateRequest does not specify any usages, and the AllowInsecureCSRUsageDefinition - // flag is set, then we allow the usages to be defined solely by the CSR blob, but we still override - // the usages to match the old behavior. - return certificateTemplateOverrideKeyUsages(keyUsage, extKeyUsage) - } - - // Override the key usages, but make sure they match the usages in the CSR if present - return CertificateTemplateValidateAndOverrideKeyUsages(keyUsage, extKeyUsage) - })(), - ) - } -} - // CertificateTemplateFromCertificateRequest will create a x509.Certificate for the given // CertificateRequest resource -var CertificateTemplateFromCertificateRequest = makeCertificateTemplateFromCertificateRequestFunc(false) +func CertificateTemplateFromCertificateRequest(cr *v1.CertificateRequest) (*x509.Certificate, error) { + certDuration := apiutil.DefaultCertDuration(cr.Spec.Duration) + keyUsage, extKeyUsage, err := KeyUsagesForCertificateOrCertificateRequest(cr.Spec.Usages, cr.Spec.IsCA) + if err != nil { + return nil, err + } -// Deprecated: Use CertificateTemplateFromCertificateRequest instead. -var DeprecatedCertificateTemplateFromCertificateRequestAndAllowInsecureCSRUsageDefinition = makeCertificateTemplateFromCertificateRequestFunc(true) + return CertificateTemplateFromCSRPEM( + cr.Spec.Request, + CertificateTemplateOverrideDuration(certDuration), + CertificateTemplateValidateAndOverrideBasicConstraints(cr.Spec.IsCA, nil), // Override the basic constraints, but make sure they match the constraints in the CSR if present + CertificateTemplateValidateAndOverrideKeyUsages(keyUsage, extKeyUsage), // Override the key usages, but make sure they match the usages in the CSR if present + ) +} // CertificateTemplateFromCertificateSigningRequest will create a x509.Certificate for the given // CertificateSigningRequest resource diff --git a/test/integration/validation/certificaterequest_test.go b/test/integration/validation/certificaterequest_test.go index a7c8d2d8452..f0124e66dfd 100644 --- a/test/integration/validation/certificaterequest_test.go +++ b/test/integration/validation/certificaterequest_test.go @@ -33,7 +33,6 @@ import ( "github.com/cert-manager/cert-manager/pkg/api" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/pkg/util/pki" ) @@ -176,170 +175,6 @@ func TestValidationCertificateRequests(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), time.Second*40) defer cancel() - // The default is true, but we set it here to make sure it was not changed by other tests - utilfeature.DefaultMutableFeatureGate.Set("DisallowInsecureCSRUsageDefinition=true") - - config, stop := framework.RunControlPlane(t, ctx) - defer stop() - - framework.WaitForOpenAPIResourcesToBeLoaded(t, ctx, config, certGVK) - - // create the object to get any errors back from the webhook - cl, err := client.New(config, client.Options{Scheme: api.Scheme}) - if err != nil { - t.Fatal(err) - } - - err = cl.Create(ctx, cert) - if test.expectError != (err != nil) { - t.Errorf("unexpected error, exp=%t got=%v", - test.expectError, err) - } - if test.expectError && !strings.HasSuffix(err.Error(), test.errorSuffix) { - t.Errorf("unexpected error suffix, exp=%s got=%s", - test.errorSuffix, err) - } - }) - } -} - -// TestValidationCertificateRequests_DisallowInsecureCSRUsageDefinition_false makes sure that the -// validation webhook keeps working as before when the DisallowInsecureCSRUsageDefinition feature -// gate is disabled. -func TestValidationCertificateRequests_DisallowInsecureCSRUsageDefinition_false(t *testing.T) { - tests := map[string]struct { - input runtime.Object - errorSuffix string // is a suffix as the API server sends the whole value back in the error - expectError bool - }{ - "No errors on valid certificaterequest with no usages set": { - input: &cmapi.CertificateRequest{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "default", - }, - Spec: cmapi.CertificateRequestSpec{ - Request: mustGenerateCSR(t, &cmapi.Certificate{ - Spec: cmapi.CertificateSpec{ - DNSNames: []string{"example.com"}, - }, - }), - Usages: []cmapi.KeyUsage{}, - IssuerRef: cmmeta.ObjectReference{Name: "test"}, - }, - }, - expectError: false, - }, - "No errors on valid certificaterequest with special usages set": { - input: &cmapi.CertificateRequest{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "default", - }, - Spec: cmapi.CertificateRequestSpec{ - Request: mustGenerateCSR(t, &cmapi.Certificate{ - Spec: cmapi.CertificateSpec{ - DNSNames: []string{"example.com"}, - Usages: []cmapi.KeyUsage{cmapi.UsageDigitalSignature, cmapi.UsageKeyEncipherment, cmapi.UsageClientAuth}, - }, - }), - Usages: []cmapi.KeyUsage{cmapi.UsageDigitalSignature, cmapi.UsageKeyEncipherment, cmapi.UsageClientAuth}, - IssuerRef: cmmeta.ObjectReference{Name: "test"}, - }, - }, - expectError: false, - }, - "No errors on valid certificaterequest with special usages set only in CSR": { - input: &cmapi.CertificateRequest{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "default", - }, - Spec: cmapi.CertificateRequestSpec{ - Request: mustGenerateCSR(t, &cmapi.Certificate{ - Spec: cmapi.CertificateSpec{ - DNSNames: []string{"example.com"}, - Usages: []cmapi.KeyUsage{cmapi.UsageDigitalSignature, cmapi.UsageKeyEncipherment, cmapi.UsageClientAuth}, - }, - }), - IssuerRef: cmmeta.ObjectReference{Name: "test"}, - }, - }, - expectError: false, - }, - "No errors on valid certificaterequest with special usages only set in spec": { - input: &cmapi.CertificateRequest{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "default", - }, - Spec: cmapi.CertificateRequestSpec{ - Request: mustGenerateCSR(t, &cmapi.Certificate{ - Spec: cmapi.CertificateSpec{ - DNSNames: []string{"example.com"}, - Usages: []cmapi.KeyUsage{}, - EncodeUsagesInRequest: ptr.To(false), - }, - }), - Usages: []cmapi.KeyUsage{cmapi.UsageDigitalSignature, cmapi.UsageKeyEncipherment, cmapi.UsageClientAuth}, - IssuerRef: cmmeta.ObjectReference{Name: "test"}, - }, - }, - expectError: false, - }, - "Errors on certificaterequest with mismatch of usages": { - input: &cmapi.CertificateRequest{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "default", - }, - Spec: cmapi.CertificateRequestSpec{ - Request: mustGenerateCSR(t, &cmapi.Certificate{ - Spec: cmapi.CertificateSpec{ - DNSNames: []string{"example.com"}, - Usages: []cmapi.KeyUsage{cmapi.UsageDigitalSignature, cmapi.UsageKeyEncipherment, cmapi.UsageClientAuth}, - }, - }), - Usages: []cmapi.KeyUsage{cmapi.UsageDigitalSignature, cmapi.UsageKeyEncipherment, cmapi.UsageCodeSigning}, - IssuerRef: cmmeta.ObjectReference{Name: "test"}, - }, - }, - expectError: true, - errorSuffix: "encoded CSR error: the ExtKeyUsages [ 'client auth' ] do not match the expected ExtKeyUsages [ 'code signing' ]", - }, - "Shouldn't error when setting user info, since this will be overwritten by the mutating webhook": { - input: &cmapi.CertificateRequest{ - ObjectMeta: metav1.ObjectMeta{ - Name: "test", - Namespace: "default", - }, - Spec: cmapi.CertificateRequestSpec{ - Request: mustGenerateCSR(t, &cmapi.Certificate{ - Spec: cmapi.CertificateSpec{ - DNSNames: []string{"example.com"}, - Usages: []cmapi.KeyUsage{}, - EncodeUsagesInRequest: ptr.To(false), - }, - }), - Usages: []cmapi.KeyUsage{cmapi.UsageDigitalSignature, cmapi.UsageKeyEncipherment, cmapi.UsageClientAuth}, - IssuerRef: cmmeta.ObjectReference{Name: "test"}, - Username: "user-1", - Groups: []string{"group-1", "group-2"}, - }, - }, - expectError: false, - }, - } - for name, test := range tests { - t.Run(name, func(t *testing.T) { - cert := test.input.(*cmapi.CertificateRequest) - cert.SetGroupVersionKind(certGVK) - - ctx, cancel := context.WithTimeout(context.Background(), time.Second*40) - defer cancel() - - utilfeature.DefaultMutableFeatureGate.Set("DisallowInsecureCSRUsageDefinition=false") - config, stop := framework.RunControlPlane(t, ctx) defer stop() From ed8004665ae2d937faf83255d3fb5cdea70b36f1 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Fri, 26 Apr 2024 15:52:34 +0000 Subject: [PATCH 071/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++----- make/_shared/tools/00_mod.mk | 52 +++++++++++++++++++++--------------- 2 files changed, 38 insertions(+), 28 deletions(-) diff --git a/klone.yaml b/klone.yaml index e58d7c9f7c1..82a0e6051c6 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 + repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 + repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 + repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 + repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 + repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 + repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 9b0502fdd5860b18fd6a9ddf86f148604a214fe4 + repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 7a7ed44796a..eaed36b56aa 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -124,7 +124,7 @@ TOOLS += operator-sdk=v1.34.1 # https://pkg.go.dev/github.com/cli/cli/v2?tab=versions TOOLS += gh=v2.47.0 # https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases -TOOLS += preflight=1.9.1 +TOOLS += preflight=1.9.2 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions K8S_CODEGEN_VERSION=v0.29.1 @@ -167,22 +167,11 @@ $(bin_dir)/scratch/%_VERSION: FORCE | $(bin_dir)/scratch # --retry-connrefused = retry even if the initial connection was refused CURL = curl --silent --show-error --fail --location --retry 10 --retry-connrefused -# In Prow, the pod has the folder "$(bin_dir)/downloaded" mounted into the -# container. For some reason, even though the permissions are correct, -# binaries that are mounted with hostPath can't be executed. When in CI, we -# copy the binaries to work around that. Using $(LN) is only required when -# dealing with binaries. Other files and folders can be symlinked. -# -# Details on how "$(bin_dir)/downloaded" gets cached are available in the -# description of the PR https://github.com/jetstack/testing/pull/651. -# -# We use "printenv CI" instead of just "ifeq ($(CI),)" because otherwise we -# would get "warning: undefined variable 'CI'". -ifeq ($(shell printenv CI),) -LN := ln -f -s -else -LN := cp -f -r -endif +# LN is expected to be an atomic action, meaning that two Make processes +# can run the "link $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) +# to $(bin_dir)/tools/xxx" operation simulatiously without issues (both +# will perform the action and the second time the link will be overwritten). +LN := ln -fs UC = $(shell echo '$1' | tr a-z A-Z) LC = $(shell echo '$1' | tr A-Z a-z) @@ -204,8 +193,8 @@ TOOL_NAMES := # in targets or in scripts, because it is agnostic to the # working directory # - an unversioned target $(bin_dir)/tools/xxx is generated that -# creates a copy/ link to the corresponding versioned target: -# $(bin_dir)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) +# creates a link to the corresponding versioned target: +# $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) define tool_defs TOOL_NAMES += $1 @@ -275,7 +264,6 @@ $(bin_dir)/tools/go: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(bin_dir)/tools/g # The "_" in "_bin" prevents "go mod tidy" from trying to tidy the vendored goroot. $(bin_dir)/tools/goroot: $(bin_dir)/scratch/VENDORED_GO_VERSION | $(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot $(bin_dir)/tools - @rm -rf $(bin_dir)/tools/goroot @cd $(dir $@) && $(LN) $(patsubst $(bin_dir)/%,../%,$(word 1,$|)) $(notdir $@) @touch $@ # making sure the target of the symlink is newer than *_VERSION @@ -324,7 +312,6 @@ GO_DEPENDENCIES += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci- GO_DEPENDENCIES += govulncheck=golang.org/x/vuln/cmd/govulncheck GO_DEPENDENCIES += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk GO_DEPENDENCIES += gh=github.com/cli/cli/v2/cmd/gh -GO_DEPENDENCIES += preflight=github.com/redhat-openshift-ecosystem/openshift-preflight/cmd/preflight ################# # go build tags # @@ -560,6 +547,29 @@ $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN chmod +x $(outfile); \ rm -f $(outfile).zip +PREFLIGHT_linux_amd64_SHA256SUM=20f31e4af2004e8e3407844afea4e973975069169d69794e0633f0cb91d45afd +PREFLIGHT_linux_arm64_SHA256SUM=c42cf4132027d937da88da07760e8fd9b1a8836f9c7795a1b60513d99c6939fe + +# Currently there are no offical releases for darwin, you cannot submit results +# on non-official binaries, but we can still run tests. +# +# Once https://github.com/redhat-openshift-ecosystem/openshift-preflight/pull/942 is merged +# we can remove this darwin specific hack +.PRECIOUS: $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_darwin_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_darwin_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + mkdir -p $(outfile).dir; \ + GOWORK=off GOBIN=$(outfile).dir $(GO) install github.com/redhat-openshift-ecosystem/openshift-preflight/cmd/preflight@$(PREFLIGHT_VERSION); \ + mv $(outfile).dir/preflight $(outfile); \ + rm -rf $(outfile).dir + +.PRECIOUS: $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH) +$(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools + @source $(lock_script) $@; \ + $(CURL) https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$(PREFLIGHT_VERSION)/preflight-linux-$(HOST_ARCH) -o $(outfile); \ + $(checkhash_script) $(outfile) $(PREFLIGHT_linux_$(HOST_ARCH)_SHA256SUM); \ + chmod +x $(outfile) + ################# # Other Targets # ################# From 46cc0c1289f58649a1f4f3d36b39e81d6b327771 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Sun, 28 Apr 2024 00:22:11 +0000 Subject: [PATCH 072/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- make/_shared/tools/00_mod.mk | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/klone.yaml b/klone.yaml index 82a0e6051c6..e0a375fcf6b 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd + repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd + repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd + repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd + repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd + repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd + repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 98c34c9f1a00f9be03d5020b46fccb21c6a566bd + repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index eaed36b56aa..34441df2ef7 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -114,7 +114,7 @@ TOOLS += helm-tool=v0.4.2 # https://github.com/cert-manager/cmctl TOOLS += cmctl=2f75014a7c360c319f8c7c8afe8e9ce33fe26dca # https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions -TOOLS += cmrel=fa10147dadc8c36718b7b08aed6d8c6418eb2 +TOOLS += cmrel=84daedb44d61d25582e22eca48352012e899d1b2 # https://github.com/golangci/golangci-lint/releases TOOLS += golangci-lint=v1.57.1 # https://pkg.go.dev/golang.org/x/vuln?tab=versions From 8f99f40cbb797bc2359977096d9fe3a276bbf258 Mon Sep 17 00:00:00 2001 From: Erik Godding Boye Date: Sat, 27 Apr 2024 18:04:19 +0200 Subject: [PATCH 073/177] Upgrade K8s dependencies to v0.30.0 Signed-off-by: Erik Godding Boye --- LICENSES | 36 +-- cmd/acmesolver/LICENSES | 10 +- cmd/acmesolver/go.mod | 10 +- cmd/acmesolver/go.sum | 20 +- cmd/cainjector/LICENSES | 24 +- cmd/cainjector/go.mod | 20 +- cmd/cainjector/go.sum | 48 ++-- cmd/controller/LICENSES | 22 +- cmd/controller/go.mod | 22 +- cmd/controller/go.sum | 48 ++-- cmd/startupapicheck/LICENSES | 26 +- cmd/startupapicheck/go.mod | 20 +- cmd/startupapicheck/go.sum | 48 ++-- cmd/webhook/LICENSES | 28 +-- cmd/webhook/go.mod | 22 +- cmd/webhook/go.sum | 52 ++-- deploy/crds/crd-challenges.yaml | 82 ++++-- deploy/crds/crd-clusterissuers.yaml | 82 ++++-- deploy/crds/crd-issuers.yaml | 82 ++++-- go.mod | 31 ++- go.sum | 64 ++--- hack/openapi_reports/acme.txt | 40 --- .../v1alpha1/testdata/defaults.json | 3 + .../v1alpha1/testdata/defaults.json | 3 + .../webhook/v1alpha1/testdata/defaults.json | 3 + make/00_mod.mk | 2 + .../webhook/openapi/zz_generated.openapi.go | 234 +++++++++++++++++- test/e2e/LICENSES | 29 +-- test/e2e/go.mod | 27 +- test/e2e/go.sum | 50 ++-- test/integration/LICENSES | 32 +-- test/integration/go.mod | 30 +-- test/integration/go.sum | 64 ++--- 33 files changed, 811 insertions(+), 503 deletions(-) diff --git a/LICENSES b/LICENSES index c1ff301ba96..7cf4fb6307e 100644 --- a/LICENSES +++ b/LICENSES @@ -58,10 +58,10 @@ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICEN github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang-jwt/jwt/v5,https://github.com/golang-jwt/jwt/blob/v5.2.0/LICENSE,MIT github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 -github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause -github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.7/LICENSE,Apache-2.0 -github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.7/LICENSE,BSD-3-Clause +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.8/LICENSE,Apache-2.0 +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.8/LICENSE,BSD-3-Clause github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause github.com/google/go-querystring/query,https://github.com/google/go-querystring/blob/v1.1.0/LICENSE,BSD-3-Clause @@ -151,25 +151,25 @@ gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 gopkg.in/natefinch/lumberjack.v2,https://github.com/natefinch/lumberjack/blob/v2.2.1/LICENSE,MIT gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/errors/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/strfmt/LICENSE,Apache-2.0 +k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/errors/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/strfmt/LICENSE,Apache-2.0 k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.29.0/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.17.2/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause diff --git a/cmd/acmesolver/LICENSES b/cmd/acmesolver/LICENSES index 3bcd8aca4ec..b6ed4a88c88 100644 --- a/cmd/acmesolver/LICENSES +++ b/cmd/acmesolver/LICENSES @@ -26,11 +26,11 @@ golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 -k8s.io/api/core/v1,https://github.com/kubernetes/api/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang/reflect,https://github.com/kubernetes/apimachinery/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/api/core/v1,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang/reflect,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause diff --git a/cmd/acmesolver/go.mod b/cmd/acmesolver/go.mod index 2c2d1d64737..1e1681d7464 100644 --- a/cmd/acmesolver/go.mod +++ b/cmd/acmesolver/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/cert-manager/acmesolver-binary -go 1.21 +go 1.22.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a @@ -11,7 +11,7 @@ replace github.com/cert-manager/cert-manager => ../../ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 - k8s.io/component-base v0.29.2 + k8s.io/component-base v0.30.0 ) require ( @@ -40,9 +40,9 @@ require ( google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/api v0.29.2 // indirect - k8s.io/apiextensions-apiserver v0.29.2 // indirect - k8s.io/apimachinery v0.29.2 // indirect + k8s.io/api v0.30.0 // indirect + k8s.io/apiextensions-apiserver v0.30.0 // indirect + k8s.io/apimachinery v0.30.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect sigs.k8s.io/gateway-api v1.0.0 // indirect diff --git a/cmd/acmesolver/go.sum b/cmd/acmesolver/go.sum index 78e644ed633..b10f606fb55 100644 --- a/cmd/acmesolver/go.sum +++ b/cmd/acmesolver/go.sum @@ -60,8 +60,8 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -go.uber.org/goleak v1.2.0 h1:xqgm/S+aQvhWFTtR0XK3Jvg7z8kGV8P4X14IzwN3Eqk= -go.uber.org/goleak v1.2.0/go.mod h1:XJYK+MuIchqpmGmUSAzotztawfKvYLUIgg7guXrwVUo= +go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= +go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= @@ -109,14 +109,14 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= diff --git a/cmd/cainjector/LICENSES b/cmd/cainjector/LICENSES index 0d99af6c96c..7d25e98afa9 100644 --- a/cmd/cainjector/LICENSES +++ b/cmd/cainjector/LICENSES @@ -14,7 +14,7 @@ github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 -github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 @@ -48,20 +48,20 @@ google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.17.2/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause diff --git a/cmd/cainjector/go.mod b/cmd/cainjector/go.mod index 58712114b5c..b83eede050c 100644 --- a/cmd/cainjector/go.mod +++ b/cmd/cainjector/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/cert-manager/cainjector-binary -go 1.21 +go 1.22.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a @@ -12,12 +12,12 @@ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 - k8s.io/apiextensions-apiserver v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/component-base v0.29.2 - k8s.io/kube-aggregator v0.29.2 - sigs.k8s.io/controller-runtime v0.17.2 + k8s.io/apiextensions-apiserver v0.30.0 + k8s.io/apimachinery v0.30.0 + k8s.io/client-go v0.30.0 + k8s.io/component-base v0.30.0 + k8s.io/kube-aggregator v0.30.0 + sigs.k8s.io/controller-runtime v0.18.0 ) require ( @@ -35,7 +35,7 @@ require ( github.com/go-openapi/swag v0.22.9 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -68,9 +68,9 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.29.2 // indirect + k8s.io/api v0.30.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect sigs.k8s.io/gateway-api v1.0.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/cmd/cainjector/go.sum b/cmd/cainjector/go.sum index 1eaeb9a3c2f..47dc5a6a7ae 100644 --- a/cmd/cainjector/go.sum +++ b/cmd/cainjector/go.sum @@ -35,8 +35,8 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -73,10 +73,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -159,8 +159,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -183,26 +183,26 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= -k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 h1:MMq4iF9pHuAz/9dLnHwBQKEoeigXClzs3MFh/seyqtA= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= +k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= +k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index 06f33c3dd85..e2aaeb9650f 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -53,7 +53,7 @@ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICEN github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang-jwt/jwt/v5,https://github.com/golang-jwt/jwt/blob/v5.2.0/LICENSE,MIT github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 -github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause @@ -139,17 +139,17 @@ gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver/pkg,https://github.com/kubernetes/apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver/pkg,https://github.com/kubernetes/apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.29.0/konnectivity-client/LICENSE,Apache-2.0 diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index 7e67c89590d..c3c84012f83 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/cert-manager/controller-binary -go 1.21 +go 1.22.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a @@ -14,9 +14,9 @@ require ( github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 golang.org/x/sync v0.6.0 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/component-base v0.29.2 + k8s.io/apimachinery v0.30.0 + k8s.io/client-go v0.30.0 + k8s.io/component-base v0.30.0 k8s.io/utils v0.0.0-20240102154912-e7106e64919e ) @@ -65,7 +65,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect @@ -132,14 +132,14 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/crypto v0.22.0 // indirect - golang.org/x/mod v0.14.0 // indirect + golang.org/x/mod v0.15.0 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sys v0.19.0 // indirect golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.17.0 // indirect + golang.org/x/tools v0.18.0 // indirect google.golang.org/api v0.165.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect @@ -151,11 +151,11 @@ require ( gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.29.2 // indirect - k8s.io/apiextensions-apiserver v0.29.2 // indirect - k8s.io/apiserver v0.29.2 // indirect + k8s.io/api v0.30.0 // indirect + k8s.io/apiextensions-apiserver v0.30.0 // indirect + k8s.io/apiserver v0.30.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect sigs.k8s.io/gateway-api v1.0.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index 9f2a0855924..53606641c38 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -143,8 +143,8 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= @@ -265,8 +265,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= -github.com/onsi/gomega v1.29.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE= +github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= @@ -396,8 +396,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -469,8 +469,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -532,28 +532,28 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= -k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= +k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 h1:MMq4iF9pHuAz/9dLnHwBQKEoeigXClzs3MFh/seyqtA= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/cmd/startupapicheck/LICENSES b/cmd/startupapicheck/LICENSES index 961d45b9e79..1b72926dfab 100644 --- a/cmd/startupapicheck/LICENSES +++ b/cmd/startupapicheck/LICENSES @@ -16,7 +16,7 @@ github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 -github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause github.com/google/btree,https://github.com/google/btree/blob/v1.1.2/LICENSE,Apache-2.0 github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause @@ -61,21 +61,21 @@ gopkg.in/evanphx/json-patch.v5,https://github.com/evanphx/json-patch/blob/v5.9.0 gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/cli-runtime/pkg,https://github.com/kubernetes/cli-runtime/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/client-go/third_party/forked/golang/template,https://github.com/kubernetes/client-go/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/cli-runtime/pkg,https://github.com/kubernetes/cli-runtime/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/client-go/third_party/forked/golang/template,https://github.com/kubernetes/client-go/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.17.2/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause diff --git a/cmd/startupapicheck/go.mod b/cmd/startupapicheck/go.mod index f7cbb53edc8..baa786d4409 100644 --- a/cmd/startupapicheck/go.mod +++ b/cmd/startupapicheck/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/cert-manager/startupapicheck-binary -go 1.21 +go 1.22.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a @@ -12,11 +12,11 @@ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 - k8s.io/apimachinery v0.29.2 - k8s.io/cli-runtime v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/component-base v0.29.2 - sigs.k8s.io/controller-runtime v0.17.2 + k8s.io/apimachinery v0.30.0 + k8s.io/cli-runtime v0.30.0 + k8s.io/client-go v0.30.0 + k8s.io/component-base v0.30.0 + sigs.k8s.io/controller-runtime v0.18.0 ) require ( @@ -37,7 +37,7 @@ require ( github.com/go-openapi/swag v0.22.9 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/btree v1.1.2 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect @@ -82,10 +82,10 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.29.2 // indirect - k8s.io/apiextensions-apiserver v0.29.2 // indirect + k8s.io/api v0.30.0 // indirect + k8s.io/apiextensions-apiserver v0.30.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect sigs.k8s.io/gateway-api v1.0.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/cmd/startupapicheck/go.sum b/cmd/startupapicheck/go.sum index 8420aa80330..114cdc6ece8 100644 --- a/cmd/startupapicheck/go.sum +++ b/cmd/startupapicheck/go.sum @@ -41,8 +41,8 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= @@ -94,10 +94,10 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -195,8 +195,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -224,26 +224,26 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/cli-runtime v0.29.2 h1:smfsOcT4QujeghsNjECKN3lwyX9AwcFU0nvJ7sFN3ro= -k8s.io/cli-runtime v0.29.2/go.mod h1:KLisYYfoqeNfO+MkTWvpqIyb1wpJmmFJhioA0xd4MW8= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= +k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 h1:MMq4iF9pHuAz/9dLnHwBQKEoeigXClzs3MFh/seyqtA= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index ace44da0dd6..ac3993f2a38 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -18,9 +18,9 @@ github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 -github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause -github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.7/LICENSE,Apache-2.0 -github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.7/LICENSE,BSD-3-Clause +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.8/LICENSE,Apache-2.0 +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.8/LICENSE,BSD-3-Clause github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 @@ -69,21 +69,21 @@ google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.29.0/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.17.2/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 46a172dd518..8552ee8ef9d 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/cert-manager/webhook-binary -go 1.21 +go 1.22.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a @@ -11,9 +11,9 @@ replace github.com/cert-manager/cert-manager => ../../ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 - k8s.io/apimachinery v0.29.2 - k8s.io/component-base v0.29.2 - sigs.k8s.io/controller-runtime v0.17.2 + k8s.io/apimachinery v0.30.0 + k8s.io/component-base v0.30.0 + sigs.k8s.io/controller-runtime v0.18.0 ) require ( @@ -35,8 +35,8 @@ require ( github.com/go-openapi/swag v0.22.9 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/google/cel-go v0.17.7 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/cel-go v0.17.8 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -85,12 +85,12 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.29.2 // indirect - k8s.io/apiextensions-apiserver v0.29.2 // indirect - k8s.io/apiserver v0.29.2 // indirect - k8s.io/client-go v0.29.2 // indirect + k8s.io/api v0.30.0 // indirect + k8s.io/apiextensions-apiserver v0.30.0 // indirect + k8s.io/apiserver v0.30.0 // indirect + k8s.io/client-go v0.30.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect sigs.k8s.io/gateway-api v1.0.0 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index 3767d17c1c0..94f7f0c864d 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -44,10 +44,10 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/google/cel-go v0.17.7 h1:6ebJFzu1xO2n7TLtN+UBqShGBhlD85bhvglh5DpcfqQ= -github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= +github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -86,10 +86,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -199,8 +199,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -232,28 +232,28 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= -k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= +k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 h1:MMq4iF9pHuAz/9dLnHwBQKEoeigXClzs3MFh/seyqtA= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/deploy/crds/crd-challenges.yaml b/deploy/crds/crd-challenges.yaml index 58401a83cba..d89fc4597b8 100644 --- a/deploy/crds/crd-challenges.yaml +++ b/deploy/crds/crd-challenges.yaml @@ -914,6 +914,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array @@ -944,11 +946,14 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1000,6 +1005,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array @@ -1030,7 +1037,10 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). @@ -1096,6 +1106,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1109,12 +1121,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1124,12 +1136,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1173,6 +1185,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1191,6 +1205,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1205,6 +1220,7 @@ spec: in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1262,6 +1278,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1275,12 +1293,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1290,12 +1308,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1339,6 +1357,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1357,6 +1377,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1365,6 +1386,7 @@ spec: selected pods is running. Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). type: object @@ -1429,6 +1451,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1442,12 +1466,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1457,12 +1481,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1506,6 +1530,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1524,6 +1550,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1538,6 +1565,7 @@ spec: in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -1595,6 +1623,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1608,12 +1638,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1623,12 +1653,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1672,6 +1702,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1690,6 +1722,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1698,6 +1731,7 @@ spec: selected pods is running. Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic imagePullSecrets: description: If specified, the pod's imagePullSecrets type: array diff --git a/deploy/crds/crd-clusterissuers.yaml b/deploy/crds/crd-clusterissuers.yaml index bebebfdeb57..d1d5c1c462c 100644 --- a/deploy/crds/crd-clusterissuers.yaml +++ b/deploy/crds/crd-clusterissuers.yaml @@ -1021,6 +1021,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array @@ -1051,11 +1053,14 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1107,6 +1112,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array @@ -1137,7 +1144,10 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). @@ -1203,6 +1213,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1216,12 +1228,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1231,12 +1243,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1280,6 +1292,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1298,6 +1312,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1312,6 +1327,7 @@ spec: in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1369,6 +1385,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1382,12 +1400,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1397,12 +1415,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1446,6 +1464,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1464,6 +1484,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1472,6 +1493,7 @@ spec: selected pods is running. Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). type: object @@ -1536,6 +1558,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1549,12 +1573,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1564,12 +1588,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1613,6 +1637,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1631,6 +1657,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1645,6 +1672,7 @@ spec: in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -1702,6 +1730,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1715,12 +1745,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1730,12 +1760,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1779,6 +1809,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1797,6 +1829,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1805,6 +1838,7 @@ spec: selected pods is running. Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic imagePullSecrets: description: If specified, the pod's imagePullSecrets type: array diff --git a/deploy/crds/crd-issuers.yaml b/deploy/crds/crd-issuers.yaml index af9f71ee144..bce72ec2928 100644 --- a/deploy/crds/crd-issuers.yaml +++ b/deploy/crds/crd-issuers.yaml @@ -1021,6 +1021,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array @@ -1051,11 +1053,14 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic weight: description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1107,6 +1112,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchFields: description: A list of node selector requirements by node's fields. type: array @@ -1137,7 +1144,10 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic + x-kubernetes-list-type: atomic x-kubernetes-map-type: atomic podAffinity: description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). @@ -1203,6 +1213,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1216,12 +1228,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1231,12 +1243,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1280,6 +1292,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1298,6 +1312,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1312,6 +1327,7 @@ spec: in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the affinity requirements specified by this field are not met at @@ -1369,6 +1385,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1382,12 +1400,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1397,12 +1415,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1446,6 +1464,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1464,6 +1484,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1472,6 +1493,7 @@ spec: selected pods is running. Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic podAntiAffinity: description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). type: object @@ -1536,6 +1558,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1549,12 +1573,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1564,12 +1588,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1613,6 +1637,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1631,6 +1657,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1645,6 +1672,7 @@ spec: in the range 1-100. type: integer format: int32 + x-kubernetes-list-type: atomic requiredDuringSchedulingIgnoredDuringExecution: description: |- If the anti-affinity requirements specified by this field are not met at @@ -1702,6 +1730,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1715,12 +1745,12 @@ spec: description: |- MatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key in (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key in (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MatchLabelKeys and LabelSelector. - Also, MatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both matchLabelKeys and labelSelector. + Also, matchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1730,12 +1760,12 @@ spec: description: |- MismatchLabelKeys is a set of pod label keys to select which pods will be taken into consideration. The keys are used to lookup values from the - incoming pod labels, those key-value labels are merged with `LabelSelector` as `key notin (value)` + incoming pod labels, those key-value labels are merged with `labelSelector` as `key notin (value)` to select the group of existing pods which pods will be taken into consideration for the incoming pod's pod (anti) affinity. Keys that don't exist in the incoming pod labels will be ignored. The default value is empty. - The same key is forbidden to exist in both MismatchLabelKeys and LabelSelector. - Also, MismatchLabelKeys cannot be set when LabelSelector isn't set. + The same key is forbidden to exist in both mismatchLabelKeys and labelSelector. + Also, mismatchLabelKeys cannot be set when labelSelector isn't set. This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate. type: array items: @@ -1779,6 +1809,8 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic + x-kubernetes-list-type: atomic matchLabels: description: |- matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels @@ -1797,6 +1829,7 @@ spec: type: array items: type: string + x-kubernetes-list-type: atomic topologyKey: description: |- This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching @@ -1805,6 +1838,7 @@ spec: selected pods is running. Empty topologyKey is not allowed. type: string + x-kubernetes-list-type: atomic imagePullSecrets: description: If specified, the pod's imagePullSecrets type: array diff --git a/go.mod b/go.mod index 9ee89119786..d440d387627 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/cert-manager -go 1.21 +go 1.22.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a @@ -36,17 +36,17 @@ require ( golang.org/x/oauth2 v0.17.0 golang.org/x/sync v0.6.0 google.golang.org/api v0.165.0 - k8s.io/api v0.29.2 - k8s.io/apiextensions-apiserver v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/apiserver v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/component-base v0.29.2 + k8s.io/api v0.30.0 + k8s.io/apiextensions-apiserver v0.30.0 + k8s.io/apimachinery v0.30.0 + k8s.io/apiserver v0.30.0 + k8s.io/client-go v0.30.0 + k8s.io/component-base v0.30.0 k8s.io/klog/v2 v2.120.1 - k8s.io/kube-aggregator v0.29.2 - k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 + k8s.io/kube-aggregator v0.30.0 + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 k8s.io/utils v0.0.0-20240102154912-e7106e64919e - sigs.k8s.io/controller-runtime v0.17.2 + sigs.k8s.io/controller-runtime v0.18.0 sigs.k8s.io/gateway-api v1.0.0 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 software.sslmate.com/src/go-pkcs12 v0.4.0 @@ -92,9 +92,9 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect - github.com/google/cel-go v0.17.7 // indirect + github.com/google/cel-go v0.17.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/pprof v0.0.0-20240125082051-42cd04596328 // indirect @@ -127,7 +127,6 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/onsi/ginkgo/v2 v2.15.0 // indirect github.com/patrickmn/go-cache v2.1.0+incompatible // indirect github.com/pierrec/lz4 v2.6.1+incompatible // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect @@ -159,13 +158,13 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/mod v0.14.0 // indirect + golang.org/x/mod v0.15.0 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/sys v0.19.0 // indirect golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.17.0 // indirect + golang.org/x/tools v0.18.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect @@ -178,7 +177,7 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/kms v0.29.2 // indirect + k8s.io/kms v0.30.0 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/go.sum b/go.sum index 9376f59cf69..4cfda6b6bf3 100644 --- a/go.sum +++ b/go.sum @@ -149,14 +149,14 @@ github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QD github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.17.7 h1:6ebJFzu1xO2n7TLtN+UBqShGBhlD85bhvglh5DpcfqQ= -github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= +github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -271,10 +271,10 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= @@ -407,8 +407,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -481,8 +481,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -544,32 +544,32 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= -k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= +k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kms v0.29.2 h1:MDsbp98gSlEQs7K7dqLKNNTwKFQRYYvO4UOlBOjNy6Y= -k8s.io/kms v0.29.2/go.mod h1:s/9RC4sYRZ/6Tn6yhNjbfJuZdb8LzlXhdlBnKizeFDo= -k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= -k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 h1:MMq4iF9pHuAz/9dLnHwBQKEoeigXClzs3MFh/seyqtA= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= +k8s.io/kms v0.30.0 h1:ZlnD/ei5lpvUlPw6eLfVvH7d8i9qZ6HwUQgydNVks8g= +k8s.io/kms v0.30.0/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= +k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= +k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/hack/openapi_reports/acme.txt b/hack/openapi_reports/acme.txt index c3c9a0d0f60..22e68562d0b 100644 --- a/hack/openapi_reports/acme.txt +++ b/hack/openapi_reports/acme.txt @@ -1,46 +1,6 @@ -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,ConversionRequest,Objects -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,ConversionResponse,ConvertedObjects -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionNames,Categories -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionNames,ShortNames -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionSpec,Versions -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionStatus,StoredVersions -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,CustomResourceDefinitionVersion,AdditionalPrinterColumns API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSON,Raw -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,AllOf -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,AnyOf -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Enum -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,OneOf -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Required -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,XListMapKeys -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrArray,JSONSchemas -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaPropsOrStringArray,Property API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,WebhookClientConfig,CABundle -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,WebhookConversion,ConversionReviewVersions -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroup,ServerAddressByClientCIDRs -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroup,Versions -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIGroupList,Groups -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResource,Categories -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResource,ShortNames -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIResourceList,APIResources -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIVersions,ServerAddressByClientCIDRs -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,APIVersions,Versions -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ApplyOptions,DryRun -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,CreateOptions,DryRun -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,DeleteOptions,DryRun API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,FieldsV1,Raw -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,LabelSelector,MatchExpressions -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,LabelSelectorRequirement,Values -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,Finalizers -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,ManagedFields -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,ObjectMeta,OwnerReferences -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,PatchOptions,DryRun -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,RootPaths,Paths -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,StatusDetails,Causes -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,Table,ColumnDefinitions -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,Table,Rows -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,TableRow,Cells -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,TableRow,Conditions -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,UpdateOptions,DryRun API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,RawExtension,Raw API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,Unknown,Raw API rule violation: names_match,github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1,ChallengeResponse,Result diff --git a/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json b/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json index ee6066438be..90ad8240535 100644 --- a/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json @@ -22,6 +22,9 @@ "flushFrequency": "5s", "verbosity": 0, "options": { + "text": { + "infoBufferSize": "0" + }, "json": { "infoBufferSize": "0" } diff --git a/internal/apis/config/controller/v1alpha1/testdata/defaults.json b/internal/apis/config/controller/v1alpha1/testdata/defaults.json index 00931d0630c..0e967f55928 100644 --- a/internal/apis/config/controller/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/controller/v1alpha1/testdata/defaults.json @@ -40,6 +40,9 @@ "flushFrequency": "5s", "verbosity": 0, "options": { + "text": { + "infoBufferSize": "0" + }, "json": { "infoBufferSize": "0" } diff --git a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json index 4537a3e9314..72d7d029681 100644 --- a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json @@ -14,6 +14,9 @@ "flushFrequency": "5s", "verbosity": 0, "options": { + "text": { + "infoBufferSize": "0" + }, "json": { "infoBufferSize": "0" } diff --git a/make/00_mod.mk b/make/00_mod.mk index e9e382aaee7..33ae585800c 100644 --- a/make/00_mod.mk +++ b/make/00_mod.mk @@ -58,3 +58,5 @@ GOLDFLAGS := -w -s \ golangci_lint_config := .golangci.yaml repository_base_no_dependabot := 1 + +GINKGO_VERSION ?= $(shell awk '/ginkgo\/v2/ {print $$2}' test/e2e/go.mod) diff --git a/pkg/acme/webhook/openapi/zz_generated.openapi.go b/pkg/acme/webhook/openapi/zz_generated.openapi.go index 59b7a6dbc6d..33608899f63 100644 --- a/pkg/acme/webhook/openapi/zz_generated.openapi.go +++ b/pkg/acme/webhook/openapi/zz_generated.openapi.go @@ -57,6 +57,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSONSchemaPropsOrArray": schema_pkg_apis_apiextensions_v1_JSONSchemaPropsOrArray(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSONSchemaPropsOrBool": schema_pkg_apis_apiextensions_v1_JSONSchemaPropsOrBool(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.JSONSchemaPropsOrStringArray": schema_pkg_apis_apiextensions_v1_JSONSchemaPropsOrStringArray(ref), + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.SelectableField": schema_pkg_apis_apiextensions_v1_SelectableField(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ServiceReference": schema_pkg_apis_apiextensions_v1_ServiceReference(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.ValidationRule": schema_pkg_apis_apiextensions_v1_ValidationRule(ref), "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.WebhookClientConfig": schema_pkg_apis_apiextensions_v1_WebhookClientConfig(ref), @@ -311,6 +312,11 @@ func schema_pkg_apis_apiextensions_v1_ConversionRequest(ref common.ReferenceCall }, }, "objects": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "objects is the list of custom resource objects to be converted.", Type: []string{"array"}, @@ -348,6 +354,11 @@ func schema_pkg_apis_apiextensions_v1_ConversionResponse(ref common.ReferenceCal }, }, "convertedObjects": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "convertedObjects is the list of converted version of `request.objects` if the `result` is successful, otherwise empty. The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace). The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored.", Type: []string{"array"}, @@ -683,6 +694,11 @@ func schema_pkg_apis_apiextensions_v1_CustomResourceDefinitionNames(ref common.R }, }, "shortNames": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "shortNames are short names for the resource, exposed in API discovery documents, and used by clients to support invocations like `kubectl get `. It must be all lowercase.", Type: []string{"array"}, @@ -713,6 +729,11 @@ func schema_pkg_apis_apiextensions_v1_CustomResourceDefinitionNames(ref common.R }, }, "categories": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "categories is a list of grouped resources this custom resource belongs to (e.g. 'all'). This is published in API discovery documents, and used by clients to support invocations like `kubectl get all`.", Type: []string{"array"}, @@ -765,6 +786,11 @@ func schema_pkg_apis_apiextensions_v1_CustomResourceDefinitionSpec(ref common.Re }, }, "versions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "versions is the list of all API versions of the defined custom resource. Version names are used to compute the order in which served versions are listed in API discovery. If the version string is \"kube-like\", it will sort above non \"kube-like\" version strings, which are ordered lexicographically. \"Kube-like\" versions start with a \"v\", then are followed by a number (the major version), then optionally the string \"alpha\" or \"beta\" and another number (the minor version). These are sorted first by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing major version, then minor version. An example sorted list of versions: v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.", Type: []string{"array"}, @@ -837,6 +863,11 @@ func schema_pkg_apis_apiextensions_v1_CustomResourceDefinitionStatus(ref common. }, }, "storedVersions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "storedVersions lists all versions of CustomResources that were ever persisted. Tracking these versions allows a migration path for stored versions in etcd. The field is mutable so a migration controller can finish a migration to another version (ensuring no old objects are left in storage), and then remove the rest of the versions from this list. Versions may not be removed from `spec.versions` while they exist in this list.", Type: []string{"array"}, @@ -917,6 +948,11 @@ func schema_pkg_apis_apiextensions_v1_CustomResourceDefinitionVersion(ref common }, }, "additionalPrinterColumns": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "additionalPrinterColumns specifies additional columns returned in Table output. See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details. If no columns are specified, a single column displaying the age of the custom resource is used.", Type: []string{"array"}, @@ -930,12 +966,31 @@ func schema_pkg_apis_apiextensions_v1_CustomResourceDefinitionVersion(ref common }, }, }, + "selectableFields": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "selectableFields specifies paths to fields that may be used as field selectors. A maximum of 8 selectable fields are allowed. See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.SelectableField"), + }, + }, + }, + }, + }, }, Required: []string{"name", "served", "storage"}, }, }, Dependencies: []string{ - "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.CustomResourceColumnDefinition", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.CustomResourceSubresources", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.CustomResourceValidation"}, + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.CustomResourceColumnDefinition", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.CustomResourceSubresources", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.CustomResourceValidation", "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1.SelectableField"}, } } @@ -1195,6 +1250,11 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba }, }, "enum": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Type: []string{"array"}, Items: &spec.SchemaOrArray{ @@ -1219,6 +1279,11 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba }, }, "required": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Type: []string{"array"}, Items: &spec.SchemaOrArray{ @@ -1238,6 +1303,11 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba }, }, "allOf": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Type: []string{"array"}, Items: &spec.SchemaOrArray{ @@ -1251,6 +1321,11 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba }, }, "oneOf": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Type: []string{"array"}, Items: &spec.SchemaOrArray{ @@ -1264,6 +1339,11 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba }, }, "anyOf": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Type: []string{"array"}, Items: &spec.SchemaOrArray{ @@ -1384,6 +1464,11 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba }, }, "x-kubernetes-list-map-keys": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "x-kubernetes-list-map-keys annotates an array with the x-kubernetes-list-type `map` by specifying the keys used as the index of the map.\n\nThis tag MUST only be used on lists that have the \"x-kubernetes-list-type\" extension set to \"map\". Also, the values specified for this attribute must be a scalar typed field of the child structure (no nesting is supported).\n\nThe properties specified must either be required or have a default value, to ensure those properties are present for all list items.", Type: []string{"array"}, @@ -1480,6 +1565,28 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaPropsOrStringArray(ref common.Re } } +func schema_pkg_apis_apiextensions_v1_SelectableField(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "SelectableField specifies the JSON path of a field that may be used with field selectors.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "jsonPath": { + SchemaProps: spec.SchemaProps{ + Description: "jsonPath is a simple JSON path which is evaluated against each custom resource to produce a field selector value. Only JSON paths without the array notation are allowed. Must point to a field of type string, boolean or integer. Types with enum values and strings with formats are allowed. If jsonPath refers to absent field in a resource, the jsonPath evaluates to an empty string. Must not point to metdata fields. Required.", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"jsonPath"}, + }, + }, + } +} + func schema_pkg_apis_apiextensions_v1_ServiceReference(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -1631,6 +1738,11 @@ func schema_pkg_apis_apiextensions_v1_WebhookConversion(ref common.ReferenceCall }, }, "conversionReviewVersions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "conversionReviewVersions is an ordered list of preferred `ConversionReview` versions the Webhook expects. The API server will use the first version in the list which it supports. If none of the versions specified in this list are supported by API server, conversion will fail for the custom resource. If a persisted Webhook configuration specifies allowed versions and does not include any versions known to the API Server, calls to the webhook will fail.", Type: []string{"array"}, @@ -1684,6 +1796,11 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA }, }, "versions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "versions are the versions supported in this group.", Type: []string{"array"}, @@ -1705,6 +1822,11 @@ func schema_pkg_apis_meta_v1_APIGroup(ref common.ReferenceCallback) common.OpenA }, }, "serverAddressByClientCIDRs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", Type: []string{"array"}, @@ -1749,6 +1871,11 @@ func schema_pkg_apis_meta_v1_APIGroupList(ref common.ReferenceCallback) common.O }, }, "groups": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "groups is a list of APIGroup.", Type: []string{"array"}, @@ -1840,6 +1967,11 @@ func schema_pkg_apis_meta_v1_APIResource(ref common.ReferenceCallback) common.Op }, }, "shortNames": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "shortNames is a list of suggested short names of the resource.", Type: []string{"array"}, @@ -1855,6 +1987,11 @@ func schema_pkg_apis_meta_v1_APIResource(ref common.ReferenceCallback) common.Op }, }, "categories": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "categories is a list of the grouped resources this resource belongs to (e.g. 'all')", Type: []string{"array"}, @@ -1913,6 +2050,11 @@ func schema_pkg_apis_meta_v1_APIResourceList(ref common.ReferenceCallback) commo }, }, "resources": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "resources contains the name of the resources and if they are namespaced.", Type: []string{"array"}, @@ -1957,6 +2099,11 @@ func schema_pkg_apis_meta_v1_APIVersions(ref common.ReferenceCallback) common.Op }, }, "versions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "versions are the api versions that are available.", Type: []string{"array"}, @@ -1972,6 +2119,11 @@ func schema_pkg_apis_meta_v1_APIVersions(ref common.ReferenceCallback) common.Op }, }, "serverAddressByClientCIDRs": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "a map of client CIDR to server address that is serving this group. This is to help clients reach servers in the most network-efficient way possible. Clients can use the appropriate server address as per the CIDR that they match. In case of multiple matches, clients should use the longest matching CIDR. The server returns only those CIDRs that it thinks that the client can match. For example: the master will return an internal IP CIDR only, if the client reaches the server using an internal IP. Server looks at X-Forwarded-For header or X-Real-Ip header or request.RemoteAddr (in that order) to get the client IP.", Type: []string{"array"}, @@ -2016,6 +2168,11 @@ func schema_pkg_apis_meta_v1_ApplyOptions(ref common.ReferenceCallback) common.O }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -2136,6 +2293,11 @@ func schema_pkg_apis_meta_v1_CreateOptions(ref common.ReferenceCallback) common. }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -2219,6 +2381,11 @@ func schema_pkg_apis_meta_v1_DeleteOptions(ref common.ReferenceCallback) common. }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -2535,6 +2702,11 @@ func schema_pkg_apis_meta_v1_LabelSelector(ref common.ReferenceCallback) common. }, }, "matchExpressions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "matchExpressions is a list of label selector requirements. The requirements are ANDed.", Type: []string{"array"}, @@ -2585,6 +2757,11 @@ func schema_pkg_apis_meta_v1_LabelSelectorRequirement(ref common.ReferenceCallba }, }, "values": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.", Type: []string{"array"}, @@ -2978,6 +3155,10 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "ownerReferences": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ + "x-kubernetes-list-map-keys": []interface{}{ + "uid", + }, + "x-kubernetes-list-type": "map", "x-kubernetes-patch-merge-key": "uid", "x-kubernetes-patch-strategy": "merge", }, @@ -2998,6 +3179,7 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope "finalizers": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ + "x-kubernetes-list-type": "set", "x-kubernetes-patch-strategy": "merge", }, }, @@ -3016,6 +3198,11 @@ func schema_pkg_apis_meta_v1_ObjectMeta(ref common.ReferenceCallback) common.Ope }, }, "managedFields": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn't need to set or understand this field. A workflow can be the user's name, a controller's name, or the name of a specific apply path like \"ci-cd\". The set of fields is always in the version that the workflow used when modifying the object.", Type: []string{"array"}, @@ -3222,6 +3409,11 @@ func schema_pkg_apis_meta_v1_PatchOptions(ref common.ReferenceCallback) common.O }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, @@ -3298,6 +3490,11 @@ func schema_pkg_apis_meta_v1_RootPaths(ref common.ReferenceCallback) common.Open Type: []string{"object"}, Properties: map[string]spec.Schema{ "paths": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "paths are the paths available at root.", Type: []string{"array"}, @@ -3399,6 +3596,11 @@ func schema_pkg_apis_meta_v1_Status(ref common.ReferenceCallback) common.OpenAPI }, }, "details": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "Extended data associated with the reason. Each reason may define its own extended details. This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.", Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.StatusDetails"), @@ -3489,6 +3691,11 @@ func schema_pkg_apis_meta_v1_StatusDetails(ref common.ReferenceCallback) common. }, }, "causes": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "The Causes array includes more details associated with the StatusReason failure. Not all StatusReasons may provide detailed causes.", Type: []string{"array"}, @@ -3546,6 +3753,11 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID }, }, "columnDefinitions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "columnDefinitions describes each column in the returned items array. The number of cells per row will always match the number of column definitions.", Type: []string{"array"}, @@ -3560,6 +3772,11 @@ func schema_pkg_apis_meta_v1_Table(ref common.ReferenceCallback) common.OpenAPID }, }, "rows": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "rows is the list of items in the table.", Type: []string{"array"}, @@ -3678,6 +3895,11 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA Type: []string{"object"}, Properties: map[string]spec.Schema{ "cells": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "cells will be as wide as the column definitions array and may contain strings, numbers (float64 or int64), booleans, simple maps, lists, or null. See the type field of the column definition for a more detailed description.", Type: []string{"array"}, @@ -3692,6 +3914,11 @@ func schema_pkg_apis_meta_v1_TableRow(ref common.ReferenceCallback) common.OpenA }, }, "conditions": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "conditions describe additional status of a row that are relevant for a human user. These conditions apply to the row, not to the object, and will be specific to table output. The only defined condition type is 'Completed', for a row that indicates a resource that has run to completion and can be given less visual priority.", Type: []string{"array"}, @@ -3855,6 +4082,11 @@ func schema_pkg_apis_meta_v1_UpdateOptions(ref common.ReferenceCallback) common. }, }, "dryRun": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, SchemaProps: spec.SchemaProps{ Description: "When present, indicates that modifications should not be persisted. An invalid or unrecognized dryRun directive will result in an error response and no further processing of the request. Valid values are: - All: all dry run stages will be processed", Type: []string{"array"}, diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index aeee9f691ec..a0d556d3e80 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -14,12 +14,13 @@ github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 github.com/goccy/go-json,https://github.com/goccy/go-json/blob/v0.10.2/LICENSE,MIT github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause -github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause github.com/google/go-querystring/query,https://github.com/google/go-querystring/blob/v1.1.0/LICENSE,BSD-3-Clause github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause +github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.0/LICENSE,BSD-2-Clause github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.5/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 @@ -36,8 +37,8 @@ github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bac github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0 github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause github.com/mxk/go-flowrate/flowrate,https://github.com/mxk/go-flowrate/blob/cca7078d478f/LICENSE,BSD-3-Clause -github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.15.0/LICENSE,MIT -github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.31.1/LICENSE,MIT +github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.17.1/LICENSE,MIT +github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.32.0/LICENSE,MIT github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 @@ -61,20 +62,20 @@ google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/controller-runtime/pkg,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.17.2/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime/pkg,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 296d3c2e005..0b07c775f1d 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/cert-manager/e2e-tests -go 1.21 +go 1.22.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a @@ -13,17 +13,17 @@ require ( github.com/cloudflare/cloudflare-go v0.88.0 github.com/hashicorp/vault-client-go v0.4.3 github.com/kr/pretty v0.3.1 - github.com/onsi/ginkgo/v2 v2.15.0 - github.com/onsi/gomega v1.31.1 + github.com/onsi/ginkgo/v2 v2.17.1 + github.com/onsi/gomega v1.32.0 github.com/spf13/pflag v1.0.5 - k8s.io/api v0.29.2 - k8s.io/apiextensions-apiserver v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/component-base v0.29.2 - k8s.io/kube-aggregator v0.29.2 + k8s.io/api v0.30.0 + k8s.io/apiextensions-apiserver v0.30.0 + k8s.io/apimachinery v0.30.0 + k8s.io/client-go v0.30.0 + k8s.io/component-base v0.30.0 + k8s.io/kube-aggregator v0.30.0 k8s.io/utils v0.0.0-20240102154912-e7106e64919e - sigs.k8s.io/controller-runtime v0.17.2 + sigs.k8s.io/controller-runtime v0.18.0 sigs.k8s.io/gateway-api v1.0.0 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 ) @@ -45,13 +45,14 @@ require ( github.com/goccy/go-json v0.10.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/pprof v0.0.0-20240125082051-42cd04596328 // indirect github.com/google/uuid v1.6.0 // indirect + github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.5.0 // indirect github.com/hashicorp/go-retryablehttp v0.7.5 // indirect @@ -87,7 +88,7 @@ require ( golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.17.0 // indirect + golang.org/x/tools v0.18.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/protobuf v1.33.0 // indirect @@ -95,7 +96,7 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/test/e2e/go.sum b/test/e2e/go.sum index acc4edd51b5..df56de70017 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -45,8 +45,8 @@ github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= @@ -64,6 +64,8 @@ github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0Z github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= @@ -114,10 +116,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= -github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -214,8 +216,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -239,26 +241,26 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= -k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 h1:MMq4iF9pHuAz/9dLnHwBQKEoeigXClzs3MFh/seyqtA= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= +k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= +k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/test/integration/LICENSES b/test/integration/LICENSES index a684d209650..f6298f58b1c 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -20,9 +20,9 @@ github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/ github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 -github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.3/LICENSE,BSD-3-Clause -github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.7/LICENSE,Apache-2.0 -github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.7/LICENSE,BSD-3-Clause +github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.8/LICENSE,Apache-2.0 +github.com/google/cel-go,https://github.com/google/cel-go/blob/v0.17.8/LICENSE,BSD-3-Clause github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v0.6.8/LICENSE,Apache-2.0 github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 @@ -76,23 +76,23 @@ google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.29.2/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.29.2/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/7a0d5b415232/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/kubectl/pkg/util/openapi,https://github.com/kubernetes/kubectl/blob/v0.29.2/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kubectl/pkg/util/openapi,https://github.com/kubernetes/kubectl/blob/v0.30.0/LICENSE,Apache-2.0 k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.29.0/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.17.2/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause diff --git a/test/integration/go.mod b/test/integration/go.mod index 514fbc1c405..994f89967c9 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -1,6 +1,6 @@ module github.com/cert-manager/cert-manager/integration-tests -go 1.21 +go 1.22.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a @@ -19,15 +19,15 @@ require ( github.com/stretchr/testify v1.8.4 golang.org/x/crypto v0.22.0 golang.org/x/sync v0.6.0 - k8s.io/api v0.29.2 - k8s.io/apiextensions-apiserver v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 - k8s.io/component-base v0.29.2 - k8s.io/kube-aggregator v0.29.2 - k8s.io/kubectl v0.29.2 + k8s.io/api v0.30.0 + k8s.io/apiextensions-apiserver v0.30.0 + k8s.io/apimachinery v0.30.0 + k8s.io/client-go v0.30.0 + k8s.io/component-base v0.30.0 + k8s.io/kube-aggregator v0.30.0 + k8s.io/kubectl v0.30.0 k8s.io/utils v0.0.0-20240102154912-e7106e64919e - sigs.k8s.io/controller-runtime v0.17.2 + sigs.k8s.io/controller-runtime v0.18.0 sigs.k8s.io/gateway-api v1.0.0 ) @@ -51,8 +51,8 @@ require ( github.com/go-openapi/swag v0.22.9 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect - github.com/google/cel-go v0.17.7 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/cel-go v0.17.8 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -93,14 +93,14 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.26.0 // indirect golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/mod v0.14.0 // indirect + golang.org/x/mod v0.15.0 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/oauth2 v0.17.0 // indirect golang.org/x/sys v0.19.0 // indirect golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.17.0 // indirect + golang.org/x/tools v0.18.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect @@ -111,9 +111,9 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiserver v0.29.2 // indirect + k8s.io/apiserver v0.30.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 // indirect + k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 5f8026d777d..548f163d2a9 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -182,14 +182,14 @@ github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= -github.com/google/cel-go v0.17.7 h1:6ebJFzu1xO2n7TLtN+UBqShGBhlD85bhvglh5DpcfqQ= -github.com/google/cel-go v0.17.7/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= +github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -301,12 +301,12 @@ github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= +github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0/go.mod h1:lAVhWwbNaveeJmxrxuSTxMgKpF6DjnuVpn6T8WiBwYQ= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= @@ -469,8 +469,8 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= +golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -566,8 +566,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= -golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= +golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= +golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -630,24 +630,24 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= k8s.io/api v0.18.0/go.mod h1:q2HRQkfDzHMBZL9l/y9rH63PkQl4vae0xRT+8prbrK8= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= k8s.io/apiextensions-apiserver v0.18.0/go.mod h1:18Cwn1Xws4xnWQNC00FLq1E350b9lUF+aOdIWDOZxgo= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= k8s.io/apimachinery v0.18.0/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.18.0/go.mod h1:3S2O6FeBBd6XTo0njUrLxiqk8GNy6wWOftjhJcXYnjw= -k8s.io/apiserver v0.29.2 h1:+Z9S0dSNr+CjnVXQePG8TcBWHr3Q7BmAr7NraHvsMiQ= -k8s.io/apiserver v0.29.2/go.mod h1:B0LieKVoyU7ykQvPFm7XSdIHaCHSzCzQWPFa5bqbeMQ= +k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= +k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= k8s.io/client-go v0.18.0/go.mod h1:uQSYDYs4WhVZ9i6AIoEZuwUggLVEF64HOD37boKAtF8= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/code-generator v0.18.0/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= k8s.io/component-base v0.18.0/go.mod h1:u3BCg0z1uskkzrnAKFzulmYaEpZF7XC9Pf/uFyb1v2c= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= +k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= @@ -655,21 +655,21 @@ k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.29.2 h1:z9qJn5wlGmGaX6EfM7OEhr6fq6SBjDKR6tPRZ/qgxeY= -k8s.io/kube-aggregator v0.29.2/go.mod h1:QEuwzmMJJsg0eg1Gv+u4cWcYeJG2+8vN8/nTXBzopUo= +k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= +k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232 h1:MMq4iF9pHuAz/9dLnHwBQKEoeigXClzs3MFh/seyqtA= -k8s.io/kube-openapi v0.0.0-20240209001042-7a0d5b415232/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw= -k8s.io/kubectl v0.29.2 h1:uaDYaBhumvkwz0S2XHt36fK0v5IdNgL7HyUniwb2IUo= -k8s.io/kubectl v0.29.2/go.mod h1:BhizuYBGcKaHWyq+G7txGw2fXg576QbPrrnQdQDZgqI= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= +k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= +k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= -sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= From 003c1b12e8f5eebd40e0d406697a62c8f2ca112d Mon Sep 17 00:00:00 2001 From: Erik Godding Boye Date: Sun, 28 Apr 2024 17:29:35 +0200 Subject: [PATCH 074/177] Promote AdditionalCertificateOutputFormats feature gate to Beta and enable by default Signed-off-by: Erik Godding Boye --- deploy/crds/crd-certificates.yaml | 4 ++-- internal/apis/certmanager/types_certificate.go | 4 ++-- internal/controller/feature/features.go | 3 ++- internal/webhook/feature/features.go | 3 ++- pkg/apis/certmanager/v1/types_certificate.go | 4 ++-- pkg/controller/certificates/issuing/internal/secret_test.go | 6 ------ test/e2e/suite/certificates/additionaloutputformats.go | 2 -- test/e2e/suite/issuers/ca/certificate.go | 6 ------ test/integration/certificates/issuing_controller_test.go | 5 ----- 9 files changed, 10 insertions(+), 27 deletions(-) diff --git a/deploy/crds/crd-certificates.yaml b/deploy/crds/crd-certificates.yaml index 030921837c6..30ee0d85a45 100644 --- a/deploy/crds/crd-certificates.yaml +++ b/deploy/crds/crd-certificates.yaml @@ -90,8 +90,8 @@ spec: to be written to this Certificate's target Secret. - This is an Alpha Feature and is only enabled with the - `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both + This is a Beta Feature enabled by default. It can be disabled with the + `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both the controller and webhook components. type: array items: diff --git a/internal/apis/certmanager/types_certificate.go b/internal/apis/certmanager/types_certificate.go index f966a1328fe..e3367d9bc4c 100644 --- a/internal/apis/certmanager/types_certificate.go +++ b/internal/apis/certmanager/types_certificate.go @@ -240,8 +240,8 @@ type CertificateSpec struct { // Defines extra output formats of the private key and signed certificate chain // to be written to this Certificate's target Secret. // - // This is an Alpha Feature and is only enabled with the - // `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both + // This is a Beta Feature enabled by default. It can be disabled with the + // `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both // the controller and webhook components. AdditionalOutputFormats []CertificateAdditionalOutputFormat diff --git a/internal/controller/feature/features.go b/internal/controller/feature/features.go index ee7d2adef4b..70dfbc0a2b5 100644 --- a/internal/controller/feature/features.go +++ b/internal/controller/feature/features.go @@ -64,6 +64,7 @@ const ( // Owner: @joshvanl // Alpha: v1.7 + // Beta: v1.15 // // AdditionalCertificateOutputFormats enable output additional format AdditionalCertificateOutputFormats featuregate.Feature = "AdditionalCertificateOutputFormats" @@ -153,7 +154,7 @@ var defaultCertManagerFeatureGates = map[featuregate.Feature]featuregate.Feature ValidateCAA: {Default: false, PreRelease: featuregate.Alpha}, ExperimentalCertificateSigningRequestControllers: {Default: false, PreRelease: featuregate.Alpha}, ExperimentalGatewayAPISupport: {Default: true, PreRelease: featuregate.Beta}, - AdditionalCertificateOutputFormats: {Default: false, PreRelease: featuregate.Alpha}, + AdditionalCertificateOutputFormats: {Default: true, PreRelease: featuregate.Beta}, ServerSideApply: {Default: false, PreRelease: featuregate.Alpha}, LiteralCertificateSubject: {Default: false, PreRelease: featuregate.Alpha}, UseCertificateRequestBasicConstraints: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/internal/webhook/feature/features.go b/internal/webhook/feature/features.go index 4e8729525d3..04c1ae20a68 100644 --- a/internal/webhook/feature/features.go +++ b/internal/webhook/feature/features.go @@ -42,6 +42,7 @@ const ( // Owner: @joshvanl // Alpha: v1.7.1 + // Beta: v1.15 // // AdditionalCertificateOutputFormats enable output additional format AdditionalCertificateOutputFormats featuregate.Feature = "AdditionalCertificateOutputFormats" @@ -94,7 +95,7 @@ func init() { var webhookFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ DisallowInsecureCSRUsageDefinition: {Default: true, PreRelease: featuregate.GA}, - AdditionalCertificateOutputFormats: {Default: false, PreRelease: featuregate.Alpha}, + AdditionalCertificateOutputFormats: {Default: true, PreRelease: featuregate.Beta}, LiteralCertificateSubject: {Default: false, PreRelease: featuregate.Alpha}, NameConstraints: {Default: false, PreRelease: featuregate.Alpha}, OtherNames: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/pkg/apis/certmanager/v1/types_certificate.go b/pkg/apis/certmanager/v1/types_certificate.go index 0d0556b76af..0448cf395db 100644 --- a/pkg/apis/certmanager/v1/types_certificate.go +++ b/pkg/apis/certmanager/v1/types_certificate.go @@ -265,8 +265,8 @@ type CertificateSpec struct { // Defines extra output formats of the private key and signed certificate chain // to be written to this Certificate's target Secret. // - // This is an Alpha Feature and is only enabled with the - // `--feature-gates=AdditionalCertificateOutputFormats=true` option set on both + // This is a Beta Feature enabled by default. It can be disabled with the + // `--feature-gates=AdditionalCertificateOutputFormats=false` option set on both // the controller and webhook components. // +optional AdditionalOutputFormats []CertificateAdditionalOutputFormat `json:"additionalOutputFormats,omitempty"` diff --git a/pkg/controller/certificates/issuing/internal/secret_test.go b/pkg/controller/certificates/issuing/internal/secret_test.go index 0d8c4fc9987..4e0ae829a6b 100644 --- a/pkg/controller/certificates/issuing/internal/secret_test.go +++ b/pkg/controller/certificates/issuing/internal/secret_test.go @@ -24,9 +24,7 @@ import ( "testing" "time" - "github.com/cert-manager/cert-manager/internal/controller/feature" testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -34,7 +32,6 @@ import ( apitypes "k8s.io/apimachinery/pkg/types" applycorev1 "k8s.io/client-go/applyconfigurations/core/v1" applymetav1 "k8s.io/client-go/applyconfigurations/meta/v1" - featuregatetesting "k8s.io/component-base/featuregate/testing" fakeclock "k8s.io/utils/clock/testing" "k8s.io/utils/ptr" @@ -58,9 +55,6 @@ var ( // SecretsManager. // See: https://github.com/kubernetes/client-go/issues/970 func Test_SecretsManager(t *testing.T) { - // Enable feature gate additional private key for this test - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultMutableFeatureGate, feature.AdditionalCertificateOutputFormats, true)() - baseCert := gen.Certificate("test", gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: "ca-issuer", Kind: "Issuer", Group: "foo.io"}), gen.SetCertificateSecretName("output"), diff --git a/test/e2e/suite/certificates/additionaloutputformats.go b/test/e2e/suite/certificates/additionaloutputformats.go index 3d293898045..84edbfb0de5 100644 --- a/test/e2e/suite/certificates/additionaloutputformats.go +++ b/test/e2e/suite/certificates/additionaloutputformats.go @@ -50,8 +50,6 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo ) createCertificate := func(f *framework.Framework, aof []cmapi.CertificateAdditionalOutputFormat) (string, *cmapi.Certificate) { - framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats) - crt := &cmapi.Certificate{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "test-additional-output-formats-", diff --git a/test/e2e/suite/issuers/ca/certificate.go b/test/e2e/suite/issuers/ca/certificate.go index 17e72b60b89..a247173b329 100644 --- a/test/e2e/suite/issuers/ca/certificate.go +++ b/test/e2e/suite/issuers/ca/certificate.go @@ -26,10 +26,8 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/util" - "github.com/cert-manager/cert-manager/internal/controller/feature" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/test/unit/gen" ) @@ -153,10 +151,6 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { }) It("should be able to create a certificate with additional output formats", func() { - // Output formats is only enabled via this feature gate being enabled. - // Don't run test if the gate isn't enabled. - framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats) - certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Creating a Certificate") diff --git a/test/integration/certificates/issuing_controller_test.go b/test/integration/certificates/issuing_controller_test.go index 1a51377e53e..52a75a5d4ca 100644 --- a/test/integration/certificates/issuing_controller_test.go +++ b/test/integration/certificates/issuing_controller_test.go @@ -37,7 +37,6 @@ import ( "k8s.io/utils/ptr" "github.com/cert-manager/cert-manager/integration-tests/framework" - "github.com/cert-manager/cert-manager/internal/webhook/feature" apiutil "github.com/cert-manager/cert-manager/pkg/api/util" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" @@ -45,11 +44,9 @@ import ( "github.com/cert-manager/cert-manager/pkg/controller/certificates/issuing" logf "github.com/cert-manager/cert-manager/pkg/logs" "github.com/cert-manager/cert-manager/pkg/metrics" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" utilpki "github.com/cert-manager/cert-manager/pkg/util/pki" testcrypto "github.com/cert-manager/cert-manager/test/unit/crypto" "github.com/cert-manager/cert-manager/test/unit/gen" - featuregatetesting "k8s.io/component-base/featuregate/testing" ) // TestIssuingController performs a basic test to ensure that the issuing @@ -748,8 +745,6 @@ func Test_IssuingController_SecretTemplate(t *testing.T) { // ensure that values in a Certificate's AddiationOutputFormats will be copied // to the target Secret- when they are both added and deleted. func Test_IssuingController_AdditionalOutputFormats(t *testing.T) { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats, true)() - ctx, cancel := context.WithTimeout(context.Background(), time.Second*40) defer cancel() From 9db044b232ad9f044438731ff5af1478ad7a8627 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 22 Apr 2024 13:24:52 +0200 Subject: [PATCH 075/177] fix gci linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - cmd/cainjector/app/cainjector.go | 1 - cmd/controller/app/controller.go | 2 +- cmd/controller/app/options/options.go | 4 +--- cmd/controller/app/start.go | 10 +++++----- cmd/controller/main.go | 1 - .../apis/config/cainjector/v1alpha1/defaults_test.go | 3 ++- internal/apis/config/controller/v1alpha1/defaults.go | 3 +-- .../apis/config/controller/v1alpha1/defaults_test.go | 3 ++- internal/apis/config/webhook/v1alpha1/defaults_test.go | 3 ++- internal/controller/certificates/certificates_test.go | 4 ++-- .../controller/certificates/policies/checks_test.go | 2 +- internal/vault/vault.go | 3 +-- pkg/acme/accounts/test/registry.go | 3 +-- pkg/acme/client/interfaces.go | 4 ++-- pkg/acme/webhook/cmd/server/start.go | 1 - pkg/api/util/names_test.go | 3 ++- pkg/cainjector/configfile/configfile.go | 3 ++- pkg/controller/acmechallenges/controller_test.go | 2 +- .../certificate-shim/gateways/controller_test.go | 6 +++--- .../certificate-shim/ingresses/controller_test.go | 2 +- pkg/controller/certificaterequests/acme/acme.go | 2 +- .../certificaterequests/selfsigned/selfsigned.go | 2 +- pkg/controller/certificaterequests/sync_test.go | 3 ++- pkg/controller/certificaterequests/venafi/venafi.go | 3 +-- .../certificates/issuing/internal/secret_test.go | 2 +- pkg/controller/certificatesigningrequests/sync_test.go | 2 +- pkg/controller/clusterissuers/checks.go | 3 ++- pkg/controller/configfile/configfile.go | 3 ++- pkg/controller/issuers/checks.go | 3 ++- pkg/healthz/healthz_test.go | 3 ++- pkg/issuer/acme/dns/acmedns/acmedns_test.go | 3 ++- pkg/issuer/acme/dns/akamai/akamai.go | 1 - pkg/issuer/acme/dns/akamai/akamai_test.go | 5 ++--- pkg/issuer/acme/dns/azuredns/azuredns.go | 3 +-- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 5 +++-- pkg/issuer/acme/dns/clouddns/clouddns.go | 4 +--- pkg/issuer/acme/dns/clouddns/clouddns_test.go | 2 +- pkg/issuer/acme/dns/digitalocean/digitalocean_test.go | 3 ++- pkg/issuer/acme/dns/route53/route53.go | 7 +++---- pkg/issuer/acme/http/pod_test.go | 4 ++-- pkg/issuer/acme/http/service_test.go | 2 +- pkg/issuer/vault/setup_test.go | 2 +- pkg/issuer/venafi/client/request.go | 2 +- pkg/issuer/venafi/setup_test.go | 5 ++--- pkg/logs/logs.go | 3 ++- pkg/metrics/metrics_test.go | 1 - pkg/server/tls/dynamic_source_test.go | 5 +++-- pkg/util/pki/certificatetemplate.go | 3 ++- pkg/util/pki/match.go | 3 +-- pkg/util/pki/parse_test.go | 3 ++- pkg/util/predicate/certificate_test.go | 3 ++- pkg/webhook/configfile/configfile.go | 3 ++- test/e2e/e2e_test.go | 3 ++- test/e2e/framework/config/helm.go | 3 +-- test/e2e/framework/config/suite.go | 3 +-- test/e2e/framework/framework.go | 6 +++--- test/e2e/framework/matcher/san_matchers.go | 3 ++- test/e2e/framework/util.go | 5 ++--- .../e2e/suite/certificaterequests/approval/approval.go | 5 +++-- .../e2e/suite/certificaterequests/approval/userinfo.go | 5 +++-- .../e2e/suite/certificaterequests/selfsigned/secret.go | 5 +++-- test/e2e/suite/certificates/additionaloutputformats.go | 7 ++++--- test/e2e/suite/certificates/duplicatesecretname.go | 5 +++-- test/e2e/suite/certificates/literalsubjectrdns.go | 7 ++++--- test/e2e/suite/certificates/othernamesan.go | 7 ++++--- test/e2e/suite/certificates/secrettemplate.go | 7 ++++--- .../selfsigned/selfsigned.go | 5 +++-- test/e2e/suite/conformance/certificates/acme/acme.go | 6 +++--- test/e2e/suite/conformance/certificates/ca/ca.go | 5 +++-- .../conformance/certificates/external/external.go | 5 +++-- .../conformance/certificates/selfsigned/selfsigned.go | 5 +++-- test/e2e/suite/conformance/certificates/suite.go | 4 ++-- test/e2e/suite/conformance/certificates/tests.go | 8 ++++---- .../conformance/certificates/vault/vault_approle.go | 5 +++-- .../suite/conformance/certificates/venafi/venafi.go | 5 +++-- .../conformance/certificates/venaficloud/cloud.go | 5 +++-- .../certificatesigningrequests/acme/acme.go | 3 ++- .../certificatesigningrequests/acme/dns01.go | 5 +++-- .../certificatesigningrequests/acme/http01.go | 5 +++-- .../conformance/certificatesigningrequests/ca/ca.go | 5 +++-- .../selfsigned/selfsigned.go | 5 +++-- .../conformance/certificatesigningrequests/suite.go | 3 ++- .../conformance/certificatesigningrequests/tests.go | 5 +++-- .../certificatesigningrequests/vault/approle.go | 5 +++-- .../certificatesigningrequests/vault/kubernetes.go | 5 +++-- .../certificatesigningrequests/venafi/cloud.go | 5 +++-- .../certificatesigningrequests/venafi/tpp.go | 5 +++-- test/e2e/suite/conformance/rbac/certificate.go | 4 ++-- test/e2e/suite/conformance/rbac/certificaterequest.go | 4 ++-- test/e2e/suite/conformance/rbac/issuer.go | 4 ++-- test/e2e/suite/issuers/acme/certificate/http01.go | 7 ++++--- test/e2e/suite/issuers/acme/certificate/notafter.go | 6 +++--- test/e2e/suite/issuers/acme/certificate/webhook.go | 5 +++-- .../e2e/suite/issuers/acme/certificaterequest/dns01.go | 5 +++-- .../suite/issuers/acme/certificaterequest/http01.go | 7 ++++--- test/e2e/suite/issuers/acme/issuer.go | 5 +++-- test/e2e/suite/issuers/ca/certificate.go | 5 +++-- test/e2e/suite/issuers/ca/certificaterequest.go | 5 +++-- test/e2e/suite/issuers/ca/clusterissuer.go | 5 +++-- test/e2e/suite/issuers/ca/issuer.go | 7 ++++--- test/e2e/suite/issuers/selfsigned/certificate.go | 7 ++++--- .../e2e/suite/issuers/selfsigned/certificaterequest.go | 5 +++-- test/e2e/suite/issuers/vault/certificate/approle.go | 6 +++--- .../suite/issuers/vault/certificaterequest/approle.go | 5 +++-- test/e2e/suite/issuers/vault/issuer.go | 5 +++-- test/e2e/suite/issuers/vault/mtls.go | 5 +++-- test/e2e/suite/issuers/venafi/cloud/setup.go | 5 +++-- test/e2e/suite/issuers/venafi/tpp/certificate.go | 5 +++-- .../e2e/suite/issuers/venafi/tpp/certificaterequest.go | 5 +++-- test/e2e/suite/issuers/venafi/tpp/setup.go | 5 +++-- test/e2e/suite/serving/cainjector.go | 5 +++-- .../certificates/metrics_controller_test.go | 1 - test/unit/gen/challenge.go | 3 ++- test/unit/gen/issuer.go | 3 ++- 115 files changed, 258 insertions(+), 213 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 2f87f07917d..31523bf9ea5 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -11,7 +11,6 @@ issues: - tenv - exhaustive - gocritic - - gci - nilerr - tagalign - dupword diff --git a/cmd/cainjector/app/cainjector.go b/cmd/cainjector/app/cainjector.go index 390cdf13f95..ced1eb088d0 100644 --- a/cmd/cainjector/app/cainjector.go +++ b/cmd/cainjector/app/cainjector.go @@ -28,7 +28,6 @@ import ( "github.com/cert-manager/cert-manager/cainjector-binary/app/options" config "github.com/cert-manager/cert-manager/internal/apis/config/cainjector" "github.com/cert-manager/cert-manager/internal/apis/config/cainjector/validation" - cainjectorconfigfile "github.com/cert-manager/cert-manager/pkg/cainjector/configfile" logf "github.com/cert-manager/cert-manager/pkg/logs" "github.com/cert-manager/cert-manager/pkg/util" diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index e45f320e9c1..269bb0d84cf 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -25,6 +25,7 @@ import ( "os" "time" + "github.com/go-logr/logr" "golang.org/x/sync/errgroup" "k8s.io/apimachinery/pkg/api/resource" utilerrors "k8s.io/apimachinery/pkg/util/errors" @@ -51,7 +52,6 @@ import ( "github.com/cert-manager/cert-manager/pkg/server/tls/authority" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/pkg/util/profiling" - "github.com/go-logr/logr" ) const ( diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index f98500787e9..7f9100f9fb6 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -20,9 +20,8 @@ import ( "fmt" "strings" - "k8s.io/apimachinery/pkg/util/sets" - "github.com/spf13/pflag" + "k8s.io/apimachinery/pkg/util/sets" cliflag "k8s.io/component-base/cli/flag" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" @@ -31,7 +30,6 @@ import ( "github.com/cert-manager/cert-manager/internal/controller/feature" configv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" shimgatewaycontroller "github.com/cert-manager/cert-manager/pkg/controller/certificate-shim/gateways" - logf "github.com/cert-manager/cert-manager/pkg/logs" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" ) diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index b81dd1a9804..ed1303d522e 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -28,6 +28,11 @@ import ( "github.com/cert-manager/cert-manager/controller-binary/app/options" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" "github.com/cert-manager/cert-manager/internal/apis/config/controller/validation" + controllerconfigfile "github.com/cert-manager/cert-manager/pkg/controller/configfile" + logf "github.com/cert-manager/cert-manager/pkg/logs" + "github.com/cert-manager/cert-manager/pkg/util" + "github.com/cert-manager/cert-manager/pkg/util/configfile" + utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" _ "github.com/cert-manager/cert-manager/pkg/controller/acmechallenges" _ "github.com/cert-manager/cert-manager/pkg/controller/acmeorders" @@ -35,17 +40,12 @@ import ( _ "github.com/cert-manager/cert-manager/pkg/controller/certificate-shim/ingresses" _ "github.com/cert-manager/cert-manager/pkg/controller/certificates/trigger" _ "github.com/cert-manager/cert-manager/pkg/controller/clusterissuers" - controllerconfigfile "github.com/cert-manager/cert-manager/pkg/controller/configfile" _ "github.com/cert-manager/cert-manager/pkg/controller/issuers" _ "github.com/cert-manager/cert-manager/pkg/issuer/acme" _ "github.com/cert-manager/cert-manager/pkg/issuer/ca" _ "github.com/cert-manager/cert-manager/pkg/issuer/selfsigned" _ "github.com/cert-manager/cert-manager/pkg/issuer/vault" _ "github.com/cert-manager/cert-manager/pkg/issuer/venafi" - logf "github.com/cert-manager/cert-manager/pkg/logs" - "github.com/cert-manager/cert-manager/pkg/util" - "github.com/cert-manager/cert-manager/pkg/util/configfile" - utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" ) const componentController = "controller" diff --git a/cmd/controller/main.go b/cmd/controller/main.go index f139a68ad1f..d5cf2c22f89 100644 --- a/cmd/controller/main.go +++ b/cmd/controller/main.go @@ -21,7 +21,6 @@ import ( "flag" "github.com/cert-manager/cert-manager/controller-binary/app" - "github.com/cert-manager/cert-manager/internal/cmd/util" logf "github.com/cert-manager/cert-manager/pkg/logs" ) diff --git a/internal/apis/config/cainjector/v1alpha1/defaults_test.go b/internal/apis/config/cainjector/v1alpha1/defaults_test.go index 4fa0b377ebc..dc479c0dcfe 100644 --- a/internal/apis/config/cainjector/v1alpha1/defaults_test.go +++ b/internal/apis/config/cainjector/v1alpha1/defaults_test.go @@ -21,8 +21,9 @@ import ( "os" "testing" - "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" "github.com/stretchr/testify/require" + + "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" ) func TestCAInjectorConfigurationDefaults(t *testing.T) { diff --git a/internal/apis/config/controller/v1alpha1/defaults.go b/internal/apis/config/controller/v1alpha1/defaults.go index a7741ca014c..5d101d6ced6 100644 --- a/internal/apis/config/controller/v1alpha1/defaults.go +++ b/internal/apis/config/controller/v1alpha1/defaults.go @@ -18,12 +18,11 @@ package v1alpha1 import ( "fmt" + "time" "k8s.io/apimachinery/pkg/runtime" logsapi "k8s.io/component-base/logs/api/v1" - "time" - cm "github.com/cert-manager/cert-manager/pkg/apis/certmanager" "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" challengescontroller "github.com/cert-manager/cert-manager/pkg/controller/acmechallenges" diff --git a/internal/apis/config/controller/v1alpha1/defaults_test.go b/internal/apis/config/controller/v1alpha1/defaults_test.go index a6927829f0d..e30809f9224 100644 --- a/internal/apis/config/controller/v1alpha1/defaults_test.go +++ b/internal/apis/config/controller/v1alpha1/defaults_test.go @@ -21,8 +21,9 @@ import ( "os" "testing" - "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" "github.com/stretchr/testify/require" + + "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" ) const TestFileLocation = "testdata/defaults.json" diff --git a/internal/apis/config/webhook/v1alpha1/defaults_test.go b/internal/apis/config/webhook/v1alpha1/defaults_test.go index d25842d3476..efa5f266aa6 100644 --- a/internal/apis/config/webhook/v1alpha1/defaults_test.go +++ b/internal/apis/config/webhook/v1alpha1/defaults_test.go @@ -21,8 +21,9 @@ import ( "os" "testing" - "github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1" "github.com/stretchr/testify/require" + + "github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1" ) func TestWebhookConfigurationDefaults(t *testing.T) { diff --git a/internal/controller/certificates/certificates_test.go b/internal/controller/certificates/certificates_test.go index 3321ef96001..0f533f90df1 100644 --- a/internal/controller/certificates/certificates_test.go +++ b/internal/controller/certificates/certificates_test.go @@ -25,11 +25,11 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + corev1listers "k8s.io/client-go/listers/core/v1" + "k8s.io/client-go/tools/cache" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmv1listers "github.com/cert-manager/cert-manager/pkg/client/listers/certmanager/v1" - corev1listers "k8s.io/client-go/listers/core/v1" - "k8s.io/client-go/tools/cache" ) func TestCertificateOwnsSecret(t *testing.T) { diff --git a/internal/controller/certificates/policies/checks_test.go b/internal/controller/certificates/policies/checks_test.go index 40720e409ce..0244c5e8941 100644 --- a/internal/controller/certificates/policies/checks_test.go +++ b/internal/controller/certificates/policies/checks_test.go @@ -21,6 +21,7 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" @@ -32,7 +33,6 @@ import ( "github.com/cert-manager/cert-manager/pkg/util/pki" testcrypto "github.com/cert-manager/cert-manager/test/unit/crypto" "github.com/cert-manager/cert-manager/test/unit/gen" - "github.com/stretchr/testify/assert" ) // Runs a full set of tests against the trigger 'policy chain' once it is diff --git a/internal/vault/vault.go b/internal/vault/vault.go index 324473c9e72..ce1a6fc6743 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -28,11 +28,10 @@ import ( "strings" "time" - corev1 "k8s.io/api/core/v1" - vault "github.com/hashicorp/vault/api" "github.com/hashicorp/vault/sdk/helper/certutil" authv1 "k8s.io/api/authentication/v1" + corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" diff --git a/pkg/acme/accounts/test/registry.go b/pkg/acme/accounts/test/registry.go index 2f7fb734e67..ffe2fea0361 100644 --- a/pkg/acme/accounts/test/registry.go +++ b/pkg/acme/accounts/test/registry.go @@ -20,10 +20,9 @@ import ( "crypto/rsa" "net/http" + "github.com/cert-manager/cert-manager/pkg/acme/accounts" acmecl "github.com/cert-manager/cert-manager/pkg/acme/client" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" - - "github.com/cert-manager/cert-manager/pkg/acme/accounts" ) var _ accounts.Registry = &FakeRegistry{} diff --git a/pkg/acme/client/interfaces.go b/pkg/acme/client/interfaces.go index 4045a0afc85..d5a6e92d6f6 100644 --- a/pkg/acme/client/interfaces.go +++ b/pkg/acme/client/interfaces.go @@ -19,9 +19,9 @@ package client import ( "context" - acmeutil "github.com/cert-manager/cert-manager/pkg/acme/util" - "golang.org/x/crypto/acme" + + acmeutil "github.com/cert-manager/cert-manager/pkg/acme/util" ) // Interface is an Automatic Certificate Management Environment (ACME) client diff --git a/pkg/acme/webhook/cmd/server/start.go b/pkg/acme/webhook/cmd/server/start.go index 6fa4daee3e6..fd953308f65 100644 --- a/pkg/acme/webhook/cmd/server/start.go +++ b/pkg/acme/webhook/cmd/server/start.go @@ -22,7 +22,6 @@ import ( "net" "github.com/spf13/cobra" - genericapiserver "k8s.io/apiserver/pkg/server" genericoptions "k8s.io/apiserver/pkg/server/options" "k8s.io/component-base/logs" diff --git a/pkg/api/util/names_test.go b/pkg/api/util/names_test.go index faa91cb0a4f..b91d47e3259 100644 --- a/pkg/api/util/names_test.go +++ b/pkg/api/util/names_test.go @@ -20,10 +20,11 @@ import ( "fmt" "testing" - cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/rand" "k8s.io/apimachinery/pkg/util/validation" + + cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" ) func TestComputeName(t *testing.T) { diff --git a/pkg/cainjector/configfile/configfile.go b/pkg/cainjector/configfile/configfile.go index d695de3426c..3fd590845ff 100644 --- a/pkg/cainjector/configfile/configfile.go +++ b/pkg/cainjector/configfile/configfile.go @@ -19,9 +19,10 @@ package configfile import ( "fmt" + "k8s.io/apimachinery/pkg/runtime/serializer" + config "github.com/cert-manager/cert-manager/internal/apis/config/cainjector" "github.com/cert-manager/cert-manager/internal/apis/config/cainjector/scheme" - "k8s.io/apimachinery/pkg/runtime/serializer" ) type CAInjectorConfigFile struct { diff --git a/pkg/controller/acmechallenges/controller_test.go b/pkg/controller/acmechallenges/controller_test.go index 066e7c693a1..4ea9bde654e 100644 --- a/pkg/controller/acmechallenges/controller_test.go +++ b/pkg/controller/acmechallenges/controller_test.go @@ -20,13 +20,13 @@ import ( "context" "testing" + "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/runtime" coretesting "k8s.io/client-go/testing" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" "github.com/cert-manager/cert-manager/test/unit/gen" - "github.com/stretchr/testify/require" ) const ( diff --git a/pkg/controller/certificate-shim/gateways/controller_test.go b/pkg/controller/certificate-shim/gateways/controller_test.go index 1f3e7150def..f41c7e69f7d 100644 --- a/pkg/controller/certificate-shim/gateways/controller_test.go +++ b/pkg/controller/certificate-shim/gateways/controller_test.go @@ -21,17 +21,17 @@ import ( "testing" "time" - testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/util/workqueue" gwapi "sigs.k8s.io/gateway-api/apis/v1" gwclient "sigs.k8s.io/gateway-api/pkg/client/clientset/versioned" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmclient "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime" + testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" ) var gatewayGVK = gwapi.SchemeGroupVersion.WithKind("Gateway") diff --git a/pkg/controller/certificate-shim/ingresses/controller_test.go b/pkg/controller/certificate-shim/ingresses/controller_test.go index eff4a59f62b..c899d8f13e3 100644 --- a/pkg/controller/certificate-shim/ingresses/controller_test.go +++ b/pkg/controller/certificate-shim/ingresses/controller_test.go @@ -21,7 +21,6 @@ import ( "testing" "time" - testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" networkingv1 "k8s.io/api/networking/v1" @@ -31,6 +30,7 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmclient "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" + testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" ) var ingressGVK = networkingv1.SchemeGroupVersion.WithKind("Ingress") diff --git a/pkg/controller/certificaterequests/acme/acme.go b/pkg/controller/certificaterequests/acme/acme.go index 8140ff82d97..2c821a6c37a 100644 --- a/pkg/controller/certificaterequests/acme/acme.go +++ b/pkg/controller/certificaterequests/acme/acme.go @@ -22,6 +22,7 @@ import ( "fmt" "slices" + "github.com/go-logr/logr" k8sErrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" @@ -40,7 +41,6 @@ import ( issuerpkg "github.com/cert-manager/cert-manager/pkg/issuer" logf "github.com/cert-manager/cert-manager/pkg/logs" "github.com/cert-manager/cert-manager/pkg/util/pki" - "github.com/go-logr/logr" ) const ( diff --git a/pkg/controller/certificaterequests/selfsigned/selfsigned.go b/pkg/controller/certificaterequests/selfsigned/selfsigned.go index abceef660e4..fa7803f5fd8 100644 --- a/pkg/controller/certificaterequests/selfsigned/selfsigned.go +++ b/pkg/controller/certificaterequests/selfsigned/selfsigned.go @@ -23,6 +23,7 @@ import ( "errors" "fmt" + "github.com/go-logr/logr" corev1 "k8s.io/api/core/v1" k8sErrors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/client-go/tools/cache" @@ -40,7 +41,6 @@ import ( cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors" "github.com/cert-manager/cert-manager/pkg/util/kube" "github.com/cert-manager/cert-manager/pkg/util/pki" - "github.com/go-logr/logr" ) const ( diff --git a/pkg/controller/certificaterequests/sync_test.go b/pkg/controller/certificaterequests/sync_test.go index ac9aea88486..ec9979ed105 100644 --- a/pkg/controller/certificaterequests/sync_test.go +++ b/pkg/controller/certificaterequests/sync_test.go @@ -40,9 +40,10 @@ import ( testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" "github.com/cert-manager/cert-manager/pkg/issuer" issuerfake "github.com/cert-manager/cert-manager/pkg/issuer/fake" - _ "github.com/cert-manager/cert-manager/pkg/issuer/selfsigned" "github.com/cert-manager/cert-manager/pkg/util/pki" "github.com/cert-manager/cert-manager/test/unit/gen" + + _ "github.com/cert-manager/cert-manager/pkg/issuer/selfsigned" ) var ( diff --git a/pkg/controller/certificaterequests/venafi/venafi.go b/pkg/controller/certificaterequests/venafi/venafi.go index 657ba6a3480..77ee5334f49 100644 --- a/pkg/controller/certificaterequests/venafi/venafi.go +++ b/pkg/controller/certificaterequests/venafi/venafi.go @@ -21,11 +21,10 @@ import ( "encoding/json" "fmt" + "github.com/Venafi/vcert/v5/pkg/endpoint" k8sErrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/Venafi/vcert/v5/pkg/endpoint" - internalinformers "github.com/cert-manager/cert-manager/internal/informers" apiutil "github.com/cert-manager/cert-manager/pkg/api/util" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" diff --git a/pkg/controller/certificates/issuing/internal/secret_test.go b/pkg/controller/certificates/issuing/internal/secret_test.go index 4e0ae829a6b..790200bc718 100644 --- a/pkg/controller/certificates/issuing/internal/secret_test.go +++ b/pkg/controller/certificates/issuing/internal/secret_test.go @@ -24,7 +24,6 @@ import ( "testing" "time" - testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -38,6 +37,7 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" controllerpkg "github.com/cert-manager/cert-manager/pkg/controller" + testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" utilpki "github.com/cert-manager/cert-manager/pkg/util/pki" testcoreclients "github.com/cert-manager/cert-manager/test/unit/coreclients" testcrypto "github.com/cert-manager/cert-manager/test/unit/crypto" diff --git a/pkg/controller/certificatesigningrequests/sync_test.go b/pkg/controller/certificatesigningrequests/sync_test.go index 9c813d31687..e91a87a7199 100644 --- a/pkg/controller/certificatesigningrequests/sync_test.go +++ b/pkg/controller/certificatesigningrequests/sync_test.go @@ -24,6 +24,7 @@ import ( certificatesv1 "k8s.io/api/certificates/v1" corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" coretesting "k8s.io/client-go/testing" fakeclock "k8s.io/utils/clock/testing" @@ -36,7 +37,6 @@ import ( csrutil "github.com/cert-manager/cert-manager/pkg/controller/certificatesigningrequests/util" testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" "github.com/cert-manager/cert-manager/test/unit/gen" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var ( diff --git a/pkg/controller/clusterissuers/checks.go b/pkg/controller/clusterissuers/checks.go index 705b2b7ae8b..fcd4ceda00c 100644 --- a/pkg/controller/clusterissuers/checks.go +++ b/pkg/controller/clusterissuers/checks.go @@ -19,9 +19,10 @@ package clusterissuers import ( "fmt" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/labels" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" ) func (c *controller) issuersForSecret(secret *corev1.Secret) ([]*v1.ClusterIssuer, error) { diff --git a/pkg/controller/configfile/configfile.go b/pkg/controller/configfile/configfile.go index c1442e9d239..9999f7275c6 100644 --- a/pkg/controller/configfile/configfile.go +++ b/pkg/controller/configfile/configfile.go @@ -19,9 +19,10 @@ package configfile import ( "fmt" + "k8s.io/apimachinery/pkg/runtime/serializer" + config "github.com/cert-manager/cert-manager/internal/apis/config/controller" "github.com/cert-manager/cert-manager/internal/apis/config/controller/scheme" - "k8s.io/apimachinery/pkg/runtime/serializer" ) type ControllerConfigFile struct { diff --git a/pkg/controller/issuers/checks.go b/pkg/controller/issuers/checks.go index 02c3dcf8126..8414ae0ac89 100644 --- a/pkg/controller/issuers/checks.go +++ b/pkg/controller/issuers/checks.go @@ -19,9 +19,10 @@ package issuers import ( "fmt" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/labels" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" ) func (c *controller) issuersForSecret(secret *corev1.Secret) ([]*v1.Issuer, error) { diff --git a/pkg/healthz/healthz_test.go b/pkg/healthz/healthz_test.go index 4487f945c9e..710feb70ab2 100644 --- a/pkg/healthz/healthz_test.go +++ b/pkg/healthz/healthz_test.go @@ -36,9 +36,10 @@ import ( "k8s.io/client-go/tools/leaderelection/resourcelock" "k8s.io/klog/v2" "k8s.io/klog/v2/ktesting" - _ "k8s.io/klog/v2/ktesting/init" // add command line flags "github.com/cert-manager/cert-manager/pkg/healthz" + + _ "k8s.io/klog/v2/ktesting/init" // add command line flags ) const ( diff --git a/pkg/issuer/acme/dns/acmedns/acmedns_test.go b/pkg/issuer/acme/dns/acmedns/acmedns_test.go index 357af597db9..40cde27bf0c 100644 --- a/pkg/issuer/acme/dns/acmedns/acmedns_test.go +++ b/pkg/issuer/acme/dns/acmedns/acmedns_test.go @@ -20,8 +20,9 @@ import ( "os" "testing" - "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" "github.com/stretchr/testify/assert" + + "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" ) var ( diff --git a/pkg/issuer/acme/dns/akamai/akamai.go b/pkg/issuer/acme/dns/akamai/akamai.go index 5cfac7dd06c..05d1e819dcc 100644 --- a/pkg/issuer/acme/dns/akamai/akamai.go +++ b/pkg/issuer/acme/dns/akamai/akamai.go @@ -25,7 +25,6 @@ import ( dns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v2" "github.com/akamai/AkamaiOPEN-edgegrid-golang/edgegrid" - "github.com/go-logr/logr" "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" diff --git a/pkg/issuer/acme/dns/akamai/akamai_test.go b/pkg/issuer/acme/dns/akamai/akamai_test.go index d37998df2d4..17caa573a3c 100644 --- a/pkg/issuer/acme/dns/akamai/akamai_test.go +++ b/pkg/issuer/acme/dns/akamai/akamai_test.go @@ -17,15 +17,14 @@ limitations under the License. package akamai import ( - "testing" - "fmt" "reflect" + "testing" dns "github.com/akamai/AkamaiOPEN-edgegrid-golang/configdns-v2" + "github.com/stretchr/testify/assert" "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" - "github.com/stretchr/testify/assert" ) func testRecordBodyData() *dns.RecordBody { diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index cec926e250a..02dbe5fbf11 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -20,8 +20,6 @@ import ( "os" "strings" - "github.com/go-logr/logr" - "github.com/Azure/azure-sdk-for-go/sdk/azcore" "github.com/Azure/azure-sdk-for-go/sdk/azcore/arm" "github.com/Azure/azure-sdk-for-go/sdk/azcore/cloud" @@ -29,6 +27,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" dns "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns" + "github.com/go-logr/logr" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index 7347dde8d89..1639136017e 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -26,11 +26,12 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/policy" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" dns "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns" - v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" - "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/util/rand" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" + "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" ) var ( diff --git a/pkg/issuer/acme/dns/clouddns/clouddns.go b/pkg/issuer/acme/dns/clouddns/clouddns.go index 28d4c145913..b124c4e066a 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns.go @@ -17,15 +17,13 @@ import ( "strings" "time" - logf "github.com/cert-manager/cert-manager/pkg/logs" - "github.com/go-logr/logr" - "golang.org/x/oauth2/google" "google.golang.org/api/dns/v1" "google.golang.org/api/option" "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" + logf "github.com/cert-manager/cert-manager/pkg/logs" ) // DNSProvider is an implementation of the DNSProvider interface. diff --git a/pkg/issuer/acme/dns/clouddns/clouddns_test.go b/pkg/issuer/acme/dns/clouddns/clouddns_test.go index 1745d0ab852..46dea1624f8 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns_test.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns_test.go @@ -14,11 +14,11 @@ import ( "testing" "time" + "github.com/stretchr/testify/assert" "golang.org/x/oauth2/google" "google.golang.org/api/dns/v1" "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" - "github.com/stretchr/testify/assert" ) var ( diff --git a/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go b/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go index 2b785a7bab4..4a8d6b1755c 100644 --- a/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go +++ b/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go @@ -21,8 +21,9 @@ import ( "testing" "time" - "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" "github.com/stretchr/testify/assert" + + "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" ) var ( diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 8213077ea1b..34ca5e268cb 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -17,10 +17,6 @@ import ( "strings" "time" - logf "github.com/cert-manager/cert-manager/pkg/logs" - - "github.com/go-logr/logr" - "github.com/aws/aws-sdk-go-v2/aws" awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" awshttp "github.com/aws/aws-sdk-go-v2/aws/transport/http" @@ -30,7 +26,10 @@ import ( route53types "github.com/aws/aws-sdk-go-v2/service/route53/types" "github.com/aws/aws-sdk-go-v2/service/sts" "github.com/aws/smithy-go/middleware" + "github.com/go-logr/logr" + "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" + logf "github.com/cert-manager/cert-manager/pkg/logs" ) const ( diff --git a/pkg/issuer/acme/http/pod_test.go b/pkg/issuer/acme/http/pod_test.go index 58f38b48ede..b60f80bd88d 100644 --- a/pkg/issuer/acme/http/pod_test.go +++ b/pkg/issuer/acme/http/pod_test.go @@ -21,17 +21,17 @@ import ( "fmt" "testing" + "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + coretesting "k8s.io/client-go/testing" "k8s.io/utils/ptr" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" "github.com/cert-manager/cert-manager/pkg/controller" testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" - "github.com/stretchr/testify/assert" - coretesting "k8s.io/client-go/testing" ) func TestEnsurePod(t *testing.T) { diff --git a/pkg/issuer/acme/http/service_test.go b/pkg/issuer/acme/http/service_test.go index 0fc2d61e438..165b777f4fa 100644 --- a/pkg/issuer/acme/http/service_test.go +++ b/pkg/issuer/acme/http/service_test.go @@ -20,6 +20,7 @@ import ( "context" "testing" + "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -28,7 +29,6 @@ import ( cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" - "github.com/stretchr/testify/assert" ) func TestEnsureService(t *testing.T) { diff --git a/pkg/issuer/vault/setup_test.go b/pkg/issuer/vault/setup_test.go index 38c33faf4f9..d0f195bcb2c 100644 --- a/pkg/issuer/vault/setup_test.go +++ b/pkg/issuer/vault/setup_test.go @@ -29,6 +29,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/validation/field" + corelisters "k8s.io/client-go/listers/core/v1" internalapi "github.com/cert-manager/cert-manager/internal/apis/certmanager" internalv1 "github.com/cert-manager/cert-manager/internal/apis/certmanager/v1" @@ -39,7 +40,6 @@ import ( cmfake "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/fake" "github.com/cert-manager/cert-manager/pkg/controller" testlisters "github.com/cert-manager/cert-manager/test/unit/listers" - corelisters "k8s.io/client-go/listers/core/v1" ) func TestVault_Setup(t *testing.T) { diff --git a/pkg/issuer/venafi/client/request.go b/pkg/issuer/venafi/client/request.go index 8691f40f29a..090cdfca96d 100644 --- a/pkg/issuer/venafi/client/request.go +++ b/pkg/issuer/venafi/client/request.go @@ -24,8 +24,8 @@ import ( "time" "github.com/Venafi/vcert/v5/pkg/certificate" - "github.com/Venafi/vcert/v5/pkg/venafi/tpp" + "github.com/cert-manager/cert-manager/pkg/issuer/venafi/client/api" "github.com/cert-manager/cert-manager/pkg/util/pki" ) diff --git a/pkg/issuer/venafi/setup_test.go b/pkg/issuer/venafi/setup_test.go index a8ee70d95a7..52907330685 100644 --- a/pkg/issuer/venafi/setup_test.go +++ b/pkg/issuer/venafi/setup_test.go @@ -25,15 +25,14 @@ import ( "github.com/go-logr/logr" - logf "github.com/cert-manager/cert-manager/pkg/logs" - "github.com/cert-manager/cert-manager/pkg/metrics" - internalinformers "github.com/cert-manager/cert-manager/internal/informers" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" controllerpkg "github.com/cert-manager/cert-manager/pkg/controller" controllertest "github.com/cert-manager/cert-manager/pkg/controller/test" "github.com/cert-manager/cert-manager/pkg/issuer/venafi/client" internalvenafifake "github.com/cert-manager/cert-manager/pkg/issuer/venafi/client/fake" + logf "github.com/cert-manager/cert-manager/pkg/logs" + "github.com/cert-manager/cert-manager/pkg/metrics" "github.com/cert-manager/cert-manager/test/unit/gen" ) diff --git a/pkg/logs/logs.go b/pkg/logs/logs.go index ea5f9c977b6..199d17adb30 100644 --- a/pkg/logs/logs.go +++ b/pkg/logs/logs.go @@ -29,10 +29,11 @@ import ( "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/component-base/logs" logsapi "k8s.io/component-base/logs/api/v1" - _ "k8s.io/component-base/logs/json/register" "k8s.io/klog/v2" "github.com/cert-manager/cert-manager/pkg/api" + + _ "k8s.io/component-base/logs/json/register" ) var Log = klog.TODO().WithName("cert-manager") diff --git a/pkg/metrics/metrics_test.go b/pkg/metrics/metrics_test.go index 97b04ee8dbe..9551db8f504 100644 --- a/pkg/metrics/metrics_test.go +++ b/pkg/metrics/metrics_test.go @@ -26,7 +26,6 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/testutil" "github.com/stretchr/testify/assert" - fakeclock "k8s.io/utils/clock/testing" ) diff --git a/pkg/server/tls/dynamic_source_test.go b/pkg/server/tls/dynamic_source_test.go index 4f7898c7b07..6480aba5884 100644 --- a/pkg/server/tls/dynamic_source_test.go +++ b/pkg/server/tls/dynamic_source_test.go @@ -30,10 +30,11 @@ import ( "testing" "time" - "github.com/cert-manager/cert-manager/pkg/server/tls/authority" - "github.com/cert-manager/cert-manager/pkg/util/pki" "github.com/stretchr/testify/assert" "golang.org/x/sync/errgroup" + + "github.com/cert-manager/cert-manager/pkg/server/tls/authority" + "github.com/cert-manager/cert-manager/pkg/util/pki" ) func signUsingTempCA(t *testing.T, template *x509.Certificate) *x509.Certificate { diff --git a/pkg/util/pki/certificatetemplate.go b/pkg/util/pki/certificatetemplate.go index f92184df23c..c4d58f16129 100644 --- a/pkg/util/pki/certificatetemplate.go +++ b/pkg/util/pki/certificatetemplate.go @@ -26,10 +26,11 @@ import ( "strings" "time" + certificatesv1 "k8s.io/api/certificates/v1" + apiutil "github.com/cert-manager/cert-manager/pkg/api/util" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" experimentalapi "github.com/cert-manager/cert-manager/pkg/apis/experimental/v1alpha1" - certificatesv1 "k8s.io/api/certificates/v1" ) type CertificateTemplateValidatorMutator func(*x509.CertificateRequest, *x509.Certificate) error diff --git a/pkg/util/pki/match.go b/pkg/util/pki/match.go index d01d76d1f1e..0b4537ef2df 100644 --- a/pkg/util/pki/match.go +++ b/pkg/util/pki/match.go @@ -24,9 +24,8 @@ import ( "crypto/rsa" "crypto/x509/pkix" "encoding/asn1" - "net" - "fmt" + "net" "reflect" corev1 "k8s.io/api/core/v1" diff --git a/pkg/util/pki/parse_test.go b/pkg/util/pki/parse_test.go index be7e3532344..5ec7aaf5771 100644 --- a/pkg/util/pki/parse_test.go +++ b/pkg/util/pki/parse_test.go @@ -25,8 +25,9 @@ import ( "strings" "testing" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" "github.com/stretchr/testify/assert" + + v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" ) func generatePrivateKeyBytes(keyAlgo v1.PrivateKeyAlgorithm, keySize int) ([]byte, error) { diff --git a/pkg/util/predicate/certificate_test.go b/pkg/util/predicate/certificate_test.go index 0b5107a1c9a..cd059d5ca9c 100644 --- a/pkg/util/predicate/certificate_test.go +++ b/pkg/util/predicate/certificate_test.go @@ -19,8 +19,9 @@ package predicate import ( "testing" - cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" "k8s.io/utils/ptr" + + cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" ) func TestCertificateSecretName(t *testing.T) { diff --git a/pkg/webhook/configfile/configfile.go b/pkg/webhook/configfile/configfile.go index ea2590f3c3c..5707f6c0380 100644 --- a/pkg/webhook/configfile/configfile.go +++ b/pkg/webhook/configfile/configfile.go @@ -19,9 +19,10 @@ package configfile import ( "fmt" + "k8s.io/apimachinery/pkg/runtime/serializer" + config "github.com/cert-manager/cert-manager/internal/apis/config/webhook" "github.com/cert-manager/cert-manager/internal/apis/config/webhook/scheme" - "k8s.io/apimachinery/pkg/runtime/serializer" ) type WebhookConfigFile struct { diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go index 32170a6243d..065ca996548 100644 --- a/test/e2e/e2e_test.go +++ b/test/e2e/e2e_test.go @@ -28,8 +28,9 @@ import ( "k8s.io/apimachinery/pkg/util/wait" ctrl "sigs.k8s.io/controller-runtime" - _ "github.com/cert-manager/cert-manager/e2e-tests/suite" logf "github.com/cert-manager/cert-manager/pkg/logs" + + _ "github.com/cert-manager/cert-manager/e2e-tests/suite" ) func init() { diff --git a/test/e2e/framework/config/helm.go b/test/e2e/framework/config/helm.go index ebdafc10c16..282ddec61da 100644 --- a/test/e2e/framework/config/helm.go +++ b/test/e2e/framework/config/helm.go @@ -17,9 +17,8 @@ limitations under the License. package config import ( - "fmt" - "flag" + "fmt" ) type Helm struct { diff --git a/test/e2e/framework/config/suite.go b/test/e2e/framework/config/suite.go index 611deb0c8ec..64570923acf 100644 --- a/test/e2e/framework/config/suite.go +++ b/test/e2e/framework/config/suite.go @@ -17,9 +17,8 @@ limitations under the License. package config import ( - "os" - "flag" + "os" ) type Suite struct { diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index ebb9a972f28..3157afb7b4a 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -20,9 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - api "k8s.io/api/core/v1" apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiextcs "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" @@ -45,6 +42,9 @@ import ( clientset "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" certmgrscheme "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned/scheme" "github.com/cert-manager/cert-manager/pkg/util/pki" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // DefaultConfig contains the default shared config the is likely parsed from diff --git a/test/e2e/framework/matcher/san_matchers.go b/test/e2e/framework/matcher/san_matchers.go index 9901e34cfc5..402d2c8ecd4 100644 --- a/test/e2e/framework/matcher/san_matchers.go +++ b/test/e2e/framework/matcher/san_matchers.go @@ -26,9 +26,10 @@ import ( "reflect" "sort" + "github.com/onsi/gomega/types" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - "github.com/onsi/gomega/types" ) func HaveSameSANsAs(CertWithExpectedSAN string) types.GomegaMatcher { diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index b34699de39b..1182929e100 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -21,9 +21,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - authorizationv1 "k8s.io/api/authorization/v1" v1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" @@ -33,6 +30,8 @@ import ( "k8s.io/component-base/featuregate" . "github.com/cert-manager/cert-manager/e2e-tests/framework/log" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) func nowStamp() string { diff --git a/test/e2e/suite/certificaterequests/approval/approval.go b/test/e2e/suite/certificaterequests/approval/approval.go index ff55c2c6111..5edeba8ace2 100644 --- a/test/e2e/suite/certificaterequests/approval/approval.go +++ b/test/e2e/suite/certificaterequests/approval/approval.go @@ -23,8 +23,6 @@ import ( "strings" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" crdapi "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -41,6 +39,9 @@ import ( cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" clientset "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // This test ensures that the approval condition may only be set by users who diff --git a/test/e2e/suite/certificaterequests/approval/userinfo.go b/test/e2e/suite/certificaterequests/approval/userinfo.go index b922c98eba7..caf9e66452e 100644 --- a/test/e2e/suite/certificaterequests/approval/userinfo.go +++ b/test/e2e/suite/certificaterequests/approval/userinfo.go @@ -22,8 +22,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -36,6 +34,9 @@ import ( "github.com/cert-manager/cert-manager/pkg/util" "github.com/cert-manager/cert-manager/pkg/util/pki" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // Check that the UserInfo fields on CertificateRequests are populated diff --git a/test/e2e/suite/certificaterequests/selfsigned/secret.go b/test/e2e/suite/certificaterequests/selfsigned/secret.go index 0fb09ee03e6..da8bc818299 100644 --- a/test/e2e/suite/certificaterequests/selfsigned/secret.go +++ b/test/e2e/suite/certificaterequests/selfsigned/secret.go @@ -19,8 +19,6 @@ package selfsigned import ( "context" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/clock" @@ -30,6 +28,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" testcrypto "github.com/cert-manager/cert-manager/test/unit/crypto" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // This test ensures that a self-signed certificaterequest will still be signed diff --git a/test/e2e/suite/certificates/additionaloutputformats.go b/test/e2e/suite/certificates/additionaloutputformats.go index 84edbfb0de5..07f66901dad 100644 --- a/test/e2e/suite/certificates/additionaloutputformats.go +++ b/test/e2e/suite/certificates/additionaloutputformats.go @@ -22,9 +22,6 @@ import ( "encoding/pem" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - . "github.com/onsi/gomega/gstruct" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "k8s.io/utils/ptr" @@ -38,6 +35,10 @@ import ( cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + . "github.com/onsi/gomega/gstruct" ) // This test ensures that the Certificates AdditionalCertificateOutputFormats diff --git a/test/e2e/suite/certificates/duplicatesecretname.go b/test/e2e/suite/certificates/duplicatesecretname.go index fee2e531882..a2259ec7c96 100644 --- a/test/e2e/suite/certificates/duplicatesecretname.go +++ b/test/e2e/suite/certificates/duplicatesecretname.go @@ -21,8 +21,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" @@ -33,6 +31,9 @@ import ( cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/pkg/util/predicate" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // This test ensures that Certificates in the same Namespace who share the same diff --git a/test/e2e/suite/certificates/literalsubjectrdns.go b/test/e2e/suite/certificates/literalsubjectrdns.go index 2a6a0c8254a..07c30b9d505 100644 --- a/test/e2e/suite/certificates/literalsubjectrdns.go +++ b/test/e2e/suite/certificates/literalsubjectrdns.go @@ -24,6 +24,9 @@ import ( "encoding/pem" "time" + //. "github.com/onsi/gomega/gstruct" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/cert-manager/cert-manager/e2e-tests/framework" e2eutil "github.com/cert-manager/cert-manager/e2e-tests/util" "github.com/cert-manager/cert-manager/internal/webhook/feature" @@ -31,11 +34,9 @@ import ( cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/test/unit/gen" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - - //. "github.com/onsi/gomega/gstruct" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { diff --git a/test/e2e/suite/certificates/othernamesan.go b/test/e2e/suite/certificates/othernamesan.go index b4e9618bafd..1f6c3f1232a 100644 --- a/test/e2e/suite/certificates/othernamesan.go +++ b/test/e2e/suite/certificates/othernamesan.go @@ -22,18 +22,19 @@ import ( "encoding/pem" "time" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/cert-manager/cert-manager/e2e-tests/framework" - . "github.com/cert-manager/cert-manager/e2e-tests/framework/matcher" e2eutil "github.com/cert-manager/cert-manager/e2e-tests/util" "github.com/cert-manager/cert-manager/internal/webhook/feature" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/cert-manager/cert-manager/e2e-tests/framework/matcher" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var _ = framework.CertManagerDescribe("othername san processing", func() { diff --git a/test/e2e/suite/certificates/secrettemplate.go b/test/e2e/suite/certificates/secrettemplate.go index b364c9b4119..38f495d57bc 100644 --- a/test/e2e/suite/certificates/secrettemplate.go +++ b/test/e2e/suite/certificates/secrettemplate.go @@ -22,10 +22,9 @@ import ( "strings" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + applycorev1 "k8s.io/client-go/applyconfigurations/core/v1" "k8s.io/client-go/util/retry" "k8s.io/utils/ptr" "sigs.k8s.io/structured-merge-diff/v4/fieldpath" @@ -35,7 +34,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" - applycorev1 "k8s.io/client-go/applyconfigurations/core/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // This test ensures that the Certificates SecretTemplate is reflected on the diff --git a/test/e2e/suite/certificatesigningrequests/selfsigned/selfsigned.go b/test/e2e/suite/certificatesigningrequests/selfsigned/selfsigned.go index 47f92ad1c4a..3573679389d 100644 --- a/test/e2e/suite/certificatesigningrequests/selfsigned/selfsigned.go +++ b/test/e2e/suite/certificatesigningrequests/selfsigned/selfsigned.go @@ -21,8 +21,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" certificatesv1 "k8s.io/api/certificates/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -33,6 +31,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" testcrypto "github.com/cert-manager/cert-manager/test/unit/crypto" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // This test ensures that a self-signed certificatesigningrequests will still diff --git a/test/e2e/suite/conformance/certificates/acme/acme.go b/test/e2e/suite/conformance/certificates/acme/acme.go index 030196c2231..927c4d9fa6d 100644 --- a/test/e2e/suite/conformance/certificates/acme/acme.go +++ b/test/e2e/suite/conformance/certificates/acme/acme.go @@ -22,9 +22,6 @@ import ( "strings" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" gwapi "sigs.k8s.io/gateway-api/apis/v1" @@ -35,6 +32,9 @@ import ( cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("Certificates", func() { diff --git a/test/e2e/suite/conformance/certificates/ca/ca.go b/test/e2e/suite/conformance/certificates/ca/ca.go index 1615ffd4fb5..6bcd411d13f 100644 --- a/test/e2e/suite/conformance/certificates/ca/ca.go +++ b/test/e2e/suite/conformance/certificates/ca/ca.go @@ -20,8 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -29,6 +27,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance/certificates" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("Certificates", func() { diff --git a/test/e2e/suite/conformance/certificates/external/external.go b/test/e2e/suite/conformance/certificates/external/external.go index f59c680c375..72e2c27fc02 100644 --- a/test/e2e/suite/conformance/certificates/external/external.go +++ b/test/e2e/suite/conformance/certificates/external/external.go @@ -20,8 +20,6 @@ import ( "context" "fmt" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" @@ -32,6 +30,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/framework/helper/featureset" "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance/certificates" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) const ( diff --git a/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go b/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go index 063562b6546..e09bfbe80ed 100644 --- a/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go +++ b/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go @@ -20,14 +20,15 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance/certificates" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("Certificates", func() { diff --git a/test/e2e/suite/conformance/certificates/suite.go b/test/e2e/suite/conformance/certificates/suite.go index 4f0b4ec5fd4..75f94e54ee8 100644 --- a/test/e2e/suite/conformance/certificates/suite.go +++ b/test/e2e/suite/conformance/certificates/suite.go @@ -17,11 +17,11 @@ limitations under the License. package certificates import ( - . "github.com/onsi/ginkgo/v2" - "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/framework/helper/featureset" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" ) // Suite defines a reusable conformance test suite that can be used against any diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index c20263c133d..c44e12e10de 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -29,10 +29,6 @@ import ( "strings" "time" - . "github.com/cert-manager/cert-manager/e2e-tests/framework/matcher" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" networkingv1beta1 "k8s.io/api/networking/v1beta1" @@ -52,6 +48,10 @@ import ( cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/pkg/util/pki" + + . "github.com/cert-manager/cert-manager/e2e-tests/framework/matcher" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // Define defines simple conformance tests that can be run against any issuer type. diff --git a/test/e2e/suite/conformance/certificates/vault/vault_approle.go b/test/e2e/suite/conformance/certificates/vault/vault_approle.go index 178115e46dd..c6d64962f44 100644 --- a/test/e2e/suite/conformance/certificates/vault/vault_approle.go +++ b/test/e2e/suite/conformance/certificates/vault/vault_approle.go @@ -20,8 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -31,6 +29,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance/certificates" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("Certificates", func() { diff --git a/test/e2e/suite/conformance/certificates/venafi/venafi.go b/test/e2e/suite/conformance/certificates/venafi/venafi.go index f80cd66d8ed..51550adaa23 100644 --- a/test/e2e/suite/conformance/certificates/venafi/venafi.go +++ b/test/e2e/suite/conformance/certificates/venafi/venafi.go @@ -20,8 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -31,6 +29,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance/certificates" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("Certificates", func() { diff --git a/test/e2e/suite/conformance/certificates/venaficloud/cloud.go b/test/e2e/suite/conformance/certificates/venaficloud/cloud.go index 8bca9d2c9fb..d5899fa6a13 100644 --- a/test/e2e/suite/conformance/certificates/venaficloud/cloud.go +++ b/test/e2e/suite/conformance/certificates/venaficloud/cloud.go @@ -20,8 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -31,6 +29,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance/certificates" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("Certificates", func() { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go index 9166fd0f549..eaf09e8c67c 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go @@ -20,7 +20,6 @@ import ( "context" "encoding/base64" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -30,6 +29,8 @@ import ( cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/pkg/controller/certificatesigningrequests/util" + + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("Certificates", func() { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go index 744a7efe26e..9eb65f94035 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go @@ -21,14 +21,15 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) func (a *acme) createDNS01Issuer(f *framework.Framework) string { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go index 9faa0eededc..1a2ac7e6314 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go @@ -21,14 +21,15 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) func (a *acme) createHTTP01Issuer(f *framework.Framework) string { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go b/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go index c2be1e9c1ee..3586f6f7d71 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go @@ -24,8 +24,6 @@ import ( "math/big" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,6 +32,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" "github.com/cert-manager/cert-manager/pkg/controller/certificatesigningrequests/util" "github.com/cert-manager/cert-manager/pkg/util/pki" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go b/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go index f9132a73613..d556093441b 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go @@ -22,8 +22,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" certificatesv1 "k8s.io/api/certificates/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -34,6 +32,9 @@ import ( experimentalapi "github.com/cert-manager/cert-manager/pkg/apis/experimental/v1alpha1" "github.com/cert-manager/cert-manager/pkg/controller/certificatesigningrequests/util" "github.com/cert-manager/cert-manager/pkg/util/pki" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/suite.go b/test/e2e/suite/conformance/certificatesigningrequests/suite.go index 449aea1c254..9d114e137f6 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/suite.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/suite.go @@ -19,13 +19,14 @@ package certificatesigningrequests import ( "crypto" - . "github.com/onsi/ginkgo/v2" certificatesv1 "k8s.io/api/certificates/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/framework/helper/featureset" "github.com/cert-manager/cert-manager/internal/controller/feature" utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" + + . "github.com/onsi/ginkgo/v2" ) // Suite defines a reusable conformance test suite that can be used against any diff --git a/test/e2e/suite/conformance/certificatesigningrequests/tests.go b/test/e2e/suite/conformance/certificatesigningrequests/tests.go index de6e793b955..7cdb172daa0 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/tests.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/tests.go @@ -23,8 +23,6 @@ import ( "net/url" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" certificatesv1 "k8s.io/api/certificates/v1" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -38,6 +36,9 @@ import ( e2eutil "github.com/cert-manager/cert-manager/e2e-tests/util" experimentalapi "github.com/cert-manager/cert-manager/pkg/apis/experimental/v1alpha1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) // Defines simple conformance tests that can be run against any issuer type. diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go index 6cf21fc11a6..f4cd90b8fa9 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go @@ -21,8 +21,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -33,6 +31,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/pkg/controller/certificatesigningrequests/util" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) type approle struct { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go index 53546a22280..d98437ca76c 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go @@ -21,8 +21,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/rand" @@ -34,6 +32,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" csrutil "github.com/cert-manager/cert-manager/pkg/controller/certificatesigningrequests/util" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go b/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go index 2e91ec62762..c86d0c2a920 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go @@ -21,8 +21,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -31,6 +29,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/framework/util/errors" "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance/certificatesigningrequests" "github.com/cert-manager/cert-manager/pkg/controller/certificatesigningrequests/util" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go b/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go index 7bc018399b0..87a74405a4c 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go @@ -20,8 +20,6 @@ import ( "context" "fmt" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/rand" @@ -31,6 +29,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/framework/util/errors" "github.com/cert-manager/cert-manager/e2e-tests/suite/conformance/certificatesigningrequests" "github.com/cert-manager/cert-manager/pkg/controller/certificatesigningrequests/util" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { diff --git a/test/e2e/suite/conformance/rbac/certificate.go b/test/e2e/suite/conformance/rbac/certificate.go index df37a79d9e2..a408e1ee47c 100644 --- a/test/e2e/suite/conformance/rbac/certificate.go +++ b/test/e2e/suite/conformance/rbac/certificate.go @@ -17,10 +17,10 @@ limitations under the License. package rbac import ( + "github.com/cert-manager/cert-manager/e2e-tests/framework" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - - "github.com/cert-manager/cert-manager/e2e-tests/framework" ) var _ = RBACDescribe("Certificates", func() { diff --git a/test/e2e/suite/conformance/rbac/certificaterequest.go b/test/e2e/suite/conformance/rbac/certificaterequest.go index 14296935e47..f7b6b498ca2 100644 --- a/test/e2e/suite/conformance/rbac/certificaterequest.go +++ b/test/e2e/suite/conformance/rbac/certificaterequest.go @@ -17,10 +17,10 @@ limitations under the License. package rbac import ( + "github.com/cert-manager/cert-manager/e2e-tests/framework" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - - "github.com/cert-manager/cert-manager/e2e-tests/framework" ) var _ = RBACDescribe("CertificateRequests", func() { diff --git a/test/e2e/suite/conformance/rbac/issuer.go b/test/e2e/suite/conformance/rbac/issuer.go index 9a428d3e1dc..429eb0a36b2 100644 --- a/test/e2e/suite/conformance/rbac/issuer.go +++ b/test/e2e/suite/conformance/rbac/issuer.go @@ -17,10 +17,10 @@ limitations under the License. package rbac import ( + "github.com/cert-manager/cert-manager/e2e-tests/framework" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - - "github.com/cert-manager/cert-manager/e2e-tests/framework" ) var _ = RBACDescribe("Issuers", func() { diff --git a/test/e2e/suite/issuers/acme/certificate/http01.go b/test/e2e/suite/issuers/acme/certificate/http01.go index d9253740cd5..800a0a21a8e 100644 --- a/test/e2e/suite/issuers/acme/certificate/http01.go +++ b/test/e2e/suite/issuers/acme/certificate/http01.go @@ -24,8 +24,6 @@ import ( "strings" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" networkingv1 "k8s.io/api/networking/v1" networkingv1beta1 "k8s.io/api/networking/v1beta1" @@ -39,13 +37,16 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/framework/helper/featureset" "github.com/cert-manager/cert-manager/e2e-tests/framework/helper/validation" "github.com/cert-manager/cert-manager/e2e-tests/framework/log" - . "github.com/cert-manager/cert-manager/e2e-tests/framework/matcher" "github.com/cert-manager/cert-manager/e2e-tests/util" e2eutil "github.com/cert-manager/cert-manager/e2e-tests/util" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/cert-manager/cert-manager/e2e-tests/framework/matcher" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { diff --git a/test/e2e/suite/issuers/acme/certificate/notafter.go b/test/e2e/suite/issuers/acme/certificate/notafter.go index 3dbc9a00cde..1192089e9e8 100644 --- a/test/e2e/suite/issuers/acme/certificate/notafter.go +++ b/test/e2e/suite/issuers/acme/certificate/notafter.go @@ -21,9 +21,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -37,6 +34,9 @@ import ( cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/pkg/util/pki" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", func() { diff --git a/test/e2e/suite/issuers/acme/certificate/webhook.go b/test/e2e/suite/issuers/acme/certificate/webhook.go index ba42d7221e9..760005a2434 100644 --- a/test/e2e/suite/issuers/acme/certificate/webhook.go +++ b/test/e2e/suite/issuers/acme/certificate/webhook.go @@ -20,8 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -34,6 +32,9 @@ import ( cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/pkg/client/clientset/versioned" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { diff --git a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go index e3e38247cad..2603dcf65f5 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go @@ -21,8 +21,6 @@ import ( "crypto/x509" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -33,6 +31,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) type dns01Provider interface { diff --git a/test/e2e/suite/issuers/acme/certificaterequest/http01.go b/test/e2e/suite/issuers/acme/certificaterequest/http01.go index 2a126b89854..b5101f4aa61 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/http01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/http01.go @@ -22,21 +22,22 @@ import ( "strings" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/framework/log" - . "github.com/cert-manager/cert-manager/e2e-tests/framework/matcher" "github.com/cert-manager/cert-manager/e2e-tests/util" e2eutil "github.com/cert-manager/cert-manager/e2e-tests/util" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/cert-manager/cert-manager/e2e-tests/framework/matcher" + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() { diff --git a/test/e2e/suite/issuers/acme/issuer.go b/test/e2e/suite/issuers/acme/issuer.go index 5b4f3284699..99d3321445d 100644 --- a/test/e2e/suite/issuers/acme/issuer.go +++ b/test/e2e/suite/issuers/acme/issuer.go @@ -23,8 +23,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -35,6 +33,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("ACME Issuer", func() { diff --git a/test/e2e/suite/issuers/ca/certificate.go b/test/e2e/suite/issuers/ca/certificate.go index a247173b329..945bfae08c3 100644 --- a/test/e2e/suite/issuers/ca/certificate.go +++ b/test/e2e/suite/issuers/ca/certificate.go @@ -20,8 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -29,6 +27,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("CA Certificate", func() { diff --git a/test/e2e/suite/issuers/ca/certificaterequest.go b/test/e2e/suite/issuers/ca/certificaterequest.go index 97b4ffce500..4a5056834c4 100644 --- a/test/e2e/suite/issuers/ca/certificaterequest.go +++ b/test/e2e/suite/issuers/ca/certificaterequest.go @@ -23,8 +23,6 @@ import ( "net/url" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -32,6 +30,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) func exampleURLs() (urls []*url.URL) { diff --git a/test/e2e/suite/issuers/ca/clusterissuer.go b/test/e2e/suite/issuers/ca/clusterissuer.go index 061cfe8d99a..3de6f5d6bca 100644 --- a/test/e2e/suite/issuers/ca/clusterissuer.go +++ b/test/e2e/suite/issuers/ca/clusterissuer.go @@ -19,8 +19,6 @@ package ca import ( "context" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/rand" @@ -29,6 +27,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("CA ClusterIssuer", func() { diff --git a/test/e2e/suite/issuers/ca/issuer.go b/test/e2e/suite/issuers/ca/issuer.go index 27cde3414f5..642bf151ec0 100644 --- a/test/e2e/suite/issuers/ca/issuer.go +++ b/test/e2e/suite/issuers/ca/issuer.go @@ -19,15 +19,16 @@ package ca import ( "context" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/util" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("CA Issuer", func() { diff --git a/test/e2e/suite/issuers/selfsigned/certificate.go b/test/e2e/suite/issuers/selfsigned/certificate.go index e3a9ab13e63..7707aee3102 100644 --- a/test/e2e/suite/issuers/selfsigned/certificate.go +++ b/test/e2e/suite/issuers/selfsigned/certificate.go @@ -21,15 +21,16 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/util" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { diff --git a/test/e2e/suite/issuers/selfsigned/certificaterequest.go b/test/e2e/suite/issuers/selfsigned/certificaterequest.go index 084c640893f..9841ab37fd3 100644 --- a/test/e2e/suite/issuers/selfsigned/certificaterequest.go +++ b/test/e2e/suite/issuers/selfsigned/certificaterequest.go @@ -20,8 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -30,6 +28,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { diff --git a/test/e2e/suite/issuers/vault/certificate/approle.go b/test/e2e/suite/issuers/vault/certificate/approle.go index 960abb8de1f..0528e0f6711 100644 --- a/test/e2e/suite/issuers/vault/certificate/approle.go +++ b/test/e2e/suite/issuers/vault/certificate/approle.go @@ -20,9 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -34,6 +31,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("Vault Issuer Certificate (AppRole, CA without root)", func() { diff --git a/test/e2e/suite/issuers/vault/certificaterequest/approle.go b/test/e2e/suite/issuers/vault/certificaterequest/approle.go index 45f7173ad11..4308a9b7b12 100644 --- a/test/e2e/suite/issuers/vault/certificaterequest/approle.go +++ b/test/e2e/suite/issuers/vault/certificaterequest/approle.go @@ -22,8 +22,6 @@ import ( "net" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -33,6 +31,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("Vault Issuer CertificateRequest (AppRole)", func() { diff --git a/test/e2e/suite/issuers/vault/issuer.go b/test/e2e/suite/issuers/vault/issuer.go index de70373b373..5fd80368d58 100644 --- a/test/e2e/suite/issuers/vault/issuer.go +++ b/test/e2e/suite/issuers/vault/issuer.go @@ -19,8 +19,6 @@ package vault import ( "context" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/rand" @@ -32,6 +30,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("Vault Issuer", func() { diff --git a/test/e2e/suite/issuers/vault/mtls.go b/test/e2e/suite/issuers/vault/mtls.go index e706b95314e..b69467e9132 100644 --- a/test/e2e/suite/issuers/vault/mtls.go +++ b/test/e2e/suite/issuers/vault/mtls.go @@ -19,8 +19,6 @@ package vault import ( "context" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/rand" @@ -32,6 +30,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { diff --git a/test/e2e/suite/issuers/venafi/cloud/setup.go b/test/e2e/suite/issuers/venafi/cloud/setup.go index 3cbd743285a..c8dd111e6f5 100644 --- a/test/e2e/suite/issuers/venafi/cloud/setup.go +++ b/test/e2e/suite/issuers/venafi/cloud/setup.go @@ -19,8 +19,6 @@ package cloud import ( "context" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -28,6 +26,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/util" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) func CloudDescribe(name string, body func()) bool { diff --git a/test/e2e/suite/issuers/venafi/tpp/certificate.go b/test/e2e/suite/issuers/venafi/tpp/certificate.go index 1151b73ac63..61df32ee00b 100644 --- a/test/e2e/suite/issuers/venafi/tpp/certificate.go +++ b/test/e2e/suite/issuers/venafi/tpp/certificate.go @@ -20,8 +20,6 @@ import ( "context" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/rand" @@ -31,6 +29,9 @@ import ( cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = TPPDescribe("Certificate with a properly configured Issuer", func() { diff --git a/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go b/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go index 264e4008892..1d0e2a8f99c 100644 --- a/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go +++ b/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go @@ -21,8 +21,6 @@ import ( "crypto/x509" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/rand" @@ -31,6 +29,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/util" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func() { diff --git a/test/e2e/suite/issuers/venafi/tpp/setup.go b/test/e2e/suite/issuers/venafi/tpp/setup.go index fad976a2a9c..4fe8cd5b137 100644 --- a/test/e2e/suite/issuers/venafi/tpp/setup.go +++ b/test/e2e/suite/issuers/venafi/tpp/setup.go @@ -19,8 +19,6 @@ package tpp import ( "context" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" @@ -28,6 +26,9 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/util" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { diff --git a/test/e2e/suite/serving/cainjector.go b/test/e2e/suite/serving/cainjector.go index 95d3f0cf865..705a204a594 100644 --- a/test/e2e/suite/serving/cainjector.go +++ b/test/e2e/suite/serving/cainjector.go @@ -21,8 +21,6 @@ import ( "fmt" "time" - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" admissionreg "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" apiext "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -39,6 +37,9 @@ import ( v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/test/unit/gen" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" ) type injectableTest struct { diff --git a/test/integration/certificates/metrics_controller_test.go b/test/integration/certificates/metrics_controller_test.go index 9215c7b3725..ce98f94f4e4 100644 --- a/test/integration/certificates/metrics_controller_test.go +++ b/test/integration/certificates/metrics_controller_test.go @@ -27,7 +27,6 @@ import ( "time" corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" fakeclock "k8s.io/utils/clock/testing" diff --git a/test/unit/gen/challenge.go b/test/unit/gen/challenge.go index 64a5fc95230..b6217e5c426 100644 --- a/test/unit/gen/challenge.go +++ b/test/unit/gen/challenge.go @@ -17,9 +17,10 @@ limitations under the License. package gen import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) type ChallengeModifier func(*cmacme.Challenge) diff --git a/test/unit/gen/issuer.go b/test/unit/gen/issuer.go index 9d42e5fa0f1..3d7ccc2268e 100644 --- a/test/unit/gen/issuer.go +++ b/test/unit/gen/issuer.go @@ -17,10 +17,11 @@ limitations under the License. package gen import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) type IssuerModifier func(v1.GenericIssuer) From bdb8f6d70c45e30cd5bac488dadace002145c334 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 22 Apr 2024 14:17:45 +0200 Subject: [PATCH 076/177] fix tagalign linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - internal/apis/acme/types_issuer.go | 2 +- internal/apis/acme/v1alpha2/types_issuer.go | 2 +- internal/apis/acme/v1alpha3/types_issuer.go | 2 +- internal/apis/acme/v1beta1/types_issuer.go | 2 +- pkg/apis/acme/v1/types_issuer.go | 2 +- 6 files changed, 5 insertions(+), 6 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 31523bf9ea5..2029bd88af7 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -12,7 +12,6 @@ issues: - exhaustive - gocritic - nilerr - - tagalign - dupword - bodyclose - loggercheck diff --git a/internal/apis/acme/types_issuer.go b/internal/apis/acme/types_issuer.go index 03e07946398..f2c2f1f5f93 100644 --- a/internal/apis/acme/types_issuer.go +++ b/internal/apis/acme/types_issuer.go @@ -303,7 +303,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct { // If specified, the pod's imagePullSecrets // +optional - ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"` } type ACMEChallengeSolverHTTP01IngressTemplate struct { diff --git a/internal/apis/acme/v1alpha2/types_issuer.go b/internal/apis/acme/v1alpha2/types_issuer.go index 1ebf3913bca..c28dbfd35d8 100644 --- a/internal/apis/acme/v1alpha2/types_issuer.go +++ b/internal/apis/acme/v1alpha2/types_issuer.go @@ -334,7 +334,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct { // If specified, the pod's imagePullSecrets // +optional - ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"` } type ACMEChallengeSolverHTTP01IngressTemplate struct { diff --git a/internal/apis/acme/v1alpha3/types_issuer.go b/internal/apis/acme/v1alpha3/types_issuer.go index 0e55c94415d..645969755c9 100644 --- a/internal/apis/acme/v1alpha3/types_issuer.go +++ b/internal/apis/acme/v1alpha3/types_issuer.go @@ -334,7 +334,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct { // If specified, the pod's imagePullSecrets // +optional - ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"` } type ACMEChallengeSolverHTTP01IngressTemplate struct { diff --git a/internal/apis/acme/v1beta1/types_issuer.go b/internal/apis/acme/v1beta1/types_issuer.go index b9aab0803e5..87fe14a8fb2 100644 --- a/internal/apis/acme/v1beta1/types_issuer.go +++ b/internal/apis/acme/v1beta1/types_issuer.go @@ -333,7 +333,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct { // If specified, the pod's imagePullSecrets // +optional - ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"` } type ACMEChallengeSolverHTTP01IngressTemplate struct { diff --git a/pkg/apis/acme/v1/types_issuer.go b/pkg/apis/acme/v1/types_issuer.go index db9415cc9aa..0b695ea5649 100644 --- a/pkg/apis/acme/v1/types_issuer.go +++ b/pkg/apis/acme/v1/types_issuer.go @@ -338,7 +338,7 @@ type ACMEChallengeSolverHTTP01IngressPodSpec struct { // If specified, the pod's imagePullSecrets // +optional - ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchStrategy:"merge" patchMergeKey:"name"` + ImagePullSecrets []corev1.LocalObjectReference `json:"imagePullSecrets,omitempty" patchMergeKey:"name" patchStrategy:"merge"` } type ACMEChallengeSolverHTTP01IngressTemplate struct { From a8b5178fc5350ec96d0861e7b5694de39a46b009 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 24 Apr 2024 18:31:14 +0200 Subject: [PATCH 077/177] fix dupword linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - cmd/controller/app/options/options.go | 2 +- deploy/crds/crd-clusterissuers.yaml | 2 +- deploy/crds/crd-issuers.yaml | 2 +- internal/apis/acme/types_issuer.go | 2 +- internal/apis/acme/v1alpha2/types_issuer.go | 2 +- internal/apis/acme/v1alpha3/types_issuer.go | 2 +- internal/apis/acme/v1beta1/types_issuer.go | 2 +- pkg/acme/util/util_test.go | 2 +- pkg/apis/acme/v1/types_issuer.go | 2 +- pkg/controller/acmechallenges/sync_test.go | 1 + pkg/controller/acmeorders/sync_test.go | 1 + pkg/util/pki/match_test.go | 2 +- pkg/util/pki/parse_test.go | 2 +- pkg/webhook/options/options.go | 2 +- 15 files changed, 14 insertions(+), 13 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 2029bd88af7..231d60e6833 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -12,7 +12,6 @@ issues: - exhaustive - gocritic - nilerr - - dupword - bodyclose - loggercheck - forbidigo diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 7f9100f9fb6..9a6d1e15971 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -195,7 +195,7 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.ControllerConfiguration) { fs.DurationVar(&c.MetricsTLSConfig.Dynamic.LeafDuration, "metrics-dynamic-serving-leaf-duration", c.MetricsTLSConfig.Dynamic.LeafDuration, "leaf duration of serving certificates") fs.StringVar(&c.MetricsTLSConfig.Dynamic.SecretNamespace, "metrics-dynamic-serving-ca-secret-namespace", c.MetricsTLSConfig.Dynamic.SecretNamespace, "namespace of the secret used to store the CA that signs serving certificates") - fs.StringVar(&c.MetricsTLSConfig.Dynamic.SecretName, "metrics-dynamic-serving-ca-secret-name", c.MetricsTLSConfig.Dynamic.SecretName, "name of the secret used to store the CA that signs serving certificates certificates") + fs.StringVar(&c.MetricsTLSConfig.Dynamic.SecretName, "metrics-dynamic-serving-ca-secret-name", c.MetricsTLSConfig.Dynamic.SecretName, "name of the secret used to store the CA that signs serving certificates") fs.StringSliceVar(&c.MetricsTLSConfig.Dynamic.DNSNames, "metrics-dynamic-serving-dns-names", c.MetricsTLSConfig.Dynamic.DNSNames, "DNS names that should be present on certificates generated by the dynamic serving CA") tlsCipherPossibleValues := cliflag.TLSCipherPossibleValues() fs.StringSliceVar(&c.MetricsTLSConfig.CipherSuites, "metrics-tls-cipher-suites", c.MetricsTLSConfig.CipherSuites, diff --git a/deploy/crds/crd-clusterissuers.yaml b/deploy/crds/crd-clusterissuers.yaml index d1d5c1c462c..f73392551e7 100644 --- a/deploy/crds/crd-clusterissuers.yaml +++ b/deploy/crds/crd-clusterissuers.yaml @@ -112,7 +112,7 @@ spec: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support - it it will create an error on the Order. + it, it will create an error on the Order. Defaults to false. type: boolean externalAccountBinding: diff --git a/deploy/crds/crd-issuers.yaml b/deploy/crds/crd-issuers.yaml index bce72ec2928..8bd4d281dee 100644 --- a/deploy/crds/crd-issuers.yaml +++ b/deploy/crds/crd-issuers.yaml @@ -112,7 +112,7 @@ spec: Enables requesting a Not After date on certificates that matches the duration of the certificate. This is not supported by all ACME servers like Let's Encrypt. If set to true when the ACME server does not support - it it will create an error on the Order. + it, it will create an error on the Order. Defaults to false. type: boolean externalAccountBinding: diff --git a/internal/apis/acme/types_issuer.go b/internal/apis/acme/types_issuer.go index f2c2f1f5f93..daa80b2b2ce 100644 --- a/internal/apis/acme/types_issuer.go +++ b/internal/apis/acme/types_issuer.go @@ -99,7 +99,7 @@ type ACMEIssuer struct { // Enables requesting a Not After date on certificates that matches the // duration of the certificate. This is not supported by all ACME servers // like Let's Encrypt. If set to true when the ACME server does not support - // it it will create an error on the Order. + // it, it will create an error on the Order. // Defaults to false. EnableDurationFeature bool } diff --git a/internal/apis/acme/v1alpha2/types_issuer.go b/internal/apis/acme/v1alpha2/types_issuer.go index c28dbfd35d8..dc02f0eb6d0 100644 --- a/internal/apis/acme/v1alpha2/types_issuer.go +++ b/internal/apis/acme/v1alpha2/types_issuer.go @@ -109,7 +109,7 @@ type ACMEIssuer struct { // Enables requesting a Not After date on certificates that matches the // duration of the certificate. This is not supported by all ACME servers // like Let's Encrypt. If set to true when the ACME server does not support - // it it will create an error on the Order. + // it, it will create an error on the Order. // Defaults to false. // +optional EnableDurationFeature bool `json:"enableDurationFeature,omitempty"` diff --git a/internal/apis/acme/v1alpha3/types_issuer.go b/internal/apis/acme/v1alpha3/types_issuer.go index 645969755c9..40c775049d8 100644 --- a/internal/apis/acme/v1alpha3/types_issuer.go +++ b/internal/apis/acme/v1alpha3/types_issuer.go @@ -109,7 +109,7 @@ type ACMEIssuer struct { // Enables requesting a Not After date on certificates that matches the // duration of the certificate. This is not supported by all ACME servers // like Let's Encrypt. If set to true when the ACME server does not support - // it it will create an error on the Order. + // it, it will create an error on the Order. // Defaults to false. // +optional EnableDurationFeature bool `json:"enableDurationFeature,omitempty"` diff --git a/internal/apis/acme/v1beta1/types_issuer.go b/internal/apis/acme/v1beta1/types_issuer.go index 87fe14a8fb2..7ffaa9fc6b6 100644 --- a/internal/apis/acme/v1beta1/types_issuer.go +++ b/internal/apis/acme/v1beta1/types_issuer.go @@ -109,7 +109,7 @@ type ACMEIssuer struct { // Enables requesting a Not After date on certificates that matches the // duration of the certificate. This is not supported by all ACME servers // like Let's Encrypt. If set to true when the ACME server does not support - // it it will create an error on the Order. + // it, it will create an error on the Order. // Defaults to false. // +optional EnableDurationFeature bool `json:"enableDurationFeature,omitempty"` diff --git a/pkg/acme/util/util_test.go b/pkg/acme/util/util_test.go index b1b41cc7710..e1f2adea4bd 100644 --- a/pkg/acme/util/util_test.go +++ b/pkg/acme/util/util_test.go @@ -56,7 +56,7 @@ func TestRetryBackoff(t *testing.T) { }, }, { - name: "Retry a 400 error when when less than 6 times", + name: "Retry a 400 error when less than 6 times", args: args{ n: 5, r: &http.Request{}, diff --git a/pkg/apis/acme/v1/types_issuer.go b/pkg/apis/acme/v1/types_issuer.go index 0b695ea5649..9e4676fae1e 100644 --- a/pkg/apis/acme/v1/types_issuer.go +++ b/pkg/apis/acme/v1/types_issuer.go @@ -110,7 +110,7 @@ type ACMEIssuer struct { // Enables requesting a Not After date on certificates that matches the // duration of the certificate. This is not supported by all ACME servers // like Let's Encrypt. If set to true when the ACME server does not support - // it it will create an error on the Order. + // it, it will create an error on the Order. // Defaults to false. // +optional EnableDurationFeature bool `json:"enableDurationFeature,omitempty"` diff --git a/pkg/controller/acmechallenges/sync_test.go b/pkg/controller/acmechallenges/sync_test.go index 1a84feccd61..b831613a810 100644 --- a/pkg/controller/acmechallenges/sync_test.go +++ b/pkg/controller/acmechallenges/sync_test.go @@ -316,6 +316,7 @@ func TestSyncHappyPath(t *testing.T) { ))), }, ExpectedEvents: []string{ + //nolint: dupword "Normal Presented Presented challenge using HTTP-01 challenge mechanism", }, }, diff --git a/pkg/controller/acmeorders/sync_test.go b/pkg/controller/acmeorders/sync_test.go index 12df314b60b..a0d7e05b489 100644 --- a/pkg/controller/acmeorders/sync_test.go +++ b/pkg/controller/acmeorders/sync_test.go @@ -426,6 +426,7 @@ Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 testpkg.NewAction(coretesting.NewCreateAction(cmacme.SchemeGroupVersion.WithResource("challenges"), testAuthorizationChallenge.Namespace, testAuthorizationChallenge)), }, ExpectedEvents: []string{ + //nolint: dupword `Normal Created Created Challenge resource "testorder-756011405" for domain "test.com"`, }, }, diff --git a/pkg/util/pki/match_test.go b/pkg/util/pki/match_test.go index 43c3e2fe059..155c2641548 100644 --- a/pkg/util/pki/match_test.go +++ b/pkg/util/pki/match_test.go @@ -347,7 +347,7 @@ func TestSecretDataAltNamesMatchSpec(t *testing.T) { DNSNames: []string{"at", "least", "one", "cn"}, }), }, - "should match if commonName is one of the requested requested dnsNames": { + "should match if commonName is one of the requested dnsNames": { spec: cmapi.CertificateSpec{ DNSNames: []string{"at", "least", "one"}, }, diff --git a/pkg/util/pki/parse_test.go b/pkg/util/pki/parse_test.go index 5ec7aaf5771..88c303dc59b 100644 --- a/pkg/util/pki/parse_test.go +++ b/pkg/util/pki/parse_test.go @@ -81,7 +81,7 @@ func TestDecodePrivateKeyBytes(t *testing.T) { return } - block := &pem.Block{Type: "BLAH BLAH BLAH", Bytes: []byte("blahblahblah")} + block := &pem.Block{Type: "BLAHBLAHBLAH", Bytes: []byte("blahblahblah")} blahKeyBytes := pem.EncodeToMemory(block) privateKeyBlock := &pem.Block{Type: "PRIVATE KEY", Bytes: []byte("blahblahblah")} diff --git a/pkg/webhook/options/options.go b/pkg/webhook/options/options.go index bb3aaeb91cd..95942bc15ff 100644 --- a/pkg/webhook/options/options.go +++ b/pkg/webhook/options/options.go @@ -66,7 +66,7 @@ func AddConfigFlags(fs *pflag.FlagSet, c *config.WebhookConfiguration) { fs.DurationVar(&c.TLSConfig.Dynamic.LeafDuration, "dynamic-serving-leaf-duration", c.TLSConfig.Dynamic.LeafDuration, "leaf duration of serving certificates") fs.StringVar(&c.TLSConfig.Dynamic.SecretNamespace, "dynamic-serving-ca-secret-namespace", c.TLSConfig.Dynamic.SecretNamespace, "namespace of the secret used to store the CA that signs serving certificates") - fs.StringVar(&c.TLSConfig.Dynamic.SecretName, "dynamic-serving-ca-secret-name", c.TLSConfig.Dynamic.SecretName, "name of the secret used to store the CA that signs serving certificates certificates") + fs.StringVar(&c.TLSConfig.Dynamic.SecretName, "dynamic-serving-ca-secret-name", c.TLSConfig.Dynamic.SecretName, "name of the secret used to store the CA that signs serving certificates") fs.StringSliceVar(&c.TLSConfig.Dynamic.DNSNames, "dynamic-serving-dns-names", c.TLSConfig.Dynamic.DNSNames, "DNS names that should be present on certificates generated by the dynamic serving CA") fs.StringVar(&c.KubeConfig, "kubeconfig", c.KubeConfig, "optional path to the kubeconfig used to connect to the apiserver. If not specified, in-cluster-config will be used") From 4e66b95473acb7b28ee0d304d7e77130f2315da5 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:15:05 +0200 Subject: [PATCH 078/177] fix wastedassign linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - test/e2e/framework/matcher/san_matchers.go | 3 +-- test/e2e/suite/issuers/acme/certificaterequest/dns01.go | 8 ++++---- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 231d60e6833..289c72dbd0e 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -29,7 +29,6 @@ issues: - goprintffuncname - ineffassign - musttag - - wastedassign - nosprintfhostport - exportloopref - gomoddirectives diff --git a/test/e2e/framework/matcher/san_matchers.go b/test/e2e/framework/matcher/san_matchers.go index 402d2c8ecd4..4100f6ce0fe 100644 --- a/test/e2e/framework/matcher/san_matchers.go +++ b/test/e2e/framework/matcher/san_matchers.go @@ -39,8 +39,7 @@ func HaveSameSANsAs(CertWithExpectedSAN string) types.GomegaMatcher { // HaveSans will check that the PEM of the certificates func SANEquals(SANExtensionExpected interface{}) *SANMatcher { extension, ok := SANExtensionExpected.(pkix.Extension) - ok = extension.Id.Equal(oidExtensionSubjectAltName) - if !ok { + if !ok || !extension.Id.Equal(oidExtensionSubjectAltName) { Fail("Invalid use of the SANEquals matcher, please supply a valid SAN pkix.Extension") } return &SANMatcher{ diff --git a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go index 2603dcf65f5..56f424514a2 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go @@ -82,7 +82,7 @@ func testRFC2136DNSProvider() bool { }, })) issuer.Namespace = f.Namespace.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), @@ -125,7 +125,7 @@ func testRFC2136DNSProvider() bool { []string{dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - cr, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) @@ -138,7 +138,7 @@ func testRFC2136DNSProvider() bool { []string{"*." + dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - cr, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) @@ -151,7 +151,7 @@ func testRFC2136DNSProvider() bool { []string{"*." + dnsDomain, dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - cr, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) // use a longer timeout for this, as it requires performing 2 dns validations in serial err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*10, key) From aac2233b1a1c0f02e94f75eee73d8c5f37128238 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:18:01 +0200 Subject: [PATCH 079/177] fix ginkgolinter linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - test/e2e/framework/matcher/san_matchers.go | 2 +- test/e2e/suite/certificates/additionaloutputformats.go | 2 +- test/e2e/suite/certificates/literalsubjectrdns.go | 6 +++--- test/e2e/suite/certificates/othernamesan.go | 8 ++++---- test/e2e/suite/conformance/certificates/tests.go | 2 +- 6 files changed, 10 insertions(+), 11 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 289c72dbd0e..c002c7d6968 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -25,7 +25,6 @@ issues: - gosimple - nakedret - asasalint - - ginkgolinter - goprintffuncname - ineffassign - musttag diff --git a/test/e2e/framework/matcher/san_matchers.go b/test/e2e/framework/matcher/san_matchers.go index 4100f6ce0fe..76c8b2c7795 100644 --- a/test/e2e/framework/matcher/san_matchers.go +++ b/test/e2e/framework/matcher/san_matchers.go @@ -126,7 +126,7 @@ var oidExtensionSubjectAltName = []int{2, 5, 29, 17} func extractSANsFromCertificate(certDER string) pkix.Extension { block, rest := pem.Decode([]byte(certDER)) - Expect(len(rest)).To(Equal(0)) + Expect(rest).To(BeEmpty()) cert, err := x509.ParseCertificate(block.Bytes) Expect(err).NotTo(HaveOccurred()) diff --git a/test/e2e/suite/certificates/additionaloutputformats.go b/test/e2e/suite/certificates/additionaloutputformats.go index 07f66901dad..c4f1d5ab88a 100644 --- a/test/e2e/suite/certificates/additionaloutputformats.go +++ b/test/e2e/suite/certificates/additionaloutputformats.go @@ -367,7 +367,7 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo continue } var fieldset fieldpath.Set - Expect(fieldset.FromJSON(bytes.NewReader(managedField.FieldsV1.Raw))) + Expect(fieldset.FromJSON(bytes.NewReader(managedField.FieldsV1.Raw))).NotTo(HaveOccurred()) if fieldset.Has(fieldpath.Path{ {FieldName: ptr.To("data")}, {FieldName: ptr.To("tls-combined.pem")}, diff --git a/test/e2e/suite/certificates/literalsubjectrdns.go b/test/e2e/suite/certificates/literalsubjectrdns.go index 07c30b9d505..eb6b3f9cf1b 100644 --- a/test/e2e/suite/certificates/literalsubjectrdns.go +++ b/test/e2e/suite/certificates/literalsubjectrdns.go @@ -97,12 +97,12 @@ var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), secretName, metav1.GetOptions{}) - Expect(err).To(BeNil()) + Expect(err).NotTo(HaveOccurred()) Expect(secret.Data).To(HaveKey("tls.crt")) crtPEM := secret.Data["tls.crt"] pemBlock, _ := pem.Decode(crtPEM) cert, err := x509.ParseCertificate(pemBlock.Bytes) - Expect(err).To(BeNil()) + Expect(err).NotTo(HaveOccurred()) Expect(cert.Subject.Names).To(Equal([]pkix.AttributeTypeAndValue{ {Type: asn1.ObjectIdentifier{2, 5, 4, 6}, Value: "Spain"}, @@ -121,7 +121,7 @@ var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { It("Should not allow unknown RDN component", func() { _, err := createCertificate(f, "UNKNOWN=blah") - Expect(err).NotTo(BeNil()) + Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("Literal subject contains unrecognized key with value [blah]")) }) diff --git a/test/e2e/suite/certificates/othernamesan.go b/test/e2e/suite/certificates/othernamesan.go index 1f6c3f1232a..44bf3692b40 100644 --- a/test/e2e/suite/certificates/othernamesan.go +++ b/test/e2e/suite/certificates/othernamesan.go @@ -103,12 +103,12 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), secretName, metav1.GetOptions{}) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) Expect(secret.Data).To(HaveKey("tls.crt")) crtPEM := secret.Data["tls.crt"] pemBlock, _ := pem.Decode(crtPEM) cert, err := x509.ParseCertificate(pemBlock.Bytes) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) By("Including the appropriate GeneralNames ( RFC822 email Address and OtherName) in generated Certificate") @@ -151,7 +151,7 @@ YH0ROM05IRf2nOI6KInaiz4POk6JvdTb UTF8Value: "user@example.org", }, }) - Expect(err).NotTo(BeNil()) + Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("admission webhook \"webhook.cert-manager.io\" denied the request: spec.otherNames[0].oid: Invalid value: \"BAD_OID\": oid syntax invalid")) }) @@ -166,7 +166,7 @@ YH0ROM05IRf2nOI6KInaiz4POk6JvdTb UTF8Value: "user@example.org", }, }) - Expect(err).NotTo(BeNil()) + Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring("admission webhook \"webhook.cert-manager.io\" denied the request: spec.otherNames[0].utf8Value: Required value: must be set to a valid non-empty UTF8 string")) }) diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index c44e12e10de..d766da60cd1 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -267,7 +267,7 @@ func (s *Suite) Define() { pemBlock, _ := pem.Decode(certBytes) cert, err := x509.ParseCertificate(pemBlock.Bytes) - Expect(err).To(BeNil()) + Expect(err).ToNot(HaveOccurred()) By("Including the appropriate GeneralNames ( RFC822 email Address and OtherName) in generated Certificate") /* openssl req -nodes -newkey rsa:2048 -subj "/CN=someCN" \ From 085136068a9c9752469a709b48a5866d8b3ca84b Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:21:07 +0200 Subject: [PATCH 080/177] fix misspell linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - internal/vault/vault.go | 2 +- pkg/controller/acmeorders/sync.go | 2 +- pkg/controller/certificates/issuing/secret_manager.go | 2 +- .../certificates/readiness/readiness_controller_test.go | 2 +- pkg/controller/certificates/trigger/trigger_controller.go | 2 +- pkg/issuer/acme/dns/azuredns/azuredns.go | 6 +++--- pkg/scheduler/scheduler.go | 2 +- pkg/scheduler/scheduler_test.go | 2 +- pkg/server/tls/dynamic_source.go | 2 +- pkg/server/tls/dynamic_source_test.go | 2 +- test/e2e/framework/helper/certificaterequests.go | 2 +- 12 files changed, 13 insertions(+), 14 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index c002c7d6968..63b6d5c9d56 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -3,7 +3,6 @@ issues: - linters: - dogsled - errcheck - - misspell - contextcheck - unparam - promlinter diff --git a/internal/vault/vault.go b/internal/vault/vault.go index ce1a6fc6743..67750da4eae 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -472,7 +472,7 @@ func (v *Vault) requestTokenWithKubernetesAuth(client Client, kubernetesAuth *v1 // Vault backend can bind the kubernetes auth backend role to the service account and specific namespace of the service account. // Providing additional audiences is not considered a major non-mitigatable security risk // as if someone creates an Issuer in another namespace/globally with the same audiences - // in attempt to highjack the certificate vault (if role config mandates sa:namespace) won't authorise the conneciton + // in attempt to highjack the certificate vault (if role config mandates sa:namespace) won't authorise the connection // as token subject won't match vault role requirement to have SA originated from the specific namespace. Audiences: audiences, diff --git a/pkg/controller/acmeorders/sync.go b/pkg/controller/acmeorders/sync.go index 143306eb604..2f323b88a43 100644 --- a/pkg/controller/acmeorders/sync.go +++ b/pkg/controller/acmeorders/sync.go @@ -51,7 +51,7 @@ const ( var ( // RequeuePeriod is the default period after which an Order should be re-queued. - // It can be overriden in tests. + // It can be overridden in tests. RequeuePeriod = time.Second * 5 ) diff --git a/pkg/controller/certificates/issuing/secret_manager.go b/pkg/controller/certificates/issuing/secret_manager.go index 04701fc4a26..2e7b0103a8d 100644 --- a/pkg/controller/certificates/issuing/secret_manager.go +++ b/pkg/controller/certificates/issuing/secret_manager.go @@ -55,7 +55,7 @@ func (c *controller) ensureSecretData(ctx context.Context, log logr.Logger, crt log = log.WithValues("secret", secret.Name) // If there is no certificate or private key data available at the target - // Secret then exit early. The absense of these keys should cause an issuance + // Secret then exit early. The absence of these keys should cause an issuance // of the Certificate, so there is no need to run post issuance checks. if secret.Data == nil || len(secret.Data[corev1.TLSCertKey]) == 0 || diff --git a/pkg/controller/certificates/readiness/readiness_controller_test.go b/pkg/controller/certificates/readiness/readiness_controller_test.go index 116300c4509..5919284701e 100644 --- a/pkg/controller/certificates/readiness/readiness_controller_test.go +++ b/pkg/controller/certificates/readiness/readiness_controller_test.go @@ -216,7 +216,7 @@ func TestProcessItem(t *testing.T) { Message: "ready message", })), }, - "update status for a Certificate that has a Ready conditon and the policy evaluates to True- should remain True": { + "update status for a Certificate that has a Ready condition and the policy evaluates to True- should remain True": { condition: cmapi.CertificateCondition{ Type: cmapi.CertificateConditionReady, Status: cmmeta.ConditionTrue, diff --git a/pkg/controller/certificates/trigger/trigger_controller.go b/pkg/controller/certificates/trigger/trigger_controller.go index 4eeca0848d5..1724d96a61a 100644 --- a/pkg/controller/certificates/trigger/trigger_controller.go +++ b/pkg/controller/certificates/trigger/trigger_controller.go @@ -246,7 +246,7 @@ func (c *controller) updateOrApplyStatus(ctx context.Context, crt *cmapi.Certifi // shouldBackOffReissuingOnFailure returns true if an issuance needs to be // delayed and the required delay after calculating the exponential backoff. // The backoff periods are 1h, 2h, 4h, 8h, 16h and 32h counting from when the last -// failure occured, +// failure occurred, // so the returned delay will be backoff_period - (current_time - last_failure_time) // // Notably, it returns no back-off when the certificate doesn't diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index 02dbe5fbf11..8c433a7030d 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -236,9 +236,9 @@ func stabilizeError(err error) error { return nil } - reponse := *resp - reponse.Body = io.NopCloser(bytes.NewReader([]byte(""))) - return &reponse + response := *resp + response.Body = io.NopCloser(bytes.NewReader([]byte(""))) + return &response } var authErr *azidentity.AuthenticationFailedError diff --git a/pkg/scheduler/scheduler.go b/pkg/scheduler/scheduler.go index 4a7624e3c59..1d4f2af3cb5 100644 --- a/pkg/scheduler/scheduler.go +++ b/pkg/scheduler/scheduler.go @@ -23,7 +23,7 @@ import ( "k8s.io/utils/clock" ) -// We are writting our own time.AfterFunc to be able to mock the clock. The +// We are writing our own time.AfterFunc to be able to mock the clock. The // cancel function can be called concurrently. func afterFunc(c clock.Clock, d time.Duration, f func()) (cancel func()) { t := c.NewTimer(d) diff --git a/pkg/scheduler/scheduler_test.go b/pkg/scheduler/scheduler_test.go index ef017784437..5a0da475c1f 100644 --- a/pkg/scheduler/scheduler_test.go +++ b/pkg/scheduler/scheduler_test.go @@ -27,7 +27,7 @@ import ( ) func Test_afterFunc(t *testing.T) { - // Note that re-implimenting AfterFunc is not a good idea, since testing it + // Note that re-implementing AfterFunc is not a good idea, since testing it // is tricky as seen in time_test.go in the standard library. We will just // focus on two important cases: "f" should be run after the duration diff --git a/pkg/server/tls/dynamic_source.go b/pkg/server/tls/dynamic_source.go index 34e7ffc7655..58e772b8dc8 100644 --- a/pkg/server/tls/dynamic_source.go +++ b/pkg/server/tls/dynamic_source.go @@ -145,7 +145,7 @@ func (f *DynamicSource) Start(ctx context.Context) error { return false } - // the renewal channel has a buffer of 1 - drop event if we are already issueing + // the renewal channel has a buffer of 1 - drop event if we are already issuing select { case renewalChan <- struct{}{}: default: diff --git a/pkg/server/tls/dynamic_source_test.go b/pkg/server/tls/dynamic_source_test.go index 6480aba5884..42aec46746f 100644 --- a/pkg/server/tls/dynamic_source_test.go +++ b/pkg/server/tls/dynamic_source_test.go @@ -238,7 +238,7 @@ func TestDynamicSource_FailingSign(t *testing.T) { template.NotAfter = template.NotBefore.Add(150 * time.Millisecond) signedCert := signUsingTempCA(t, template) - // Reset the NotBefor and NotAfter so we have high percision values here + // Reset the NotBefor and NotAfter so we have high precision values here signedCert.NotBefore = time.Now() signedCert.NotAfter = signedCert.NotBefore.Add(150 * time.Millisecond) diff --git a/test/e2e/framework/helper/certificaterequests.go b/test/e2e/framework/helper/certificaterequests.go index 29e600b1adf..34cdd97da91 100644 --- a/test/e2e/framework/helper/certificaterequests.go +++ b/test/e2e/framework/helper/certificaterequests.go @@ -199,7 +199,7 @@ func (h *Helper) ValidateIssuedCertificateRequest(cr *cmapi.CertificateRequest, return nil, fmt.Errorf("CertificateRequest does not have an Approved condition set to True: %+v", cr.Status.Conditions) } if apiutil.CertificateRequestIsDenied(cr) { - return nil, fmt.Errorf("CertificateRequest has a Denied conditon set to True: %+v", cr.Status.Conditions) + return nil, fmt.Errorf("CertificateRequest has a Denied condition set to True: %+v", cr.Status.Conditions) } return cert, nil From 31eec1f8ab74e4a5afa8bbcf818b3f1abd01e9dc Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:26:34 +0200 Subject: [PATCH 081/177] fix bodyclose linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/issuer/acme/dns/azuredns/azuredns.go | 2 ++ test/integration/certificates/metrics_controller_test.go | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index 63b6d5c9d56..edf780d30c1 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -11,7 +11,6 @@ issues: - exhaustive - gocritic - nilerr - - bodyclose - loggercheck - forbidigo - interfacebloat diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index 8c433a7030d..dce4caec62a 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -243,11 +243,13 @@ func stabilizeError(err error) error { var authErr *azidentity.AuthenticationFailedError if errors.As(err, &authErr) { + //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. authErr.RawResponse = redactResponse(authErr.RawResponse) } var respErr *azcore.ResponseError if errors.As(err, &respErr) { + //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. respErr.RawResponse = redactResponse(respErr.RawResponse) } diff --git a/test/integration/certificates/metrics_controller_test.go b/test/integration/certificates/metrics_controller_test.go index ce98f94f4e4..7a8da1623c5 100644 --- a/test/integration/certificates/metrics_controller_test.go +++ b/test/integration/certificates/metrics_controller_test.go @@ -135,6 +135,7 @@ func TestMetricsController(t *testing.T) { if err != nil { return err } + defer resp.Body.Close() output, err := io.ReadAll(resp.Body) if err != nil { From 042f59d28368345601bc8ea4118c8bdbafdd253c Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:29:00 +0200 Subject: [PATCH 082/177] fix unused linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - internal/apis/certmanager/validation/issuer_test.go | 1 + pkg/controller/acmechallenges/controller_test.go | 5 ----- .../certificate-shim/gateways/controller.go | 7 ------- pkg/controller/certificate-shim/sync_test.go | 12 ------------ .../certificatesigningrequests/vault/vault.go | 4 ---- pkg/util/pki/certificatetemplate.go | 9 --------- .../suite/issuers/acme/certificaterequest/dns01.go | 6 ------ test/e2e/suite/serving/cainjector.go | 1 - 9 files changed, 1 insertion(+), 45 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index edf780d30c1..4030a3aa745 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -15,7 +15,6 @@ issues: - forbidigo - interfacebloat - predeclared - - unused - unconvert - usestdlibvars - noctx diff --git a/internal/apis/certmanager/validation/issuer_test.go b/internal/apis/certmanager/validation/issuer_test.go index 9fb182485e9..6865d82fd50 100644 --- a/internal/apis/certmanager/validation/issuer_test.go +++ b/internal/apis/certmanager/validation/issuer_test.go @@ -47,6 +47,7 @@ var ( Key: "validkey", } // TODO (JS): Missing test for validCloudflareProvider + // nolint: unused validCloudflareProvider = cmacme.ACMEIssuerDNS01ProviderCloudflare{ APIKey: &validSecretKeyRef, Email: "valid", diff --git a/pkg/controller/acmechallenges/controller_test.go b/pkg/controller/acmechallenges/controller_test.go index 4ea9bde654e..4479a8a0e64 100644 --- a/pkg/controller/acmechallenges/controller_test.go +++ b/pkg/controller/acmechallenges/controller_test.go @@ -29,11 +29,6 @@ import ( "github.com/cert-manager/cert-manager/test/unit/gen" ) -const ( - randomFinalizer = "random.acme.cert-manager.io" - maxConcurrentChallenges = 60 -) - func TestRunScheduler(t *testing.T) { tests := map[string]struct { maxConcurrentChallenges int diff --git a/pkg/controller/certificate-shim/gateways/controller.go b/pkg/controller/certificate-shim/gateways/controller.go index b0c2df0f4df..0351c1c8b56 100644 --- a/pkg/controller/certificate-shim/gateways/controller.go +++ b/pkg/controller/certificate-shim/gateways/controller.go @@ -19,7 +19,6 @@ package controller import ( "context" "fmt" - "time" k8sErrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -36,12 +35,6 @@ import ( const ( ControllerName = "gateway-shim" - - // resyncPeriod is set to 10 hours across cert-manager. These 10 hours come - // from a discussion on the controller-runtime project that boils down to: - // never change this without an explicit reason. - // https://github.com/kubernetes-sigs/controller-runtime/pull/88#issuecomment-408500629 - resyncPeriod = 10 * time.Hour ) type controller struct { diff --git a/pkg/controller/certificate-shim/sync_test.go b/pkg/controller/certificate-shim/sync_test.go index bd98f36267c..ca71eea3232 100644 --- a/pkg/controller/certificate-shim/sync_test.go +++ b/pkg/controller/certificate-shim/sync_test.go @@ -19,7 +19,6 @@ package shimhelper import ( "context" "errors" - "fmt" "testing" "github.com/go-logr/logr" @@ -3264,17 +3263,6 @@ func TestSync(t *testing.T) { } -type fakeHelper struct { - issuer cmapi.GenericIssuer -} - -func (f *fakeHelper) GetGenericIssuer(ref cmmeta.ObjectReference, ns string) (cmapi.GenericIssuer, error) { - if f.issuer == nil { - return nil, fmt.Errorf("no issuer specified on fake helper") - } - return f.issuer, nil -} - func TestIssuerForIngress(t *testing.T) { type testT struct { Ingress *networkingv1.Ingress diff --git a/pkg/controller/certificatesigningrequests/vault/vault.go b/pkg/controller/certificatesigningrequests/vault/vault.go index b1d522f7fd7..cf5dca0490d 100644 --- a/pkg/controller/certificatesigningrequests/vault/vault.go +++ b/pkg/controller/certificatesigningrequests/vault/vault.go @@ -18,8 +18,6 @@ package vault import ( "context" - "crypto" - "crypto/x509" "fmt" certificatesv1 "k8s.io/api/certificates/v1" @@ -44,8 +42,6 @@ const ( CSRControllerName = "certificatesigningrequests-issuer-vault" ) -type signingFn func(*x509.Certificate, *x509.Certificate, crypto.PublicKey, interface{}) ([]byte, *x509.Certificate, error) - // Vault is a controller for signing Kubernetes CertificateSigningRequest // using Vault Issuers. type Vault struct { diff --git a/pkg/util/pki/certificatetemplate.go b/pkg/util/pki/certificatetemplate.go index c4d58f16129..1e36e3d0760 100644 --- a/pkg/util/pki/certificatetemplate.go +++ b/pkg/util/pki/certificatetemplate.go @@ -141,15 +141,6 @@ func (k printKeyUsage) String() string { return sb.String() } -// Deprecated: use CertificateTemplateValidateAndOverrideKeyUsages instead. -func certificateTemplateOverrideKeyUsages(keyUsage x509.KeyUsage, extKeyUsage []x509.ExtKeyUsage) CertificateTemplateValidatorMutator { - return func(req *x509.CertificateRequest, cert *x509.Certificate) error { - cert.KeyUsage = keyUsage - cert.ExtKeyUsage = extKeyUsage - return nil - } -} - // CertificateTemplateFromCSR will create a x509.Certificate for the // given *x509.CertificateRequest. func CertificateTemplateFromCSR(csr *x509.CertificateRequest, validatorMutators ...CertificateTemplateValidatorMutator) (*x509.Certificate, error) { diff --git a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go index 56f424514a2..509cde53379 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go @@ -24,7 +24,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" - "github.com/cert-manager/cert-manager/e2e-tests/framework/addon" "github.com/cert-manager/cert-manager/e2e-tests/suite/issuers/acme/dnsproviders" "github.com/cert-manager/cert-manager/e2e-tests/util" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" @@ -36,11 +35,6 @@ import ( . "github.com/onsi/gomega" ) -type dns01Provider interface { - Details() *dnsproviders.Details - addon.Addon -} - const testingACMEEmail = "e2e@cert-manager.io" const testingACMEPrivateKey = "test-acme-private-key" diff --git a/test/e2e/suite/serving/cainjector.go b/test/e2e/suite/serving/cainjector.go index 705a204a594..e0868df044c 100644 --- a/test/e2e/suite/serving/cainjector.go +++ b/test/e2e/suite/serving/cainjector.go @@ -45,7 +45,6 @@ import ( type injectableTest struct { makeInjectable func(namePrefix string) client.Object getCAs func(runtime.Object) [][]byte - subject string disabled string } From 8bec192b90cb46720e694e34f93e0616ca0ffcca Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:30:30 +0200 Subject: [PATCH 083/177] fix unconvert linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - hack/extractcrd/main.go | 4 ++-- pkg/util/pki/sans.go | 2 +- test/e2e/framework/helper/featureset/featureset.go | 2 +- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 4030a3aa745..8ebf4af9389 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -15,7 +15,6 @@ issues: - forbidigo - interfacebloat - predeclared - - unconvert - usestdlibvars - noctx - nilnil diff --git a/hack/extractcrd/main.go b/hack/extractcrd/main.go index 312412c5ada..f1c1a1d2d24 100644 --- a/hack/extractcrd/main.go +++ b/hack/extractcrd/main.go @@ -80,8 +80,8 @@ func main() { continue } - doc = string(strings.TrimPrefix(doc, "---")) - doc = string(strings.TrimSpace(doc)) + doc = strings.TrimPrefix(doc, "---") + doc = strings.TrimSpace(doc) if wantedCRDName == nil { if foundAny { diff --git a/pkg/util/pki/sans.go b/pkg/util/pki/sans.go index 98c64e0f66d..2ceed1157d1 100644 --- a/pkg/util/pki/sans.go +++ b/pkg/util/pki/sans.go @@ -126,7 +126,7 @@ func UnmarshalSANs(value []byte) (GeneralNames, error) { if err := isIA5String(name); err != nil { return errors.New("x509: SAN dNSName is malformed") } - gns.DNSNames = append(gns.DNSNames, string(name)) + gns.DNSNames = append(gns.DNSNames, name) case nameTypeX400Address: gns.X400Addresses = append(gns.X400Addresses, v) case nameTypeDirectoryName: diff --git a/test/e2e/framework/helper/featureset/featureset.go b/test/e2e/framework/helper/featureset/featureset.go index 807e064a308..b28cb6858bf 100644 --- a/test/e2e/framework/helper/featureset/featureset.go +++ b/test/e2e/framework/helper/featureset/featureset.go @@ -22,7 +22,7 @@ import ( // NewFeatureSet constructs a new feature set with the given features. func NewFeatureSet(feats ...Feature) FeatureSet { - return FeatureSet(sets.New(feats...)) + return sets.New(feats...) } // FeatureSet represents a set of features. From d976d0c353cf333f1a3a879b2151d19f7a46bf18 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:32:09 +0200 Subject: [PATCH 084/177] fix gosimple linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - test/e2e/framework/util.go | 4 +--- test/e2e/suite/certificaterequests/approval/approval.go | 2 +- test/e2e/suite/certificaterequests/approval/userinfo.go | 2 +- test/e2e/suite/issuers/acme/certificate/webhook.go | 2 +- 5 files changed, 4 insertions(+), 7 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 8ebf4af9389..ea563de62ac 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -18,7 +18,6 @@ issues: - usestdlibvars - noctx - nilnil - - gosimple - nakedret - asasalint - goprintffuncname diff --git a/test/e2e/framework/util.go b/test/e2e/framework/util.go index 1182929e100..7a3f2276306 100644 --- a/test/e2e/framework/util.go +++ b/test/e2e/framework/util.go @@ -26,7 +26,6 @@ import ( rbacv1 "k8s.io/api/rbac/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" "k8s.io/component-base/featuregate" . "github.com/cert-manager/cert-manager/e2e-tests/framework/log" @@ -92,8 +91,7 @@ func RbacClusterRoleHasAccessToResource(f *Framework, clusterRole string, verb s time.Sleep(time.Second) By("Impersonating the Service Account") - var impersonateConfig *rest.Config - impersonateConfig = f.KubeClientConfig + impersonateConfig := f.KubeClientConfig impersonateConfig.Impersonate.UserName = "system:serviceaccount:" + f.Namespace.Name + ":" + viewServiceAccountName impersonateClient, err := kubernetes.NewForConfig(impersonateConfig) Expect(err).NotTo(HaveOccurred()) diff --git a/test/e2e/suite/certificaterequests/approval/approval.go b/test/e2e/suite/certificaterequests/approval/approval.go index 5edeba8ace2..17342525618 100644 --- a/test/e2e/suite/certificaterequests/approval/approval.go +++ b/test/e2e/suite/certificaterequests/approval/approval.go @@ -199,7 +199,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { kubeConfig.QPS = 9000 kubeConfig.Burst = 9000 - kubeConfig.BearerToken = fmt.Sprintf("%s", token) + kubeConfig.BearerToken = string(token) kubeConfig.CertData = nil kubeConfig.KeyData = nil kubeConfig.Timeout = time.Second * 20 diff --git a/test/e2e/suite/certificaterequests/approval/userinfo.go b/test/e2e/suite/certificaterequests/approval/userinfo.go index caf9e66452e..ac4f0c1a02d 100644 --- a/test/e2e/suite/certificaterequests/approval/userinfo.go +++ b/test/e2e/suite/certificaterequests/approval/userinfo.go @@ -175,7 +175,7 @@ var _ = framework.CertManagerDescribe("UserInfo CertificateRequests", func() { kubeConfig.QPS = 9000 kubeConfig.Burst = 9000 - kubeConfig.BearerToken = fmt.Sprintf("%s", token) + kubeConfig.BearerToken = string(token) kubeConfig.CertData = nil kubeConfig.KeyData = nil diff --git a/test/e2e/suite/issuers/acme/certificate/webhook.go b/test/e2e/suite/issuers/acme/certificate/webhook.go index 760005a2434..ba4e6e87143 100644 --- a/test/e2e/suite/issuers/acme/certificate/webhook.go +++ b/test/e2e/suite/issuers/acme/certificate/webhook.go @@ -161,7 +161,7 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { for _, ch := range l { logf("Found challenge named %q", ch.Name) - if ch.Status.Presented == false { + if !ch.Status.Presented { logf("Challenge %q has not been 'Presented'", ch.Name) allPresented = false } From ae98ba806bfdbe88e424dbc09b9e0b42e286ac60 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 15:50:47 +0200 Subject: [PATCH 085/177] fix gocritic linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - cmd/controller/app/options/options_test.go | 1 - cmd/controller/app/start.go | 4 +--- .../certmanager/validation/certificate.go | 4 ++-- .../apis/certmanager/validation/issuer.go | 11 ++++------ .../certificates/policies/checks.go | 2 +- internal/vault/vault.go | 3 ++- internal/vault/vault_test.go | 8 +++---- make/config/samplewebhook/sample/main.go | 16 +++++++------- pkg/acme/util.go | 3 +-- pkg/controller/acmechallenges/sync.go | 5 +++-- pkg/controller/certificate-shim/sync.go | 11 ++++------ pkg/controller/certificaterequests/ca/ca.go | 12 +++++----- .../certificaterequests/controller.go | 4 ++-- .../issuing/issuing_controller.go | 2 +- .../certificates/issuing/secret_manager.go | 10 ++++----- .../readiness/readiness_controller.go | 2 +- .../certificatesigningrequests/controller.go | 4 ++-- pkg/issuer/acme/dns/cloudflare/cloudflare.go | 6 ++--- .../acme/dns/cloudflare/cloudflare_test.go | 2 +- pkg/issuer/vault/setup_test.go | 3 +-- pkg/util/cmapichecker/cmapichecker_test.go | 6 ++--- pkg/util/configfile/configfile.go | 4 +--- pkg/util/pki/asn1_util.go | 9 ++++---- pkg/util/pki/match_test.go | 12 ++++------ pkg/util/pki/subject.go | 2 +- test/e2e/bin/cloudflare-clean/main.go | 22 ++++++++++++++----- test/e2e/framework/addon/chart/addon.go | 3 ++- test/e2e/framework/matcher/san_matchers.go | 8 +++---- .../suite/certificates/literalsubjectrdns.go | 1 - .../suite/conformance/certificates/tests.go | 1 - .../certificatesigningrequests/tests.go | 3 ++- .../suite/issuers/acme/certificate/webhook.go | 1 - test/e2e/util/util.go | 4 ++-- 34 files changed, 90 insertions(+), 100 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index ea563de62ac..bd1c2930dfe 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -9,7 +9,6 @@ issues: - errname - tenv - exhaustive - - gocritic - nilerr - loggercheck - forbidigo diff --git a/cmd/controller/app/options/options_test.go b/cmd/controller/app/options/options_test.go index ab871e48b44..acefc2e247d 100644 --- a/cmd/controller/app/options/options_test.go +++ b/cmd/controller/app/options/options_test.go @@ -22,7 +22,6 @@ import ( "k8s.io/apimachinery/pkg/util/sets" - //"github.com/cert-manager/cert-manager/controller-binary/app/options" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" defaults "github.com/cert-manager/cert-manager/internal/apis/config/controller/v1alpha1" "github.com/cert-manager/cert-manager/internal/apis/config/controller/validation" diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index ed1303d522e..ed5fc18e0a1 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -53,9 +53,7 @@ const componentController = "controller" func NewServerCommand(ctx context.Context) *cobra.Command { return newServerCommand( ctx, - func(ctx context.Context, cfg *config.ControllerConfiguration) error { - return Run(ctx, cfg) - }, + Run, os.Args[1:], ) } diff --git a/internal/apis/certmanager/validation/certificate.go b/internal/apis/certmanager/validation/certificate.go index ac308952bd3..20172892f8f 100644 --- a/internal/apis/certmanager/validation/certificate.go +++ b/internal/apis/certmanager/validation/certificate.go @@ -254,7 +254,7 @@ func validateIssuerRef(issuerRef cmmeta.ObjectReference, fldPath *field.Path) fi } func validateIPAddresses(a *internalcmapi.CertificateSpec, fldPath *field.Path) field.ErrorList { - if len(a.IPAddresses) <= 0 { + if len(a.IPAddresses) == 0 { return nil } el := field.ErrorList{} @@ -268,7 +268,7 @@ func validateIPAddresses(a *internalcmapi.CertificateSpec, fldPath *field.Path) } func validateEmailAddresses(a *internalcmapi.CertificateSpec, fldPath *field.Path) field.ErrorList { - if len(a.EmailAddresses) <= 0 { + if len(a.EmailAddresses) == 0 { return nil } el := field.ErrorList{} diff --git a/internal/apis/certmanager/validation/issuer.go b/internal/apis/certmanager/validation/issuer.go index 8c8cdf336aa..b8797b0726e 100644 --- a/internal/apis/certmanager/validation/issuer.go +++ b/internal/apis/certmanager/validation/issuer.go @@ -443,13 +443,10 @@ func ValidateACMEChallengeSolverDNS01(p *cmacme.ACMEChallengeSolverDNS01, fldPat if p.AzureDNS.ManagedIdentity != nil { el = append(el, field.Forbidden(fldPath.Child("azureDNS", "managedIdentity"), "managed identity can not be used at the same time as clientID, clientSecretSecretRef or tenantID")) } - } else { - // using managed identity - if p.AzureDNS.ManagedIdentity != nil && len(p.AzureDNS.ManagedIdentity.ClientID) > 0 && len(p.AzureDNS.ManagedIdentity.ResourceID) > 0 { - el = append(el, field.Forbidden(fldPath.Child("azureDNS", "managedIdentity"), "managedIdentityClientID and managedIdentityResourceID cannot both be specified")) - } - + } else if p.AzureDNS.ManagedIdentity != nil && len(p.AzureDNS.ManagedIdentity.ClientID) > 0 && len(p.AzureDNS.ManagedIdentity.ResourceID) > 0 { + el = append(el, field.Forbidden(fldPath.Child("azureDNS", "managedIdentity"), "managedIdentityClientID and managedIdentityResourceID cannot both be specified")) } + // SubscriptionID must always be defined if len(p.AzureDNS.SubscriptionID) == 0 { el = append(el, field.Required(fldPath.Child("azureDNS", "subscriptionID"), "")) @@ -569,7 +566,7 @@ func ValidateACMEChallengeSolverDNS01(p *cmacme.ACMEChallengeSolverDNS01, fldPat } if len(ValidateSecretKeySelector(&p.RFC2136.TSIGSecret, fldPath.Child("rfc2136", "tsigSecretSecretRef"))) == 0 { - if len(p.RFC2136.TSIGKeyName) <= 0 { + if len(p.RFC2136.TSIGKeyName) == 0 { el = append(el, field.Required(fldPath.Child("rfc2136", "tsigKeyName"), "")) } diff --git a/internal/controller/certificates/policies/checks.go b/internal/controller/certificates/policies/checks.go index 0c73e898c44..921b4d8027d 100644 --- a/internal/controller/certificates/policies/checks.go +++ b/internal/controller/certificates/policies/checks.go @@ -277,7 +277,7 @@ func CurrentCertificateNearingExpiry(c clock.Clock) Func { renewIn := renewalTime.Time.Sub(c.Now()) if renewIn > 0 { - //renewal time is in future, no need to renew + // renewal time is in future, no need to renew return "", "", false } diff --git a/internal/vault/vault.go b/internal/vault/vault.go index 67750da4eae..a4ab1aec1a9 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -457,7 +457,8 @@ func (v *Vault) requestTokenWithKubernetesAuth(client Client, kubernetesAuth *v1 } defaultAudience += v.issuer.GetName() - audiences := append(kubernetesAuth.ServiceAccountRef.TokenAudiences, defaultAudience) + audiences := append([]string(nil), kubernetesAuth.ServiceAccountRef.TokenAudiences...) + audiences = append(audiences, defaultAudience) tokenrequest, err := v.createToken(context.Background(), kubernetesAuth.ServiceAccountRef.Name, &authv1.TokenRequest{ Spec: authv1.TokenRequestSpec{ diff --git a/internal/vault/vault_test.go b/internal/vault/vault_test.go index 04405d4935a..96ad6fe5252 100644 --- a/internal/vault/vault_test.go +++ b/internal/vault/vault_test.go @@ -1097,10 +1097,10 @@ type testNewConfigT struct { func TestNewConfig(t *testing.T) { caBundleSecretRefFakeSecretLister := func(namespace, secret, key, cert string) *listers.FakeSecretLister { return listers.FakeSecretListerFrom(listers.NewFakeSecretLister(), func(f *listers.FakeSecretLister) { - f.SecretsFn = func(namespace string) clientcorev1.SecretNamespaceLister { + f.SecretsFn = func(listerNamespace string) clientcorev1.SecretNamespaceLister { return listers.FakeSecretNamespaceListerFrom(listers.NewFakeSecretNamespaceLister(), func(fn *listers.FakeSecretNamespaceLister) { fn.GetFn = func(name string) (*corev1.Secret, error) { - if name == secret && namespace == namespace { + if name == secret && listerNamespace == namespace { return &corev1.Secret{ Data: map[string][]byte{ key: []byte(cert), @@ -1114,10 +1114,10 @@ func TestNewConfig(t *testing.T) { } clientCertificateSecretRefFakeSecretLister := func(namespace, secret, caKey, caCert, clientKey, clientCert, privateKey, privateKeyCert string) *listers.FakeSecretLister { return listers.FakeSecretListerFrom(listers.NewFakeSecretLister(), func(f *listers.FakeSecretLister) { - f.SecretsFn = func(namespace string) clientcorev1.SecretNamespaceLister { + f.SecretsFn = func(listerNamespace string) clientcorev1.SecretNamespaceLister { return listers.FakeSecretNamespaceListerFrom(listers.NewFakeSecretNamespaceLister(), func(fn *listers.FakeSecretNamespaceLister) { fn.GetFn = func(name string) (*corev1.Secret, error) { - if name == secret && namespace == namespace { + if name == secret && listerNamespace == namespace { return &corev1.Secret{ Data: map[string][]byte{ caKey: []byte(caCert), diff --git a/make/config/samplewebhook/sample/main.go b/make/config/samplewebhook/sample/main.go index 2bbbcea8def..1ccd59f96c4 100644 --- a/make/config/samplewebhook/sample/main.go +++ b/make/config/samplewebhook/sample/main.go @@ -56,7 +56,7 @@ type customDNSProviderSolver struct { // 3. uncomment the relevant code in the Initialize method below // 4. ensure your webhook's service account has the required RBAC role // assigned to it for interacting with the Kubernetes APIs you need. - //client kubernetes.Clientset + // client kubernetes.Clientset } // customDNSProviderConfig is a structure that is used to decode into when @@ -79,8 +79,8 @@ type customDNSProviderConfig struct { // These fields will be set by users in the // `issuer.spec.acme.dns01.providers.webhook.config` field. - //Email string `json:"email"` - //APIKeySecretRef cmmeta.SecretKeySelector `json:"apiKeySecretRef"` + // Email string `json:"email"` + // APIKeySecretRef cmmeta.SecretKeySelector `json:"apiKeySecretRef"` } // Name is used as the name for this DNS solver when referencing it on the ACME @@ -135,12 +135,12 @@ func (c *customDNSProviderSolver) Initialize(kubeClientConfig *rest.Config, stop ///// UNCOMMENT THE BELOW CODE TO MAKE A KUBERNETES CLIENTSET AVAILABLE TO ///// YOUR CUSTOM DNS PROVIDER - //cl, err := kubernetes.NewForConfig(kubeClientConfig) - //if err != nil { - // return err - //} + // cl, err := kubernetes.NewForConfig(kubeClientConfig) + // if err != nil { + // return err + // } // - //c.client = cl + // c.client = cl ///// END OF CODE TO MAKE KUBERNETES CLIENTSET AVAILABLE return nil diff --git a/pkg/acme/util.go b/pkg/acme/util.go index 42e05aae421..3b45eb95205 100644 --- a/pkg/acme/util.go +++ b/pkg/acme/util.go @@ -28,8 +28,7 @@ import ( // The 'valid' state is a special case, as it is a final state for Challenges but // not for Orders. func IsFinalState(s cmacme.State) bool { - switch s { - case cmacme.Valid: + if s == cmacme.Valid { return true } return IsFailureState(s) diff --git a/pkg/controller/acmechallenges/sync.go b/pkg/controller/acmechallenges/sync.go index 695ade4f012..b49583b270a 100644 --- a/pkg/controller/acmechallenges/sync.go +++ b/pkg/controller/acmechallenges/sync.go @@ -222,18 +222,19 @@ func handleError(ch *cmacme.Challenge, err error) error { if acmeErr, ok = err.(*acmeapi.Error); !ok { return err } - switch acmeErr.ProblemType { + // This response type is returned when an authorization has expired or the // request is in some way malformed. // In this case, we should mark the challenge as expired so that the order // can be retried. // TODO: don't mark *all* malformed errors as expired, we may be able to be // more informative to the user by further inspecting the Error response. - case "urn:ietf:params:acme:error:malformed": + if acmeErr.ProblemType == "urn:ietf:params:acme:error:malformed" { ch.Status.State = cmacme.Expired // absorb the error as updating the challenge's status will trigger a sync return nil } + if acmeErr.StatusCode >= 400 && acmeErr.StatusCode < 500 { ch.Status.State = cmacme.Errored ch.Status.Reason = fmt.Sprintf("Failed to retrieve Order resource: %v", err) diff --git a/pkg/controller/certificate-shim/sync.go b/pkg/controller/certificate-shim/sync.go index 79c68e11d49..80828e456e6 100644 --- a/pkg/controller/certificate-shim/sync.go +++ b/pkg/controller/certificate-shim/sync.go @@ -92,8 +92,7 @@ func SyncFnFor( // "kubernetes.io/tls-acme" annotation are only enabled for the Ingress // resource. var autoAnnotations []string - switch ingLike.(type) { - case *networkingv1.Ingress: + if _, ok := ingLike.(*networkingv1.Ingress); ok { autoAnnotations = defaults.DefaultAutoCertificateAnnotations } @@ -284,11 +283,9 @@ func validateGatewayListenerBlock(path *field.Path, l gwapi.Listener, ingLike me if l.TLS.Mode == nil { errs = append(errs, field.Required(path.Child("tls").Child("mode"), "the mode field is required")) - } else { - if *l.TLS.Mode != gwapi.TLSModeTerminate { - errs = append(errs, field.NotSupported(path.Child("tls").Child("mode"), - *l.TLS.Mode, []string{string(gwapi.TLSModeTerminate)})) - } + } else if *l.TLS.Mode != gwapi.TLSModeTerminate { + errs = append(errs, field.NotSupported(path.Child("tls").Child("mode"), + *l.TLS.Mode, []string{string(gwapi.TLSModeTerminate)})) } return errs diff --git a/pkg/controller/certificaterequests/ca/ca.go b/pkg/controller/certificaterequests/ca/ca.go index eafd1933b8a..5c1eae44d48 100644 --- a/pkg/controller/certificaterequests/ca/ca.go +++ b/pkg/controller/certificaterequests/ca/ca.go @@ -66,13 +66,11 @@ func init() { func NewCA(ctx *controllerpkg.Context) certificaterequests.Issuer { return &CA{ - issuerOptions: ctx.IssuerOptions, - secretsLister: ctx.KubeSharedInformerFactory.Secrets().Lister(), - reporter: crutil.NewReporter(ctx.Clock, ctx.Recorder), - templateGenerator: func(cr *cmapi.CertificateRequest) (*x509.Certificate, error) { - return pki.CertificateTemplateFromCertificateRequest(cr) - }, - signingFn: pki.SignCSRTemplate, + issuerOptions: ctx.IssuerOptions, + secretsLister: ctx.KubeSharedInformerFactory.Secrets().Lister(), + reporter: crutil.NewReporter(ctx.Clock, ctx.Recorder), + templateGenerator: pki.CertificateTemplateFromCertificateRequest, + signingFn: pki.SignCSRTemplate, } } diff --git a/pkg/controller/certificaterequests/controller.go b/pkg/controller/certificaterequests/controller.go index 6531768a5e3..c14f8447e9f 100644 --- a/pkg/controller/certificaterequests/controller.go +++ b/pkg/controller/certificaterequests/controller.go @@ -88,8 +88,8 @@ type Controller struct { issuerLister cmlisters.IssuerLister clusterIssuerLister cmlisters.ClusterIssuerLister - //registerExtraInformers is a list of functions that CertificateRequest - //controllers can use to register custom informers. + // registerExtraInformers is a list of functions that CertificateRequest + // controllers can use to register custom informers. registerExtraInformers []RegisterExtraInformerFn // Issuer to call sign function diff --git a/pkg/controller/certificates/issuing/issuing_controller.go b/pkg/controller/certificates/issuing/issuing_controller.go index 60e2e7b1904..44c9d108455 100644 --- a/pkg/controller/certificates/issuing/issuing_controller.go +++ b/pkg/controller/certificates/issuing/issuing_controller.go @@ -403,7 +403,7 @@ func (c *controller) issueCertificate(ctx context.Context, nextRevision int, crt return err } - //Set status.revision to revision of the CertificateRequest + // Set status.revision to revision of the CertificateRequest crt.Status.Revision = &nextRevision // Remove Issuing status condition diff --git a/pkg/controller/certificates/issuing/secret_manager.go b/pkg/controller/certificates/issuing/secret_manager.go index 2e7b0103a8d..7a0fc98113f 100644 --- a/pkg/controller/certificates/issuing/secret_manager.go +++ b/pkg/controller/certificates/issuing/secret_manager.go @@ -85,11 +85,11 @@ func (c *controller) ensureSecretData(ctx context.Context, log logr.Logger, crt if isViolation { switch reason { case policies.InvalidCertificate, policies.ManagedFieldsParseError: - //An error here indicates that the managed fields are malformed and the - //decoder doesn't understand the managed fields on the Secret, or the - //signed certificate data could not be decoded. There is nothing more the - //controller can do here, so we exit nil so this controller doesn't end in - //an infinite loop. + // An error here indicates that the managed fields are malformed and the + // decoder doesn't understand the managed fields on the Secret, or the + // signed certificate data could not be decoded. There is nothing more the + // controller can do here, so we exit nil so this controller doesn't end in + // an infinite loop. log.Error(errors.New(message), "failed to determine whether the SecretTemplate matches Secret") return nil default: diff --git a/pkg/controller/certificates/readiness/readiness_controller.go b/pkg/controller/certificates/readiness/readiness_controller.go index 3e0cd69838d..859b49acb11 100644 --- a/pkg/controller/certificates/readiness/readiness_controller.go +++ b/pkg/controller/certificates/readiness/readiness_controller.go @@ -176,7 +176,7 @@ func (c *controller) ProcessItem(ctx context.Context, key string) error { renewBeforeHint := crt.Spec.RenewBefore renewalTime := c.renewalTimeCalculator(x509cert.NotBefore, x509cert.NotAfter, renewBeforeHint) - //update Certificate's Status + // update Certificate's Status crt.Status.NotBefore = ¬Before crt.Status.NotAfter = ¬After crt.Status.RenewalTime = renewalTime diff --git a/pkg/controller/certificatesigningrequests/controller.go b/pkg/controller/certificatesigningrequests/controller.go index 7ece4ab363e..80b16cd2762 100644 --- a/pkg/controller/certificatesigningrequests/controller.go +++ b/pkg/controller/certificatesigningrequests/controller.go @@ -87,8 +87,8 @@ type Controller struct { // the signer kind to react to when a certificate signing request is synced signerType string - //registerExtraInformers is a list of functions that - //CertificateSigningRequest controllers can use to register custom informers. + // registerExtraInformers is a list of functions that + // CertificateSigningRequest controllers can use to register custom informers. registerExtraInformers []RegisterExtraInformerFn // used for testing diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare.go b/pkg/issuer/acme/dns/cloudflare/cloudflare.go index b444b32910f..91a005f314c 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare.go @@ -109,14 +109,14 @@ func FindNearestZoneForFQDN(c DNSProviderType, fqdn string) (DNSZone, error) { return DNSZone{}, fmt.Errorf("FindNearestZoneForFQDN: FQDN-Parameter can't be empty, please specify a domain!") } mappedFQDN := strings.Split(fqdn, ".") - nextName := util.UnFqdn(fqdn) //remove the trailing dot + nextName := util.UnFqdn(fqdn) // remove the trailing dot var lastErr error for i := 0; i < len(mappedFQDN)-1; i++ { var from, to = len(mappedFQDN[i]) + 1, len(nextName) if from > to { continue } - if mappedFQDN[i] == "*" { //skip wildcard sub-domain-entries + if mappedFQDN[i] == "*" { // skip wildcard sub-domain-entries nextName = string([]rune(nextName)[from:to]) continue } @@ -133,7 +133,7 @@ func FindNearestZoneForFQDN(c DNSProviderType, fqdn string) (DNSZone, error) { } if len(zones) > 0 { - return zones[0], nil //we're returning the first zone found, might need to test that further + return zones[0], nil // we're returning the first zone found, might need to test that further } nextName = string([]rune(nextName)[from:to]) } diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go b/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go index 5d2db2d3d61..5cbeaaaefc2 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go @@ -35,7 +35,7 @@ type DNSProviderMock struct { } func (c *DNSProviderMock) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) { - //stub makeRequest + // stub makeRequest args := c.Called(method, uri, nil) return args.Get(0).([]uint8), args.Error(1) } diff --git a/pkg/issuer/vault/setup_test.go b/pkg/issuer/vault/setup_test.go index d0f195bcb2c..3393a1a9880 100644 --- a/pkg/issuer/vault/setup_test.go +++ b/pkg/issuer/vault/setup_test.go @@ -45,8 +45,7 @@ import ( func TestVault_Setup(t *testing.T) { // Create a mock Vault HTTP server. vaultServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - switch { - case r.URL.Path == "/v1/auth/approle/login" || r.URL.Path == "/v1/auth/kubernetes/login": + if r.URL.Path == "/v1/auth/approle/login" || r.URL.Path == "/v1/auth/kubernetes/login" { w.WriteHeader(http.StatusOK) w.Write([]byte(`{"auth":{"client_token": "5b1a0318-679c-9c45-e5c6-d1b9a9035d49"}}`)) } diff --git a/pkg/util/cmapichecker/cmapichecker_test.go b/pkg/util/cmapichecker/cmapichecker_test.go index 9824253bd19..8908eb6d343 100644 --- a/pkg/util/cmapichecker/cmapichecker_test.go +++ b/pkg/util/cmapichecker/cmapichecker_test.go @@ -176,10 +176,8 @@ func runTest(t *testing.T, test testT) { } simpleError = TranslateToSimpleError(err) - } else { - if test.expectedVerboseError != "" { - t.Errorf("expected error did not occure:\n%s", test.expectedVerboseError) - } + } else if test.expectedVerboseError != "" { + t.Errorf("expected error did not occure:\n%s", test.expectedVerboseError) } if simpleError != nil { diff --git a/pkg/util/configfile/configfile.go b/pkg/util/configfile/configfile.go index e34b78a8968..9eac67707da 100644 --- a/pkg/util/configfile/configfile.go +++ b/pkg/util/configfile/configfile.go @@ -61,9 +61,7 @@ func NewConfigurationFSLoader(readFileFunc func(filename string) ([]byte, error) // Default the readfile function to use os.Readfile for convenience. if readFileFunc == nil { - f = func(filename string) ([]byte, error) { - return os.ReadFile(filename) - } + f = os.ReadFile } else { f = readFileFunc } diff --git a/pkg/util/pki/asn1_util.go b/pkg/util/pki/asn1_util.go index ebbe8fc02f8..acad660c9e9 100644 --- a/pkg/util/pki/asn1_util.go +++ b/pkg/util/pki/asn1_util.go @@ -144,13 +144,14 @@ func UnmarshalUniversalValue(rawValue asn1.RawValue) (UniversalValue, error) { var rest []byte var err error - if rawValue.Tag == asn1.TagIA5String { + switch { + case rawValue.Tag == asn1.TagIA5String: rest, err = asn1.UnmarshalWithParams(rawValue.FullBytes, &uv.IA5String, "ia5") - } else if rawValue.Tag == asn1.TagUTF8String { + case rawValue.Tag == asn1.TagUTF8String: rest, err = asn1.UnmarshalWithParams(rawValue.FullBytes, &uv.UTF8String, "utf8") - } else if rawValue.Tag == asn1.TagPrintableString { + case rawValue.Tag == asn1.TagPrintableString: rest, err = asn1.UnmarshalWithParams(rawValue.FullBytes, &uv.PrintableString, "printable") - } else { + default: uv.Bytes = rawValue.FullBytes } if err != nil { diff --git a/pkg/util/pki/match_test.go b/pkg/util/pki/match_test.go index 155c2641548..ea8e11bcf9a 100644 --- a/pkg/util/pki/match_test.go +++ b/pkg/util/pki/match_test.go @@ -212,10 +212,8 @@ func TestCertificateRequestOtherNamesMatchSpec(t *testing.T) { if err != nil { if test.err == "" { t.Errorf("Unexpected error: %s", err.Error()) - } else { - if test.err != err.Error() { - t.Errorf("Expected error: %s but got: %s instead", err.Error(), test.err) - } + } else if test.err != err.Error() { + t.Errorf("Expected error: %s but got: %s instead", err.Error(), test.err) } } @@ -298,10 +296,8 @@ func TestRequestMatchesSpecSubject(t *testing.T) { if err != nil { if test.err == "" { t.Errorf("Unexpected error: %s", err.Error()) - } else { - if test.err != err.Error() { - t.Errorf("Expected error: %s but got: %s instead", err.Error(), test.err) - } + } else if test.err != err.Error() { + t.Errorf("Expected error: %s but got: %s instead", err.Error(), test.err) } } diff --git a/pkg/util/pki/subject.go b/pkg/util/pki/subject.go index 6926054be63..77d6199def8 100644 --- a/pkg/util/pki/subject.go +++ b/pkg/util/pki/subject.go @@ -127,7 +127,7 @@ func ExtractCommonNameFromRDNSequence(rdns pkix.RDNSequence) string { return "" } -// DEPRECATED: this function will be removed in a future release. +// Deprecated: this function will be removed in a future release. func ParseSubjectStringToRawDERBytes(subject string) ([]byte, error) { rdnSequence, err := UnmarshalSubjectStringToRDNSequence(subject) if err != nil { diff --git a/test/e2e/bin/cloudflare-clean/main.go b/test/e2e/bin/cloudflare-clean/main.go index 4d1fe59cc49..a6a9eb2f025 100644 --- a/test/e2e/bin/cloudflare-clean/main.go +++ b/test/e2e/bin/cloudflare-clean/main.go @@ -19,6 +19,7 @@ package main import ( "context" "flag" + "fmt" "log" "time" @@ -42,27 +43,34 @@ func main() { flag.Parse() + if err := Main(ctx); err != nil { + log.Print(err) + util.SetExitCode(err) + } +} + +func Main(ctx context.Context) error { cl, err := cf.New(*apiKey, *email) if err != nil { - log.Fatalf("error creating cloudflare client: %v", err) + return fmt.Errorf("error creating cloudflare client: %v", err) } zones, err := cl.ListZones(ctx, *zoneName) if err != nil { - log.Fatalf("error listing zones: %v", err) + return fmt.Errorf("error listing zones: %v", err) } if len(zones) == 0 { - log.Fatalf("could not find zone with name %q", *zoneName) + return fmt.Errorf("could not find zone with name %q", *zoneName) } if len(zones) > 1 { - log.Fatalf("found multiple zones for name %q", *zoneName) + return fmt.Errorf("found multiple zones for name %q", *zoneName) } zone := zones[0] rrs, _, err := cl.ListDNSRecords(ctx, cf.ZoneIdentifier(zone.ID), cf.ListDNSRecordsParams{ Type: "TXT", }) if err != nil { - log.Fatalf("error listing TXT records in zone: %v", err) + return fmt.Errorf("error listing TXT records in zone: %v", err) } log.Printf("Evaluating %d records", len(rrs)) @@ -93,13 +101,15 @@ func main() { } if len(errs) > 0 { - log.Fatalf("Encountered %d errors whilst cleaning up zone", len(errs)) + return fmt.Errorf("encountered %d errors whilst cleaning up zone", len(errs)) } log.Print() log.Printf("Skipped: %d", skipped) log.Printf("Deleted: %d", deleted) log.Printf("Cleanup complete!") + + return nil } func shouldDelete(rr cf.DNSRecord) bool { diff --git a/test/e2e/framework/addon/chart/addon.go b/test/e2e/framework/addon/chart/addon.go index ef6f9616e6a..519c3342cad 100644 --- a/test/e2e/framework/addon/chart/addon.go +++ b/test/e2e/framework/addon/chart/addon.go @@ -235,7 +235,8 @@ func (c *Chart) Logs() (map[string]string, error) { if err != nil { return nil, err } - podList := append(oldLabelPods.Items, newLabelPods.Items...) + podList := append([]corev1.Pod(nil), oldLabelPods.Items...) + podList = append(podList, newLabelPods.Items...) out := make(map[string]string) for _, pod := range podList { diff --git a/test/e2e/framework/matcher/san_matchers.go b/test/e2e/framework/matcher/san_matchers.go index 76c8b2c7795..758923d6d3d 100644 --- a/test/e2e/framework/matcher/san_matchers.go +++ b/test/e2e/framework/matcher/san_matchers.go @@ -32,13 +32,13 @@ import ( . "github.com/onsi/gomega" ) -func HaveSameSANsAs(CertWithExpectedSAN string) types.GomegaMatcher { - return SANEquals(extractSANsFromCertificate(CertWithExpectedSAN)) +func HaveSameSANsAs(certWithExpectedSAN string) types.GomegaMatcher { + return SANEquals(extractSANsFromCertificate(certWithExpectedSAN)) } // HaveSans will check that the PEM of the certificates -func SANEquals(SANExtensionExpected interface{}) *SANMatcher { - extension, ok := SANExtensionExpected.(pkix.Extension) +func SANEquals(sanExtensionExpected interface{}) *SANMatcher { + extension, ok := sanExtensionExpected.(pkix.Extension) if !ok || !extension.Id.Equal(oidExtensionSubjectAltName) { Fail("Invalid use of the SANEquals matcher, please supply a valid SAN pkix.Extension") } diff --git a/test/e2e/suite/certificates/literalsubjectrdns.go b/test/e2e/suite/certificates/literalsubjectrdns.go index eb6b3f9cf1b..329e3e86395 100644 --- a/test/e2e/suite/certificates/literalsubjectrdns.go +++ b/test/e2e/suite/certificates/literalsubjectrdns.go @@ -24,7 +24,6 @@ import ( "encoding/pem" "time" - //. "github.com/onsi/gomega/gstruct" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "github.com/cert-manager/cert-manager/e2e-tests/framework" diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index d766da60cd1..e4c2290ba47 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -332,7 +332,6 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) - //type ValidationFunc func(certificate *cmapi.Certificate, secret *corev1.Secret) error valFunc := func(certificate *cmapi.Certificate, secret *corev1.Secret) error { certBytes, ok := secret.Data[corev1.TLSCertKey] if !ok { diff --git a/test/e2e/suite/conformance/certificatesigningrequests/tests.go b/test/e2e/suite/conformance/certificatesigningrequests/tests.go index 7cdb172daa0..f5230f1c635 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/tests.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/tests.go @@ -417,7 +417,8 @@ func (s *Suite) Define() { // Validate that the request was signed as expected. Add extra // validations which may be required for this test. By("Validating the issued CertificateSigningRequest...") - validations := append(test.extraValidations, validation.CertificateSigningRequestSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) + validations := append([]certificatesigningrequests.ValidationFunc(nil), test.extraValidations...) + validations = append(validations, validation.CertificateSigningRequestSetForUnsupportedFeatureSet(s.UnsupportedFeatures)...) err = f.Helper().ValidateCertificateSigningRequest(kubeCSR.Name, key, validations...) Expect(err).NotTo(HaveOccurred()) }, test.requiredFeatures...) diff --git a/test/e2e/suite/issuers/acme/certificate/webhook.go b/test/e2e/suite/issuers/acme/certificate/webhook.go index ba4e6e87143..9ff22ed30c6 100644 --- a/test/e2e/suite/issuers/acme/certificate/webhook.go +++ b/test/e2e/suite/issuers/acme/certificate/webhook.go @@ -39,7 +39,6 @@ import ( var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { f := framework.NewDefaultFramework("acme-dns01-sample-webhook") - //h := f.Helper() Context("with the sample webhook solver deployed", func() { issuerName := "test-acme-issuer" diff --git a/test/e2e/util/util.go b/test/e2e/util/util.go index 319794642ea..e3a7c127dc8 100644 --- a/test/e2e/util/util.go +++ b/test/e2e/util/util.go @@ -385,8 +385,8 @@ func NewGateway(gatewayName, ns, secretName string, annotations map[string]strin // HasIngresses lets you know if an API exists in the discovery API // calling this function always performs a request to the API server. -func HasIngresses(d discovery.DiscoveryInterface, GroupVersion string) bool { - resourceList, err := d.ServerResourcesForGroupVersion(GroupVersion) +func HasIngresses(d discovery.DiscoveryInterface, groupVersion string) bool { + resourceList, err := d.ServerResourcesForGroupVersion(groupVersion) if err != nil { return false } From d6404482e32dfe06373672674c16f21b2febc1f3 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 16:48:59 +0200 Subject: [PATCH 086/177] fix loggercheck linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - cmd/cainjector/app/controller.go | 2 +- pkg/controller/acmeorders/sync.go | 4 +++- pkg/issuer/acme/dns/azuredns/azuredns.go | 2 +- pkg/issuer/acme/dns/clouddns/clouddns.go | 2 +- 5 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index bd1c2930dfe..ee41d5b1465 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -10,7 +10,6 @@ issues: - tenv - exhaustive - nilerr - - loggercheck - forbidigo - interfacebloat - predeclared diff --git a/cmd/cainjector/app/controller.go b/cmd/cainjector/app/controller.go index 9842032ccd9..c2b891db2b4 100644 --- a/cmd/cainjector/app/controller.go +++ b/cmd/cainjector/app/controller.go @@ -173,7 +173,7 @@ func Run(opts *config.CAInjectorConfiguration, ctx context.Context) error { err = cainjector.RegisterAllInjectors(ctx, mgr, setupOptions) if err != nil { - log.Error(err, "failed to register controllers", err) + log.Error(err, "failed to register controllers") return err } diff --git a/pkg/controller/acmeorders/sync.go b/pkg/controller/acmeorders/sync.go index 2f323b88a43..46dd2f031fd 100644 --- a/pkg/controller/acmeorders/sync.go +++ b/pkg/controller/acmeorders/sync.go @@ -724,7 +724,9 @@ func getPreferredCertChain( if cert.Issuer.CommonName == preferredChain { // if the issuer's CN matched the preferred chain it means this bundle is // signed by the requested chain - log.V(logf.DebugLevel).WithValues("Issuer CN", cert.Issuer.CommonName).Info("Selecting preferred ACME bundle with a matching Common Name from %s", name) + log.V(logf.DebugLevel). + WithValues("Issuer CN", cert.Issuer.CommonName). + Info("Selecting preferred ACME bundle with a matching Common Name from chain", "chainName", name) return true, nil } diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index dce4caec62a..eecee07a8c0 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -145,7 +145,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { z, err := c.getHostedZoneName(fqdn) if err != nil { - c.log.Error(err, "Error getting hosted zone name for:", fqdn) + c.log.Error(err, "Error getting hosted zone name for fqdn", "fqdn", fqdn) return err } diff --git a/pkg/issuer/acme/dns/clouddns/clouddns.go b/pkg/issuer/acme/dns/clouddns/clouddns.go index b124c4e066a..9f5d24c04d5 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns.go @@ -265,7 +265,7 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) { } } - c.log.V(logf.DebugLevel).Info("No matching public GoogleCloud managed-zone for domain, falling back to a private managed-zone", authZone) + c.log.V(logf.DebugLevel).Info("No matching public GoogleCloud managed-zone for domain, falling back to a private managed-zone", "authZone", authZone) // fall back to first available zone, if none public return zones.ManagedZones[0].Name, nil } From b86af60308d9fda0850bb86641e9ced2575ffd87 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 16:54:13 +0200 Subject: [PATCH 087/177] fix usestdlibvars linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - internal/vault/vault.go | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.golangci.yaml b/.golangci.yaml index ee41d5b1465..fe33a98791c 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -13,7 +13,6 @@ issues: - forbidigo - interfacebloat - predeclared - - usestdlibvars - noctx - nilnil - nakedret diff --git a/internal/vault/vault.go b/internal/vault/vault.go index a4ab1aec1a9..e9a24307b46 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -569,6 +569,7 @@ func (v *Vault) IsVaultInitializedAndUnsealed() error { // 473 = if performance standby // 501 = if not initialized // 503 = if sealed + // nolint: usestdlibvars // We use the numeric error codes here that we got from the Vault docs. if err != nil { switch { case healthResp == nil: From 000e9ff4c977a8753db8d985754b3bc4b38dc17b Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 16:56:03 +0200 Subject: [PATCH 088/177] fix ineffassign linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - test/e2e/suite/certificaterequests/selfsigned/secret.go | 2 ++ test/e2e/suite/certificates/secrettemplate.go | 1 + .../suite/certificatesigningrequests/selfsigned/selfsigned.go | 2 ++ test/e2e/suite/issuers/acme/certificaterequest/http01.go | 2 +- 5 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index fe33a98791c..4a3fcfea2a9 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -18,7 +18,6 @@ issues: - nakedret - asasalint - goprintffuncname - - ineffassign - musttag - nosprintfhostport - exportloopref diff --git a/test/e2e/suite/certificaterequests/selfsigned/secret.go b/test/e2e/suite/certificaterequests/selfsigned/secret.go index da8bc818299..8e217c2f12d 100644 --- a/test/e2e/suite/certificaterequests/selfsigned/secret.go +++ b/test/e2e/suite/certificaterequests/selfsigned/secret.go @@ -119,6 +119,7 @@ var _ = framework.CertManagerDescribe("CertificateRequests SelfSigned Secret", f ObjectMeta: metav1.ObjectMeta{Name: "selfsigned-test", Namespace: f.Namespace.Name}, Data: map[string][]byte{}, }, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{GenerateName: "selfsigned-", Namespace: f.Namespace.Name}, @@ -221,6 +222,7 @@ var _ = framework.CertManagerDescribe("CertificateRequests SelfSigned Secret", f ObjectMeta: metav1.ObjectMeta{Name: "selfsigned-test", Namespace: f.Namespace.Name}, Data: map[string][]byte{}, }, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{GenerateName: "selfsigned-"}, diff --git a/test/e2e/suite/certificates/secrettemplate.go b/test/e2e/suite/certificates/secrettemplate.go index 38f495d57bc..79959a491e5 100644 --- a/test/e2e/suite/certificates/secrettemplate.go +++ b/test/e2e/suite/certificates/secrettemplate.go @@ -282,6 +282,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { WithAnnotations(secret.Annotations). WithLabels(secret.Labels), metav1.ApplyOptions{FieldManager: "e2e-test-client"}) + Expect(err).NotTo(HaveOccurred()) By("expect those Annotations and Labels to be present on the Secret") secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) diff --git a/test/e2e/suite/certificatesigningrequests/selfsigned/selfsigned.go b/test/e2e/suite/certificatesigningrequests/selfsigned/selfsigned.go index 3573679389d..1963f8726ff 100644 --- a/test/e2e/suite/certificatesigningrequests/selfsigned/selfsigned.go +++ b/test/e2e/suite/certificatesigningrequests/selfsigned/selfsigned.go @@ -133,6 +133,7 @@ var _ = framework.CertManagerDescribe("CertificateSigningRequests SelfSigned Sec ObjectMeta: metav1.ObjectMeta{Name: "selfsigned-test", Namespace: f.Namespace.Name}, Data: map[string][]byte{}, }, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{GenerateName: "selfsigned-", Namespace: f.Namespace.Name}, @@ -259,6 +260,7 @@ var _ = framework.CertManagerDescribe("CertificateSigningRequests SelfSigned Sec ObjectMeta: metav1.ObjectMeta{Name: "selfsigned-test", Namespace: "cert-manager"}, Data: map[string][]byte{}, }, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{GenerateName: "selfsigned-"}, diff --git a/test/e2e/suite/issuers/acme/certificaterequest/http01.go b/test/e2e/suite/issuers/acme/certificaterequest/http01.go index b5101f4aa61..eee7a17b04e 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/http01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/http01.go @@ -128,7 +128,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{acmeIngressDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - cr, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") From 24e47ff3643c5a0e4888578ced52a5214b35c570 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 17:32:49 +0200 Subject: [PATCH 089/177] fix predeclared linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - internal/apis/acme/validation/challenge.go | 8 +-- internal/apis/acme/validation/order.go | 56 ++++++++++---------- internal/apis/acme/validation/order_test.go | 20 +++---- internal/vault/vault_test.go | 20 +++---- pkg/controller/acmechallenges/update.go | 32 +++++------ pkg/controller/acmechallenges/update_test.go | 16 +++--- pkg/controller/certificate-shim/sync.go | 6 +-- pkg/controller/certificaterequests/sync.go | 14 ++--- pkg/controller/clusterissuers/sync.go | 8 +-- pkg/controller/issuers/sync.go | 8 +-- pkg/controller/util.go | 12 ++--- 12 files changed, 98 insertions(+), 103 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 4a3fcfea2a9..afb0eb5f1cb 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -12,7 +12,6 @@ issues: - nilerr - forbidigo - interfacebloat - - predeclared - noctx - nilnil - nakedret diff --git a/internal/apis/acme/validation/challenge.go b/internal/apis/acme/validation/challenge.go index 3707fb196d6..7d481859313 100644 --- a/internal/apis/acme/validation/challenge.go +++ b/internal/apis/acme/validation/challenge.go @@ -27,15 +27,15 @@ import ( ) func ValidateChallengeUpdate(a *admissionv1.AdmissionRequest, oldObj, newObj runtime.Object) (field.ErrorList, []string) { - old, ok := oldObj.(*cmacme.Challenge) - new := newObj.(*cmacme.Challenge) + oldChallenge, ok := oldObj.(*cmacme.Challenge) + newChallenge := newObj.(*cmacme.Challenge) // if oldObj is not set, the Update operation is always valid. - if !ok || old == nil { + if !ok || oldChallenge == nil { return nil, nil } el := field.ErrorList{} - if !reflect.DeepEqual(old.Spec, new.Spec) { + if !reflect.DeepEqual(oldChallenge.Spec, newChallenge.Spec) { el = append(el, field.Forbidden(field.NewPath("spec"), "challenge spec is immutable after creation")) } return el, nil diff --git a/internal/apis/acme/validation/order.go b/internal/apis/acme/validation/order.go index cb88e7ad248..37ceda41405 100644 --- a/internal/apis/acme/validation/order.go +++ b/internal/apis/acme/validation/order.go @@ -27,16 +27,16 @@ import ( ) func ValidateOrderUpdate(a *admissionv1.AdmissionRequest, oldObj, newObj runtime.Object) (field.ErrorList, []string) { - old, ok := oldObj.(*cmacme.Order) - new := newObj.(*cmacme.Order) + oldOrder, ok := oldObj.(*cmacme.Order) + newOrder := newObj.(*cmacme.Order) // if oldObj is not set, the Update operation is always valid. - if !ok || old == nil { + if !ok || oldOrder == nil { return nil, nil } el := field.ErrorList{} - el = append(el, ValidateOrderSpecUpdate(old.Spec, new.Spec, field.NewPath("spec"))...) - el = append(el, ValidateOrderStatusUpdate(old.Status, new.Status, field.NewPath("status"))...) + el = append(el, ValidateOrderSpecUpdate(oldOrder.Spec, newOrder.Spec, field.NewPath("spec"))...) + el = append(el, ValidateOrderStatusUpdate(oldOrder.Status, newOrder.Status, field.NewPath("status"))...) return el, nil } @@ -44,35 +44,35 @@ func ValidateOrder(a *admissionv1.AdmissionRequest, obj runtime.Object) (field.E return nil, nil } -func ValidateOrderSpecUpdate(old, new cmacme.OrderSpec, fldPath *field.Path) field.ErrorList { +func ValidateOrderSpecUpdate(oldOrder, newOrder cmacme.OrderSpec, fldPath *field.Path) field.ErrorList { el := field.ErrorList{} - if len(old.Request) > 0 && !bytes.Equal(old.Request, new.Request) { + if len(oldOrder.Request) > 0 && !bytes.Equal(oldOrder.Request, newOrder.Request) { el = append(el, field.Forbidden(fldPath.Child("request"), "field is immutable once set")) } return el } -func ValidateOrderStatusUpdate(old, new cmacme.OrderStatus, fldPath *field.Path) field.ErrorList { +func ValidateOrderStatusUpdate(oldStatus, newStatus cmacme.OrderStatus, fldPath *field.Path) field.ErrorList { el := field.ErrorList{} // once the order URL has been set, it cannot be changed - if old.URL != "" && old.URL != new.URL { + if oldStatus.URL != "" && oldStatus.URL != newStatus.URL { el = append(el, field.Forbidden(fldPath.Child("url"), "field is immutable once set")) } // once the FinalizeURL has been set, it cannot be changed - if old.FinalizeURL != "" && old.FinalizeURL != new.FinalizeURL { + if oldStatus.FinalizeURL != "" && oldStatus.FinalizeURL != newStatus.FinalizeURL { el = append(el, field.Forbidden(fldPath.Child("finalizeURL"), "field is immutable once set")) } // once the Certificate has been issued, it cannot be changed - if len(old.Certificate) > 0 && !bytes.Equal(old.Certificate, new.Certificate) { + if len(oldStatus.Certificate) > 0 && !bytes.Equal(oldStatus.Certificate, newStatus.Certificate) { el = append(el, field.Forbidden(fldPath.Child("certificate"), "field is immutable once set")) } - if len(old.Authorizations) > 0 { + if len(oldStatus.Authorizations) > 0 { fldPath := fldPath.Child("authorizations") // once at least one Authorization has been inserted, no more can be added // or deleted from the Order - if len(old.Authorizations) != len(new.Authorizations) { + if len(oldStatus.Authorizations) != len(newStatus.Authorizations) { el = append(el, field.Forbidden(fldPath, "field is immutable once set")) } @@ -80,43 +80,43 @@ func ValidateOrderStatusUpdate(old, new cmacme.OrderStatus, fldPath *field.Path) // the updates that the user requested on each Authorization. // fields on Authorization's cannot be changed after being set from // their zero value. - for i := range old.Authorizations { + for i := range oldStatus.Authorizations { fldPath := fldPath.Index(i) - old := old.Authorizations[i] - new := new.Authorizations[i] - if old.URL != "" && old.URL != new.URL { + oldAuthz := oldStatus.Authorizations[i] + newAuthz := newStatus.Authorizations[i] + if oldAuthz.URL != "" && oldAuthz.URL != newAuthz.URL { el = append(el, field.Forbidden(fldPath.Child("url"), "field is immutable once set")) } - if old.Identifier != "" && old.Identifier != new.Identifier { + if oldAuthz.Identifier != "" && oldAuthz.Identifier != newAuthz.Identifier { el = append(el, field.Forbidden(fldPath.Child("identifier"), "field is immutable once set")) } // don't allow the value of the Wildcard field to change unless the // old value is nil - if old.Wildcard != nil && (new.Wildcard == nil || *old.Wildcard != *new.Wildcard) { + if oldAuthz.Wildcard != nil && (newAuthz.Wildcard == nil || *oldAuthz.Wildcard != *newAuthz.Wildcard) { el = append(el, field.Forbidden(fldPath.Child("wildcard"), "field is immutable once set")) } - if old.InitialState != "" && (old.InitialState != new.InitialState) { + if oldAuthz.InitialState != "" && (oldAuthz.InitialState != newAuthz.InitialState) { el = append(el, field.Forbidden(fldPath.Child("initialState"), "field is immutable once set")) } - if len(old.Challenges) > 0 { + if len(oldAuthz.Challenges) > 0 { fldPath := fldPath.Child("challenges") - if len(old.Challenges) != len(new.Challenges) { + if len(oldAuthz.Challenges) != len(newAuthz.Challenges) { el = append(el, field.Forbidden(fldPath, "field is immutable once set")) } - for i := range old.Challenges { + for i := range oldAuthz.Challenges { fldPath := fldPath.Index(i) - old := old.Challenges[i] - new := new.Challenges[i] + oldChallenge := oldAuthz.Challenges[i] + newChallenge := newAuthz.Challenges[i] - if old.URL != "" && old.URL != new.URL { + if oldChallenge.URL != "" && oldChallenge.URL != newChallenge.URL { el = append(el, field.Forbidden(fldPath.Child("url"), "field is immutable once set")) } - if old.Type != "" && old.Type != new.Type { + if oldChallenge.Type != "" && oldChallenge.Type != newChallenge.Type { el = append(el, field.Forbidden(fldPath.Child("type"), "field is immutable once set")) } - if old.Token != "" && old.Token != new.Token { + if oldChallenge.Token != "" && oldChallenge.Token != newChallenge.Token { el = append(el, field.Forbidden(fldPath.Child("token"), "field is immutable once set")) } } diff --git a/internal/apis/acme/validation/order_test.go b/internal/apis/acme/validation/order_test.go index 4428e2c53f0..c817626df12 100644 --- a/internal/apis/acme/validation/order_test.go +++ b/internal/apis/acme/validation/order_test.go @@ -55,11 +55,11 @@ func testImmutableOrderField(t *testing.T, fldPath *field.Path, setter func(*cma field.Forbidden(fldPath, "field is immutable once set"), } var expectedWarnings []string - old := &cmacme.Order{} - new := &cmacme.Order{} - setter(old, testValueOptionOne) - setter(new, testValueOptionTwo) - errs, warnings := ValidateOrderUpdate(someAdmissionRequest, old, new) + oldOrder := &cmacme.Order{} + newOrder := &cmacme.Order{} + setter(oldOrder, testValueOptionOne) + setter(newOrder, testValueOptionTwo) + errs, warnings := ValidateOrderUpdate(someAdmissionRequest, oldOrder, newOrder) if len(errs) != len(expectedErrs) { t.Errorf("Expected errors %v but got %v", expectedErrs, errs) return @@ -77,11 +77,11 @@ func testImmutableOrderField(t *testing.T, fldPath *field.Path, setter func(*cma t.Run("should allow updates to "+fldPath.String()+" if not already set", func(t *testing.T) { expectedErrs := []*field.Error{} var expectedWarnings []string - old := &cmacme.Order{} - new := &cmacme.Order{} - setter(old, testValueNone) - setter(new, testValueOptionOne) - errs, warnings := ValidateOrderUpdate(someAdmissionRequest, old, new) + oldOrder := &cmacme.Order{} + newOrder := &cmacme.Order{} + setter(oldOrder, testValueNone) + setter(newOrder, testValueOptionOne) + errs, warnings := ValidateOrderUpdate(someAdmissionRequest, oldOrder, newOrder) if len(errs) != len(expectedErrs) { t.Errorf("Expected errors %v but got %v", expectedErrs, errs) return diff --git a/internal/vault/vault_test.go b/internal/vault/vault_test.go index 96ad6fe5252..95ee32de98c 100644 --- a/internal/vault/vault_test.go +++ b/internal/vault/vault_test.go @@ -1159,7 +1159,7 @@ func TestNewConfig(t *testing.T) { }), ), expectedErr: nil, - checkFunc: func(cfg *vault.Config, error error) error { + checkFunc: func(cfg *vault.Config, err error) error { testCA := x509.NewCertPool() testCA.AppendCertsFromPEM([]byte(testLeafCertificate)) clientCA := cfg.HttpClient.Transport.(*http.Transport).TLSClientConfig.RootCAs @@ -1185,9 +1185,9 @@ func TestNewConfig(t *testing.T) { }, }, )), - checkFunc: func(cfg *vault.Config, error error) error { - if error != nil { - return error + checkFunc: func(cfg *vault.Config, err error) error { + if err != nil { + return err } testCA := x509.NewCertPool() @@ -1214,9 +1214,9 @@ func TestNewConfig(t *testing.T) { }, }, )), - checkFunc: func(cfg *vault.Config, error error) error { - if error != nil { - return error + checkFunc: func(cfg *vault.Config, err error) error { + if err != nil { + return err } testCA := x509.NewCertPool() @@ -1291,9 +1291,9 @@ func TestNewConfig(t *testing.T) { }, }, )), - checkFunc: func(cfg *vault.Config, error error) error { - if error != nil { - return error + checkFunc: func(cfg *vault.Config, err error) error { + if err != nil { + return err } certificates := cfg.HttpClient.Transport.(*http.Transport).TLSClientConfig.Certificates diff --git a/pkg/controller/acmechallenges/update.go b/pkg/controller/acmechallenges/update.go index 505be0c309e..a6b274e5664 100644 --- a/pkg/controller/acmechallenges/update.go +++ b/pkg/controller/acmechallenges/update.go @@ -72,10 +72,10 @@ func newObjectUpdater(cl versioned.Interface, fieldManager string) objectUpdater // Only the Finalizers and Status fields may be modified. If there are any // modifications to new object, outside of the Finalizers and Status fields, // this function return an error. -func (o *defaultObjectUpdater) updateObject(ctx context.Context, old, new *cmacme.Challenge) error { +func (o *defaultObjectUpdater) updateObject(ctx context.Context, oldChallenge, newChallenge *cmacme.Challenge) error { if !apiequality.Semantic.DeepEqual( - gen.ChallengeFrom(old, gen.SetChallengeFinalizers(nil), gen.ResetChallengeStatus()), - gen.ChallengeFrom(new, gen.SetChallengeFinalizers(nil), gen.ResetChallengeStatus()), + gen.ChallengeFrom(oldChallenge, gen.SetChallengeFinalizers(nil), gen.ResetChallengeStatus()), + gen.ChallengeFrom(newChallenge, gen.SetChallengeFinalizers(nil), gen.ResetChallengeStatus()), ) { return fmt.Errorf( "%w: in updateObject: unexpected differences between old and new: only the finalizers and status fields may be modified", @@ -84,11 +84,11 @@ func (o *defaultObjectUpdater) updateObject(ctx context.Context, old, new *cmacm } var updateFunctions []func() (*cmacme.Challenge, error) - if !apiequality.Semantic.DeepEqual(old.Status, new.Status) { + if !apiequality.Semantic.DeepEqual(oldChallenge.Status, newChallenge.Status) { updateFunctions = append( updateFunctions, func() (*cmacme.Challenge, error) { - if obj, err := o.updateStatus(ctx, new); err != nil { + if obj, err := o.updateStatus(ctx, newChallenge); err != nil { return obj, fmt.Errorf("when updating the status: %w", err) } else { return obj, nil @@ -96,11 +96,11 @@ func (o *defaultObjectUpdater) updateObject(ctx context.Context, old, new *cmacm }, ) } - if !apiequality.Semantic.DeepEqual(old.Finalizers, new.Finalizers) { + if !apiequality.Semantic.DeepEqual(oldChallenge.Finalizers, newChallenge.Finalizers) { updateFunctions = append( updateFunctions, func() (*cmacme.Challenge, error) { - if obj, err := o.update(ctx, new); err != nil { + if obj, err := o.update(ctx, newChallenge); err != nil { return obj, fmt.Errorf("when updating the finalizers: %w", err) } else { return obj, nil @@ -116,7 +116,7 @@ func (o *defaultObjectUpdater) updateObject(ctx context.Context, old, new *cmacm return nil } } else { - new = o + newChallenge = o } } return utilerrors.NewAggregate(errors) @@ -126,12 +126,12 @@ type objectUpdateClientDefault struct { cl versioned.Interface } -func (o *objectUpdateClientDefault) update(ctx context.Context, new *cmacme.Challenge) (*cmacme.Challenge, error) { - return o.cl.AcmeV1().Challenges(new.Namespace).Update(ctx, new, metav1.UpdateOptions{}) +func (o *objectUpdateClientDefault) update(ctx context.Context, challenge *cmacme.Challenge) (*cmacme.Challenge, error) { + return o.cl.AcmeV1().Challenges(challenge.Namespace).Update(ctx, challenge, metav1.UpdateOptions{}) } -func (o *objectUpdateClientDefault) updateStatus(ctx context.Context, new *cmacme.Challenge) (*cmacme.Challenge, error) { - return o.cl.AcmeV1().Challenges(new.Namespace).UpdateStatus(ctx, new, metav1.UpdateOptions{}) +func (o *objectUpdateClientDefault) updateStatus(ctx context.Context, challenge *cmacme.Challenge) (*cmacme.Challenge, error) { + return o.cl.AcmeV1().Challenges(challenge.Namespace).UpdateStatus(ctx, challenge, metav1.UpdateOptions{}) } type objectUpdateClientSSA struct { @@ -139,10 +139,10 @@ type objectUpdateClientSSA struct { fieldManager string } -func (o *objectUpdateClientSSA) update(ctx context.Context, new *cmacme.Challenge) (*cmacme.Challenge, error) { - return internalchallenges.Apply(ctx, o.cl, o.fieldManager, new) +func (o *objectUpdateClientSSA) update(ctx context.Context, challenge *cmacme.Challenge) (*cmacme.Challenge, error) { + return internalchallenges.Apply(ctx, o.cl, o.fieldManager, challenge) } -func (o *objectUpdateClientSSA) updateStatus(ctx context.Context, new *cmacme.Challenge) (*cmacme.Challenge, error) { - return internalchallenges.ApplyStatus(ctx, o.cl, o.fieldManager, new) +func (o *objectUpdateClientSSA) updateStatus(ctx context.Context, challenge *cmacme.Challenge) (*cmacme.Challenge, error) { + return internalchallenges.ApplyStatus(ctx, o.cl, o.fieldManager, challenge) } diff --git a/pkg/controller/acmechallenges/update_test.go b/pkg/controller/acmechallenges/update_test.go index a41f640c27a..ae3149566b8 100644 --- a/pkg/controller/acmechallenges/update_test.go +++ b/pkg/controller/acmechallenges/update_test.go @@ -129,9 +129,9 @@ func runUpdateObjectTests(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { ctx := context.TODO() - old := gen.Challenge("c1") - new := gen.ChallengeFrom(old, tt.mods...) - objects := []runtime.Object{old} + oldChallenge := gen.Challenge("c1") + newChallenge := gen.ChallengeFrom(oldChallenge, tt.mods...) + objects := []runtime.Object{oldChallenge} if tt.notFound { t.Log("Simulating a situation where the target object has been deleted") objects = nil @@ -151,7 +151,7 @@ func runUpdateObjectTests(t *testing.T) { } updater := newObjectUpdater(cl, "test-fieldmanager") t.Log("Calling updateObject") - updateObjectErr := updater.updateObject(ctx, old, new) + updateObjectErr := updater.updateObject(ctx, oldChallenge, newChallenge) if tt.errorMessage == "" { assert.NoError(t, updateObjectErr) } else { @@ -164,16 +164,16 @@ func runUpdateObjectTests(t *testing.T) { if !tt.notFound { t.Log("Checking whether the object was updated") - actual, err := cl.AcmeV1().Challenges(old.Namespace).Get(ctx, old.Name, metav1.GetOptions{}) + actual, err := cl.AcmeV1().Challenges(oldChallenge.Namespace).Get(ctx, oldChallenge.Name, metav1.GetOptions{}) require.NoError(t, err) if updateObjectErr == nil { - assert.Equal(t, new, actual, "updateObject did not return an error so the object in the API should have been updated") + assert.Equal(t, newChallenge, actual, "updateObject did not return an error so the object in the API should have been updated") } else { if !errors.Is(updateObjectErr, simulatedUpdateError) { - assert.Equal(t, new.Finalizers, actual.Finalizers, "The Update did not fail so the Finalizers of the API object should have been updated") + assert.Equal(t, newChallenge.Finalizers, actual.Finalizers, "The Update did not fail so the Finalizers of the API object should have been updated") } if !errors.Is(updateObjectErr, simulatedUpdateStatusError) { - assert.Equal(t, new.Status, actual.Status, "The UpdateStatus did not fail so the Status of the API object should have been updated") + assert.Equal(t, newChallenge.Status, actual.Status, "The UpdateStatus did not fail so the Status of the API object should have been updated") } } } diff --git a/pkg/controller/certificate-shim/sync.go b/pkg/controller/certificate-shim/sync.go index 80828e456e6..d3a1a49893d 100644 --- a/pkg/controller/certificate-shim/sync.go +++ b/pkg/controller/certificate-shim/sync.go @@ -297,11 +297,7 @@ func buildCertificates( cmLister cmlisters.CertificateLister, ingLike metav1.Object, issuerName, issuerKind, issuerGroup string, -) (new, update []*cmapi.Certificate, _ error) { - - var newCrts []*cmapi.Certificate - var updateCrts []*cmapi.Certificate - +) (newCrts, updateCrts []*cmapi.Certificate, _ error) { tlsHosts := make(map[corev1.ObjectReference][]string) switch ingLike := ingLike.(type) { case *networkingv1.Ingress: diff --git a/pkg/controller/certificaterequests/sync.go b/pkg/controller/certificaterequests/sync.go index 1c806f99bf9..03a8e83577e 100644 --- a/pkg/controller/certificaterequests/sync.go +++ b/pkg/controller/certificaterequests/sync.go @@ -168,21 +168,21 @@ func (c *Controller) Sync(ctx context.Context, cr *cmapi.CertificateRequest) (er return nil } -func (c *Controller) updateCertificateRequestStatusAndAnnotations(ctx context.Context, old, new *cmapi.CertificateRequest) error { +func (c *Controller) updateCertificateRequestStatusAndAnnotations(ctx context.Context, oldCR, newCR *cmapi.CertificateRequest) error { log := logf.FromContext(ctx, "updateStatus") // if annotations changed we have to call .Update() and not .UpdateStatus() - if !reflect.DeepEqual(old.Annotations, new.Annotations) { - log.V(logf.DebugLevel).Info("updating resource due to change in annotations", "diff", pretty.Diff(old.Annotations, new.Annotations)) - return c.updateOrApply(ctx, new) + if !reflect.DeepEqual(oldCR.Annotations, newCR.Annotations) { + log.V(logf.DebugLevel).Info("updating resource due to change in annotations", "diff", pretty.Diff(oldCR.Annotations, newCR.Annotations)) + return c.updateOrApply(ctx, newCR) } - if apiequality.Semantic.DeepEqual(old.Status, new.Status) { + if apiequality.Semantic.DeepEqual(oldCR.Status, newCR.Status) { return nil } - log.V(logf.DebugLevel).Info("updating resource due to change in status", "diff", pretty.Diff(old.Status, new.Status)) - return c.updateStatusOrApply(ctx, new) + log.V(logf.DebugLevel).Info("updating resource due to change in status", "diff", pretty.Diff(oldCR.Status, newCR.Status)) + return c.updateStatusOrApply(ctx, newCR) } func (c *Controller) updateOrApply(ctx context.Context, cr *cmapi.CertificateRequest) error { diff --git a/pkg/controller/clusterissuers/sync.go b/pkg/controller/clusterissuers/sync.go index 9b09c9e40e5..260a5c90c95 100644 --- a/pkg/controller/clusterissuers/sync.go +++ b/pkg/controller/clusterissuers/sync.go @@ -67,14 +67,14 @@ func (c *controller) Sync(ctx context.Context, iss *cmapi.ClusterIssuer) (err er return nil } -func (c *controller) updateIssuerStatus(ctx context.Context, old, new *cmapi.ClusterIssuer) error { - if apiequality.Semantic.DeepEqual(old.Status, new.Status) { +func (c *controller) updateIssuerStatus(ctx context.Context, oldIssuer, newIssuer *cmapi.ClusterIssuer) error { + if apiequality.Semantic.DeepEqual(oldIssuer.Status, newIssuer.Status) { return nil } if utilfeature.DefaultFeatureGate.Enabled(feature.ServerSideApply) { - return internalissuers.ApplyClusterIssuerStatus(ctx, c.cmClient, c.fieldManager, new) + return internalissuers.ApplyClusterIssuerStatus(ctx, c.cmClient, c.fieldManager, newIssuer) } else { - _, err := c.cmClient.CertmanagerV1().ClusterIssuers().UpdateStatus(ctx, new, metav1.UpdateOptions{}) + _, err := c.cmClient.CertmanagerV1().ClusterIssuers().UpdateStatus(ctx, newIssuer, metav1.UpdateOptions{}) return err } } diff --git a/pkg/controller/issuers/sync.go b/pkg/controller/issuers/sync.go index 32f3a53283d..cd4306452d4 100644 --- a/pkg/controller/issuers/sync.go +++ b/pkg/controller/issuers/sync.go @@ -67,15 +67,15 @@ func (c *controller) Sync(ctx context.Context, iss *cmapi.Issuer) (err error) { return nil } -func (c *controller) updateIssuerStatus(ctx context.Context, old, new *cmapi.Issuer) error { - if apiequality.Semantic.DeepEqual(old.Status, new.Status) { +func (c *controller) updateIssuerStatus(ctx context.Context, oldIssuer, newIssuer *cmapi.Issuer) error { + if apiequality.Semantic.DeepEqual(oldIssuer.Status, newIssuer.Status) { return nil } if utilfeature.DefaultFeatureGate.Enabled(feature.ServerSideApply) { - return internalissuers.ApplyIssuerStatus(ctx, c.cmClient, c.fieldManager, new) + return internalissuers.ApplyIssuerStatus(ctx, c.cmClient, c.fieldManager, newIssuer) } else { - _, err := c.cmClient.CertmanagerV1().Issuers(new.Namespace).UpdateStatus(ctx, new, metav1.UpdateOptions{}) + _, err := c.cmClient.CertmanagerV1().Issuers(newIssuer.Namespace).UpdateStatus(ctx, newIssuer, metav1.UpdateOptions{}) return err } } diff --git a/pkg/controller/util.go b/pkg/controller/util.go index c510f77e1a1..d0dd6c66b27 100644 --- a/pkg/controller/util.go +++ b/pkg/controller/util.go @@ -120,11 +120,11 @@ func (q *QueuingEventHandler) OnAdd(obj interface{}, isInInitialList bool) { } // OnUpdate adds an updated object to the workqueue. -func (q *QueuingEventHandler) OnUpdate(old, new interface{}) { - if reflect.DeepEqual(old, new) { +func (q *QueuingEventHandler) OnUpdate(oldObj, newObj interface{}) { + if reflect.DeepEqual(oldObj, newObj) { return } - q.Enqueue(new) + q.Enqueue(newObj) } // OnDelete adds a deleted object to the workqueue for processing. @@ -154,11 +154,11 @@ func (b *BlockingEventHandler) OnAdd(obj interface{}, isInInitialList bool) { } // OnUpdate synchronously adds an updated object to the workqueue. -func (b *BlockingEventHandler) OnUpdate(old, new interface{}) { - if reflect.DeepEqual(old, new) { +func (b *BlockingEventHandler) OnUpdate(oldObj, newObj interface{}) { + if reflect.DeepEqual(oldObj, newObj) { return } - b.WorkFunc(new) + b.WorkFunc(newObj) } // OnDelete synchronously adds a deleted object to the workqueue. From ae2c59805d15e8d0b2d7315df1ace0efa7d640f2 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 17:43:56 +0200 Subject: [PATCH 090/177] fix goprintffuncname linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - test/e2e/framework/log/log.go | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index afb0eb5f1cb..e1fe682f0da 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -16,7 +16,6 @@ issues: - nilnil - nakedret - asasalint - - goprintffuncname - musttag - nosprintfhostport - exportloopref diff --git a/test/e2e/framework/log/log.go b/test/e2e/framework/log/log.go index e570b88adf2..44f20e09994 100644 --- a/test/e2e/framework/log/log.go +++ b/test/e2e/framework/log/log.go @@ -31,12 +31,12 @@ func nowStamp() string { return time.Now().Format(time.StampMilli) } -func log(level string, format string, args ...interface{}) { +func logf(level string, format string, args ...interface{}) { fmt.Fprintf(Writer, nowStamp()+": "+level+": "+format+"\n", args...) } func Logf(format string, args ...interface{}) { - log("INFO", format, args...) + logf("INFO", format, args...) } // LogBackoff gives you a logger with an exponential backoff. If the From 03067316359de003820e1bd1f5f80257e2f31bd9 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 17:45:07 +0200 Subject: [PATCH 091/177] fix asasalint linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/controller/test/recorder.go | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index e1fe682f0da..a0c46c61491 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -15,7 +15,6 @@ issues: - noctx - nilnil - nakedret - - asasalint - musttag - nosprintfhostport - exportloopref diff --git a/pkg/controller/test/recorder.go b/pkg/controller/test/recorder.go index 195e7cae69a..a7003dc09f1 100644 --- a/pkg/controller/test/recorder.go +++ b/pkg/controller/test/recorder.go @@ -42,5 +42,5 @@ func (f *FakeRecorder) PastEventf(object runtime.Object, timestamp metav1.Time, } func (f *FakeRecorder) AnnotatedEventf(object runtime.Object, annotations map[string]string, eventtype, reason, messageFmt string, args ...interface{}) { - f.Eventf(object, eventtype, reason, messageFmt, args) + f.Eventf(object, eventtype, reason, messageFmt, args...) } From 16a344eed1ad57107c0c7767ddd143123986beca Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 17:47:53 +0200 Subject: [PATCH 092/177] fix nosprintfhostport linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - test/e2e/framework/addon/vault/vault.go | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index a0c46c61491..efcee732ef1 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -16,7 +16,6 @@ issues: - nilnil - nakedret - musttag - - nosprintfhostport - exportloopref - gomoddirectives text: ".*" diff --git a/test/e2e/framework/addon/vault/vault.go b/test/e2e/framework/addon/vault/vault.go index 956fa94d3eb..6a6f37d1269 100644 --- a/test/e2e/framework/addon/vault/vault.go +++ b/test/e2e/framework/addon/vault/vault.go @@ -311,8 +311,8 @@ func (v *Vault) Setup(cfg *config.Config, leaderData ...internal.AddonTransferab vaultCA, ) - v.details.URL = fmt.Sprintf("https://%s:8200", dnsName) - v.details.ProxyURL = fmt.Sprintf("https://127.0.0.1:%d", v.proxy.listenPort) + v.details.URL = fmt.Sprintf("https://%s", net.JoinHostPort(dnsName, "8200")) + v.details.ProxyURL = fmt.Sprintf("https://%s", net.JoinHostPort("127.0.0.1", strconv.Itoa(v.proxy.listenPort))) } return v.details, nil From 8ea7cbc36245cf35ad3ffa6a6b7070872059a63a Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 19:12:03 +0200 Subject: [PATCH 093/177] fix forbidigo linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - hack/extractcrd/main.go | 8 +++++--- hack/prune-junit-xml/prunexml.go | 15 +++++++++------ hack/prune-junit-xml/prunexml_test.go | 5 ++++- make/config/samplewebhook/sample/main.go | 2 +- pkg/util/pki/nameconstraints_test.go | 2 +- test/e2e/framework/addon/vault/proxy.go | 10 ++-------- test/e2e/framework/addon/vault/vault.go | 1 - test/integration/webhook/dynamic_source_test.go | 4 +++- 9 files changed, 25 insertions(+), 23 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index efcee732ef1..d2e1d06ce9a 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -10,7 +10,6 @@ issues: - tenv - exhaustive - nilerr - - forbidigo - interfacebloat - noctx - nilnil diff --git a/hack/extractcrd/main.go b/hack/extractcrd/main.go index f1c1a1d2d24..cec68498deb 100644 --- a/hack/extractcrd/main.go +++ b/hack/extractcrd/main.go @@ -61,6 +61,8 @@ func main() { os.Exit(1) } + outWriter := os.Stdout + docs := docSeparatorRegexp.Split(string(rawYAMLBytes), -1) decoder := crdDecoder() @@ -85,15 +87,15 @@ func main() { if wantedCRDName == nil { if foundAny { - fmt.Println("---") + fmt.Fprintln(outWriter, "---") } - fmt.Println(doc) + fmt.Fprintln(outWriter, doc) foundAny = true continue } else { crdName := strings.ToLower(crd.Spec.Names.Plural) if crdName == *wantedCRDName { - fmt.Println(doc) + fmt.Fprintln(outWriter, doc) return } } diff --git a/hack/prune-junit-xml/prunexml.go b/hack/prune-junit-xml/prunexml.go index a9d0b910813..20b7ee71f73 100644 --- a/hack/prune-junit-xml/prunexml.go +++ b/hack/prune-junit-xml/prunexml.go @@ -37,6 +37,7 @@ import ( "flag" "fmt" "io" + "log" "os" "regexp" "strconv" @@ -92,12 +93,14 @@ type JUnitFailure struct { var fuzzNameRegex = regexp.MustCompile(`^(.*)\/fuzz_\d+$`) func main() { + logger := log.New(os.Stderr, "", 0) + maxTextSize := flag.Int("max-text-size", 1, "maximum size of attribute or text (in MB)") flag.Parse() if flag.NArg() > 0 { for _, path := range flag.Args() { - fmt.Printf("processing junit xml file : %s\n", path) + logger.Printf("processing junit xml file : %s\n", path) xmlReader, err := os.Open(path) if err != nil { panic(err) @@ -108,7 +111,7 @@ func main() { panic(err) } - pruneXML(suites, *maxTextSize*1e6) // convert MB into bytes (roughly!) + pruneXML(logger, suites, *maxTextSize*1e6) // convert MB into bytes (roughly!) xmlWriter, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0666) if err != nil { @@ -119,12 +122,12 @@ func main() { if err != nil { panic(err) } - fmt.Println("done.") + logger.Println("done.") } } } -func pruneXML(suites *JUnitTestSuites, maxBytes int) { +func pruneXML(logger *log.Logger, suites *JUnitTestSuites, maxBytes int) { // filter empty testSuites filteredSuites := []JUnitTestSuite{} for _, suite := range suites.Suites { @@ -182,14 +185,14 @@ func pruneXML(suites *JUnitTestSuites, maxBytes int) { for _, testcase := range suite.TestCases { if testcase.SkipMessage != nil { if len(testcase.SkipMessage.Message) > maxBytes { - fmt.Printf("clipping skip message in test case : %s\n", testcase.Name) + logger.Printf("clipping skip message in test case : %s\n", testcase.Name) testcase.SkipMessage.Message = "[... clipped...]" + testcase.SkipMessage.Message[len(testcase.SkipMessage.Message)-maxBytes:] } } if testcase.Failure != nil { if len(testcase.Failure.Contents) > maxBytes { - fmt.Printf("clipping failure message in test case : %s\n", testcase.Name) + logger.Printf("clipping failure message in test case : %s\n", testcase.Name) testcase.Failure.Contents = "[... clipped...]" + testcase.Failure.Contents[len(testcase.Failure.Contents)-maxBytes:] } diff --git a/hack/prune-junit-xml/prunexml_test.go b/hack/prune-junit-xml/prunexml_test.go index ac6fc3df0c9..51870aece49 100644 --- a/hack/prune-junit-xml/prunexml_test.go +++ b/hack/prune-junit-xml/prunexml_test.go @@ -24,6 +24,8 @@ package main import ( "bufio" "bytes" + "log" + "os" "strings" "testing" @@ -92,8 +94,9 @@ func TestPruneXML(t *testing.T) { ` + logger := log.New(os.Stderr, "", 0) suites, _ := fetchXML(strings.NewReader(sourceXML)) - pruneXML(suites, 32) + pruneXML(logger, suites, 32) var output bytes.Buffer writer := bufio.NewWriter(&output) _ = streamXML(writer, suites) diff --git a/make/config/samplewebhook/sample/main.go b/make/config/samplewebhook/sample/main.go index 1ccd59f96c4..3838c6f8a8f 100644 --- a/make/config/samplewebhook/sample/main.go +++ b/make/config/samplewebhook/sample/main.go @@ -105,7 +105,7 @@ func (c *customDNSProviderSolver) Present(ch *v1alpha1.ChallengeRequest) error { } // TODO: do something more useful with the decoded configuration - fmt.Printf("Decoded configuration %v", cfg) + fmt.Fprintf(os.Stdout, "Decoded configuration %v", cfg) // TODO: add code that sets a record in the DNS provider's console return nil diff --git a/pkg/util/pki/nameconstraints_test.go b/pkg/util/pki/nameconstraints_test.go index 309a5ec46b1..c0bf8667426 100644 --- a/pkg/util/pki/nameconstraints_test.go +++ b/pkg/util/pki/nameconstraints_test.go @@ -198,8 +198,8 @@ func getExtensionFromPem(pemData string) (pkix.Extension, error) { if pemData == "" { return pkix.Extension{}, nil } + pemData = strings.TrimSpace(pemData) - fmt.Println(pemData) csrPEM := []byte(pemData) block, _ := pem.Decode(csrPEM) diff --git a/test/e2e/framework/addon/vault/proxy.go b/test/e2e/framework/addon/vault/proxy.go index a72f3819fb6..050bb4b453d 100644 --- a/test/e2e/framework/addon/vault/proxy.go +++ b/test/e2e/framework/addon/vault/proxy.go @@ -17,13 +17,13 @@ limitations under the License. package vault import ( - "bytes" "fmt" "io" "net" "net/http" "sync" + "github.com/onsi/ginkgo/v2" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/portforward" @@ -37,8 +37,6 @@ type proxy struct { podNamespace, podName string - logs bytes.Buffer - stopCh chan struct{} mu sync.Mutex doneCh chan error @@ -48,7 +46,6 @@ func newProxy( clientset kubernetes.Interface, kubeConfig *rest.Config, podNamespace, podName string, - vaultCA []byte, ) *proxy { freePort, err := freePort() if err != nil { @@ -130,7 +127,7 @@ func (p *proxy) start() error { doneCh <- err return default: - fmt.Printf("error while forwarding port: %v\n", err) + fmt.Fprintf(ginkgo.GinkgoWriter, "error while forwarding port: %v\n", err) } } }() @@ -139,9 +136,6 @@ func (p *proxy) start() error { } func (p *proxy) stop() error { - defer func() { - fmt.Printf("proxy logs: %s\n", p.logs.String()) - }() close(p.stopCh) p.mu.Lock() diff --git a/test/e2e/framework/addon/vault/vault.go b/test/e2e/framework/addon/vault/vault.go index 6a6f37d1269..be07e5ccd75 100644 --- a/test/e2e/framework/addon/vault/vault.go +++ b/test/e2e/framework/addon/vault/vault.go @@ -308,7 +308,6 @@ func (v *Vault) Setup(cfg *config.Config, leaderData ...internal.AddonTransferab v.Base.Details().KubeConfig, v.Namespace, fmt.Sprintf("%s-0", v.chart.ReleaseName), - vaultCA, ) v.details.URL = fmt.Sprintf("https://%s", net.JoinHostPort(dnsName, "8200")) diff --git a/test/integration/webhook/dynamic_source_test.go b/test/integration/webhook/dynamic_source_test.go index e5b08e82321..5788b803061 100644 --- a/test/integration/webhook/dynamic_source_test.go +++ b/test/integration/webhook/dynamic_source_test.go @@ -253,6 +253,7 @@ func TestDynamicSource_leaderelection(t *testing.T) { if err := mgr.Add(&tls.DynamicSource{ DNSNames: []string{"example.com"}, Authority: &testAuthority{ + t: t, id: fmt.Sprintf("manager-%d", i), started: &started, }, @@ -280,6 +281,7 @@ func TestDynamicSource_leaderelection(t *testing.T) { } type testAuthority struct { + t *testing.T id string started *int64 } @@ -289,7 +291,7 @@ func (m *testAuthority) Run(ctx context.Context) error { return nil // context was cancelled, we are shutting down } - fmt.Println("Starting authority with id", m.id) + m.t.Log("Starting authority with id", m.id) atomic.AddInt64(m.started, 1) <-ctx.Done() return nil From dd4f5f4e39740c97787843f3efb5aca8b53d9828 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 19:51:17 +0200 Subject: [PATCH 094/177] fix unparam linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - .../certificates/policies/gatherer_test.go | 66 +++---- .../acmechallenges/scheduler/scheduler.go | 26 +-- .../scheduler/scheduler_test.go | 9 +- pkg/controller/acmeorders/sync.go | 8 +- pkg/controller/certificate-shim/sync_test.go | 184 +++++++++--------- .../certificaterequests/vault/vault_test.go | 5 +- .../certificaterequests/venafi/venafi.go | 5 +- .../certificaterequests/venafi/venafi_test.go | 16 +- .../issuing/internal/keystore_test.go | 32 ++- .../certificates/issuing/internal/secret.go | 4 +- .../issuing/internal/secret_test.go | 2 +- .../certificates/metrics/controller.go | 6 +- .../requestmanager_controller_test.go | 14 +- .../venafi/venafi.go | 15 +- .../venafi/venafi_test.go | 16 +- pkg/issuer/acme/dns/dns_test.go | 54 ++--- pkg/issuer/acme/dns/route53/route53.go | 9 +- pkg/issuer/acme/dns/route53/route53_test.go | 7 +- pkg/issuer/venafi/client/fake/venafi.go | 14 +- pkg/issuer/venafi/client/request.go | 10 +- pkg/issuer/venafi/client/request_test.go | 8 +- pkg/issuer/venafi/client/venaficlient.go | 4 +- pkg/metrics/certificates.go | 20 +- pkg/metrics/certificates_test.go | 9 +- pkg/util/pki/certificatetemplate_test.go | 2 +- pkg/util/pki/csr_test.go | 2 +- pkg/util/pki/kube_test.go | 2 +- pkg/util/pki/match.go | 4 +- pkg/util/util_test.go | 6 +- test/e2e/framework/addon/vault/vault.go | 18 +- .../certificaterequests/approval/approval.go | 48 +++-- .../certificates/vault/vault_approle.go | 12 +- .../vault/approle.go | 12 +- .../vault/kubernetes.go | 6 +- .../certificates/trigger_controller_test.go | 8 +- 36 files changed, 312 insertions(+), 352 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index d2e1d06ce9a..6c784289521 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -4,7 +4,6 @@ issues: - dogsled - errcheck - contextcheck - - unparam - promlinter - errname - tenv diff --git a/internal/controller/certificates/policies/gatherer_test.go b/internal/controller/certificates/policies/gatherer_test.go index e02c5bb72aa..021db02f06e 100644 --- a/internal/controller/certificates/policies/gatherer_test.go +++ b/internal/controller/certificates/policies/gatherer_test.go @@ -38,6 +38,13 @@ import ( ) func TestDataForCertificate(t *testing.T) { + cr := func(crName, ownerCertUID string, annot map[string]string) *cmapi.CertificateRequest { + return gen.CertificateRequest(crName, gen.SetCertificateRequestNamespace("ns-1"), + gen.AddCertificateRequestOwnerReferences(gen.CertificateRef("some-cert-name-that-does-not-matter", ownerCertUID)), + gen.AddCertificateRequestAnnotations(annot), + ) + } + tests := map[string]struct { builder *testpkg.Builder givenCert *cmapi.Certificate @@ -68,8 +75,8 @@ func TestDataForCertificate(t *testing.T) { gen.SetCertificateRevision(1), ), builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{ - cr("cr-unknown-rev1", "ns-1", "unknown-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), - cr("cr-unknown-rev2", "ns-1", "unknown-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), + cr("cr-unknown-rev1", "unknown-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + cr("cr-unknown-rev2", "unknown-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), }}, wantCurCR: nil, wantNextCR: nil, @@ -79,17 +86,17 @@ func TestDataForCertificate(t *testing.T) { gen.SetCertificateUID("cert-1-uid"), ), builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{ - cr("cr-1-rev1", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), - cr("cr-1-rev2", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), + cr("cr-1-rev1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + cr("cr-1-rev2", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), // Edge cases. - cr("cr-1-norev", "ns-1", "cert-1-uid", nil), - cr("cr-1-empty", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": ""}), - cr("cr-unrelated-rev1", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), - cr("cr-unrelated-rev2", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), + cr("cr-1-norev", "cert-1-uid", nil), + cr("cr-1-empty", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": ""}), + cr("cr-unrelated-rev1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + cr("cr-unrelated-rev2", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), }}, wantCurCR: nil, - wantNextCR: cr("cr-1-rev1", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + wantNextCR: cr("cr-1-rev1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), }, "when cert revision=1, should return the current CR with revision=1 and the next CR with revision=2": { givenCert: gen.Certificate("cert-1", gen.SetCertificateNamespace("ns-1"), @@ -97,20 +104,20 @@ func TestDataForCertificate(t *testing.T) { gen.SetCertificateRevision(1), ), builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{ - cr("cr-1-rev1", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), - cr("cr-1-rev2", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), - cr("cr-1-rev3", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "3"}), + cr("cr-1-rev1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + cr("cr-1-rev2", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), + cr("cr-1-rev3", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "3"}), // Edge cases. - cr("cr-1-no-revision", "ns-1", "cert-1-uid", nil), - cr("cr-1-empty", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": ""}), - cr("cr-2-rev1", "ns-1", "cert-2-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), - cr("cr-unrelated-rev1", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), - cr("cr-unrelated-rev2", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), - cr("cr-unrelated-rev3", "ns-1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "3"}), + cr("cr-1-no-revision", "cert-1-uid", nil), + cr("cr-1-empty", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": ""}), + cr("cr-2-rev1", "cert-2-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + cr("cr-unrelated-rev1", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + cr("cr-unrelated-rev2", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), + cr("cr-unrelated-rev3", "cert-unrelated-uid", map[string]string{"cert-manager.io/certificate-revision": "3"}), }}, - wantCurCR: cr("cr-1-rev1", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), - wantNextCR: cr("cr-1-rev2", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), + wantCurCR: cr("cr-1-rev1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + wantNextCR: cr("cr-1-rev2", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), }, "should error when duplicate current CRs are found": { givenCert: gen.Certificate("cert-1", gen.SetCertificateNamespace("ns-1"), @@ -118,8 +125,8 @@ func TestDataForCertificate(t *testing.T) { gen.SetCertificateRevision(1), ), builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{ - cr("cr-1-rev1a", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), - cr("cr-1-rev1b", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + cr("cr-1-rev1a", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), + cr("cr-1-rev1b", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "1"}), }}, wantErr: `multiple CertificateRequests were found for the 'current' revision 1, issuance is skipped until there are no more duplicates`, }, @@ -129,8 +136,8 @@ func TestDataForCertificate(t *testing.T) { gen.SetCertificateRevision(1), ), builder: &testpkg.Builder{CertManagerObjects: []runtime.Object{ - cr("cr-1-rev2a", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), - cr("cr-1-rev2b", "ns-1", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), + cr("cr-1-rev2a", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), + cr("cr-1-rev2b", "cert-1-uid", map[string]string{"cert-manager.io/certificate-revision": "2"}), }}, wantErr: `multiple CertificateRequests were found for the 'next' revision 2, issuance is skipped until there are no more duplicates`, }, @@ -139,7 +146,7 @@ func TestDataForCertificate(t *testing.T) { t.Run(name, func(t *testing.T) { fakeClockStart, _ := time.Parse(time.RFC3339, "2021-01-02T15:04:05Z07:00") log := logtesting.NewTestLogger(t) - turnOnKlogIfVerboseTest(t) + turnOnKlogIfVerboseTest() test.builder.T = t test.builder.Clock = fakeclock.NewFakeClock(fakeClockStart) @@ -224,7 +231,7 @@ func TestDataForCertificate(t *testing.T) { // The logs are helpful for debugging client-go-related issues (informer // not starting...). This function passes the flag -v=4 to klog when the // tests are being run with -v. Otherwise, the default klog level is used. -func turnOnKlogIfVerboseTest(t *testing.T) { +func turnOnKlogIfVerboseTest() { hasVerboseFlag := flag.Lookup("test.v").Value.String() == "true" if !hasVerboseFlag { return @@ -234,10 +241,3 @@ func turnOnKlogIfVerboseTest(t *testing.T) { klog.InitFlags(klogFlags) _ = klogFlags.Set("v", "4") } - -func cr(crName, crNamespace, ownerCertUID string, annot map[string]string) *cmapi.CertificateRequest { - return gen.CertificateRequest(crName, gen.SetCertificateRequestNamespace(crNamespace), - gen.AddCertificateRequestOwnerReferences(gen.CertificateRef("some-cert-name-that-does-not-matter", ownerCertUID)), - gen.AddCertificateRequestAnnotations(annot), - ) -} diff --git a/pkg/controller/acmechallenges/scheduler/scheduler.go b/pkg/controller/acmechallenges/scheduler/scheduler.go index 94509844438..73499bfcc1c 100644 --- a/pkg/controller/acmechallenges/scheduler/scheduler.go +++ b/pkg/controller/acmechallenges/scheduler/scheduler.go @@ -55,17 +55,14 @@ func (s *Scheduler) ScheduleN(n int) ([]*cmacme.Challenge, error) { return nil, err } - return s.scheduleN(n, allChallenges) + return s.scheduleN(n, allChallenges), nil } -func (s *Scheduler) scheduleN(n int, allChallenges []*cmacme.Challenge) ([]*cmacme.Challenge, error) { +func (s *Scheduler) scheduleN(n int, allChallenges []*cmacme.Challenge) []*cmacme.Challenge { // Determine the list of challenges that could feasibly be scheduled on // this pass of the scheduler. // This function returns a list of candidates sorted by creation timestamp. - candidates, inProgressChallengeCount, err := s.determineChallengeCandidates(allChallenges) - if err != nil { - return nil, err - } + candidates, inProgressChallengeCount := s.determineChallengeCandidates(allChallenges) numberToSelect := n remainingNumberAllowedChallenges := s.maxConcurrentChallenges - inProgressChallengeCount @@ -76,23 +73,18 @@ func (s *Scheduler) scheduleN(n int, allChallenges []*cmacme.Challenge) ([]*cmac numberToSelect = remainingNumberAllowedChallenges } - candidates, err = s.selectChallengesToSchedule(candidates, numberToSelect) - if err != nil { - return nil, err - } - - return candidates, nil + return s.selectChallengesToSchedule(candidates, numberToSelect) } // selectChallengesToSchedule will apply some sorting heuristic to the allowed // challenge candidates and return a maximum of N challenges that should be // scheduled for processing. -func (s *Scheduler) selectChallengesToSchedule(candidates []*cmacme.Challenge, n int) ([]*cmacme.Challenge, error) { +func (s *Scheduler) selectChallengesToSchedule(candidates []*cmacme.Challenge, n int) []*cmacme.Challenge { // Trim the candidates returned to 'n' if len(candidates) > n { candidates = candidates[:n] } - return candidates, nil + return candidates } // determineChallengeCandidates will determine which, if any, challenges can @@ -100,7 +92,7 @@ func (s *Scheduler) selectChallengesToSchedule(candidates []*cmacme.Challenge, n // processing. // The returned challenges will be sorted in ascending order based on timestamp // (i.e. the oldest challenge will be element zero). -func (s *Scheduler) determineChallengeCandidates(allChallenges []*cmacme.Challenge) ([]*cmacme.Challenge, int, error) { +func (s *Scheduler) determineChallengeCandidates(allChallenges []*cmacme.Challenge) ([]*cmacme.Challenge, int) { // consider the entire set of challenges for 'in progress', in case a challenge // has processing=true whilst still being in a 'final' state inProgress := processingChallenges(allChallenges) @@ -111,7 +103,7 @@ func (s *Scheduler) determineChallengeCandidates(allChallenges []*cmacme.Challen // hit the maximum number of challenges. if inProgressChallengeCount >= s.maxConcurrentChallenges { s.log.V(logs.DebugLevel).Info("hit maximum concurrent challenge limit. refusing to schedule more challenges.", "in_progress", len(inProgress), "max_concurrent", s.maxConcurrentChallenges) - return []*cmacme.Challenge{}, inProgressChallengeCount, nil + return []*cmacme.Challenge{}, inProgressChallengeCount } // Calculate incomplete challenges @@ -139,7 +131,7 @@ func (s *Scheduler) determineChallengeCandidates(allChallenges []*cmacme.Challen // Finally, sorted the challenges by timestamp to ensure a stable output sortChallengesByTimestamp(candidates) - return candidates, inProgressChallengeCount, nil + return candidates, inProgressChallengeCount } func sortChallengesByTimestamp(chs []*cmacme.Challenge) { diff --git a/pkg/controller/acmechallenges/scheduler/scheduler_test.go b/pkg/controller/acmechallenges/scheduler/scheduler_test.go index b24ea13f7d3..ce7b6bda3eb 100644 --- a/pkg/controller/acmechallenges/scheduler/scheduler_test.go +++ b/pkg/controller/acmechallenges/scheduler/scheduler_test.go @@ -82,8 +82,7 @@ func BenchmarkScheduleAscending(b *testing.B) { s := &Scheduler{} b.ResetTimer() for n := 0; n < b.N; n++ { - _, err := s.scheduleN(30, chs) - require.NoError(b, err) + _ = s.scheduleN(30, chs) } }) } @@ -97,8 +96,7 @@ func BenchmarkScheduleRandom(b *testing.B) { s := &Scheduler{} b.ResetTimer() for n := 0; n < b.N; n++ { - _, err := s.scheduleN(30, chs) - require.NoError(b, err) + _ = s.scheduleN(30, chs) } }) } @@ -112,8 +110,7 @@ func BenchmarkScheduleDuplicates(b *testing.B) { s := &Scheduler{} b.ResetTimer() for n := 0; n < b.N; n++ { - _, err := s.scheduleN(30, chs) - require.NoError(b, err) + _ = s.scheduleN(30, chs) } }) } diff --git a/pkg/controller/acmeorders/sync.go b/pkg/controller/acmeorders/sync.go index 46dd2f031fd..8fb17683ecd 100644 --- a/pkg/controller/acmeorders/sync.go +++ b/pkg/controller/acmeorders/sync.go @@ -202,7 +202,7 @@ func (c *controller) Sync(ctx context.Context, o *cmacme.Order) (err error) { // correctly. Do not change this unless there is a real need for // it. log.V(logf.DebugLevel).Info("Update Order status as at least one Challenge has failed") - _, err := c.updateOrderStatusFromACMEOrder(ctx, cl, o, acmeOrder) + _, err := c.updateOrderStatusFromACMEOrder(o, acmeOrder) if acmeErr, ok := err.(*acmeapi.Error); ok { if acmeErr.StatusCode >= 400 && acmeErr.StatusCode < 500 { log.Error(err, "failed to update Order status due to a 4xx error, marking Order as failed") @@ -242,7 +242,7 @@ func (c *controller) Sync(ctx context.Context, o *cmacme.Order) (err error) { case !anyChallengesFailed(challenges) && allChallengesFinal(challenges): log.V(logf.DebugLevel).Info("All challenges are in a final state, updating order state") - _, err := c.updateOrderStatusFromACMEOrder(ctx, cl, o, acmeOrder) + _, err := c.updateOrderStatusFromACMEOrder(o, acmeOrder) if acmeErr, ok := err.(*acmeapi.Error); ok { if acmeErr.StatusCode >= 400 && acmeErr.StatusCode < 500 { log.Error(err, "failed to update Order status due to a 4xx error, marking Order as failed") @@ -312,10 +312,10 @@ func (c *controller) updateOrderStatus(ctx context.Context, cl acmecl.Interface, return nil, err } - return c.updateOrderStatusFromACMEOrder(ctx, cl, o, acmeOrder) + return c.updateOrderStatusFromACMEOrder(o, acmeOrder) } -func (c *controller) updateOrderStatusFromACMEOrder(ctx context.Context, cl acmecl.Interface, o *cmacme.Order, acmeOrder *acmeapi.Order) (*acmeapi.Order, error) { +func (c *controller) updateOrderStatusFromACMEOrder(o *cmacme.Order, acmeOrder *acmeapi.Order) (*acmeapi.Order, error) { // Workaround bug in golang.org/x/crypto/acme implementation whereby the // order's URI field will be empty when calling GetOrder due to the // 'Location' header not being set on the response from the ACME server. diff --git a/pkg/controller/certificate-shim/sync_test.go b/pkg/controller/certificate-shim/sync_test.go index ca71eea3232..e3e0d6378b9 100644 --- a/pkg/controller/certificate-shim/sync_test.go +++ b/pkg/controller/certificate-shim/sync_test.go @@ -35,7 +35,6 @@ import ( cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - "github.com/cert-manager/cert-manager/pkg/controller" controllerpkg "github.com/cert-manager/cert-manager/pkg/controller" testpkg "github.com/cert-manager/cert-manager/pkg/controller/test" "github.com/cert-manager/cert-manager/test/unit/gen" @@ -129,7 +128,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -179,7 +178,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -230,7 +229,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -281,7 +280,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -336,7 +335,7 @@ func TestSync(t *testing.T) { cmacme.ACMECertificateHTTP01IngressNameOverride: "ingress-name", cmapi.IssueTemporaryCertificateAnnotation: "true", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -389,7 +388,7 @@ func TestSync(t *testing.T) { cmacme.ACMECertificateHTTP01IngressNameOverride: "ingress-name", cmapi.IssueTemporaryCertificateAnnotation: "true", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -431,7 +430,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -474,7 +473,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -518,7 +517,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), Annotations: map[string]string{ cmacme.ACMECertificateHTTP01IngressClassOverride: "cert-ing", }, @@ -564,7 +563,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -664,7 +663,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -706,7 +705,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -751,7 +750,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -800,7 +799,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -849,7 +848,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -905,7 +904,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -945,7 +944,7 @@ func TestSync(t *testing.T) { CertificateLister: []runtime.Object{ buildCertificate("existing-crt", gen.DefaultTestNamespace, - buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + buildIngressOwnerReferences("ingress-name"), ), }, DefaultIssuerKind: "Issuer", @@ -955,7 +954,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1003,7 +1002,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "a-different-value": "should be removed", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1025,7 +1024,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1068,7 +1067,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1088,7 +1087,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1133,7 +1132,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1156,7 +1155,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1204,7 +1203,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1227,7 +1226,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1276,7 +1275,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1299,7 +1298,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1350,7 +1349,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1373,7 +1372,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "cert-secret-name", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1463,7 +1462,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("not-ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("not-ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1496,7 +1495,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1515,7 +1514,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1557,7 +1556,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1578,7 +1577,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1692,7 +1691,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -1747,7 +1746,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildIngressOwnerReferences("ingress-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("ingress-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com"}, @@ -1824,7 +1823,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1886,7 +1885,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -1950,7 +1949,7 @@ func TestSync(t *testing.T) { cmacme.ACMECertificateHTTP01IngressNameOverride: "gateway-name", cmapi.IssueTemporaryCertificateAnnotation: "true", }, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2013,7 +2012,7 @@ func TestSync(t *testing.T) { cmacme.ACMECertificateHTTP01IngressNameOverride: "gateway-name", cmapi.IssueTemporaryCertificateAnnotation: "true", }, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2065,7 +2064,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2118,7 +2117,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2172,7 +2171,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), Annotations: map[string]string{ cmacme.ACMECertificateHTTP01IngressClassOverride: "cert-ing", }, @@ -2229,7 +2228,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2281,7 +2280,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2386,7 +2385,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2449,7 +2448,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"www.example.com"}, @@ -2515,7 +2514,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2565,7 +2564,7 @@ func TestSync(t *testing.T) { CertificateLister: []runtime.Object{ buildCertificate("existing-crt", gen.DefaultTestNamespace, - buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + buildGatewayOwnerReferences("gateway-name"), ), }, DefaultIssuerKind: "Issuer", @@ -2575,7 +2574,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2633,7 +2632,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "a-different-value": "should be removed", }, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2655,7 +2654,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2759,7 +2758,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildIngressOwnerReferences("not-gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildIngressOwnerReferences("not-gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2792,7 +2791,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2811,7 +2810,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "existing-crt", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2863,7 +2862,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2884,7 +2883,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -2969,7 +2968,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com", "www.example.com", "foo.example.com"}, @@ -3041,7 +3040,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "foo-example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"foo.example.com"}, @@ -3058,7 +3057,7 @@ func TestSync(t *testing.T) { ObjectMeta: metav1.ObjectMeta{ Name: "bar-example-com-tls", Namespace: gen.DefaultTestNamespace, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"bar.example.com"}, @@ -3155,7 +3154,7 @@ func TestSync(t *testing.T) { Labels: map[string]string{ "my-test-label": "should be copied", }, - OwnerReferences: buildGatewayOwnerReferences("gateway-name", gen.DefaultTestNamespace), + OwnerReferences: buildGatewayOwnerReferences("gateway-name"), }, Spec: cmapi.CertificateSpec{ DNSNames: []string{"example.com"}, @@ -3226,7 +3225,7 @@ func TestSync(t *testing.T) { } b.Init() defer b.Stop() - sync := SyncFnFor(b.Recorder, logr.Discard(), b.CMClient, b.SharedInformerFactory.Certmanager().V1().Certificates().Lister(), controller.IngressShimOptions{ + sync := SyncFnFor(b.Recorder, logr.Discard(), b.CMClient, b.SharedInformerFactory.Certmanager().V1().Certificates().Lister(), controllerpkg.IngressShimOptions{ DefaultIssuerName: test.DefaultIssuerName, DefaultIssuerKind: test.DefaultIssuerKind, DefaultIssuerGroup: test.DefaultIssuerGroup, @@ -3381,20 +3380,21 @@ func buildGateway(name, namespace string, annotations map[string]string) *gwapi. Name: name, Namespace: namespace, Annotations: annotations, + UID: types.UID(name), }, } } -func buildIngressOwnerReferences(name, namespace string) []metav1.OwnerReference { +func buildIngressOwnerReferences(name string) []metav1.OwnerReference { return []metav1.OwnerReference{ - *metav1.NewControllerRef(buildIngress(name, namespace, nil), ingressV1GVK), + *metav1.NewControllerRef(buildIngress(name, gen.DefaultTestNamespace, nil), ingressV1GVK), } } // The Gateway name and UID are set to the same. -func buildGatewayOwnerReferences(name, namespace string) []metav1.OwnerReference { +func buildGatewayOwnerReferences(name string) []metav1.OwnerReference { return []metav1.OwnerReference{ - *metav1.NewControllerRef(buildIngress(name, namespace, nil), gatewayGVK), + *metav1.NewControllerRef(buildGateway(name, gen.DefaultTestNamespace, nil), gatewayGVK), } } @@ -3419,7 +3419,7 @@ func Test_validateGatewayListenerBlock(t *testing.T) { ingLike: &gwapi.Gateway{ ObjectMeta: metav1.ObjectMeta{ Name: "gateway", - Namespace: "default", + Namespace: gen.DefaultTestNamespace, }, }, listener: gwapi.Listener{ @@ -3434,7 +3434,7 @@ func Test_validateGatewayListenerBlock(t *testing.T) { ingLike: &gwapi.Gateway{ ObjectMeta: metav1.ObjectMeta{ Name: "gateway", - Namespace: "default", + Namespace: gen.DefaultTestNamespace, }, }, listener: gwapi.Listener{ @@ -3459,7 +3459,7 @@ func Test_validateGatewayListenerBlock(t *testing.T) { ingLike: &gwapi.Gateway{ ObjectMeta: metav1.ObjectMeta{ Name: "example", - Namespace: "default", + Namespace: gen.DefaultTestNamespace, }, }, listener: gwapi.Listener{ @@ -3523,7 +3523,7 @@ func Test_validateGatewayListenerBlock(t *testing.T) { ingLike: &gwapi.Gateway{ ObjectMeta: metav1.ObjectMeta{ Name: "example", - Namespace: "default", + Namespace: gen.DefaultTestNamespace, }, }, listener: gwapi.Listener{ @@ -3595,14 +3595,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) { givenCerts: []*cmapi.Certificate{{ ObjectMeta: metav1.ObjectMeta{ Name: "cert-1", - Namespace: "default", - OwnerReferences: buildGatewayOwnerReferences("ingress-1", "default"), + Namespace: gen.DefaultTestNamespace, + OwnerReferences: buildGatewayOwnerReferences("ingress-1"), }, Spec: cmapi.CertificateSpec{ SecretName: "secret-name", }}, }, ingLike: &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{Name: "ingress-2", Namespace: "default", UID: "ingress-2"}, + ObjectMeta: metav1.ObjectMeta{Name: "ingress-2", Namespace: gen.DefaultTestNamespace, UID: "ingress-2"}, Spec: networkingv1.IngressSpec{TLS: []networkingv1.IngressTLS{{SecretName: "secret-name"}}}, }, wantToBeRemoved: nil, @@ -3612,14 +3612,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) { givenCerts: []*cmapi.Certificate{{ ObjectMeta: metav1.ObjectMeta{ Name: "cert-1", - Namespace: "default", - OwnerReferences: buildGatewayOwnerReferences("ingress-1", "default"), + Namespace: gen.DefaultTestNamespace, + OwnerReferences: buildGatewayOwnerReferences("ingress-1"), }, Spec: cmapi.CertificateSpec{ SecretName: "secret-name", }}, }, ingLike: &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{Name: "ingress-1", Namespace: "default", UID: "ingress-1"}, + ObjectMeta: metav1.ObjectMeta{Name: "ingress-1", Namespace: gen.DefaultTestNamespace, UID: "ingress-1"}, Spec: networkingv1.IngressSpec{TLS: []networkingv1.IngressTLS{{SecretName: "secret-name"}}}, }, wantToBeRemoved: nil, @@ -3629,14 +3629,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) { givenCerts: []*cmapi.Certificate{{ ObjectMeta: metav1.ObjectMeta{ Name: "cert-1", - Namespace: "default", - OwnerReferences: buildGatewayOwnerReferences("ingress-1", "default"), + Namespace: gen.DefaultTestNamespace, + OwnerReferences: buildGatewayOwnerReferences("ingress-1"), }, Spec: cmapi.CertificateSpec{ SecretName: "secret-name", }}, }, ingLike: &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{Name: "ingress-1", Namespace: "default", UID: "ingress-1"}, + ObjectMeta: metav1.ObjectMeta{Name: "ingress-1", Namespace: gen.DefaultTestNamespace, UID: "ingress-1"}, }, wantToBeRemoved: []string{"cert-1"}, }, @@ -3645,14 +3645,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) { givenCerts: []*cmapi.Certificate{{ ObjectMeta: metav1.ObjectMeta{ Name: "cert-1", - Namespace: "default", - OwnerReferences: buildGatewayOwnerReferences("gw-1", "default"), + Namespace: gen.DefaultTestNamespace, + OwnerReferences: buildGatewayOwnerReferences("gw-1"), }, Spec: cmapi.CertificateSpec{ SecretName: "secret-name", }}, }, ingLike: &gwapi.Gateway{ - ObjectMeta: metav1.ObjectMeta{Name: "gw-2", Namespace: "default", UID: "gw-2"}, + ObjectMeta: metav1.ObjectMeta{Name: "gw-2", Namespace: gen.DefaultTestNamespace, UID: "gw-2"}, Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{{ TLS: &gwapi.GatewayTLSConfig{CertificateRefs: []gwapi.SecretObjectReference{ { @@ -3668,14 +3668,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) { givenCerts: []*cmapi.Certificate{{ ObjectMeta: metav1.ObjectMeta{ Name: "cert-1", - Namespace: "default", - OwnerReferences: buildGatewayOwnerReferences("gw-1", "default"), + Namespace: gen.DefaultTestNamespace, + OwnerReferences: buildGatewayOwnerReferences("gw-1"), }, Spec: cmapi.CertificateSpec{ SecretName: "secret-name", }}, }, ingLike: &gwapi.Gateway{ - ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: "default", UID: "gw-1"}, + ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: gen.DefaultTestNamespace, UID: "gw-1"}, Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{ {TLS: &gwapi.GatewayTLSConfig{CertificateRefs: []gwapi.SecretObjectReference{{Name: "not-secret-name"}}}}, }}, @@ -3687,14 +3687,14 @@ func Test_findCertificatesToBeRemoved(t *testing.T) { givenCerts: []*cmapi.Certificate{{ ObjectMeta: metav1.ObjectMeta{ Name: "cert-1", - Namespace: "default", - OwnerReferences: buildGatewayOwnerReferences("gw-1", "default"), + Namespace: gen.DefaultTestNamespace, + OwnerReferences: buildGatewayOwnerReferences("gw-1"), }, Spec: cmapi.CertificateSpec{ SecretName: "secret-name", }}, }, ingLike: &gwapi.Gateway{ - ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: "default", UID: "gw-1"}, + ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: gen.DefaultTestNamespace, UID: "gw-1"}, Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{ {TLS: &gwapi.GatewayTLSConfig{CertificateRefs: []gwapi.SecretObjectReference{{Name: "secret-name"}}}}, }}, @@ -3712,7 +3712,7 @@ func Test_findCertificatesToBeRemoved(t *testing.T) { func Test_secretNameUsedIn_nilPointerGateway(t *testing.T) { got := secretNameUsedIn("secret-name", &gwapi.Gateway{ - ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: "default", UID: "gw-1"}, + ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: gen.DefaultTestNamespace, UID: "gw-1"}, Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{ {TLS: nil}, {TLS: &gwapi.GatewayTLSConfig{CertificateRefs: nil}}, @@ -3722,7 +3722,7 @@ func Test_secretNameUsedIn_nilPointerGateway(t *testing.T) { assert.Equal(t, true, got) got = secretNameUsedIn("secret-name", &gwapi.Gateway{ - ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: "default", UID: "gw-1"}, + ObjectMeta: metav1.ObjectMeta{Name: "gw-1", Namespace: gen.DefaultTestNamespace, UID: "gw-1"}, Spec: gwapi.GatewaySpec{Listeners: []gwapi.Listener{ {TLS: nil}, {TLS: &gwapi.GatewayTLSConfig{CertificateRefs: nil}}, diff --git a/pkg/controller/certificaterequests/vault/vault_test.go b/pkg/controller/certificaterequests/vault/vault_test.go index 0cb69b5fcad..2224eb91295 100644 --- a/pkg/controller/certificaterequests/vault/vault_test.go +++ b/pkg/controller/certificaterequests/vault/vault_test.go @@ -64,8 +64,7 @@ func generateCSR(t *testing.T, secretKey crypto.Signer) []byte { return csr } -func generateSelfSignedCertFromCR(cr *cmapi.CertificateRequest, key crypto.Signer, - duration time.Duration) ([]byte, error) { +func generateSelfSignedCertFromCR(cr *cmapi.CertificateRequest, key crypto.Signer) ([]byte, error) { template, err := pki.CertificateTemplateFromCertificateRequest(cr) if err != nil { return nil, fmt.Errorf("error generating template: %v", err) @@ -134,7 +133,7 @@ func TestSign(t *testing.T) { }), ) - rsaPEMCert, err := generateSelfSignedCertFromCR(baseCR, rsaSK, time.Hour*24*60) + rsaPEMCert, err := generateSelfSignedCertFromCR(baseCR, rsaSK) if err != nil { t.Error(err) t.FailNow() diff --git a/pkg/controller/certificaterequests/venafi/venafi.go b/pkg/controller/certificaterequests/venafi/venafi.go index 77ee5334f49..623d21713a1 100644 --- a/pkg/controller/certificaterequests/venafi/venafi.go +++ b/pkg/controller/certificaterequests/venafi/venafi.go @@ -115,12 +115,11 @@ func (v *Venafi) Sign(ctx context.Context, cr *cmapi.CertificateRequest, issuerO } } - duration := apiutil.DefaultCertDuration(cr.Spec.Duration) pickupID := cr.ObjectMeta.Annotations[cmapi.VenafiPickupIDAnnotationKey] // check if the pickup ID annotation is there, if not set it up. if pickupID == "" { - pickupID, err = client.RequestCertificate(cr.Spec.Request, duration, customFields) + pickupID, err = client.RequestCertificate(cr.Spec.Request, customFields) // Check some known error types if err != nil { switch err.(type) { @@ -148,7 +147,7 @@ func (v *Venafi) Sign(ctx context.Context, cr *cmapi.CertificateRequest, issuerO return nil, nil } - certPem, err := client.RetrieveCertificate(pickupID, cr.Spec.Request, duration, customFields) + certPem, err := client.RetrieveCertificate(pickupID, cr.Spec.Request, customFields) if err != nil { switch err.(type) { case endpoint.ErrCertificatePending, endpoint.ErrRetrieveCertificateTimeout: diff --git a/pkg/controller/certificaterequests/venafi/venafi_test.go b/pkg/controller/certificaterequests/venafi/venafi_test.go index 644cdb3b1ac..dd8e84a2bf2 100644 --- a/pkg/controller/certificaterequests/venafi/venafi_test.go +++ b/pkg/controller/certificaterequests/venafi/venafi_test.go @@ -222,10 +222,10 @@ func TestSign(t *testing.T) { } clientReturnsPending := &internalvenafifake.Venafi{ - RequestCertificateFn: func(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) { + RequestCertificateFn: func(csrPEM []byte, customFields []api.CustomField) (string, error) { return "test", nil }, - RetrieveCertificateFn: func(string, []byte, time.Duration, []api.CustomField) ([]byte, error) { + RetrieveCertificateFn: func(string, []byte, []api.CustomField) ([]byte, error) { return nil, endpoint.ErrCertificatePending{ CertificateID: "test-cert-id", Status: "test-status-pending", @@ -233,33 +233,33 @@ func TestSign(t *testing.T) { }, } clientReturnsGenericError := &internalvenafifake.Venafi{ - RequestCertificateFn: func(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) { + RequestCertificateFn: func(csrPEM []byte, customFields []api.CustomField) (string, error) { return "", errors.New("this is an error") }, } clientReturnsCert := &internalvenafifake.Venafi{ - RequestCertificateFn: func(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) { + RequestCertificateFn: func(csrPEM []byte, customFields []api.CustomField) (string, error) { return "test", nil }, - RetrieveCertificateFn: func(string, []byte, time.Duration, []api.CustomField) ([]byte, error) { + RetrieveCertificateFn: func(string, []byte, []api.CustomField) ([]byte, error) { return append(certPEM, rootPEM...), nil }, } clientReturnsCertIfCustomField := &internalvenafifake.Venafi{ - RequestCertificateFn: func(csrPEM []byte, duration time.Duration, fields []api.CustomField) (string, error) { + RequestCertificateFn: func(csrPEM []byte, fields []api.CustomField) (string, error) { if len(fields) > 0 && fields[0].Name == "cert-manager-test" && fields[0].Value == "test ok" { return "test", nil } return "", errors.New("Custom field not set") }, - RetrieveCertificateFn: func(string, []byte, time.Duration, []api.CustomField) ([]byte, error) { + RetrieveCertificateFn: func(string, []byte, []api.CustomField) ([]byte, error) { return append(certPEM, rootPEM...), nil }, } clientReturnsInvalidCustomFieldType := &internalvenafifake.Venafi{ - RequestCertificateFn: func(csrPEM []byte, duration time.Duration, fields []api.CustomField) (string, error) { + RequestCertificateFn: func(csrPEM []byte, fields []api.CustomField) (string, error) { return "", client.ErrCustomFieldsType{Type: fields[0].Type} }, } diff --git a/pkg/controller/certificates/issuing/internal/keystore_test.go b/pkg/controller/certificates/issuing/internal/keystore_test.go index 4f666580e7e..e0f6a6792d9 100644 --- a/pkg/controller/certificates/issuing/internal/keystore_test.go +++ b/pkg/controller/certificates/issuing/internal/keystore_test.go @@ -48,10 +48,8 @@ func mustGeneratePrivateKey(t *testing.T, encoding cmapi.PrivateKeyEncoding) []b return pkBytes } -func mustSelfSignCertificate(t *testing.T, pkBytes []byte) []byte { - if pkBytes == nil { - pkBytes = mustGeneratePrivateKey(t, cmapi.PKCS8) - } +func mustSelfSignCertificate(t *testing.T) []byte { + pkBytes := mustGeneratePrivateKey(t, cmapi.PKCS8) pk, err := pki.DecodePrivateKeyBytes(pkBytes) if err != nil { t.Fatal(err) @@ -74,7 +72,7 @@ func mustSelfSignCertificate(t *testing.T, pkBytes []byte) []byte { func mustSelfSignCertificates(t *testing.T, count int) []byte { var buf bytes.Buffer for i := 0; i < count; i++ { - buf.Write(mustSelfSignCertificate(t, nil)) + buf.Write(mustSelfSignCertificate(t)) } return buf.Bytes() } @@ -165,7 +163,7 @@ func TestEncodeJKSKeystore(t *testing.T) { password: "password", alias: "alias", rawKey: mustGeneratePrivateKey(t, cmapi.PKCS1), - certPEM: mustSelfSignCertificate(t, nil), + certPEM: mustSelfSignCertificate(t), verify: func(t *testing.T, out []byte, err error) { if err != nil { t.Errorf("expected no error but got: %v", err) @@ -192,7 +190,7 @@ func TestEncodeJKSKeystore(t *testing.T) { password: "password", alias: "alias", rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8), - certPEM: mustSelfSignCertificate(t, nil), + certPEM: mustSelfSignCertificate(t), verify: func(t *testing.T, out []byte, err error) { if err != nil { t.Errorf("expected no error but got: %v", err) @@ -217,8 +215,8 @@ func TestEncodeJKSKeystore(t *testing.T) { password: "password", alias: "alias", rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8), - certPEM: mustSelfSignCertificate(t, nil), - caPEM: mustSelfSignCertificate(t, nil), + certPEM: mustSelfSignCertificate(t), + caPEM: mustSelfSignCertificate(t), verify: func(t *testing.T, out []byte, err error) { if err != nil { t.Errorf("expected no error but got: %v", err) @@ -242,7 +240,7 @@ func TestEncodeJKSKeystore(t *testing.T) { password: "password", alias: "alias", rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8), - certPEM: mustSelfSignCertificate(t, nil), + certPEM: mustSelfSignCertificate(t), caPEM: mustSelfSignCertificates(t, 3), verify: func(t *testing.T, out []byte, err error) { if err != nil { @@ -356,7 +354,7 @@ func TestEncodePKCS12Keystore(t *testing.T) { "encode a JKS bundle for a PKCS1 key and certificate only": { password: "password", rawKey: mustGeneratePrivateKey(t, cmapi.PKCS1), - certPEM: mustSelfSignCertificate(t, nil), + certPEM: mustSelfSignCertificate(t), verify: func(t *testing.T, out []byte, err error) { if err != nil { t.Errorf("expected no error but got: %v", err) @@ -377,7 +375,7 @@ func TestEncodePKCS12Keystore(t *testing.T) { "encode a JKS bundle for a PKCS8 key and certificate only": { password: "password", rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8), - certPEM: mustSelfSignCertificate(t, nil), + certPEM: mustSelfSignCertificate(t), verify: func(t *testing.T, out []byte, err error) { if err != nil { t.Errorf("expected no error but got: %v", err) @@ -398,8 +396,8 @@ func TestEncodePKCS12Keystore(t *testing.T) { "encode a JKS bundle for a key, certificate and ca": { password: "password", rawKey: mustGeneratePrivateKey(t, cmapi.PKCS8), - certPEM: mustSelfSignCertificate(t, nil), - caPEM: mustSelfSignCertificate(t, nil), + certPEM: mustSelfSignCertificate(t), + caPEM: mustSelfSignCertificate(t), verify: func(t *testing.T, out []byte, err error) { if err != nil { t.Errorf("expected no error but got: %v", err) @@ -450,7 +448,7 @@ func TestEncodePKCS12Keystore(t *testing.T) { }) t.Run("encodePKCS12Keystore *prepends* non-leaf certificates to the supplied CA certificate chain", func(t *testing.T) { const password = "password" - caChainInPEM := mustSelfSignCertificate(t, nil) + caChainInPEM := mustSelfSignCertificate(t) caChainIn, err := pki.DecodeX509CertificateChainBytes(caChainInPEM) require.NoError(t, err) @@ -534,8 +532,8 @@ func TestEncodePKCS12Truststore(t *testing.T) { func TestManyPasswordLengths(t *testing.T) { rawKey := mustGeneratePrivateKey(t, cmapi.PKCS8) - certPEM := mustSelfSignCertificate(t, nil) - caPEM := mustSelfSignCertificate(t, nil) + certPEM := mustSelfSignCertificate(t) + caPEM := mustSelfSignCertificate(t) const testN = 10000 diff --git a/pkg/controller/certificates/issuing/internal/secret.go b/pkg/controller/certificates/issuing/internal/secret.go index c259f754ee3..475585e55ca 100644 --- a/pkg/controller/certificates/issuing/internal/secret.go +++ b/pkg/controller/certificates/issuing/internal/secret.go @@ -86,7 +86,7 @@ func NewSecretsManager( // If the Secret resource does not exist, it will be created on Apply. // UpdateData will also update deprecated annotations if they exist. func (s *SecretsManager) UpdateData(ctx context.Context, crt *cmapi.Certificate, data SecretData) error { - secret, err := s.getCertificateSecret(ctx, crt) + secret, err := s.getCertificateSecret(crt) if err != nil { return err } @@ -207,7 +207,7 @@ func (s *SecretsManager) setValues(crt *cmapi.Certificate, secret *corev1.Secret // getCertificateSecret will return a secret which is ready for fields to be // applied. Only the Secret Type will be persisted from the original Secret. -func (s *SecretsManager) getCertificateSecret(ctx context.Context, crt *cmapi.Certificate) (*corev1.Secret, error) { +func (s *SecretsManager) getCertificateSecret(crt *cmapi.Certificate) (*corev1.Secret, error) { // Get existing secret if it exists. existingSecret, err := s.secretLister.Secrets(crt.Namespace).Get(crt.Spec.SecretName) diff --git a/pkg/controller/certificates/issuing/internal/secret_test.go b/pkg/controller/certificates/issuing/internal/secret_test.go index 790200bc718..c6f42b9fa2f 100644 --- a/pkg/controller/certificates/issuing/internal/secret_test.go +++ b/pkg/controller/certificates/issuing/internal/secret_test.go @@ -865,7 +865,7 @@ func Test_getCertificateSecret(t *testing.T) { builder.Start() defer builder.Stop() - gotSecret, err := s.getCertificateSecret(context.Background(), crt) + gotSecret, err := s.getCertificateSecret(crt) assert.NoError(t, err) assert.Equal(t, test.expSecret, gotSecret, "unexpected returned secret") diff --git a/pkg/controller/certificates/metrics/controller.go b/pkg/controller/certificates/metrics/controller.go index 8e28af500dc..e24048e621f 100644 --- a/pkg/controller/certificates/metrics/controller.go +++ b/pkg/controller/certificates/metrics/controller.go @@ -75,10 +75,6 @@ func NewController(ctx *controllerpkg.Context) (*controller, workqueue.RateLimit } func (c *controller) ProcessItem(ctx context.Context, key string) error { - // Set context deadline for full sync in 10 seconds - ctx, cancel := context.WithTimeout(ctx, time.Second*10) - defer cancel() - namespace, name, err := cache.SplitMetaNamespaceKey(key) if err != nil { return nil @@ -95,7 +91,7 @@ func (c *controller) ProcessItem(ctx context.Context, key string) error { } // Update that Certificates metrics - c.metrics.UpdateCertificate(ctx, crt) + c.metrics.UpdateCertificate(crt) return nil } diff --git a/pkg/controller/certificates/requestmanager/requestmanager_controller_test.go b/pkg/controller/certificates/requestmanager/requestmanager_controller_test.go index 1b512bac1e2..8a4383535b8 100644 --- a/pkg/controller/certificates/requestmanager/requestmanager_controller_test.go +++ b/pkg/controller/certificates/requestmanager/requestmanager_controller_test.go @@ -43,8 +43,8 @@ import ( "github.com/cert-manager/cert-manager/test/unit/gen" ) -func mustGenerateRSA(t *testing.T, keySize int) []byte { - pk, err := pki.GenerateRSAPrivateKey(keySize) +func mustGenerateRSA(t *testing.T) []byte { + pk, err := pki.GenerateRSAPrivateKey(2048) if err != nil { t.Fatal(err) } @@ -293,7 +293,7 @@ func TestProcessItem(t *testing.T) { secrets: []runtime.Object{ &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"}, - Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)}, + Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)}, }, }, certificate: gen.CertificateFrom(bundle1.certificate, @@ -326,7 +326,7 @@ func TestProcessItem(t *testing.T) { secrets: []runtime.Object{ &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"}, - Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)}, + Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)}, }, }, certificate: gen.CertificateFrom(bundle1.certificate, @@ -414,7 +414,7 @@ func TestProcessItem(t *testing.T) { secrets: []runtime.Object{ &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"}, - Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)}, + Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)}, }, }, certificate: gen.CertificateFrom(bundle1.certificate, @@ -453,7 +453,7 @@ func TestProcessItem(t *testing.T) { secrets: []runtime.Object{ &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"}, - Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)}, + Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)}, }, }, certificate: gen.CertificateFrom(bundle1.certificate, @@ -538,7 +538,7 @@ func TestProcessItem(t *testing.T) { secrets: []runtime.Object{ &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{Namespace: "testns", Name: "exists"}, - Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t, 2048)}, + Data: map[string][]byte{corev1.TLSPrivateKeyKey: mustGenerateRSA(t)}, }, }, certificate: gen.CertificateFrom(bundle1.certificate, diff --git a/pkg/controller/certificatesigningrequests/venafi/venafi.go b/pkg/controller/certificatesigningrequests/venafi/venafi.go index 282399ffe68..d3b55be2eb1 100644 --- a/pkg/controller/certificatesigningrequests/venafi/venafi.go +++ b/pkg/controller/certificatesigningrequests/venafi/venafi.go @@ -40,7 +40,6 @@ import ( venafiapi "github.com/cert-manager/cert-manager/pkg/issuer/venafi/client/api" logf "github.com/cert-manager/cert-manager/pkg/logs" "github.com/cert-manager/cert-manager/pkg/metrics" - "github.com/cert-manager/cert-manager/pkg/util/pki" utilpki "github.com/cert-manager/cert-manager/pkg/util/pki" ) @@ -130,16 +129,6 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin } } - duration, err := pki.DurationFromCertificateSigningRequest(csr) - if err != nil { - message := fmt.Sprintf("Failed to parse requested duration: %s", err) - log.Error(err, message) - v.recorder.Event(csr, corev1.EventTypeWarning, "ErrorParseDuration", message) - util.CertificateSigningRequestSetFailed(csr, "ErrorParseDuration", message) - _, userr := util.UpdateOrApplyStatus(ctx, v.certClient, csr, certificatesv1.CertificateFailed, v.fieldManager) - return userr - } - // The signing process with Venafi is slow. The "pickupID" allows us to track // the progress of the certificate signing. It is set as an annotation the // first time the Certificate is reconciled. @@ -147,7 +136,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin // check if the pickup ID annotation is there, if not set it up. if len(pickupID) == 0 { - pickupID, err := client.RequestCertificate(csr.Spec.Request, duration, customFields) + pickupID, err := client.RequestCertificate(csr.Spec.Request, customFields) // Check some known error types if err != nil { switch err.(type) { @@ -177,7 +166,7 @@ func (v *Venafi) Sign(ctx context.Context, csr *certificatesv1.CertificateSignin return uerr } - certPem, err := client.RetrieveCertificate(pickupID, csr.Spec.Request, duration, customFields) + certPem, err := client.RetrieveCertificate(pickupID, csr.Spec.Request, customFields) if err != nil { switch err.(type) { case endpoint.ErrCertificatePending: diff --git a/pkg/controller/certificatesigningrequests/venafi/venafi_test.go b/pkg/controller/certificatesigningrequests/venafi/venafi_test.go index 3bed8097609..be983abd9b8 100644 --- a/pkg/controller/certificatesigningrequests/venafi/venafi_test.go +++ b/pkg/controller/certificatesigningrequests/venafi/venafi_test.go @@ -390,7 +390,7 @@ func TestProcessItem(t *testing.T) { ), clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ - RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) { + RequestCertificateFn: func(_ []byte, _ []venafiapi.CustomField) (string, error) { return "", venaficlient.ErrCustomFieldsType{Type: "test-type"} }, }, nil @@ -461,7 +461,7 @@ func TestProcessItem(t *testing.T) { ), clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ - RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) { + RequestCertificateFn: func(_ []byte, _ []venafiapi.CustomField) (string, error) { return "", errors.New("generic error") }, }, nil @@ -532,7 +532,7 @@ func TestProcessItem(t *testing.T) { ), clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ - RequestCertificateFn: func(_ []byte, _ time.Duration, _ []venafiapi.CustomField) (string, error) { + RequestCertificateFn: func(_ []byte, _ []venafiapi.CustomField) (string, error) { return "test-pickup-id", nil }, }, nil @@ -594,7 +594,7 @@ func TestProcessItem(t *testing.T) { ), clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ - RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { + RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) { return nil, endpoint.ErrCertificatePending{} }, }, nil @@ -645,7 +645,7 @@ func TestProcessItem(t *testing.T) { ), clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ - RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { + RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) { return nil, endpoint.ErrRetrieveCertificateTimeout{} }, }, nil @@ -696,7 +696,7 @@ func TestProcessItem(t *testing.T) { ), clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ - RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { + RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) { return nil, errors.New("generic error") }, }, nil @@ -747,7 +747,7 @@ func TestProcessItem(t *testing.T) { ), clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ - RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { + RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) { return []byte("garbage"), nil }, }, nil @@ -820,7 +820,7 @@ func TestProcessItem(t *testing.T) { ), clientBuilder: func(_ string, _ internalinformers.SecretLister, _ cmapi.GenericIssuer, _ *metrics.Metrics, _ logr.Logger, _ string) (venaficlient.Interface, error) { return &fakevenaficlient.Venafi{ - RetrieveCertificateFn: func(_ string, _ []byte, _ time.Duration, _ []venafiapi.CustomField) ([]byte, error) { + RetrieveCertificateFn: func(_ string, _ []byte, _ []venafiapi.CustomField) ([]byte, error) { return []byte(fmt.Sprintf("%s%s", certBundle.ChainPEM, certBundle.CAPEM)), nil }, }, nil diff --git a/pkg/issuer/acme/dns/dns_test.go b/pkg/issuer/acme/dns/dns_test.go index 39ce2b665df..48562e5359f 100644 --- a/pkg/issuer/acme/dns/dns_test.go +++ b/pkg/issuer/acme/dns/dns_test.go @@ -36,11 +36,11 @@ import ( "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" ) -func newIssuer(name, namespace string) *v1.Issuer { +func newIssuer() *v1.Issuer { return &v1.Issuer{ ObjectMeta: metav1.ObjectMeta{ - Name: name, - Namespace: namespace, + Name: "test", + Namespace: "default", }, Spec: v1.IssuerSpec{ IssuerConfig: v1.IssuerConfig{ @@ -50,11 +50,11 @@ func newIssuer(name, namespace string) *v1.Issuer { } } -func newSecret(name, namespace string, data map[string][]byte) *corev1.Secret { +func newSecret(name string, data map[string][]byte) *corev1.Secret { return &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: name, - Namespace: namespace, + Namespace: "default", }, Data: data, } @@ -71,12 +71,12 @@ func TestSolverFor(t *testing.T) { solverFixture: &solverFixture{ Builder: &test.Builder{ KubeObjects: []runtime.Object{ - newSecret("cloudflare-key", "default", map[string][]byte{ + newSecret("cloudflare-key", map[string][]byte{ "api-key": []byte("a-cloudflare-api-key"), }), }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ Solver: cmacme.ACMEChallengeSolver{ @@ -102,12 +102,12 @@ func TestSolverFor(t *testing.T) { solverFixture: &solverFixture{ Builder: &test.Builder{ KubeObjects: []runtime.Object{ - newSecret("cloudflare-token", "default", map[string][]byte{ + newSecret("cloudflare-token", map[string][]byte{ "api-token": []byte("a-cloudflare-api-token"), }), }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ Solver: cmacme.ACMEChallengeSolver{ @@ -131,7 +131,7 @@ func TestSolverFor(t *testing.T) { }, "fails to load a cloudflare provider with a missing secret": { solverFixture: &solverFixture{ - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), // don't include any secrets in the lister Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ @@ -156,7 +156,7 @@ func TestSolverFor(t *testing.T) { }, "fails to load a cloudflare provider when key and token are provided": { solverFixture: &solverFixture{ - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), // don't include any secrets in the lister Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ @@ -189,12 +189,12 @@ func TestSolverFor(t *testing.T) { solverFixture: &solverFixture{ Builder: &test.Builder{ KubeObjects: []runtime.Object{ - newSecret("cloudflare-key", "default", map[string][]byte{ + newSecret("cloudflare-key", map[string][]byte{ "api-key-oops": []byte("a-cloudflare-api-key"), }), }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ Solver: cmacme.ACMEChallengeSolver{ @@ -220,12 +220,12 @@ func TestSolverFor(t *testing.T) { solverFixture: &solverFixture{ Builder: &test.Builder{ KubeObjects: []runtime.Object{ - newSecret("cloudflare-token", "default", map[string][]byte{ + newSecret("cloudflare-token", map[string][]byte{ "api-key-oops": []byte("a-cloudflare-api-token"), }), }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ Solver: cmacme.ACMEChallengeSolver{ @@ -251,12 +251,12 @@ func TestSolverFor(t *testing.T) { solverFixture: &solverFixture{ Builder: &test.Builder{ KubeObjects: []runtime.Object{ - newSecret("acmedns-key", "default", map[string][]byte{ + newSecret("acmedns-key", map[string][]byte{ "acmedns.json": []byte("{}"), }), }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ Solver: cmacme.ACMEChallengeSolver{ @@ -305,12 +305,12 @@ func TestSolveForDigitalOcean(t *testing.T) { f := &solverFixture{ Builder: &test.Builder{ KubeObjects: []runtime.Object{ - newSecret("digitalocean", "default", map[string][]byte{ + newSecret("digitalocean", map[string][]byte{ "token": []byte("FAKE-TOKEN"), }), }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ Solver: cmacme.ACMEChallengeSolver{ @@ -356,12 +356,12 @@ func TestRoute53TrimCreds(t *testing.T) { f := &solverFixture{ Builder: &test.Builder{ KubeObjects: []runtime.Object{ - newSecret("route53", "default", map[string][]byte{ + newSecret("route53", map[string][]byte{ "secret": []byte("AKIENDINNEWLINE \n"), }), }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ Solver: cmacme.ACMEChallengeSolver{ @@ -408,13 +408,13 @@ func TestRoute53SecretAccessKey(t *testing.T) { f := &solverFixture{ Builder: &test.Builder{ KubeObjects: []runtime.Object{ - newSecret("route53", "default", map[string][]byte{ + newSecret("route53", map[string][]byte{ "accessKeyID": []byte("AWSACCESSKEYID"), "secretAccessKey": []byte("AKIENDINNEWLINE \n"), }), }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ Solver: cmacme.ACMEChallengeSolver{ @@ -484,7 +484,7 @@ func TestRoute53AmbientCreds(t *testing.T) { }, }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), dnsProviders: newFakeDNSProviders(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ @@ -517,7 +517,7 @@ func TestRoute53AmbientCreds(t *testing.T) { }, }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), dnsProviders: newFakeDNSProviders(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ @@ -580,7 +580,7 @@ func TestRoute53AssumeRole(t *testing.T) { }, }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), dnsProviders: newFakeDNSProviders(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ @@ -614,7 +614,7 @@ func TestRoute53AssumeRole(t *testing.T) { }, }, }, - Issuer: newIssuer("test", "default"), + Issuer: newIssuer(), dnsProviders: newFakeDNSProviders(), Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 34ca5e268cb..84b4095672e 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -122,7 +122,7 @@ func (d *sessionProvider) GetSession() (aws.Config, error) { return cfg, nil } -func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambient bool, userAgent string) (*sessionProvider, error) { +func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambient bool, userAgent string) *sessionProvider { return &sessionProvider{ AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, @@ -132,7 +132,7 @@ func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambie StsProvider: defaultSTSProvider, log: logf.Log.WithName("route53-session-provider"), userAgent: userAgent, - }, nil + } } func defaultSTSProvider(cfg aws.Config) StsClient { @@ -147,10 +147,7 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role str dns01Nameservers []string, userAgent string, ) (*DNSProvider, error) { - provider, err := newSessionProvider(accessKeyID, secretAccessKey, region, role, ambient, userAgent) - if err != nil { - return nil, err - } + provider := newSessionProvider(accessKeyID, secretAccessKey, region, role, ambient, userAgent) cfg, err := provider.GetSession() if err != nil { diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index 389597629a4..94e0c560975 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -251,10 +251,9 @@ func TestAssumeRole(t *testing.T) { for _, c := range cases { t.Run(c.name, func(t *testing.T) { - provider, err := makeMockSessionProvider(func(aws.Config) StsClient { + provider := makeMockSessionProvider(func(aws.Config) StsClient { return c.mockSTS }, c.key, c.secret, c.region, c.role, c.ambient) - assert.NoError(t, err) cfg, err := provider.GetSession() if c.expErr { assert.NotNil(t, err) @@ -287,7 +286,7 @@ func makeMockSessionProvider( defaultSTSProvider func(aws.Config) StsClient, accessKeyID, secretAccessKey, region, role string, ambient bool, -) (*sessionProvider, error) { +) *sessionProvider { return &sessionProvider{ AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, @@ -296,7 +295,7 @@ func makeMockSessionProvider( Role: role, StsProvider: defaultSTSProvider, log: logf.Log.WithName("route53-session"), - }, nil + } } func Test_removeReqID(t *testing.T) { diff --git a/pkg/issuer/venafi/client/fake/venafi.go b/pkg/issuer/venafi/client/fake/venafi.go index fb9e2688fcb..f5758b55e07 100644 --- a/pkg/issuer/venafi/client/fake/venafi.go +++ b/pkg/issuer/venafi/client/fake/venafi.go @@ -17,8 +17,6 @@ limitations under the License. package fake import ( - "time" - "github.com/Venafi/vcert/v5/pkg/endpoint" "github.com/cert-manager/cert-manager/pkg/issuer/venafi/client/api" @@ -26,8 +24,8 @@ import ( type Venafi struct { PingFn func() error - RequestCertificateFn func(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) - RetrieveCertificateFn func(pickupID string, csrPEM []byte, duration time.Duration, customFields []api.CustomField) ([]byte, error) + RequestCertificateFn func(csrPEM []byte, customFields []api.CustomField) (string, error) + RetrieveCertificateFn func(pickupID string, csrPEM []byte, customFields []api.CustomField) ([]byte, error) ReadZoneConfigurationFn func() (*endpoint.ZoneConfiguration, error) VerifyCredentialsFn func() error } @@ -36,12 +34,12 @@ func (v *Venafi) Ping() error { return v.PingFn() } -func (v *Venafi) RequestCertificate(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) { - return v.RequestCertificateFn(csrPEM, duration, customFields) +func (v *Venafi) RequestCertificate(csrPEM []byte, customFields []api.CustomField) (string, error) { + return v.RequestCertificateFn(csrPEM, customFields) } -func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, duration time.Duration, customFields []api.CustomField) ([]byte, error) { - return v.RetrieveCertificateFn(pickupID, csrPEM, duration, customFields) +func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, customFields []api.CustomField) ([]byte, error) { + return v.RetrieveCertificateFn(pickupID, csrPEM, customFields) } func (v *Venafi) ReadZoneConfiguration() (*endpoint.ZoneConfiguration, error) { diff --git a/pkg/issuer/venafi/client/request.go b/pkg/issuer/venafi/client/request.go index 090cdfca96d..b907b674613 100644 --- a/pkg/issuer/venafi/client/request.go +++ b/pkg/issuer/venafi/client/request.go @@ -45,8 +45,8 @@ var ErrorMissingSubject = errors.New("Certificate requests submitted to Venafi i // The CSR will be decoded to be validated against the zone configuration policy. // Upon the template being successfully defaulted and validated, the CSR will be sent, as is. // It will return a pickup ID which can be used with RetrieveCertificate to get the certificate -func (v *Venafi) RequestCertificate(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) { - vreq, err := v.buildVReq(csrPEM, duration, customFields) +func (v *Venafi) RequestCertificate(csrPEM []byte, customFields []api.CustomField) (string, error) { + vreq, err := v.buildVReq(csrPEM, customFields) if err != nil { return "", err } @@ -81,8 +81,8 @@ func (v *Venafi) RequestCertificate(csrPEM []byte, duration time.Duration, custo return v.vcertClient.RequestCertificate(vreq) } -func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, duration time.Duration, customFields []api.CustomField) ([]byte, error) { - vreq, err := v.buildVReq(csrPEM, duration, customFields) +func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, customFields []api.CustomField) ([]byte, error) { + vreq, err := v.buildVReq(csrPEM, customFields) if err != nil { return nil, err } @@ -103,7 +103,7 @@ func (v *Venafi) RetrieveCertificate(pickupID string, csrPEM []byte, duration ti return []byte(chain), nil } -func (v *Venafi) buildVReq(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (*certificate.Request, error) { +func (v *Venafi) buildVReq(csrPEM []byte, customFields []api.CustomField) (*certificate.Request, error) { // Retrieve a copy of the Venafi zone. // This contains default values and policy control info that we can apply // and check against locally. diff --git a/pkg/issuer/venafi/client/request_test.go b/pkg/issuer/venafi/client/request_test.go index 8f7278e6292..9d6692a8f2a 100644 --- a/pkg/issuer/venafi/client/request_test.go +++ b/pkg/issuer/venafi/client/request_test.go @@ -20,7 +20,6 @@ import ( "crypto" "errors" "testing" - "time" "github.com/Venafi/vcert/v5/pkg/certificate" "github.com/Venafi/vcert/v5/pkg/endpoint" @@ -215,7 +214,7 @@ func TestVenafi_RequestCertificate(t *testing.T) { "foo.example.com", "bar.example.com"}) } - got, err := v.RequestCertificate(tt.args.csrPEM, time.Minute, tt.args.customFields) + got, err := v.RequestCertificate(tt.args.csrPEM, tt.args.customFields) if (err != nil) != tt.wantErr { t.Errorf("RequestCertificate() error = %v, wantErr %v", err, tt.wantErr) return @@ -236,7 +235,6 @@ func TestVenafi_RetrieveCertificate(t *testing.T) { type args struct { csrPEM []byte - duration time.Duration customFields []api.CustomField } tests := []struct { @@ -280,11 +278,11 @@ func TestVenafi_RetrieveCertificate(t *testing.T) { // this is needed to provide the fake venafi client with a "valid" pickup id // testing errors in this should be done in TestVenafi_RequestCertificate // any error returned in these tests is a hard fail - pickupID, err := v.RequestCertificate(tt.args.csrPEM, tt.args.duration, tt.args.customFields) + pickupID, err := v.RequestCertificate(tt.args.csrPEM, tt.args.customFields) if err != nil { t.Errorf("RequestCertificate() should but error but got error = %v", err) } - got, err := v.RetrieveCertificate(pickupID, tt.args.csrPEM, tt.args.duration, tt.args.customFields) + got, err := v.RetrieveCertificate(pickupID, tt.args.csrPEM, tt.args.customFields) if (err != nil) != tt.wantErr { t.Errorf("RetrieveCertificate() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/pkg/issuer/venafi/client/venaficlient.go b/pkg/issuer/venafi/client/venaficlient.go index be42f4a6117..707a011be75 100644 --- a/pkg/issuer/venafi/client/venaficlient.go +++ b/pkg/issuer/venafi/client/venaficlient.go @@ -52,8 +52,8 @@ type VenafiClientBuilder func(namespace string, secretsLister internalinformers. // Interface implements a Venafi client type Interface interface { - RequestCertificate(csrPEM []byte, duration time.Duration, customFields []api.CustomField) (string, error) - RetrieveCertificate(pickupID string, csrPEM []byte, duration time.Duration, customFields []api.CustomField) ([]byte, error) + RequestCertificate(csrPEM []byte, customFields []api.CustomField) (string, error) + RetrieveCertificate(pickupID string, csrPEM []byte, customFields []api.CustomField) ([]byte, error) Ping() error ReadZoneConfiguration() (*endpoint.ZoneConfiguration, error) SetClient(endpoint.Connector) diff --git a/pkg/metrics/certificates.go b/pkg/metrics/certificates.go index 071e53897c7..4feeb28a426 100644 --- a/pkg/metrics/certificates.go +++ b/pkg/metrics/certificates.go @@ -17,33 +17,23 @@ limitations under the License. package metrics import ( - "context" - "github.com/prometheus/client_golang/prometheus" "k8s.io/client-go/tools/cache" cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" - logf "github.com/cert-manager/cert-manager/pkg/logs" ) // UpdateCertificate will update the given Certificate's metrics for its expiry, renewal, and status // condition. -func (m *Metrics) UpdateCertificate(ctx context.Context, crt *cmapi.Certificate) { - key, err := cache.MetaNamespaceKeyFunc(crt) - if err != nil { - log := logf.WithRelatedResource(m.log, crt) - log.Error(err, "failed to get key from certificate object") - return - } - - m.updateCertificateStatus(key, crt) - m.updateCertificateExpiry(ctx, key, crt) +func (m *Metrics) UpdateCertificate(crt *cmapi.Certificate) { + m.updateCertificateStatus(crt) + m.updateCertificateExpiry(crt) m.updateCertificateRenewalTime(crt) } // updateCertificateExpiry updates the expiry time of a certificate -func (m *Metrics) updateCertificateExpiry(ctx context.Context, key string, crt *cmapi.Certificate) { +func (m *Metrics) updateCertificateExpiry(crt *cmapi.Certificate) { expiryTime := 0.0 if crt.Status.NotAfter != nil { @@ -76,7 +66,7 @@ func (m *Metrics) updateCertificateRenewalTime(crt *cmapi.Certificate) { } // updateCertificateStatus will update the metric for that Certificate -func (m *Metrics) updateCertificateStatus(key string, crt *cmapi.Certificate) { +func (m *Metrics) updateCertificateStatus(crt *cmapi.Certificate) { for _, c := range crt.Status.Conditions { if c.Type == cmapi.CertificateConditionReady { m.updateCertificateReadyStatus(crt, c.Status) diff --git a/pkg/metrics/certificates_test.go b/pkg/metrics/certificates_test.go index e530a4395a4..835d36554aa 100644 --- a/pkg/metrics/certificates_test.go +++ b/pkg/metrics/certificates_test.go @@ -17,7 +17,6 @@ limitations under the License. package metrics import ( - "context" "strings" "testing" "time" @@ -195,7 +194,7 @@ func TestCertificateMetrics(t *testing.T) { for n, test := range tests { t.Run(n, func(t *testing.T) { m := New(logtesting.NewTestLogger(t), clock.RealClock{}) - m.UpdateCertificate(context.TODO(), test.crt) + m.UpdateCertificate(test.crt) if err := testutil.CollectAndCompare(m.certificateExpiryTimeSeconds, strings.NewReader(expiryMetadata+test.expectedExpiry), @@ -279,9 +278,9 @@ func TestCertificateCache(t *testing.T) { ) // Observe all three Certificate metrics - m.UpdateCertificate(context.TODO(), crt1) - m.UpdateCertificate(context.TODO(), crt2) - m.UpdateCertificate(context.TODO(), crt3) + m.UpdateCertificate(crt1) + m.UpdateCertificate(crt2) + m.UpdateCertificate(crt3) // Check all three metrics exist if err := testutil.CollectAndCompare(m.certificateReadyStatus, diff --git a/pkg/util/pki/certificatetemplate_test.go b/pkg/util/pki/certificatetemplate_test.go index ded264a9c82..b97dfb057bb 100644 --- a/pkg/util/pki/certificatetemplate_test.go +++ b/pkg/util/pki/certificatetemplate_test.go @@ -36,7 +36,7 @@ func TestCertificateTemplateFromCSR(t *testing.T) { sansGenerator := func(t *testing.T, generalNames []asn1.RawValue, critical bool) pkix.Extension { val, err := asn1.Marshal(generalNames) if err != nil { - panic(err) + t.Fatal(err) } return pkix.Extension{ diff --git a/pkg/util/pki/csr_test.go b/pkg/util/pki/csr_test.go index 03364962979..9fb1078d642 100644 --- a/pkg/util/pki/csr_test.go +++ b/pkg/util/pki/csr_test.go @@ -379,7 +379,7 @@ func TestGenerateCSR(t *testing.T) { sansGenerator := func(t *testing.T, generalNames []asn1.RawValue, critical bool) pkix.Extension { val, err := asn1.Marshal(generalNames) if err != nil { - panic(err) + t.Fatal(err) } return pkix.Extension{ diff --git a/pkg/util/pki/kube_test.go b/pkg/util/pki/kube_test.go index 089bebeaa6c..c5d8ba88e43 100644 --- a/pkg/util/pki/kube_test.go +++ b/pkg/util/pki/kube_test.go @@ -42,7 +42,7 @@ func TestCertificateTemplateFromCertificateSigningRequest(t *testing.T) { val, err := asn1.Marshal(generalNames) if err != nil { - panic(err) + t.Fatal(err) } return pkix.Extension{ diff --git a/pkg/util/pki/match.go b/pkg/util/pki/match.go index 0b4537ef2df..9f07d05930e 100644 --- a/pkg/util/pki/match.go +++ b/pkg/util/pki/match.go @@ -47,7 +47,7 @@ func PrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec) ([] case "", cmapi.RSAKeyAlgorithm: return rsaPrivateKeyMatchesSpec(pk, spec) case cmapi.Ed25519KeyAlgorithm: - return ed25519PrivateKeyMatchesSpec(pk, spec) + return ed25519PrivateKeyMatchesSpec(pk) case cmapi.ECDSAKeyAlgorithm: return ecdsaPrivateKeyMatchesSpec(pk, spec) default: @@ -97,7 +97,7 @@ func ecdsaPrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec return violations, nil } -func ed25519PrivateKeyMatchesSpec(pk crypto.PrivateKey, spec cmapi.CertificateSpec) ([]string, error) { +func ed25519PrivateKeyMatchesSpec(pk crypto.PrivateKey) ([]string, error) { _, ok := pk.(ed25519.PrivateKey) if !ok { return []string{"spec.privateKey.algorithm"}, nil diff --git a/pkg/util/util_test.go b/pkg/util/util_test.go index b73db617bf4..cbc708e3583 100644 --- a/pkg/util/util_test.go +++ b/pkg/util/util_test.go @@ -129,8 +129,8 @@ func TestEqualIPsUnsorted(t *testing.T) { } for name, spec := range specs { - s1 := parseIPs(t, spec.s1) - s2 := parseIPs(t, spec.s2) + s1 := parseIPs(spec.s1) + s2 := parseIPs(spec.s2) t.Run(name, func(t *testing.T) { got := EqualIPsUnsorted(s1, s2) @@ -244,7 +244,7 @@ func parseURLs(t *testing.T, urlStrs []string) []*url.URL { return urls } -func parseIPs(t *testing.T, ipStrs []string) []net.IP { +func parseIPs(ipStrs []string) []net.IP { var ips []net.IP for _, i := range ipStrs { diff --git a/test/e2e/framework/addon/vault/vault.go b/test/e2e/framework/addon/vault/vault.go index be07e5ccd75..8dfd485882d 100644 --- a/test/e2e/framework/addon/vault/vault.go +++ b/test/e2e/framework/addon/vault/vault.go @@ -287,15 +287,9 @@ func (v *Vault) Setup(cfg *config.Config, leaderData ...internal.AddonTransferab } v.details.VaultCA = vaultCA - v.vaultCert, v.vaultCertPrivateKey, err = generateVaultServingCert(vaultCA, vaultCAPrivateKey, dnsName) - if err != nil { - return nil, err - } + v.vaultCert, v.vaultCertPrivateKey = generateVaultServingCert(vaultCA, vaultCAPrivateKey, dnsName) - vaultClientCertificate, vaultClientPrivateKey, err := generateVaultClientCert(vaultCA, vaultCAPrivateKey) - if err != nil { - return nil, err - } + vaultClientCertificate, vaultClientPrivateKey := generateVaultClientCert(vaultCA, vaultCAPrivateKey) v.details.VaultClientCertificate = vaultClientCertificate v.details.VaultClientPrivateKey = vaultClientPrivateKey v.details.EnforceMtls = v.EnforceMtls @@ -447,7 +441,7 @@ func (v *Vault) Logs() (map[string]string, error) { return v.chart.Logs() } -func generateVaultServingCert(vaultCA []byte, vaultCAPrivateKey []byte, dnsName string) ([]byte, []byte, error) { +func generateVaultServingCert(vaultCA []byte, vaultCAPrivateKey []byte, dnsName string) ([]byte, []byte) { catls, _ := tls.X509KeyPair(vaultCA, vaultCAPrivateKey) ca, _ := x509.ParseCertificate(catls.Certificate[0]) @@ -470,10 +464,10 @@ func generateVaultServingCert(vaultCA []byte, vaultCAPrivateKey []byte, dnsName privateKey, _ := rsa.GenerateKey(rand.Reader, 2048) certBytes, _ := x509.CreateCertificate(rand.Reader, cert, ca, &privateKey.PublicKey, catls.PrivateKey) - return encodePublicKey(certBytes), encodePrivateKey(privateKey), nil + return encodePublicKey(certBytes), encodePrivateKey(privateKey) } -func generateVaultClientCert(vaultCA []byte, vaultCAPrivateKey []byte) ([]byte, []byte, error) { +func generateVaultClientCert(vaultCA []byte, vaultCAPrivateKey []byte) ([]byte, []byte) { catls, _ := tls.X509KeyPair(vaultCA, vaultCAPrivateKey) ca, _ := x509.ParseCertificate(catls.Certificate[0]) @@ -494,7 +488,7 @@ func generateVaultClientCert(vaultCA []byte, vaultCAPrivateKey []byte) ([]byte, privateKey, _ := rsa.GenerateKey(rand.Reader, 2048) certBytes, _ := x509.CreateCertificate(rand.Reader, cert, ca, &privateKey.PublicKey, catls.PrivateKey) - return encodePublicKey(certBytes), encodePrivateKey(privateKey), nil + return encodePublicKey(certBytes), encodePrivateKey(privateKey) } func GenerateCA() ([]byte, []byte, error) { diff --git a/test/e2e/suite/certificaterequests/approval/approval.go b/test/e2e/suite/certificaterequests/approval/approval.go index 17342525618..70db251f990 100644 --- a/test/e2e/suite/certificaterequests/approval/approval.go +++ b/test/e2e/suite/certificaterequests/approval/approval.go @@ -28,6 +28,7 @@ import ( crdapi "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" crdclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/rand" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/util/retry" @@ -54,9 +55,10 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { saclient clientset.Interface request *cmapi.CertificateRequest - crd *crdapi.CustomResourceDefinition - crdclient crdclientset.Interface - group string + crd *crdapi.CustomResourceDefinition + crdclient crdclientset.Interface + issuerKind string + group string ) // isNotFoundError returns true if an error from the cert-manager admission @@ -107,6 +109,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { var err error crdclient, err = crdclientset.NewForConfig(f.KubeClientConfig) Expect(err).NotTo(HaveOccurred()) + issuerKind = fmt.Sprintf("Issuer%s", rand.String(5)) group = e2eutil.RandomSubdomain("example.io") sa, err = f.KubeClientSet.CoreV1().ServiceAccounts(f.Namespace.Name).Create(context.TODO(), &corev1.ServiceAccount{ @@ -215,7 +218,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { gen.SetCertificateRequestCSR(csr), gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{ Name: "test-issuer", - Kind: "Issuer", + Kind: issuerKind, Group: group, }), ) @@ -240,7 +243,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("attempting to approve a certificate request without the approve permission should error", func() { - createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped) + createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped) approvedCR := request.DeepCopy() apiutil.SetCertificateRequestCondition(approvedCR, cmapi.CertificateRequestConditionApproved, cmmeta.ConditionTrue, "cert-manager.io", "e2e") err := retry.OnError(retry.DefaultBackoff, retryOnNotFound(approvedCR.Spec.IssuerRef), func() error { @@ -251,7 +254,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("attempting to deny a certificate request without the approve permission should error", func() { - createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped) + createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped) deniedCR := request.DeepCopy() apiutil.SetCertificateRequestCondition(deniedCR, cmapi.CertificateRequestConditionDenied, cmmeta.ConditionTrue, "cert-manager.io", "e2e") err := retry.OnError(retry.DefaultBackoff, retryOnNotFound(deniedCR.Spec.IssuerRef), func() error { @@ -293,7 +296,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("a service account with the approve permissions for cluster scoped issuers.example.io/* should be able to approve requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/*", group)) approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -306,7 +309,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("a service account with the approve permissions for cluster scoped issuers.example.io/* should be able to deny requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/*", group)) deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -319,7 +322,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("a service account with the approve permissions for cluster scoped issuers.example.io/test-issuer should be able to approve requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/test-issuer", group)) approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -331,8 +334,21 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { })).ToNot(HaveOccurred()) }) + It("a service account with the approve permissions for cluster scoped clusterissuers.example.io/test-issuer should be able to approve requests", func() { + crd = createCRD(crdclient, group, "clusterissuers", issuerKind, crdapi.ClusterScoped) + bindServiceAccountToApprove(f, sa, fmt.Sprintf("clusterissuers.%s/test-issuer", group)) + + approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) + Expect(err).NotTo(HaveOccurred()) + apiutil.SetCertificateRequestCondition(approvedCR, cmapi.CertificateRequestConditionApproved, cmmeta.ConditionTrue, "cert-manager.io", "e2e") + Expect(retry.OnError(retry.DefaultBackoff, retryOnNotFound(approvedCR.Spec.IssuerRef), func() error { + _, err = saclient.CertmanagerV1().CertificateRequests(f.Namespace.Name).UpdateStatus(context.TODO(), approvedCR, metav1.UpdateOptions{}) + return err + })).ToNot(HaveOccurred()) + }) + It("a service account with the approve permissions for cluster scoped issuers.example.io/.test-issuer should not be able to approve requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/%s.test-issuer", f.Namespace.Name, group)) approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -346,7 +362,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("a service account with the approve permissions for namespaced scoped issuers.example.io/.test-issuer should be able to approve requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/%s.test-issuer", group, f.Namespace.Name)) approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -359,7 +375,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("a service account with the approve permissions for namespaced scoped issuers.example.io/test-issuer should not be able to approve requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/test-issuer", group)) approvedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -375,7 +391,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { // It("a service account with the approve permissions for cluster scoped issuers.example.io/test-issuer should be able to deny requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/test-issuer", group)) deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -388,7 +404,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("a service account with the approve permissions for cluster scoped issuers.example.io/.test-issuer should not be able to deny requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.ClusterScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.ClusterScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/%s.test-issuer", f.Namespace.Name, group)) deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -402,7 +418,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("a service account with the approve permissions for namespaced scoped issuers.example.io/.test-issuer should be able to deny requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/%s.test-issuer", group, f.Namespace.Name)) deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) @@ -415,7 +431,7 @@ var _ = framework.CertManagerDescribe("Approval CertificateRequests", func() { }) It("a service account with the approve permissions for namespaced scoped issuers.example.io/test-issuer should not be able to denied requests", func() { - crd = createCRD(crdclient, group, "issuers", "Issuer", crdapi.NamespaceScoped) + crd = createCRD(crdclient, group, "issuers", issuerKind, crdapi.NamespaceScoped) bindServiceAccountToApprove(f, sa, fmt.Sprintf("issuers.%s/test-issuer", group)) deniedCR, err := f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Get(context.TODO(), request.Name, metav1.GetOptions{}) diff --git a/test/e2e/suite/conformance/certificates/vault/vault_approle.go b/test/e2e/suite/conformance/certificates/vault/vault_approle.go index c6d64962f44..a37525d1d07 100644 --- a/test/e2e/suite/conformance/certificates/vault/vault_approle.go +++ b/test/e2e/suite/conformance/certificates/vault/vault_approle.go @@ -91,7 +91,7 @@ func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.Ob appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole Issuer") - v.vaultSecrets = v.initVault(f) + v.vaultSecrets = v.initVault() sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") @@ -103,7 +103,7 @@ func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.Ob ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, - Spec: v.createIssuerSpec(f), + Spec: v.createIssuerSpec(), }, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create vault issuer") @@ -123,7 +123,7 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole ClusterIssuer") - v.vaultSecrets = v.initVault(f) + v.vaultSecrets = v.initVault() sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") @@ -135,7 +135,7 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-cluster-issuer-", }, - Spec: v.createIssuerSpec(f), + Spec: v.createIssuerSpec(), }, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create vault issuer") @@ -151,7 +151,7 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm } } -func (v *vaultAppRoleProvisioner) initVault(f *framework.Framework) *vaultSecrets { +func (v *vaultAppRoleProvisioner) initVault() *vaultSecrets { By("Configuring the VaultAppRole server") v.setup = vault.NewVaultInitializerAppRole( addon.Base.Details().KubeClient, @@ -170,7 +170,7 @@ func (v *vaultAppRoleProvisioner) initVault(f *framework.Framework) *vaultSecret } } -func (v *vaultAppRoleProvisioner) createIssuerSpec(f *framework.Framework) cmapi.IssuerSpec { +func (v *vaultAppRoleProvisioner) createIssuerSpec() cmapi.IssuerSpec { return cmapi.IssuerSpec{ IssuerConfig: cmapi.IssuerConfig{ Vault: &cmapi.VaultIssuer{ diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go index f4cd90b8fa9..fce7e554df7 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go @@ -123,7 +123,7 @@ func (a *approle) createIssuer(f *framework.Framework) string { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole Issuer") - a.secrets = a.initVault(f) + a.secrets = a.initVault() sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") @@ -135,7 +135,7 @@ func (a *approle) createIssuer(f *framework.Framework) string { ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, - Spec: a.createIssuerSpec(f), + Spec: a.createIssuerSpec(), }, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create vault issuer") @@ -151,7 +151,7 @@ func (a *approle) createClusterIssuer(f *framework.Framework) string { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole ClusterIssuer") - a.secrets = a.initVault(f) + a.secrets = a.initVault() sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") @@ -163,7 +163,7 @@ func (a *approle) createClusterIssuer(f *framework.Framework) string { ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-cluster-issuer-", }, - Spec: a.createIssuerSpec(f), + Spec: a.createIssuerSpec(), }, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create vault issuer") @@ -175,7 +175,7 @@ func (a *approle) createClusterIssuer(f *framework.Framework) string { return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func (a *approle) initVault(f *framework.Framework) *secrets { +func (a *approle) initVault() *secrets { By("Configuring the VaultAppRole server") a.setup = vault.NewVaultInitializerAppRole( addon.Base.Details().KubeClient, @@ -194,7 +194,7 @@ func (a *approle) initVault(f *framework.Framework) *secrets { } } -func (a *approle) createIssuerSpec(f *framework.Framework) cmapi.IssuerSpec { +func (a *approle) createIssuerSpec() cmapi.IssuerSpec { return cmapi.IssuerSpec{ IssuerConfig: cmapi.IssuerConfig{ Vault: &cmapi.VaultIssuer{ diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go index d98437ca76c..d0dab692b1f 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go @@ -82,7 +82,7 @@ func (k *kubernetes) createIssuer(f *framework.Framework) string { GenerateName: "vault-issuer-", Namespace: f.Namespace.Name, }, - Spec: k.issuerSpec(f), + Spec: k.issuerSpec(), }, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -102,7 +102,7 @@ func (k *kubernetes) createClusterIssuer(f *framework.Framework) string { ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, - Spec: k.issuerSpec(f), + Spec: k.issuerSpec(), }, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -150,7 +150,7 @@ func (k *kubernetes) initVault(f *framework.Framework, boundNS string) { Expect(err).NotTo(HaveOccurred()) } -func (k *kubernetes) issuerSpec(f *framework.Framework) cmapi.IssuerSpec { +func (k *kubernetes) issuerSpec() cmapi.IssuerSpec { return cmapi.IssuerSpec{ IssuerConfig: cmapi.IssuerConfig{ Vault: &cmapi.VaultIssuer{ diff --git a/test/integration/certificates/trigger_controller_test.go b/test/integration/certificates/trigger_controller_test.go index 10dc9c526fb..c7a80866fc2 100644 --- a/test/integration/certificates/trigger_controller_test.go +++ b/test/integration/certificates/trigger_controller_test.go @@ -60,7 +60,7 @@ func TestTriggerController(t *testing.T) { // Build, instantiate and run the trigger controller. kubeClient, factory, cmCl, cmFactory, scheme := framework.NewClients(t, config) - namespace := "testns" + namespace := "testns-trigger" // Create Namespace ns := &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}} @@ -96,7 +96,7 @@ func TestTriggerController(t *testing.T) { // Create a Certificate resource and wait for it to have the 'Issuing' condition. cert, err := cmCl.CertmanagerV1().Certificates(namespace).Create(ctx, &cmapi.Certificate{ - ObjectMeta: metav1.ObjectMeta{Name: "testcrt", Namespace: "testns"}, + ObjectMeta: metav1.ObjectMeta{Name: "testcrt", Namespace: namespace}, Spec: cmapi.CertificateSpec{ SecretName: "example", CommonName: "example.com", @@ -125,7 +125,7 @@ func TestTriggerController_RenewNearExpiry(t *testing.T) { // Build, instantiate and run the trigger controller. kubeClient, factory, cmCl, cmFactory, scheme := framework.NewClients(t, config) - namespace := "testns" + namespace := "testns-renew-near-expiry" secretName := "example" certName := "testcrt" @@ -247,7 +247,7 @@ func TestTriggerController_ExpBackoff(t *testing.T) { // Build, instantiate and run the trigger controller. kubeClient, factory, cmCl, cmFactory, scheme := framework.NewClients(t, config) - namespace := "testns" + namespace := "testns-expbackoff" secretName := "example" certName := "testcrt" From 6fc803487067582a5e7066621d18f0cd265aa725 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 19:56:42 +0200 Subject: [PATCH 095/177] fix tenv linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/issuer/acme/dns/clouddns/clouddns_test.go | 13 ++----- .../acme/dns/cloudflare/cloudflare_test.go | 30 +++++--------- .../dns/digitalocean/digitalocean_test.go | 13 ++----- pkg/issuer/acme/dns/route53/route53_test.go | 39 ++++--------------- 5 files changed, 24 insertions(+), 72 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 6c784289521..321093a0084 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -6,7 +6,6 @@ issues: - contextcheck - promlinter - errname - - tenv - exhaustive - nilerr - interfacebloat diff --git a/pkg/issuer/acme/dns/clouddns/clouddns_test.go b/pkg/issuer/acme/dns/clouddns/clouddns_test.go index 46dea1624f8..7c2591c3bb5 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns_test.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns_test.go @@ -36,35 +36,28 @@ func init() { } } -func restoreGCloudEnv() { - os.Setenv("GCE_PROJECT", gcloudProject) -} - func TestNewDNSProviderValid(t *testing.T) { if !gcloudLiveTest { t.Skip("skipping live test (requires credentials)") } - os.Setenv("GCE_PROJECT", "") + t.Setenv("GCE_PROJECT", "") _, err := NewDNSProviderCredentials("my-project", util.RecursiveNameservers, "") assert.NoError(t, err) - restoreGCloudEnv() } func TestNewDNSProviderValidEnv(t *testing.T) { if !gcloudLiveTest { t.Skip("skipping live test (requires credentials)") } - os.Setenv("GCE_PROJECT", "my-project") + t.Setenv("GCE_PROJECT", "my-project") _, err := NewDNSProviderEnvironment(util.RecursiveNameservers, "") assert.NoError(t, err) - restoreGCloudEnv() } func TestNewDNSProviderMissingCredErr(t *testing.T) { - os.Setenv("GCE_PROJECT", "") + t.Setenv("GCE_PROJECT", "") _, err := NewDNSProviderEnvironment(util.RecursiveNameservers, "") assert.EqualError(t, err, "Google Cloud project name missing") - restoreGCloudEnv() } func TestLiveGoogleCloudPresent(t *testing.T) { diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go b/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go index 5cbeaaaefc2..9f6b37d7f0c 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go @@ -50,49 +50,39 @@ func init() { } } -func restoreCloudFlareEnv() { - os.Setenv("CLOUDFLARE_EMAIL", cflareEmail) - os.Setenv("CLOUDFLARE_API_KEY", cflareAPIKey) -} - func TestNewDNSProviderValidAPIKey(t *testing.T) { - os.Setenv("CLOUDFLARE_EMAIL", "") - os.Setenv("CLOUDFLARE_API_KEY", "") + t.Setenv("CLOUDFLARE_EMAIL", "") + t.Setenv("CLOUDFLARE_API_KEY", "") _, err := NewDNSProviderCredentials("123", "123", "", util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - restoreCloudFlareEnv() } func TestNewDNSProviderValidAPIToken(t *testing.T) { - os.Setenv("CLOUDFLARE_EMAIL", "") - os.Setenv("CLOUDFLARE_API_KEY", "") + t.Setenv("CLOUDFLARE_EMAIL", "") + t.Setenv("CLOUDFLARE_API_KEY", "") _, err := NewDNSProviderCredentials("123", "", "123", util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - restoreCloudFlareEnv() } func TestNewDNSProviderKeyAndTokenProvided(t *testing.T) { - os.Setenv("CLOUDFLARE_EMAIL", "") - os.Setenv("CLOUDFLARE_API_KEY", "") + t.Setenv("CLOUDFLARE_EMAIL", "") + t.Setenv("CLOUDFLARE_API_KEY", "") _, err := NewDNSProviderCredentials("123", "123", "123", util.RecursiveNameservers, "cert-manager-test") assert.EqualError(t, err, "the Cloudflare API key and API token cannot be both present simultaneously") - restoreCloudFlareEnv() } func TestNewDNSProviderValidApiKeyEnv(t *testing.T) { - os.Setenv("CLOUDFLARE_EMAIL", "test@example.com") - os.Setenv("CLOUDFLARE_API_KEY", "123") + t.Setenv("CLOUDFLARE_EMAIL", "test@example.com") + t.Setenv("CLOUDFLARE_API_KEY", "123") _, err := NewDNSProvider(util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - restoreCloudFlareEnv() } func TestNewDNSProviderMissingCredErr(t *testing.T) { - os.Setenv("CLOUDFLARE_EMAIL", "") - os.Setenv("CLOUDFLARE_API_KEY", "") + t.Setenv("CLOUDFLARE_EMAIL", "") + t.Setenv("CLOUDFLARE_API_KEY", "") _, err := NewDNSProvider(util.RecursiveNameservers, "cert-manager-test") assert.EqualError(t, err, "no Cloudflare credential has been given (can be either an API key or an API token)") - restoreCloudFlareEnv() } func TestFindNearestZoneForFQDN(t *testing.T) { diff --git a/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go b/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go index 4a8d6b1755c..2f2e8aecf9d 100644 --- a/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go +++ b/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go @@ -40,29 +40,22 @@ func init() { } } -func restoreEnv() { - os.Setenv("DIGITALOCEAN_TOKEN", doToken) -} - func TestNewDNSProviderValid(t *testing.T) { - os.Setenv("DIGITALOCEAN_TOKEN", "") + t.Setenv("DIGITALOCEAN_TOKEN", "") _, err := NewDNSProviderCredentials("123", util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - restoreEnv() } func TestNewDNSProviderValidEnv(t *testing.T) { - os.Setenv("DIGITALOCEAN_TOKEN", "123") + t.Setenv("DIGITALOCEAN_TOKEN", "123") _, err := NewDNSProvider(util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - restoreEnv() } func TestNewDNSProviderMissingCredErr(t *testing.T) { - os.Setenv("DIGITALOCEAN_TOKEN", "") + t.Setenv("DIGITALOCEAN_TOKEN", "") _, err := NewDNSProvider(util.RecursiveNameservers, "cert-manager-test") assert.EqualError(t, err, "DigitalOcean token missing") - restoreEnv() } func TestDigitalOceanPresent(t *testing.T) { diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index 94e0c560975..89cc41627fe 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -14,7 +14,6 @@ import ( "fmt" "net/http" "net/http/httptest" - "os" "testing" "github.com/aws/aws-sdk-go-v2/aws" @@ -33,24 +32,6 @@ import ( logf "github.com/cert-manager/cert-manager/pkg/logs" ) -var ( - route53Secret string - route53Key string - route53Region string -) - -func init() { - route53Key = os.Getenv("AWS_ACCESS_KEY_ID") - route53Secret = os.Getenv("AWS_SECRET_ACCESS_KEY") - route53Region = os.Getenv("AWS_REGION") -} - -func restoreRoute53Env() { - os.Setenv("AWS_ACCESS_KEY_ID", route53Key) - os.Setenv("AWS_SECRET_ACCESS_KEY", route53Secret) - os.Setenv("AWS_REGION", route53Region) -} - func makeRoute53Provider(ts *httptest.Server) (*DNSProvider, error) { cfg, err := config.LoadDefaultConfig( context.TODO(), @@ -73,10 +54,9 @@ func makeRoute53Provider(ts *httptest.Server) (*DNSProvider, error) { } func TestAmbientCredentialsFromEnv(t *testing.T) { - os.Setenv("AWS_ACCESS_KEY_ID", "123") - os.Setenv("AWS_SECRET_ACCESS_KEY", "123") - os.Setenv("AWS_REGION", "us-east-1") - defer restoreRoute53Env() + t.Setenv("AWS_ACCESS_KEY_ID", "123") + t.Setenv("AWS_SECRET_ACCESS_KEY", "123") + t.Setenv("AWS_REGION", "us-east-1") provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") @@ -88,18 +68,16 @@ func TestAmbientCredentialsFromEnv(t *testing.T) { } func TestNoCredentialsFromEnv(t *testing.T) { - os.Setenv("AWS_ACCESS_KEY_ID", "123") - os.Setenv("AWS_SECRET_ACCESS_KEY", "123") - os.Setenv("AWS_REGION", "us-east-1") - defer restoreRoute53Env() + t.Setenv("AWS_ACCESS_KEY_ID", "123") + t.Setenv("AWS_SECRET_ACCESS_KEY", "123") + t.Setenv("AWS_REGION", "us-east-1") _, err := NewDNSProvider("", "", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.Error(t, err, "Expected error constructing DNSProvider with no credentials and not ambient") } func TestAmbientRegionFromEnv(t *testing.T) { - os.Setenv("AWS_REGION", "us-east-1") - defer restoreRoute53Env() + t.Setenv("AWS_REGION", "us-east-1") provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") @@ -108,8 +86,7 @@ func TestAmbientRegionFromEnv(t *testing.T) { } func TestNoRegionFromEnv(t *testing.T) { - os.Setenv("AWS_REGION", "us-east-1") - defer restoreRoute53Env() + t.Setenv("AWS_REGION", "us-east-1") provider, err := NewDNSProvider("marx", "swordfish", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") From f96d31e465551a79dfe6494a457dfc601276effa Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 29 Apr 2024 20:00:01 +0200 Subject: [PATCH 096/177] fix exportloopref linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - .../generates_new_private_key_per_request_test.go | 8 ++++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 321093a0084..06eb16dc5f3 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -13,7 +13,6 @@ issues: - nilnil - nakedret - musttag - - exportloopref - gomoddirectives text: ".*" - linters: diff --git a/test/integration/certificates/generates_new_private_key_per_request_test.go b/test/integration/certificates/generates_new_private_key_per_request_test.go index 2a05bbec7ff..97058529b27 100644 --- a/test/integration/certificates/generates_new_private_key_per_request_test.go +++ b/test/integration/certificates/generates_new_private_key_per_request_test.go @@ -136,7 +136,7 @@ func TestGeneratesNewPrivateKeyIfMarkedInvalidRequest(t *testing.T) { t.Fatalf("failed to update certificate: %v", err) } - var secondReq *cmapi.CertificateRequest + var secondReq cmapi.CertificateRequest if err := wait.PollUntilContextTimeout(ctx, time.Millisecond*500, time.Second*10, true, func(ctx context.Context) (bool, error) { reqs, err := cmCl.CertmanagerV1().CertificateRequests(namespace).List(ctx, metav1.ListOptions{}) if err != nil { @@ -151,7 +151,7 @@ func TestGeneratesNewPrivateKeyIfMarkedInvalidRequest(t *testing.T) { continue } - secondReq = &req // #nosec G601 -- False positive. See https://github.com/golang/go/discussions/56010 + secondReq = req return true, nil } @@ -273,7 +273,7 @@ func TestGeneratesNewPrivateKeyPerRequest(t *testing.T) { t.Fatalf("failed to update certificate: %v", err) } - var secondReq *cmapi.CertificateRequest + var secondReq cmapi.CertificateRequest if err := wait.PollUntilContextTimeout(ctx, time.Millisecond*500, time.Second*10, true, func(ctx context.Context) (bool, error) { reqs, err := cmCl.CertmanagerV1().CertificateRequests(namespace).List(ctx, metav1.ListOptions{}) if err != nil { @@ -288,7 +288,7 @@ func TestGeneratesNewPrivateKeyPerRequest(t *testing.T) { continue } - secondReq = &req // #nosec G601 -- False positive. See https://github.com/golang/go/discussions/56010 + secondReq = req return true, nil } From 94acaa57d2cc4dceb9c3ec7a491bf811c5582a3b Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Tue, 30 Apr 2024 12:09:45 +0000 Subject: [PATCH 097/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- .golangci.yaml | 2 -- klone.yaml | 14 +++++++------- make/_shared/go/.golangci.override.yaml | 2 -- make/_shared/tools/util/lock.sh | 6 ++---- 4 files changed, 9 insertions(+), 15 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 06eb16dc5f3..73c76c4c2d8 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -51,8 +51,6 @@ linters: - gocritic - gofmt - goheader - - gomoddirectives - - gomodguard - goprintffuncname - gosec - gosimple diff --git a/klone.yaml b/klone.yaml index e0a375fcf6b..1fcd9958d67 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: f053c2c92459763f424280dde8190aae674743b9 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: f053c2c92459763f424280dde8190aae674743b9 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: f053c2c92459763f424280dde8190aae674743b9 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: f053c2c92459763f424280dde8190aae674743b9 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: f053c2c92459763f424280dde8190aae674743b9 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: f053c2c92459763f424280dde8190aae674743b9 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b4ffe01c4471ab7ff0ba129bb455445b38ca1221 + repo_hash: f053c2c92459763f424280dde8190aae674743b9 repo_path: modules/tools diff --git a/make/_shared/go/.golangci.override.yaml b/make/_shared/go/.golangci.override.yaml index e569eff7209..86c23375f36 100644 --- a/make/_shared/go/.golangci.override.yaml +++ b/make/_shared/go/.golangci.override.yaml @@ -25,8 +25,6 @@ linters: - gocritic - gofmt - goheader - - gomoddirectives - - gomodguard - goprintffuncname - gosec - gosimple diff --git a/make/_shared/tools/util/lock.sh b/make/_shared/tools/util/lock.sh index d3c437ef2c2..22564f7c10d 100755 --- a/make/_shared/tools/util/lock.sh +++ b/make/_shared/tools/util/lock.sh @@ -28,8 +28,6 @@ set -o pipefail finalfile="$1" lockfile="$finalfile.lock" -# Timeout in seconds. -timeout=60 # On OSX, flock is not installed, we just skip locking in that case, # this means that running verify in parallel without downloading all @@ -42,8 +40,8 @@ if [[ "$flock_installed" == "yes" ]]; then exec {FD}<>"$lockfile" # wait for the file to be unlocked - if ! flock -x -w $timeout $FD; then - echo "Failed to obtain a lock for $lockfile within $timeout seconds" + if ! flock -x $FD; then + echo "Failed to obtain a lock for $lockfile" exit 1 fi fi From ffcf0640926dbdc4fc7b7784b660ee5cd1434297 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Wed, 1 May 2024 11:15:38 +0100 Subject: [PATCH 098/177] fix typo Signed-off-by: Ashley Davis --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 29f1d49799c..9d5705349e7 100644 --- a/README.md +++ b/README.md @@ -37,7 +37,7 @@ Documentation for cert-manager can be found at [cert-manager.io](https://cert-ma For the common use-case of automatically issuing TLS certificates for Ingress resources, see the [cert-manager nginx-ingress quick start guide](https://cert-manager.io/docs/tutorials/acme/nginx-ingress/). -For a more comprensive guide to issuing your first certificate, see our [getting started guide](https://cert-manager.io/docs/getting-started/). +For a more comprehensive guide to issuing your first certificate, see our [getting started guide](https://cert-manager.io/docs/getting-started/). ### Installation From dce92be1358fc83159897c23f434ff9196fa1eab Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Wed, 1 May 2024 11:15:47 +0100 Subject: [PATCH 099/177] add note on requirements for building Signed-off-by: Ashley Davis --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index 9d5705349e7..94d979e25b3 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,16 @@ For a more comprehensive guide to issuing your first certificate, see our [getti [Installation](https://cert-manager.io/docs/installation/) is documented on the website, with a variety of supported methods. +## Developing cert-manager + +We actively welcome contributions and we support both Linux and macOS environments for development. + +Different platforms have different requirements; we document everything on our [Building cert-manager](https://cert-manager.io/docs/contributing/building/) +website page. + +Note in particular that macOS has several extra requirements, to ensure that modern tools are installed and available. Read the page before +getting started! + ## Troubleshooting If you encounter any issues whilst using cert-manager, we have a number of ways to get help: From 111768ffb7d989f5b974184b9fbed28d2ba33d2f Mon Sep 17 00:00:00 2001 From: Erik Godding Boye Date: Thu, 2 May 2024 11:19:43 +0200 Subject: [PATCH 100/177] Revert removal of required feature gate gating e2e-tests Signed-off-by: Erik Godding Boye --- test/e2e/suite/certificates/additionaloutputformats.go | 2 ++ test/e2e/suite/issuers/ca/certificate.go | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/test/e2e/suite/certificates/additionaloutputformats.go b/test/e2e/suite/certificates/additionaloutputformats.go index c4f1d5ab88a..28ce4ff0140 100644 --- a/test/e2e/suite/certificates/additionaloutputformats.go +++ b/test/e2e/suite/certificates/additionaloutputformats.go @@ -51,6 +51,8 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo ) createCertificate := func(f *framework.Framework, aof []cmapi.CertificateAdditionalOutputFormat) (string, *cmapi.Certificate) { + framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats) + crt := &cmapi.Certificate{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "test-additional-output-formats-", diff --git a/test/e2e/suite/issuers/ca/certificate.go b/test/e2e/suite/issuers/ca/certificate.go index 945bfae08c3..ae8f455ffa0 100644 --- a/test/e2e/suite/issuers/ca/certificate.go +++ b/test/e2e/suite/issuers/ca/certificate.go @@ -24,8 +24,10 @@ import ( "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/util" + "github.com/cert-manager/cert-manager/internal/controller/feature" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + utilfeature "github.com/cert-manager/cert-manager/pkg/util/feature" "github.com/cert-manager/cert-manager/test/unit/gen" . "github.com/onsi/ginkgo/v2" @@ -152,6 +154,10 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { }) It("should be able to create a certificate with additional output formats", func() { + // Output formats is only enabled via this feature gate being enabled. + // Don't run test if the gate isn't enabled. + framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats) + certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Creating a Certificate") From f249cb6d1640a0df60458f80da51ca7b57f9197a Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Thu, 2 May 2024 12:29:37 +0000 Subject: [PATCH 101/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- Makefile | 9 +- klone.yaml | 14 +- make/_shared/go/01_mod.mk | 25 +- make/_shared/repository-base/base/Makefile | 9 +- make/_shared/tools/00_mod.mk | 386 +++++++++++---------- 5 files changed, 233 insertions(+), 210 deletions(-) diff --git a/Makefile b/Makefile index b1a838aaea9..6c5aa12680e 100644 --- a/Makefile +++ b/Makefile @@ -60,8 +60,10 @@ MAKECMDGOALS ?= # binary may not be available in the PATH yet when the Makefiles are # evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 # and Intel). -HOST_OS ?= $(shell uname -s | tr A-Z a-z) -HOST_ARCH ?= $(shell uname -m) +host_os := $(shell uname -s | tr A-Z a-z) +host_arch := $(shell uname -m) +HOST_OS ?= $(host_os) +HOST_ARCH ?= $(host_arch) ifeq (x86_64, $(HOST_ARCH)) HOST_ARCH = amd64 @@ -74,7 +76,8 @@ endif # Git and versioning information # ################################## -VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +git_version := $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +VERSION ?= $(git_version) IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false) GITCOMMIT := $(shell git rev-parse HEAD) GITEPOCH := $(shell git show -s --format=%ct HEAD) diff --git a/klone.yaml b/klone.yaml index 1fcd9958d67..072081f2497 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f053c2c92459763f424280dde8190aae674743b9 + repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f053c2c92459763f424280dde8190aae674743b9 + repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f053c2c92459763f424280dde8190aae674743b9 + repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f053c2c92459763f424280dde8190aae674743b9 + repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f053c2c92459763f424280dde8190aae674743b9 + repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f053c2c92459763f424280dde8190aae674743b9 + repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f053c2c92459763f424280dde8190aae674743b9 + repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea repo_path: modules/tools diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk index 70f576bf6ea..0e4d4185cae 100644 --- a/make/_shared/go/01_mod.mk +++ b/make/_shared/go/01_mod.mk @@ -46,10 +46,11 @@ shared_generate_targets += generate-govulncheck # not want new vulnerabilities in existing code to block the merging of PRs. # Instead `make verify-govulnecheck` is intended to be run periodically by a CI job. verify-govulncheck: | $(NEEDS_GOVULNCHECK) - @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ | while read d; do \ - echo "Running 'GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(bin_dir)/tools/govulncheck ./...' in directory '$${d}'"; \ - pushd "$${d}" >/dev/null; \ + target=$$(dirname $${d}); \ + echo "Running 'GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(bin_dir)/tools/govulncheck ./...' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ GOTOOLCHAIN=go$(VENDORED_GO_VERSION) $(GOVULNCHECK) ./... || exit; \ popd >/dev/null; \ echo ""; \ @@ -73,10 +74,11 @@ shared_generate_targets += generate-golangci-lint-config ## Verify all Go modules using golangci-lint ## @category [shared] Generate/ Verify verify-golangci-lint: | $(NEEDS_GO) $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/scratch - @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ | while read d; do \ - echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config)' in directory '$${d}'"; \ - pushd "$${d}" >/dev/null; \ + target=$$(dirname $${d}); \ + echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config)' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ $(GOLANGCI-LINT) run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --timeout 4m || exit; \ popd >/dev/null; \ echo ""; \ @@ -87,18 +89,19 @@ shared_verify_targets_dirty += verify-golangci-lint .PHONY: fix-golangci-lint ## Fix all Go modules using golangci-lint ## @category [shared] Generate/ Verify -fix-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(bin_dir)/scratch - gci write \ +fix-golangci-lint: | $(NEEDS_GOLANGCI-LINT) $(NEEDS_YQ) $(NEEDS_GCI) $(bin_dir)/scratch + $(GCI) write \ -s "standard" \ -s "default" \ -s "prefix($(repo_name))" \ -s "blank" \ -s "dot" . - @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) -printf '%h\n' \ + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ | while read d; do \ - echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --fix' in directory '$${d}'"; \ - pushd "$${d}" >/dev/null; \ + target=$$(dirname $${d}); \ + echo "Running '$(bin_dir)/tools/golangci-lint run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --fix' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ $(GOLANGCI-LINT) run --go $(VENDORED_GO_VERSION) -c $(CURDIR)/$(golangci_lint_config) --fix || exit; \ popd >/dev/null; \ echo ""; \ diff --git a/make/_shared/repository-base/base/Makefile b/make/_shared/repository-base/base/Makefile index b1a838aaea9..6c5aa12680e 100644 --- a/make/_shared/repository-base/base/Makefile +++ b/make/_shared/repository-base/base/Makefile @@ -60,8 +60,10 @@ MAKECMDGOALS ?= # binary may not be available in the PATH yet when the Makefiles are # evaluated. HOST_OS and HOST_ARCH only support Linux, *BSD and macOS (M1 # and Intel). -HOST_OS ?= $(shell uname -s | tr A-Z a-z) -HOST_ARCH ?= $(shell uname -m) +host_os := $(shell uname -s | tr A-Z a-z) +host_arch := $(shell uname -m) +HOST_OS ?= $(host_os) +HOST_ARCH ?= $(host_arch) ifeq (x86_64, $(HOST_ARCH)) HOST_ARCH = amd64 @@ -74,7 +76,8 @@ endif # Git and versioning information # ################################## -VERSION ?= $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +git_version := $(shell git describe --tags --always --match='v*' --abbrev=14 --dirty) +VERSION ?= $(git_version) IS_PRERELEASE := $(shell git describe --tags --always --match='v*' --abbrev=0 | grep -q '-' && echo true || echo false) GITCOMMIT := $(shell git rev-parse HEAD) GITEPOCH := $(shell git show -s --format=%ct HEAD) diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 34441df2ef7..c602dcca458 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -44,107 +44,110 @@ export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) CTR=docker -TOOLS := +tools := # https://github.com/helm/helm/releases -TOOLS += helm=v3.14.0 +tools += helm=v3.14.0 # https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl -TOOLS += kubectl=v1.29.1 +tools += kubectl=v1.29.1 # https://github.com/kubernetes-sigs/kind/releases -TOOLS += kind=v0.20.0 +tools += kind=v0.20.0 # https://www.vaultproject.io/downloads -TOOLS += vault=1.15.4 +tools += vault=1.15.4 # https://github.com/Azure/azure-workload-identity/releases -TOOLS += azwi=v1.2.0 +tools += azwi=v1.2.0 # https://github.com/kyverno/kyverno/releases -TOOLS += kyverno=v1.11.3 +tools += kyverno=v1.11.3 # https://github.com/mikefarah/yq/releases -TOOLS += yq=v4.43.1 +tools += yq=v4.43.1 # https://github.com/ko-build/ko/releases -TOOLS += ko=0.15.1 +tools += ko=0.15.1 # https://github.com/protocolbuffers/protobuf/releases -TOOLS += protoc=25.2 +tools += protoc=25.2 # https://github.com/aquasecurity/trivy/releases -TOOLS += trivy=v0.45.0 +tools += trivy=v0.45.0 # https://github.com/vmware-tanzu/carvel-ytt/releases -TOOLS += ytt=v0.45.4 +tools += ytt=v0.45.4 # https://github.com/rclone/rclone/releases -TOOLS += rclone=v1.64.0 +tools += rclone=v1.64.0 ### go packages # https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions -TOOLS += controller-gen=v0.14.0 +tools += controller-gen=v0.14.0 # https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions -TOOLS += goimports=v0.17.0 +tools += goimports=v0.17.0 # https://pkg.go.dev/github.com/google/go-licenses/licenses?tab=versions -TOOLS += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5 +tools += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5 # https://pkg.go.dev/gotest.tools/gotestsum?tab=versions -TOOLS += gotestsum=v1.11.0 +tools += gotestsum=v1.11.0 # https://pkg.go.dev/sigs.k8s.io/kustomize/kustomize/v4?tab=versions -TOOLS += kustomize=v4.5.7 +tools += kustomize=v4.5.7 # https://pkg.go.dev/github.com/itchyny/gojq?tab=versions -TOOLS += gojq=v0.12.14 +tools += gojq=v0.12.14 # https://pkg.go.dev/github.com/google/go-containerregistry/pkg/crane?tab=versions -TOOLS += crane=v0.18.0 +tools += crane=v0.18.0 # https://pkg.go.dev/google.golang.org/protobuf/cmd/protoc-gen-go?tab=versions -TOOLS += protoc-gen-go=v1.32.0 +tools += protoc-gen-go=v1.32.0 # https://pkg.go.dev/github.com/norwoodj/helm-docs/cmd/helm-docs?tab=versions -TOOLS += helm-docs=v1.12.0 +tools += helm-docs=v1.12.0 # https://pkg.go.dev/github.com/sigstore/cosign/v2/cmd/cosign?tab=versions -TOOLS += cosign=v2.2.2 +tools += cosign=v2.2.2 # https://pkg.go.dev/github.com/cert-manager/boilersuite?tab=versions -TOOLS += boilersuite=v0.1.0 +tools += boilersuite=v0.1.0 # https://pkg.go.dev/github.com/princjef/gomarkdoc/cmd/gomarkdoc?tab=versions -TOOLS += gomarkdoc=v1.1.0 +tools += gomarkdoc=v1.1.0 # https://pkg.go.dev/oras.land/oras/cmd/oras?tab=versions -TOOLS += oras=v1.1.0 +tools += oras=v1.1.0 # https://pkg.go.dev/github.com/onsi/ginkgo/v2/ginkgo?tab=versions # The gingko version should be kept in sync with the version used in code. # If there is no go.mod file (which is only the case for the makefile-modules # repo), then we default to a version that we know exists. We have to do this # because otherwise the awk failure renders the whole makefile unusable. -TOOLS += ginkgo=$(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2") +detected_ginkgo_version := $(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2") +tools += ginkgo=$(detected_ginkgo_version) # https://pkg.go.dev/github.com/cert-manager/klone?tab=versions -TOOLS += klone=v0.0.4 +tools += klone=v0.0.4 # https://pkg.go.dev/github.com/goreleaser/goreleaser?tab=versions -TOOLS += goreleaser=v1.23.0 +tools += goreleaser=v1.23.0 # https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions -TOOLS += syft=v0.100.0 +tools += syft=v0.100.0 # https://github.com/cert-manager/helm-tool -TOOLS += helm-tool=v0.4.2 +tools += helm-tool=v0.4.2 # https://github.com/cert-manager/cmctl -TOOLS += cmctl=2f75014a7c360c319f8c7c8afe8e9ce33fe26dca +tools += cmctl=2f75014a7c360c319f8c7c8afe8e9ce33fe26dca # https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions -TOOLS += cmrel=84daedb44d61d25582e22eca48352012e899d1b2 +tools += cmrel=84daedb44d61d25582e22eca48352012e899d1b2 # https://github.com/golangci/golangci-lint/releases -TOOLS += golangci-lint=v1.57.1 +tools += golangci-lint=v1.57.1 # https://pkg.go.dev/golang.org/x/vuln?tab=versions -TOOLS += govulncheck=v1.0.4 +tools += govulncheck=v1.0.4 # https://pkg.go.dev/github.com/operator-framework/operator-sdk/cmd/operator-sdk?tab=versions -TOOLS += operator-sdk=v1.34.1 +tools += operator-sdk=v1.34.1 # https://pkg.go.dev/github.com/cli/cli/v2?tab=versions -TOOLS += gh=v2.47.0 +tools += gh=v2.47.0 # https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases -TOOLS += preflight=1.9.2 +tools += preflight=1.9.2 +# https://github.com/daixiang0/gci/releases/ +tools += gci=v0.13.4 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions -K8S_CODEGEN_VERSION=v0.29.1 -TOOLS += client-gen=$(K8S_CODEGEN_VERSION) -TOOLS += deepcopy-gen=$(K8S_CODEGEN_VERSION) -TOOLS += informer-gen=$(K8S_CODEGEN_VERSION) -TOOLS += lister-gen=$(K8S_CODEGEN_VERSION) -TOOLS += applyconfiguration-gen=$(K8S_CODEGEN_VERSION) -TOOLS += openapi-gen=$(K8S_CODEGEN_VERSION) -TOOLS += defaulter-gen=$(K8S_CODEGEN_VERSION) -TOOLS += conversion-gen=$(K8S_CODEGEN_VERSION) +K8S_CODEGEN_VERSION := v0.29.1 +tools += client-gen=$(K8S_CODEGEN_VERSION) +tools += deepcopy-gen=$(K8S_CODEGEN_VERSION) +tools += informer-gen=$(K8S_CODEGEN_VERSION) +tools += lister-gen=$(K8S_CODEGEN_VERSION) +tools += applyconfiguration-gen=$(K8S_CODEGEN_VERSION) +tools += openapi-gen=$(K8S_CODEGEN_VERSION) +tools += defaulter-gen=$(K8S_CODEGEN_VERSION) +tools += conversion-gen=$(K8S_CODEGEN_VERSION) # https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml -KUBEBUILDER_ASSETS_VERSION=1.29.0 -TOOLS += etcd=$(KUBEBUILDER_ASSETS_VERSION) -TOOLS += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) +KUBEBUILDER_ASSETS_VERSION := 1.29.0 +tools += etcd=$(KUBEBUILDER_ASSETS_VERSION) +tools += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) # Additional tools can be defined to reuse the tooling in this file ADDITIONAL_TOOLS ?= -TOOLS += $(ADDITIONAL_TOOLS) +tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ VENDORED_GO_VERSION := 1.22.2 @@ -165,7 +168,7 @@ $(bin_dir)/scratch/%_VERSION: FORCE | $(bin_dir)/scratch # --location = follow redirects from the server # --retry = the number of times to retry a failed attempt to connect # --retry-connrefused = retry even if the initial connection was refused -CURL = curl --silent --show-error --fail --location --retry 10 --retry-connrefused +CURL := curl --silent --show-error --fail --location --retry 10 --retry-connrefused # LN is expected to be an atomic action, meaning that two Make processes # can run the "link $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) @@ -173,12 +176,17 @@ CURL = curl --silent --show-error --fail --location --retry 10 --retry-connrefus # will perform the action and the second time the link will be overwritten). LN := ln -fs -UC = $(shell echo '$1' | tr a-z A-Z) -LC = $(shell echo '$1' | tr A-Z a-z) +upper_map := a:A b:B c:C d:D e:E f:F g:G h:H i:I j:J k:K l:L m:M n:N o:O p:P q:Q r:R s:S t:T u:U v:V w:W x:X y:Y z:Z +uc = $(strip \ + $(eval __upper := $1) \ + $(foreach p,$(upper_map), \ + $(eval __upper := $(subst $(word 1,$(subst :, ,$p)),$(word 2,$(subst :, ,$p)),$(__upper))) \ + ) \ + )$(__upper) -TOOL_NAMES := +tool_names := -# for each item `xxx` in the TOOLS variable: +# for each item `xxx` in the tools variable: # - a $(XXX_VERSION) variable is generated # -> this variable contains the version of the tool # - a $(NEEDS_XXX) variable is generated @@ -196,20 +204,20 @@ TOOL_NAMES := # creates a link to the corresponding versioned target: # $(DOWNLOAD_DIR)/tools/xxx@$(XXX_VERSION)_$(HOST_OS)_$(HOST_ARCH) define tool_defs -TOOL_NAMES += $1 +tool_names += $1 -$(call UC,$1)_VERSION ?= $2 -NEEDS_$(call UC,$1) := $$(bin_dir)/tools/$1 -$(call UC,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 +$(call uc,$1)_VERSION ?= $2 +NEEDS_$(call uc,$1) := $$(bin_dir)/tools/$1 +$(call uc,$1) := $$(CURDIR)/$$(bin_dir)/tools/$1 -$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call UC,$1)_VERSION | $$(DOWNLOAD_DIR)/tools/$1@$$($(call UC,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools +$$(bin_dir)/tools/$1: $$(bin_dir)/scratch/$(call uc,$1)_VERSION | $$(DOWNLOAD_DIR)/tools/$1@$$($(call uc,$1)_VERSION)_$$(HOST_OS)_$$(HOST_ARCH) $$(bin_dir)/tools @cd $$(dir $$@) && $$(LN) $$(patsubst $$(bin_dir)/%,../%,$$(word 1,$$|)) $$(notdir $$@) @touch $$@ # making sure the target of the symlink is newer than *_VERSION endef -$(foreach TOOL,$(TOOLS),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(TOOL))),$(word 2,$(subst =, ,$(TOOL)))))) +$(foreach tool,$(tools),$(eval $(call tool_defs,$(word 1,$(subst =, ,$(tool))),$(word 2,$(subst =, ,$(tool)))))) -TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%) +tools_paths := $(tool_names:%=$(bin_dir)/tools/%) ###### # Go # @@ -225,13 +233,18 @@ TOOLS_PATHS := $(TOOL_NAMES:%=$(bin_dir)/tools/%) # or when "make vendor-go" was previously run, in which case $(NEEDS_GO) is set # to $(bin_dir)/tools/go, since $(bin_dir)/tools/go is a prerequisite of # any target depending on Go when "make vendor-go" was run. -export NEEDS_GO ?= $(if $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes), $(bin_dir)/tools/go,) -ifeq ($(NEEDS_GO),) + +detected_vendoring := $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_dir)/tools/go ] && echo yes) +export VENDOR_GO ?= $(detected_vendoring) + +ifeq ($(VENDOR_GO),) GO := go +NEEDS_GO := # else export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) GO := $(CURDIR)/$(bin_dir)/tools/go +NEEDS_GO := $(bin_dir)/tools/go MAKE := $(MAKE) vendor-go endif @@ -279,158 +292,159 @@ $(GOVENDOR_DIR)/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH)/goroot: | $(DO # go dependencies # ################### -GO_DEPENDENCIES := -GO_DEPENDENCIES += ginkgo=github.com/onsi/ginkgo/v2/ginkgo -GO_DEPENDENCIES += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen -GO_DEPENDENCIES += goimports=golang.org/x/tools/cmd/goimports -GO_DEPENDENCIES += go-licenses=github.com/google/go-licenses -GO_DEPENDENCIES += gotestsum=gotest.tools/gotestsum -GO_DEPENDENCIES += kustomize=sigs.k8s.io/kustomize/kustomize/v4 -GO_DEPENDENCIES += gojq=github.com/itchyny/gojq/cmd/gojq -GO_DEPENDENCIES += crane=github.com/google/go-containerregistry/cmd/crane -GO_DEPENDENCIES += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go -GO_DEPENDENCIES += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs -GO_DEPENDENCIES += cosign=github.com/sigstore/cosign/v2/cmd/cosign -GO_DEPENDENCIES += boilersuite=github.com/cert-manager/boilersuite -GO_DEPENDENCIES += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc -GO_DEPENDENCIES += oras=oras.land/oras/cmd/oras -GO_DEPENDENCIES += klone=github.com/cert-manager/klone -GO_DEPENDENCIES += goreleaser=github.com/goreleaser/goreleaser -GO_DEPENDENCIES += syft=github.com/anchore/syft/cmd/syft -GO_DEPENDENCIES += client-gen=k8s.io/code-generator/cmd/client-gen -GO_DEPENDENCIES += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen -GO_DEPENDENCIES += informer-gen=k8s.io/code-generator/cmd/informer-gen -GO_DEPENDENCIES += lister-gen=k8s.io/code-generator/cmd/lister-gen -GO_DEPENDENCIES += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen -GO_DEPENDENCIES += openapi-gen=k8s.io/code-generator/cmd/openapi-gen -GO_DEPENDENCIES += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen -GO_DEPENDENCIES += conversion-gen=k8s.io/code-generator/cmd/conversion-gen -GO_DEPENDENCIES += helm-tool=github.com/cert-manager/helm-tool -GO_DEPENDENCIES += cmctl=github.com/cert-manager/cmctl/v2 -GO_DEPENDENCIES += cmrel=github.com/cert-manager/release/cmd/cmrel -GO_DEPENDENCIES += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint -GO_DEPENDENCIES += govulncheck=golang.org/x/vuln/cmd/govulncheck -GO_DEPENDENCIES += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk -GO_DEPENDENCIES += gh=github.com/cli/cli/v2/cmd/gh +go_dependencies := +go_dependencies += ginkgo=github.com/onsi/ginkgo/v2/ginkgo +go_dependencies += controller-gen=sigs.k8s.io/controller-tools/cmd/controller-gen +go_dependencies += goimports=golang.org/x/tools/cmd/goimports +go_dependencies += go-licenses=github.com/google/go-licenses +go_dependencies += gotestsum=gotest.tools/gotestsum +go_dependencies += kustomize=sigs.k8s.io/kustomize/kustomize/v4 +go_dependencies += gojq=github.com/itchyny/gojq/cmd/gojq +go_dependencies += crane=github.com/google/go-containerregistry/cmd/crane +go_dependencies += protoc-gen-go=google.golang.org/protobuf/cmd/protoc-gen-go +go_dependencies += helm-docs=github.com/norwoodj/helm-docs/cmd/helm-docs +go_dependencies += cosign=github.com/sigstore/cosign/v2/cmd/cosign +go_dependencies += boilersuite=github.com/cert-manager/boilersuite +go_dependencies += gomarkdoc=github.com/princjef/gomarkdoc/cmd/gomarkdoc +go_dependencies += oras=oras.land/oras/cmd/oras +go_dependencies += klone=github.com/cert-manager/klone +go_dependencies += goreleaser=github.com/goreleaser/goreleaser +go_dependencies += syft=github.com/anchore/syft/cmd/syft +go_dependencies += client-gen=k8s.io/code-generator/cmd/client-gen +go_dependencies += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen +go_dependencies += informer-gen=k8s.io/code-generator/cmd/informer-gen +go_dependencies += lister-gen=k8s.io/code-generator/cmd/lister-gen +go_dependencies += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen +go_dependencies += openapi-gen=k8s.io/code-generator/cmd/openapi-gen +go_dependencies += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen +go_dependencies += conversion-gen=k8s.io/code-generator/cmd/conversion-gen +go_dependencies += helm-tool=github.com/cert-manager/helm-tool +go_dependencies += cmctl=github.com/cert-manager/cmctl/v2 +go_dependencies += cmrel=github.com/cert-manager/release/cmd/cmrel +go_dependencies += golangci-lint=github.com/golangci/golangci-lint/cmd/golangci-lint +go_dependencies += govulncheck=golang.org/x/vuln/cmd/govulncheck +go_dependencies += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk +go_dependencies += gh=github.com/cli/cli/v2/cmd/gh +go_dependencies += gci=github.com/daixiang0/gci ################# # go build tags # ################# -GO_TAGS := +go_tags := # Additional Go dependencies can be defined to re-use the tooling in this file ADDITIONAL_GO_DEPENDENCIES ?= ADDITIONAL_GO_TAGS ?= -GO_DEPENDENCIES += $(ADDITIONAL_GO_DEPENDENCIES) -GO_TAGS += $(ADDITIONAL_GO_TAGS) +go_dependencies += $(ADDITIONAL_GO_DEPENDENCIES) +go_tags += $(ADDITIONAL_GO_TAGS) go_tags_init = go_tags_$1 := -$(call for_each_kv,go_tags_init,$(GO_DEPENDENCIES)) +$(call for_each_kv,go_tags_init,$(go_dependencies)) go_tags_defs = go_tags_$1 += $2 -$(call for_each_kv,go_tags_defs,$(GO_TAGS)) +$(call for_each_kv,go_tags_defs,$(go_tags)) define go_dependency -$$(DOWNLOAD_DIR)/tools/$1@$($(call UC,$1)_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $$(NEEDS_GO) $$(DOWNLOAD_DIR)/tools +$$(DOWNLOAD_DIR)/tools/$1@$($(call uc,$1)_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $$(NEEDS_GO) $$(DOWNLOAD_DIR)/tools @source $$(lock_script) $$@; \ mkdir -p $$(outfile).dir; \ - GOWORK=off GOBIN=$$(outfile).dir $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call UC,$1)_VERSION); \ + GOWORK=off GOBIN=$$(outfile).dir $$(GO) install --tags "$(strip $(go_tags_$1))" $2@$($(call uc,$1)_VERSION); \ mv $$(outfile).dir/$1 $$(outfile); \ rm -rf $$(outfile).dir endef -$(call for_each_kv,go_dependency,$(GO_DEPENDENCIES)) +$(call for_each_kv,go_dependency,$(go_dependencies)) ################## # File downloads # ################## -GO_linux_amd64_SHA256SUM=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17 -GO_linux_arm64_SHA256SUM=4d169d9cf3dde1692b81c0fd9484fa28d8bc98f672d06bf9db9c75ada73c5fbc -GO_darwin_amd64_SHA256SUM=c0599a349b8d4a1afa3a1721478bb21136ab96c0d75b5f0a0b5fdc9e3b736880 -GO_darwin_arm64_SHA256SUM=3411600bd7596c57ae29cfdb4978e5d45cafa3f428a44a526ad5a2d5ad870506 +go_linux_amd64_SHA256SUM=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17 +go_linux_arm64_SHA256SUM=4d169d9cf3dde1692b81c0fd9484fa28d8bc98f672d06bf9db9c75ada73c5fbc +go_darwin_amd64_SHA256SUM=c0599a349b8d4a1afa3a1721478bb21136ab96c0d75b5f0a0b5fdc9e3b736880 +go_darwin_arm64_SHA256SUM=3411600bd7596c57ae29cfdb4978e5d45cafa3f428a44a526ad5a2d5ad870506 .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ - $(checkhash_script) $(outfile) $(GO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) + $(checkhash_script) $(outfile) $(go_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) -HELM_linux_amd64_SHA256SUM=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651 -HELM_linux_arm64_SHA256SUM=b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952 -HELM_darwin_amd64_SHA256SUM=804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120 -HELM_darwin_arm64_SHA256SUM=c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d +helm_linux_amd64_SHA256SUM=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651 +helm_linux_arm64_SHA256SUM=b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952 +helm_darwin_amd64_SHA256SUM=804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120 +helm_darwin_arm64_SHA256SUM=c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d .PRECIOUS: $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://get.helm.sh/helm-$(HELM_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(HELM_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(helm_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz $(HOST_OS)-$(HOST_ARCH)/helm > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).tar.gz -KUBECTL_linux_amd64_SHA256SUM=69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f -KUBECTL_linux_arm64_SHA256SUM=96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b -KUBECTL_darwin_amd64_SHA256SUM=c4da86e5c0fc9415db14a48d9ef1515b0b472346cbc9b7f015175b6109505d2c -KUBECTL_darwin_arm64_SHA256SUM=c31b99d7bf0faa486a6554c5f96e36af4821a488e90176a12ba18298bc4c8fb0 +kubectl_linux_amd64_SHA256SUM=69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f +kubectl_linux_arm64_SHA256SUM=96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b +kubectl_darwin_amd64_SHA256SUM=c4da86e5c0fc9415db14a48d9ef1515b0b472346cbc9b7f015175b6109505d2c +kubectl_darwin_arm64_SHA256SUM=c31b99d7bf0faa486a6554c5f96e36af4821a488e90176a12ba18298bc4c8fb0 .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://dl.k8s.io/release/$(KUBECTL_VERSION)/bin/$(HOST_OS)/$(HOST_ARCH)/kubectl -o $(outfile); \ - $(checkhash_script) $(outfile) $(KUBECTL_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(kubectl_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -KIND_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded -KIND_linux_arm64_SHA256SUM=639f7808443559aa30c3642d9913b1615d611a071e34f122340afeda97b8f422 -KIND_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad -KIND_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf +kind_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded +kind_linux_arm64_SHA256SUM=639f7808443559aa30c3642d9913b1615d611a071e34f122340afeda97b8f422 +kind_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad +kind_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf .PRECIOUS: $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH) -$(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools $(bin_dir)/tools +$(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://github.com/kubernetes-sigs/kind/releases/download/$(KIND_VERSION)/kind-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \ - $(checkhash_script) $(outfile) $(KIND_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(kind_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -VAULT_linux_amd64_SHA256SUM=f42f550713e87cceef2f29a4e2b754491697475e3d26c0c5616314e40edd8e1b -VAULT_linux_arm64_SHA256SUM=79aee168078eb8c0dbb31c283e1136a7575f59fe36fccbb1f1ef6a16e0b67fdb -VAULT_darwin_amd64_SHA256SUM=a9d7c6e76d7d5c9be546e9a74860b98db6486fc0df095d8b00bc7f63fb1f6c1c -VAULT_darwin_arm64_SHA256SUM=4bf594a231bef07fbcfbf7329c8004acb8d219ce6a7aff186e0bac7027a0ab25 +vault_linux_amd64_SHA256SUM=f42f550713e87cceef2f29a4e2b754491697475e3d26c0c5616314e40edd8e1b +vault_linux_arm64_SHA256SUM=79aee168078eb8c0dbb31c283e1136a7575f59fe36fccbb1f1ef6a16e0b67fdb +vault_darwin_amd64_SHA256SUM=a9d7c6e76d7d5c9be546e9a74860b98db6486fc0df095d8b00bc7f63fb1f6c1c +vault_darwin_arm64_SHA256SUM=4bf594a231bef07fbcfbf7329c8004acb8d219ce6a7aff186e0bac7027a0ab25 .PRECIOUS: $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://releases.hashicorp.com/vault/$(VAULT_VERSION)/vault_$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH).zip -o $(outfile).zip; \ - $(checkhash_script) $(outfile).zip $(VAULT_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).zip $(vault_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ unzip -qq -c $(outfile).zip > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).zip -AZWI_linux_amd64_SHA256SUM=d2ef0f27609b7157595fe62b13c03381a481f833c1e1b6290df560454890d337 -AZWI_linux_arm64_SHA256SUM=72e34bc96611080095e90ecce58a72e50debf846106b13976f2972bf06ae12df -AZWI_darwin_amd64_SHA256SUM=2be5f18c0acfb213a22db5a149dd89c7d494690988cb8e8a785dd6915f7094d0 -AZWI_darwin_arm64_SHA256SUM=d0b01768102dd472c72c98bb51ae990af8779e811c9f7ab1db48ccefc9988f4c +azwi_linux_amd64_SHA256SUM=d2ef0f27609b7157595fe62b13c03381a481f833c1e1b6290df560454890d337 +azwi_linux_arm64_SHA256SUM=72e34bc96611080095e90ecce58a72e50debf846106b13976f2972bf06ae12df +azwi_darwin_amd64_SHA256SUM=2be5f18c0acfb213a22db5a149dd89c7d494690988cb8e8a785dd6915f7094d0 +azwi_darwin_arm64_SHA256SUM=d0b01768102dd472c72c98bb51ae990af8779e811c9f7ab1db48ccefc9988f4c .PRECIOUS: $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://github.com/Azure/azure-workload-identity/releases/download/$(AZWI_VERSION)/azwi-$(AZWI_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(AZWI_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(azwi_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz azwi > $(outfile) && chmod 775 $(outfile); \ rm -f $(outfile).tar.gz -KUBEBUILDER_TOOLS_linux_amd64_SHA256SUM=e9899574fb92fd4a4ca27539d15a30f313f8a482b61b46cb874a07f2ba4f9bcb -KUBEBUILDER_TOOLS_linux_arm64_SHA256SUM=ef22e16c439b45f3e116498f7405be311bab92c3345766ab2142e86458cda92e -KUBEBUILDER_TOOLS_darwin_amd64_SHA256SUM=e5796637cc8e40029f0def639bbe7d99193c1872555c919d2b76c32e0e34378f -KUBEBUILDER_TOOLS_darwin_arm64_SHA256SUM=9734b90206f17a46f4dd0a7e3bb107d44aec9e79b7b135c6eb7c8a250ffd5e03 +kubebuilder_tools_linux_amd64_SHA256SUM=e9899574fb92fd4a4ca27539d15a30f313f8a482b61b46cb874a07f2ba4f9bcb +kubebuilder_tools_linux_arm64_SHA256SUM=ef22e16c439b45f3e116498f7405be311bab92c3345766ab2142e86458cda92e +kubebuilder_tools_darwin_amd64_SHA256SUM=e5796637cc8e40029f0def639bbe7d99193c1872555c919d2b76c32e0e34378f +kubebuilder_tools_darwin_arm64_SHA256SUM=9734b90206f17a46f4dd0a7e3bb107d44aec9e79b7b135c6eb7c8a250ffd5e03 .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ - $(checkhash_script) $(outfile) $(KUBEBUILDER_TOOLS_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) + $(checkhash_script) $(outfile) $(kubebuilder_tools_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) $(DOWNLOAD_DIR)/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ @@ -440,10 +454,10 @@ $(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$( @source $(lock_script) $@; \ tar xfO $< kubebuilder/bin/kube-apiserver > $(outfile) && chmod 775 $(outfile) -KYVERNO_linux_amd64_SHA256SUM=08cf3640b847e3bbd41c5014ece4e0aa6c39915f5c199eeac8d80267955676e6 -KYVERNO_linux_arm64_SHA256SUM=31805a52e98733b390c60636f209e0bda3174bd09e764ba41fa971126b98d2fc -KYVERNO_darwin_amd64_SHA256SUM=21fa0733d1a73d510fa0e30ac10310153b7124381aa21224b54fe34a38239542 -KYVERNO_darwin_arm64_SHA256SUM=022bc2640f05482cab290ca8cd28a67f55b24c14b93076bd144c37a1732e6d7e +kyverno_linux_amd64_SHA256SUM=08cf3640b847e3bbd41c5014ece4e0aa6c39915f5c199eeac8d80267955676e6 +kyverno_linux_arm64_SHA256SUM=31805a52e98733b390c60636f209e0bda3174bd09e764ba41fa971126b98d2fc +kyverno_darwin_amd64_SHA256SUM=21fa0733d1a73d510fa0e30ac10310153b7124381aa21224b54fe34a38239542 +kyverno_darwin_arm64_SHA256SUM=022bc2640f05482cab290ca8cd28a67f55b24c14b93076bd144c37a1732e6d7e .PRECIOUS: $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -451,27 +465,27 @@ $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DO @source $(lock_script) $@; \ $(CURL) https://github.com/kyverno/kyverno/releases/download/$(KYVERNO_VERSION)/kyverno-cli_$(KYVERNO_VERSION)_$(HOST_OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(KYVERNO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(kyverno_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz kyverno > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).tar.gz -YQ_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1 -YQ_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6 -YQ_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed -YQ_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5 +yq_linux_amd64_SHA256SUM=cfbbb9ba72c9402ef4ab9d8f843439693dfb380927921740e51706d90869c7e1 +yq_linux_arm64_SHA256SUM=a8186efb079673293289f8c31ee252b0d533c7bb8b1ada6a778ddd5ec0f325b6 +yq_darwin_amd64_SHA256SUM=fdc42b132ac460037f4f0f48caea82138772c651d91cfbb735210075ddfdbaed +yq_darwin_arm64_SHA256SUM=9f1063d910698834cb9176593aa288471898031929138d226c2c2de9f262f8e5 .PRECIOUS: $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/yq_$(HOST_OS)_$(HOST_ARCH) -o $(outfile); \ - $(checkhash_script) $(outfile) $(YQ_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(yq_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -KO_linux_amd64_SHA256SUM=5b06079590371954cceadf0ddcfa8471afb039c29a2e971043915957366a2f39 -KO_linux_arm64_SHA256SUM=fcbb736f7440d686ca1cf8b4c3f6b9b80948eb17d6cef7c14242eddd275cab42 -KO_darwin_amd64_SHA256SUM=4f388a4b08bde612a20d799045a57a9b8847483baf1a1590d3c32735e7c30c16 -KO_darwin_arm64_SHA256SUM=45f2c1a50fdadb7ef38abbb479897d735c95238ec25c4f505177d77d60ed91d6 +ko_linux_amd64_SHA256SUM=5b06079590371954cceadf0ddcfa8471afb039c29a2e971043915957366a2f39 +ko_linux_arm64_SHA256SUM=fcbb736f7440d686ca1cf8b4c3f6b9b80948eb17d6cef7c14242eddd275cab42 +ko_darwin_amd64_SHA256SUM=4f388a4b08bde612a20d799045a57a9b8847483baf1a1590d3c32735e7c30c16 +ko_darwin_arm64_SHA256SUM=45f2c1a50fdadb7ef38abbb479897d735c95238ec25c4f505177d77d60ed91d6 .PRECIOUS: $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -480,15 +494,15 @@ $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR @source $(lock_script) $@; \ $(CURL) https://github.com/ko-build/ko/releases/download/v$(KO_VERSION)/ko_$(KO_VERSION)_$(OS)_$(ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(KO_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(ko_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz ko > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).tar.gz -PROTOC_linux_amd64_SHA256SUM=78ab9c3288919bdaa6cfcec6127a04813cf8a0ce406afa625e48e816abee2878 -PROTOC_linux_arm64_SHA256SUM=07683afc764e4efa3fa969d5f049fbc2bdfc6b4e7786a0b233413ac0d8753f6b -PROTOC_darwin_amd64_SHA256SUM=5fe89993769616beff1ed77408d1335216379ce7010eee80284a01f9c87c8888 -PROTOC_darwin_arm64_SHA256SUM=8822b090c396800c96ac652040917eb3fbc5e542538861aad7c63b8457934b20 +protoc_linux_amd64_SHA256SUM=78ab9c3288919bdaa6cfcec6127a04813cf8a0ce406afa625e48e816abee2878 +protoc_linux_arm64_SHA256SUM=07683afc764e4efa3fa969d5f049fbc2bdfc6b4e7786a0b233413ac0d8753f6b +protoc_darwin_amd64_SHA256SUM=5fe89993769616beff1ed77408d1335216379ce7010eee80284a01f9c87c8888 +protoc_darwin_arm64_SHA256SUM=8822b090c396800c96ac652040917eb3fbc5e542538861aad7c63b8457934b20 .PRECIOUS: $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -497,15 +511,15 @@ $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN @source $(lock_script) $@; \ $(CURL) https://github.com/protocolbuffers/protobuf/releases/download/v$(PROTOC_VERSION)/protoc-$(PROTOC_VERSION)-$(OS)-$(ARCH).zip -o $(outfile).zip; \ - $(checkhash_script) $(outfile).zip $(PROTOC_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).zip $(protoc_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ unzip -qq -c $(outfile).zip bin/protoc > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).zip -TRIVY_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d -TRIVY_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b -TRIVY_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3 -TRIVY_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45 +trivy_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d +trivy_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b +trivy_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3 +trivy_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45 .PRECIOUS: $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -514,27 +528,27 @@ $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLO @source $(lock_script) $@; \ $(CURL) https://github.com/aquasecurity/trivy/releases/download/$(TRIVY_VERSION)/trivy_$(patsubst v%,%,$(TRIVY_VERSION))_$(OS)-$(ARCH).tar.gz -o $(outfile).tar.gz; \ - $(checkhash_script) $(outfile).tar.gz $(TRIVY_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).tar.gz $(trivy_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ tar xfO $(outfile).tar.gz trivy > $(outfile); \ chmod +x $(outfile); \ rm $(outfile).tar.gz -YTT_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8 -YTT_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b -YTT_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76 -YTT_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9 +ytt_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8 +ytt_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b +ytt_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76 +ytt_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9 .PRECIOUS: $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) -sSfL https://github.com/vmware-tanzu/carvel-ytt/releases/download/$(YTT_VERSION)/ytt-$(HOST_OS)-$(HOST_ARCH) -o $(outfile); \ - $(checkhash_script) $(outfile) $(YTT_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(ytt_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -RCLONE_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7 -RCLONE_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749 -RCLONE_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640 -RCLONE_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a +rclone_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7 +rclone_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749 +rclone_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640 +rclone_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a .PRECIOUS: $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -542,15 +556,15 @@ $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN @source $(lock_script) $@; \ $(CURL) https://github.com/rclone/rclone/releases/download/$(RCLONE_VERSION)/rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH).zip -o $(outfile).zip; \ - $(checkhash_script) $(outfile).zip $(RCLONE_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile).zip $(rclone_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ unzip -p $(outfile).zip rclone-$(RCLONE_VERSION)-$(OS)-$(HOST_ARCH)/rclone > $(outfile); \ chmod +x $(outfile); \ rm -f $(outfile).zip -PREFLIGHT_linux_amd64_SHA256SUM=20f31e4af2004e8e3407844afea4e973975069169d69794e0633f0cb91d45afd -PREFLIGHT_linux_arm64_SHA256SUM=c42cf4132027d937da88da07760e8fd9b1a8836f9c7795a1b60513d99c6939fe +preflight_linux_amd64_SHA256SUM=20f31e4af2004e8e3407844afea4e973975069169d69794e0633f0cb91d45afd +preflight_linux_arm64_SHA256SUM=c42cf4132027d937da88da07760e8fd9b1a8836f9c7795a1b60513d99c6939fe -# Currently there are no offical releases for darwin, you cannot submit results +# Currently there are no offical releases for darwin, you cannot submit results # on non-official binaries, but we can still run tests. # # Once https://github.com/redhat-openshift-ecosystem/openshift-preflight/pull/942 is merged @@ -567,7 +581,7 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_darwin_$(HOST_ARCH): | $(DO $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ $(CURL) https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/download/$(PREFLIGHT_VERSION)/preflight-linux-$(HOST_ARCH) -o $(outfile); \ - $(checkhash_script) $(outfile) $(PREFLIGHT_linux_$(HOST_ARCH)_SHA256SUM); \ + $(checkhash_script) $(outfile) $(preflight_linux_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) ################# @@ -583,21 +597,21 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOW # about go being missing even though abc itself depends on vendor-go! # That means we need to pass vendor-go at the top level if go is not installed (i.e. "make vendor-go abc") -MISSING=$(shell (command -v curl >/dev/null || echo curl) \ +missing=$(shell (command -v curl >/dev/null || echo curl) \ && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ && (command -v rsync >/dev/null || echo rsync) \ && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) -ifneq ($(MISSING),) -$(error Missing required tools: $(MISSING)) +ifneq ($(missing),) +$(error Missing required tools: $(missing)) endif .PHONY: tools ## Download and setup all tools ## @category [shared] Tools -tools: $(TOOLS_PATHS) +tools: $(tools_paths) self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk @@ -614,7 +628,7 @@ tools-learn-sha: | $(bin_dir) HOST_OS=linux HOST_ARCH=arm64 $(MAKE) tools HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools - + HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go From 55530cb9f39faf747496899cca4a047d7236d562 Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Fri, 3 May 2024 11:42:55 +0100 Subject: [PATCH 102/177] docs: add RELEASE.md file to describe release process. Signed-off-by: Adam Talbot --- RELEASE.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 RELEASE.md diff --git a/RELEASE.md b/RELEASE.md new file mode 100644 index 00000000000..a7f3ef89069 --- /dev/null +++ b/RELEASE.md @@ -0,0 +1,17 @@ +# Releases + +## Schedule + +The release schedule for cert-manager is defined on the [cert-manager website](https://cert-manager.io/docs/releases/). + +## Process + +The release process is descibed in detail on the [cert-manager website](https://cert-manager.io/docs/contributing/release-process/). + +## Artifacts + +The cert-manager project will produce the following artifacts each release. For documentation on how those artifacts are produced see the "Process" section. + +- *Container Images* - Container images for the cert-manager project are published for all cert-manager components. +- *Helm chart* - An offical Helm chart is mainained within this repo and published to `charts.jetstack.io` on each cert-manager release. +- *Binaries* - Until version 1.15 the cmctl binary was maintained within this repo and published as part of the cert-manager release. For releases after 1.15 the CLI has moved to its [own repository](https://github.com/cert-manager/cmctl). Binary builds are still avaiable for download from this new location. \ No newline at end of file From 2894ff16fdbc5e41cdf6770588cf89ddb8c3900a Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Sat, 4 May 2024 00:19:53 +0000 Subject: [PATCH 103/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 ++-- make/_shared/tools/00_mod.mk | 154 +++++++++++++++++------------------ 2 files changed, 84 insertions(+), 84 deletions(-) diff --git a/klone.yaml b/klone.yaml index 072081f2497..43891c945c8 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea + repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea + repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea + repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea + repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea + repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea + repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 23b4de4ac804dff0e4e2fd687b5a04631b912dea + repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index c602dcca458..295b1617889 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -46,35 +46,35 @@ CTR=docker tools := # https://github.com/helm/helm/releases -tools += helm=v3.14.0 +tools += helm=v3.14.4 # https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl -tools += kubectl=v1.29.1 +tools += kubectl=v1.30.0 # https://github.com/kubernetes-sigs/kind/releases -tools += kind=v0.20.0 +tools += kind=v0.22.0 # https://www.vaultproject.io/downloads -tools += vault=1.15.4 +tools += vault=1.16.2 # https://github.com/Azure/azure-workload-identity/releases -tools += azwi=v1.2.0 +tools += azwi=v1.2.2 # https://github.com/kyverno/kyverno/releases -tools += kyverno=v1.11.3 +tools += kyverno=v1.12.1 # https://github.com/mikefarah/yq/releases tools += yq=v4.43.1 # https://github.com/ko-build/ko/releases -tools += ko=0.15.1 +tools += ko=0.15.2 # https://github.com/protocolbuffers/protobuf/releases -tools += protoc=25.2 +tools += protoc=26.1 # https://github.com/aquasecurity/trivy/releases -tools += trivy=v0.45.0 +tools += trivy=v0.50.4 # https://github.com/vmware-tanzu/carvel-ytt/releases -tools += ytt=v0.45.4 +tools += ytt=v0.49.0 # https://github.com/rclone/rclone/releases -tools += rclone=v1.64.0 +tools += rclone=v1.66.0 ### go packages # https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions tools += controller-gen=v0.14.0 # https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions -tools += goimports=v0.17.0 +tools += goimports=v0.20.0 # https://pkg.go.dev/github.com/google/go-licenses/licenses?tab=versions tools += go-licenses=706b9c60edd424a8b6d253fe10dfb7b8e942d4a5 # https://pkg.go.dev/gotest.tools/gotestsum?tab=versions @@ -82,15 +82,15 @@ tools += gotestsum=v1.11.0 # https://pkg.go.dev/sigs.k8s.io/kustomize/kustomize/v4?tab=versions tools += kustomize=v4.5.7 # https://pkg.go.dev/github.com/itchyny/gojq?tab=versions -tools += gojq=v0.12.14 +tools += gojq=v0.12.15 # https://pkg.go.dev/github.com/google/go-containerregistry/pkg/crane?tab=versions -tools += crane=v0.18.0 +tools += crane=v0.19.1 # https://pkg.go.dev/google.golang.org/protobuf/cmd/protoc-gen-go?tab=versions -tools += protoc-gen-go=v1.32.0 +tools += protoc-gen-go=v1.34.0 # https://pkg.go.dev/github.com/norwoodj/helm-docs/cmd/helm-docs?tab=versions -tools += helm-docs=v1.12.0 +tools += helm-docs=v1.13.1 # https://pkg.go.dev/github.com/sigstore/cosign/v2/cmd/cosign?tab=versions -tools += cosign=v2.2.2 +tools += cosign=v2.2.4 # https://pkg.go.dev/github.com/cert-manager/boilersuite?tab=versions tools += boilersuite=v0.1.0 # https://pkg.go.dev/github.com/princjef/gomarkdoc/cmd/gomarkdoc?tab=versions @@ -105,32 +105,32 @@ tools += oras=v1.1.0 detected_ginkgo_version := $(shell [[ -f go.mod ]] && awk '/ginkgo\/v2/ {print $$2}' go.mod || echo "v2.13.2") tools += ginkgo=$(detected_ginkgo_version) # https://pkg.go.dev/github.com/cert-manager/klone?tab=versions -tools += klone=v0.0.4 +tools += klone=v0.0.5 # https://pkg.go.dev/github.com/goreleaser/goreleaser?tab=versions -tools += goreleaser=v1.23.0 +tools += goreleaser=v1.25.1 # https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions tools += syft=v0.100.0 # https://github.com/cert-manager/helm-tool tools += helm-tool=v0.4.2 # https://github.com/cert-manager/cmctl -tools += cmctl=2f75014a7c360c319f8c7c8afe8e9ce33fe26dca +tools += cmctl=v2.0.0 # https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions -tools += cmrel=84daedb44d61d25582e22eca48352012e899d1b2 +tools += cmrel=e4c3a4dc07df5c7c0379d334c5bb00e172462551 # https://github.com/golangci/golangci-lint/releases -tools += golangci-lint=v1.57.1 +tools += golangci-lint=v1.57.2 # https://pkg.go.dev/golang.org/x/vuln?tab=versions -tools += govulncheck=v1.0.4 +tools += govulncheck=v1.1.0 # https://pkg.go.dev/github.com/operator-framework/operator-sdk/cmd/operator-sdk?tab=versions tools += operator-sdk=v1.34.1 # https://pkg.go.dev/github.com/cli/cli/v2?tab=versions -tools += gh=v2.47.0 +tools += gh=v2.49.0 # https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases tools += preflight=1.9.2 # https://github.com/daixiang0/gci/releases/ tools += gci=v0.13.4 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions -K8S_CODEGEN_VERSION := v0.29.1 +K8S_CODEGEN_VERSION := v0.29.3 tools += client-gen=$(K8S_CODEGEN_VERSION) tools += deepcopy-gen=$(K8S_CODEGEN_VERSION) tools += informer-gen=$(K8S_CODEGEN_VERSION) @@ -141,7 +141,7 @@ tools += defaulter-gen=$(K8S_CODEGEN_VERSION) tools += conversion-gen=$(K8S_CODEGEN_VERSION) # https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml -KUBEBUILDER_ASSETS_VERSION := 1.29.0 +KUBEBUILDER_ASSETS_VERSION := 1.30.0 tools += etcd=$(KUBEBUILDER_ASSETS_VERSION) tools += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) @@ -360,9 +360,9 @@ $(call for_each_kv,go_dependency,$(go_dependencies)) ################## go_linux_amd64_SHA256SUM=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17 -go_linux_arm64_SHA256SUM=4d169d9cf3dde1692b81c0fd9484fa28d8bc98f672d06bf9db9c75ada73c5fbc -go_darwin_amd64_SHA256SUM=c0599a349b8d4a1afa3a1721478bb21136ab96c0d75b5f0a0b5fdc9e3b736880 -go_darwin_arm64_SHA256SUM=3411600bd7596c57ae29cfdb4978e5d45cafa3f428a44a526ad5a2d5ad870506 +go_linux_arm64_SHA256SUM=36e720b2d564980c162a48c7e97da2e407dfcc4239e1e58d98082dfa2486a0c1 +go_darwin_amd64_SHA256SUM=33e7f63077b1c5bce4f1ecadd4d990cf229667c40bfb00686990c950911b7ab7 +go_darwin_arm64_SHA256SUM=660298be38648723e783ba0398e90431de1cb288c637880cdb124f39bd977f0d .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @@ -370,10 +370,10 @@ $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: $(CURL) https://go.dev/dl/go$(VENDORED_GO_VERSION).$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ $(checkhash_script) $(outfile) $(go_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) -helm_linux_amd64_SHA256SUM=f43e1c3387de24547506ab05d24e5309c0ce0b228c23bd8aa64e9ec4b8206651 -helm_linux_arm64_SHA256SUM=b29e61674731b15f6ad3d1a3118a99d3cc2ab25a911aad1b8ac8c72d5a9d2952 -helm_darwin_amd64_SHA256SUM=804586896496f7b3da97f56089ea00f220e075e969b6fdf6c0b7b9cdc22de120 -helm_darwin_arm64_SHA256SUM=c2f36f3289a01c7c93ca11f84d740a170e0af1d2d0280bd523a409a62b8dfa1d +helm_linux_amd64_SHA256SUM=a5844ef2c38ef6ddf3b5a8f7d91e7e0e8ebc39a38bb3fc8013d629c1ef29c259 +helm_linux_arm64_SHA256SUM=113ccc53b7c57c2aba0cd0aa560b5500841b18b5210d78641acfddc53dac8ab2 +helm_darwin_amd64_SHA256SUM=73434aeac36ad068ce2e5582b8851a286dc628eae16494a26e2ad0b24a7199f9 +helm_darwin_arm64_SHA256SUM=61e9c5455f06b2ad0a1280975bf65892e707adc19d766b0cf4e9006e3b7b4b6c .PRECIOUS: $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -384,10 +384,10 @@ $(DOWNLOAD_DIR)/tools/helm@$(HELM_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD chmod +x $(outfile); \ rm -f $(outfile).tar.gz -kubectl_linux_amd64_SHA256SUM=69ab3a931e826bf7ac14d38ba7ca637d66a6fcb1ca0e3333a2cafdf15482af9f -kubectl_linux_arm64_SHA256SUM=96d6dc7b2bdcd344ce58d17631c452225de5bbf59b83fd3c89c33c6298fb5d8b -kubectl_darwin_amd64_SHA256SUM=c4da86e5c0fc9415db14a48d9ef1515b0b472346cbc9b7f015175b6109505d2c -kubectl_darwin_arm64_SHA256SUM=c31b99d7bf0faa486a6554c5f96e36af4821a488e90176a12ba18298bc4c8fb0 +kubectl_linux_amd64_SHA256SUM=7c3807c0f5c1b30110a2ff1e55da1d112a6d0096201f1beb81b269f582b5d1c5 +kubectl_linux_arm64_SHA256SUM=669af0cf520757298ea60a8b6eb6b719ba443a9c7d35f36d3fb2fd7513e8c7d2 +kubectl_darwin_amd64_SHA256SUM=bcfa57d020b8d07d0ea77235ce8012c2c28fefdfd7cb9738f33674a7b16cef08 +kubectl_darwin_arm64_SHA256SUM=45cfa208151320153742062824398f22bb6bfb5a142bf6238476d55dacbd1bdd .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -396,10 +396,10 @@ $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DO $(checkhash_script) $(outfile) $(kubectl_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -kind_linux_amd64_SHA256SUM=513a7213d6d3332dd9ef27c24dab35e5ef10a04fa27274fe1c14d8a246493ded -kind_linux_arm64_SHA256SUM=639f7808443559aa30c3642d9913b1615d611a071e34f122340afeda97b8f422 -kind_darwin_amd64_SHA256SUM=bffd8fb2006dc89fa0d1dde5ba6bf48caacb707e4df8551528f49145ebfeb7ad -kind_darwin_arm64_SHA256SUM=8df041a5cae55471f3b039c3c9942226eb909821af63b5677fc80904caffaabf +kind_linux_amd64_SHA256SUM=e4264d7ee07ca642fe52818d7c0ed188b193c214889dd055c929dbcb968d1f62 +kind_linux_arm64_SHA256SUM=4431805115da3b54290e3e976fe2db9a7e703f116177aace6735dfa1d8a4f3fe +kind_darwin_amd64_SHA256SUM=28a9f7ad7fd77922c639e21c034d0f989b33402693f4f842099cd9185b144d20 +kind_darwin_arm64_SHA256SUM=c8dd3b287965150ae4db668294edc48229116e95d94620c306d8fae932ee633f .PRECIOUS: $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -408,10 +408,10 @@ $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD $(checkhash_script) $(outfile) $(kind_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -vault_linux_amd64_SHA256SUM=f42f550713e87cceef2f29a4e2b754491697475e3d26c0c5616314e40edd8e1b -vault_linux_arm64_SHA256SUM=79aee168078eb8c0dbb31c283e1136a7575f59fe36fccbb1f1ef6a16e0b67fdb -vault_darwin_amd64_SHA256SUM=a9d7c6e76d7d5c9be546e9a74860b98db6486fc0df095d8b00bc7f63fb1f6c1c -vault_darwin_arm64_SHA256SUM=4bf594a231bef07fbcfbf7329c8004acb8d219ce6a7aff186e0bac7027a0ab25 +vault_linux_amd64_SHA256SUM=688ce462b70cb674f84fddb731f75bb710db5ad9e4e5a17659e90e1283a8b4b7 +vault_linux_arm64_SHA256SUM=d5bd42227d295b1dcc4a5889c37e6a8ca945ece4795819718eaf54db87aa6d4f +vault_darwin_amd64_SHA256SUM=e4886d22273dedc579dc2382e114e7be29341049a48592f8f7be8a0020310731 +vault_darwin_arm64_SHA256SUM=ca59c85e7e3d67e25b6bfa505f7e7717b418452e8bfcd602a2a717bc06d5b1ee .PRECIOUS: $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -422,10 +422,10 @@ $(DOWNLOAD_DIR)/tools/vault@$(VAULT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLO chmod +x $(outfile); \ rm -f $(outfile).zip -azwi_linux_amd64_SHA256SUM=d2ef0f27609b7157595fe62b13c03381a481f833c1e1b6290df560454890d337 -azwi_linux_arm64_SHA256SUM=72e34bc96611080095e90ecce58a72e50debf846106b13976f2972bf06ae12df -azwi_darwin_amd64_SHA256SUM=2be5f18c0acfb213a22db5a149dd89c7d494690988cb8e8a785dd6915f7094d0 -azwi_darwin_arm64_SHA256SUM=d0b01768102dd472c72c98bb51ae990af8779e811c9f7ab1db48ccefc9988f4c +azwi_linux_amd64_SHA256SUM=d33aaedbcbcc0ef61d845b3704ab336deaafc192c854e887896e163b99097871 +azwi_linux_arm64_SHA256SUM=7c4b55ef83e62f4b597885e66fbbdf0720cf0e2be3f1a16212f9b41d4b61b454 +azwi_darwin_amd64_SHA256SUM=47a9e99a7e02e531967d1c9a8abf12e73134f88ce3363007f411ba9b83497fd0 +azwi_darwin_arm64_SHA256SUM=19c5cf9fe4e1a7394bc01456d5e314fd898162d2d360c585fc72e46dae930659 .PRECIOUS: $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -435,10 +435,10 @@ $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD tar xfO $(outfile).tar.gz azwi > $(outfile) && chmod 775 $(outfile); \ rm -f $(outfile).tar.gz -kubebuilder_tools_linux_amd64_SHA256SUM=e9899574fb92fd4a4ca27539d15a30f313f8a482b61b46cb874a07f2ba4f9bcb -kubebuilder_tools_linux_arm64_SHA256SUM=ef22e16c439b45f3e116498f7405be311bab92c3345766ab2142e86458cda92e -kubebuilder_tools_darwin_amd64_SHA256SUM=e5796637cc8e40029f0def639bbe7d99193c1872555c919d2b76c32e0e34378f -kubebuilder_tools_darwin_arm64_SHA256SUM=9734b90206f17a46f4dd0a7e3bb107d44aec9e79b7b135c6eb7c8a250ffd5e03 +kubebuilder_tools_linux_amd64_SHA256SUM=d51dae845397b7548444157903f2d573493afb6f90ce9417c0f5c61d4b1f908d +kubebuilder_tools_linux_arm64_SHA256SUM=83123010f603390ee0f417ad1cf2a715f5bff335c5841dcd4221764e52732336 +kubebuilder_tools_darwin_amd64_SHA256SUM=46f5a680f28b6db9fdaaab4659dee68a1f2e04a0d9a39f9b0176562a9e95167b +kubebuilder_tools_darwin_arm64_SHA256SUM=ce37b6fcd7678d78a610da1ae5e8e68777025b2bf046558820f967fe7a8f0dfd .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @@ -454,10 +454,10 @@ $(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$( @source $(lock_script) $@; \ tar xfO $< kubebuilder/bin/kube-apiserver > $(outfile) && chmod 775 $(outfile) -kyverno_linux_amd64_SHA256SUM=08cf3640b847e3bbd41c5014ece4e0aa6c39915f5c199eeac8d80267955676e6 -kyverno_linux_arm64_SHA256SUM=31805a52e98733b390c60636f209e0bda3174bd09e764ba41fa971126b98d2fc -kyverno_darwin_amd64_SHA256SUM=21fa0733d1a73d510fa0e30ac10310153b7124381aa21224b54fe34a38239542 -kyverno_darwin_arm64_SHA256SUM=022bc2640f05482cab290ca8cd28a67f55b24c14b93076bd144c37a1732e6d7e +kyverno_linux_amd64_SHA256SUM=a5f6e9070c17acc47168c8ce4db78e45258376551b8bf68ad2d5ed27454cf666 +kyverno_linux_arm64_SHA256SUM=007e828d622e73614365f5f7e8e107e36ae686e97e8982b1eeb53511fb2363c3 +kyverno_darwin_amd64_SHA256SUM=20786eebf45238e8b4a35f4146c3f8dfea35968cf8ef6ca6d6727559f5c0156e +kyverno_darwin_arm64_SHA256SUM=3a454fb0b2bfbca6225d46ff4cc0b702fd4a63e978718c50225472b9631a8015 .PRECIOUS: $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kyverno@$(KYVERNO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -482,10 +482,10 @@ $(DOWNLOAD_DIR)/tools/yq@$(YQ_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR $(checkhash_script) $(outfile) $(yq_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -ko_linux_amd64_SHA256SUM=5b06079590371954cceadf0ddcfa8471afb039c29a2e971043915957366a2f39 -ko_linux_arm64_SHA256SUM=fcbb736f7440d686ca1cf8b4c3f6b9b80948eb17d6cef7c14242eddd275cab42 -ko_darwin_amd64_SHA256SUM=4f388a4b08bde612a20d799045a57a9b8847483baf1a1590d3c32735e7c30c16 -ko_darwin_arm64_SHA256SUM=45f2c1a50fdadb7ef38abbb479897d735c95238ec25c4f505177d77d60ed91d6 +ko_linux_amd64_SHA256SUM=d11f03f23261d16f9e7802291e9d098e84f5daecc7931e8573bece9025b6a2c5 +ko_linux_arm64_SHA256SUM=8294849c0f12138006cd149dd02bb580c0eea41a6031473705cbf825e021a688 +ko_darwin_amd64_SHA256SUM=314c33154de941bfc4ede5e7283eb182028459bac36eb4223859e0b778254936 +ko_darwin_arm64_SHA256SUM=b6ecd62eb4f9238a0ed0512d7a34648b881aea0774c3830e3e5159370eb6834f .PRECIOUS: $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -499,10 +499,10 @@ $(DOWNLOAD_DIR)/tools/ko@$(KO_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR chmod +x $(outfile); \ rm -f $(outfile).tar.gz -protoc_linux_amd64_SHA256SUM=78ab9c3288919bdaa6cfcec6127a04813cf8a0ce406afa625e48e816abee2878 -protoc_linux_arm64_SHA256SUM=07683afc764e4efa3fa969d5f049fbc2bdfc6b4e7786a0b233413ac0d8753f6b -protoc_darwin_amd64_SHA256SUM=5fe89993769616beff1ed77408d1335216379ce7010eee80284a01f9c87c8888 -protoc_darwin_arm64_SHA256SUM=8822b090c396800c96ac652040917eb3fbc5e542538861aad7c63b8457934b20 +protoc_linux_amd64_SHA256SUM=a7be2928c0454f132c599e25b79b7ad1b57663f2337d7f7e468a1d59b98ec1b0 +protoc_linux_arm64_SHA256SUM=64a3b3b5f7dac0c8f9cf1cb85b2b1a237eb628644f6bcb0fb8f23db6e0d66181 +protoc_darwin_amd64_SHA256SUM=febd8821c3a2a23f72f4641471e0ab6486f4fb07b68111490a27a31681465b3c +protoc_darwin_arm64_SHA256SUM=26a29befa8891ecc48809958c909d284f2b9539a2eb47f22cadc631fe6abe8fd .PRECIOUS: $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -516,10 +516,10 @@ $(DOWNLOAD_DIR)/tools/protoc@$(PROTOC_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWN chmod +x $(outfile); \ rm -f $(outfile).zip -trivy_linux_amd64_SHA256SUM=b9785455f711e3116c0a97b01ad6be334895143ed680a405e88a4c4c19830d5d -trivy_linux_arm64_SHA256SUM=a192edfcef8766fa7e3e96a6a5faf50cd861371785891857471548e4af7cb60b -trivy_darwin_amd64_SHA256SUM=997622dee1d07de0764f903b72d16ec4314daaf202d91c957137b4fd1a2f73c3 -trivy_darwin_arm64_SHA256SUM=68aa451f395fa5418f5af59ce4081ef71075c857b95a297dc61da49c6a229a45 +trivy_linux_amd64_SHA256SUM=b0d135815867246baba52f608f4af84beca90cfeb17a9ce407a21acca760ace1 +trivy_linux_arm64_SHA256SUM=1be1dee3a5e013528374f25391d6ba84e2a10fda59f4e98431e30d9c4975762b +trivy_darwin_amd64_SHA256SUM=744f5e8c5c09c1e5ec6ec6a0570f779d89964c0a91ab60b4e59b284cdd3e1576 +trivy_darwin_arm64_SHA256SUM=e78a0db86f6364e756d5e058316c7815a747fc7fd8e8e984e3baf5830166ec63 .PRECIOUS: $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -533,10 +533,10 @@ $(DOWNLOAD_DIR)/tools/trivy@$(TRIVY_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLO chmod +x $(outfile); \ rm $(outfile).tar.gz -ytt_linux_amd64_SHA256SUM=9bf62175c7cc0b54f9731a5b87ee40250f0457b1fce1b0b36019c2f8d96db8f8 -ytt_linux_arm64_SHA256SUM=cbfc85f11ffd8e61d63accf799b8997caaebe46ee046290cc1c4d05ed1ab145b -ytt_darwin_amd64_SHA256SUM=2b6d173dec1b6087e22690386474786fd9a2232c4479d8975cc98ae8160eea76 -ytt_darwin_arm64_SHA256SUM=3e6f092bfe7a121d15126a0de6503797818c6b6745fbc97213f519d35fab08f9 +ytt_linux_amd64_SHA256SUM=357ec754446b1eda29dd529e088f617e85809726c686598ab03cfc1c79f43b56 +ytt_linux_arm64_SHA256SUM=a2d195b058884c0e36a918936076965b8efb426f7e00f6b7d7b99b82737c7299 +ytt_darwin_amd64_SHA256SUM=71b5ea38bfc7a9748c35ce0735fd6f806dce46bd5c9039d527050c7682e62a70 +ytt_darwin_arm64_SHA256SUM=0658db4af8263ca091ca31e4b599cb40c324b75934660a4c0ed98ad9b701f7e9 .PRECIOUS: $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools @@ -545,10 +545,10 @@ $(DOWNLOAD_DIR)/tools/ytt@$(YTT_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_D $(checkhash_script) $(outfile) $(ytt_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -rclone_linux_amd64_SHA256SUM=7ebdb680e615f690bd52c661487379f9df8de648ecf38743e49fe12c6ace6dc7 -rclone_linux_arm64_SHA256SUM=b5a6cb3aef4fd1a2165fb8c21b1b1705f3cb754a202adc81931b47cd39c64749 -rclone_darwin_amd64_SHA256SUM=9ef83833296876f3182b87030b4f2e851b56621bad4ca4d7a14753553bb8b640 -rclone_darwin_arm64_SHA256SUM=9183f495b28acb12c872175c6af1f6ba8ca677650cb9d2774caefea273294c8a +rclone_linux_amd64_SHA256SUM=b4d304b1dc76001b1d3bb820ae8d1ae60a072afbd3296be904a3ee00b3d4fab9 +rclone_linux_arm64_SHA256SUM=c50a3ab93082f21788f9244393b19f2426edeeb896eec2e3e05ffb2e8727e075 +rclone_darwin_amd64_SHA256SUM=5adb4c5fe0675627461000a63156001301ec7cade966c55c8c4ebcfaeb62c5ae +rclone_darwin_arm64_SHA256SUM=b5f4c4d06ff3d426aee99870ad437276c9ddaad55442f2df6a58b918115fe4cf .PRECIOUS: $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/rclone@$(RCLONE_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools From 403e48425278ce93e83b57975b52e7dc5eb853b2 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Sat, 4 May 2024 09:47:06 +0200 Subject: [PATCH 104/177] fix breaking cmctl change -v now requires a level Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- hack/verify-upgrade.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hack/verify-upgrade.sh b/hack/verify-upgrade.sh index 6aedc2736fa..ee665e4bd91 100755 --- a/hack/verify-upgrade.sh +++ b/hack/verify-upgrade.sh @@ -84,7 +84,7 @@ $helm upgrade \ "$HELM_CHART" # Wait for the cert-manager api to be available -$cmctl check api --wait=2m -v +$cmctl check api --wait=2m -v=5 echo "+++ Creating some cert-manager resources.." @@ -100,7 +100,7 @@ $kubectl wait --for=condition=Ready cert/test1 --timeout=180s make e2e-setup-certmanager # Wait for the cert-manager api to be available -$cmctl check api --wait=2m -v +$cmctl check api --wait=2m -v=5 # Test that the existing cert-manager resources can still be retrieved $kubectl get issuer/selfsigned-issuer cert/test1 @@ -145,7 +145,7 @@ $kubectl wait \ --namespace "${NAMESPACE}" # Wait for the cert-manager api to be available -$cmctl check api --wait=2m -v +$cmctl check api --wait=2m -v=5 # Create a cert-manager issuer and cert $kubectl apply -f "${REPO_ROOT}/test/fixtures/cert-manager-resources.yaml" --selector=test="first" @@ -187,7 +187,7 @@ until $rollout_cmd; do done # Wait for the cert-manager api to be available -$cmctl check api --wait=2m -v +$cmctl check api --wait=2m -v=5 # Test that the existing cert-manager resources can still be retrieved $kubectl get issuer/selfsigned-issuer cert/test1 From 52320fbeeab57434e4f1e1bdaa80dc9fb2fa1357 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 30 Apr 2024 10:37:22 +0200 Subject: [PATCH 105/177] fix contextcheck linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - cmd/acmesolver/app/app.go | 6 +- cmd/cainjector/app/controller.go | 1 + cmd/controller/app/controller.go | 18 ++-- internal/vault/vault.go | 14 +-- internal/vault/vault_test.go | 5 +- pkg/controller/acmechallenges/sync.go | 2 +- pkg/controller/builder.go | 6 +- .../certificaterequests/vault/vault.go | 2 +- .../certificaterequests/vault/vault_test.go | 2 +- .../requestmanager_controller.go | 6 +- .../certificatesigningrequests/vault/vault.go | 2 +- .../vault/vault_test.go | 10 +- pkg/controller/context.go | 5 - pkg/controller/controller.go | 19 ++-- pkg/controller/register.go | 4 +- pkg/healthz/healthz.go | 2 + pkg/issuer/acme/dns/acmedns/acmedns.go | 5 +- pkg/issuer/acme/dns/acmedns/acmedns_test.go | 3 +- pkg/issuer/acme/dns/akamai/akamai.go | 17 ++- pkg/issuer/acme/dns/akamai/akamai_test.go | 30 +++--- pkg/issuer/acme/dns/azuredns/azuredns.go | 22 ++-- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 6 +- pkg/issuer/acme/dns/clouddns/clouddns.go | 59 +++++----- pkg/issuer/acme/dns/clouddns/clouddns_test.go | 24 ++--- pkg/issuer/acme/dns/cloudflare/cloudflare.go | 34 +++--- .../acme/dns/cloudflare/cloudflare_test.go | 11 +- .../acme/dns/digitalocean/digitalocean.go | 29 +++-- .../dns/digitalocean/digitalocean_test.go | 5 +- pkg/issuer/acme/dns/dns.go | 35 +++--- pkg/issuer/acme/dns/route53/route53.go | 34 +++--- pkg/issuer/acme/dns/route53/route53_test.go | 20 ++-- pkg/issuer/acme/dns/util/dns.go | 5 +- pkg/issuer/acme/dns/util/wait.go | 50 ++++----- pkg/issuer/acme/dns/util/wait_test.go | 31 +++--- pkg/issuer/acme/dns/util_test.go | 5 +- pkg/issuer/vault/setup.go | 2 +- pkg/webhook/server/server.go | 10 +- test/acme/util.go | 4 +- test/e2e/e2e.go | 13 +-- test/e2e/framework/addon/base/base.go | 6 +- test/e2e/framework/addon/chart/addon.go | 36 +++---- test/e2e/framework/addon/globals.go | 9 +- test/e2e/framework/addon/internal/globals.go | 6 +- test/e2e/framework/addon/vault/proxy.go | 13 ++- test/e2e/framework/addon/vault/setup.go | 92 +++++++--------- test/e2e/framework/addon/vault/vault.go | 26 ++--- test/e2e/framework/addon/venafi/cloud.go | 12 +-- test/e2e/framework/addon/venafi/tpp.go | 12 +-- test/e2e/framework/cleanup.go | 15 +-- test/e2e/framework/framework.go | 20 ++-- .../framework/helper/certificaterequests.go | 20 ++-- test/e2e/framework/helper/certificates.go | 46 ++++---- .../helper/certificatesigningrequests.go | 6 +- test/e2e/framework/helper/pod_start.go | 10 +- test/e2e/framework/helper/secret.go | 6 +- test/e2e/framework/testenv.go | 16 +-- .../certificates/additionaloutputformats.go | 13 +-- .../suite/certificates/duplicatesecretname.go | 18 ++-- .../suite/certificates/literalsubjectrdns.go | 6 +- test/e2e/suite/certificates/othernamesan.go | 11 +- test/e2e/suite/certificates/secrettemplate.go | 87 +++++++-------- .../conformance/certificates/acme/acme.go | 64 +++++------ .../suite/conformance/certificates/ca/ca.go | 22 ++-- .../certificates/external/external.go | 8 +- .../certificates/selfsigned/selfsigned.go | 16 +-- .../suite/conformance/certificates/suite.go | 12 ++- .../suite/conformance/certificates/tests.go | 80 +++++++------- .../certificates/vault/vault_approle.go | 36 +++---- .../conformance/certificates/venafi/venafi.go | 22 ++-- .../certificates/venaficloud/cloud.go | 22 ++-- .../certificatesigningrequests/acme/acme.go | 10 +- .../certificatesigningrequests/acme/dns01.go | 16 +-- .../certificatesigningrequests/acme/http01.go | 16 +-- .../certificatesigningrequests/ca/ca.go | 22 ++-- .../selfsigned/selfsigned.go | 24 ++--- .../certificatesigningrequests/suite.go | 19 ++-- .../certificatesigningrequests/tests.go | 16 +-- .../vault/approle.go | 36 +++---- .../vault/kubernetes.go | 34 +++--- .../venafi/cloud.go | 22 ++-- .../certificatesigningrequests/venafi/tpp.go | 18 ++-- .../suite/issuers/acme/certificate/http01.go | 63 +++++------ .../issuers/acme/certificate/notafter.go | 19 ++-- .../suite/issuers/acme/certificate/webhook.go | 33 +++--- .../issuers/acme/certificaterequest/dns01.go | 25 ++--- .../issuers/acme/certificaterequest/http01.go | 39 +++---- .../issuers/acme/dnsproviders/rfc2136.go | 6 +- test/e2e/suite/issuers/acme/issuer.go | 27 ++--- test/e2e/suite/issuers/ca/certificate.go | 45 ++++---- .../suite/issuers/ca/certificaterequest.go | 29 ++--- test/e2e/suite/issuers/ca/clusterissuer.go | 11 +- test/e2e/suite/issuers/ca/issuer.go | 9 +- .../suite/issuers/selfsigned/certificate.go | 25 ++--- .../issuers/selfsigned/certificaterequest.go | 33 +++--- .../issuers/vault/certificate/approle.go | 43 ++++---- .../vault/certificaterequest/approle.go | 43 ++++---- test/e2e/suite/issuers/vault/issuer.go | 41 +++---- test/e2e/suite/issuers/vault/mtls.go | 101 +++++++++--------- test/e2e/suite/issuers/venafi/cloud/setup.go | 9 +- .../suite/issuers/venafi/tpp/certificate.go | 5 +- .../issuers/venafi/tpp/certificaterequest.go | 11 +- test/e2e/suite/issuers/venafi/tpp/setup.go | 15 +-- test/e2e/suite/serving/cainjector.go | 7 +- test/e2e/util/util.go | 28 ++--- .../acme/orders_controller_test.go | 1 - ...erates_new_private_key_per_request_test.go | 18 ++-- .../certificates/issuing_controller_test.go | 8 +- .../certificates/metrics_controller_test.go | 1 - .../revisionmanager_controller_test.go | 1 - .../certificates/trigger_controller_test.go | 3 - test/integration/framework/helpers.go | 10 +- 112 files changed, 1147 insertions(+), 1122 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 73c76c4c2d8..4a3c8779219 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -3,7 +3,6 @@ issues: - linters: - dogsled - errcheck - - contextcheck - promlinter - errname - exhaustive diff --git a/cmd/acmesolver/app/app.go b/cmd/acmesolver/app/app.go index b14569f5b51..cd638b10230 100644 --- a/cmd/acmesolver/app/app.go +++ b/cmd/acmesolver/app/app.go @@ -54,11 +54,13 @@ func NewACMESolverCommand(_ context.Context) *cobra.Command { go func() { defer close(completedCh) <-runCtx.Done() + // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := s.Shutdown(ctx); err != nil { + // nolint: contextcheck + if err := s.Shutdown(shutdownCtx); err != nil { log.Error(err, "error shutting down acmesolver server") } }() diff --git a/cmd/cainjector/app/controller.go b/cmd/cainjector/app/controller.go index c2b891db2b4..a242bfc1bdf 100644 --- a/cmd/cainjector/app/controller.go +++ b/cmd/cainjector/app/controller.go @@ -118,6 +118,7 @@ func Run(opts *config.CAInjectorConfiguration, ctx context.Context) error { shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() + // nolint: contextcheck return server.Shutdown(shutdownCtx) })) diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 269bb0d84cf..9490c3ca1d6 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -116,13 +116,11 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error { g.Go(func() error { <-rootCtx.Done() // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := metricsServer.Shutdown(ctx); err != nil { - return err - } - return nil + // nolint: contextcheck + return metricsServer.Shutdown(shutdownCtx) }) g.Go(func() error { log.V(logf.InfoLevel).Info("starting metrics server", "address", metricsLn.Addr()) @@ -149,13 +147,11 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error { g.Go(func() error { <-rootCtx.Done() // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := profilerServer.Shutdown(ctx); err != nil { - return err - } - return nil + // nolint: contextcheck + return profilerServer.Shutdown(shutdownCtx) }) g.Go(func() error { log.V(logf.InfoLevel).Info("starting profiler", "address", profilerLn.Addr()) @@ -250,7 +246,7 @@ func Run(rootCtx context.Context, opts *config.ControllerConfiguration) error { g.Go(func() error { log.V(logf.InfoLevel).Info("starting controller") - return iface.Run(opts.NumberOfConcurrentWorkers, rootCtx.Done()) + return iface.Run(opts.NumberOfConcurrentWorkers, rootCtx) }) } diff --git a/internal/vault/vault.go b/internal/vault/vault.go index e9a24307b46..5bf82cebd9b 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -45,7 +45,7 @@ var _ Interface = &Vault{} // ClientBuilder is a function type that returns a new Interface. // Can be used in tests to create a mock signer of Vault certificate requests. -type ClientBuilder func(namespace string, _ func(ns string) CreateToken, _ internalinformers.SecretLister, _ v1.GenericIssuer) (Interface, error) +type ClientBuilder func(ctx context.Context, namespace string, _ func(ns string) CreateToken, _ internalinformers.SecretLister, _ v1.GenericIssuer) (Interface, error) // Interface implements various high level functionality related to connecting // with a Vault server, verifying its status and signing certificate request for @@ -95,7 +95,7 @@ type Vault struct { // secrets lister. // Returned errors may be network failures and should be considered for // retrying. -func New(namespace string, createTokenFn func(ns string) CreateToken, secretsLister internalinformers.SecretLister, issuer v1.GenericIssuer) (Interface, error) { +func New(ctx context.Context, namespace string, createTokenFn func(ns string) CreateToken, secretsLister internalinformers.SecretLister, issuer v1.GenericIssuer) (Interface, error) { v := &Vault{ createToken: createTokenFn(namespace), secretsLister: secretsLister, @@ -120,7 +120,7 @@ func New(namespace string, createTokenFn func(ns string) CreateToken, secretsLis // Use the (maybe) namespaced client to authenticate. // If a Vault namespace is configured, then the authentication endpoints are // expected to be in that namespace. - if err := v.setToken(clientNS); err != nil { + if err := v.setToken(ctx, clientNS); err != nil { return nil, err } @@ -180,7 +180,7 @@ func (v *Vault) Sign(csrPEM []byte, duration time.Duration) (cert []byte, ca []b return extractCertificatesFromVaultCertificateSecret(&vaultResult) } -func (v *Vault) setToken(client Client) error { +func (v *Vault) setToken(ctx context.Context, client Client) error { // IMPORTANT: Because of backwards compatibility with older versions that // incorrectly allowed multiple authentication methods to be specified at // the time of validation, we must still allow multiple authentication methods @@ -212,7 +212,7 @@ func (v *Vault) setToken(client Client) error { kubernetesAuth := v.issuer.GetSpec().Vault.Auth.Kubernetes if kubernetesAuth != nil { - token, err := v.requestTokenWithKubernetesAuth(client, kubernetesAuth) + token, err := v.requestTokenWithKubernetesAuth(ctx, client, kubernetesAuth) if err != nil { return fmt.Errorf("while requesting a Vault token using the Kubernetes auth: %w", err) } @@ -429,7 +429,7 @@ func (v *Vault) requestTokenWithAppRoleRef(client Client, appRole *v1.VaultAppRo return token, nil } -func (v *Vault) requestTokenWithKubernetesAuth(client Client, kubernetesAuth *v1.VaultKubernetesAuth) (string, error) { +func (v *Vault) requestTokenWithKubernetesAuth(ctx context.Context, client Client, kubernetesAuth *v1.VaultKubernetesAuth) (string, error) { var jwt string switch { case kubernetesAuth.SecretRef.Name != "": @@ -460,7 +460,7 @@ func (v *Vault) requestTokenWithKubernetesAuth(client Client, kubernetesAuth *v1 audiences := append([]string(nil), kubernetesAuth.ServiceAccountRef.TokenAudiences...) audiences = append(audiences, defaultAudience) - tokenrequest, err := v.createToken(context.Background(), kubernetesAuth.ServiceAccountRef.Name, &authv1.TokenRequest{ + tokenrequest, err := v.createToken(ctx, kubernetesAuth.ServiceAccountRef.Name, &authv1.TokenRequest{ Spec: authv1.TokenRequestSpec{ // Default audience is generated by cert-manager. // This is the most secure configuration as vault role must explicitly mandate the audience. diff --git a/internal/vault/vault_test.go b/internal/vault/vault_test.go index 95ee32de98c..03838e0a08a 100644 --- a/internal/vault/vault_test.go +++ b/internal/vault/vault_test.go @@ -871,7 +871,7 @@ func TestSetToken(t *testing.T) { issuer: test.issuer, } - err := v.setToken(test.fakeClient) + err := v.setToken(context.TODO(), test.fakeClient) if ((test.expectedErr == nil) != (err == nil)) && test.expectedErr != nil && test.expectedErr.Error() != err.Error() { @@ -1511,6 +1511,7 @@ func TestNewWithVaultNamespaces(t *testing.T) { tc := tc t.Run(tc.name, func(t *testing.T) { c, err := New( + context.TODO(), "k8s-ns1", func(ns string) CreateToken { return nil }, listers.FakeSecretListerFrom(listers.NewFakeSecretLister(), @@ -1567,6 +1568,7 @@ func TestIsVaultInitiatedAndUnsealedIntegration(t *testing.T) { defer server.Close() v, err := New( + context.TODO(), "k8s-ns1", func(ns string) CreateToken { return nil }, listers.FakeSecretListerFrom(listers.NewFakeSecretLister(), @@ -1632,6 +1634,7 @@ func TestSignIntegration(t *testing.T) { defer server.Close() v, err := New( + context.TODO(), "k8s-ns1", func(ns string) CreateToken { return nil }, listers.FakeSecretListerFrom(listers.NewFakeSecretLister(), diff --git a/pkg/controller/acmechallenges/sync.go b/pkg/controller/acmechallenges/sync.go index b49583b270a..895d046b9ce 100644 --- a/pkg/controller/acmechallenges/sync.go +++ b/pkg/controller/acmechallenges/sync.go @@ -160,7 +160,7 @@ func (c *controller) Sync(ctx context.Context, chOriginal *cmacme.Challenge) (er // means no CAA check is performed by ACME server or if any valid // CAA would stop issuance (strongly suspect the former) if len(dir.CAA) != 0 { - err := dnsutil.ValidateCAA(ch.Spec.DNSName, dir.CAA, ch.Spec.Wildcard, c.dns01Nameservers) + err := dnsutil.ValidateCAA(ctx, ch.Spec.DNSName, dir.CAA, ch.Spec.Wildcard, c.dns01Nameservers) if err != nil { ch.Status.Reason = fmt.Sprintf("CAA self-check failed: %s", err) return err diff --git a/pkg/controller/builder.go b/pkg/controller/builder.go index 18475cd2b77..a9f8f227593 100644 --- a/pkg/controller/builder.go +++ b/pkg/controller/builder.go @@ -20,8 +20,6 @@ import ( "context" "fmt" "time" - - logf "github.com/cert-manager/cert-manager/pkg/logs" ) // Builder is used to build controllers that implement the queuingController @@ -72,8 +70,6 @@ func (b *Builder) Complete() (Interface, error) { return nil, err } - ctx := logf.NewContext(controllerctx.RootContext, logf.FromContext(controllerctx.RootContext), b.name) - if b.impl == nil { return nil, fmt.Errorf("controller implementation must be non-nil") } @@ -82,5 +78,5 @@ func (b *Builder) Complete() (Interface, error) { return nil, fmt.Errorf("error registering controller: %v", err) } - return NewController(ctx, b.name, controllerctx.Metrics, b.impl.ProcessItem, mustSync, b.runDurationFuncs, queue), nil + return NewController(b.name, controllerctx.Metrics, b.impl.ProcessItem, mustSync, b.runDurationFuncs, queue), nil } diff --git a/pkg/controller/certificaterequests/vault/vault.go b/pkg/controller/certificaterequests/vault/vault.go index ef0d7b3b7c7..242f923a576 100644 --- a/pkg/controller/certificaterequests/vault/vault.go +++ b/pkg/controller/certificaterequests/vault/vault.go @@ -78,7 +78,7 @@ func (v *Vault) Sign(ctx context.Context, cr *v1.CertificateRequest, issuerObj v resourceNamespace := v.issuerOptions.ResourceNamespace(issuerObj) - client, err := v.vaultClientBuilder(resourceNamespace, v.createTokenFn, v.secretsLister, issuerObj) + client, err := v.vaultClientBuilder(ctx, resourceNamespace, v.createTokenFn, v.secretsLister, issuerObj) if k8sErrors.IsNotFound(err) { message := "Required secret resource not found" diff --git a/pkg/controller/certificaterequests/vault/vault_test.go b/pkg/controller/certificaterequests/vault/vault_test.go index 2224eb91295..6996b4c6713 100644 --- a/pkg/controller/certificaterequests/vault/vault_test.go +++ b/pkg/controller/certificaterequests/vault/vault_test.go @@ -521,7 +521,7 @@ func runTest(t *testing.T, test testT) { vault := NewVault(test.builder.Context).(*Vault) if test.fakeVault != nil { - vault.vaultClientBuilder = func(ns string, _ func(ns string) internalvault.CreateToken, sl internalinformers.SecretLister, + vault.vaultClientBuilder = func(_ context.Context, ns string, _ func(ns string) internalvault.CreateToken, sl internalinformers.SecretLister, iss cmapi.GenericIssuer) (internalvault.Interface, error) { return test.fakeVault.New(ns, sl, iss) } diff --git a/pkg/controller/certificates/requestmanager/requestmanager_controller.go b/pkg/controller/certificates/requestmanager/requestmanager_controller.go index 0bdb6628a33..75c9ef10fdc 100644 --- a/pkg/controller/certificates/requestmanager/requestmanager_controller.go +++ b/pkg/controller/certificates/requestmanager/requestmanager_controller.go @@ -430,14 +430,14 @@ func (c *controller) createNewCertificateRequest(ctx context.Context, crt *cmapi return nil } - if err := c.waitForCertificateRequestToExist(cr.Namespace, cr.Name); err != nil { + if err := c.waitForCertificateRequestToExist(ctx, cr.Namespace, cr.Name); err != nil { return fmt.Errorf("failed whilst waiting for CertificateRequest to exist - this may indicate an apiserver running slowly. Request will be retried. %w", err) } return nil } -func (c *controller) waitForCertificateRequestToExist(namespace, name string) error { - return wait.PollUntilContextTimeout(context.TODO(), time.Millisecond*100, time.Second*5, false, func(ctx context.Context) (bool, error) { +func (c *controller) waitForCertificateRequestToExist(ctx context.Context, namespace, name string) error { + return wait.PollUntilContextTimeout(ctx, time.Millisecond*100, time.Second*5, false, func(_ context.Context) (bool, error) { _, err := c.certificateRequestLister.CertificateRequests(namespace).Get(name) if apierrors.IsNotFound(err) { return false, nil diff --git a/pkg/controller/certificatesigningrequests/vault/vault.go b/pkg/controller/certificatesigningrequests/vault/vault.go index cf5dca0490d..2ffff36205c 100644 --- a/pkg/controller/certificatesigningrequests/vault/vault.go +++ b/pkg/controller/certificatesigningrequests/vault/vault.go @@ -89,7 +89,7 @@ func (v *Vault) Sign(ctx context.Context, csr *certificatesv1.CertificateSigning resourceNamespace := v.issuerOptions.ResourceNamespace(issuerObj) createTokenFn := func(ns string) internalvault.CreateToken { return v.kclient.CoreV1().ServiceAccounts(ns).CreateToken } - client, err := v.clientBuilder(resourceNamespace, createTokenFn, v.secretsLister, issuerObj) + client, err := v.clientBuilder(ctx, resourceNamespace, createTokenFn, v.secretsLister, issuerObj) if apierrors.IsNotFound(err) { message := "Required secret resource not found" log.Error(err, message) diff --git a/pkg/controller/certificatesigningrequests/vault/vault_test.go b/pkg/controller/certificatesigningrequests/vault/vault_test.go index f4b52897755..5c457f41d38 100644 --- a/pkg/controller/certificatesigningrequests/vault/vault_test.go +++ b/pkg/controller/certificatesigningrequests/vault/vault_test.go @@ -130,7 +130,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return nil, apierrors.NewNotFound(schema.GroupResource{}, "test-secret") }, builder: &testpkg.Builder{ @@ -191,7 +191,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return nil, errors.New("generic error") }, expectedErr: true, @@ -235,7 +235,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return fakevault.New(), nil }, builder: &testpkg.Builder{ @@ -297,7 +297,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return fakevault.New().WithSign(nil, nil, errors.New("sign error")), nil }, builder: &testpkg.Builder{ @@ -358,7 +358,7 @@ func TestProcessItem(t *testing.T) { Status: corev1.ConditionTrue, }), ), - clientBuilder: func(_ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { + clientBuilder: func(_ context.Context, _ string, _ func(ns string) internalvault.CreateToken, _ internalinformers.SecretLister, _ cmapi.GenericIssuer) (internalvault.Interface, error) { return fakevault.New().WithSign([]byte("signed-cert"), []byte("signing-ca"), nil), nil }, builder: &testpkg.Builder{ diff --git a/pkg/controller/context.go b/pkg/controller/context.go index bb76b295c10..5b412195f84 100644 --- a/pkg/controller/context.go +++ b/pkg/controller/context.go @@ -75,10 +75,6 @@ type Context struct { // RootContext is the root context for the controller RootContext context.Context - // StopCh is a channel that will be closed when the controller is signalled - // to exit - StopCh <-chan struct{} - // FieldManager is the string that should be used as the field manager when // applying API object. This value is derived from the user agent. FieldManager string @@ -316,7 +312,6 @@ func NewContextFactory(ctx context.Context, opts ContextOptions) (*ContextFactor log: logf.FromContext(ctx), ctx: &Context{ RootContext: ctx, - StopCh: ctx.Done(), KubeSharedInformerFactory: kubeSharedInformerFactory, SharedInformerFactory: sharedInformerFactory, GWShared: gwSharedInformerFactory, diff --git a/pkg/controller/controller.go b/pkg/controller/controller.go index 72e7a6dc9e0..21132d389e0 100644 --- a/pkg/controller/controller.go +++ b/pkg/controller/controller.go @@ -45,7 +45,6 @@ type queueingController interface { } func NewController( - ctx context.Context, name string, metrics *metrics.Metrics, syncFunc func(ctx context.Context, key string) error, @@ -54,7 +53,6 @@ func NewController( queue workqueue.RateLimitingInterface, ) Interface { return &controller{ - ctx: ctx, name: name, metrics: metrics, syncHandler: syncFunc, @@ -65,9 +63,6 @@ func NewController( } type controller struct { - // ctx is the root golang context for the controller - ctx context.Context - // name is the name for this controller name string @@ -94,14 +89,14 @@ type controller struct { } // Run starts the controller loop -func (c *controller) Run(workers int, stopCh <-chan struct{}) error { - ctx, cancel := context.WithCancel(c.ctx) +func (c *controller) Run(workers int, ctx context.Context) error { + ctx, cancel := context.WithCancel(ctx) defer cancel() - log := logf.FromContext(ctx) + log := logf.FromContext(ctx, c.name) log.V(logf.DebugLevel).Info("starting control loop") // wait for all the informer caches we depend on are synced - if !cache.WaitForCacheSync(stopCh, c.mustSync...) { + if !cache.WaitForCacheSync(ctx.Done(), c.mustSync...) { return fmt.Errorf("error waiting for informer caches to sync") } @@ -120,10 +115,10 @@ func (c *controller) Run(workers int, stopCh <-chan struct{}) error { for _, f := range c.runDurationFuncs { f := f // capture range variable - go wait.Until(func() { f.fn(ctx) }, f.duration, stopCh) + go wait.Until(func() { f.fn(ctx) }, f.duration, ctx.Done()) } - <-stopCh + <-ctx.Done() log.V(logf.InfoLevel).Info("shutting down queue as workqueue signaled shutdown") c.queue.ShutDown() log.V(logf.DebugLevel).Info("waiting for workers to exit...") @@ -133,7 +128,7 @@ func (c *controller) Run(workers int, stopCh <-chan struct{}) error { } func (c *controller) worker(ctx context.Context) { - log := logf.FromContext(c.ctx) + log := logf.FromContext(ctx) log.V(logf.DebugLevel).Info("starting worker") for { diff --git a/pkg/controller/register.go b/pkg/controller/register.go index ccd6d6e0054..7a22d1feb77 100644 --- a/pkg/controller/register.go +++ b/pkg/controller/register.go @@ -16,6 +16,8 @@ limitations under the License. package controller +import "context" + // This file defines types for controllers to register themselves with the // controller package. @@ -26,7 +28,7 @@ type Interface interface { // run, and the workers should shut down upon a signal on stopCh. // This method should block until all workers have exited cleanly, thus // allowing for graceful shutdown of control loops. - Run(workers int, stopCh <-chan struct{}) error + Run(workers int, ctx context.Context) error } // Constructor is a function that creates a new control loop given a diff --git a/pkg/healthz/healthz.go b/pkg/healthz/healthz.go index 6f720ad75e0..efbf58105dc 100644 --- a/pkg/healthz/healthz.go +++ b/pkg/healthz/healthz.go @@ -83,6 +83,8 @@ func (o *Server) Start(ctx context.Context, l net.Listener) error { // allow a timeout for graceful shutdown shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() + + // nolint: contextcheck return o.server.Shutdown(shutdownCtx) }) return g.Wait() diff --git a/pkg/issuer/acme/dns/acmedns/acmedns.go b/pkg/issuer/acme/dns/acmedns/acmedns.go index 26427a664fb..98ee11f8dd5 100644 --- a/pkg/issuer/acme/dns/acmedns/acmedns.go +++ b/pkg/issuer/acme/dns/acmedns/acmedns.go @@ -25,6 +25,7 @@ limitations under the License. package acmedns import ( + "context" "encoding/json" "fmt" "os" @@ -66,7 +67,7 @@ func NewDNSProviderHostBytes(host string, accountJSON []byte, dns01Nameservers [ } // Present creates a TXT record to fulfil the dns-01 challenge -func (c *DNSProvider) Present(domain, fqdn, value string) error { +func (c *DNSProvider) Present(_ context.Context, domain, fqdn, value string) error { if account, exists := c.accounts[domain]; exists { // Update the acme-dns TXT record. return c.client.UpdateTXTRecord(account, value) @@ -77,7 +78,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { // CleanUp removes the record matching the specified parameters. It is not // implemented for the ACME-DNS provider. -func (c *DNSProvider) CleanUp(_, _, _ string) error { +func (c *DNSProvider) CleanUp(_ context.Context, _, _, _ string) error { // ACME-DNS doesn't support the notion of removing a record. For users of // ACME-DNS it is expected the stale records remain in-place. return nil diff --git a/pkg/issuer/acme/dns/acmedns/acmedns_test.go b/pkg/issuer/acme/dns/acmedns/acmedns_test.go index 40cde27bf0c..2c65fcc1519 100644 --- a/pkg/issuer/acme/dns/acmedns/acmedns_test.go +++ b/pkg/issuer/acme/dns/acmedns/acmedns_test.go @@ -17,6 +17,7 @@ limitations under the License. package acmedns import ( + "context" "os" "testing" @@ -75,6 +76,6 @@ func TestLiveAcmeDnsPresent(t *testing.T) { assert.NoError(t, err) // ACME-DNS requires 43 character keys or it throws a bad TXT error - err = provider.Present(acmednsDomain, "", "LG3tptA6W7T1vw4ujbmDxH2lLu6r8TUIqLZD3pzPmgE") + err = provider.Present(context.TODO(), acmednsDomain, "", "LG3tptA6W7T1vw4ujbmDxH2lLu6r8TUIqLZD3pzPmgE") assert.NoError(t, err) } diff --git a/pkg/issuer/acme/dns/akamai/akamai.go b/pkg/issuer/acme/dns/akamai/akamai.go index 05d1e819dcc..58777bed552 100644 --- a/pkg/issuer/acme/dns/akamai/akamai.go +++ b/pkg/issuer/acme/dns/akamai/akamai.go @@ -20,6 +20,7 @@ limitations under the License. package akamai import ( + "context" "fmt" "strings" @@ -50,7 +51,7 @@ type DNSProvider struct { serviceConsumerDomain string dnsclient OpenEdgegridDNSService TTL int - findHostedDomainByFqdn func(string, []string) (string, error) + findHostedDomainByFqdn func(context.Context, string, []string) (string, error) isNotFound func(error) bool log logr.Logger } @@ -85,8 +86,8 @@ func NewDNSProvider(serviceConsumerDomain, clientToken, clientSecret, accessToke return dnsp, nil } -func findHostedDomainByFqdn(fqdn string, ns []string) (string, error) { - zone, err := util.FindZoneByFqdn(fqdn, ns) +func findHostedDomainByFqdn(ctx context.Context, fqdn string, ns []string) (string, error) { + zone, err := util.FindZoneByFqdn(ctx, fqdn, ns) if err != nil { return "", err } @@ -95,11 +96,10 @@ func findHostedDomainByFqdn(fqdn string, ns []string) (string, error) { } // Present creates/updates a TXT record to fulfill the dns-01 challenge. -func (a *DNSProvider) Present(domain, fqdn, value string) error { - +func (a *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { logf.V(logf.DebugLevel).Infof("entering Present. domain: %s, fqdn: %s, value: %s", domain, fqdn, value) - hostedDomain, err := a.findHostedDomainByFqdn(fqdn, a.dns01Nameservers) + hostedDomain, err := a.findHostedDomainByFqdn(ctx, fqdn, a.dns01Nameservers) if err != nil { return fmt.Errorf("edgedns: failed to determine hosted domain for %q: %w", fqdn, err) } @@ -156,11 +156,10 @@ func (a *DNSProvider) Present(domain, fqdn, value string) error { } // CleanUp removes/updates the TXT record matching the specified parameters. -func (a *DNSProvider) CleanUp(domain, fqdn, value string) error { - +func (a *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { logf.V(logf.DebugLevel).Infof("entering CleanUp. domain: %s, fqdn: %s, value: %s", domain, fqdn, value) - hostedDomain, err := a.findHostedDomainByFqdn(fqdn, a.dns01Nameservers) + hostedDomain, err := a.findHostedDomainByFqdn(ctx, fqdn, a.dns01Nameservers) if err != nil { return fmt.Errorf("edgedns: failed to determine hosted domain for %q: %w", fqdn, err) } diff --git a/pkg/issuer/acme/dns/akamai/akamai_test.go b/pkg/issuer/acme/dns/akamai/akamai_test.go index 17caa573a3c..e66cdf98b90 100644 --- a/pkg/issuer/acme/dns/akamai/akamai_test.go +++ b/pkg/issuer/acme/dns/akamai/akamai_test.go @@ -17,6 +17,7 @@ limitations under the License. package akamai import ( + "context" "fmt" "reflect" "testing" @@ -53,8 +54,7 @@ type StubOpenDNSConfig struct { FuncErrors map[string]error } -func findStubHostedDomainByFqdn(fqdn string, ns []string) (string, error) { - +func findStubHostedDomainByFqdn(_ context.Context, fqdn string, ns []string) (string, error) { return "test.example.com", nil } @@ -93,7 +93,7 @@ func TestPresentBasicFlow(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.NoError(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -110,7 +110,7 @@ func TestPresentExists(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordSave"] = fmt.Errorf("Save not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.NoError(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -127,7 +127,7 @@ func TestPresentValueExists(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.NoError(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -144,7 +144,7 @@ func TestPresentFailGetRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.Error(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -160,7 +160,7 @@ func TestPresentFailSaveRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.Error(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -177,7 +177,7 @@ func TestPresentFailUpdateRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update failed") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.Present("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.Error(t, akamai.Present(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -194,7 +194,7 @@ func TestCleanUpBasicFlow(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordSave"] = fmt.Errorf("Save not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") - assert.NoError(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.NoError(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -211,7 +211,7 @@ func TestCleanUpExists(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordSave"] = fmt.Errorf("Save not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.NoError(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -228,7 +228,7 @@ func TestCleanUpExistsNoValue(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.NoError(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -245,7 +245,7 @@ func TestCleanUpNoRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.NoError(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01")) + assert.NoError(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01")) } @@ -262,7 +262,7 @@ func TestCleanUpFailGetRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.Error(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } @@ -279,7 +279,7 @@ func TestCleanUpFailUpdateRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update failed") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete not expected") - assert.Error(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) + assert.Error(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key-stub")) } @@ -296,7 +296,7 @@ func TestCleanUpFailDeleteRecord(t *testing.T) { akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordUpdate"] = fmt.Errorf("Update not expected") akamai.dnsclient.(*StubOpenDNSConfig).FuncErrors["RecordDelete"] = fmt.Errorf("Delete failed") - assert.Error(t, akamai.CleanUp("test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) + assert.Error(t, akamai.CleanUp(context.TODO(), "test.example.com", "_acme-challenge.test.example.com.", "dns01-key")) } diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index eecee07a8c0..da5a768e1ff 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -137,20 +137,20 @@ func getAuthorization(clientOpt policy.ClientOptions, clientID, clientSecret, te } // Present creates a TXT record using the specified parameters -func (c *DNSProvider) Present(domain, fqdn, value string) error { - return c.createRecord(fqdn, value, 60) +func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { + return c.createRecord(ctx, fqdn, value, 60) } // CleanUp removes the TXT record matching the specified parameters -func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { - z, err := c.getHostedZoneName(fqdn) +func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { + z, err := c.getHostedZoneName(ctx, fqdn) if err != nil { c.log.Error(err, "Error getting hosted zone name for fqdn", "fqdn", fqdn) return err } _, err = c.recordClient.Delete( - context.TODO(), + ctx, c.resourceGroupName, z, c.trimFqdn(fqdn, z), @@ -162,7 +162,7 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { return nil } -func (c *DNSProvider) createRecord(fqdn, value string, ttl int) error { +func (c *DNSProvider) createRecord(ctx context.Context, fqdn, value string, ttl int) error { rparams := &dns.RecordSet{ Properties: &dns.RecordSetProperties{ TTL: to.Ptr(int64(ttl)), @@ -172,13 +172,13 @@ func (c *DNSProvider) createRecord(fqdn, value string, ttl int) error { }, } - z, err := c.getHostedZoneName(fqdn) + z, err := c.getHostedZoneName(ctx, fqdn) if err != nil { return err } _, err = c.recordClient.CreateOrUpdate( - context.TODO(), + ctx, c.resourceGroupName, z, c.trimFqdn(fqdn, z), @@ -191,11 +191,11 @@ func (c *DNSProvider) createRecord(fqdn, value string, ttl int) error { return nil } -func (c *DNSProvider) getHostedZoneName(fqdn string) (string, error) { +func (c *DNSProvider) getHostedZoneName(ctx context.Context, fqdn string) (string, error) { if c.zoneName != "" { return c.zoneName, nil } - z, err := util.FindZoneByFqdn(fqdn, c.dns01Nameservers) + z, err := util.FindZoneByFqdn(ctx, fqdn, c.dns01Nameservers) if err != nil { return "", err } @@ -203,7 +203,7 @@ func (c *DNSProvider) getHostedZoneName(fqdn string) (string, error) { return "", fmt.Errorf("Zone %s not found for domain %s", z, fqdn) } - if _, err := c.zoneClient.Get(context.TODO(), c.resourceGroupName, util.UnFqdn(z), nil); err != nil { + if _, err := c.zoneClient.Get(ctx, c.resourceGroupName, util.UnFqdn(z), nil); err != nil { c.log.Error(err, "Error getting Zone for domain", "zone", z, "domain", fqdn, "resource group", c.resourceGroupName) return "", fmt.Errorf("Zone %s not found in AzureDNS for domain %s. Err: %v", z, fqdn, stabilizeError(err)) } diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index 1639136017e..1d5947e4bba 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -65,7 +65,7 @@ func TestLiveAzureDnsPresent(t *testing.T) { provider, err := NewDNSProviderCredentials("", azureClientID, azureClientSecret, azuresubscriptionID, azureTenantID, azureResourceGroupName, azureHostedZoneName, util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) assert.NoError(t, err) - err = provider.Present(azureDomain, "_acme-challenge."+azureDomain+".", "123d==") + err = provider.Present(context.TODO(), azureDomain, "_acme-challenge."+azureDomain+".", "123d==") assert.NoError(t, err) } @@ -79,7 +79,7 @@ func TestLiveAzureDnsCleanUp(t *testing.T) { provider, err := NewDNSProviderCredentials("", azureClientID, azureClientSecret, azuresubscriptionID, azureTenantID, azureResourceGroupName, azureHostedZoneName, util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) assert.NoError(t, err) - err = provider.CleanUp(azureDomain, "_acme-challenge."+azureDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), azureDomain, "_acme-challenge."+azureDomain+".", "123d==") assert.NoError(t, err) } @@ -375,7 +375,7 @@ func TestStabilizeResponseError(t *testing.T) { zoneClient: zc, } - err = dnsProvider.Present("test.com", "fqdn.test.com.", "test123") + err = dnsProvider.Present(context.TODO(), "test.com", "fqdn.test.com.", "test123") require.Error(t, err) require.ErrorContains(t, err, fmt.Sprintf(`Zone test.com. not found in AzureDNS for domain fqdn.test.com.. Err: GET %s/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Network/dnsZones/test.com -------------------------------------------------------------------------------- diff --git a/pkg/issuer/acme/dns/clouddns/clouddns.go b/pkg/issuer/acme/dns/clouddns/clouddns.go index 9f5d24c04d5..60e85aa2bb9 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns.go @@ -36,7 +36,7 @@ type DNSProvider struct { } // NewDNSProvider returns a new DNSProvider Instance with configuration -func NewDNSProvider(project string, saBytes []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProvider(ctx context.Context, project string, saBytes []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*DNSProvider, error) { // project is a required field if project == "" { return nil, fmt.Errorf("Google Cloud project name missing") @@ -47,11 +47,11 @@ func NewDNSProvider(project string, saBytes []byte, dns01Nameservers []string, a if !ambient { return nil, fmt.Errorf("unable to construct clouddns provider: empty credentials; perhaps you meant to enable ambient credentials?") } - return NewDNSProviderCredentials(project, dns01Nameservers, hostedZoneName) + return NewDNSProviderCredentials(ctx, project, dns01Nameservers, hostedZoneName) } // if service account data is provided, we instantiate using that if len(saBytes) != 0 { - return NewDNSProviderServiceAccountBytes(project, saBytes, dns01Nameservers, hostedZoneName) + return NewDNSProviderServiceAccountBytes(ctx, project, saBytes, dns01Nameservers, hostedZoneName) } return nil, fmt.Errorf("missing Google Cloud DNS provider credentials") } @@ -60,30 +60,31 @@ func NewDNSProvider(project string, saBytes []byte, dns01Nameservers []string, a // DNS. Project name must be passed in the environment variable: GCE_PROJECT. // A Service Account file can be passed in the environment variable: // GCE_SERVICE_ACCOUNT_FILE -func NewDNSProviderEnvironment(dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProviderEnvironment(ctx context.Context, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { project := os.Getenv("GCE_PROJECT") if saFile, ok := os.LookupEnv("GCE_SERVICE_ACCOUNT_FILE"); ok { - return NewDNSProviderServiceAccount(project, saFile, dns01Nameservers, hostedZoneName) + return NewDNSProviderServiceAccount(ctx, project, saFile, dns01Nameservers, hostedZoneName) } - return NewDNSProviderCredentials(project, dns01Nameservers, hostedZoneName) + return NewDNSProviderCredentials(ctx, project, dns01Nameservers, hostedZoneName) } // NewDNSProviderCredentials uses the supplied credentials to return a // DNSProvider instance configured for Google Cloud DNS. -func NewDNSProviderCredentials(project string, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProviderCredentials(ctx context.Context, project string, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { if project == "" { return nil, fmt.Errorf("Google Cloud project name missing") } - ctx := context.Background() client, err := google.DefaultClient(ctx, dns.NdevClouddnsReadwriteScope) if err != nil { return nil, fmt.Errorf("Unable to get Google Cloud client: %v", err) } + svc, err := dns.NewService(ctx, option.WithHTTPClient(client)) if err != nil { return nil, fmt.Errorf("Unable to create Google Cloud DNS service: %v", err) } + return &DNSProvider{ project: project, client: svc, @@ -95,7 +96,7 @@ func NewDNSProviderCredentials(project string, dns01Nameservers []string, hosted // NewDNSProviderServiceAccount uses the supplied service account JSON file to // return a DNSProvider instance configured for Google Cloud DNS. -func NewDNSProviderServiceAccount(project string, saFile string, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProviderServiceAccount(ctx context.Context, project string, saFile string, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { if project == "" { return nil, fmt.Errorf("Google Cloud project name missing") } @@ -107,12 +108,12 @@ func NewDNSProviderServiceAccount(project string, saFile string, dns01Nameserver if err != nil { return nil, fmt.Errorf("Unable to read Service Account file: %v", err) } - return NewDNSProviderServiceAccountBytes(project, dat, dns01Nameservers, hostedZoneName) + return NewDNSProviderServiceAccountBytes(ctx, project, dat, dns01Nameservers, hostedZoneName) } // NewDNSProviderServiceAccountBytes uses the supplied service account JSON // file data to return a DNSProvider instance configured for Google Cloud DNS. -func NewDNSProviderServiceAccountBytes(project string, saBytes []byte, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { +func NewDNSProviderServiceAccountBytes(ctx context.Context, project string, saBytes []byte, dns01Nameservers []string, hostedZoneName string) (*DNSProvider, error) { if project == "" { return nil, fmt.Errorf("Google Cloud project name missing") } @@ -125,7 +126,6 @@ func NewDNSProviderServiceAccountBytes(project string, saBytes []byte, dns01Name return nil, fmt.Errorf("Unable to acquire config: %v", err) } - ctx := context.Background() client := conf.Client(ctx) svc, err := dns.NewService(ctx, option.WithHTTPClient(client)) @@ -142,8 +142,8 @@ func NewDNSProviderServiceAccountBytes(project string, saBytes []byte, dns01Name } // Present creates a TXT record to fulfil the dns-01 challenge. -func (c *DNSProvider) Present(domain, fqdn, value string) error { - zone, err := c.getHostedZone(fqdn) +func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { + zone, err := c.getHostedZone(ctx, fqdn) if err != nil { return err } @@ -157,7 +157,12 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { change := &dns.Change{} // Look for existing records. - list, err := c.client.ResourceRecordSets.List(c.project, zone).Name(fqdn).Type("TXT").Do() + list, err := c.client.ResourceRecordSets. + List(c.project, zone). + Name(fqdn). + Type("TXT"). + Context(ctx). + Do() if err != nil { return err } @@ -180,7 +185,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } change.Additions = []*dns.ResourceRecordSet{rec} - chg, err := c.client.Changes.Create(c.project, zone, change).Do() + chg, err := c.client.Changes.Create(c.project, zone, change).Context(ctx).Do() if err != nil { return err } @@ -189,7 +194,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { for chg.Status == "pending" { time.Sleep(time.Second) - chg, err = c.client.Changes.Get(c.project, zone, chg.Id).Do() + chg, err = c.client.Changes.Get(c.project, zone, chg.Id).Context(ctx).Do() if err != nil { return err } @@ -199,13 +204,13 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } // CleanUp removes the TXT record matching the specified parameters. -func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { - zone, err := c.getHostedZone(fqdn) +func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { + zone, err := c.getHostedZone(ctx, fqdn) if err != nil { return err } - records, err := c.findTxtRecords(zone, fqdn, value) + records, err := c.findTxtRecords(ctx, zone, fqdn, value) if err != nil { return err } @@ -227,7 +232,7 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { } change.Additions = []*dns.ResourceRecordSet{filtered} } - _, err = c.client.Changes.Create(c.project, zone, change).Do() + _, err = c.client.Changes.Create(c.project, zone, change).Context(ctx).Do() if err != nil { return err } @@ -236,12 +241,12 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { } // getHostedZone returns the managed-zone -func (c *DNSProvider) getHostedZone(domain string) (string, error) { +func (c *DNSProvider) getHostedZone(ctx context.Context, domain string) (string, error) { if c.hostedZoneName != "" { return c.hostedZoneName, nil } - authZone, err := util.FindZoneByFqdn(util.ToFqdn(domain), c.dns01Nameservers) + authZone, err := util.FindZoneByFqdn(ctx, util.ToFqdn(domain), c.dns01Nameservers) if err != nil { return "", err } @@ -249,6 +254,7 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) { zones, err := c.client.ManagedZones. List(c.project). DnsName(authZone). + Context(ctx). Do() if err != nil { return "", fmt.Errorf("GoogleCloud API call failed: %v", err) @@ -270,8 +276,11 @@ func (c *DNSProvider) getHostedZone(domain string) (string, error) { return zones.ManagedZones[0].Name, nil } -func (c *DNSProvider) findTxtRecords(zone, fqdn, value string) ([]*dns.ResourceRecordSet, error) { - recs, err := c.client.ResourceRecordSets.List(c.project, zone).Do() +func (c *DNSProvider) findTxtRecords(ctx context.Context, zone, fqdn, value string) ([]*dns.ResourceRecordSet, error) { + recs, err := c.client.ResourceRecordSets. + List(c.project, zone). + Context(ctx). + Do() if err != nil { return nil, err } diff --git a/pkg/issuer/acme/dns/clouddns/clouddns_test.go b/pkg/issuer/acme/dns/clouddns/clouddns_test.go index 7c2591c3bb5..d40b1e08f43 100644 --- a/pkg/issuer/acme/dns/clouddns/clouddns_test.go +++ b/pkg/issuer/acme/dns/clouddns/clouddns_test.go @@ -41,7 +41,7 @@ func TestNewDNSProviderValid(t *testing.T) { t.Skip("skipping live test (requires credentials)") } t.Setenv("GCE_PROJECT", "") - _, err := NewDNSProviderCredentials("my-project", util.RecursiveNameservers, "") + _, err := NewDNSProviderCredentials(context.TODO(), "my-project", util.RecursiveNameservers, "") assert.NoError(t, err) } @@ -50,13 +50,13 @@ func TestNewDNSProviderValidEnv(t *testing.T) { t.Skip("skipping live test (requires credentials)") } t.Setenv("GCE_PROJECT", "my-project") - _, err := NewDNSProviderEnvironment(util.RecursiveNameservers, "") + _, err := NewDNSProviderEnvironment(context.TODO(), util.RecursiveNameservers, "") assert.NoError(t, err) } func TestNewDNSProviderMissingCredErr(t *testing.T) { t.Setenv("GCE_PROJECT", "") - _, err := NewDNSProviderEnvironment(util.RecursiveNameservers, "") + _, err := NewDNSProviderEnvironment(context.TODO(), util.RecursiveNameservers, "") assert.EqualError(t, err, "Google Cloud project name missing") } @@ -65,10 +65,10 @@ func TestLiveGoogleCloudPresent(t *testing.T) { t.Skip("skipping live test") } - provider, err := NewDNSProviderCredentials(gcloudProject, util.RecursiveNameservers, "") + provider, err := NewDNSProviderCredentials(context.TODO(), gcloudProject, util.RecursiveNameservers, "") assert.NoError(t, err) - err = provider.Present(gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") + err = provider.Present(context.TODO(), gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") assert.NoError(t, err) } @@ -77,13 +77,13 @@ func TestLiveGoogleCloudPresentMultiple(t *testing.T) { t.Skip("skipping live test") } - provider, err := NewDNSProviderCredentials(gcloudProject, util.RecursiveNameservers, "") + provider, err := NewDNSProviderCredentials(context.TODO(), gcloudProject, util.RecursiveNameservers, "") assert.NoError(t, err) // Check that we're able to create multiple entries - err = provider.Present(gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") + err = provider.Present(context.TODO(), gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") assert.NoError(t, err) - err = provider.Present(gcloudDomain, "_acme-challenge."+gcloudDomain+".", "1123d==") + err = provider.Present(context.TODO(), gcloudDomain, "_acme-challenge."+gcloudDomain+".", "1123d==") assert.NoError(t, err) } @@ -94,10 +94,10 @@ func TestLiveGoogleCloudCleanUp(t *testing.T) { time.Sleep(time.Second * 1) - provider, err := NewDNSProviderCredentials(gcloudProject, util.RecursiveNameservers, "") + provider, err := NewDNSProviderCredentials(context.TODO(), gcloudProject, util.RecursiveNameservers, "") assert.NoError(t, err) - err = provider.CleanUp(gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), gcloudDomain, "_acme-challenge."+gcloudDomain+".", "123d==") assert.NoError(t, err) } @@ -106,7 +106,7 @@ func TestDNSProvider_getHostedZone(t *testing.T) { t.Skip("skipping live test") } - testProvider, err := NewDNSProviderCredentials("my-project", util.RecursiveNameservers, "test-zone") + testProvider, err := NewDNSProviderCredentials(context.TODO(), "my-project", util.RecursiveNameservers, "test-zone") assert.NoError(t, err) type args struct { @@ -130,7 +130,7 @@ func TestDNSProvider_getHostedZone(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { c := tt.provider - got, err := c.getHostedZone(tt.args.domain) + got, err := c.getHostedZone(context.TODO(), tt.args.domain) if (err != nil) != tt.wantErr { t.Errorf("getHostedZone() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare.go b/pkg/issuer/acme/dns/cloudflare/cloudflare.go index 91a005f314c..c9284dce1e7 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare.go @@ -12,6 +12,7 @@ package cloudflare import ( "bytes" + "context" "encoding/json" "errors" "fmt" @@ -34,7 +35,7 @@ const cloudFlareMaxBodySize = 1024 * 1024 // 1mb // DNSProviderType is the Mockable Interface type DNSProviderType interface { - makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) + makeRequest(ctx context.Context, method, uri string, body io.Reader) (json.RawMessage, error) } // DNSProvider is an implementation of the acme.ChallengeProvider interface @@ -104,7 +105,7 @@ func NewDNSProviderCredentials(email, key, token string, dns01Nameservers []stri // // It will try to call the API for each branch (from bottom to top) and see if there's a Zone-Record returned. // Calling See https://api.cloudflare.com/#zone-list-zones -func FindNearestZoneForFQDN(c DNSProviderType, fqdn string) (DNSZone, error) { +func FindNearestZoneForFQDN(ctx context.Context, c DNSProviderType, fqdn string) (DNSZone, error) { if fqdn == "" { return DNSZone{}, fmt.Errorf("FindNearestZoneForFQDN: FQDN-Parameter can't be empty, please specify a domain!") } @@ -121,7 +122,7 @@ func FindNearestZoneForFQDN(c DNSProviderType, fqdn string) (DNSZone, error) { continue } lastErr = nil - result, err := c.makeRequest("GET", "/zones?name="+nextName, nil) + result, err := c.makeRequest(ctx, "GET", "/zones?name="+nextName, nil) if err != nil { lastErr = err continue @@ -144,8 +145,8 @@ func FindNearestZoneForFQDN(c DNSProviderType, fqdn string) (DNSZone, error) { } // Present creates a TXT record to fulfil the dns-01 challenge -func (c *DNSProvider) Present(domain, fqdn, value string) error { - _, err := c.findTxtRecord(fqdn, value) +func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { + _, err := c.findTxtRecord(ctx, fqdn, value) if err == errNoExistingRecord { rec := cloudFlareRecord{ Type: "TXT", @@ -159,12 +160,12 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { return err } - zoneID, err := c.getHostedZoneID(fqdn) + zoneID, err := c.getHostedZoneID(ctx, fqdn) if err != nil { return err } - _, err = c.makeRequest("POST", fmt.Sprintf("/zones/%s/dns_records", zoneID), bytes.NewReader(body)) + _, err = c.makeRequest(ctx, "POST", fmt.Sprintf("/zones/%s/dns_records", zoneID), bytes.NewReader(body)) if err != nil { return err } @@ -180,8 +181,8 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } // CleanUp removes the TXT record matching the specified parameters -func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { - record, err := c.findTxtRecord(fqdn, value) +func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { + record, err := c.findTxtRecord(ctx, fqdn, value) // Nothing to cleanup if err == errNoExistingRecord { return nil @@ -190,7 +191,7 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { return err } - _, err = c.makeRequest("DELETE", fmt.Sprintf("/zones/%s/dns_records/%s", record.ZoneID, record.ID), nil) + _, err = c.makeRequest(ctx, "DELETE", fmt.Sprintf("/zones/%s/dns_records/%s", record.ZoneID, record.ID), nil) if err != nil { return err } @@ -198,8 +199,8 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { return nil } -func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) { - hostedZone, err := FindNearestZoneForFQDN(c, fqdn) +func (c *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string, error) { + hostedZone, err := FindNearestZoneForFQDN(ctx, c, fqdn) if err != nil { return "", err } @@ -208,13 +209,14 @@ func (c *DNSProvider) getHostedZoneID(fqdn string) (string, error) { var errNoExistingRecord = errors.New("No existing record found") -func (c *DNSProvider) findTxtRecord(fqdn, content string) (*cloudFlareRecord, error) { - zoneID, err := c.getHostedZoneID(fqdn) +func (c *DNSProvider) findTxtRecord(ctx context.Context, fqdn, content string) (*cloudFlareRecord, error) { + zoneID, err := c.getHostedZoneID(ctx, fqdn) if err != nil { return nil, err } result, err := c.makeRequest( + ctx, "GET", fmt.Sprintf("/zones/%s/dns_records?per_page=100&type=TXT&name=%s", zoneID, util.UnFqdn(fqdn)), nil, @@ -238,7 +240,7 @@ func (c *DNSProvider) findTxtRecord(fqdn, content string) (*cloudFlareRecord, er return nil, errNoExistingRecord } -func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) { +func (c *DNSProvider) makeRequest(ctx context.Context, method, uri string, body io.Reader) (json.RawMessage, error) { // APIError contains error details for failed requests type APIError struct { Code int `json:"code,omitempty"` @@ -253,7 +255,7 @@ func (c *DNSProvider) makeRequest(method, uri string, body io.Reader) (json.RawM Result json.RawMessage `json:"result"` } - req, err := http.NewRequest(method, fmt.Sprintf("%s%s", CloudFlareAPIURL, uri), body) + req, err := http.NewRequestWithContext(ctx, method, fmt.Sprintf("%s%s", CloudFlareAPIURL, uri), body) if err != nil { return nil, err } diff --git a/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go b/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go index 9f6b37d7f0c..a0ddb50f1fe 100644 --- a/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go +++ b/pkg/issuer/acme/dns/cloudflare/cloudflare_test.go @@ -9,6 +9,7 @@ this directory. package cloudflare import ( + "context" "encoding/json" "fmt" "io" @@ -34,7 +35,7 @@ type DNSProviderMock struct { mock.Mock } -func (c *DNSProviderMock) makeRequest(method, uri string, body io.Reader) (json.RawMessage, error) { +func (c *DNSProviderMock) makeRequest(ctx context.Context, method, uri string, body io.Reader) (json.RawMessage, error) { // stub makeRequest args := c.Called(method, uri, nil) return args.Get(0).([]uint8), args.Error(1) @@ -96,7 +97,7 @@ func TestFindNearestZoneForFQDN(t *testing.T) { {"id":"1a23cc4567b8def91a01c23a456e78cd","name":"sub.domain.com"} ]`), nil) - zone, err := FindNearestZoneForFQDN(dnsProvider, "_acme-challenge.test.sub.domain.com.") + zone, err := FindNearestZoneForFQDN(context.TODO(), dnsProvider, "_acme-challenge.test.sub.domain.com.") assert.NoError(t, err) assert.Equal(t, zone, DNSZone{ID: "1a23cc4567b8def91a01c23a456e78cd", Name: "sub.domain.com"}) @@ -115,7 +116,7 @@ func TestFindNearestZoneForFQDNInvalidToken(t *testing.T) { while querying the Cloudflare API for GET "/zones?name=_acme-challenge.test.sub.domain.com" Error: 9109: Invalid access token`)) - _, err := FindNearestZoneForFQDN(dnsProvider, "_acme-challenge.test.sub.domain.com.") + _, err := FindNearestZoneForFQDN(context.TODO(), dnsProvider, "_acme-challenge.test.sub.domain.com.") assert.Error(t, err) assert.Contains(t, err.Error(), "Invalid access token") @@ -129,7 +130,7 @@ func TestCloudFlarePresent(t *testing.T) { provider, err := NewDNSProviderCredentials(cflareEmail, cflareAPIKey, cflareAPIToken, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - err = provider.Present(cflareDomain, "_acme-challenge."+cflareDomain+".", "123d==") + err = provider.Present(context.TODO(), cflareDomain, "_acme-challenge."+cflareDomain+".", "123d==") assert.NoError(t, err) } @@ -143,6 +144,6 @@ func TestCloudFlareCleanUp(t *testing.T) { provider, err := NewDNSProviderCredentials(cflareEmail, cflareAPIKey, cflareAPIToken, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - err = provider.CleanUp(cflareDomain, "_acme-challenge."+cflareDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), cflareDomain, "_acme-challenge."+cflareDomain+".", "123d==") assert.NoError(t, err) } diff --git a/pkg/issuer/acme/dns/digitalocean/digitalocean.go b/pkg/issuer/acme/dns/digitalocean/digitalocean.go index 20b0ba40774..254517436c1 100644 --- a/pkg/issuer/acme/dns/digitalocean/digitalocean.go +++ b/pkg/issuer/acme/dns/digitalocean/digitalocean.go @@ -50,10 +50,8 @@ func NewDNSProviderCredentials(token string, dns01Nameservers []string, userAgen return nil, fmt.Errorf("DigitalOcean token missing") } - c := oauth2.NewClient( - context.Background(), - oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token}), - ) + unusedCtx := context.Background() // context is not actually used + c := oauth2.NewClient(unusedCtx, oauth2.StaticTokenSource(&oauth2.Token{AccessToken: token})) clientOpts := []godo.ClientOpt{godo.SetUserAgent(userAgent)} client, err := godo.New(c, clientOpts...) @@ -68,15 +66,15 @@ func NewDNSProviderCredentials(token string, dns01Nameservers []string, userAgen } // Present creates a TXT record to fulfil the dns-01 challenge -func (c *DNSProvider) Present(domain, fqdn, value string) error { +func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { // if DigitalOcean does not have this zone then we will find out later - zoneName, err := util.FindZoneByFqdn(fqdn, c.dns01Nameservers) + zoneName, err := util.FindZoneByFqdn(ctx, fqdn, c.dns01Nameservers) if err != nil { return err } // check if the record has already been created - records, err := c.findTxtRecord(fqdn) + records, err := c.findTxtRecord(ctx, fqdn) if err != nil { return err } @@ -96,7 +94,7 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } _, _, err = c.client.Domains.CreateRecord( - context.Background(), + ctx, util.UnFqdn(zoneName), createRequest, ) @@ -109,19 +107,19 @@ func (c *DNSProvider) Present(domain, fqdn, value string) error { } // CleanUp removes the TXT record matching the specified parameters -func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { - zoneName, err := util.FindZoneByFqdn(fqdn, c.dns01Nameservers) +func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { + zoneName, err := util.FindZoneByFqdn(ctx, fqdn, c.dns01Nameservers) if err != nil { return err } - records, err := c.findTxtRecord(fqdn) + records, err := c.findTxtRecord(ctx, fqdn) if err != nil { return err } for _, record := range records { - _, err = c.client.Domains.DeleteRecord(context.Background(), util.UnFqdn(zoneName), record.ID) + _, err = c.client.Domains.DeleteRecord(ctx, util.UnFqdn(zoneName), record.ID) if err != nil { return err @@ -131,15 +129,14 @@ func (c *DNSProvider) CleanUp(domain, fqdn, value string) error { return nil } -func (c *DNSProvider) findTxtRecord(fqdn string) ([]godo.DomainRecord, error) { - - zoneName, err := util.FindZoneByFqdn(fqdn, c.dns01Nameservers) +func (c *DNSProvider) findTxtRecord(ctx context.Context, fqdn string) ([]godo.DomainRecord, error) { + zoneName, err := util.FindZoneByFqdn(ctx, fqdn, c.dns01Nameservers) if err != nil { return nil, err } allRecords, _, err := c.client.Domains.RecordsByType( - context.Background(), + ctx, util.UnFqdn(zoneName), "TXT", nil, diff --git a/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go b/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go index 2f2e8aecf9d..ec2b4096725 100644 --- a/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go +++ b/pkg/issuer/acme/dns/digitalocean/digitalocean_test.go @@ -17,6 +17,7 @@ limitations under the License. package digitalocean import ( + "context" "os" "testing" "time" @@ -66,7 +67,7 @@ func TestDigitalOceanPresent(t *testing.T) { provider, err := NewDNSProviderCredentials(doToken, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - err = provider.Present(doDomain, "_acme-challenge."+doDomain+".", "123d==") + err = provider.Present(context.TODO(), doDomain, "_acme-challenge."+doDomain+".", "123d==") assert.NoError(t, err) } @@ -80,7 +81,7 @@ func TestDigitalOceanCleanUp(t *testing.T) { provider, err := NewDNSProviderCredentials(doToken, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err) - err = provider.CleanUp(doDomain, "_acme-challenge."+doDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), doDomain, "_acme-challenge."+doDomain+".", "123d==") assert.NoError(t, err) } diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go index 1364a63d59c..2a1dd92949a 100644 --- a/pkg/issuer/acme/dns/dns.go +++ b/pkg/issuer/acme/dns/dns.go @@ -48,17 +48,17 @@ import ( // solver is the old solver type interface. // All new solvers should be implemented using the new webhook.Solver interface. type solver interface { - Present(domain, fqdn, value string) error - CleanUp(domain, fqdn, value string) error + Present(ctx context.Context, domain, fqdn, value string) error + CleanUp(ctx context.Context, domain, fqdn, value string) error } // dnsProviderConstructors defines how each provider may be constructed. // It is useful for mocking out a given provider since an alternate set of // constructors may be set. type dnsProviderConstructors struct { - cloudDNS func(project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) + cloudDNS func(ctx context.Context, project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) cloudFlare func(email, apikey, apiToken string, dns01Nameservers []string, userAgent string) (*cloudflare.DNSProvider, error) - route53 func(accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) + route53 func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) azureDNS func(environment, clientID, clientSecret, subscriptionID, tenantID, resourceGroupName, hostedZoneName string, dns01Nameservers []string, ambient bool, managedIdentity *cmacme.AzureManagedIdentity) (*azuredns.DNSProvider, error) acmeDNS func(host string, accountJson []byte, dns01Nameservers []string) (*acmedns.DNSProvider, error) digitalOcean func(token string, dns01Nameservers []string, userAgent string) (*digitalocean.DNSProvider, error) @@ -79,7 +79,7 @@ func (s *Solver) Present(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm log := logf.WithResource(logf.FromContext(ctx, "Present"), ch).WithValues("domain", ch.Spec.DNSName) ctx = logf.NewContext(ctx, log) - webhookSolver, req, err := s.prepareChallengeRequest(issuer, ch) + webhookSolver, req, err := s.prepareChallengeRequest(ctx, issuer, ch) if err != nil && err != errNotFound { return err } @@ -93,28 +93,28 @@ func (s *Solver) Present(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm return err } - fqdn, err := util.DNS01LookupFQDN(ch.Spec.DNSName, followCNAME(providerConfig.CNAMEStrategy), s.DNS01Nameservers...) + fqdn, err := util.DNS01LookupFQDN(ctx, ch.Spec.DNSName, followCNAME(providerConfig.CNAMEStrategy), s.DNS01Nameservers...) if err != nil { return err } log.V(logf.DebugLevel).Info("presenting DNS01 challenge for domain") - return slv.Present(ch.Spec.DNSName, fqdn, ch.Spec.Key) + return slv.Present(ctx, ch.Spec.DNSName, fqdn, ch.Spec.Key) } // Check verifies that the DNS records for the ACME challenge have propagated. func (s *Solver) Check(ctx context.Context, issuer v1.GenericIssuer, ch *cmacme.Challenge) error { log := logf.WithResource(logf.FromContext(ctx, "Check"), ch).WithValues("domain", ch.Spec.DNSName) - fqdn, err := util.DNS01LookupFQDN(ch.Spec.DNSName, false, s.DNS01Nameservers...) + fqdn, err := util.DNS01LookupFQDN(ctx, ch.Spec.DNSName, false, s.DNS01Nameservers...) if err != nil { return err } log.V(logf.DebugLevel).Info("checking DNS propagation", "nameservers", s.Context.DNS01Nameservers) - ok, err := util.PreCheckDNS(fqdn, ch.Spec.Key, s.Context.DNS01Nameservers, + ok, err := util.PreCheckDNS(ctx, fqdn, ch.Spec.Key, s.Context.DNS01Nameservers, s.Context.DNS01CheckAuthoritative) if err != nil { return err @@ -137,7 +137,7 @@ func (s *Solver) CleanUp(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm log := logf.WithResource(logf.FromContext(ctx, "CleanUp"), ch).WithValues("domain", ch.Spec.DNSName) ctx = logf.NewContext(ctx, log) - webhookSolver, req, err := s.prepareChallengeRequest(issuer, ch) + webhookSolver, req, err := s.prepareChallengeRequest(ctx, issuer, ch) if err != nil && err != errNotFound { return err } @@ -151,12 +151,12 @@ func (s *Solver) CleanUp(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm return err } - fqdn, err := util.DNS01LookupFQDN(ch.Spec.DNSName, followCNAME(providerConfig.CNAMEStrategy), s.DNS01Nameservers...) + fqdn, err := util.DNS01LookupFQDN(ctx, ch.Spec.DNSName, followCNAME(providerConfig.CNAMEStrategy), s.DNS01Nameservers...) if err != nil { return err } - return slv.CleanUp(ch.Spec.DNSName, fqdn, ch.Spec.Key) + return slv.CleanUp(ctx, ch.Spec.DNSName, fqdn, ch.Spec.Key) } func followCNAME(strategy cmacme.CNAMEStrategy) bool { @@ -235,7 +235,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer } // attempt to construct the cloud dns provider - impl, err = s.dnsProviderConstructors.cloudDNS(providerConfig.CloudDNS.Project, keyData, s.DNS01Nameservers, s.CanUseAmbientCredentials(issuer), providerConfig.CloudDNS.HostedZoneName) + impl, err = s.dnsProviderConstructors.cloudDNS(ctx, providerConfig.CloudDNS.Project, keyData, s.DNS01Nameservers, s.CanUseAmbientCredentials(issuer), providerConfig.CloudDNS.HostedZoneName) if err != nil { return nil, nil, fmt.Errorf("error instantiating google clouddns challenge solver: %s", err) } @@ -344,6 +344,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer } impl, err = s.dnsProviderConstructors.route53( + ctx, secretAccessKeyID, strings.TrimSpace(secretAccessKey), providerConfig.Route53.HostedZoneID, @@ -415,7 +416,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer return impl, providerConfig, nil } -func (s *Solver) prepareChallengeRequest(issuer v1.GenericIssuer, ch *cmacme.Challenge) (webhook.Solver, *whapi.ChallengeRequest, error) { +func (s *Solver) prepareChallengeRequest(ctx context.Context, issuer v1.GenericIssuer, ch *cmacme.Challenge) (webhook.Solver, *whapi.ChallengeRequest, error) { dns01Config, err := extractChallengeSolverConfig(ch) if err != nil { return nil, nil, err @@ -426,12 +427,12 @@ func (s *Solver) prepareChallengeRequest(issuer v1.GenericIssuer, ch *cmacme.Cha return nil, nil, err } - fqdn, err := util.DNS01LookupFQDN(ch.Spec.DNSName, followCNAME(dns01Config.CNAMEStrategy), s.DNS01Nameservers...) + fqdn, err := util.DNS01LookupFQDN(ctx, ch.Spec.DNSName, followCNAME(dns01Config.CNAMEStrategy), s.DNS01Nameservers...) if err != nil { return nil, nil, err } - zone, err := util.FindZoneByFqdn(fqdn, s.DNS01Nameservers) + zone, err := util.FindZoneByFqdn(ctx, fqdn, s.DNS01Nameservers) if err != nil { return nil, nil, err } @@ -500,7 +501,7 @@ func NewSolver(ctx *controller.Context) (*Solver, error) { if ctx.RESTConfig != nil { // initialize all DNS providers for _, s := range webhookSolvers { - err := s.Initialize(ctx.RESTConfig, ctx.StopCh) + err := s.Initialize(ctx.RESTConfig, ctx.RootContext.Done()) if err != nil { return nil, fmt.Errorf("error initializing DNS provider %q: %v", s.Name(), err) } diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 84b4095672e..17cca403a4b 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -61,7 +61,7 @@ type StsClient interface { AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) } -func (d *sessionProvider) GetSession() (aws.Config, error) { +func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { if d.AccessKeyID == "" && d.SecretAccessKey == "" { if !d.Ambient { return aws.Config{}, fmt.Errorf("unable to construct route53 provider: empty credentials; perhaps you meant to enable ambient credentials?") @@ -85,7 +85,7 @@ func (d *sessionProvider) GetSession() (aws.Config, error) { optFns = append(optFns, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(d.AccessKeyID, d.SecretAccessKey, ""))) } - cfg, err := config.LoadDefaultConfig(context.TODO(), optFns...) + cfg, err := config.LoadDefaultConfig(ctx, optFns...) if err != nil { return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err) } @@ -93,7 +93,7 @@ func (d *sessionProvider) GetSession() (aws.Config, error) { if d.Role != "" { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role") stsSvc := d.StsProvider(cfg) - result, err := stsSvc.AssumeRole(context.TODO(), &sts.AssumeRoleInput{ + result, err := stsSvc.AssumeRole(ctx, &sts.AssumeRoleInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), }) @@ -142,14 +142,16 @@ func defaultSTSProvider(cfg aws.Config) StsClient { // NewDNSProvider returns a DNSProvider instance configured for the AWS // Route 53 service using static credentials from its parameters or, if they're // unset and the 'ambient' option is set, credentials from the environment. -func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role string, +func NewDNSProvider( + ctx context.Context, + accessKeyID, secretAccessKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string, ) (*DNSProvider, error) { provider := newSessionProvider(accessKeyID, secretAccessKey, region, role, ambient, userAgent) - cfg, err := provider.GetSession() + cfg, err := provider.GetSession(ctx) if err != nil { return nil, err } @@ -166,19 +168,19 @@ func NewDNSProvider(accessKeyID, secretAccessKey, hostedZoneID, region, role str } // Present creates a TXT record using the specified parameters -func (r *DNSProvider) Present(domain, fqdn, value string) error { +func (r *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { value = `"` + value + `"` - return r.changeRecord(route53types.ChangeActionUpsert, fqdn, value, route53TTL) + return r.changeRecord(ctx, route53types.ChangeActionUpsert, fqdn, value, route53TTL) } // CleanUp removes the TXT record matching the specified parameters -func (r *DNSProvider) CleanUp(domain, fqdn, value string) error { +func (r *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { value = `"` + value + `"` - return r.changeRecord(route53types.ChangeActionDelete, fqdn, value, route53TTL) + return r.changeRecord(ctx, route53types.ChangeActionDelete, fqdn, value, route53TTL) } -func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value string, ttl int) error { - hostedZoneID, err := r.getHostedZoneID(fqdn) +func (r *DNSProvider) changeRecord(ctx context.Context, action route53types.ChangeAction, fqdn, value string, ttl int) error { + hostedZoneID, err := r.getHostedZoneID(ctx, fqdn) if err != nil { return fmt.Errorf("failed to determine Route 53 hosted zone ID: %v", err) } @@ -197,7 +199,7 @@ func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value }, } - resp, err := r.client.ChangeResourceRecordSets(context.TODO(), reqParams) + resp, err := r.client.ChangeResourceRecordSets(ctx, reqParams) if err != nil { if errors.Is(err, &route53types.InvalidChangeBatch{}) && action == route53types.ChangeActionDelete { r.log.V(logf.DebugLevel).WithValues("error", err).Info("ignoring InvalidChangeBatch error") @@ -215,7 +217,7 @@ func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value reqParams := &route53.GetChangeInput{ Id: statusID, } - resp, err := r.client.GetChange(context.TODO(), reqParams) + resp, err := r.client.GetChange(ctx, reqParams) if err != nil { return false, fmt.Errorf("failed to query Route 53 change status: %v", removeReqID(err)) } @@ -226,12 +228,12 @@ func (r *DNSProvider) changeRecord(action route53types.ChangeAction, fqdn, value }) } -func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) { +func (r *DNSProvider) getHostedZoneID(ctx context.Context, fqdn string) (string, error) { if r.hostedZoneID != "" { return r.hostedZoneID, nil } - authZone, err := util.FindZoneByFqdn(fqdn, r.dns01Nameservers) + authZone, err := util.FindZoneByFqdn(ctx, fqdn, r.dns01Nameservers) if err != nil { return "", fmt.Errorf("error finding zone from fqdn: %v", err) } @@ -240,7 +242,7 @@ func (r *DNSProvider) getHostedZoneID(fqdn string) (string, error) { reqParams := &route53.ListHostedZonesByNameInput{ DNSName: aws.String(util.UnFqdn(authZone)), } - resp, err := r.client.ListHostedZonesByName(context.TODO(), reqParams) + resp, err := r.client.ListHostedZonesByName(ctx, reqParams) if err != nil { return "", removeReqID(err) } diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index 89cc41627fe..232987cfb42 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -58,7 +58,7 @@ func TestAmbientCredentialsFromEnv(t *testing.T) { t.Setenv("AWS_SECRET_ACCESS_KEY", "123") t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") _, err = provider.client.Options().Credentials.Retrieve(context.TODO()) @@ -72,14 +72,14 @@ func TestNoCredentialsFromEnv(t *testing.T) { t.Setenv("AWS_SECRET_ACCESS_KEY", "123") t.Setenv("AWS_REGION", "us-east-1") - _, err := NewDNSProvider("", "", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") + _, err := NewDNSProvider(context.TODO(), "", "", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.Error(t, err, "Expected error constructing DNSProvider with no credentials and not ambient") } func TestAmbientRegionFromEnv(t *testing.T) { t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider("", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") assert.Equal(t, "us-east-1", provider.client.Options().Region, "Expected Region to be set from environment") @@ -88,7 +88,7 @@ func TestAmbientRegionFromEnv(t *testing.T) { func TestNoRegionFromEnv(t *testing.T) { t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider("marx", "swordfish", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "marx", "swordfish", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") assert.Equal(t, "", provider.client.Options().Region, "Expected Region to not be set from environment") @@ -112,25 +112,25 @@ func TestRoute53Present(t *testing.T) { domain := "example.com" keyAuth := "123456d==" - err = provider.Present(domain, "_acme-challenge."+domain+".", keyAuth) + err = provider.Present(context.TODO(), domain, "_acme-challenge."+domain+".", keyAuth) assert.NoError(t, err, "Expected Present to return no error") subDomain := "foo.example.com" - err = provider.Present(subDomain, "_acme-challenge."+subDomain+".", keyAuth) + err = provider.Present(context.TODO(), subDomain, "_acme-challenge."+subDomain+".", keyAuth) assert.NoError(t, err, "Expected Present to return no error") nonExistentSubDomain := "bar.foo.example.com" - err = provider.Present(nonExistentSubDomain, nonExistentSubDomain+".", keyAuth) + err = provider.Present(context.TODO(), nonExistentSubDomain, nonExistentSubDomain+".", keyAuth) assert.NoError(t, err, "Expected Present to return no error") nonExistentDomain := "baz.com" - err = provider.Present(nonExistentDomain, nonExistentDomain+".", keyAuth) + err = provider.Present(context.TODO(), nonExistentDomain, nonExistentDomain+".", keyAuth) assert.Error(t, err, "Expected Present to return an error") // This test case makes sure that the request id has been properly // stripped off. It has to be stripped because it changes on every // request which causes spurious challenge updates. - err = provider.Present("bar.example.com", "bar.example.com.", keyAuth) + err = provider.Present(context.TODO(), "bar.example.com", "bar.example.com.", keyAuth) require.Error(t, err, "Expected Present to return an error") assert.Equal(t, `failed to change Route 53 record set: operation error Route 53: ChangeResourceRecordSets, https response error StatusCode: 403, RequestID: , api error AccessDenied: User: arn:aws:iam::0123456789:user/test-cert-manager is not authorized to perform: route53:ChangeResourceRecordSets on resource: arn:aws:route53:::hostedzone/OPQRSTU`, err.Error()) } @@ -231,7 +231,7 @@ func TestAssumeRole(t *testing.T) { provider := makeMockSessionProvider(func(aws.Config) StsClient { return c.mockSTS }, c.key, c.secret, c.region, c.role, c.ambient) - cfg, err := provider.GetSession() + cfg, err := provider.GetSession(context.TODO()) if c.expErr { assert.NotNil(t, err) } else { diff --git a/pkg/issuer/acme/dns/util/dns.go b/pkg/issuer/acme/dns/util/dns.go index db2b4e47944..4aac28d789e 100644 --- a/pkg/issuer/acme/dns/util/dns.go +++ b/pkg/issuer/acme/dns/util/dns.go @@ -9,6 +9,7 @@ this directory. package util import ( + "context" "fmt" "github.com/miekg/dns" @@ -17,13 +18,13 @@ import ( // DNS01LookupFQDN returns a DNS name which will be updated to solve the dns-01 // challenge // TODO: move this into the pkg/acme package -func DNS01LookupFQDN(domain string, followCNAME bool, nameservers ...string) (string, error) { +func DNS01LookupFQDN(ctx context.Context, domain string, followCNAME bool, nameservers ...string) (string, error) { fqdn := fmt.Sprintf("_acme-challenge.%s.", domain) // Check if the domain has CNAME then return that if followCNAME { var err error - fqdn, err = followCNAMEs(fqdn, nameservers) + fqdn, err = followCNAMEs(ctx, fqdn, nameservers) if err != nil { return "", err } diff --git a/pkg/issuer/acme/dns/util/wait.go b/pkg/issuer/acme/dns/util/wait.go index 5cdde9b2431..0251238b7a1 100644 --- a/pkg/issuer/acme/dns/util/wait.go +++ b/pkg/issuer/acme/dns/util/wait.go @@ -24,9 +24,9 @@ import ( logf "github.com/cert-manager/cert-manager/pkg/logs" ) -type preCheckDNSFunc func(fqdn, value string, nameservers []string, +type preCheckDNSFunc func(ctx context.Context, fqdn, value string, nameservers []string, useAuthoritative bool) (bool, error) -type dnsQueryFunc func(fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) +type dnsQueryFunc func(ctx context.Context, fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) var ( // PreCheckDNS checks DNS propagation before notifying ACME that @@ -78,8 +78,8 @@ func getNameservers(path string, defaults []string) []string { // that it finds. Returns an error when a loop is found in the CNAME chain. The // argument fqdnChain is used by the function itself to keep track of which fqdns it // already encountered and detect loops. -func followCNAMEs(fqdn string, nameservers []string, fqdnChain ...string) (string, error) { - r, err := dnsQuery(fqdn, dns.TypeCNAME, nameservers, true) +func followCNAMEs(ctx context.Context, fqdn string, nameservers []string, fqdnChain ...string) (string, error) { + r, err := dnsQuery(ctx, fqdn, dns.TypeCNAME, nameservers, true) if err != nil { return "", err } @@ -99,26 +99,26 @@ func followCNAMEs(fqdn string, nameservers []string, fqdnChain ...string) (strin } return "", fmt.Errorf("Found recursive CNAME record to %q when looking up %q", cn.Target, fqdn) } - return followCNAMEs(cn.Target, nameservers, append(fqdnChain, fqdn)...) + return followCNAMEs(ctx, cn.Target, nameservers, append(fqdnChain, fqdn)...) } return fqdn, nil } // checkDNSPropagation checks if the expected TXT record has been propagated to all authoritative nameservers. -func checkDNSPropagation(fqdn, value string, nameservers []string, +func checkDNSPropagation(ctx context.Context, fqdn, value string, nameservers []string, useAuthoritative bool) (bool, error) { var err error - fqdn, err = followCNAMEs(fqdn, nameservers) + fqdn, err = followCNAMEs(ctx, fqdn, nameservers) if err != nil { return false, err } if !useAuthoritative { - return checkAuthoritativeNss(fqdn, value, nameservers) + return checkAuthoritativeNss(ctx, fqdn, value, nameservers) } - authoritativeNss, err := lookupNameservers(fqdn, nameservers) + authoritativeNss, err := lookupNameservers(ctx, fqdn, nameservers) if err != nil { return false, err } @@ -126,13 +126,13 @@ func checkDNSPropagation(fqdn, value string, nameservers []string, for i, ans := range authoritativeNss { authoritativeNss[i] = net.JoinHostPort(ans, "53") } - return checkAuthoritativeNss(fqdn, value, authoritativeNss) + return checkAuthoritativeNss(ctx, fqdn, value, authoritativeNss) } // checkAuthoritativeNss queries each of the given nameservers for the expected TXT record. -func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, error) { +func checkAuthoritativeNss(ctx context.Context, fqdn, value string, nameservers []string) (bool, error) { for _, ns := range nameservers { - r, err := DNSQuery(fqdn, dns.TypeTXT, []string{ns}, true) + r, err := DNSQuery(ctx, fqdn, dns.TypeTXT, []string{ns}, true) if err != nil { return false, err } @@ -163,7 +163,7 @@ func checkAuthoritativeNss(fqdn, value string, nameservers []string) (bool, erro // DNSQuery will query a nameserver, iterating through the supplied servers as it retries // The nameserver should include a port, to facilitate testing where we talk to a mock dns server. -func DNSQuery(fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) { +func DNSQuery(ctx context.Context, fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) { switch rtype { case dns.TypeCAA, dns.TypeCNAME, dns.TypeNS, dns.TypeSOA, dns.TypeTXT: default: @@ -191,17 +191,17 @@ func DNSQuery(fqdn string, rtype uint16, nameservers []string, recursive bool) ( for _, ns := range nameservers { // If the TCP request succeeds, the err will reset to nil if strings.HasPrefix(ns, "https://") { - in, _, err = http.Exchange(context.TODO(), m, ns) + in, _, err = http.Exchange(ctx, m, ns) } else { - in, _, err = udp.Exchange(m, ns) + in, _, err = udp.ExchangeContext(ctx, m, ns) // Try TCP if UDP fails if (in != nil && in.Truncated) || (err != nil && strings.HasPrefix(err.Error(), "read udp") && strings.HasSuffix(err.Error(), "i/o timeout")) { logf.V(logf.DebugLevel).Infof("UDP dns lookup failed, retrying with TCP: %v", err) // If the TCP request succeeds, the err will reset to nil - in, _, err = tcp.Exchange(m, ns) + in, _, err = tcp.ExchangeContext(ctx, m, ns) } } @@ -270,7 +270,7 @@ func (c *httpDNSClient) Exchange(ctx context.Context, m *dns.Msg, a string) (r * return r, rtt, nil } -func ValidateCAA(domain string, issuerID []string, iswildcard bool, nameservers []string) error { +func ValidateCAA(ctx context.Context, domain string, issuerID []string, iswildcard bool, nameservers []string) error { // see https://tools.ietf.org/html/rfc6844#section-4 // for more information about how CAA lookup is performed fqdn := ToFqdn(domain) @@ -291,14 +291,14 @@ func ValidateCAA(domain string, issuerID []string, iswildcard bool, nameservers // nameserver for CAA records, but some setups will return SERVFAIL // on unknown types like CAA. Instead, ask the authoritative server var authNS []string - authNS, err = lookupNameservers(queryDomain, nameservers) + authNS, err = lookupNameservers(ctx, queryDomain, nameservers) if err != nil { return fmt.Errorf("Could not validate CAA record: %s", err) } for i, ans := range authNS { authNS[i] = net.JoinHostPort(ans, "53") } - msg, err = DNSQuery(queryDomain, dns.TypeCAA, authNS, false) + msg, err = DNSQuery(ctx, queryDomain, dns.TypeCAA, authNS, false) if err != nil { return fmt.Errorf("Could not validate CAA record: %s", err) } @@ -312,7 +312,7 @@ func ValidateCAA(domain string, issuerID []string, iswildcard bool, nameservers dns.RcodeToString[msg.Rcode], domain) } oldQuery := queryDomain - queryDomain, err := followCNAMEs(queryDomain, nameservers) + queryDomain, err := followCNAMEs(ctx, queryDomain, nameservers) if err != nil { return fmt.Errorf("while trying to follow CNAMEs for domain %s using nameservers %v: %w", queryDomain, nameservers, err) } @@ -373,16 +373,16 @@ func matchCAA(caas []*dns.CAA, issuerIDs map[string]bool, iswildcard bool) bool } // lookupNameservers returns the authoritative nameservers for the given fqdn. -func lookupNameservers(fqdn string, nameservers []string) ([]string, error) { +func lookupNameservers(ctx context.Context, fqdn string, nameservers []string) ([]string, error) { var authoritativeNss []string logf.V(logf.DebugLevel).Infof("Searching fqdn %q using seed nameservers [%s]", fqdn, strings.Join(nameservers, ", ")) - zone, err := FindZoneByFqdn(fqdn, nameservers) + zone, err := FindZoneByFqdn(ctx, fqdn, nameservers) if err != nil { return nil, fmt.Errorf("Could not determine the zone for %q: %v", fqdn, err) } - r, err := DNSQuery(zone, dns.TypeNS, nameservers, true) + r, err := DNSQuery(ctx, zone, dns.TypeNS, nameservers, true) if err != nil { return nil, err } @@ -402,7 +402,7 @@ func lookupNameservers(fqdn string, nameservers []string) ([]string, error) { // FindZoneByFqdn determines the zone apex for the given fqdn by recursing up the // domain labels until the nameserver returns a SOA record in the answer section. -func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) { +func FindZoneByFqdn(ctx context.Context, fqdn string, nameservers []string) (string, error) { fqdnToZoneLock.RLock() // Do we have it cached? if zone, ok := fqdnToZone[fqdn]; ok { @@ -430,7 +430,7 @@ func FindZoneByFqdn(fqdn string, nameservers []string) (string, error) { for _, index := range labelIndexes { domain := fqdn[index:] - in, err := DNSQuery(domain, dns.TypeSOA, nameservers, true) + in, err := DNSQuery(ctx, domain, dns.TypeSOA, nameservers, true) if err != nil { return "", err } diff --git a/pkg/issuer/acme/dns/util/wait_test.go b/pkg/issuer/acme/dns/util/wait_test.go index 41eb63adfe3..722d7f769ab 100644 --- a/pkg/issuer/acme/dns/util/wait_test.go +++ b/pkg/issuer/acme/dns/util/wait_test.go @@ -9,6 +9,7 @@ this directory. package util import ( + "context" "fmt" "reflect" "sort" @@ -172,14 +173,14 @@ func TestMatchCAA(t *testing.T) { } func TestPreCheckDNSOverHTTPSNoAuthoritative(t *testing.T) { - ok, err := PreCheckDNS("google.com.", "v=spf1 include:_spf.google.com ~all", []string{"https://1.1.1.1/dns-query"}, false) + ok, err := PreCheckDNS(context.TODO(), "google.com.", "v=spf1 include:_spf.google.com ~all", []string{"https://1.1.1.1/dns-query"}, false) if err != nil || !ok { t.Errorf("preCheckDNS failed for acme-staging.api.letsencrypt.org: %s", err.Error()) } } func TestPreCheckDNSOverHTTPS(t *testing.T) { - ok, err := PreCheckDNS("google.com.", "v=spf1 include:_spf.google.com ~all", []string{"https://8.8.8.8/dns-query"}, true) + ok, err := PreCheckDNS(context.TODO(), "google.com.", "v=spf1 include:_spf.google.com ~all", []string{"https://8.8.8.8/dns-query"}, true) if err != nil || !ok { t.Errorf("preCheckDNS failed for acme-staging.api.letsencrypt.org: %s", err.Error()) } @@ -187,7 +188,7 @@ func TestPreCheckDNSOverHTTPS(t *testing.T) { func TestPreCheckDNS(t *testing.T) { // TODO: find a better TXT record to use in tests - ok, err := PreCheckDNS("google.com.", "v=spf1 include:_spf.google.com ~all", []string{"8.8.8.8:53"}, true) + ok, err := PreCheckDNS(context.TODO(), "google.com.", "v=spf1 include:_spf.google.com ~all", []string{"8.8.8.8:53"}, true) if err != nil || !ok { t.Errorf("preCheckDNS failed for acme-staging.api.letsencrypt.org: %s", err.Error()) } @@ -195,7 +196,7 @@ func TestPreCheckDNS(t *testing.T) { func TestPreCheckDNSNonAuthoritative(t *testing.T) { // TODO: find a better TXT record to use in tests - ok, err := PreCheckDNS("google.com.", "v=spf1 include:_spf.google.com ~all", []string{"1.1.1.1:53"}, false) + ok, err := PreCheckDNS(context.TODO(), "google.com.", "v=spf1 include:_spf.google.com ~all", []string{"1.1.1.1:53"}, false) if err != nil || !ok { t.Errorf("preCheckDNS failed for acme-staging.api.letsencrypt.org: %s", err.Error()) } @@ -203,7 +204,7 @@ func TestPreCheckDNSNonAuthoritative(t *testing.T) { func TestLookupNameserversOK(t *testing.T) { for _, tt := range lookupNameserversTestsOK { - nss, err := lookupNameservers(tt.fqdn, RecursiveNameservers) + nss, err := lookupNameservers(context.TODO(), tt.fqdn, RecursiveNameservers) if err != nil { t.Fatalf("#%s: got %q; want nil", tt.fqdn, err) } @@ -219,7 +220,7 @@ func TestLookupNameserversOK(t *testing.T) { func TestLookupNameserversErr(t *testing.T) { for _, tt := range lookupNameserversTestsErr { - _, err := lookupNameservers(tt.fqdn, RecursiveNameservers) + _, err := lookupNameservers(context.TODO(), tt.fqdn, RecursiveNameservers) if err == nil { t.Fatalf("#%s: expected %q (error); got ", tt.fqdn, tt.error) } @@ -233,7 +234,7 @@ func TestLookupNameserversErr(t *testing.T) { func TestFindZoneByFqdn(t *testing.T) { for _, tt := range findZoneByFqdnTests { - res, err := FindZoneByFqdn(tt.fqdn, RecursiveNameservers) + res, err := FindZoneByFqdn(context.TODO(), tt.fqdn, RecursiveNameservers) if err != nil { t.Errorf("FindZoneByFqdn failed for %s: %v", tt.fqdn, err) } @@ -245,7 +246,7 @@ func TestFindZoneByFqdn(t *testing.T) { func TestCheckAuthoritativeNss(t *testing.T) { for _, tt := range checkAuthoritativeNssTests { - ok, _ := checkAuthoritativeNss(tt.fqdn, tt.value, tt.ns) + ok, _ := checkAuthoritativeNss(context.TODO(), tt.fqdn, tt.value, tt.ns) if ok != tt.ok { t.Errorf("%s: got %t; want %t", tt.fqdn, ok, tt.ok) } @@ -254,7 +255,7 @@ func TestCheckAuthoritativeNss(t *testing.T) { func TestCheckAuthoritativeNssErr(t *testing.T) { for _, tt := range checkAuthoritativeNssTestsErr { - _, err := checkAuthoritativeNss(tt.fqdn, tt.value, tt.ns) + _, err := checkAuthoritativeNss(context.TODO(), tt.fqdn, tt.value, tt.ns) if err == nil { t.Fatalf("#%s: expected %q (error); got ", tt.fqdn, tt.error) } @@ -285,25 +286,25 @@ func TestValidateCAA(t *testing.T) { // google installs a CAA record at google.com // ask for the www.google.com record to test that // we recurse up the labels - err := ValidateCAA("www.google.com", []string{"letsencrypt", "pki.goog"}, false, nameservers) + err := ValidateCAA(context.TODO(), "www.google.com", []string{"letsencrypt", "pki.goog"}, false, nameservers) if err != nil { t.Fatalf("unexpected error: %s", err) } // now ask, expecting a CA that won't match - err = ValidateCAA("www.google.com", []string{"daniel.homebrew.ca"}, false, nameservers) + err = ValidateCAA(context.TODO(), "www.google.com", []string{"daniel.homebrew.ca"}, false, nameservers) if err == nil { t.Fatalf("expected err, got success") } // if the CAA record allows non-wildcards then it has an `issue` tag, // and it is known that it has no issuewild tags, then wildcard certificates // will also be allowed - err = ValidateCAA("www.google.com", []string{"pki.goog"}, true, nameservers) + err = ValidateCAA(context.TODO(), "www.google.com", []string{"pki.goog"}, true, nameservers) if err != nil { t.Fatalf("unexpected error: %s", err) } // ask for a domain you know does not have CAA records. // it should succeed - err = ValidateCAA("www.example.org", []string{"daniel.homebrew.ca"}, false, nameservers) + err = ValidateCAA(context.TODO(), "www.example.org", []string{"daniel.homebrew.ca"}, false, nameservers) if err != nil { t.Fatalf("expected err, got %s", err) } @@ -311,7 +312,7 @@ func TestValidateCAA(t *testing.T) { } func Test_followCNAMEs(t *testing.T) { - dnsQuery = func(fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) { + dnsQuery = func(ctx context.Context, fqdn string, rtype uint16, nameservers []string, recursive bool) (in *dns.Msg, err error) { msg := &dns.Msg{} msg.Rcode = dns.RcodeSuccess switch fqdn { @@ -404,7 +405,7 @@ func Test_followCNAMEs(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - got, err := followCNAMEs(tt.args.fqdn, tt.args.nameservers, tt.args.fqdnChain...) + got, err := followCNAMEs(context.TODO(), tt.args.fqdn, tt.args.nameservers, tt.args.fqdnChain...) if (err != nil) != tt.wantErr { t.Errorf("followCNAMEs() error = %v, wantErr %v", err, tt.wantErr) return diff --git a/pkg/issuer/acme/dns/util_test.go b/pkg/issuer/acme/dns/util_test.go index bc6f5e82424..4f142526a96 100644 --- a/pkg/issuer/acme/dns/util_test.go +++ b/pkg/issuer/acme/dns/util_test.go @@ -17,6 +17,7 @@ limitations under the License. package dns import ( + "context" "errors" "testing" @@ -128,7 +129,7 @@ func newFakeDNSProviders() *fakeDNSProviders { calls: []fakeDNSProviderCall{}, } f.constructors = dnsProviderConstructors{ - cloudDNS: func(project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) { + cloudDNS: func(ctx context.Context, project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) { f.call("clouddns", project, serviceAccount, util.RecursiveNameservers, ambient, hostedZoneName) return nil, nil }, @@ -139,7 +140,7 @@ func newFakeDNSProviders() *fakeDNSProviders { } return nil, nil }, - route53: func(accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) { + route53: func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) { f.call("route53", accessKey, secretKey, hostedZoneID, region, role, ambient, util.RecursiveNameservers) return nil, nil }, diff --git a/pkg/issuer/vault/setup.go b/pkg/issuer/vault/setup.go index 980134e52fb..fba4b946c85 100644 --- a/pkg/issuer/vault/setup.go +++ b/pkg/issuer/vault/setup.go @@ -124,7 +124,7 @@ func (v *Vault) Setup(ctx context.Context) error { return nil } - client, err := vaultinternal.New(v.resourceNamespace, v.createTokenFn, v.secretsLister, v.issuer) + client, err := vaultinternal.New(ctx, v.resourceNamespace, v.createTokenFn, v.secretsLister, v.issuer) if err != nil { s := messageVaultClientInitFailed + err.Error() logf.V(logf.WarnLevel).Infof("%s: %s", v.issuer.GetObjectMeta().Name, s) diff --git a/pkg/webhook/server/server.go b/pkg/webhook/server/server.go index ae2690c1e68..bd6bcd7bb0c 100644 --- a/pkg/webhook/server/server.go +++ b/pkg/webhook/server/server.go @@ -159,10 +159,11 @@ func (s *Server) Run(ctx context.Context) error { <-ctx.Done() // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := server.Shutdown(ctx); err != nil { + // nolint: contextcheck + if err := server.Shutdown(shutdownCtx); err != nil { return err } return nil @@ -200,10 +201,11 @@ func (s *Server) Run(ctx context.Context) error { <-ctx.Done() // allow a timeout for graceful shutdown - ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second) + shutdownCtx, cancel := context.WithTimeout(context.Background(), 5*time.Second) defer cancel() - if err := server.Shutdown(ctx); err != nil { + // nolint: contextcheck + if err := server.Shutdown(shutdownCtx); err != nil { return err } return nil diff --git a/test/acme/util.go b/test/acme/util.go index 4ce9813048a..a561473f5c9 100644 --- a/test/acme/util.go +++ b/test/acme/util.go @@ -112,13 +112,13 @@ func allConditions(c ...wait.ConditionWithContextFunc) wait.ConditionWithContext func (f *fixture) recordHasPropagatedCheck(fqdn, value string) func(ctx context.Context) (bool, error) { return func(ctx context.Context) (bool, error) { - return util.PreCheckDNS(fqdn, value, []string{f.testDNSServer}, *f.useAuthoritative) + return util.PreCheckDNS(ctx, fqdn, value, []string{f.testDNSServer}, *f.useAuthoritative) } } func (f *fixture) recordHasBeenDeletedCheck(fqdn, value string) func(ctx context.Context) (bool, error) { return func(ctx context.Context) (bool, error) { - msg, err := util.DNSQuery(fqdn, dns.TypeTXT, []string{f.testDNSServer}, *f.useAuthoritative) + msg, err := util.DNSQuery(ctx, fqdn, dns.TypeTXT, []string{f.testDNSServer}, *f.useAuthoritative) if err != nil { return false, err } diff --git a/test/e2e/e2e.go b/test/e2e/e2e.go index f816a169bdb..f3c9d5d80a4 100644 --- a/test/e2e/e2e.go +++ b/test/e2e/e2e.go @@ -17,6 +17,7 @@ limitations under the License. package e2e import ( + "context" "encoding/json" "os" "path" @@ -37,7 +38,7 @@ var cfg = framework.DefaultConfig // the data transferred from the Setup function on the first ginkgo process. var isGinkgoProcessNumberOne = false -var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { +var _ = ginkgo.SynchronizedBeforeSuite(func(ctx context.Context) []byte { addon.InitGlobals(cfg) isGinkgoProcessNumberOne = true @@ -56,7 +57,7 @@ var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { } return encodedData -}, func(encodedData []byte) { +}, func(ctx context.Context, encodedData []byte) { transferredData := []addon.AddonTransferableData{} err := json.Unmarshal(encodedData, &transferredData) if err != nil { @@ -66,7 +67,7 @@ var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { if isGinkgoProcessNumberOne { // For ginkgo process #1, we need to run ProvisionGlobals to // actually provision the global addons. - err = addon.ProvisionGlobals(cfg) + err = addon.ProvisionGlobals(ctx, cfg) if err != nil { framework.Failf("Error configuring global addons: %v", err) } @@ -82,10 +83,10 @@ var _ = ginkgo.SynchronizedBeforeSuite(func() []byte { } }) -var _ = ginkgo.SynchronizedAfterSuite(func() { +var _ = ginkgo.SynchronizedAfterSuite(func(ctx context.Context) { // Reset the isGinkgoProcessNumberOne flag to false for the next run (when --repeat flag is used) isGinkgoProcessNumberOne = false -}, func() { +}, func(ctx context.Context) { ginkgo.By("Retrieving logs for global addons") globalLogs, err := addon.GlobalLogs() if err != nil { @@ -110,7 +111,7 @@ var _ = ginkgo.SynchronizedAfterSuite(func() { } ginkgo.By("Cleaning up the provisioned globals") - err = addon.DeprovisionGlobals(cfg) + err = addon.DeprovisionGlobals(ctx, cfg) if err != nil { framework.Failf("Error deprovisioning global addons: %v", err) } diff --git a/test/e2e/framework/addon/base/base.go b/test/e2e/framework/addon/base/base.go index a46c04bec1f..f1bb934388c 100644 --- a/test/e2e/framework/addon/base/base.go +++ b/test/e2e/framework/addon/base/base.go @@ -19,6 +19,8 @@ limitations under the License. package base import ( + "context" + "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" @@ -80,11 +82,11 @@ func (b *Base) Setup(c *config.Config, _ ...internal.AddonTransferableData) (int return nil, nil } -func (b *Base) Provision() error { +func (b *Base) Provision(_ context.Context) error { return nil } -func (b *Base) Deprovision() error { +func (b *Base) Deprovision(_ context.Context) error { return nil } diff --git a/test/e2e/framework/addon/chart/addon.go b/test/e2e/framework/addon/chart/addon.go index 519c3342cad..102b3a88c2c 100644 --- a/test/e2e/framework/addon/chart/addon.go +++ b/test/e2e/framework/addon/chart/addon.go @@ -117,22 +117,22 @@ func (c *Chart) Setup(cfg *config.Config, _ ...internal.AddonTransferableData) ( } // Provision an instance of tiller-deploy -func (c *Chart) Provision() error { +func (c *Chart) Provision(ctx context.Context) error { if len(c.Repo.Name) > 0 && len(c.Repo.Url) > 0 { - err := c.addRepo() + err := c.addRepo(ctx) if err != nil { return fmt.Errorf("error adding helm repo: %v", err) } } if c.UpdateDeps { - err := c.runDepUpdate() + err := c.runDepUpdate(ctx) if err != nil { return fmt.Errorf("error updating helm chart dependencies: %v", err) } } - err := c.runInstall() + err := c.runInstall(ctx) if err != nil { return fmt.Errorf("error install helm chart: %v", err) } @@ -140,15 +140,15 @@ func (c *Chart) Provision() error { return nil } -func (c *Chart) runDepUpdate() error { - err := c.buildHelmCmd("dep", "update", c.ChartName).Run() +func (c *Chart) runDepUpdate(ctx context.Context) error { + err := c.buildHelmCmd(ctx, "dep", "update", c.ChartName).Run() if err != nil { return err } return nil } -func (c *Chart) runInstall() error { +func (c *Chart) runInstall(ctx context.Context) error { args := []string{"upgrade", c.ReleaseName, c.ChartName, "--install", "--wait", @@ -164,25 +164,25 @@ func (c *Chart) runInstall() error { args = append(args, "--set", fmt.Sprintf("%s=%s", s.Key, s.Value)) } - cmd := c.buildHelmCmd(args...) + cmd := c.buildHelmCmd(ctx, args...) return cmd.Run() } -func (c *Chart) buildHelmCmd(args ...string) *exec.Cmd { +func (c *Chart) buildHelmCmd(ctx context.Context, args ...string) *exec.Cmd { args = append([]string{ "--kubeconfig", c.config.KubeConfig, "--kube-context", c.config.KubeContext, }, args...) - cmd := exec.Command(c.config.Addons.Helm.Path, args...) + cmd := exec.CommandContext(ctx, c.config.Addons.Helm.Path, args...) cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr return cmd } // Deprovision the deployed chart -func (c *Chart) Deprovision() error { - cmd := c.buildHelmCmd("delete", "--namespace", c.Namespace, c.ReleaseName) +func (c *Chart) Deprovision(ctx context.Context) error { + cmd := c.buildHelmCmd(ctx, "delete", "--namespace", c.Namespace, c.ReleaseName) stdoutBuf := &bytes.Buffer{} cmd.Stdout = stdoutBuf @@ -223,15 +223,15 @@ func (c *Chart) SupportsGlobal() bool { return c.ReleaseName != "" } -func (c *Chart) Logs() (map[string]string, error) { +func (c *Chart) Logs(ctx context.Context) (map[string]string, error) { kc := c.Base.Details().KubeClient - oldLabelPods, err := kc.CoreV1().Pods(c.Namespace).List(context.TODO(), metav1.ListOptions{LabelSelector: "release=" + c.ReleaseName}) + oldLabelPods, err := kc.CoreV1().Pods(c.Namespace).List(ctx, metav1.ListOptions{LabelSelector: "release=" + c.ReleaseName}) if err != nil { return nil, err } // also check pods with the new style labels used in the cert-manager chart - newLabelPods, err := kc.CoreV1().Pods(c.Namespace).List(context.TODO(), metav1.ListOptions{LabelSelector: "app.kubernetes.io/instance=" + c.ReleaseName}) + newLabelPods, err := kc.CoreV1().Pods(c.Namespace).List(ctx, metav1.ListOptions{LabelSelector: "app.kubernetes.io/instance=" + c.ReleaseName}) if err != nil { return nil, err } @@ -245,7 +245,7 @@ func (c *Chart) Logs() (map[string]string, error) { resp := kc.CoreV1().Pods(pod.Namespace).GetLogs(pod.Name, &corev1.PodLogOptions{ Container: con.Name, Previous: b, - }).Do(context.TODO()) + }).Do(ctx) err := resp.Error() if err != nil { @@ -272,8 +272,8 @@ func (c *Chart) Logs() (map[string]string, error) { return out, nil } -func (c *Chart) addRepo() error { - err := c.buildHelmCmd("repo", "add", c.Repo.Name, c.Repo.Url).Run() +func (c *Chart) addRepo(ctx context.Context) error { + err := c.buildHelmCmd(ctx, "repo", "add", c.Repo.Name, c.Repo.Url).Run() if err != nil { return err } diff --git a/test/e2e/framework/addon/globals.go b/test/e2e/framework/addon/globals.go index 411dd1a29a7..b4a93c19b49 100644 --- a/test/e2e/framework/addon/globals.go +++ b/test/e2e/framework/addon/globals.go @@ -17,6 +17,7 @@ limitations under the License. package addon import ( + "context" "fmt" utilerrors "k8s.io/apimachinery/pkg/util/errors" @@ -129,10 +130,10 @@ func SetupGlobalsNonPrimary(cfg *config.Config, transferred []AddonTransferableD // the API server for a resource that the addon creates or by checking that an // HTTP endpoint is available) // This function should be run only on ginkgo process #1. -func ProvisionGlobals(cfg *config.Config) error { +func ProvisionGlobals(ctx context.Context, cfg *config.Config) error { for _, g := range allAddons { provisioned = append(provisioned, g) - if err := g.Provision(); err != nil { + if err := g.Provision(ctx); err != nil { return err } } @@ -170,7 +171,7 @@ func GlobalLogs() (map[string]string, error) { // This should be called by the test suite in a SynchronizedAfterSuite to ensure // all global addons are cleaned up after a run. This should be run only on ginkgo // process #1. -func DeprovisionGlobals(cfg *config.Config) error { +func DeprovisionGlobals(ctx context.Context, cfg *config.Config) error { if !cfg.Cleanup { log.Logf("Skipping deprovisioning as cleanup set to false.") return nil @@ -179,7 +180,7 @@ func DeprovisionGlobals(cfg *config.Config) error { // deprovision addons in the reverse order to that of provisioning for i := len(provisioned) - 1; i >= 0; i-- { a := provisioned[i] - errs = append(errs, a.Deprovision()) + errs = append(errs, a.Deprovision(ctx)) } return utilerrors.NewAggregate(errs) } diff --git a/test/e2e/framework/addon/internal/globals.go b/test/e2e/framework/addon/internal/globals.go index e5b4537a13b..83a3274f9e0 100644 --- a/test/e2e/framework/addon/internal/globals.go +++ b/test/e2e/framework/addon/internal/globals.go @@ -17,6 +17,8 @@ limitations under the License. package internal import ( + "context" + "github.com/cert-manager/cert-manager/e2e-tests/framework/config" ) @@ -30,11 +32,11 @@ type Addon interface { // For non-global addons, this function is called on all ginkgo processes. For global // addons, this function is called only on ginkgo process #1. - Provision() error + Provision(ctx context.Context) error // For non-global addons, this function is called on all ginkgo processes. For global // addons, this function is called only on ginkgo process #1. - Deprovision() error + Deprovision(ctx context.Context) error SupportsGlobal() bool } diff --git a/test/e2e/framework/addon/vault/proxy.go b/test/e2e/framework/addon/vault/proxy.go index 050bb4b453d..4286489444a 100644 --- a/test/e2e/framework/addon/vault/proxy.go +++ b/test/e2e/framework/addon/vault/proxy.go @@ -17,6 +17,7 @@ limitations under the License. package vault import ( + "context" "fmt" "io" "net" @@ -135,7 +136,7 @@ func (p *proxy) start() error { return nil } -func (p *proxy) stop() error { +func (p *proxy) stop(ctx context.Context) error { close(p.stopCh) p.mu.Lock() @@ -145,9 +146,13 @@ func (p *proxy) stop() error { return nil } - err := <-p.doneCh - if err != nil { - return fmt.Errorf("error while forwarding port: %v", err) + select { + case <-ctx.Done(): + return ctx.Err() + case err := <-p.doneCh: + if err != nil { + return fmt.Errorf("error while forwarding port: %v", err) + } } return nil diff --git a/test/e2e/framework/addon/vault/setup.go b/test/e2e/framework/addon/vault/setup.go index ab0a4017e50..70a5fe515cf 100644 --- a/test/e2e/framework/addon/vault/setup.go +++ b/test/e2e/framework/addon/vault/setup.go @@ -198,7 +198,7 @@ func NewVaultClientCertificateSecret(secretName string, certificate, key []byte) } // Set up a new Vault client, port-forward to the Vault instance. -func (v *VaultInitializer) Init() error { +func (v *VaultInitializer) Init(ctx context.Context) error { cfg := vault.DefaultConfiguration() cfg.Address = v.details.ProxyURL @@ -235,8 +235,8 @@ func (v *VaultInitializer) Init() error { // The timeout below must be aligned with the time taken by the Vault addons to start, // each addon safely takes about 20 seconds to start and two addons are started one after another, // one for without mTLS enforced and another with mTLS enforced - err = wait.PollUntilContextTimeout(context.TODO(), time.Second, 45*time.Second, true, func(ctx context.Context) (bool, error) { - conn, err := net.DialTimeout("tcp", proxyUrl.Host, time.Second) + err = wait.PollUntilContextTimeout(ctx, time.Second, 45*time.Second, true, func(ctx context.Context) (bool, error) { + conn, err := (&net.Dialer{Timeout: time.Second}).DialContext(ctx, "tcp", proxyUrl.Host) if err != nil { lastError = err return false, nil @@ -253,8 +253,8 @@ func (v *VaultInitializer) Init() error { // Wait for Vault to be ready { var lastError error - err = wait.PollUntilContextTimeout(context.TODO(), time.Second, 20*time.Second, true, func(ctx context.Context) (bool, error) { - _, err := v.client.System.ReadHealthStatus(context.TODO()) + err = wait.PollUntilContextTimeout(ctx, time.Second, 20*time.Second, true, func(ctx context.Context) (bool, error) { + _, err := v.client.System.ReadHealthStatus(ctx) if err != nil { lastError = err return false, nil @@ -271,38 +271,38 @@ func (v *VaultInitializer) Init() error { } // Set up a Vault PKI. -func (v *VaultInitializer) Setup() error { +func (v *VaultInitializer) Setup(ctx context.Context) error { // Enable a new Vault secrets engine at v.RootMount - if err := v.mountPKI(v.rootMount, "87600h"); err != nil { + if err := v.mountPKI(ctx, v.rootMount, "87600h"); err != nil { return err } // Generate a self-signed CA cert using the engine at v.RootMount - rootCa, err := v.generateRootCert() + rootCa, err := v.generateRootCert(ctx) if err != nil { return err } // Configure issuing certificate endpoints and CRL distribution points to be // set on certs issued by v.RootMount. - if err := v.configureCert(v.rootMount); err != nil { + if err := v.configureCert(ctx, v.rootMount); err != nil { return err } // Enable a new Vault secrets engine at v.intermediateMount - if err := v.mountPKI(v.intermediateMount, "43800h"); err != nil { + if err := v.mountPKI(ctx, v.intermediateMount, "43800h"); err != nil { return err } // Generate a CSR for secrets engine at v.intermediateMount - csr, err := v.generateIntermediateSigningReq() + csr, err := v.generateIntermediateSigningReq(ctx) if err != nil { return err } // Issue a new intermediate CA from v.RootMount for the CSR created above. - intermediateCa, err := v.signCertificate(csr) + intermediateCa, err := v.signCertificate(ctx, csr) if err != nil { return err } @@ -313,28 +313,28 @@ func (v *VaultInitializer) Setup() error { if v.configureWithRoot { caChain = fmt.Sprintf("%s\n%s", intermediateCa, rootCa) } - if err := v.importSignIntermediate(caChain, v.intermediateMount); err != nil { + if err := v.importSignIntermediate(ctx, caChain, v.intermediateMount); err != nil { return err } // Configure issuing certificate endpoints and CRL distribution points to be // set on certs issued by v.intermediateMount. - if err := v.configureCert(v.intermediateMount); err != nil { + if err := v.configureCert(ctx, v.intermediateMount); err != nil { return err } - if err := v.configureIntermediateRoles(); err != nil { + if err := v.configureIntermediateRoles(ctx); err != nil { return err } if v.appRoleAuthPath != "" { - if err := v.setupAppRoleAuth(); err != nil { + if err := v.setupAppRoleAuth(ctx); err != nil { return err } } if v.kubernetesAuthPath != "" { - if err := v.setupKubernetesBasedAuth(); err != nil { + if err := v.setupKubernetesBasedAuth(ctx); err != nil { return err } } @@ -342,9 +342,7 @@ func (v *VaultInitializer) Setup() error { return nil } -func (v *VaultInitializer) Clean() error { - ctx := context.Background() - +func (v *VaultInitializer) Clean(ctx context.Context) error { if _, err := v.client.System.MountsDisableSecretsEngine(ctx, "/"+v.intermediateMount); err != nil { return fmt.Errorf("unable to unmount %v: %v", v.intermediateMount, err) } @@ -355,9 +353,7 @@ func (v *VaultInitializer) Clean() error { return nil } -func (v *VaultInitializer) CreateAppRole() (string, string, error) { - ctx := context.Background() - +func (v *VaultInitializer) CreateAppRole(ctx context.Context) (string, string, error) { // create policy policy := fmt.Sprintf(`path "%s" { capabilities = [ "create", "update" ] }`, v.IntermediateSignPath()) _, err := v.client.System.PoliciesWriteAclPolicy( @@ -406,8 +402,7 @@ func (v *VaultInitializer) CreateAppRole() (string, string, error) { return respRoleId.Data.RoleId, resp.Data["secret_id"].(string), nil } -func (v *VaultInitializer) CleanAppRole() error { - ctx := context.Background() +func (v *VaultInitializer) CleanAppRole(ctx context.Context) error { _, err := v.client.Auth.AppRoleDeleteRole( ctx, v.role, @@ -425,8 +420,7 @@ func (v *VaultInitializer) CleanAppRole() error { return nil } -func (v *VaultInitializer) mountPKI(mount, ttl string) error { - ctx := context.Background() +func (v *VaultInitializer) mountPKI(ctx context.Context, mount, ttl string) error { _, err := v.client.System.MountsEnableSecretsEngine( ctx, "/"+mount, @@ -444,8 +438,7 @@ func (v *VaultInitializer) mountPKI(mount, ttl string) error { return nil } -func (v *VaultInitializer) generateRootCert() (string, error) { - ctx := context.Background() +func (v *VaultInitializer) generateRootCert(ctx context.Context) (string, error) { resp, err := v.client.Secrets.PkiGenerateRoot( ctx, "internal", @@ -464,8 +457,7 @@ func (v *VaultInitializer) generateRootCert() (string, error) { return resp.Data.Certificate, nil } -func (v *VaultInitializer) generateIntermediateSigningReq() (string, error) { - ctx := context.Background() +func (v *VaultInitializer) generateIntermediateSigningReq(ctx context.Context) (string, error) { resp, err := v.client.Secrets.PkiGenerateIntermediate( ctx, "internal", @@ -485,8 +477,7 @@ func (v *VaultInitializer) generateIntermediateSigningReq() (string, error) { return resp.Data.Csr, nil } -func (v *VaultInitializer) signCertificate(csr string) (string, error) { - ctx := context.Background() +func (v *VaultInitializer) signCertificate(ctx context.Context, csr string) (string, error) { resp, err := v.client.Secrets.PkiRootSignIntermediate( ctx, schema.PkiRootSignIntermediateRequest{ @@ -504,8 +495,7 @@ func (v *VaultInitializer) signCertificate(csr string) (string, error) { return resp.Data.Certificate, nil } -func (v *VaultInitializer) importSignIntermediate(caChain, intermediateMount string) error { - ctx := context.Background() +func (v *VaultInitializer) importSignIntermediate(ctx context.Context, caChain, intermediateMount string) error { _, err := v.client.Secrets.PkiSetSignedIntermediate( ctx, schema.PkiSetSignedIntermediateRequest{ @@ -520,8 +510,7 @@ func (v *VaultInitializer) importSignIntermediate(caChain, intermediateMount str return nil } -func (v *VaultInitializer) configureCert(mount string) error { - ctx := context.Background() +func (v *VaultInitializer) configureCert(ctx context.Context, mount string) error { _, err := v.client.Secrets.PkiConfigureUrls( ctx, schema.PkiConfigureUrlsRequest{ @@ -541,8 +530,7 @@ func (v *VaultInitializer) configureCert(mount string) error { return nil } -func (v *VaultInitializer) configureIntermediateRoles() error { - ctx := context.Background() +func (v *VaultInitializer) configureIntermediateRoles(ctx context.Context) error { // TODO: Should use Secrets.PkiWriteRole here, // but it is broken. See: // https://github.com/hashicorp/vault-client-go/issues/195 @@ -567,8 +555,7 @@ func (v *VaultInitializer) configureIntermediateRoles() error { return nil } -func (v *VaultInitializer) setupAppRoleAuth() error { - ctx := context.Background() +func (v *VaultInitializer) setupAppRoleAuth(ctx context.Context) error { // vault auth-enable approle resp, err := v.client.System.AuthListEnabledMethods(ctx) if err != nil { @@ -593,8 +580,7 @@ func (v *VaultInitializer) setupAppRoleAuth() error { return nil } -func (v *VaultInitializer) setupKubernetesBasedAuth() error { - ctx := context.Background() +func (v *VaultInitializer) setupKubernetesBasedAuth(ctx context.Context) error { // vault auth-enable kubernetes resp, err := v.client.System.AuthListEnabledMethods(ctx) if err != nil { @@ -643,8 +629,7 @@ func (v *VaultInitializer) setupKubernetesBasedAuth() error { // CreateKubernetesrole creates a service account and ClusterRoleBinding for // Kubernetes auth delegation. The name "boundSA" refers to the Vault param // "bound_service_account_names". -func (v *VaultInitializer) CreateKubernetesRole(client kubernetes.Interface, boundNS, boundSA string) error { - ctx := context.Background() +func (v *VaultInitializer) CreateKubernetesRole(ctx context.Context, client kubernetes.Interface, boundNS, boundSA string) error { serviceAccount := &corev1.ServiceAccount{ ObjectMeta: metav1.ObjectMeta{ Name: boundSA, @@ -692,8 +677,7 @@ func (v *VaultInitializer) IntermediateSignPath() string { } // CleanKubernetesRole cleans up the ClusterRoleBinding and ServiceAccount for Kubernetes auth delegation -func (v *VaultInitializer) CleanKubernetesRole(client kubernetes.Interface, boundNS, boundSA string) error { - ctx := context.Background() +func (v *VaultInitializer) CleanKubernetesRole(ctx context.Context, client kubernetes.Interface, boundNS, boundSA string) error { if err := client.CoreV1().ServiceAccounts(boundNS).Delete(ctx, boundSA, metav1.DeleteOptions{}); err != nil { return err } @@ -748,13 +732,13 @@ func RoleAndBindingForServiceAccountRefAuth(roleName, namespace, serviceAccount // CreateKubernetesRoleForServiceAccountRefAuth creates a service account and a // role for using the "serviceAccountRef" field. -func CreateKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, roleName, saNS, saName string) error { +func CreateKubernetesRoleForServiceAccountRefAuth(ctx context.Context, client kubernetes.Interface, roleName, saNS, saName string) error { role, binding := RoleAndBindingForServiceAccountRefAuth(roleName, saNS, saName) - _, err := client.RbacV1().Roles(saNS).Create(context.TODO(), role, metav1.CreateOptions{}) + _, err := client.RbacV1().Roles(saNS).Create(ctx, role, metav1.CreateOptions{}) if err != nil { return fmt.Errorf("error creating Role for Kubernetes auth ServiceAccount with serviceAccountRef: %s", err.Error()) } - _, err = client.RbacV1().RoleBindings(saNS).Create(context.TODO(), binding, metav1.CreateOptions{}) + _, err = client.RbacV1().RoleBindings(saNS).Create(ctx, binding, metav1.CreateOptions{}) if err != nil { return fmt.Errorf("error creating RoleBinding for Kubernetes auth ServiceAccount with serviceAccountRef: %s", err.Error()) } @@ -762,16 +746,16 @@ func CreateKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, r return nil } -func CleanKubernetesRoleForServiceAccountRefAuth(client kubernetes.Interface, roleName, saNS, saName string) error { - if err := client.RbacV1().RoleBindings(saNS).Delete(context.TODO(), roleName, metav1.DeleteOptions{}); err != nil { +func CleanKubernetesRoleForServiceAccountRefAuth(ctx context.Context, client kubernetes.Interface, roleName, saNS, saName string) error { + if err := client.RbacV1().RoleBindings(saNS).Delete(ctx, roleName, metav1.DeleteOptions{}); err != nil { return err } - if err := client.RbacV1().Roles(saNS).Delete(context.TODO(), roleName, metav1.DeleteOptions{}); err != nil { + if err := client.RbacV1().Roles(saNS).Delete(ctx, roleName, metav1.DeleteOptions{}); err != nil { return err } - if err := client.CoreV1().ServiceAccounts(saNS).Delete(context.TODO(), saName, metav1.DeleteOptions{}); err != nil { + if err := client.CoreV1().ServiceAccounts(saNS).Delete(ctx, saName, metav1.DeleteOptions{}); err != nil { return err } diff --git a/test/e2e/framework/addon/vault/vault.go b/test/e2e/framework/addon/vault/vault.go index 8dfd485882d..4556f5694d1 100644 --- a/test/e2e/framework/addon/vault/vault.go +++ b/test/e2e/framework/addon/vault/vault.go @@ -312,11 +312,11 @@ func (v *Vault) Setup(cfg *config.Config, leaderData ...internal.AddonTransferab } // Provision will actually deploy this instance of Vault to the cluster. -func (v *Vault) Provision() error { +func (v *Vault) Provision(ctx context.Context) error { kubeClient := v.Base.Details().KubeClient // If the namespace doesn't exist, create it - _, err := kubeClient.CoreV1().Namespaces().Create(context.TODO(), &corev1.Namespace{ + _, err := kubeClient.CoreV1().Namespaces().Create(ctx, &corev1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: v.Namespace, }, @@ -343,13 +343,13 @@ func (v *Vault) Provision() error { "client.key": string(v.details.VaultClientPrivateKey), }, } - _, err = kubeClient.CoreV1().Secrets(v.Namespace).Create(context.TODO(), tlsSecret, metav1.CreateOptions{}) + _, err = kubeClient.CoreV1().Secrets(v.Namespace).Create(ctx, tlsSecret, metav1.CreateOptions{}) if err != nil { return err } // Deploy the vault chart - err = v.chart.Provision() + err = v.chart.Provision(ctx) if err != nil { return err } @@ -366,8 +366,8 @@ func (v *Vault) Provision() error { } var lastError error - err = wait.PollUntilContextTimeout(context.TODO(), 5*time.Second, 5*time.Minute, true, func(ctx context.Context) (bool, error) { - pod, err := kubeClient.CoreV1().Pods(v.proxy.podNamespace).Get(context.TODO(), v.proxy.podName, metav1.GetOptions{}) + err = wait.PollUntilContextTimeout(ctx, 5*time.Second, 5*time.Minute, true, func(ctx context.Context) (bool, error) { + pod, err := kubeClient.CoreV1().Pods(v.proxy.podNamespace).Get(ctx, v.proxy.podName, metav1.GetOptions{}) if err != nil && !apierrors.IsNotFound(err) { return false, err } @@ -396,7 +396,7 @@ func (v *Vault) Provision() error { GetLogs(v.proxy.podName, &corev1.PodLogOptions{ TailLines: ptr.To(int64(100)), }). - DoRaw(context.TODO()) + DoRaw(ctx) if err != nil { return fmt.Errorf("error waiting for vault pod to be ready: %w; failed to retrieve logs: %w", lastError, err) @@ -419,26 +419,26 @@ func (v *Vault) Details() *Details { } // Deprovision will destroy this instance of Vault -func (v *Vault) Deprovision() error { - if err := v.proxy.stop(); err != nil { +func (v *Vault) Deprovision(ctx context.Context) error { + if err := v.proxy.stop(ctx); err != nil { return err } kubeClient := v.Base.Details().KubeClient - err := kubeClient.CoreV1().Secrets(v.Namespace).Delete(context.TODO(), "vault-tls", metav1.DeleteOptions{}) + err := kubeClient.CoreV1().Secrets(v.Namespace).Delete(ctx, "vault-tls", metav1.DeleteOptions{}) if err != nil { return err } - return v.chart.Deprovision() + return v.chart.Deprovision(ctx) } func (v *Vault) SupportsGlobal() bool { return v.chart.SupportsGlobal() } -func (v *Vault) Logs() (map[string]string, error) { - return v.chart.Logs() +func (v *Vault) Logs(ctx context.Context) (map[string]string, error) { + return v.chart.Logs(ctx) } func generateVaultServingCert(vaultCA []byte, vaultCAPrivateKey []byte, dnsName string) ([]byte, []byte) { diff --git a/test/e2e/framework/addon/venafi/cloud.go b/test/e2e/framework/addon/venafi/cloud.go index ea3273d194f..98c68c9a208 100644 --- a/test/e2e/framework/addon/venafi/cloud.go +++ b/test/e2e/framework/addon/venafi/cloud.go @@ -70,7 +70,7 @@ func (v *VenafiCloud) Setup(cfg *config.Config, _ ...internal.AddonTransferableD return nil, nil } -func (v *VenafiCloud) Provision() error { +func (v *VenafiCloud) Provision(ctx context.Context) error { secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "cm-e2e-venafi-cloud-", @@ -81,7 +81,7 @@ func (v *VenafiCloud) Provision() error { }, } - s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Create(context.TODO(), secret, metav1.CreateOptions{}) + s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Create(ctx, secret, metav1.CreateOptions{}) if err != nil { return err } @@ -106,8 +106,8 @@ func (v *VenafiCloud) Details() *CloudDetails { return &v.details } -func (v *VenafiCloud) Deprovision() error { - return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(context.TODO(), v.createdSecret.Name, metav1.DeleteOptions{}) +func (v *VenafiCloud) Deprovision(ctx context.Context) error { + return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(ctx, v.createdSecret.Name, metav1.DeleteOptions{}) } func (v *VenafiCloud) SupportsGlobal() bool { @@ -141,9 +141,9 @@ func (t *CloudDetails) BuildClusterIssuer() *cmapi.ClusterIssuer { } // SetAPIKey sets the Secret data["apikey"] value -func (v *VenafiCloud) SetAPIKey(token string) error { +func (v *VenafiCloud) SetAPIKey(ctx context.Context, token string) error { v.createdSecret.Data["apikey"] = []byte(token) - s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Update(context.TODO(), v.createdSecret, metav1.UpdateOptions{}) + s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Update(ctx, v.createdSecret, metav1.UpdateOptions{}) if err != nil { return err } diff --git a/test/e2e/framework/addon/venafi/tpp.go b/test/e2e/framework/addon/venafi/tpp.go index 1939b6c5a1f..5387be92821 100644 --- a/test/e2e/framework/addon/venafi/tpp.go +++ b/test/e2e/framework/addon/venafi/tpp.go @@ -79,7 +79,7 @@ func (v *VenafiTPP) Setup(cfg *config.Config, _ ...internal.AddonTransferableDat return nil, nil } -func (v *VenafiTPP) Provision() error { +func (v *VenafiTPP) Provision(ctx context.Context) error { secret := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "cm-e2e-venafi-", @@ -92,7 +92,7 @@ func (v *VenafiTPP) Provision() error { }, } - s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Create(context.TODO(), secret, metav1.CreateOptions{}) + s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Create(ctx, secret, metav1.CreateOptions{}) if err != nil { return err } @@ -114,12 +114,12 @@ func (v *VenafiTPP) Details() *TPPDetails { return &v.details } -func (v *VenafiTPP) Deprovision() error { +func (v *VenafiTPP) Deprovision(ctx context.Context) error { if v.createdSecret == nil { return nil } - return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(context.TODO(), v.createdSecret.Name, metav1.DeleteOptions{}) + return v.Base.Details().KubeClient.CoreV1().Secrets(v.createdSecret.Namespace).Delete(ctx, v.createdSecret.Name, metav1.DeleteOptions{}) } func (v *VenafiTPP) SupportsGlobal() bool { @@ -153,9 +153,9 @@ func (t *TPPDetails) BuildClusterIssuer() *cmapi.ClusterIssuer { } // SetAccessToken sets the Secret data["access-token"] value -func (v *VenafiTPP) SetAccessToken(token string) error { +func (v *VenafiTPP) SetAccessToken(ctx context.Context, token string) error { v.createdSecret.Data["access-token"] = []byte(token) - s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Update(context.TODO(), v.createdSecret, metav1.UpdateOptions{}) + s, err := v.Base.Details().KubeClient.CoreV1().Secrets(v.Namespace).Update(ctx, v.createdSecret, metav1.UpdateOptions{}) if err != nil { return err } diff --git a/test/e2e/framework/cleanup.go b/test/e2e/framework/cleanup.go index b3063ba430b..3da587d209b 100644 --- a/test/e2e/framework/cleanup.go +++ b/test/e2e/framework/cleanup.go @@ -18,17 +18,20 @@ limitations under the License. package framework -import "sync" +import ( + "context" + "sync" +) type CleanupActionHandle *int var cleanupActionsLock sync.Mutex -var cleanupActions = map[CleanupActionHandle]func(){} +var cleanupActions = map[CleanupActionHandle]func(ctx context.Context){} // AddCleanupAction installs a function that will be called in the event of the // whole test being terminated. This allows arbitrary pieces of the overall // test to hook into SynchronizedAfterSuite(). -func AddCleanupAction(fn func()) CleanupActionHandle { +func AddCleanupAction(fn func(ctx context.Context)) CleanupActionHandle { p := CleanupActionHandle(new(int)) cleanupActionsLock.Lock() defer cleanupActionsLock.Unlock() @@ -47,8 +50,8 @@ func RemoveCleanupAction(p CleanupActionHandle) { // RunCleanupActions runs all functions installed by AddCleanupAction. It does // not remove them (see RemoveCleanupAction) but it does run unlocked, so they // may remove themselves. -func RunCleanupActions() { - list := []func(){} +func RunCleanupActions(ctx context.Context) { + list := []func(ctx context.Context){} func() { cleanupActionsLock.Lock() defer cleanupActionsLock.Unlock() @@ -58,6 +61,6 @@ func RunCleanupActions() { }() // Run unlocked. for _, fn := range list { - fn() + fn(ctx) } } diff --git a/test/e2e/framework/framework.go b/test/e2e/framework/framework.go index 3157afb7b4a..7712f3db7f5 100644 --- a/test/e2e/framework/framework.go +++ b/test/e2e/framework/framework.go @@ -114,7 +114,7 @@ func NewFramework(baseName string, cfg *config.Config) *Framework { } // BeforeEach gets a client and makes a namespace. -func (f *Framework) BeforeEach() { +func (f *Framework) BeforeEach(ctx context.Context) { f.cleanupHandle = AddCleanupAction(f.AfterEach) By("Creating a kubernetes client") @@ -146,13 +146,13 @@ func (f *Framework) BeforeEach() { Expect(err).NotTo(HaveOccurred()) By("Building a namespace api object") - f.Namespace, err = f.CreateKubeNamespace(f.BaseName) + f.Namespace, err = f.CreateKubeNamespace(ctx, f.BaseName) Expect(err).NotTo(HaveOccurred()) By("Using the namespace " + f.Namespace.Name) By("Building a ResourceQuota api object") - _, err = f.CreateKubeResourceQuota() + _, err = f.CreateKubeResourceQuota(ctx) Expect(err).NotTo(HaveOccurred()) f.helper.CMClient = f.CertManagerClientSet @@ -160,7 +160,7 @@ func (f *Framework) BeforeEach() { } // AfterEach deletes the namespace, after reading its events. -func (f *Framework) AfterEach() { +func (f *Framework) AfterEach(ctx context.Context) { RemoveCleanupAction(f.cleanupHandle) f.printAddonLogs() @@ -172,12 +172,12 @@ func (f *Framework) AfterEach() { for i := len(f.requiredAddons) - 1; i >= 0; i-- { a := f.requiredAddons[i] By("De-provisioning test-scoped addon") - err := a.Deprovision() + err := a.Deprovision(ctx) Expect(err).NotTo(HaveOccurred()) } By("Deleting test namespace") - err := f.DeleteKubeNamespace(f.Namespace.Name) + err := f.DeleteKubeNamespace(ctx, f.Namespace.Name) Expect(err).NotTo(HaveOccurred()) } @@ -220,7 +220,7 @@ type loggableAddon interface { func (f *Framework) RequireAddon(a addon.Addon) { f.requiredAddons = append(f.requiredAddons, a) - BeforeEach(func() { + BeforeEach(func(ctx context.Context) { By("Provisioning test-scoped addon") _, err := a.Setup(f.Config) if errors.IsSkip(err) { @@ -228,7 +228,7 @@ func (f *Framework) RequireAddon(a addon.Addon) { } Expect(err).NotTo(HaveOccurred()) - err = a.Provision() + err = a.Provision(ctx) Expect(err).NotTo(HaveOccurred()) }) } @@ -237,9 +237,9 @@ func (f *Framework) Helper() *helper.Helper { return f.helper } -func (f *Framework) CertificateDurationValid(c *v1.Certificate, duration, fuzz time.Duration) { +func (f *Framework) CertificateDurationValid(ctx context.Context, c *v1.Certificate, duration, fuzz time.Duration) { By("Verifying TLS certificate exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), c.Spec.SecretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, c.Spec.SecretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) certBytes, ok := secret.Data[api.TLSCertKey] if !ok { diff --git a/test/e2e/framework/helper/certificaterequests.go b/test/e2e/framework/helper/certificaterequests.go index 34cdd97da91..c4ce6f3d30c 100644 --- a/test/e2e/framework/helper/certificaterequests.go +++ b/test/e2e/framework/helper/certificaterequests.go @@ -40,14 +40,14 @@ import ( // WaitForCertificateRequestReady waits for the CertificateRequest resource to // enter a Ready state. -func (h *Helper) WaitForCertificateRequestReady(ns, name string, timeout time.Duration) (*cmapi.CertificateRequest, error) { +func (h *Helper) WaitForCertificateRequestReady(ctx context.Context, ns, name string, timeout time.Duration) (*cmapi.CertificateRequest, error) { var cr *cmapi.CertificateRequest logf, done := log.LogBackoff() defer done() - err := wait.PollUntilContextTimeout(context.TODO(), time.Second, timeout, true, func(ctx context.Context) (bool, error) { + err := wait.PollUntilContextTimeout(ctx, time.Second, timeout, true, func(ctx context.Context) (bool, error) { var err error logf("Waiting for CertificateRequest %s to be ready", name) - cr, err = h.CMClient.CertmanagerV1().CertificateRequests(ns).Get(context.TODO(), name, metav1.GetOptions{}) + cr, err = h.CMClient.CertmanagerV1().CertificateRequests(ns).Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error getting CertificateRequest %s: %v", name, err) } @@ -73,7 +73,7 @@ func (h *Helper) WaitForCertificateRequestReady(ns, name string, timeout time.Du // CertificateRequest has a certificate issued for it, and that the details on // the x509 certificate are correct as defined by the CertificateRequest's // spec. -func (h *Helper) ValidateIssuedCertificateRequest(cr *cmapi.CertificateRequest, key crypto.Signer, rootCAPEM []byte) (*x509.Certificate, error) { +func (h *Helper) ValidateIssuedCertificateRequest(ctx context.Context, cr *cmapi.CertificateRequest, key crypto.Signer, rootCAPEM []byte) (*x509.Certificate, error) { csr, err := pki.DecodeX509CertificateRequestBytes(cr.Spec.Request) if err != nil { return nil, fmt.Errorf("failed to decode CertificateRequest's Spec.Request: %s", err) @@ -155,7 +155,7 @@ func (h *Helper) ValidateIssuedCertificateRequest(cr *cmapi.CertificateRequest, return nil, fmt.Errorf("unsupported key algorithm type: %s", csr.PublicKeyAlgorithm) } - defaultCertKeyUsages, defaultCertExtKeyUsages, err := h.defaultKeyUsagesToAdd(cr.Namespace, &cr.Spec.IssuerRef) + defaultCertKeyUsages, defaultCertExtKeyUsages, err := h.defaultKeyUsagesToAdd(ctx, cr.Namespace, &cr.Spec.IssuerRef) if err != nil { return nil, err } @@ -205,12 +205,12 @@ func (h *Helper) ValidateIssuedCertificateRequest(cr *cmapi.CertificateRequest, return cert, nil } -func (h *Helper) WaitCertificateRequestIssuedValid(ns, name string, timeout time.Duration, key crypto.Signer) error { - return h.WaitCertificateRequestIssuedValidTLS(ns, name, timeout, key, nil) +func (h *Helper) WaitCertificateRequestIssuedValid(ctx context.Context, ns, name string, timeout time.Duration, key crypto.Signer) error { + return h.WaitCertificateRequestIssuedValidTLS(ctx, ns, name, timeout, key, nil) } -func (h *Helper) WaitCertificateRequestIssuedValidTLS(ns, name string, timeout time.Duration, key crypto.Signer, rootCAPEM []byte) error { - cr, err := h.WaitForCertificateRequestReady(ns, name, timeout) +func (h *Helper) WaitCertificateRequestIssuedValidTLS(ctx context.Context, ns, name string, timeout time.Duration, key crypto.Signer, rootCAPEM []byte) error { + cr, err := h.WaitForCertificateRequestReady(ctx, ns, name, timeout) if err != nil { log.Logf("Error waiting for CertificateRequest to become Ready: %v", err) h.Kubectl(ns).DescribeResource("certificaterequest", name) @@ -218,7 +218,7 @@ func (h *Helper) WaitCertificateRequestIssuedValidTLS(ns, name string, timeout t return err } - _, err = h.ValidateIssuedCertificateRequest(cr, key, rootCAPEM) + _, err = h.ValidateIssuedCertificateRequest(ctx, cr, key, rootCAPEM) if err != nil { log.Logf("Error validating issued certificate: %v", err) h.Kubectl(ns).DescribeResource("certificaterequest", name) diff --git a/test/e2e/framework/helper/certificates.go b/test/e2e/framework/helper/certificates.go index c8513c0d7a7..262281649f2 100644 --- a/test/e2e/framework/helper/certificates.go +++ b/test/e2e/framework/helper/certificates.go @@ -36,16 +36,16 @@ import ( ) // WaitForCertificateToExist waits for the named certificate to exist and returns the certificate -func (h *Helper) WaitForCertificateToExist(namespace string, name string, timeout time.Duration) (*cmapi.Certificate, error) { +func (h *Helper) WaitForCertificateToExist(ctx context.Context, namespace string, name string, timeout time.Duration) (*cmapi.Certificate, error) { client := h.CMClient.CertmanagerV1().Certificates(namespace) var certificate *v1.Certificate logf, done := log.LogBackoff() defer done() - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { logf("Waiting for Certificate %v to exist", name) var err error - certificate, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + certificate, err = client.Get(ctx, name, metav1.GetOptions{}) if errors.IsNotFound(err) { return false, nil } @@ -58,11 +58,11 @@ func (h *Helper) WaitForCertificateToExist(namespace string, name string, timeou return certificate, pollErr } -func (h *Helper) waitForCertificateCondition(client clientset.CertificateInterface, name string, check func(*v1.Certificate) bool, timeout time.Duration) (*cmapi.Certificate, error) { +func (h *Helper) waitForCertificateCondition(ctx context.Context, client clientset.CertificateInterface, name string, check func(*v1.Certificate) bool, timeout time.Duration) (*cmapi.Certificate, error) { var certificate *v1.Certificate - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { var err error - certificate, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + certificate, err = client.Get(ctx, name, metav1.GetOptions{}) if nil != err { certificate = nil return false, fmt.Errorf("error getting Certificate %v: %v", name, err) @@ -93,7 +93,7 @@ func (h *Helper) waitForCertificateCondition(client clientset.CertificateInterfa // WaitForCertificateReadyAndDoneIssuing waits for the certificate resource to be in a Ready=True state and not be in an Issuing state. // The Ready=True condition will be checked against the provided certificate to make sure that it is up-to-date (condition gen. >= cert gen.). -func (h *Helper) WaitForCertificateReadyAndDoneIssuing(cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { +func (h *Helper) WaitForCertificateReadyAndDoneIssuing(ctx context.Context, cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { ready_true_condition := cmapi.CertificateCondition{ Type: cmapi.CertificateConditionReady, Status: cmmeta.ConditionTrue, @@ -105,7 +105,7 @@ func (h *Helper) WaitForCertificateReadyAndDoneIssuing(cert *cmapi.Certificate, } logf, done := log.LogBackoff() defer done() - return h.waitForCertificateCondition(h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { + return h.waitForCertificateCondition(ctx, h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { if !apiutil.CertificateHasConditionWithObservedGeneration(certificate, ready_true_condition) { logf( "Expected Certificate %v condition %v=%v (generation >= %v) but it has: %v", @@ -134,7 +134,7 @@ func (h *Helper) WaitForCertificateReadyAndDoneIssuing(cert *cmapi.Certificate, // WaitForCertificateNotReadyAndDoneIssuing waits for the certificate resource to be in a Ready=False state and not be in an Issuing state. // The Ready=False condition will be checked against the provided certificate to make sure that it is up-to-date (condition gen. >= cert gen.). -func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { +func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(ctx context.Context, cert *cmapi.Certificate, timeout time.Duration) (*cmapi.Certificate, error) { ready_false_condition := cmapi.CertificateCondition{ Type: cmapi.CertificateConditionReady, Status: cmmeta.ConditionFalse, @@ -146,7 +146,7 @@ func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(cert *cmapi.Certificat } logf, done := log.LogBackoff() defer done() - return h.waitForCertificateCondition(h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { + return h.waitForCertificateCondition(ctx, h.CMClient.CertmanagerV1().Certificates(cert.Namespace), cert.Name, func(certificate *v1.Certificate) bool { if !apiutil.CertificateHasConditionWithObservedGeneration(certificate, ready_false_condition) { logf( "Expected Certificate %v condition %v=%v (generation >= %v) but it has: %v", @@ -173,11 +173,11 @@ func (h *Helper) WaitForCertificateNotReadyAndDoneIssuing(cert *cmapi.Certificat }, timeout) } -func (h *Helper) waitForIssuerCondition(client clientset.IssuerInterface, name string, check func(issuer *v1.Issuer) bool, timeout time.Duration) (*cmapi.Issuer, error) { +func (h *Helper) waitForIssuerCondition(ctx context.Context, client clientset.IssuerInterface, name string, check func(issuer *v1.Issuer) bool, timeout time.Duration) (*cmapi.Issuer, error) { var issuer *v1.Issuer - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { var err error - issuer, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + issuer, err = client.Get(ctx, name, metav1.GetOptions{}) if nil != err { issuer = nil return false, fmt.Errorf("error getting Issuer %v: %v", name, err) @@ -197,7 +197,7 @@ func (h *Helper) waitForIssuerCondition(client clientset.IssuerInterface, name s // WaitIssuerReady waits for the Issuer resource to be in a Ready=True state // The Ready=True condition will be checked against the provided issuer to make sure its ready. -func (h *Helper) WaitIssuerReady(issuer *cmapi.Issuer, timeout time.Duration) (*cmapi.Issuer, error) { +func (h *Helper) WaitIssuerReady(ctx context.Context, issuer *cmapi.Issuer, timeout time.Duration) (*cmapi.Issuer, error) { ready_true_condition := cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, @@ -205,7 +205,7 @@ func (h *Helper) WaitIssuerReady(issuer *cmapi.Issuer, timeout time.Duration) (* logf, done := log.LogBackoff() defer done() - return h.waitForIssuerCondition(h.CMClient.CertmanagerV1().Issuers(issuer.Namespace), issuer.Name, func(issuer *v1.Issuer) bool { + return h.waitForIssuerCondition(ctx, h.CMClient.CertmanagerV1().Issuers(issuer.Namespace), issuer.Name, func(issuer *v1.Issuer) bool { if !apiutil.IssuerHasCondition(issuer, ready_true_condition) { logf( "Expected Issuer %v condition %v=%v but it has: %v", @@ -220,11 +220,11 @@ func (h *Helper) WaitIssuerReady(issuer *cmapi.Issuer, timeout time.Duration) (* }, timeout) } -func (h *Helper) waitForClusterIssuerCondition(client clientset.ClusterIssuerInterface, name string, check func(issuer *v1.ClusterIssuer) bool, timeout time.Duration) (*cmapi.ClusterIssuer, error) { +func (h *Helper) waitForClusterIssuerCondition(ctx context.Context, client clientset.ClusterIssuerInterface, name string, check func(issuer *v1.ClusterIssuer) bool, timeout time.Duration) (*cmapi.ClusterIssuer, error) { var issuer *v1.ClusterIssuer - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, timeout, true, func(ctx context.Context) (bool, error) { var err error - issuer, err = client.Get(context.TODO(), name, metav1.GetOptions{}) + issuer, err = client.Get(ctx, name, metav1.GetOptions{}) if nil != err { issuer = nil return false, fmt.Errorf("error getting Issuer %v: %v", name, err) @@ -244,14 +244,14 @@ func (h *Helper) waitForClusterIssuerCondition(client clientset.ClusterIssuerInt // WaitClusterIssuerReady waits for the Cluster Issuer resource to be in a Ready=True state // The Ready=True condition will be checked against the provided issuer to make sure its ready. -func (h *Helper) WaitClusterIssuerReady(issuer *cmapi.ClusterIssuer, timeout time.Duration) (*cmapi.ClusterIssuer, error) { +func (h *Helper) WaitClusterIssuerReady(ctx context.Context, issuer *cmapi.ClusterIssuer, timeout time.Duration) (*cmapi.ClusterIssuer, error) { ready_true_condition := cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, } logf, done := log.LogBackoff() defer done() - return h.waitForClusterIssuerCondition(h.CMClient.CertmanagerV1().ClusterIssuers(), issuer.Name, func(issuer *v1.ClusterIssuer) bool { + return h.waitForClusterIssuerCondition(ctx, h.CMClient.CertmanagerV1().ClusterIssuers(), issuer.Name, func(issuer *v1.ClusterIssuer) bool { if !apiutil.IssuerHasCondition(issuer, ready_true_condition) { logf( "Expected Cluster Issuer %v condition %v=%v but it has: %v", @@ -282,11 +282,11 @@ func (h *Helper) deduplicateExtKeyUsages(us []x509.ExtKeyUsage) []x509.ExtKeyUsa return us } -func (h *Helper) defaultKeyUsagesToAdd(ns string, issuerRef *cmmeta.ObjectReference) (x509.KeyUsage, []x509.ExtKeyUsage, error) { +func (h *Helper) defaultKeyUsagesToAdd(ctx context.Context, ns string, issuerRef *cmmeta.ObjectReference) (x509.KeyUsage, []x509.ExtKeyUsage, error) { var issuerSpec *cmapi.IssuerSpec switch issuerRef.Kind { case "ClusterIssuer": - issuerObj, err := h.CMClient.CertmanagerV1().ClusterIssuers().Get(context.TODO(), issuerRef.Name, metav1.GetOptions{}) + issuerObj, err := h.CMClient.CertmanagerV1().ClusterIssuers().Get(ctx, issuerRef.Name, metav1.GetOptions{}) if err != nil { return 0, nil, fmt.Errorf("failed to find referenced ClusterIssuer %v: %s", issuerRef, err) @@ -294,7 +294,7 @@ func (h *Helper) defaultKeyUsagesToAdd(ns string, issuerRef *cmmeta.ObjectRefere issuerSpec = &issuerObj.Spec default: - issuerObj, err := h.CMClient.CertmanagerV1().Issuers(ns).Get(context.TODO(), issuerRef.Name, metav1.GetOptions{}) + issuerObj, err := h.CMClient.CertmanagerV1().Issuers(ns).Get(ctx, issuerRef.Name, metav1.GetOptions{}) if err != nil { return 0, nil, fmt.Errorf("failed to find referenced Issuer %v: %s", issuerRef, err) diff --git a/test/e2e/framework/helper/certificatesigningrequests.go b/test/e2e/framework/helper/certificatesigningrequests.go index acdd5b9bbe1..569c6afbd74 100644 --- a/test/e2e/framework/helper/certificatesigningrequests.go +++ b/test/e2e/framework/helper/certificatesigningrequests.go @@ -31,14 +31,14 @@ import ( // WaitForCertificateSigningRequestSigned waits for the // CertificateSigningRequest resource to be signed. -func (h *Helper) WaitForCertificateSigningRequestSigned(name string, timeout time.Duration) (*certificatesv1.CertificateSigningRequest, error) { +func (h *Helper) WaitForCertificateSigningRequestSigned(ctx context.Context, name string, timeout time.Duration) (*certificatesv1.CertificateSigningRequest, error) { var csr *certificatesv1.CertificateSigningRequest logf, done := log.LogBackoff() defer done() - err := wait.PollUntilContextTimeout(context.TODO(), time.Second, timeout, true, func(ctx context.Context) (bool, error) { + err := wait.PollUntilContextTimeout(ctx, time.Second, timeout, true, func(ctx context.Context) (bool, error) { var err error logf("Waiting for CertificateSigningRequest %s to be ready", name) - csr, err = h.KubeClient.CertificatesV1().CertificateSigningRequests().Get(context.TODO(), name, metav1.GetOptions{}) + csr, err = h.KubeClient.CertificatesV1().CertificateSigningRequests().Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error getting CertificateSigningRequest %s: %v", name, err) } diff --git a/test/e2e/framework/helper/pod_start.go b/test/e2e/framework/helper/pod_start.go index e1e3d814b8a..486e4199727 100644 --- a/test/e2e/framework/helper/pod_start.go +++ b/test/e2e/framework/helper/pod_start.go @@ -39,16 +39,16 @@ const ( // WaitForAllPodsRunningInNamespace waits default amount of time (PodStartTimeout) // for all pods in the specified namespace to become running. -func (h *Helper) WaitForAllPodsRunningInNamespace(ns string) error { - return h.WaitForAllPodsRunningInNamespaceTimeout(ns, PodStartTimeout) +func (h *Helper) WaitForAllPodsRunningInNamespace(ctx context.Context, ns string) error { + return h.WaitForAllPodsRunningInNamespaceTimeout(ctx, ns, PodStartTimeout) } -func (h *Helper) WaitForAllPodsRunningInNamespaceTimeout(ns string, timeout time.Duration) error { +func (h *Helper) WaitForAllPodsRunningInNamespaceTimeout(ctx context.Context, ns string, timeout time.Duration) error { ginkgo.By("Waiting " + timeout.String() + " for all pods in namespace '" + ns + "' to be Ready") logf, done := log.LogBackoff() defer done() - return wait.PollUntilContextTimeout(context.TODO(), Poll, timeout, true, func(ctx context.Context) (bool, error) { - pods, err := h.KubeClient.CoreV1().Pods(ns).List(context.TODO(), metav1.ListOptions{}) + return wait.PollUntilContextTimeout(ctx, Poll, timeout, true, func(ctx context.Context) (bool, error) { + pods, err := h.KubeClient.CoreV1().Pods(ns).List(ctx, metav1.ListOptions{}) if err != nil { return false, err } diff --git a/test/e2e/framework/helper/secret.go b/test/e2e/framework/helper/secret.go index cfff38c3281..9312cf62537 100644 --- a/test/e2e/framework/helper/secret.go +++ b/test/e2e/framework/helper/secret.go @@ -30,14 +30,14 @@ import ( // WaitForSecretCertificateData waits for the certificate data to be ready // inside a Secret created by cert-manager. -func (h *Helper) WaitForSecretCertificateData(ns, name string, timeout time.Duration) (*corev1.Secret, error) { +func (h *Helper) WaitForSecretCertificateData(ctx context.Context, ns, name string, timeout time.Duration) (*corev1.Secret, error) { var secret *corev1.Secret logf, done := log.LogBackoff() defer done() - err := wait.PollUntilContextTimeout(context.TODO(), time.Second, timeout, true, func(ctx context.Context) (bool, error) { + err := wait.PollUntilContextTimeout(ctx, time.Second, timeout, true, func(ctx context.Context) (bool, error) { var err error logf("Waiting for Secret %s:%s to contain a certificate", ns, name) - secret, err = h.KubeClient.CoreV1().Secrets(ns).Get(context.TODO(), name, metav1.GetOptions{}) + secret, err = h.KubeClient.CoreV1().Secrets(ns).Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error getting secret %s: %s", name, err) } diff --git a/test/e2e/framework/testenv.go b/test/e2e/framework/testenv.go index 9ad1feeb74e..9135abfb73b 100644 --- a/test/e2e/framework/testenv.go +++ b/test/e2e/framework/testenv.go @@ -36,19 +36,19 @@ const ( ) // CreateKubeNamespace creates a new Kubernetes Namespace for a test. -func (f *Framework) CreateKubeNamespace(baseName string) (*v1.Namespace, error) { +func (f *Framework) CreateKubeNamespace(ctx context.Context, baseName string) (*v1.Namespace, error) { ns := &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ GenerateName: fmt.Sprintf("e2e-tests-%v-", baseName), }, } - return f.KubeClientSet.CoreV1().Namespaces().Create(context.TODO(), ns, metav1.CreateOptions{}) + return f.KubeClientSet.CoreV1().Namespaces().Create(ctx, ns, metav1.CreateOptions{}) } // CreateKubeResourceQuota provisions a ResourceQuota resource in the target // namespace. -func (f *Framework) CreateKubeResourceQuota() (*v1.ResourceQuota, error) { +func (f *Framework) CreateKubeResourceQuota(ctx context.Context) (*v1.ResourceQuota, error) { quota := &v1.ResourceQuota{ ObjectMeta: metav1.ObjectMeta{ Name: "default-e2e-quota", @@ -65,18 +65,18 @@ func (f *Framework) CreateKubeResourceQuota() (*v1.ResourceQuota, error) { }, }, } - return f.KubeClientSet.CoreV1().ResourceQuotas(f.Namespace.Name).Create(context.TODO(), quota, metav1.CreateOptions{}) + return f.KubeClientSet.CoreV1().ResourceQuotas(f.Namespace.Name).Create(ctx, quota, metav1.CreateOptions{}) } // DeleteKubeNamespace will delete a namespace resource -func (f *Framework) DeleteKubeNamespace(namespace string) error { - return f.KubeClientSet.CoreV1().Namespaces().Delete(context.TODO(), namespace, metav1.DeleteOptions{}) +func (f *Framework) DeleteKubeNamespace(ctx context.Context, namespace string) error { + return f.KubeClientSet.CoreV1().Namespaces().Delete(ctx, namespace, metav1.DeleteOptions{}) } // WaitForKubeNamespaceNotExist will wait for the namespace with the given name // to not exist for up to 2 minutes. -func (f *Framework) WaitForKubeNamespaceNotExist(namespace string) error { - return wait.PollUntilContextTimeout(context.TODO(), Poll, time.Minute*2, true, func(ctx context.Context) (bool, error) { +func (f *Framework) WaitForKubeNamespaceNotExist(ctx context.Context, namespace string) error { + return wait.PollUntilContextTimeout(ctx, Poll, time.Minute*2, true, func(ctx context.Context) (bool, error) { _, err := f.KubeClientSet.CoreV1().Namespaces().Get(ctx, namespace, metav1.GetOptions{}) if apierrors.IsNotFound(err) { return true, nil diff --git a/test/e2e/suite/certificates/additionaloutputformats.go b/test/e2e/suite/certificates/additionaloutputformats.go index 28ce4ff0140..6b0d3bb2810 100644 --- a/test/e2e/suite/certificates/additionaloutputformats.go +++ b/test/e2e/suite/certificates/additionaloutputformats.go @@ -50,6 +50,9 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo secretName = "test-additional-output-formats" ) + ctx := context.TODO() + f := framework.NewDefaultFramework("certificates-additional-output-formats") + createCertificate := func(f *framework.Framework, aof []cmapi.CertificateAdditionalOutputFormat) (string, *cmapi.Certificate) { framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.AdditionalCertificateOutputFormats) @@ -70,16 +73,14 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo } By("creating Certificate with AdditionalOutputFormats") - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, crt, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") return crt.Name, crt } - f := framework.NewDefaultFramework("certificates-additional-output-formats") - BeforeEach(func() { By("creating a self-signing issuer") issuer := gen.Issuer(issuerName, @@ -88,7 +89,7 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) @@ -311,7 +312,7 @@ var _ = framework.CertManagerDescribe("Certificate AdditionalCertificateOutputFo }) Expect(err).NotTo(HaveOccurred()) - crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") By("ensuring additional output formats reflect the new private key and certificate") diff --git a/test/e2e/suite/certificates/duplicatesecretname.go b/test/e2e/suite/certificates/duplicatesecretname.go index a2259ec7c96..22667ba3c5f 100644 --- a/test/e2e/suite/certificates/duplicatesecretname.go +++ b/test/e2e/suite/certificates/duplicatesecretname.go @@ -71,7 +71,7 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( By("creating Certificate") - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, crt, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) return crt.Name @@ -82,10 +82,10 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( issuer := gen.Issuer("self-signed", gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{})) - Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) + Expect(f.CRClient.Create(ctx, issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), "self-signed", cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) @@ -102,21 +102,21 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( gen.SetCertificateIsCA(true), gen.SetCertificateSecretName("ca-issuer"), ) - Expect(f.CRClient.Create(context.Background(), crt)).To(Succeed()) - _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Second*10) + Expect(f.CRClient.Create(ctx, crt)).To(Succeed()) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Second*10) Expect(err).NotTo(HaveOccurred()) issuer = gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerCA(cmapi.CAIssuer{SecretName: "ca-issuer"}), ) - Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + Expect(f.CRClient.Create(ctx, issuer)).To(Succeed()) + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { - Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.Background(), issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) + Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) }) It("if Certificates are created in the same Namsespace with the same spec.secretName, they should block issuance, and never create more than one request.", func() { @@ -168,7 +168,7 @@ var _ = framework.CertManagerDescribe("Certificate Duplicate Secret Name", func( for _, crtName := range []string{crt1, crt2, crt3} { crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) - _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Second*10) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Second*10) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") } }) diff --git a/test/e2e/suite/certificates/literalsubjectrdns.go b/test/e2e/suite/certificates/literalsubjectrdns.go index 329e3e86395..3e4fec9e3c7 100644 --- a/test/e2e/suite/certificates/literalsubjectrdns.go +++ b/test/e2e/suite/certificates/literalsubjectrdns.go @@ -39,13 +39,13 @@ import ( ) var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { - const ( testName = "test-literalsubject-rdn-parsing" issuerName = "certificate-literalsubject-rdns" secretName = testName ) + ctx := context.TODO() f := framework.NewDefaultFramework("certificate-literalsubject-rdns") createCertificate := func(f *framework.Framework, literalSubject string) (*cmapi.Certificate, error) { @@ -78,7 +78,7 @@ var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) @@ -92,7 +92,7 @@ var _ = framework.CertManagerDescribe("literalsubject rdn parsing", func() { It("Should create a certificate with all the supplied RDNs as subject names in reverse string order, including DC and UID", func() { crt, err := createCertificate(f, "CN=James \\\"Jim\\\" Smith\\, III,UID=jamessmith,SERIALNUMBER=1234512345,OU=Admins,OU=IT,DC=net,DC=dc,O=Acme,STREET=La Rambla,L=Barcelona,C=Spain") Expect(err).NotTo(HaveOccurred()) - _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), secretName, metav1.GetOptions{}) diff --git a/test/e2e/suite/certificates/othernamesan.go b/test/e2e/suite/certificates/othernamesan.go index 44bf3692b40..39f24b6d908 100644 --- a/test/e2e/suite/certificates/othernamesan.go +++ b/test/e2e/suite/certificates/othernamesan.go @@ -50,6 +50,7 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { ) f := framework.NewDefaultFramework("certificate-othername-san-processing") + ctx := context.TODO() createCertificate := func(f *framework.Framework, OtherNames []cmapi.OtherName) (*cmapi.Certificate, error) { crt := &cmapi.Certificate{ @@ -69,7 +70,7 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { }, } By("creating Certificate with OtherNames") - return f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{}) + return f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, crt, metav1.CreateOptions{}) } BeforeEach(func() { @@ -79,16 +80,16 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{})) - Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) + Expect(f.CRClient.Create(ctx, issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { - Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.Background(), issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) + Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) }) It("Should create a certificate with the supplied otherName SAN value and emailAddress included", func() { @@ -99,7 +100,7 @@ var _ = framework.CertManagerDescribe("othername san processing", func() { }, }) Expect(err).NotTo(HaveOccurred()) - _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + _, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), secretName, metav1.GetOptions{}) diff --git a/test/e2e/suite/certificates/secrettemplate.go b/test/e2e/suite/certificates/secrettemplate.go index 79959a491e5..eb5fb58d46c 100644 --- a/test/e2e/suite/certificates/secrettemplate.go +++ b/test/e2e/suite/certificates/secrettemplate.go @@ -48,6 +48,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { ) f := framework.NewDefaultFramework("certificates-secret-template") + ctx := context.TODO() createCertificate := func(f *framework.Framework, secretTemplate *cmapi.CertificateSecretTemplate) string { crt := &cmapi.Certificate{ @@ -69,10 +70,10 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("creating Certificate with SecretTemplate") - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.Background(), crt, metav1.CreateOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, crt, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(crt, time.Minute*2) + crt, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, crt, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") return crt.Name @@ -83,22 +84,22 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(cmapi.SelfSignedIssuer{})) - Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) + Expect(f.CRClient.Create(ctx, issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, cmapi.IssuerCondition{Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { - Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.Background(), issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) + Expect(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{})).NotTo(HaveOccurred()) }) It("should not remove Annotations and Labels which have been added by a third party and not present in the SecretTemplate", func() { createCertificate(f, &cmapi.CertificateSecretTemplate{Annotations: map[string]string{"foo": "bar"}, Labels: map[string]string{"abc": "123"}}) - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) By("ensure Secret has correct Labels and Annotations with SecretTemplate") @@ -106,30 +107,30 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Expect(secret.Labels).To(HaveKeyWithValue("abc", "123")) By("add Annotation to Secret which should not be removed") - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) secret.Annotations["random"] = "annotation" - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.Background(), secret, metav1.UpdateOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, secret, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) Consistently(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("foo", "bar")) Expect(secret.Annotations).To(HaveKeyWithValue("random", "annotation")) By("add Label to Secret which should not be removed") - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) secret.Labels["random"] = "label" - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.Background(), secret, metav1.UpdateOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, secret, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) Consistently(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Labels }, "20s", "1s").Should(HaveKeyWithValue("abc", "123")) @@ -142,7 +143,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { }) By("ensure Secret has correct Labels and Annotations with SecretTemplate") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) Expect(secret.Annotations).To(HaveKeyWithValue("foo", "bar")) Expect(secret.Annotations).To(HaveKeyWithValue("bar", "foo")) @@ -152,7 +153,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("adding Annotations and Labels to SecretTemplate should appear on the Secret") Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } @@ -160,12 +161,12 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { crt.Spec.SecretTemplate.Annotations["another"] = "random annotation" crt.Spec.SecretTemplate.Labels["hello"] = "world" crt.Spec.SecretTemplate.Labels["random"] = "label" - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("random", "annotation")) @@ -174,7 +175,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Expect(secret.Annotations).To(HaveKeyWithValue("another", "random annotation")) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Labels }, "20s", "1s").Should(HaveKeyWithValue("hello", "world")) @@ -184,7 +185,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("removing Annotations and Labels in SecretTemplate should get removed on the Secret") Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } @@ -192,12 +193,12 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { delete(crt.Spec.SecretTemplate.Annotations, "random") delete(crt.Spec.SecretTemplate.Labels, "abc") delete(crt.Spec.SecretTemplate.Labels, "another") - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").ShouldNot(HaveKey("foo")) @@ -214,7 +215,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { }) By("ensure Secret has correct Labels and Annotations with SecretTemplate") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) Expect(secret.Annotations).To(HaveKeyWithValue("foo", "bar")) @@ -225,7 +226,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("changing Annotation and Label keys on the SecretTemplate should be reflected on the Secret") Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } @@ -233,12 +234,12 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { crt.Spec.SecretTemplate.Annotations["bar"] = "not foo" crt.Spec.SecretTemplate.Labels["abc"] = "098" crt.Spec.SecretTemplate.Labels["def"] = "555" - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("foo", "123")) @@ -253,7 +254,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { crtName := createCertificate(f, nil) By("add Labels and Annotations to the Secret that are not owned by cert-manager") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if secret.Annotations == nil { @@ -267,10 +268,10 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { secret.Labels["abc"] = "123" secret.Labels["foo"] = "bar" - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.Background(), secret, metav1.UpdateOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, secret, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) Expect(secret.Annotations).To(HaveKeyWithValue("an-annotation", "bar")) Expect(secret.Annotations).To(HaveKeyWithValue("another-annotation", "def")) @@ -285,7 +286,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Expect(err).NotTo(HaveOccurred()) By("expect those Annotations and Labels to be present on the Secret") - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) Expect(secret.Annotations).To(HaveKeyWithValue("an-annotation", "bar")) Expect(secret.Annotations).To(HaveKeyWithValue("another-annotation", "def")) @@ -294,7 +295,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { By("add those Annotations and Labels to the SecretTemplate of the Certificate") Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } @@ -302,13 +303,13 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Annotations: map[string]string{"an-annotation": "bar", "another-annotation": "def"}, Labels: map[string]string{"abc": "123", "foo": "bar"}, } - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) By("waiting for those Annotation and Labels on the Secret to contain managed fields from cert-manager") Eventually(func() bool { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) var managedLabels, managedAnnotations []string @@ -382,7 +383,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { metav1.ApplyOptions{FieldManager: "e2e-test-client"}) Consistently(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("an-annotation", "bar")) @@ -397,14 +398,14 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Labels: map[string]string{"foo": "bar"}, }) - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) secret.Data["random-key"] = []byte("hello-world") - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.Background(), secret, metav1.UpdateOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, secret, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) Consistently(func() map[string][]byte { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Data }, "20s", "1s").Should(HaveKeyWithValue("random-key", []byte("hello-world"))) @@ -417,24 +418,24 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { }) Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } crt.Spec.SecretTemplate.Annotations["abc"] = "456" crt.Spec.SecretTemplate.Labels["foo"] = "foo" - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("abc", "456")) Eventually(func() map[string]string { - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Labels }, "20s", "1s").Should(HaveKeyWithValue("foo", "foo")) @@ -451,7 +452,7 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { err error ) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").Should(HaveKeyWithValue("abc", "123")) @@ -460,17 +461,17 @@ var _ = framework.CertManagerDescribe("Certificate SecretTemplate", func() { Expect(secret.Labels).To(HaveKeyWithValue("label", "hello-world")) Expect(retry.RetryOnConflict(retry.DefaultRetry, func() error { - crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(context.Background(), crtName, metav1.GetOptions{}) + crt, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Get(ctx, crtName, metav1.GetOptions{}) if err != nil { return err } crt.Spec.SecretTemplate = nil - _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(context.Background(), crt, metav1.UpdateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Update(ctx, crt, metav1.UpdateOptions{}) return err })).NotTo(HaveOccurred()) Eventually(func() map[string]string { - secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secretName, metav1.GetOptions{}) + secret, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, secretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) return secret.Annotations }, "20s", "1s").ShouldNot(HaveKey("abc")) diff --git a/test/e2e/suite/conformance/certificates/acme/acme.go b/test/e2e/suite/conformance/certificates/acme/acme.go index 927c4d9fa6d..a1d952370cc 100644 --- a/test/e2e/suite/conformance/certificates/acme/acme.go +++ b/test/e2e/suite/conformance/certificates/acme/acme.go @@ -172,14 +172,14 @@ type acmeIssuerProvisioner struct { secretNamespace string } -func (a *acmeIssuerProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) { +func (a *acmeIssuerProvisioner) delete(ctx context.Context, f *framework.Framework, ref cmmeta.ObjectReference) { if a.eab != nil { - err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(context.TODO(), a.eab.Key.Name, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(ctx, a.eab.Key.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } if ref.Kind == "ClusterIssuer" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } @@ -190,8 +190,8 @@ func (a *acmeIssuerProvisioner) delete(f *framework.Framework, ref cmmeta.Object // - pebble // - a properly configured Issuer resource -func (a *acmeIssuerProvisioner) createHTTP01IngressIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, "") +func (a *acmeIssuerProvisioner) createHTTP01IngressIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, "") By("Creating an ACME HTTP01 Ingress Issuer") issuer := &cmapi.Issuer{ @@ -201,12 +201,12 @@ func (a *acmeIssuerProvisioner) createHTTP01IngressIssuer(f *framework.Framework Spec: a.createHTTP01IngressIssuerSpec(f.Config.Addons.ACMEServer.URL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Ingress Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -216,8 +216,8 @@ func (a *acmeIssuerProvisioner) createHTTP01IngressIssuer(f *framework.Framework } } -func (a *acmeIssuerProvisioner) createHTTP01IngressClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acmeIssuerProvisioner) createHTTP01IngressClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating an ACME HTTP01 Ingress ClusterIssuer") issuer := &cmapi.ClusterIssuer{ @@ -227,12 +227,12 @@ func (a *acmeIssuerProvisioner) createHTTP01IngressClusterIssuer(f *framework.Fr Spec: a.createHTTP01IngressIssuerSpec(f.Config.Addons.ACMEServer.URL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 cluster issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Ingress Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -242,8 +242,8 @@ func (a *acmeIssuerProvisioner) createHTTP01IngressClusterIssuer(f *framework.Fr } } -func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, "") +func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, "") labelFlag := strings.Split(f.Config.Addons.Gateway.Labels, ",") labels := make(map[string]string) @@ -263,12 +263,12 @@ func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuer(f *framework.Framework Spec: a.createHTTP01GatewayIssuerSpec(f.Config.Addons.ACMEServer.URL, labels), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Gateway Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -278,7 +278,7 @@ func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuer(f *framework.Framework } } -func (a *acmeIssuerProvisioner) createPublicACMEServerStagingHTTP01Issuer(f *framework.Framework) cmmeta.ObjectReference { +func (a *acmeIssuerProvisioner) createPublicACMEServerStagingHTTP01Issuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Public ACME Server Staging HTTP01 Issuer") var PublicACMEServerStagingURL string @@ -295,12 +295,12 @@ func (a *acmeIssuerProvisioner) createPublicACMEServerStagingHTTP01Issuer(f *fra Spec: a.createHTTP01IngressIssuerSpec(PublicACMEServerStagingURL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create Public ACME Server Staging HTTP01 issuer") // wait for issuer to be ready By("Waiting for Public ACME Server Staging HTTP01 Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -310,8 +310,8 @@ func (a *acmeIssuerProvisioner) createPublicACMEServerStagingHTTP01Issuer(f *fra } } -func (a *acmeIssuerProvisioner) createHTTP01GatewayClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acmeIssuerProvisioner) createHTTP01GatewayClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) labelFlag := strings.Split(f.Config.Addons.Gateway.Labels, ",") labels := make(map[string]string) @@ -332,11 +332,11 @@ func (a *acmeIssuerProvisioner) createHTTP01GatewayClusterIssuer(f *framework.Fr Spec: a.createHTTP01GatewayIssuerSpec(f.Config.Addons.ACMEServer.URL, labels), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 cluster issuer") By("Waiting for acme HTTP01 Gateway Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -406,8 +406,8 @@ func (a *acmeIssuerProvisioner) createHTTP01GatewayIssuerSpec(serverURL string, } } -func (a *acmeIssuerProvisioner) createDNS01Issuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, f.Namespace.Name) +func (a *acmeIssuerProvisioner) createDNS01Issuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, f.Namespace.Name) By("Creating an ACME DNS01 Issuer") issuer := &cmapi.Issuer{ @@ -416,12 +416,12 @@ func (a *acmeIssuerProvisioner) createDNS01Issuer(f *framework.Framework) cmmeta }, Spec: a.createDNS01IssuerSpec(f.Config.Addons.ACMEServer.URL, f.Config.Addons.ACMEServer.DNSServer), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme DNS01 Issuer") // wait for issuer to be ready By("Waiting for acme DNS01 Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -431,8 +431,8 @@ func (a *acmeIssuerProvisioner) createDNS01Issuer(f *framework.Framework) cmmeta } } -func (a *acmeIssuerProvisioner) createDNS01ClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acmeIssuerProvisioner) createDNS01ClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating an ACME DNS01 ClusterIssuer") issuer := &cmapi.ClusterIssuer{ @@ -441,12 +441,12 @@ func (a *acmeIssuerProvisioner) createDNS01ClusterIssuer(f *framework.Framework) }, Spec: a.createDNS01IssuerSpec(f.Config.Addons.ACMEServer.URL, f.Config.Addons.ACMEServer.DNSServer), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme DNS01 ClusterIssuer") // wait for issuer to be ready By("Waiting for acme DNS01 Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -482,7 +482,7 @@ func (a *acmeIssuerProvisioner) createDNS01IssuerSpec(serverURL, dnsServer strin } } -func (a *acmeIssuerProvisioner) ensureEABSecret(f *framework.Framework, ns string) { +func (a *acmeIssuerProvisioner) ensureEABSecret(ctx context.Context, f *framework.Framework, ns string) { if a.eab == nil { return } @@ -490,7 +490,7 @@ func (a *acmeIssuerProvisioner) ensureEABSecret(f *framework.Framework, ns strin if ns == "" { ns = f.Namespace.Name } - sec, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(context.TODO(), &corev1.Secret{ + sec, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "external-account-binding-", Namespace: ns, diff --git a/test/e2e/suite/conformance/certificates/ca/ca.go b/test/e2e/suite/conformance/certificates/ca/ca.go index 6bcd411d13f..b812c90051f 100644 --- a/test/e2e/suite/conformance/certificates/ca/ca.go +++ b/test/e2e/suite/conformance/certificates/ca/ca.go @@ -51,15 +51,15 @@ type ca struct { secretName string } -func (c *ca) createCAIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (c *ca) createCAIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a CA Issuer") - rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) + rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create root signing keypair secret") c.secretName = rootCertSecret.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "ca-issuer-", }, @@ -70,7 +70,7 @@ func (c *ca) createCAIssuer(f *framework.Framework) cmmeta.ObjectReference { // wait for issuer to be ready By("Waiting for CA Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -80,15 +80,15 @@ func (c *ca) createCAIssuer(f *framework.Framework) cmmeta.ObjectReference { } } -func (c *ca) createCAClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (c *ca) createCAClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a CA ClusterIssuer") - rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) + rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create root signing keypair secret") c.secretName = rootCertSecret.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "ca-cluster-issuer-", }, @@ -99,7 +99,7 @@ func (c *ca) createCAClusterIssuer(f *framework.Framework) cmmeta.ObjectReferenc // wait for issuer to be ready By("Waiting for CA Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -109,13 +109,13 @@ func (c *ca) createCAClusterIssuer(f *framework.Framework) cmmeta.ObjectReferenc } } -func (c *ca) deleteCAClusterIssuer(f *framework.Framework, issuer cmmeta.ObjectReference) { +func (c *ca) deleteCAClusterIssuer(ctx context.Context, f *framework.Framework, issuer cmmeta.ObjectReference) { By("Deleting CA ClusterIssuer") - err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(context.TODO(), c.secretName, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(ctx, c.secretName, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to delete root signing keypair secret") - err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), issuer.Name, metav1.DeleteOptions{}) + err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, issuer.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to delete ca issuer") } diff --git a/test/e2e/suite/conformance/certificates/external/external.go b/test/e2e/suite/conformance/certificates/external/external.go index 72e2c27fc02..97b1aa1588e 100644 --- a/test/e2e/suite/conformance/certificates/external/external.go +++ b/test/e2e/suite/conformance/certificates/external/external.go @@ -116,9 +116,7 @@ func (o *issuerBuilder) secretAndIssuerForTest(f *framework.Framework) (*corev1. return secret, issuer, err } -func (o *issuerBuilder) create(f *framework.Framework) cmmeta.ObjectReference { - ctx := context.TODO() - +func (o *issuerBuilder) create(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating an Issuer") secret, issuer, err := o.secretAndIssuerForTest(f) Expect(err).NotTo(HaveOccurred(), "failed to initialise test objects") @@ -139,10 +137,8 @@ func (o *issuerBuilder) create(f *framework.Framework) cmmeta.ObjectReference { } } -func (o *issuerBuilder) delete(f *framework.Framework, _ cmmeta.ObjectReference) { +func (o *issuerBuilder) delete(ctx context.Context, f *framework.Framework, _ cmmeta.ObjectReference) { By("Deleting the issuer") - ctx := context.TODO() - crt, err := crtclient.New(f.KubeClientConfig, crtclient.Options{}) Expect(err).NotTo(HaveOccurred(), "failed to create controller-runtime client") diff --git a/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go b/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go index e09bfbe80ed..19a7d26f0c6 100644 --- a/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go +++ b/test/e2e/suite/conformance/certificates/selfsigned/selfsigned.go @@ -44,10 +44,10 @@ var _ = framework.ConformanceDescribe("Certificates", func() { }).Define() }) -func createSelfSignedIssuer(f *framework.Framework) cmmeta.ObjectReference { +func createSelfSignedIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a SelfSigned Issuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-issuer-", }, @@ -57,7 +57,7 @@ func createSelfSignedIssuer(f *framework.Framework) cmmeta.ObjectReference { // wait for issuer to be ready By("Waiting for Self Signed Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -67,15 +67,15 @@ func createSelfSignedIssuer(f *framework.Framework) cmmeta.ObjectReference { } } -func deleteSelfSignedClusterIssuer(f *framework.Framework, issuer cmmeta.ObjectReference) { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), issuer.Name, metav1.DeleteOptions{}) +func deleteSelfSignedClusterIssuer(ctx context.Context, f *framework.Framework, issuer cmmeta.ObjectReference) { + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, issuer.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } -func createSelfSignedClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func createSelfSignedClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a SelfSigned ClusterIssuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-cluster-issuer-", }, @@ -85,7 +85,7 @@ func createSelfSignedClusterIssuer(f *framework.Framework) cmmeta.ObjectReferenc // wait for issuer to be ready By("Waiting for Self Signed Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ diff --git a/test/e2e/suite/conformance/certificates/suite.go b/test/e2e/suite/conformance/certificates/suite.go index 75f94e54ee8..595814fc306 100644 --- a/test/e2e/suite/conformance/certificates/suite.go +++ b/test/e2e/suite/conformance/certificates/suite.go @@ -17,6 +17,8 @@ limitations under the License. package certificates import ( + "context" + "github.com/cert-manager/cert-manager/e2e-tests/framework" "github.com/cert-manager/cert-manager/e2e-tests/framework/helper/featureset" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" @@ -35,14 +37,14 @@ type Suite struct { // returns an ObjectReference to that Issuer that will be used as the // IssuerRef on Certificate resources that this suite creates. // This field must be provided. - CreateIssuerFunc func(*framework.Framework) cmmeta.ObjectReference + CreateIssuerFunc func(context.Context, *framework.Framework) cmmeta.ObjectReference // DeleteIssuerFunc is a function that is run after the test has completed // in order to clean up resources created for a test (e.g. the resources // created in CreateIssuerFunc). // This function will be run regardless whether the test passes or fails. // If not specified, this function will be skipped. - DeleteIssuerFunc func(*framework.Framework, cmmeta.ObjectReference) + DeleteIssuerFunc func(context.Context, *framework.Framework, cmmeta.ObjectReference) // DomainSuffix is a suffix used on all domain requests. // This is useful when the issuer being tested requires special @@ -99,13 +101,13 @@ func (s *Suite) it(f *framework.Framework, name string, fn func(cmmeta.ObjectRef if s.UnsupportedFeatures.HasAny(requiredFeatures...) { return } - It(name, func() { + It(name, func(ctx context.Context) { By("Creating an issuer resource") - issuerRef := s.CreateIssuerFunc(f) + issuerRef := s.CreateIssuerFunc(ctx, f) defer func() { if s.DeleteIssuerFunc != nil { By("Cleaning up the issuer resource") - s.DeleteIssuerFunc(f, issuerRef) + s.DeleteIssuerFunc(ctx, f, issuerRef) } }() fn(issuerRef) diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index e4c2290ba47..a0697592d9e 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -104,7 +104,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -130,7 +130,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -158,7 +158,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -186,7 +186,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -215,7 +215,7 @@ func (s *Suite) Define() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -256,7 +256,7 @@ func (s *Suite) Define() { By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) valFunc := func(certificate *cmapi.Certificate, secret *corev1.Secret) error { @@ -329,7 +329,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*5) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*5) Expect(err).NotTo(HaveOccurred()) valFunc := func(certificate *cmapi.Certificate, secret *corev1.Secret) error { @@ -393,7 +393,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -425,7 +425,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -450,7 +450,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -476,7 +476,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -506,7 +506,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -531,7 +531,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -561,7 +561,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -590,7 +590,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -617,7 +617,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -645,7 +645,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -657,7 +657,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq // duration. // We set a 30 second buffer time here since Vault issues certificates // with an extra 30 seconds on its duration. - f.CertificateDurationValid(testCertificate, time.Hour*896, 30*time.Second) + f.CertificateDurationValid(ctx, testCertificate, time.Hour*896, 30*time.Second) }, featureset.DurationFeature, featureset.OnlySAN) s.it(f, "should issue a certificate that defines a wildcard DNS Name", func(issuerRef cmmeta.ObjectReference) { @@ -677,7 +677,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -704,7 +704,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -735,7 +735,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -769,7 +769,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -778,7 +778,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq By("Deleting existing certificate data in Secret") sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name). - Get(context.TODO(), testCertificate.Spec.SecretName, metav1.GetOptions{}) + Get(ctx, testCertificate.Spec.SecretName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to get secret containing signed certificate key pair data") sec = sec.DeepCopy() @@ -788,11 +788,11 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq sec.Data[corev1.TLSCertKey] = []byte{} - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.TODO(), sec, metav1.UpdateOptions{}) + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, sec, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to update secret by deleting the signed certificate data") By("Waiting for the Certificate to re-issue a certificate") - sec, err = f.Helper().WaitForSecretCertificateData(f.Namespace.Name, sec.Name, time.Minute*8) + sec, err = f.Helper().WaitForSecretCertificateData(ctx, f.Namespace.Name, sec.Name, time.Minute*8) Expect(err).NotTo(HaveOccurred(), "failed to wait for secret to have a valid 2nd certificate") crtPEM2 := sec.Data[corev1.TLSCertKey] @@ -823,7 +823,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq secretName := "testcert-ingress-tls" By("Creating an Ingress with the issuer name annotation set") - ingress, err := ingClient.Create(context.TODO(), e2eutil.NewIngress(name, secretName, map[string]string{ + ingress, err := ingClient.Create(ctx, e2eutil.NewIngress(name, secretName, map[string]string{ "cert-manager.io/issuer": issuerRef.Name, "cert-manager.io/issuer-kind": issuerRef.Kind, "cert-manager.io/issuer-group": issuerRef.Group, @@ -836,7 +836,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq secretName := "testcert-ingress-tls" By("Creating an Ingress with the issuer name annotation set") - ingress, err := ingClient.Create(context.TODO(), e2eutil.NewV1Beta1Ingress(name, secretName, map[string]string{ + ingress, err := ingClient.Create(ctx, e2eutil.NewV1Beta1Ingress(name, secretName, map[string]string{ "cert-manager.io/issuer": issuerRef.Name, "cert-manager.io/issuer-kind": issuerRef.Kind, "cert-manager.io/issuer-group": issuerRef.Group, @@ -848,11 +848,11 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq } By("Waiting for the Certificate to exist...") - cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + cert, err := f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certName, time.Minute) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*8) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -884,7 +884,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq secretName := "testcert-ingress-tls" By("Creating an Ingress with annotations for issuerRef and other Certificate fields") - ingress, err := ingClient.Create(context.TODO(), e2eutil.NewIngress(name, secretName, map[string]string{ + ingress, err := ingClient.Create(ctx, e2eutil.NewIngress(name, secretName, map[string]string{ "cert-manager.io/issuer": issuerRef.Name, "cert-manager.io/issuer-kind": issuerRef.Kind, "cert-manager.io/issuer-group": issuerRef.Group, @@ -907,7 +907,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq secretName := "testcert-ingress-tls" By("Creating an Ingress with annotations for issuerRef and other Certificate fields") - ingress, err := ingClient.Create(context.TODO(), e2eutil.NewV1Beta1Ingress(name, secretName, map[string]string{ + ingress, err := ingClient.Create(ctx, e2eutil.NewV1Beta1Ingress(name, secretName, map[string]string{ "cert-manager.io/issuer": issuerRef.Name, "cert-manager.io/issuer-kind": issuerRef.Kind, "cert-manager.io/issuer-group": issuerRef.Group, @@ -928,11 +928,11 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq } By("Waiting for the Certificate to exist...") - cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + cert, err := f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certName, time.Minute) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*8) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*8) Expect(err).NotTo(HaveOccurred()) // Verify that the ingres-shim has translated all the supplied @@ -981,7 +981,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq "cert-manager.io/renew-before": renewBefore.String(), }, domain) - gw, err := f.GWClientSet.GatewayV1().Gateways(f.Namespace.Name).Create(context.TODO(), gw, metav1.CreateOptions{}) + gw, err := f.GWClientSet.GatewayV1().Gateways(f.Namespace.Name).Create(ctx, gw, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) // XXX(Mael): the CertificateRef seems to contain the Gateway name @@ -990,11 +990,11 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq certName := string(gw.Spec.Listeners[0].TLS.CertificateRefs[0].Name) By("Waiting for the Certificate to exist...") - cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certName, time.Minute) + cert, err := f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certName, time.Minute) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*8) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*8) Expect(err).NotTo(HaveOccurred()) // Verify that the gateway-shim has translated all the supplied @@ -1028,7 +1028,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") @@ -1055,7 +1055,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be ready") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") @@ -1081,7 +1081,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate Ready condition to be updated") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*8) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*8) Expect(err).NotTo(HaveOccurred()) By("Sanity-check the issued Certificate") @@ -1108,7 +1108,7 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq // use a longer timeout for this, as it requires performing 2 dns validations in serial By("Waiting for the Certificate to be issued...") - testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(testCertificate, time.Minute*10) + testCertificate, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, testCertificate, time.Minute*10) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/conformance/certificates/vault/vault_approle.go b/test/e2e/suite/conformance/certificates/vault/vault_approle.go index a37525d1d07..dffae75ea53 100644 --- a/test/e2e/suite/conformance/certificates/vault/vault_approle.go +++ b/test/e2e/suite/conformance/certificates/vault/vault_approle.go @@ -75,31 +75,31 @@ type vaultSecrets struct { secretNamespace string } -func (v *vaultAppRoleProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) { - Expect(v.setup.Clean()).NotTo(HaveOccurred(), "failed to deprovision vault initializer") +func (v *vaultAppRoleProvisioner) delete(ctx context.Context, f *framework.Framework, ref cmmeta.ObjectReference) { + Expect(v.setup.Clean(ctx)).NotTo(HaveOccurred(), "failed to deprovision vault initializer") - err := f.KubeClientSet.CoreV1().Secrets(v.secretNamespace).Delete(context.TODO(), v.secretName, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(v.secretNamespace).Delete(ctx, v.secretName, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) if ref.Kind == "ClusterIssuer" { - err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *vaultAppRoleProvisioner) createIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole Issuer") - v.vaultSecrets = v.initVault() + v.vaultSecrets = v.initVault(ctx) - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") v.secretName = sec.Name v.secretNamespace = sec.Namespace - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, @@ -109,7 +109,7 @@ func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.Ob // wait for issuer to be ready By("Waiting for Vault Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -119,19 +119,19 @@ func (v *vaultAppRoleProvisioner) createIssuer(f *framework.Framework) cmmeta.Ob } } -func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *vaultAppRoleProvisioner) createClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole ClusterIssuer") - v.vaultSecrets = v.initVault() + v.vaultSecrets = v.initVault(ctx) - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, v.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") v.secretName = sec.Name v.secretNamespace = sec.Namespace - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-cluster-issuer-", }, @@ -141,7 +141,7 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm // wait for issuer to be ready By("Waiting for Vault Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -151,17 +151,17 @@ func (v *vaultAppRoleProvisioner) createClusterIssuer(f *framework.Framework) cm } } -func (v *vaultAppRoleProvisioner) initVault() *vaultSecrets { +func (v *vaultAppRoleProvisioner) initVault(ctx context.Context) *vaultSecrets { By("Configuring the VaultAppRole server") v.setup = vault.NewVaultInitializerAppRole( addon.Base.Details().KubeClient, *addon.Vault.Details(), false, ) - Expect(v.setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(v.setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(v.setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(v.setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") - roleID, secretID, err := v.setup.CreateAppRole() + roleID, secretID, err := v.setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred(), "vault to create app role from vault") return &vaultSecrets{ diff --git a/test/e2e/suite/conformance/certificates/venafi/venafi.go b/test/e2e/suite/conformance/certificates/venafi/venafi.go index 51550adaa23..8b0bb2c0dc0 100644 --- a/test/e2e/suite/conformance/certificates/venafi/venafi.go +++ b/test/e2e/suite/conformance/certificates/venafi/venafi.go @@ -77,16 +77,16 @@ type venafiProvisioner struct { tpp *vaddon.VenafiTPP } -func (v *venafiProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) { - Expect(v.tpp.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision tpp venafi") +func (v *venafiProvisioner) delete(ctx context.Context, f *framework.Framework, ref cmmeta.ObjectReference) { + Expect(v.tpp.Deprovision(ctx)).NotTo(HaveOccurred(), "failed to deprovision tpp venafi") if ref.Kind == "ClusterIssuer" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *venafiProvisioner) createIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Venafi Issuer") v.tpp = &vaddon.VenafiTPP{ @@ -99,15 +99,15 @@ func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectRe } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(v.tpp.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(v.tpp.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := v.tpp.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -117,7 +117,7 @@ func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectRe } } -func (v *venafiProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *venafiProvisioner) createClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Venafi ClusterIssuer") v.tpp = &vaddon.VenafiTPP{ @@ -130,15 +130,15 @@ func (v *venafiProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.O } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(v.tpp.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(v.tpp.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := v.tpp.Details().BuildClusterIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ diff --git a/test/e2e/suite/conformance/certificates/venaficloud/cloud.go b/test/e2e/suite/conformance/certificates/venaficloud/cloud.go index d5899fa6a13..0e03528f5ae 100644 --- a/test/e2e/suite/conformance/certificates/venaficloud/cloud.go +++ b/test/e2e/suite/conformance/certificates/venaficloud/cloud.go @@ -77,16 +77,16 @@ type venafiProvisioner struct { cloud *vaddon.VenafiCloud } -func (v *venafiProvisioner) delete(f *framework.Framework, ref cmmeta.ObjectReference) { - Expect(v.cloud.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision cloud venafi") +func (v *venafiProvisioner) delete(ctx context.Context, f *framework.Framework, ref cmmeta.ObjectReference) { + Expect(v.cloud.Deprovision(ctx)).NotTo(HaveOccurred(), "failed to deprovision cloud venafi") if ref.Kind == "ClusterIssuer" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *venafiProvisioner) createIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Venafi Cloud Issuer") v.cloud = &vaddon.VenafiCloud{ @@ -99,15 +99,15 @@ func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectRe } Expect(err).NotTo(HaveOccurred(), "failed to provision venafi cloud issuer") - Expect(v.cloud.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(v.cloud.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := v.cloud.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cloud Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ @@ -117,7 +117,7 @@ func (v *venafiProvisioner) createIssuer(f *framework.Framework) cmmeta.ObjectRe } } -func (v *venafiProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.ObjectReference { +func (v *venafiProvisioner) createClusterIssuer(ctx context.Context, f *framework.Framework) cmmeta.ObjectReference { By("Creating a Venafi ClusterIssuer") v.cloud = &vaddon.VenafiCloud{ @@ -130,15 +130,15 @@ func (v *venafiProvisioner) createClusterIssuer(f *framework.Framework) cmmeta.O } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(v.cloud.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(v.cloud.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := v.cloud.Details().BuildClusterIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cloud Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return cmmeta.ObjectReference{ diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go index eaf09e8c67c..e9a7e0e79f3 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/acme.go @@ -112,21 +112,21 @@ type acme struct { secretNamespace string } -func (a *acme) delete(f *framework.Framework, signerName string) { +func (a *acme) delete(ctx context.Context, f *framework.Framework, signerName string) { if a.eab != nil { - err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(context.TODO(), a.eab.Key.Name, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(ctx, a.eab.Key.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } ref, _ := util.SignerIssuerRefFromSignerName(signerName) if ref.Type == "clusterissuers" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (a *acme) ensureEABSecret(f *framework.Framework, ns string) { +func (a *acme) ensureEABSecret(ctx context.Context, f *framework.Framework, ns string) { if a.eab == nil { return } @@ -134,7 +134,7 @@ func (a *acme) ensureEABSecret(f *framework.Framework, ns string) { if ns == "" { ns = f.Namespace.Name } - sec, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(context.TODO(), &corev1.Secret{ + sec, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "external-account-binding-", Namespace: ns, diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go index 9eb65f94035..2412ec9ee5c 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/dns01.go @@ -32,8 +32,8 @@ import ( . "github.com/onsi/gomega" ) -func (a *acme) createDNS01Issuer(f *framework.Framework) string { - a.ensureEABSecret(f, f.Namespace.Name) +func (a *acme) createDNS01Issuer(ctx context.Context, f *framework.Framework) string { + a.ensureEABSecret(ctx, f, f.Namespace.Name) By("Creating an ACME DNS01 Issuer") issuer := &cmapi.Issuer{ @@ -42,19 +42,19 @@ func (a *acme) createDNS01Issuer(f *framework.Framework) string { }, Spec: a.createDNS01IssuerSpec(f.Config.Addons.ACMEServer.URL, f.Config.Addons.ACMEServer.DNSServer), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme DNS01 Issuer") // wait for issuer to be ready By("Waiting for acme DNS01 Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) } -func (a *acme) createDNS01ClusterIssuer(f *framework.Framework) string { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acme) createDNS01ClusterIssuer(ctx context.Context, f *framework.Framework) string { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating an ACME DNS01 ClusterIssuer") issuer := &cmapi.ClusterIssuer{ @@ -63,12 +63,12 @@ func (a *acme) createDNS01ClusterIssuer(f *framework.Framework) string { }, Spec: a.createDNS01IssuerSpec(f.Config.Addons.ACMEServer.URL, f.Config.Addons.ACMEServer.DNSServer), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme DNS01 ClusterIssuer") // wait for issuer to be ready By("Waiting for acme DNS01 Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) diff --git a/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go b/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go index 1a2ac7e6314..695b58c1fcc 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/acme/http01.go @@ -32,8 +32,8 @@ import ( . "github.com/onsi/gomega" ) -func (a *acme) createHTTP01Issuer(f *framework.Framework) string { - a.ensureEABSecret(f, "") +func (a *acme) createHTTP01Issuer(ctx context.Context, f *framework.Framework) string { + a.ensureEABSecret(ctx, f, "") By("Creating an ACME HTTP01 Issuer") issuer := &cmapi.Issuer{ @@ -43,19 +43,19 @@ func (a *acme) createHTTP01Issuer(f *framework.Framework) string { Spec: a.createHTTP01IssuerSpec(f.Config.Addons.ACMEServer.URL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) } -func (a *acme) createHTTP01ClusterIssuer(f *framework.Framework) string { - a.ensureEABSecret(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (a *acme) createHTTP01ClusterIssuer(ctx context.Context, f *framework.Framework) string { + a.ensureEABSecret(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating an ACME HTTP01 ClusterIssuer") issuer := &cmapi.ClusterIssuer{ @@ -65,12 +65,12 @@ func (a *acme) createHTTP01ClusterIssuer(f *framework.Framework) string { Spec: a.createHTTP01IssuerSpec(f.Config.Addons.ACMEServer.URL), } - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create acme HTTP01 cluster issuer") // wait for issuer to be ready By("Waiting for acme HTTP01 Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) diff --git a/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go b/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go index 3586f6f7d71..01ef22f7660 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/ca/ca.go @@ -56,15 +56,15 @@ type ca struct { secretName string } -func (c *ca) createIssuer(f *framework.Framework) string { +func (c *ca) createIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a CA Issuer") - rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) + rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create root signing keypair secret") c.secretName = rootCertSecret.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "ca-issuer-", }, @@ -80,21 +80,21 @@ func (c *ca) createIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for CA Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", f.Namespace.Name, issuer.Name) } -func (c *ca) createClusterIssuer(f *framework.Framework) string { +func (c *ca) createClusterIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a CA ClusterIssuer") - rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) + rootCertSecret, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, newSigningKeypairSecret("root-ca-cert-"), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create root signing keypair secret") c.secretName = rootCertSecret.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "ca-cluster-issuer-", }, @@ -110,20 +110,20 @@ func (c *ca) createClusterIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for CA Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func (c *ca) deleteClusterIssuer(f *framework.Framework, signerName string) { +func (c *ca) deleteClusterIssuer(ctx context.Context, f *framework.Framework, signerName string) { By("Deleting CA ClusterIssuer") ref, _ := util.SignerIssuerRefFromSignerName(signerName) - err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(context.TODO(), c.secretName, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(ctx, c.secretName, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to delete root signing keypair secret") - err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to delete ca issuer") } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go b/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go index d556093441b..991176dde8d 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/selfsigned/selfsigned.go @@ -54,7 +54,7 @@ var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { }).Define() }) -func provision(f *framework.Framework, csr *certificatesv1.CertificateSigningRequest, key crypto.Signer) { +func provision(ctx context.Context, f *framework.Framework, csr *certificatesv1.CertificateSigningRequest, key crypto.Signer) { By("Creating SelfSigned requester key Secret") ref, _ := util.SignerIssuerRefFromSignerName(csr.Spec.SignerName) ns := "cert-manager" @@ -65,7 +65,7 @@ func provision(f *framework.Framework, csr *certificatesv1.CertificateSigningReq keyPEM, err := pki.EncodePKCS8PrivateKey(key) Expect(err).NotTo(HaveOccurred(), "failed to encode requester's private key") - secret, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(context.TODO(), &corev1.Secret{ + secret, err := f.KubeClientSet.CoreV1().Secrets(ns).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-requester-key-", Namespace: ns, @@ -81,7 +81,7 @@ func provision(f *framework.Framework, csr *certificatesv1.CertificateSigningReq } csr.Annotations[experimentalapi.CertificateSigningRequestPrivateKeyAnnotationKey] = secret.Name } -func deProvision(f *framework.Framework, csr *certificatesv1.CertificateSigningRequest) { +func deProvision(ctx context.Context, f *framework.Framework, csr *certificatesv1.CertificateSigningRequest) { By("Deleting SelfSigned requester key Secret") ref, _ := util.SignerIssuerRefFromSignerName(csr.Spec.SignerName) ns := f.Config.Addons.CertManager.ClusterResourceNamespace @@ -89,14 +89,14 @@ func deProvision(f *framework.Framework, csr *certificatesv1.CertificateSigningR ns = ref.Namespace } - err := f.KubeClientSet.CoreV1().Secrets(ns).Delete(context.TODO(), csr.Annotations[experimentalapi.CertificateSigningRequestPrivateKeyAnnotationKey], metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(ns).Delete(ctx, csr.Annotations[experimentalapi.CertificateSigningRequestPrivateKeyAnnotationKey], metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create requester's private key Secret") } -func createSelfSignedIssuer(f *framework.Framework) string { +func createSelfSignedIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a SelfSigned Issuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-issuer-", }, @@ -110,16 +110,16 @@ func createSelfSignedIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for Self Signed Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", f.Namespace.Name, issuer.Name) } -func createSelfSignedClusterIssuer(f *framework.Framework) string { +func createSelfSignedClusterIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a SelfSigned ClusterIssuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "selfsigned-cluster-issuer-", }, @@ -133,14 +133,14 @@ func createSelfSignedClusterIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for Self Signed Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func deleteSelfSignedClusterIssuer(f *framework.Framework, signerName string) { +func deleteSelfSignedClusterIssuer(ctx context.Context, f *framework.Framework, signerName string) { ref, _ := util.SignerIssuerRefFromSignerName(signerName) - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/suite.go b/test/e2e/suite/conformance/certificatesigningrequests/suite.go index 9d114e137f6..6dec02dfaf2 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/suite.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/suite.go @@ -17,6 +17,7 @@ limitations under the License. package certificatesigningrequests import ( + "context" "crypto" certificatesv1 "k8s.io/api/certificates/v1" @@ -40,14 +41,14 @@ type Suite struct { // returns an SignerName to that Issuer that will be used as the SignerName // on CertificateSigningRequest resources that this suite creates. // This field must be provided. - CreateIssuerFunc func(*framework.Framework) string + CreateIssuerFunc func(context.Context, *framework.Framework) string // DeleteIssuerFunc is a function that is run after the test has completed // in order to clean up resources created for a test (e.g. the resources // created in CreateIssuerFunc). // This function will be run regardless whether the test passes or fails. // If not specified, this function will be skipped. - DeleteIssuerFunc func(*framework.Framework, string) + DeleteIssuerFunc func(context.Context, *framework.Framework, string) // ProvisionFunc is a function that is run every test just before the // CertificateSigningRequest is created within a test. This is used to @@ -56,12 +57,12 @@ type Suite struct { // CertificateSigningRequest, or create a resource like a Secret needed for // signing. // If not specified, this function will be skipped. - ProvisionFunc func(*framework.Framework, *certificatesv1.CertificateSigningRequest, crypto.Signer) + ProvisionFunc func(context.Context, *framework.Framework, *certificatesv1.CertificateSigningRequest, crypto.Signer) // DeProvisionFunc is run after every test. This is to be used to remove and // clean-up any resources which may have been created by ProvisionFunc. // If not specified, this function will be skipped. - DeProvisionFunc func(*framework.Framework, *certificatesv1.CertificateSigningRequest) + DeProvisionFunc func(context.Context, *framework.Framework, *certificatesv1.CertificateSigningRequest) // DomainSuffix is a suffix used on all domain requests. // This is useful when the issuer being tested requires special @@ -103,21 +104,21 @@ func (s *Suite) complete(f *framework.Framework) { } // it is called by the tests to in Define() to setup and run the test -func (s *Suite) it(f *framework.Framework, name string, fn func(string), requiredFeatures ...featureset.Feature) { +func (s *Suite) it(f *framework.Framework, name string, fn func(context.Context, string), requiredFeatures ...featureset.Feature) { if s.UnsupportedFeatures.HasAny(requiredFeatures...) { return } - It(name, func() { + It(name, func(ctx context.Context) { framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.ExperimentalCertificateSigningRequestControllers) By("Creating an issuer resource") - signerName := s.CreateIssuerFunc(f) + signerName := s.CreateIssuerFunc(ctx, f) defer func() { if s.DeleteIssuerFunc != nil { By("Cleaning up the issuer resource") - s.DeleteIssuerFunc(f, signerName) + s.DeleteIssuerFunc(ctx, f, signerName) } }() - fn(signerName) + fn(ctx, signerName) }) } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/tests.go b/test/e2e/suite/conformance/certificatesigningrequests/tests.go index f5230f1c635..d7093f25c9e 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/tests.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/tests.go @@ -50,7 +50,6 @@ import ( // they are not active, these tests will fail. func (s *Suite) Define() { Describe("CertificateSigningRequest with issuer type "+s.Name, func() { - ctx := context.Background() f := framework.NewDefaultFramework("certificatesigningrequests") sharedCommonName := "" @@ -362,7 +361,7 @@ func (s *Suite) Define() { } defineTest := func(test testCase) { - s.it(f, test.name, func(signerName string) { + s.it(f, test.name, func(ctx context.Context, signerName string) { // Generate request CSR csr, key, err := gen.CSR(test.keyAlgo, test.csrModifiers()...) Expect(err).NotTo(HaveOccurred()) @@ -384,17 +383,20 @@ func (s *Suite) Define() { // Provision any resources needed for the request, or modify the // request based on Issuer requirements if s.ProvisionFunc != nil { - s.ProvisionFunc(f, kubeCSR, key) + s.ProvisionFunc(ctx, f, kubeCSR, key) } // Ensure related resources are cleaned up at the end of the test if s.DeProvisionFunc != nil { - defer s.DeProvisionFunc(f, kubeCSR) + defer s.DeProvisionFunc(ctx, f, kubeCSR) } // Create the request, and delete at the end of the test By("Creating a CertificateSigningRequest") Expect(f.CRClient.Create(ctx, kubeCSR)).NotTo(HaveOccurred()) - defer f.CRClient.Delete(context.TODO(), kubeCSR) + defer func() { + // nolint: contextcheck // This is a cleanup context + f.CRClient.Delete(context.TODO(), kubeCSR) + }() // Approve the request for testing, so that cert-manager may sign the // request. @@ -405,13 +407,13 @@ func (s *Suite) Define() { Reason: "e2e.cert-manager.io", Message: "Request approved for e2e testing.", }) - kubeCSR, err = f.KubeClientSet.CertificatesV1().CertificateSigningRequests().UpdateApproval(context.TODO(), kubeCSR.Name, kubeCSR, metav1.UpdateOptions{}) + kubeCSR, err = f.KubeClientSet.CertificatesV1().CertificateSigningRequests().UpdateApproval(ctx, kubeCSR.Name, kubeCSR, metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) // Wait for the status.Certificate and CA annotation to be populated in // a reasonable amount of time. By("Waiting for the CertificateSigningRequest to be issued...") - kubeCSR, err = f.Helper().WaitForCertificateSigningRequestSigned(kubeCSR.Name, time.Minute*5) + kubeCSR, err = f.Helper().WaitForCertificateSigningRequestSigned(ctx, kubeCSR.Name, time.Minute*5) Expect(err).NotTo(HaveOccurred()) // Validate that the request was signed as expected. Add extra diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go index fce7e554df7..256c9c992a2 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/approle.go @@ -106,32 +106,32 @@ var _ = framework.ConformanceDescribe("CertificateSigningRequests", func() { }).Define() }) -func (a *approle) delete(f *framework.Framework, signerName string) { - Expect(a.setup.Clean()).NotTo(HaveOccurred(), "failed to deprovision vault initializer") +func (a *approle) delete(ctx context.Context, f *framework.Framework, signerName string) { + Expect(a.setup.Clean(ctx)).NotTo(HaveOccurred(), "failed to deprovision vault initializer") - err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(context.TODO(), a.secretName, metav1.DeleteOptions{}) + err := f.KubeClientSet.CoreV1().Secrets(a.secretNamespace).Delete(ctx, a.secretName, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) ref, _ := util.SignerIssuerRefFromSignerName(signerName) if kind, _ := util.IssuerKindFromType(ref.Type); kind == cmapi.ClusterIssuerKind { - err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (a *approle) createIssuer(f *framework.Framework) string { +func (a *approle) createIssuer(ctx context.Context, f *framework.Framework) string { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole Issuer") - a.secrets = a.initVault() + a.secrets = a.initVault(ctx) - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") a.secretName = sec.Name a.secretNamespace = sec.Namespace - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, @@ -141,25 +141,25 @@ func (a *approle) createIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for Vault Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", f.Namespace.Name, issuer.Name) } -func (a *approle) createClusterIssuer(f *framework.Framework) string { +func (a *approle) createClusterIssuer(ctx context.Context, f *framework.Framework) string { appRoleSecretGeneratorName := "vault-approle-secret-" By("Creating a VaultAppRole ClusterIssuer") - a.secrets = a.initVault() + a.secrets = a.initVault(ctx) - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, vault.NewVaultAppRoleSecret(appRoleSecretGeneratorName, a.secretID), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "vault to store app role secret from vault") a.secretName = sec.Name a.secretNamespace = sec.Namespace - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-cluster-issuer-", }, @@ -169,23 +169,23 @@ func (a *approle) createClusterIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for Vault Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func (a *approle) initVault() *secrets { +func (a *approle) initVault(ctx context.Context) *secrets { By("Configuring the VaultAppRole server") a.setup = vault.NewVaultInitializerAppRole( addon.Base.Details().KubeClient, *addon.Vault.Details(), a.testWithRootCA, ) - Expect(a.setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(a.setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(a.setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(a.setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") - roleID, secretID, err := a.setup.CreateAppRole() + roleID, secretID, err := a.setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred(), "vault to create app role from vault") return &secrets{ diff --git a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go index d0dab692b1f..6fd8ed86f5e 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/vault/kubernetes.go @@ -73,11 +73,11 @@ type kubernetes struct { setup *vault.VaultInitializer } -func (k *kubernetes) createIssuer(f *framework.Framework) string { - k.initVault(f, f.Namespace.Name) +func (k *kubernetes) createIssuer(ctx context.Context, f *framework.Framework) string { + k.initVault(ctx, f, f.Namespace.Name) By("Creating a VaultKubernetes Issuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), &cmapi.Issuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, &cmapi.Issuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", Namespace: f.Namespace.Name, @@ -88,17 +88,17 @@ func (k *kubernetes) createIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for VaultKubernetes Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) } -func (k *kubernetes) createClusterIssuer(f *framework.Framework) string { - k.initVault(f, f.Config.Addons.CertManager.ClusterResourceNamespace) +func (k *kubernetes) createClusterIssuer(ctx context.Context, f *framework.Framework) string { + k.initVault(ctx, f, f.Config.Addons.CertManager.ClusterResourceNamespace) By("Creating a VaultKubernetes ClusterIssuer") - issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), &cmapi.ClusterIssuer{ + issuer, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, &cmapi.ClusterIssuer{ ObjectMeta: metav1.ObjectMeta{ GenerateName: "vault-issuer-", }, @@ -108,25 +108,25 @@ func (k *kubernetes) createClusterIssuer(f *framework.Framework) string { // wait for issuer to be ready By("Waiting for VaultKubernetes Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) } -func (k *kubernetes) delete(f *framework.Framework, signerName string) { +func (k *kubernetes) delete(ctx context.Context, f *framework.Framework, signerName string) { ref, _ := csrutil.SignerIssuerRefFromSignerName(signerName) if kind, _ := csrutil.IssuerKindFromType(ref.Type); kind == cmapi.ClusterIssuerKind { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) - k.setup.CleanKubernetesRole(f.KubeClientSet, f.Config.Addons.CertManager.ClusterResourceNamespace, k.setup.Role()) + k.setup.CleanKubernetesRole(ctx, f.KubeClientSet, f.Config.Addons.CertManager.ClusterResourceNamespace, k.setup.Role()) } - Expect(k.setup.Clean()).NotTo(HaveOccurred(), "failed to deprovision vault initializer") + Expect(k.setup.Clean(ctx)).NotTo(HaveOccurred(), "failed to deprovision vault initializer") } -func (k *kubernetes) initVault(f *framework.Framework, boundNS string) { +func (k *kubernetes) initVault(ctx context.Context, f *framework.Framework, boundNS string) { By("Configuring the VaultKubernetes server") k.setup = vault.NewVaultInitializerKubernetes( @@ -135,18 +135,18 @@ func (k *kubernetes) initVault(f *framework.Framework, boundNS string) { k.testWithRootCA, "https://kubernetes.default.svc.cluster.local", ) - Expect(k.setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(k.setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(k.setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(k.setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") By("Creating a ServiceAccount for Vault authentication") // boundNS is name of the service account for which a Secret containing the service account token will be created boundSA := "vault-issuer-" + rand.String(5) - err := k.setup.CreateKubernetesRole(f.KubeClientSet, boundNS, boundSA) + err := k.setup.CreateKubernetesRole(ctx, f.KubeClientSet, boundNS, boundSA) Expect(err).NotTo(HaveOccurred()) k.saTokenSecretName = "vault-sa-secret-" + rand.String(5) - _, err = f.KubeClientSet.CoreV1().Secrets(boundNS).Create(context.TODO(), vault.NewVaultKubernetesSecret(k.saTokenSecretName, boundSA), metav1.CreateOptions{}) + _, err = f.KubeClientSet.CoreV1().Secrets(boundNS).Create(ctx, vault.NewVaultKubernetesSecret(k.saTokenSecretName, boundSA), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go b/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go index c86d0c2a920..4b00167f4fa 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/venafi/cloud.go @@ -77,17 +77,17 @@ type cloud struct { *venafi.VenafiCloud } -func (c *cloud) delete(f *framework.Framework, signerName string) { - Expect(c.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision cloud venafi") +func (c *cloud) delete(ctx context.Context, f *framework.Framework, signerName string) { + Expect(c.Deprovision(ctx)).NotTo(HaveOccurred(), "failed to deprovision cloud venafi") ref, _ := util.SignerIssuerRefFromSignerName(signerName) if ref.Type == "clusterissuers" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (c *cloud) createIssuer(f *framework.Framework) string { +func (c *cloud) createIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a Venafi Cloud Issuer") c.VenafiCloud = &venafi.VenafiCloud{ @@ -100,15 +100,15 @@ func (c *cloud) createIssuer(f *framework.Framework) string { } Expect(err).NotTo(HaveOccurred(), "failed to provision venafi cloud issuer") - Expect(c.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(c.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := c.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cloud Issuer to be Ready") - issuer, err = f.Helper().WaitIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) @@ -117,7 +117,7 @@ func (c *cloud) createIssuer(f *framework.Framework) string { // createClusterIssuer creates and returns name of a Venafi Cloud // ClusterIssuer. The name is of the form // "clusterissuers.cert-manager.io/issuer-ab3de1". -func (c *cloud) createClusterIssuer(f *framework.Framework) string { +func (c *cloud) createClusterIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a Venafi Cloud ClusterIssuer") c.VenafiCloud = &venafi.VenafiCloud{ @@ -130,15 +130,15 @@ func (c *cloud) createClusterIssuer(f *framework.Framework) string { } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(c.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(c.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := c.Details().BuildClusterIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") // wait for issuer to be ready By("Waiting for Venafi Cloud Cluster Issuer to be Ready") - issuer, err = f.Helper().WaitClusterIssuerReady(issuer, time.Minute*5) + issuer, err = f.Helper().WaitClusterIssuerReady(ctx, issuer, time.Minute*5) Expect(err).ToNot(HaveOccurred()) return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) diff --git a/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go b/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go index 87a74405a4c..f9c2ef8c1c8 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/venafi/tpp.go @@ -79,17 +79,17 @@ type tpp struct { *venafi.VenafiTPP } -func (t *tpp) delete(f *framework.Framework, signerName string) { - Expect(t.Deprovision()).NotTo(HaveOccurred(), "failed to deprovision tpp venafi") +func (t *tpp) delete(ctx context.Context, f *framework.Framework, signerName string) { + Expect(t.Deprovision(ctx)).NotTo(HaveOccurred(), "failed to deprovision tpp venafi") ref, _ := util.SignerIssuerRefFromSignerName(signerName) if ref.Type == "clusterissuers" { - err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), ref.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, ref.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } } -func (t *tpp) createIssuer(f *framework.Framework) string { +func (t *tpp) createIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a Venafi Issuer") t.VenafiTPP = &venafi.VenafiTPP{ @@ -102,16 +102,16 @@ func (t *tpp) createIssuer(f *framework.Framework) string { } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(t.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(t.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := t.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") return fmt.Sprintf("issuers.cert-manager.io/%s.%s", issuer.Namespace, issuer.Name) } -func (t *tpp) createClusterIssuer(f *framework.Framework) string { +func (t *tpp) createClusterIssuer(ctx context.Context, f *framework.Framework) string { By("Creating a Venafi ClusterIssuer") t.VenafiTPP = &venafi.VenafiTPP{ @@ -124,10 +124,10 @@ func (t *tpp) createClusterIssuer(f *framework.Framework) string { } Expect(err).NotTo(HaveOccurred(), "failed to setup tpp venafi") - Expect(t.Provision()).NotTo(HaveOccurred(), "failed to provision tpp venafi") + Expect(t.Provision(ctx)).NotTo(HaveOccurred(), "failed to provision tpp venafi") issuer := t.Details().BuildClusterIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred(), "failed to create issuer for venafi") return fmt.Sprintf("clusterissuers.cert-manager.io/%s", issuer.Name) diff --git a/test/e2e/suite/issuers/acme/certificate/http01.go b/test/e2e/suite/issuers/acme/certificate/http01.go index 800a0a21a8e..2dd440d9fc6 100644 --- a/test/e2e/suite/issuers/acme/certificate/http01.go +++ b/test/e2e/suite/issuers/acme/certificate/http01.go @@ -51,6 +51,7 @@ import ( var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { f := framework.NewDefaultFramework("create-acme-certificate-http01") + ctx := context.TODO() var acmeIngressDomain string issuerName := "test-acme-issuer" @@ -96,10 +97,10 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetIssuerACMESkipTLSVerify(true), gen.SetIssuerACMESolvers(solvers)) By("Creating an Issuer") - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), acmeIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, acmeIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -107,7 +108,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -117,7 +118,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -130,8 +131,8 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) }) It("should allow updating an existing failing certificate that had a blocked dns name", func() { @@ -146,15 +147,15 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName}), gen.SetCertificateDNSNames("google.com"), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Making sure the Order failed with a 400 since google.com is invalid") order := &cmacme.Order{} logf, done := log.LogBackoff() defer done() - err = wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, 1*time.Minute, true, func(ctx context.Context) (done bool, err error) { - orders, err := listOwnedOrders(f.CertManagerClientSet, cert) + err = wait.PollUntilContextTimeout(ctx, 1*time.Second, 1*time.Minute, true, func(ctx context.Context) (done bool, err error) { + orders, err := listOwnedOrders(ctx, f.CertManagerClientSet, cert) Expect(err).NotTo(HaveOccurred()) if len(orders) == 0 || len(orders) > 1 { @@ -174,12 +175,12 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be not ready") - cert, err = f.Helper().WaitForCertificateNotReadyAndDoneIssuing(cert, 30*time.Second) + cert, err = f.Helper().WaitForCertificateNotReadyAndDoneIssuing(ctx, cert, 30*time.Second) Expect(err).NotTo(HaveOccurred()) err = retry.RetryOnConflict(retry.DefaultRetry, func() error { By("Getting the latest version of the Certificate") - cert, err = certClient.Get(context.TODO(), certificateName, metav1.GetOptions{}) + cert, err = certClient.Get(ctx, certificateName, metav1.GetOptions{}) if err != nil { return err } @@ -187,7 +188,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { By("Replacing dnsNames with a valid dns name") cert = cert.DeepCopy() cert.Spec.DNSNames = []string{e2eutil.RandomSubdomain(acmeIngressDomain)} - _, err = certClient.Update(context.TODO(), cert, metav1.UpdateOptions{}) + _, err = certClient.Update(ctx, cert, metav1.UpdateOptions{}) if err != nil { return err } @@ -196,7 +197,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to have the Ready=True condition") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Sanity checking the issued Certificate") @@ -225,7 +226,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName}), gen.SetCertificateDNSNames("google.com"), ) - cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) notReadyCondition := v1.CertificateCondition{ @@ -242,14 +243,14 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { case util.HasIngresses(f.KubeClientSet.Discovery(), networkingv1.SchemeGroupVersion.String()): ingClient := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace.Name) By("Creating an Ingress with the issuer name annotation set") - _, err := ingClient.Create(context.TODO(), util.NewIngress(certificateSecretName, certificateSecretName, map[string]string{ + _, err := ingClient.Create(ctx, util.NewIngress(certificateSecretName, certificateSecretName, map[string]string{ "cert-manager.io/issuer": issuerName, }, acmeIngressDomain), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) case util.HasIngresses(f.KubeClientSet.Discovery(), networkingv1beta1.SchemeGroupVersion.String()): ingClient := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace.Name) By("Creating an Ingress with the issuer name annotation set") - _, err := ingClient.Create(context.TODO(), util.NewV1Beta1Ingress(certificateSecretName, certificateSecretName, map[string]string{ + _, err := ingClient.Create(ctx, util.NewV1Beta1Ingress(certificateSecretName, certificateSecretName, map[string]string{ "cert-manager.io/issuer": issuerName, }, acmeIngressDomain), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -258,11 +259,11 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { } By("Waiting for Certificate to exist") - cert, err := f.Helper().WaitForCertificateToExist(f.Namespace.Name, certificateSecretName, time.Second*60) + cert, err := f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certificateSecretName, time.Second*60) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -281,10 +282,10 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { issuer := gen.Issuer("selfsign", gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for (selfsign) Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -306,11 +307,11 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateOrganization("test-org"), gen.SetCertificateDNSNames(acmeIngressDomain), ) - selfcert, err = certClient.Create(context.TODO(), selfcert, metav1.CreateOptions{}) + selfcert, err = certClient.Create(ctx, selfcert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - selfcert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(selfcert, time.Minute*5) + selfcert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, selfcert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -323,7 +324,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { switch { case util.HasIngresses(f.KubeClientSet.Discovery(), networkingv1.SchemeGroupVersion.String()): ingress := f.KubeClientSet.NetworkingV1().Ingresses(f.Namespace.Name) - _, err = ingress.Create(context.TODO(), &networkingv1.Ingress{ + _, err = ingress.Create(ctx, &networkingv1.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: fixedIngressName, Annotations: map[string]string{ @@ -366,7 +367,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { Expect(err).NotTo(HaveOccurred()) case util.HasIngresses(f.KubeClientSet.Discovery(), networkingv1beta1.SchemeGroupVersion.String()): ingress := f.KubeClientSet.NetworkingV1beta1().Ingresses(f.Namespace.Name) - _, err = ingress.Create(context.TODO(), &networkingv1beta1.Ingress{ + _, err = ingress.Create(ctx, &networkingv1beta1.Ingress{ ObjectMeta: metav1.ObjectMeta{ Name: fixedIngressName, Annotations: map[string]string{ @@ -418,11 +419,11 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName}), gen.SetCertificateDNSNames(acmeIngressDomain), ) - cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -440,7 +441,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName}), gen.SetCertificateDNSNames(acmeIngressDomain), ) - _, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + _, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("killing the solver pod") @@ -448,7 +449,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { var pod corev1.Pod logf, done := log.LogBackoff() defer done() - err = wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { + err = wait.PollUntilContextTimeout(ctx, 1*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { logf("Waiting for solver pod to exist") podlist, err := podClient.List(ctx, metav1.ListOptions{}) if err != nil { @@ -468,11 +469,11 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { }) Expect(err).NotTo(HaveOccurred()) - err = podClient.Delete(context.TODO(), pod.Name, metav1.DeleteOptions{}) + err = podClient.Delete(ctx, pod.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Certificate to exist") - cert, err = f.Helper().WaitForCertificateToExist(f.Namespace.Name, certificateName, time.Second*60) + cert, err = f.Helper().WaitForCertificateToExist(ctx, f.Namespace.Name, certificateName, time.Second*60) Expect(err).NotTo(HaveOccurred()) // The pod should get remade and the certificate should be made valid. @@ -480,7 +481,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01)", func() { // were to ask us for the challenge after the pod was killed, but because // we kill it so early, we should always be in the self-check phase By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/issuers/acme/certificate/notafter.go b/test/e2e/suite/issuers/acme/certificate/notafter.go index 1192089e9e8..454158e1ce6 100644 --- a/test/e2e/suite/issuers/acme/certificate/notafter.go +++ b/test/e2e/suite/issuers/acme/certificate/notafter.go @@ -41,6 +41,7 @@ import ( var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", func() { f := framework.NewDefaultFramework("create-acme-certificate-duration") + ctx := context.TODO() var acmeIngressDomain string issuerName := "test-acme-issuer" @@ -88,10 +89,10 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f gen.SetIssuerACMEDuration(true), gen.SetIssuerACMESolvers(solvers)) By("Creating an Issuer") - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), acmeIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, acmeIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -99,7 +100,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -109,7 +110,7 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -122,8 +123,8 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) }) It("should obtain a signed certificate with a single CN from the ACME server with 1 hour validity", func() { @@ -139,18 +140,18 @@ var _ = framework.CertManagerDescribe("ACME Certificate (HTTP01 + Not After)", f ) cert.Namespace = f.Namespace.Name - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") err = f.Helper().ValidateCertificate(cert, validations...) Expect(err).NotTo(HaveOccurred()) - sec, err := f.Helper().WaitForSecretCertificateData(f.Namespace.Name, certificateSecretName, time.Minute*5) + sec, err := f.Helper().WaitForSecretCertificateData(ctx, f.Namespace.Name, certificateSecretName, time.Minute*5) Expect(err).NotTo(HaveOccurred(), "failed to wait for secret") crtPEM := sec.Data[corev1.TLSCertKey] diff --git a/test/e2e/suite/issuers/acme/certificate/webhook.go b/test/e2e/suite/issuers/acme/certificate/webhook.go index 9ff22ed30c6..851c6970690 100644 --- a/test/e2e/suite/issuers/acme/certificate/webhook.go +++ b/test/e2e/suite/issuers/acme/certificate/webhook.go @@ -39,6 +39,7 @@ import ( var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { f := framework.NewDefaultFramework("acme-dns01-sample-webhook") + ctx := context.TODO() Context("with the sample webhook solver deployed", func() { issuerName := "test-acme-issuer" @@ -75,10 +76,10 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { }, })) issuer.Namespace = f.Namespace.Name - issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -86,7 +87,7 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -96,7 +97,7 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -105,9 +106,9 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), certificateSecretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, f.Config.Addons.ACMEServer.TestingACMEPrivateKey, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, certificateSecretName, metav1.DeleteOptions{}) }) It("should call the dummy webhook provider and mark the challenges as presented=true", func() { @@ -122,14 +123,14 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { ) cert.Namespace = f.Namespace.Name - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) var order *cmacme.Order logf, done := log.LogBackoff() defer done() - pollErr := wait.PollUntilContextTimeout(context.TODO(), 2*time.Second, time.Minute*1, true, func(ctx context.Context) (bool, error) { - orders, err := listOwnedOrders(f.CertManagerClientSet, cert) + pollErr := wait.PollUntilContextTimeout(ctx, 2*time.Second, time.Minute*1, true, func(ctx context.Context) (bool, error) { + orders, err := listOwnedOrders(ctx, f.CertManagerClientSet, cert) Expect(err).NotTo(HaveOccurred()) logf("Found %d orders for certificate", len(orders)) @@ -146,8 +147,8 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { logf, done = log.LogBackoff() defer done() - pollErr = wait.PollUntilContextTimeout(context.TODO(), 2*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { - l, err := listOwnedChallenges(f.CertManagerClientSet, order) + pollErr = wait.PollUntilContextTimeout(ctx, 2*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { + l, err := listOwnedChallenges(ctx, f.CertManagerClientSet, order) Expect(err).NotTo(HaveOccurred()) logf("Found %d challenges", len(l)) @@ -173,8 +174,8 @@ var _ = framework.CertManagerDescribe("ACME webhook DNS provider", func() { }) }) -func listOwnedChallenges(cl versioned.Interface, owner *cmacme.Order) ([]*cmacme.Challenge, error) { - l, err := cl.AcmeV1().Challenges(owner.Namespace).List(context.TODO(), metav1.ListOptions{}) +func listOwnedChallenges(ctx context.Context, cl versioned.Interface, owner *cmacme.Order) ([]*cmacme.Challenge, error) { + l, err := cl.AcmeV1().Challenges(owner.Namespace).List(ctx, metav1.ListOptions{}) if err != nil { return nil, err } @@ -191,8 +192,8 @@ func listOwnedChallenges(cl versioned.Interface, owner *cmacme.Order) ([]*cmacme return owned, nil } -func listOwnedOrders(cl versioned.Interface, owner *v1.Certificate) ([]*cmacme.Order, error) { - l, err := cl.AcmeV1().Orders(owner.Namespace).List(context.TODO(), metav1.ListOptions{}) +func listOwnedOrders(ctx context.Context, cl versioned.Interface, owner *v1.Certificate) ([]*cmacme.Order, error) { + l, err := cl.AcmeV1().Orders(owner.Namespace).List(ctx, metav1.ListOptions{}) if err != nil { return nil, err } diff --git a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go index 509cde53379..363b7b76115 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/dns01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/dns01.go @@ -46,6 +46,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (DNS01)", func() func testRFC2136DNSProvider() bool { name := "rfc2136" return Context("With "+name+" credentials configured", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-acme-certificate-request-dns01-" + name) h := f.Helper() @@ -76,10 +77,10 @@ func testRFC2136DNSProvider() bool { }, })) issuer.Namespace = f.Namespace.Name - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -87,7 +88,7 @@ func testRFC2136DNSProvider() bool { }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -97,7 +98,7 @@ func testRFC2136DNSProvider() bool { }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), testingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, testingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -106,8 +107,8 @@ func testRFC2136DNSProvider() bool { AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), testingACMEPrivateKey, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, testingACMEPrivateKey, metav1.DeleteOptions{}) }) It("should obtain a signed certificate for a regular domain", func() { @@ -119,9 +120,9 @@ func testRFC2136DNSProvider() bool { []string{dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -132,9 +133,9 @@ func testRFC2136DNSProvider() bool { []string{"*." + dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -145,10 +146,10 @@ func testRFC2136DNSProvider() bool { []string{"*." + dnsDomain, dnsDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) // use a longer timeout for this, as it requires performing 2 dns validations in serial - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*10, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*10, key) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/acme/certificaterequest/http01.go b/test/e2e/suite/issuers/acme/certificaterequest/http01.go index eee7a17b04e..e8bc7af2839 100644 --- a/test/e2e/suite/issuers/acme/certificaterequest/http01.go +++ b/test/e2e/suite/issuers/acme/certificaterequest/http01.go @@ -41,6 +41,7 @@ import ( ) var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-acme-certificate-request-http01") h := f.Helper() @@ -82,10 +83,10 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() gen.SetIssuerACMESkipTLSVerify(true), gen.SetIssuerACMESolvers(solvers)) By("Creating an Issuer") - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), acmeIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, acmeIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -93,7 +94,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() }) Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -103,7 +104,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() }) Expect(err).NotTo(HaveOccurred()) By("Verifying ACME account private key exists") - secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.TODO(), testingACMEPrivateKey, metav1.GetOptions{}) + secret, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(ctx, testingACMEPrivateKey, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) if len(secret.Data) != 1 { Fail("Expected 1 key in ACME account private key secret, but there was %d", len(secret.Data)) @@ -116,8 +117,8 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() AfterEach(func() { By("Cleaning up") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), testingACMEPrivateKey, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, testingACMEPrivateKey, metav1.DeleteOptions{}) }) It("should obtain a signed certificate with a single CN from the ACME server", func() { @@ -128,11 +129,11 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{acmeIngressDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -144,10 +145,10 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{acmeIngressDomain}, nil, nil, x509.ECDSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid and of type ECDSA") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -165,9 +166,9 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -180,10 +181,10 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -194,7 +195,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{"google.com"}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - cr, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(context.TODO(), cr, metav1.CreateOptions{}) + cr, err = f.CertManagerClientSet.CertmanagerV1().CertificateRequests(f.Namespace.Name).Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) notReadyCondition := v1.CertificateRequestCondition{ @@ -213,7 +214,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() []string{acmeIngressDomain}, nil, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("killing the solver pod") @@ -221,7 +222,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() var pod corev1.Pod logf, done := log.LogBackoff() defer done() - err = wait.PollUntilContextTimeout(context.TODO(), 1*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { + err = wait.PollUntilContextTimeout(ctx, 1*time.Second, time.Minute*3, true, func(ctx context.Context) (bool, error) { logf("Waiting for solver pod to exist") podlist, err := podClient.List(ctx, metav1.ListOptions{}) if err != nil { @@ -240,7 +241,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() }) Expect(err).NotTo(HaveOccurred()) - err = podClient.Delete(context.TODO(), pod.Name, metav1.DeleteOptions{}) + err = podClient.Delete(ctx, pod.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) // The pod should get remade and the certificate should be made valid. @@ -248,7 +249,7 @@ var _ = framework.CertManagerDescribe("ACME CertificateRequest (HTTP01)", func() // were to ask us for the challenge after the pod was killed, but because // we kill it so early, we should always be in the self-check phase By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/acme/dnsproviders/rfc2136.go b/test/e2e/suite/issuers/acme/dnsproviders/rfc2136.go index 0c3210272ca..ff13b5de893 100644 --- a/test/e2e/suite/issuers/acme/dnsproviders/rfc2136.go +++ b/test/e2e/suite/issuers/acme/dnsproviders/rfc2136.go @@ -17,6 +17,8 @@ limitations under the License. package dnsproviders import ( + "context" + "github.com/cert-manager/cert-manager/e2e-tests/framework/addon" "github.com/cert-manager/cert-manager/e2e-tests/framework/config" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" @@ -35,7 +37,7 @@ func (b *RFC2136) Setup(c *config.Config, _ ...addon.AddonTransferableData) (add // Provision will create a copy of the DNS provider credentials in a secret in // the APIServer, and return a portion of an Issuer that can be used to // utilise these credentials in tests. -func (b *RFC2136) Provision() error { +func (b *RFC2136) Provision(_ context.Context) error { b.details.ProviderConfig = cmacme.ACMEChallengeSolverDNS01{ RFC2136: &cmacme.ACMEIssuerDNS01ProviderRFC2136{ Nameserver: b.nameserver, @@ -45,7 +47,7 @@ func (b *RFC2136) Provision() error { return nil } -func (b *RFC2136) Deprovision() error { +func (b *RFC2136) Deprovision(_ context.Context) error { return nil } diff --git a/test/e2e/suite/issuers/acme/issuer.go b/test/e2e/suite/issuers/acme/issuer.go index 99d3321445d..82a985ba032 100644 --- a/test/e2e/suite/issuers/acme/issuer.go +++ b/test/e2e/suite/issuers/acme/issuer.go @@ -40,6 +40,7 @@ import ( var _ = framework.CertManagerDescribe("ACME Issuer", func() { f := framework.NewDefaultFramework("create-acme-issuer") + ctx := context.TODO() issuerName := "test-acme-issuer" @@ -61,7 +62,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -70,7 +71,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -100,7 +101,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -110,7 +111,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { By("Verifying the ACME account URI is set") var finalURI string - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -144,7 +145,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -153,7 +154,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI has been recovered correctly") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { uri := i.GetStatus().ACMEStatus().URI @@ -181,7 +182,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become non-Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -203,7 +204,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -212,7 +213,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Verifying the ACME account URI is set") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { if i.GetStatus().ACMEStatus().URI == "" { @@ -230,7 +231,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { } By("Verifying the ACME account email has been registered") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { registeredEmail := i.GetStatus().ACMEStatus().LastRegisteredEmail @@ -249,7 +250,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -258,7 +259,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Verifying the changed ACME account email has been registered") - err = util.WaitForIssuerStatusFunc(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerStatusFunc(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, func(i *v1.Issuer) (bool, error) { registeredEmail := i.GetStatus().ACMEStatus().LastRegisteredEmail @@ -300,7 +301,7 @@ var _ = framework.CertManagerDescribe("ACME Issuer", func() { context.TODO(), acmeIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), acmeIssuer.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/ca/certificate.go b/test/e2e/suite/issuers/ca/certificate.go index ae8f455ffa0..879885cdab0 100644 --- a/test/e2e/suite/issuers/ca/certificate.go +++ b/test/e2e/suite/issuers/ca/certificate.go @@ -35,6 +35,7 @@ import ( ) var _ = framework.CertManagerDescribe("CA Certificate", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-ca-certificate") issuerName := "test-ca-issuer" @@ -47,10 +48,10 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerCASecretName(issuerSecretName)) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -61,14 +62,14 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), issuerSecretName, metav1.DeleteOptions{}) - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, issuerSecretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) }) Context("when the CA is the root", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret(issuerSecretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret(issuerSecretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -86,11 +87,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -114,11 +115,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateKeyAlgorithm(v1.ECDSAKeyAlgorithm), gen.SetCertificateKeySize(521), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -141,11 +142,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateOrganization("test-org"), gen.SetCertificateKeyAlgorithm(v1.Ed25519KeyAlgorithm), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -175,11 +176,11 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { v1.CertificateAdditionalOutputFormat{Type: "CombinedPEM"}, ), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -224,17 +225,17 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) - f.CertificateDurationValid(cert, v.expectedDuration, 0) + f.CertificateDurationValid(ctx, cert, v.expectedDuration, 0) }) } }) @@ -242,7 +243,7 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { Context("when the CA is an issuer", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningIssuer1KeypairSecret(issuerSecretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningIssuer1KeypairSecret(issuerSecretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -260,10 +261,10 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err := certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -275,7 +276,7 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { Context("when the CA is a second level issuer", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningIssuer2KeypairSecret(issuerSecretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningIssuer2KeypairSecret(issuerSecretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -283,10 +284,10 @@ var _ = framework.CertManagerDescribe("CA Certificate", func() { certClient := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name) By("Creating a Certificate with Usages") - cert, err := certClient.Create(context.TODO(), gen.Certificate(certificateName, gen.SetCertificateNamespace(f.Namespace.Name), gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateSecretName(certificateSecretName), gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName, Kind: v1.IssuerKind}), gen.SetCertificateKeyUsages(v1.UsageServerAuth, v1.UsageClientAuth)), metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, gen.Certificate(certificateName, gen.SetCertificateNamespace(f.Namespace.Name), gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateSecretName(certificateSecretName), gen.SetCertificateIssuer(cmmeta.ObjectReference{Name: issuerName, Kind: v1.IssuerKind}), gen.SetCertificateKeyUsages(v1.UsageServerAuth, v1.UsageClientAuth)), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/issuers/ca/certificaterequest.go b/test/e2e/suite/issuers/ca/certificaterequest.go index 4a5056834c4..1967be860f8 100644 --- a/test/e2e/suite/issuers/ca/certificaterequest.go +++ b/test/e2e/suite/issuers/ca/certificaterequest.go @@ -43,6 +43,7 @@ func exampleURLs() (urls []*url.URL) { } var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-ca-certificate") h := f.Helper() @@ -62,10 +63,10 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerCASecretName(issuerSecretName)) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -76,14 +77,14 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), issuerSecretName, metav1.DeleteOptions{}) - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, issuerSecretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) }) Context("when the CA is the root", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret(issuerSecretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret(issuerSecretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -97,10 +98,10 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { }, exampleDNSNames, exampleIPAddresses, exampleURIs, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = certRequestClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = certRequestClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValidTLS(f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) + err = h.WaitCertificateRequestIssuedValidTLS(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) Expect(err).NotTo(HaveOccurred()) }) @@ -114,10 +115,10 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { }, exampleDNSNames, exampleIPAddresses, exampleURIs, x509.ECDSA) Expect(err).NotTo(HaveOccurred()) - _, err = certRequestClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = certRequestClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValidTLS(f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) + err = h.WaitCertificateRequestIssuedValidTLS(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) Expect(err).NotTo(HaveOccurred()) }) @@ -131,10 +132,10 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { }, exampleDNSNames, exampleIPAddresses, exampleURIs, x509.Ed25519) Expect(err).NotTo(HaveOccurred()) - _, err = certRequestClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = certRequestClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValidTLS(f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) + err = h.WaitCertificateRequestIssuedValidTLS(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key, []byte(rootCert)) Expect(err).NotTo(HaveOccurred()) }) @@ -163,13 +164,13 @@ var _ = framework.CertManagerDescribe("CA CertificateRequest", func() { csr, key, err := gen.CSR(x509.RSA, gen.SetCSRDNSNames(exampleDNSNames...), gen.SetCSRIPAddresses(exampleIPAddresses...), gen.SetCSRURIs(exampleURLs()...)) Expect(err).NotTo(HaveOccurred()) cr := gen.CertificateRequest(certificateRequestName, gen.SetCertificateRequestNamespace(f.Namespace.Name), gen.SetCertificateRequestIssuer(cmmeta.ObjectReference{Kind: v1.IssuerKind, Name: issuerName}), gen.SetCertificateRequestDuration(v.inputDuration), gen.SetCertificateRequestCSR(csr)) - cr, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + cr, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key) Expect(err).NotTo(HaveOccurred()) - cr, err = crClient.Get(context.TODO(), cr.Name, metav1.GetOptions{}) + cr, err = crClient.Get(ctx, cr.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) f.CertificateRequestDurationValid(cr, v.expectedDuration, 0) }) diff --git a/test/e2e/suite/issuers/ca/clusterissuer.go b/test/e2e/suite/issuers/ca/clusterissuer.go index 3de6f5d6bca..926651b0fe3 100644 --- a/test/e2e/suite/issuers/ca/clusterissuer.go +++ b/test/e2e/suite/issuers/ca/clusterissuer.go @@ -34,30 +34,31 @@ import ( var _ = framework.CertManagerDescribe("CA ClusterIssuer", func() { f := framework.NewDefaultFramework("create-ca-clusterissuer") + ctx := context.TODO() issuerName := "test-ca-clusterissuer" + rand.String(5) secretName := "ca-clusterissuer-signing-keypair-" + rand.String(5) BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(context.TODO(), newSigningKeypairSecret(secretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Create(ctx, newSigningKeypairSecret(secretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(context.TODO(), secretName, metav1.DeleteOptions{}) - f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Config.Addons.CertManager.ClusterResourceNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, issuerName, metav1.DeleteOptions{}) }) It("should validate a signing keypair", func() { By("Creating an Issuer") clusterIssuer := gen.ClusterIssuer(issuerName, gen.SetIssuerCASecretName(secretName)) - _, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), clusterIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, clusterIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/ca/issuer.go b/test/e2e/suite/issuers/ca/issuer.go index 642bf151ec0..51de90f5f44 100644 --- a/test/e2e/suite/issuers/ca/issuer.go +++ b/test/e2e/suite/issuers/ca/issuer.go @@ -33,19 +33,20 @@ import ( var _ = framework.CertManagerDescribe("CA Issuer", func() { f := framework.NewDefaultFramework("create-ca-issuer") + ctx := context.TODO() issuerName := "test-ca-issuer" secretName := "ca-issuer-signing-keypair" BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newSigningKeypairSecret(secretName), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newSigningKeypairSecret(secretName), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), secretName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, secretName, metav1.DeleteOptions{}) }) It("should generate a signing keypair", func() { @@ -53,10 +54,10 @@ var _ = framework.CertManagerDescribe("CA Issuer", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerCASecretName(secretName)) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/selfsigned/certificate.go b/test/e2e/suite/issuers/selfsigned/certificate.go index 7707aee3102..24f97b2faa1 100644 --- a/test/e2e/suite/issuers/selfsigned/certificate.go +++ b/test/e2e/suite/issuers/selfsigned/certificate.go @@ -34,6 +34,7 @@ import ( ) var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-selfsigned-certificate") issuerName := "test-selfsigned-issuer" @@ -48,10 +49,10 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -69,10 +70,10 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -109,10 +110,10 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { issuer := gen.Issuer(issuerDurationName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerDurationName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -133,17 +134,17 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { gen.SetCertificateCommonName("test.domain.com"), gen.SetCertificateOrganization("test-org"), ) - cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") err = f.Helper().ValidateCertificate(cert) Expect(err).NotTo(HaveOccurred()) - f.CertificateDurationValid(cert, v.expectedDuration, 0) + f.CertificateDurationValid(ctx, cert, v.expectedDuration, 0) }) } @@ -155,7 +156,7 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") @@ -170,11 +171,11 @@ var _ = framework.CertManagerDescribe("Self Signed Certificate", func() { gen.SetCertificateOrganization("test-org"), gen.SetCertificateKeyEncoding(v1.PKCS8), ) - cert, err = certClient.Create(context.TODO(), cert, metav1.CreateOptions{}) + cert, err = certClient.Create(ctx, cert, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/issuers/selfsigned/certificaterequest.go b/test/e2e/suite/issuers/selfsigned/certificaterequest.go index 9841ab37fd3..8056969bff8 100644 --- a/test/e2e/suite/issuers/selfsigned/certificaterequest.go +++ b/test/e2e/suite/issuers/selfsigned/certificaterequest.go @@ -34,6 +34,7 @@ import ( ) var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("create-selfsigned-certificaterequest") h := f.Helper() @@ -47,10 +48,10 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { issuer := gen.Issuer(issuerName, gen.SetIssuerNamespace(f.Namespace.Name), gen.SetIssuerSelfSigned(v1.SelfSignedIssuer{})) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -75,15 +76,15 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { AfterEach(func() { By("Cleaning up") - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), certificateRequestSecretName, metav1.DeleteOptions{}) - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, certificateRequestSecretName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) }) Context("Self Signed and private key", func() { BeforeEach(func() { By("Creating a signing keypair fixture") - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), newPrivateKeySecret( + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, newPrivateKeySecret( certificateRequestSecretName, f.Namespace.Name, rootRSAKey), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) @@ -95,19 +96,19 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { csr, err := generateRSACSR() Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), gen.CertificateRequestFrom(basicCR, + _, err = crClient.Create(ctx, gen.CertificateRequestFrom(basicCR, gen.SetCertificateRequestCSR(csr), ), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, rootRSAKeySigner) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, rootRSAKeySigner) Expect(err).NotTo(HaveOccurred()) }) It("should be able to obtain an ECDSA Certificate backed by a ECSDA key", func() { // Replace RSA key secret with ECDSA one - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.TODO(), newPrivateKeySecret( + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, newPrivateKeySecret( certificateRequestSecretName, f.Namespace.Name, rootECKey), metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -116,19 +117,19 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { csr, err := generateECCSR() Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), gen.CertificateRequestFrom(basicCR, + _, err = crClient.Create(ctx, gen.CertificateRequestFrom(basicCR, gen.SetCertificateRequestCSR(csr), ), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, rootECKeySigner) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, rootECKeySigner) Expect(err).NotTo(HaveOccurred()) }) It("should be able to obtain an Ed25519 Certificate backed by a Ed25519 key", func() { // Replace previous key secret with Ed25519 one - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.TODO(), newPrivateKeySecret( + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, newPrivateKeySecret( certificateRequestSecretName, f.Namespace.Name, rootEd25519Key), metav1.UpdateOptions{}) Expect(err).NotTo(HaveOccurred()) @@ -137,13 +138,13 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { csr, err := generateEd25519CSR() Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), gen.CertificateRequestFrom(basicCR, + _, err = crClient.Create(ctx, gen.CertificateRequestFrom(basicCR, gen.SetCertificateRequestCSR(csr), ), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, rootEd25519Signer) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, rootEd25519Signer) Expect(err).NotTo(HaveOccurred()) }) @@ -172,16 +173,16 @@ var _ = framework.CertManagerDescribe("SelfSigned CertificateRequest", func() { csr, err := generateRSACSR() Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), gen.CertificateRequestFrom(basicCR, + _, err = crClient.Create(ctx, gen.CertificateRequestFrom(basicCR, gen.SetCertificateRequestCSR(csr), gen.SetCertificateRequestDuration(v.inputDuration), ), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, rootRSAKeySigner) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, rootRSAKeySigner) Expect(err).NotTo(HaveOccurred()) - cr, err := crClient.Get(context.TODO(), certificateRequestName, metav1.GetOptions{}) + cr, err := crClient.Get(ctx, certificateRequestName, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) f.CertificateRequestDurationValid(cr, v.expectedDuration, 0) }) diff --git a/test/e2e/suite/issuers/vault/certificate/approle.go b/test/e2e/suite/issuers/vault/certificate/approle.go index 0528e0f6711..f5c9916a3e3 100644 --- a/test/e2e/suite/issuers/vault/certificate/approle.go +++ b/test/e2e/suite/issuers/vault/certificate/approle.go @@ -55,6 +55,7 @@ var _ = framework.CertManagerDescribe("Vault ClusterIssuer Certificate (AppRole, }) func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatures featureset.FeatureSet) { + ctx := context.TODO() f := framework.NewDefaultFramework("create-vault-certificate") certificateName := "test-vault-certificate" @@ -80,29 +81,29 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu *addon.Vault.Details(), testWithRoot, ) - Expect(setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") var err error - roleId, secretId, err = setup.CreateAppRole() + roleId, secretId, err = setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred()) - sec, err := f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name }) JustAfterEach(func() { By("Cleaning up") - Expect(setup.Clean()).NotTo(HaveOccurred()) + Expect(setup.Clean(ctx)).NotTo(HaveOccurred()) if issuerKind == cmapi.IssuerKind { - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), vaultIssuerName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, vaultIssuerName, metav1.DeleteOptions{}) } else { - f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), vaultIssuerName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, vaultIssuerName, metav1.DeleteOptions{}) } - f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Delete(context.TODO(), vaultSecretName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Delete(ctx, vaultSecretName, metav1.DeleteOptions{}) }) It("should generate a new valid certificate", func() { @@ -119,7 +120,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -129,7 +130,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -138,14 +139,14 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu By("Waiting for Issuer to become Ready") if issuerKind == cmapi.IssuerKind { - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, }) } else { - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -156,11 +157,11 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") - cert, err := certClient.Create(context.TODO(), util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, nil, nil), metav1.CreateOptions{}) + cert, err := certClient.Create(ctx, util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, nil, nil), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -215,7 +216,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -225,7 +226,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -234,14 +235,14 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu By("Waiting for Issuer to become Ready") if issuerKind == cmapi.IssuerKind { - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, }) } else { - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -251,11 +252,11 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu Expect(err).NotTo(HaveOccurred()) By("Creating a Certificate") - cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(context.TODO(), util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, v.inputDuration, v.inputRenewBefore), metav1.CreateOptions{}) + cert, err := f.CertManagerClientSet.CertmanagerV1().Certificates(f.Namespace.Name).Create(ctx, util.NewCertManagerVaultCertificate(certificateName, certificateSecretName, vaultIssuerName, issuerKind, v.inputDuration, v.inputRenewBefore), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") @@ -263,7 +264,7 @@ func runVaultAppRoleTests(issuerKind string, testWithRoot bool, unsupportedFeatu Expect(err).NotTo(HaveOccurred()) // Vault subtract 30 seconds to the NotBefore date. - f.CertificateDurationValid(cert, v.expectedDuration, time.Second*30) + f.CertificateDurationValid(ctx, cert, v.expectedDuration, time.Second*30) }) } } diff --git a/test/e2e/suite/issuers/vault/certificaterequest/approle.go b/test/e2e/suite/issuers/vault/certificaterequest/approle.go index 4308a9b7b12..f9e41590705 100644 --- a/test/e2e/suite/issuers/vault/certificaterequest/approle.go +++ b/test/e2e/suite/issuers/vault/certificaterequest/approle.go @@ -45,6 +45,7 @@ var _ = framework.CertManagerDescribe("Vault ClusterIssuer CertificateRequest (A }) func runVaultAppRoleTests(issuerKind string) { + ctx := context.TODO() f := framework.NewDefaultFramework("create-vault-certificaterequest") h := f.Helper() @@ -78,29 +79,29 @@ func runVaultAppRoleTests(issuerKind string) { *addon.Vault.Details(), false, ) - Expect(setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") var err error - roleId, secretId, err = setup.CreateAppRole() + roleId, secretId, err = setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred()) - sec, err := f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name }) JustAfterEach(func() { By("Cleaning up") - Expect(setup.Clean()).NotTo(HaveOccurred()) + Expect(setup.Clean(ctx)).NotTo(HaveOccurred()) if issuerKind == cmapi.IssuerKind { - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), vaultIssuerName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, vaultIssuerName, metav1.DeleteOptions{}) } else { - f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(context.TODO(), vaultIssuerName, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Delete(ctx, vaultIssuerName, metav1.DeleteOptions{}) } - f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Delete(context.TODO(), vaultSecretName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(vaultSecretNamespace).Delete(ctx, vaultSecretName, metav1.DeleteOptions{}) }) It("should generate a new valid certificate", func() { @@ -117,7 +118,7 @@ func runVaultAppRoleTests(issuerKind string) { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -127,7 +128,7 @@ func runVaultAppRoleTests(issuerKind string) { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -135,14 +136,14 @@ func runVaultAppRoleTests(issuerKind string) { By("Waiting for Issuer to become Ready") if issuerKind == cmapi.IssuerKind { - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, }) } else { - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -158,11 +159,11 @@ func runVaultAppRoleTests(issuerKind string) { }, crDNSNames, crIPAddresses, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) }) @@ -207,7 +208,7 @@ func runVaultAppRoleTests(issuerKind string) { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -217,7 +218,7 @@ func runVaultAppRoleTests(issuerKind string) { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(addon.Vault.Details().VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().ClusterIssuers().Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuerName = iss.Name @@ -225,14 +226,14 @@ func runVaultAppRoleTests(issuerKind string) { By("Waiting for Issuer to become Ready") if issuerKind == cmapi.IssuerKind { - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, Status: cmmeta.ConditionTrue, }) } else { - err = util.WaitForClusterIssuerCondition(f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), + err = util.WaitForClusterIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().ClusterIssuers(), vaultIssuerName, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -247,14 +248,14 @@ func runVaultAppRoleTests(issuerKind string) { cr, key, err := util.NewCertManagerBasicCertificateRequest(certificateRequestName, vaultIssuerName, issuerKind, v.inputDuration, crDNSNames, crIPAddresses, nil, x509.RSA) Expect(err).NotTo(HaveOccurred()) - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Minute*5, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Minute*5, key) Expect(err).NotTo(HaveOccurred()) By("Verifying the Certificate is valid") - cr, err = crClient.Get(context.TODO(), cr.Name, metav1.GetOptions{}) + cr, err = crClient.Get(ctx, cr.Name, metav1.GetOptions{}) Expect(err).NotTo(HaveOccurred()) // Vault can issue certificates with slightly skewed duration. f.CertificateRequestDurationValid(cr, v.expectedDuration, 30*time.Second) diff --git a/test/e2e/suite/issuers/vault/issuer.go b/test/e2e/suite/issuers/vault/issuer.go index 5fd80368d58..a6a342b99cf 100644 --- a/test/e2e/suite/issuers/vault/issuer.go +++ b/test/e2e/suite/issuers/vault/issuer.go @@ -37,6 +37,7 @@ import ( var _ = framework.CertManagerDescribe("Vault Issuer", func() { f := framework.NewDefaultFramework("create-vault-issuer") + ctx := context.TODO() issuerName := "test-vault-issuer" vaultSecretServiceAccount := "vault-serviceaccount" @@ -54,15 +55,15 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { false, "https://kubernetes.default.svc.cluster.local", ) - Expect(setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") var err error - roleId, secretId, err = setup.CreateAppRole() + roleId, secretId, err = setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred()) By("creating a service account for Vault authentication") - err = setup.CreateKubernetesRole(f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) + err = setup.CreateKubernetesRole(ctx, f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) Expect(err).NotTo(HaveOccurred()) }) @@ -70,13 +71,13 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { By("Cleaning up AppRole") f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), vaultSecretName, metav1.DeleteOptions{}) - setup.CleanAppRole() + setup.CleanAppRole(ctx) By("Cleaning up Kubernetes") - setup.CleanKubernetesRole(f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) + setup.CleanKubernetesRole(ctx, f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) By("Cleaning up Vault") - Expect(setup.Clean()).NotTo(HaveOccurred()) + Expect(setup.Clean(ctx)).NotTo(HaveOccurred()) }) It("should be ready with a valid AppRole", func() { @@ -95,7 +96,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -116,7 +117,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -137,7 +138,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -161,7 +162,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -184,7 +185,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -235,7 +236,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -259,7 +260,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Validate that the Issuer is not ready yet") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -279,7 +280,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -314,7 +315,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -336,7 +337,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Validate that the issuer isn't ready anymore due to Vault still using the old certificate") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -348,8 +349,8 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { // Note that we reuse the same service account as for the Kubernetes // auth based on secretRef. There should be no problem doing so. By("Creating the Role and RoleBinding to let cert-manager use TokenRequest for the ServiceAccount") - vaultaddon.CreateKubernetesRoleForServiceAccountRefAuth(f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) - defer vaultaddon.CleanKubernetesRoleForServiceAccountRefAuth(f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) + vaultaddon.CreateKubernetesRoleForServiceAccountRefAuth(ctx, f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) + defer vaultaddon.CleanKubernetesRoleForServiceAccountRefAuth(ctx, f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) By("Creating an Issuer") vaultIssuer := gen.Issuer(issuerName, @@ -362,7 +363,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/vault/mtls.go b/test/e2e/suite/issuers/vault/mtls.go index b69467e9132..584fbd28c52 100644 --- a/test/e2e/suite/issuers/vault/mtls.go +++ b/test/e2e/suite/issuers/vault/mtls.go @@ -37,6 +37,7 @@ import ( var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { f := framework.NewDefaultFramework("create-vault-issuer") + ctx := context.TODO() issuerName := "test-vault-issuer" vaultSecretServiceAccount := "vault-serviceaccount" @@ -57,38 +58,38 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { false, "https://kubernetes.default.svc.cluster.local", ) - Expect(setup.Init()).NotTo(HaveOccurred(), "failed to init vault") - Expect(setup.Setup()).NotTo(HaveOccurred(), "failed to setup vault") + Expect(setup.Init(ctx)).NotTo(HaveOccurred(), "failed to init vault") + Expect(setup.Setup(ctx)).NotTo(HaveOccurred(), "failed to setup vault") var err error - roleId, secretId, err = setup.CreateAppRole() + roleId, secretId, err = setup.CreateAppRole(ctx) Expect(err).NotTo(HaveOccurred()) By("creating a service account for Vault authentication") - err = setup.CreateKubernetesRole(f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) + err = setup.CreateKubernetesRole(ctx, f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) Expect(err).NotTo(HaveOccurred()) By("creating a client certificate for Vault mTLS") secret := vaultaddon.NewVaultClientCertificateSecret(vaultClientCertificateSecretName, details.VaultClientCertificate, details.VaultClientPrivateKey) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), secret, metav1.CreateOptions{}) + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, secret, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) }) JustAfterEach(func() { By("Cleaning up AppRole") - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuerName, metav1.DeleteOptions{}) - f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(context.TODO(), vaultSecretName, metav1.DeleteOptions{}) - setup.CleanAppRole() + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuerName, metav1.DeleteOptions{}) + f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Delete(ctx, vaultSecretName, metav1.DeleteOptions{}) + setup.CleanAppRole(ctx) By("Cleaning up Kubernetes") - setup.CleanKubernetesRole(f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) + setup.CleanKubernetesRole(ctx, f.KubeClientSet, f.Namespace.Name, vaultSecretServiceAccount) By("Cleaning up Vault") - Expect(setup.Clean()).NotTo(HaveOccurred()) + Expect(setup.Clean(ctx)).NotTo(HaveOccurred()) }) It("should be ready with a valid AppRole", func() { - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name @@ -101,11 +102,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -115,7 +116,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { }) It("should fail to init with missing client certificates", func() { - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name @@ -127,11 +128,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultPath(setup.IntermediateSignPath()), gen.SetIssuerVaultCABundle(details.VaultCA), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -150,11 +151,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultAppRoleAuth("secretkey", roleId, setup.Role(), setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -173,11 +174,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultTokenAuth("secretkey", "vault-token")) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -188,7 +189,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { It("should be ready with a valid Kubernetes Role and ServiceAccount Secret", func() { saTokenSecretName := "vault-sa-secret-" + rand.String(5) - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuer := gen.Issuer(issuerName, @@ -199,11 +200,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -225,10 +226,10 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -247,7 +248,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultCABundleSecretRef("ca-bundle", f.Namespace.Name, "ca.crt")) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).To(HaveOccurred()) Expect(err.Error()).To(ContainSubstring( "spec.vault.caBundle: Invalid value: \"\": specified caBundle and caBundleSecretRef cannot be used together", @@ -257,10 +258,10 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { It("should be ready with a caBundle from a Kubernetes Secret", func() { saTokenSecretName := "vault-sa-secret-" + rand.String(5) - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), &corev1.Secret{ + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "ca-bundle", }, @@ -279,11 +280,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -294,7 +295,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { It("should be eventually ready when the CA bundle secret gets created after the Issuer", func() { saTokenSecretName := "vault-sa-secret-" + rand.String(5) - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultIssuer := gen.Issuer(issuerName, @@ -305,11 +306,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Validate that the Issuer is not ready yet") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -317,7 +318,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { }) Expect(err).NotTo(HaveOccurred()) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), &corev1.Secret{ + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "ca-bundle", }, @@ -329,7 +330,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -339,7 +340,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { }) It("should be eventually ready when the Vault client certificate secret gets created after the Issuer", func() { - sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) + sec, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultAppRoleSecret(appRoleSecretGeneratorName, secretId), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) vaultSecretName = sec.Name @@ -353,11 +354,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(customVaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(customVaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultAppRoleAuth("secretkey", vaultSecretName, roleId, setup.AppRoleAuthPath())) - iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + iss, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Validate that the Issuer is not ready yet") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -367,11 +368,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { By("creating a client certificate for Vault mTLS") secret := vaultaddon.NewVaultClientCertificateSecret(customVaultClientCertificateSecretName, details.VaultClientCertificate, details.VaultClientPrivateKey) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), secret, metav1.CreateOptions{}) + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, secret, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), iss.Name, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -382,10 +383,10 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { It("it should become not ready when the CA certificate in the secret changes and doesn't match Vault's CA anymore", func() { saTokenSecretName := "vault-sa-secret-" + rand.String(5) - _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) + _, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, vaultaddon.NewVaultKubernetesSecret(saTokenSecretName, vaultSecretServiceAccount), metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(context.TODO(), &corev1.Secret{ + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Create(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "ca-bundle", }, @@ -404,11 +405,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthSecret("token", saTokenSecretName, setup.Role(), setup.KubernetesAuthPath())) - _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -419,7 +420,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { By("Updating CA bundle") public, _, err := vaultaddon.GenerateCA() Expect(err).NotTo(HaveOccurred()) - _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(context.TODO(), &corev1.Secret{ + _, err = f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Update(ctx, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "ca-bundle", }, @@ -430,7 +431,7 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { Expect(err).NotTo(HaveOccurred()) By("Validate that the issuer isn't ready anymore due to Vault still using the old certificate") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, @@ -442,8 +443,8 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { // Note that we reuse the same service account as for the Kubernetes // auth based on secretRef. There should be no problem doing so. By("Creating the Role and RoleBinding to let cert-manager use TokenRequest for the ServiceAccount") - vaultaddon.CreateKubernetesRoleForServiceAccountRefAuth(f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) - defer vaultaddon.CleanKubernetesRoleForServiceAccountRefAuth(f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) + vaultaddon.CreateKubernetesRoleForServiceAccountRefAuth(ctx, f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) + defer vaultaddon.CleanKubernetesRoleForServiceAccountRefAuth(ctx, f.KubeClientSet, setup.Role(), f.Namespace.Name, vaultSecretServiceAccount) By("Creating an Issuer") vaultIssuer := gen.Issuer(issuerName, @@ -454,11 +455,11 @@ var _ = framework.CertManagerDescribe("Vault Issuer [mtls]", func() { gen.SetIssuerVaultClientCertSecretRef(vaultClientCertificateSecretName, corev1.TLSCertKey), gen.SetIssuerVaultClientKeySecretRef(vaultClientCertificateSecretName, corev1.TLSPrivateKeyKey), gen.SetIssuerVaultKubernetesAuthServiceAccount(vaultSecretServiceAccount, setup.Role(), setup.KubernetesAuthPath())) - _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), vaultIssuer, metav1.CreateOptions{}) + _, err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, vaultIssuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = e2eutil.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = e2eutil.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, v1.IssuerCondition{ Type: v1.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/venafi/cloud/setup.go b/test/e2e/suite/issuers/venafi/cloud/setup.go index c8dd111e6f5..f790e59828f 100644 --- a/test/e2e/suite/issuers/venafi/cloud/setup.go +++ b/test/e2e/suite/issuers/venafi/cloud/setup.go @@ -37,6 +37,7 @@ func CloudDescribe(name string, body func()) bool { var _ = CloudDescribe("properly configured Venafi Cloud Issuer", func() { f := framework.NewDefaultFramework("venafi-cloud-setup") + ctx := context.TODO() var ( issuer *cmapi.Issuer @@ -62,7 +63,7 @@ var _ = CloudDescribe("properly configured Venafi Cloud Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -77,7 +78,7 @@ var _ = CloudDescribe("properly configured Venafi Cloud Issuer", func() { issuer = cloudAddon.Details().BuildIssuer() issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -86,9 +87,9 @@ var _ = CloudDescribe("properly configured Venafi Cloud Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Changing the API key to something bad") - err = cloudAddon.SetAPIKey("this_is_a_bad_key") + err = cloudAddon.SetAPIKey(ctx, "this_is_a_bad_key") Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, diff --git a/test/e2e/suite/issuers/venafi/tpp/certificate.go b/test/e2e/suite/issuers/venafi/tpp/certificate.go index 61df32ee00b..d84403c53e1 100644 --- a/test/e2e/suite/issuers/venafi/tpp/certificate.go +++ b/test/e2e/suite/issuers/venafi/tpp/certificate.go @@ -36,6 +36,7 @@ import ( var _ = TPPDescribe("Certificate with a properly configured Issuer", func() { f := framework.NewDefaultFramework("venafi-tpp-certificate") + ctx := context.TODO() var ( issuer *cmapi.Issuer @@ -60,7 +61,7 @@ var _ = TPPDescribe("Certificate with a properly configured Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -94,7 +95,7 @@ var _ = TPPDescribe("Certificate with a properly configured Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Waiting for the Certificate to be issued...") - cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*5) + cert, err = f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*5) Expect(err).NotTo(HaveOccurred()) By("Validating the issued Certificate...") diff --git a/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go b/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go index 1d0e2a8f99c..ecde72da404 100644 --- a/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go +++ b/test/e2e/suite/issuers/venafi/tpp/certificaterequest.go @@ -35,6 +35,7 @@ import ( ) var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func() { + ctx := context.TODO() f := framework.NewDefaultFramework("venafi-tpp-certificaterequest") h := f.Helper() @@ -56,11 +57,11 @@ var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func By("Creating a Venafi Issuer resource") issuer = tppAddon.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -72,7 +73,7 @@ var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func AfterEach(func() { By("Cleaning up") if issuer != nil { - err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuer.Name, metav1.DeleteOptions{}) + err := f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuer.Name, metav1.DeleteOptions{}) Expect(err).NotTo(HaveOccurred()) } }) @@ -86,11 +87,11 @@ var _ = TPPDescribe("CertificateRequest with a properly configured Issuer", func Expect(err).NotTo(HaveOccurred()) By("Creating a CertificateRequest") - _, err = crClient.Create(context.TODO(), cr, metav1.CreateOptions{}) + _, err = crClient.Create(ctx, cr, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Verifying the CertificateRequest is valid") - err = h.WaitCertificateRequestIssuedValid(f.Namespace.Name, certificateRequestName, time.Second*30, key) + err = h.WaitCertificateRequestIssuedValid(ctx, f.Namespace.Name, certificateRequestName, time.Second*30, key) Expect(err).NotTo(HaveOccurred()) }) }) diff --git a/test/e2e/suite/issuers/venafi/tpp/setup.go b/test/e2e/suite/issuers/venafi/tpp/setup.go index 4fe8cd5b137..46f1a03668f 100644 --- a/test/e2e/suite/issuers/venafi/tpp/setup.go +++ b/test/e2e/suite/issuers/venafi/tpp/setup.go @@ -33,6 +33,7 @@ import ( var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { f := framework.NewDefaultFramework("venafi-tpp-setup") + ctx := context.TODO() var ( issuer *cmapi.Issuer @@ -48,7 +49,7 @@ var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { AfterEach(func() { By("Cleaning up") if issuer != nil { - f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(context.TODO(), issuer.Name, metav1.DeleteOptions{}) + f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Delete(ctx, issuer.Name, metav1.DeleteOptions{}) } }) @@ -56,11 +57,11 @@ var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { var err error By("Creating a Venafi Issuer resource") issuer = tppAddon.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) By("Waiting for Issuer to become Ready") - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -73,9 +74,9 @@ var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { var err error By("Creating a Venafi Issuer resource") issuer = tppAddon.Details().BuildIssuer() - issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(context.TODO(), issuer, metav1.CreateOptions{}) + issuer, err = f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name).Create(ctx, issuer, metav1.CreateOptions{}) Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, @@ -84,9 +85,9 @@ var _ = TPPDescribe("properly configured Venafi TPP Issuer", func() { Expect(err).NotTo(HaveOccurred()) By("Changing the Access Token to something bad") - err = tppAddon.SetAccessToken("this_is_a_bad_token") + err = tppAddon.SetAccessToken(ctx, "this_is_a_bad_token") Expect(err).NotTo(HaveOccurred()) - err = util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err = util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuer.Name, cmapi.IssuerCondition{ Type: cmapi.IssuerConditionReady, diff --git a/test/e2e/suite/serving/cainjector.go b/test/e2e/suite/serving/cainjector.go index e0868df044c..ca358a54a3a 100644 --- a/test/e2e/suite/serving/cainjector.go +++ b/test/e2e/suite/serving/cainjector.go @@ -50,6 +50,7 @@ type injectableTest struct { var _ = framework.CertManagerDescribe("CA Injector", func() { f := framework.NewDefaultFramework("cainjector") + ctx := context.TODO() issuerName := "inject-cert-issuer" secretName := "serving-certs-data" @@ -66,7 +67,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { Expect(f.CRClient.Create(context.Background(), issuer)).To(Succeed()) By("Waiting for Issuer to become Ready") - err := util.WaitForIssuerCondition(f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), + err := util.WaitForIssuerCondition(ctx, f.CertManagerClientSet.CertmanagerV1().Issuers(f.Namespace.Name), issuerName, certmanager.IssuerCondition{ Type: certmanager.IssuerConditionReady, @@ -100,7 +101,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { ) Expect(f.CRClient.Create(context.Background(), cert)).To(Succeed()) - cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*2) + cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become Ready") By("grabbing the corresponding secret") @@ -176,7 +177,7 @@ var _ = framework.CertManagerDescribe("CA Injector", func() { return nil }) - cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(cert, time.Minute*2) + cert, err := f.Helper().WaitForCertificateReadyAndDoneIssuing(ctx, cert, time.Minute*2) Expect(err).NotTo(HaveOccurred(), "failed to wait for Certificate to become updated") By("grabbing the new secret") diff --git a/test/e2e/util/util.go b/test/e2e/util/util.go index e3a7c127dc8..f745b659af0 100644 --- a/test/e2e/util/util.go +++ b/test/e2e/util/util.go @@ -56,8 +56,8 @@ func CertificateOnlyValidForDomains(cert *x509.Certificate, commonName string, d return true } -func WaitForIssuerStatusFunc(client clientset.IssuerInterface, name string, fn func(*v1.Issuer) (bool, error)) error { - return wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { +func WaitForIssuerStatusFunc(ctx context.Context, client clientset.IssuerInterface, name string, fn func(*v1.Issuer) (bool, error)) error { + return wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if err != nil { return false, fmt.Errorf("error getting Issuer %q: %v", name, err) @@ -68,10 +68,10 @@ func WaitForIssuerStatusFunc(client clientset.IssuerInterface, name string, fn f // WaitForIssuerCondition waits for the status of the named issuer to contain // a condition whose type and status matches the supplied one. -func WaitForIssuerCondition(client clientset.IssuerInterface, name string, condition v1.IssuerCondition) error { +func WaitForIssuerCondition(ctx context.Context, client clientset.IssuerInterface, name string, condition v1.IssuerCondition) error { logf, done := log.LogBackoff() defer done() - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { logf("Waiting for issuer %v condition %#v", name, condition) issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if nil != err { @@ -80,16 +80,16 @@ func WaitForIssuerCondition(client clientset.IssuerInterface, name string, condi return apiutil.IssuerHasCondition(issuer, condition), nil }) - return wrapErrorWithIssuerStatusCondition(client, pollErr, name, condition.Type) + return wrapErrorWithIssuerStatusCondition(ctx, client, pollErr, name, condition.Type) } // try to retrieve last condition to help diagnose tests. -func wrapErrorWithIssuerStatusCondition(client clientset.IssuerInterface, pollErr error, name string, conditionType v1.IssuerConditionType) error { +func wrapErrorWithIssuerStatusCondition(ctx context.Context, client clientset.IssuerInterface, pollErr error, name string, conditionType v1.IssuerConditionType) error { if pollErr == nil { return nil } - issuer, err := client.Get(context.TODO(), name, metav1.GetOptions{}) + issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if err != nil { return pollErr } @@ -106,10 +106,10 @@ func wrapErrorWithIssuerStatusCondition(client clientset.IssuerInterface, pollEr // WaitForClusterIssuerCondition waits for the status of the named issuer to contain // a condition whose type and status matches the supplied one. -func WaitForClusterIssuerCondition(client clientset.ClusterIssuerInterface, name string, condition v1.IssuerCondition) error { +func WaitForClusterIssuerCondition(ctx context.Context, client clientset.ClusterIssuerInterface, name string, condition v1.IssuerCondition) error { logf, done := log.LogBackoff() defer done() - pollErr := wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { + pollErr := wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { logf("Waiting for clusterissuer %v condition %#v", name, condition) issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if nil != err { @@ -118,16 +118,16 @@ func WaitForClusterIssuerCondition(client clientset.ClusterIssuerInterface, name return apiutil.IssuerHasCondition(issuer, condition), nil }) - return wrapErrorWithClusterIssuerStatusCondition(client, pollErr, name, condition.Type) + return wrapErrorWithClusterIssuerStatusCondition(ctx, client, pollErr, name, condition.Type) } // try to retrieve last condition to help diagnose tests. -func wrapErrorWithClusterIssuerStatusCondition(client clientset.ClusterIssuerInterface, pollErr error, name string, conditionType v1.IssuerConditionType) error { +func wrapErrorWithClusterIssuerStatusCondition(ctx context.Context, client clientset.ClusterIssuerInterface, pollErr error, name string, conditionType v1.IssuerConditionType) error { if pollErr == nil { return nil } - issuer, err := client.Get(context.TODO(), name, metav1.GetOptions{}) + issuer, err := client.Get(ctx, name, metav1.GetOptions{}) if err != nil { return pollErr } @@ -144,10 +144,10 @@ func wrapErrorWithClusterIssuerStatusCondition(client clientset.ClusterIssuerInt // WaitForCRDToNotExist waits for the CRD with the given name to no // longer exist. -func WaitForCRDToNotExist(client apiextensionsv1.CustomResourceDefinitionInterface, name string) error { +func WaitForCRDToNotExist(ctx context.Context, client apiextensionsv1.CustomResourceDefinitionInterface, name string) error { logf, done := log.LogBackoff() defer done() - return wait.PollUntilContextTimeout(context.TODO(), 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { + return wait.PollUntilContextTimeout(ctx, 500*time.Millisecond, time.Minute, true, func(ctx context.Context) (bool, error) { logf("Waiting for CRD %v to not exist", name) _, err := client.Get(ctx, name, metav1.GetOptions{}) if nil == err { diff --git a/test/integration/acme/orders_controller_test.go b/test/integration/acme/orders_controller_test.go index 9d1f6528efc..d1deca46864 100644 --- a/test/integration/acme/orders_controller_test.go +++ b/test/integration/acme/orders_controller_test.go @@ -142,7 +142,6 @@ func TestAcmeOrdersController(t *testing.T) { false, ) c := controllerpkg.NewController( - ctx, "orders_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, diff --git a/test/integration/certificates/generates_new_private_key_per_request_test.go b/test/integration/certificates/generates_new_private_key_per_request_test.go index 97058529b27..88ad3708729 100644 --- a/test/integration/certificates/generates_new_private_key_per_request_test.go +++ b/test/integration/certificates/generates_new_private_key_per_request_test.go @@ -54,7 +54,7 @@ func TestGeneratesNewPrivateKeyIfMarkedInvalidRequest(t *testing.T) { defer stopFn() // Build, instantiate and run all required controllers - stopControllers := runAllControllers(t, ctx, config) + stopControllers := runAllControllers(t, config) defer stopControllers() _, _, cmCl, _, _ := framework.NewClients(t, config) @@ -191,7 +191,7 @@ func TestGeneratesNewPrivateKeyPerRequest(t *testing.T) { defer stopFn() // Build, instantiate and run all required controllers - stopControllers := runAllControllers(t, ctx, config) + stopControllers := runAllControllers(t, config) defer stopControllers() _, _, cmCl, _, _ := framework.NewClients(t, config) @@ -320,7 +320,7 @@ type comparablePublicKey interface { Equal(crypto.PublicKey) bool } -func runAllControllers(t *testing.T, ctx context.Context, config *rest.Config) framework.StopFunc { +func runAllControllers(t *testing.T, config *rest.Config) framework.StopFunc { kubeClient, factory, cmCl, cmFactory, scheme := framework.NewClients(t, config) log := logf.Log clock := clock.RealClock{} @@ -341,22 +341,22 @@ func runAllControllers(t *testing.T, ctx context.Context, config *rest.Config) f // TODO: set field mananager before calling each of those- is that what we do in actual code? revCtrl, revQueue, revMustSync := revisionmanager.NewController(log, &controllerContext) - revisionManager := controllerpkg.NewController(ctx, "revisionmanager_controller", metrics, revCtrl.ProcessItem, revMustSync, nil, revQueue) + revisionManager := controllerpkg.NewController("revisionmanager_controller", metrics, revCtrl.ProcessItem, revMustSync, nil, revQueue) readyCtrl, readyQueue, readyMustSync := readiness.NewController(log, &controllerContext, policies.NewReadinessPolicyChain(clock), pki.RenewalTime, readiness.BuildReadyConditionFromChain) - readinessManager := controllerpkg.NewController(ctx, "readiness_controller", metrics, readyCtrl.ProcessItem, readyMustSync, nil, readyQueue) + readinessManager := controllerpkg.NewController("readiness_controller", metrics, readyCtrl.ProcessItem, readyMustSync, nil, readyQueue) issueCtrl, issueQueue, issueMustSync := issuing.NewController(log, &controllerContext) - issueManager := controllerpkg.NewController(ctx, "issuing_controller", metrics, issueCtrl.ProcessItem, issueMustSync, nil, issueQueue) + issueManager := controllerpkg.NewController("issuing_controller", metrics, issueCtrl.ProcessItem, issueMustSync, nil, issueQueue) reqCtrl, reqQueue, reqMustSync := requestmanager.NewController(log, &controllerContext) - requestManager := controllerpkg.NewController(ctx, "requestmanager_controller", metrics, reqCtrl.ProcessItem, reqMustSync, nil, reqQueue) + requestManager := controllerpkg.NewController("requestmanager_controller", metrics, reqCtrl.ProcessItem, reqMustSync, nil, reqQueue) keyCtrl, keyQueue, keyMustSync := keymanager.NewController(log, &controllerContext) - keyManager := controllerpkg.NewController(ctx, "keymanager_controller", metrics, keyCtrl.ProcessItem, keyMustSync, nil, keyQueue) + keyManager := controllerpkg.NewController("keymanager_controller", metrics, keyCtrl.ProcessItem, keyMustSync, nil, keyQueue) triggerCtrl, triggerQueue, triggerMustSync := trigger.NewController(log, &controllerContext, policies.NewTriggerPolicyChain(clock).Evaluate) - triggerManager := controllerpkg.NewController(ctx, "trigger_controller", metrics, triggerCtrl.ProcessItem, triggerMustSync, nil, triggerQueue) + triggerManager := controllerpkg.NewController("trigger_controller", metrics, triggerCtrl.ProcessItem, triggerMustSync, nil, triggerQueue) return framework.StartInformersAndControllers(t, factory, cmFactory, revisionManager, requestManager, keyManager, triggerManager, readinessManager, issueManager) } diff --git a/test/integration/certificates/issuing_controller_test.go b/test/integration/certificates/issuing_controller_test.go index 52a75a5d4ca..9a1b7b8ff2d 100644 --- a/test/integration/certificates/issuing_controller_test.go +++ b/test/integration/certificates/issuing_controller_test.go @@ -82,7 +82,6 @@ func TestIssuingController(t *testing.T) { ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "issuing_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -299,7 +298,6 @@ func TestIssuingController_PKCS8_PrivateKey(t *testing.T) { ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "issuing_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -525,7 +523,6 @@ func Test_IssuingController_SecretTemplate(t *testing.T) { ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "issuing_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -773,7 +770,6 @@ func Test_IssuingController_AdditionalOutputFormats(t *testing.T) { ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "issuing_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -1011,7 +1007,7 @@ func Test_IssuingController_OwnerRefernece(t *testing.T) { FieldManager: fieldManager, } ctrl, queue, mustSync := issuing.NewController(logf.Log, &controllerContext) - c := controllerpkg.NewController(ctx, fieldManager, metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, mustSync, nil, queue) + c := controllerpkg.NewController(fieldManager, metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, mustSync, nil, queue) stopControllerNoOwnerRef := framework.StartInformersAndController(t, factory, cmFactory, c) defer func() { if stopControllerNoOwnerRef != nil { @@ -1108,7 +1104,7 @@ func Test_IssuingController_OwnerRefernece(t *testing.T) { FieldManager: fieldManager, } ctrl, queue, mustSync = issuing.NewController(logf.Log, &controllerContext) - c = controllerpkg.NewController(ctx, fieldManager, metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, mustSync, nil, queue) + c = controllerpkg.NewController(fieldManager, metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, mustSync, nil, queue) stopControllerOwnerRef := framework.StartInformersAndController(t, factory, cmFactory, c) defer stopControllerOwnerRef() diff --git a/test/integration/certificates/metrics_controller_test.go b/test/integration/certificates/metrics_controller_test.go index 7a8da1623c5..381a8407691 100644 --- a/test/integration/certificates/metrics_controller_test.go +++ b/test/integration/certificates/metrics_controller_test.go @@ -104,7 +104,6 @@ func TestMetricsController(t *testing.T) { } ctrl, queue, mustSync := controllermetrics.NewController(&controllerContext) c := controllerpkg.NewController( - ctx, "metrics_test", metricsHandler, ctrl.ProcessItem, diff --git a/test/integration/certificates/revisionmanager_controller_test.go b/test/integration/certificates/revisionmanager_controller_test.go index feeca1a8b5f..a561f598689 100644 --- a/test/integration/certificates/revisionmanager_controller_test.go +++ b/test/integration/certificates/revisionmanager_controller_test.go @@ -62,7 +62,6 @@ func TestRevisionManagerController(t *testing.T) { ctrl, queue, mustSync := revisionmanager.NewController(logf.Log, &controllerContext) c := controllerpkg.NewController( - ctx, "revisionmanager_controller_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, diff --git a/test/integration/certificates/trigger_controller_test.go b/test/integration/certificates/trigger_controller_test.go index c7a80866fc2..14f80344b26 100644 --- a/test/integration/certificates/trigger_controller_test.go +++ b/test/integration/certificates/trigger_controller_test.go @@ -83,7 +83,6 @@ func TestTriggerController(t *testing.T) { } ctrl, queue, mustSync := trigger.NewController(logf.Log, controllerContext, shouldReissue) c := controllerpkg.NewController( - ctx, "trigger_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -190,7 +189,6 @@ func TestTriggerController_RenewNearExpiry(t *testing.T) { // Start the trigger controller ctrl, queue, mustSync := trigger.NewController(logf.Log, controllerContext, shoudReissue) c := controllerpkg.NewController( - logf.NewContext(ctx, logf.Log, "trigger_controller_RenewNearExpiry"), "trigger_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, @@ -287,7 +285,6 @@ func TestTriggerController_ExpBackoff(t *testing.T) { // Start the trigger controller ctrl, queue, mustSync := trigger.NewController(logf.Log, controllerContext, shoudReissue) c := controllerpkg.NewController( - logf.NewContext(ctx, logf.Log, "trigger_controller_RenewNearExpiry"), "trigger_test", metrics.New(logf.Log, clock.RealClock{}), ctrl.ProcessItem, diff --git a/test/integration/framework/helpers.go b/test/integration/framework/helpers.go index 31a01baf2be..dfca528f548 100644 --- a/test/integration/framework/helpers.go +++ b/test/integration/framework/helpers.go @@ -82,25 +82,25 @@ func StartInformersAndController(t *testing.T, factory internalinformers.KubeInf } func StartInformersAndControllers(t *testing.T, factory internalinformers.KubeInformerFactory, cmFactory cminformers.SharedInformerFactory, cs ...controllerpkg.Interface) StopFunc { - stopCh := make(chan struct{}) + rootCtx, cancel := context.WithCancel(context.Background()) errCh := make(chan error) - factory.Start(stopCh) - cmFactory.Start(stopCh) + factory.Start(rootCtx.Done()) + cmFactory.Start(rootCtx.Done()) group, _ := errgroup.WithContext(context.Background()) go func() { defer close(errCh) for _, c := range cs { func(c controllerpkg.Interface) { group.Go(func() error { - return c.Run(1, stopCh) + return c.Run(1, rootCtx) }) }(c) } errCh <- group.Wait() }() return func() { - close(stopCh) + cancel() err := <-errCh if err != nil { t.Fatal(err) From de54201f6931dc063729b2137f5b23e16875c71c Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 30 Apr 2024 11:25:46 +0200 Subject: [PATCH 106/177] fix noctx linter Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .golangci.yaml | 1 - pkg/healthz/healthz_test.go | 4 +++- test/integration/certificates/metrics_controller_test.go | 6 +++++- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index 4a3c8779219..1bf9beac513 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -8,7 +8,6 @@ issues: - exhaustive - nilerr - interfacebloat - - noctx - nilnil - nakedret - musttag diff --git a/pkg/healthz/healthz_test.go b/pkg/healthz/healthz_test.go index 710feb70ab2..c583a049fd4 100644 --- a/pkg/healthz/healthz_test.go +++ b/pkg/healthz/healthz_test.go @@ -277,7 +277,9 @@ func TestHealthzLivezLeaderElection(t *testing.T) { lastResponseBody string ) assert.Eventually(t, func() bool { - resp, err := http.Get(livezURL) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, livezURL, nil) + require.NoError(t, err) + resp, err := http.DefaultClient.Do(req) require.NoError(t, err) defer func() { require.NoError(t, resp.Body.Close()) diff --git a/test/integration/certificates/metrics_controller_test.go b/test/integration/certificates/metrics_controller_test.go index 381a8407691..b351bd80d00 100644 --- a/test/integration/certificates/metrics_controller_test.go +++ b/test/integration/certificates/metrics_controller_test.go @@ -130,7 +130,11 @@ func TestMetricsController(t *testing.T) { } testMetrics := func(expectedOutput string) error { - resp, err := http.DefaultClient.Get(metricsEndpoint) + req, err := http.NewRequestWithContext(ctx, http.MethodGet, metricsEndpoint, nil) + if err != nil { + return err + } + resp, err := http.DefaultClient.Do(req) if err != nil { return err } From 1248be8bba2a8da55421a17323aa33efd49aec37 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 7 May 2024 12:37:04 +0200 Subject: [PATCH 107/177] add contextcheck linter exceptions Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- cmd/acmesolver/app/app.go | 1 + cmd/cainjector/app/cainjector.go | 1 + cmd/controller/app/start.go | 1 + cmd/startupapicheck/pkg/check/api/api.go | 1 + cmd/webhook/app/webhook.go | 1 + pkg/acme/webhook/cmd/server/start.go | 1 + test/e2e/suite/conformance/certificates/tests.go | 4 ++-- .../suite/conformance/certificatesigningrequests/tests.go | 6 ++++-- 8 files changed, 12 insertions(+), 4 deletions(-) diff --git a/cmd/acmesolver/app/app.go b/cmd/acmesolver/app/app.go index cd638b10230..d2cc96cb6da 100644 --- a/cmd/acmesolver/app/app.go +++ b/cmd/acmesolver/app/app.go @@ -46,6 +46,7 @@ func NewACMESolverCommand(_ context.Context) *cobra.Command { return nil }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { runCtx := cmd.Context() log := logf.FromContext(runCtx) diff --git a/cmd/cainjector/app/cainjector.go b/cmd/cainjector/app/cainjector.go index ced1eb088d0..41dc2252918 100644 --- a/cmd/cainjector/app/cainjector.go +++ b/cmd/cainjector/app/cainjector.go @@ -100,6 +100,7 @@ servers and webhook servers.`, return nil }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { return run(cmd.Context(), cainjectorConfig) }, diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index ed5fc18e0a1..e3b4a934371 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -110,6 +110,7 @@ to renew certificates at an appropriate time before expiry.`, return nil }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { return run(cmd.Context(), controllerConfig) }, diff --git a/cmd/startupapicheck/pkg/check/api/api.go b/cmd/startupapicheck/pkg/check/api/api.go index 4c7350a58a7..4ca6cef5374 100644 --- a/cmd/startupapicheck/pkg/check/api/api.go +++ b/cmd/startupapicheck/pkg/check/api/api.go @@ -79,6 +79,7 @@ required webhooks are reachable by the K8S API server.`, PreRunE: func(cmd *cobra.Command, args []string) error { return o.Complete() }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { return o.Run(cmd.Context(), cmd.OutOrStdout()) }, diff --git a/cmd/webhook/app/webhook.go b/cmd/webhook/app/webhook.go index 5d5565256ea..0009c59e7dc 100644 --- a/cmd/webhook/app/webhook.go +++ b/cmd/webhook/app/webhook.go @@ -107,6 +107,7 @@ functionality for cert-manager.`, return nil }, + // nolint:contextcheck // False positive RunE: func(cmd *cobra.Command, args []string) error { return run(cmd.Context(), webhookConfig) }, diff --git a/pkg/acme/webhook/cmd/server/start.go b/pkg/acme/webhook/cmd/server/start.go index fd953308f65..fce320a1af2 100644 --- a/pkg/acme/webhook/cmd/server/start.go +++ b/pkg/acme/webhook/cmd/server/start.go @@ -66,6 +66,7 @@ func NewCommandStartWebhookServer(_ context.Context, groupName string, solvers . cmd := &cobra.Command{ Short: "Launch an ACME solver API server", Long: "Launch an ACME solver API server", + // nolint:contextcheck // False positive RunE: func(c *cobra.Command, args []string) error { runCtx := c.Context() diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index a0697592d9e..fa60af3215f 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -1065,13 +1065,13 @@ cKK5t8N1YDX5CV+01X3vvxpM3ciYuCY9y+lSegrIEI+izRyD7P9KaZlwMaYmsBZq By("Updating the Certificate after having added an additional dnsName") newDNSName := e2eutil.RandomSubdomain(s.DomainSuffix) retry.RetryOnConflict(retry.DefaultRetry, func() error { - err = f.CRClient.Get(context.Background(), types.NamespacedName{Name: testCertificate.Name, Namespace: testCertificate.Namespace}, testCertificate) + err = f.CRClient.Get(ctx, types.NamespacedName{Name: testCertificate.Name, Namespace: testCertificate.Namespace}, testCertificate) if err != nil { return err } testCertificate.Spec.DNSNames = append(testCertificate.Spec.DNSNames, newDNSName) - err = f.CRClient.Update(context.Background(), testCertificate) + err = f.CRClient.Update(ctx, testCertificate) if err != nil { return err } diff --git a/test/e2e/suite/conformance/certificatesigningrequests/tests.go b/test/e2e/suite/conformance/certificatesigningrequests/tests.go index d7093f25c9e..f837d0ef63f 100644 --- a/test/e2e/suite/conformance/certificatesigningrequests/tests.go +++ b/test/e2e/suite/conformance/certificatesigningrequests/tests.go @@ -393,9 +393,11 @@ func (s *Suite) Define() { // Create the request, and delete at the end of the test By("Creating a CertificateSigningRequest") Expect(f.CRClient.Create(ctx, kubeCSR)).NotTo(HaveOccurred()) + // nolint: contextcheck // This is a cleanup context defer func() { - // nolint: contextcheck // This is a cleanup context - f.CRClient.Delete(context.TODO(), kubeCSR) + cleanupCtx := context.Background() + + f.CRClient.Delete(cleanupCtx, kubeCSR) }() // Approve the request for testing, so that cert-manager may sign the From 528428b31f5be35873482f77d219ff1cc97af289 Mon Sep 17 00:00:00 2001 From: Paul Whitehead Date: Fri, 29 Mar 2024 11:19:33 -0600 Subject: [PATCH 108/177] support assumeRoleWithWebIdentity for Route53 issuer Signed-off-by: Paul Whitehead fix test signature --- deploy/crds/crd-challenges.yaml | 5 ++ deploy/crds/crd-clusterissuers.yaml | 5 ++ deploy/crds/crd-issuers.yaml | 5 ++ hack/webIdentityToken | 1 + internal/apis/acme/types_issuer.go | 4 + .../apis/acme/v1/zz_generated.conversion.go | 2 + internal/apis/acme/v1alpha2/types_issuer.go | 5 ++ .../acme/v1alpha2/zz_generated.conversion.go | 2 + internal/apis/acme/v1alpha3/types_issuer.go | 5 ++ .../acme/v1alpha3/zz_generated.conversion.go | 2 + internal/apis/acme/v1beta1/types_issuer.go | 5 ++ .../acme/v1beta1/zz_generated.conversion.go | 2 + pkg/apis/acme/v1/types_issuer.go | 5 ++ pkg/issuer/acme/dns/dns.go | 3 +- pkg/issuer/acme/dns/dns_test.go | 47 ++++++++-- pkg/issuer/acme/dns/route53/route53.go | 81 ++++++++++++----- pkg/issuer/acme/dns/route53/route53_test.go | 88 +++++++++++++------ pkg/issuer/acme/dns/util_test.go | 4 +- 18 files changed, 213 insertions(+), 58 deletions(-) create mode 100644 hack/webIdentityToken diff --git a/deploy/crds/crd-challenges.yaml b/deploy/crds/crd-challenges.yaml index d89fc4597b8..efc99f16210 100644 --- a/deploy/crds/crd-challenges.yaml +++ b/deploy/crds/crd-challenges.yaml @@ -524,6 +524,11 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + webIdentityToken: + description: |- + WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. + Both Region and Role must be set. + type: string webhook: description: |- Configure an external webhook based DNS01 challenge solver to manage diff --git a/deploy/crds/crd-clusterissuers.yaml b/deploy/crds/crd-clusterissuers.yaml index f73392551e7..68bf1bad882 100644 --- a/deploy/crds/crd-clusterissuers.yaml +++ b/deploy/crds/crd-clusterissuers.yaml @@ -631,6 +631,11 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + webIdentityToken: + description: |- + WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. + Both Region and Role must be set. + type: string webhook: description: |- Configure an external webhook based DNS01 challenge solver to manage diff --git a/deploy/crds/crd-issuers.yaml b/deploy/crds/crd-issuers.yaml index 8bd4d281dee..5567fd4ba53 100644 --- a/deploy/crds/crd-issuers.yaml +++ b/deploy/crds/crd-issuers.yaml @@ -631,6 +631,11 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + webIdentityToken: + description: |- + WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. + Both Region and Role must be set. + type: string webhook: description: |- Configure an external webhook based DNS01 challenge solver to manage diff --git a/hack/webIdentityToken b/hack/webIdentityToken new file mode 100644 index 00000000000..7b0fd0e46f8 --- /dev/null +++ b/hack/webIdentityToken @@ -0,0 +1 @@ +eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNzEwMzUxNjM4LCJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tIiwiYXVkIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSIsImV4cCI6MTc0MTg4NzYwOH0.yu4G8_3ZDsWA1wJC4jZjh9FCEGbW0eke1ffFw1Xhvvw diff --git a/internal/apis/acme/types_issuer.go b/internal/apis/acme/types_issuer.go index daa80b2b2ce..e6ce1d8ae8e 100644 --- a/internal/apis/acme/types_issuer.go +++ b/internal/apis/acme/types_issuer.go @@ -451,6 +451,10 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string + + // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. + // Both Region and Role must be set. + WebIdentityToken string `json:"webIdentityToken,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/internal/apis/acme/v1/zz_generated.conversion.go b/internal/apis/acme/v1/zz_generated.conversion.go index 468def2a9a6..722f870016d 100644 --- a/internal/apis/acme/v1/zz_generated.conversion.go +++ b/internal/apis/acme/v1/zz_generated.conversion.go @@ -1226,6 +1226,7 @@ func autoConvert_v1_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01Provid out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region + out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1251,6 +1252,7 @@ func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1_ACMEIssuerDNS01Provid out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region + out.WebIdentityToken = in.WebIdentityToken return nil } diff --git a/internal/apis/acme/v1alpha2/types_issuer.go b/internal/apis/acme/v1alpha2/types_issuer.go index dc02f0eb6d0..96bc92ee51d 100644 --- a/internal/apis/acme/v1alpha2/types_issuer.go +++ b/internal/apis/acme/v1alpha2/types_issuer.go @@ -501,6 +501,11 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string `json:"region"` + + // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. + // Both Region and Role must be set. + // +optional + WebIdentityToken string `json:"webIdentityToken,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/internal/apis/acme/v1alpha2/zz_generated.conversion.go b/internal/apis/acme/v1alpha2/zz_generated.conversion.go index b61022286ae..bf2135deb2e 100644 --- a/internal/apis/acme/v1alpha2/zz_generated.conversion.go +++ b/internal/apis/acme/v1alpha2/zz_generated.conversion.go @@ -1225,6 +1225,7 @@ func autoConvert_v1alpha2_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01 out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region + out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1250,6 +1251,7 @@ func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1alpha2_ACMEIssuerDNS01 out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region + out.WebIdentityToken = in.WebIdentityToken return nil } diff --git a/internal/apis/acme/v1alpha3/types_issuer.go b/internal/apis/acme/v1alpha3/types_issuer.go index 40c775049d8..6cd0347f98b 100644 --- a/internal/apis/acme/v1alpha3/types_issuer.go +++ b/internal/apis/acme/v1alpha3/types_issuer.go @@ -501,6 +501,11 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string `json:"region"` + + // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. + // Both Region and Role must be set. + // +optional + WebIdentityToken string `json:"webIdentityToken,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/internal/apis/acme/v1alpha3/zz_generated.conversion.go b/internal/apis/acme/v1alpha3/zz_generated.conversion.go index 9bec71598fe..78f5e7772bd 100644 --- a/internal/apis/acme/v1alpha3/zz_generated.conversion.go +++ b/internal/apis/acme/v1alpha3/zz_generated.conversion.go @@ -1225,6 +1225,7 @@ func autoConvert_v1alpha3_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01 out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region + out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1250,6 +1251,7 @@ func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1alpha3_ACMEIssuerDNS01 out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region + out.WebIdentityToken = in.WebIdentityToken return nil } diff --git a/internal/apis/acme/v1beta1/types_issuer.go b/internal/apis/acme/v1beta1/types_issuer.go index 7ffaa9fc6b6..d6408e4ad1b 100644 --- a/internal/apis/acme/v1beta1/types_issuer.go +++ b/internal/apis/acme/v1beta1/types_issuer.go @@ -500,6 +500,11 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string `json:"region"` + + // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. + // Both Region and Role must be set. + // +optional + WebIdentityToken string `json:"webIdentityToken,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/internal/apis/acme/v1beta1/zz_generated.conversion.go b/internal/apis/acme/v1beta1/zz_generated.conversion.go index 9e9248f98e4..500529ee23f 100644 --- a/internal/apis/acme/v1beta1/zz_generated.conversion.go +++ b/internal/apis/acme/v1beta1/zz_generated.conversion.go @@ -1225,6 +1225,7 @@ func autoConvert_v1beta1_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01P out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region + out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1250,6 +1251,7 @@ func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1beta1_ACMEIssuerDNS01P out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region + out.WebIdentityToken = in.WebIdentityToken return nil } diff --git a/pkg/apis/acme/v1/types_issuer.go b/pkg/apis/acme/v1/types_issuer.go index 9e4676fae1e..aab41070d9d 100644 --- a/pkg/apis/acme/v1/types_issuer.go +++ b/pkg/apis/acme/v1/types_issuer.go @@ -514,6 +514,11 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string `json:"region"` + + // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. + // Both Region and Role must be set. + // +optional + WebIdentityToken string `json:"webIdentityToken,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go index 2a1dd92949a..a0c9a7f1824 100644 --- a/pkg/issuer/acme/dns/dns.go +++ b/pkg/issuer/acme/dns/dns.go @@ -58,7 +58,7 @@ type solver interface { type dnsProviderConstructors struct { cloudDNS func(ctx context.Context, project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) cloudFlare func(email, apikey, apiToken string, dns01Nameservers []string, userAgent string) (*cloudflare.DNSProvider, error) - route53 func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) + route53 func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role string, webIdentityToken string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) azureDNS func(environment, clientID, clientSecret, subscriptionID, tenantID, resourceGroupName, hostedZoneName string, dns01Nameservers []string, ambient bool, managedIdentity *cmacme.AzureManagedIdentity) (*azuredns.DNSProvider, error) acmeDNS func(host string, accountJson []byte, dns01Nameservers []string) (*acmedns.DNSProvider, error) digitalOcean func(token string, dns01Nameservers []string, userAgent string) (*digitalocean.DNSProvider, error) @@ -350,6 +350,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer providerConfig.Route53.HostedZoneID, providerConfig.Route53.Region, providerConfig.Route53.Role, + providerConfig.Route53.WebIdentityToken, canUseAmbientCredentials, s.DNS01Nameservers, s.RESTConfig.UserAgent, diff --git a/pkg/issuer/acme/dns/dns_test.go b/pkg/issuer/acme/dns/dns_test.go index 48562e5359f..e17bd55653e 100644 --- a/pkg/issuer/acme/dns/dns_test.go +++ b/pkg/issuer/acme/dns/dns_test.go @@ -395,7 +395,7 @@ func TestRoute53TrimCreds(t *testing.T) { expectedR53Call := []fakeDNSProviderCall{ { name: "route53", - args: []interface{}{"test_with_spaces", "AKIENDINNEWLINE", "", "us-west-2", "", false, util.RecursiveNameservers}, + args: []interface{}{"test_with_spaces", "AKIENDINNEWLINE", "", "us-west-2", "", "", false, util.RecursiveNameservers}, }, } @@ -453,7 +453,7 @@ func TestRoute53SecretAccessKey(t *testing.T) { expectedR53Call := []fakeDNSProviderCall{ { name: "route53", - args: []interface{}{"AWSACCESSKEYID", "AKIENDINNEWLINE", "", "us-west-2", "", false, util.RecursiveNameservers}, + args: []interface{}{"AWSACCESSKEYID", "AKIENDINNEWLINE", "", "us-west-2", "", "", false, util.RecursiveNameservers}, }, } @@ -501,7 +501,7 @@ func TestRoute53AmbientCreds(t *testing.T) { result{ expectedCall: &fakeDNSProviderCall{ name: "route53", - args: []interface{}{"", "", "", "us-west-2", "", true, util.RecursiveNameservers}, + args: []interface{}{"", "", "", "us-west-2", "", "", true, util.RecursiveNameservers}, }, }, }, @@ -534,7 +534,7 @@ func TestRoute53AmbientCreds(t *testing.T) { result{ expectedCall: &fakeDNSProviderCall{ name: "route53", - args: []interface{}{"", "", "", "us-west-2", "", false, util.RecursiveNameservers}, + args: []interface{}{"", "", "", "us-west-2", "", "", false, util.RecursiveNameservers}, }, }, }, @@ -598,7 +598,7 @@ func TestRoute53AssumeRole(t *testing.T) { result{ expectedCall: &fakeDNSProviderCall{ name: "route53", - args: []interface{}{"", "", "", "us-west-2", "my-role", true, util.RecursiveNameservers}, + args: []interface{}{"", "", "", "us-west-2", "my-role", "", true, util.RecursiveNameservers}, }, }, }, @@ -632,7 +632,42 @@ func TestRoute53AssumeRole(t *testing.T) { result{ expectedCall: &fakeDNSProviderCall{ name: "route53", - args: []interface{}{"", "", "", "us-west-2", "my-other-role", false, util.RecursiveNameservers}, + args: []interface{}{"", "", "", "us-west-2", "my-other-role", "", false, util.RecursiveNameservers}, + }, + }, + }, + { + solverFixture{ + Builder: &test.Builder{ + Context: &controller.Context{ + RESTConfig: new(rest.Config), + ContextOptions: controller.ContextOptions{ + IssuerOptions: controller.IssuerOptions{ + IssuerAmbientCredentials: false, + }, + }, + }, + }, + Issuer: newIssuer(), + dnsProviders: newFakeDNSProviders(), + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + Solver: cmacme.ACMEChallengeSolver{ + DNS01: &cmacme.ACMEChallengeSolverDNS01{ + Route53: &cmacme.ACMEIssuerDNS01ProviderRoute53{ + Region: "us-west-2", + Role: "my-other-role", + WebIdentityToken: "path/to/token", + }, + }, + }, + }, + }, + }, + result{ + expectedCall: &fakeDNSProviderCall{ + name: "route53", + args: []interface{}{"", "", "", "us-west-2", "my-other-role", "path/to/token", false, util.RecursiveNameservers}, }, }, }, diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 17cca403a4b..cff0362bd94 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -14,6 +14,7 @@ import ( "context" "errors" "fmt" + "os" "strings" "time" @@ -47,23 +48,27 @@ type DNSProvider struct { } type sessionProvider struct { - AccessKeyID string - SecretAccessKey string - Ambient bool - Region string - Role string - StsProvider func(aws.Config) StsClient - log logr.Logger - userAgent string + AccessKeyID string + SecretAccessKey string + Ambient bool + Region string + Role string + WebIdentityToken string + StsProvider func(aws.Config) StsClient + log logr.Logger + userAgent string } type StsClient interface { AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) + AssumeRoleWithWebIdentity(ctx context.Context, params *sts.AssumeRoleWithWebIdentityInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleWithWebIdentityOutput, error) } func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { - if d.AccessKeyID == "" && d.SecretAccessKey == "" { - if !d.Ambient { + if d.Role == "" && d.WebIdentityToken != "" { + return aws.Config{}, fmt.Errorf("unable to construct route53 provider: role must be set when web identity token is set") + } else if d.AccessKeyID == "" && d.SecretAccessKey == "" { + if !d.Ambient && d.WebIdentityToken == "" { return aws.Config{}, fmt.Errorf("unable to construct route53 provider: empty credentials; perhaps you meant to enable ambient credentials?") } } else if d.AccessKeyID == "" || d.SecretAccessKey == "" { @@ -71,11 +76,14 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { return aws.Config{}, fmt.Errorf("unable to construct route53 provider: only one of access and secret key was provided") } - useAmbientCredentials := d.Ambient && (d.AccessKeyID == "" && d.SecretAccessKey == "") + useAmbientCredentials := d.Ambient && (d.AccessKeyID == "" && d.SecretAccessKey == "") && d.WebIdentityToken == "" var optFns []func(*config.LoadOptions) error - if useAmbientCredentials { + if d.Role != "" && d.WebIdentityToken != "" { + d.log.V(logf.DebugLevel).Info("using assume role with web identity") + optFns = append(optFns, config.WithRegion(d.Region)) + } else if useAmbientCredentials { d.log.V(logf.DebugLevel).Info("using ambient credentials") // Leaving credentials unset results in a default credential chain being // used; this chain is a reasonable default for getting ambient creds. @@ -90,7 +98,7 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err) } - if d.Role != "" { + if d.Role != "" && d.WebIdentityToken == "" { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role") stsSvc := d.StsProvider(cfg) result, err := stsSvc.AssumeRole(ctx, &sts.AssumeRoleInput{ @@ -108,6 +116,30 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { ) } + if d.Role != "" && d.WebIdentityToken != "" { + d.log.V(logf.DebugLevel).WithValues("role", d.Role).WithValues("path", d.WebIdentityToken).Info("assuming role with web identity") + token, err := os.ReadFile(d.WebIdentityToken) + if err != nil { + return aws.Config{}, fmt.Errorf("failed to read token from file: %s", err) + } + + stsSvc := d.StsProvider(cfg) + result, err := stsSvc.AssumeRoleWithWebIdentity(context.TODO(), &sts.AssumeRoleWithWebIdentityInput{ + RoleArn: aws.String(d.Role), + RoleSessionName: aws.String("cert-manager"), + WebIdentityToken: aws.String(string(token)), + }) + if err != nil { + return aws.Config{}, fmt.Errorf("unable to assume role with web identity: %s", err) + } + + cfg.Credentials = credentials.NewStaticCredentialsProvider( + *result.Credentials.AccessKeyId, + *result.Credentials.SecretAccessKey, + *result.Credentials.SessionToken, + ) + } + // If ambient credentials aren't permitted, always set the region, even if to // empty string, to avoid it falling back on the environment. // this has to be set after session is constructed @@ -122,16 +154,17 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { return cfg, nil } -func newSessionProvider(accessKeyID, secretAccessKey, region, role string, ambient bool, userAgent string) *sessionProvider { +func newSessionProvider(accessKeyID, secretAccessKey, region, role string, webIdentityToken string, ambient bool, userAgent string) *sessionProvider { return &sessionProvider{ - AccessKeyID: accessKeyID, - SecretAccessKey: secretAccessKey, - Ambient: ambient, - Region: region, - Role: role, - StsProvider: defaultSTSProvider, - log: logf.Log.WithName("route53-session-provider"), - userAgent: userAgent, + AccessKeyID: accessKeyID, + SecretAccessKey: secretAccessKey, + Ambient: ambient, + Region: region, + Role: role, + WebIdentityToken: webIdentityToken, + StsProvider: defaultSTSProvider, + log: logf.Log.WithName("route53-session-provider"), + userAgent: userAgent, } } @@ -144,12 +177,12 @@ func defaultSTSProvider(cfg aws.Config) StsClient { // unset and the 'ambient' option is set, credentials from the environment. func NewDNSProvider( ctx context.Context, - accessKeyID, secretAccessKey, hostedZoneID, region, role string, + accessKeyID, secretAccessKey, hostedZoneID, region, role, webIdentityToken string, ambient bool, dns01Nameservers []string, userAgent string, ) (*DNSProvider, error) { - provider := newSessionProvider(accessKeyID, secretAccessKey, region, role, ambient, userAgent) + provider := newSessionProvider(accessKeyID, secretAccessKey, region, role, webIdentityToken, ambient, userAgent) cfg, err := provider.GetSession(ctx) if err != nil { diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index 232987cfb42..ad7cae95017 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -58,7 +58,7 @@ func TestAmbientCredentialsFromEnv(t *testing.T) { t.Setenv("AWS_SECRET_ACCESS_KEY", "123") t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider(context.TODO(), "", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "", "", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") _, err = provider.client.Options().Credentials.Retrieve(context.TODO()) @@ -72,14 +72,14 @@ func TestNoCredentialsFromEnv(t *testing.T) { t.Setenv("AWS_SECRET_ACCESS_KEY", "123") t.Setenv("AWS_REGION", "us-east-1") - _, err := NewDNSProvider(context.TODO(), "", "", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") + _, err := NewDNSProvider(context.TODO(), "", "", "", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.Error(t, err, "Expected error constructing DNSProvider with no credentials and not ambient") } func TestAmbientRegionFromEnv(t *testing.T) { t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider(context.TODO(), "", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "", "", "", "", "", "", true, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") assert.Equal(t, "us-east-1", provider.client.Options().Region, "Expected Region to be set from environment") @@ -88,7 +88,7 @@ func TestAmbientRegionFromEnv(t *testing.T) { func TestNoRegionFromEnv(t *testing.T) { t.Setenv("AWS_REGION", "us-east-1") - provider, err := NewDNSProvider(context.TODO(), "marx", "swordfish", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") + provider, err := NewDNSProvider(context.TODO(), "marx", "swordfish", "", "", "", "", false, util.RecursiveNameservers, "cert-manager-test") assert.NoError(t, err, "Expected no error constructing DNSProvider") assert.Equal(t, "", provider.client.Options().Region, "Expected Region to not be set from environment") @@ -142,16 +142,17 @@ func TestAssumeRole(t *testing.T) { SessionToken: aws.String("my-token"), } cases := []struct { - name string - ambient bool - role string - expErr bool - expCreds *ststypes.Credentials - expRegion string - key string - secret string - region string - mockSTS *mockSTS + name string + ambient bool + role string + webIdentityToken string + expErr bool + expCreds *ststypes.Credentials + expRegion string + key string + secret string + region string + mockSTS *mockSTS }{ { name: "should assume role w/ ambient creds", @@ -224,17 +225,43 @@ func TestAssumeRole(t *testing.T) { }, }, }, + { + name: "should assume role with web identity", + role: "my-role", + webIdentityToken: "../../../../../hack/webIdentityToken", + expErr: false, + expCreds: creds, + mockSTS: &mockSTS{ + AssumeRoleWithWebIdentityFn: func(ctx context.Context, params *sts.AssumeRoleWithWebIdentityInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleWithWebIdentityOutput, error) { + return &sts.AssumeRoleWithWebIdentityOutput{ + Credentials: creds, + }, nil + }, + }, + }, + { + name: "require role when using assume role with web identity", + webIdentityToken: "../../../../../hack/webIdentityToken", + expErr: true, + expCreds: nil, + mockSTS: &mockSTS{ + AssumeRoleWithWebIdentityFn: func(ctx context.Context, params *sts.AssumeRoleWithWebIdentityInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleWithWebIdentityOutput, error) { + return nil, fmt.Errorf("error assuming mock role with web identity") + }, + }, + }, } for _, c := range cases { t.Run(c.name, func(t *testing.T) { provider := makeMockSessionProvider(func(aws.Config) StsClient { return c.mockSTS - }, c.key, c.secret, c.region, c.role, c.ambient) + }, c.key, c.secret, c.region, c.role, c.webIdentityToken, c.ambient) cfg, err := provider.GetSession(context.TODO()) if c.expErr { assert.NotNil(t, err) } else { + assert.Nil(t, err) sessCreds, _ := cfg.Credentials.Retrieve(context.TODO()) assert.Equal(t, c.mockSTS.assumedRole, c.role) assert.Equal(t, *c.expCreds.SecretAccessKey, sessCreds.SecretAccessKey) @@ -246,8 +273,9 @@ func TestAssumeRole(t *testing.T) { } type mockSTS struct { - AssumeRoleFn func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) - assumedRole string + AssumeRoleFn func(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) + AssumeRoleWithWebIdentityFn func(ctx context.Context, params *sts.AssumeRoleWithWebIdentityInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleWithWebIdentityOutput, error) + assumedRole string } func (m *mockSTS) AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error) { @@ -259,19 +287,29 @@ func (m *mockSTS) AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, o return nil, nil } +func (m *mockSTS) AssumeRoleWithWebIdentity(ctx context.Context, params *sts.AssumeRoleWithWebIdentityInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleWithWebIdentityOutput, error) { + if m.AssumeRoleWithWebIdentityFn != nil { + m.assumedRole = *params.RoleArn + return m.AssumeRoleWithWebIdentityFn(ctx, params, optFns...) + } + + return nil, nil +} + func makeMockSessionProvider( defaultSTSProvider func(aws.Config) StsClient, - accessKeyID, secretAccessKey, region, role string, + accessKeyID, secretAccessKey, region, role, webIdentityToken string, ambient bool, ) *sessionProvider { return &sessionProvider{ - AccessKeyID: accessKeyID, - SecretAccessKey: secretAccessKey, - Ambient: ambient, - Region: region, - Role: role, - StsProvider: defaultSTSProvider, - log: logf.Log.WithName("route53-session"), + AccessKeyID: accessKeyID, + SecretAccessKey: secretAccessKey, + Ambient: ambient, + Region: region, + Role: role, + WebIdentityToken: webIdentityToken, + StsProvider: defaultSTSProvider, + log: logf.Log.WithName("route53-session"), } } diff --git a/pkg/issuer/acme/dns/util_test.go b/pkg/issuer/acme/dns/util_test.go index 4f142526a96..32872c157d3 100644 --- a/pkg/issuer/acme/dns/util_test.go +++ b/pkg/issuer/acme/dns/util_test.go @@ -140,8 +140,8 @@ func newFakeDNSProviders() *fakeDNSProviders { } return nil, nil }, - route53: func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) { - f.call("route53", accessKey, secretKey, hostedZoneID, region, role, ambient, util.RecursiveNameservers) + route53: func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role, webIdentityToken string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) { + f.call("route53", accessKey, secretKey, hostedZoneID, region, role, webIdentityToken, ambient, util.RecursiveNameservers) return nil, nil }, azureDNS: func(environment, clientID, clientSecret, subscriptionID, tenantID, resourceGroupName, hostedZoneName string, dns01Nameservers []string, ambient bool, managedIdentity *cmacme.AzureManagedIdentity) (*azuredns.DNSProvider, error) { From 35571e014d8d27ff2afade28b383edf6ad82ff92 Mon Sep 17 00:00:00 2001 From: pwhitehead Date: Mon, 6 May 2024 17:14:00 -0600 Subject: [PATCH 109/177] refactor to use token request API Signed-off-by: Paul Whitehead --- deploy/crds/crd-challenges.yaml | 40 +++++++- deploy/crds/crd-clusterissuers.yaml | 40 +++++++- deploy/crds/crd-issuers.yaml | 40 +++++++- internal/apis/acme/types_issuer.go | 34 ++++++- .../apis/acme/v1/zz_generated.conversion.go | 96 ++++++++++++++++++- internal/apis/acme/v1alpha2/types_issuer.go | 35 ++++++- .../acme/v1alpha2/zz_generated.conversion.go | 96 ++++++++++++++++++- .../acme/v1alpha2/zz_generated.deepcopy.go | 68 +++++++++++++ internal/apis/acme/v1alpha3/types_issuer.go | 35 ++++++- .../acme/v1alpha3/zz_generated.conversion.go | 96 ++++++++++++++++++- .../acme/v1alpha3/zz_generated.deepcopy.go | 68 +++++++++++++ internal/apis/acme/v1beta1/types_issuer.go | 35 ++++++- .../acme/v1beta1/zz_generated.conversion.go | 96 ++++++++++++++++++- .../acme/v1beta1/zz_generated.deepcopy.go | 68 +++++++++++++ internal/apis/acme/zz_generated.deepcopy.go | 68 +++++++++++++ pkg/apis/acme/v1/types_issuer.go | 35 ++++++- pkg/apis/acme/v1/zz_generated.deepcopy.go | 68 +++++++++++++ pkg/issuer/acme/dns/dns.go | 36 ++++++- pkg/issuer/acme/dns/dns_test.go | 35 ------- pkg/issuer/acme/dns/route53/route53.go | 9 +- 20 files changed, 1016 insertions(+), 82 deletions(-) diff --git a/deploy/crds/crd-challenges.yaml b/deploy/crds/crd-challenges.yaml index efc99f16210..5db7f43c45e 100644 --- a/deploy/crds/crd-challenges.yaml +++ b/deploy/crds/crd-challenges.yaml @@ -492,6 +492,41 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + auth: + description: Auth configures how cert-manager authenticates. + type: object + required: + - kubernetes + properties: + kubernetes: + description: |- + Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + by passing a bound ServiceAccount token. + type: object + required: + - serviceAccountRef + properties: + serviceAccountRef: + description: |- + A reference to a service account that will be used to request a bound + token (also known as "projected token"). To use this field, you must + configure an RBAC rule to let cert-manager request a token. + type: object + required: + - name + properties: + audiences: + description: |- + TokenAudiences is an optional list of audiences to include in the + token passed to AWS. The default token consisting of the issuer's namespace + and name is always included. + If unset the audience defaults to `sts.amazonaws.com`. + type: array + items: + type: string + name: + description: Name of the ServiceAccount used to request a token. + type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. type: string @@ -524,11 +559,6 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string - webIdentityToken: - description: |- - WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. - Both Region and Role must be set. - type: string webhook: description: |- Configure an external webhook based DNS01 challenge solver to manage diff --git a/deploy/crds/crd-clusterissuers.yaml b/deploy/crds/crd-clusterissuers.yaml index 68bf1bad882..c0effdb0bf1 100644 --- a/deploy/crds/crd-clusterissuers.yaml +++ b/deploy/crds/crd-clusterissuers.yaml @@ -599,6 +599,41 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + auth: + description: Auth configures how cert-manager authenticates. + type: object + required: + - kubernetes + properties: + kubernetes: + description: |- + Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + by passing a bound ServiceAccount token. + type: object + required: + - serviceAccountRef + properties: + serviceAccountRef: + description: |- + A reference to a service account that will be used to request a bound + token (also known as "projected token"). To use this field, you must + configure an RBAC rule to let cert-manager request a token. + type: object + required: + - name + properties: + audiences: + description: |- + TokenAudiences is an optional list of audiences to include in the + token passed to AWS. The default token consisting of the issuer's namespace + and name is always included. + If unset the audience defaults to `sts.amazonaws.com`. + type: array + items: + type: string + name: + description: Name of the ServiceAccount used to request a token. + type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. type: string @@ -631,11 +666,6 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string - webIdentityToken: - description: |- - WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. - Both Region and Role must be set. - type: string webhook: description: |- Configure an external webhook based DNS01 challenge solver to manage diff --git a/deploy/crds/crd-issuers.yaml b/deploy/crds/crd-issuers.yaml index 5567fd4ba53..12a291b6d6c 100644 --- a/deploy/crds/crd-issuers.yaml +++ b/deploy/crds/crd-issuers.yaml @@ -599,6 +599,41 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string + auth: + description: Auth configures how cert-manager authenticates. + type: object + required: + - kubernetes + properties: + kubernetes: + description: |- + Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + by passing a bound ServiceAccount token. + type: object + required: + - serviceAccountRef + properties: + serviceAccountRef: + description: |- + A reference to a service account that will be used to request a bound + token (also known as "projected token"). To use this field, you must + configure an RBAC rule to let cert-manager request a token. + type: object + required: + - name + properties: + audiences: + description: |- + TokenAudiences is an optional list of audiences to include in the + token passed to AWS. The default token consisting of the issuer's namespace + and name is always included. + If unset the audience defaults to `sts.amazonaws.com`. + type: array + items: + type: string + name: + description: Name of the ServiceAccount used to request a token. + type: string hostedZoneID: description: If set, the provider will manage only this zone in Route53 and will not do an lookup using the route53:ListHostedZonesByName api call. type: string @@ -631,11 +666,6 @@ spec: Name of the resource being referred to. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names type: string - webIdentityToken: - description: |- - WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. - Both Region and Role must be set. - type: string webhook: description: |- Configure an external webhook based DNS01 challenge solver to manage diff --git a/internal/apis/acme/types_issuer.go b/internal/apis/acme/types_issuer.go index e6ce1d8ae8e..5450407913a 100644 --- a/internal/apis/acme/types_issuer.go +++ b/internal/apis/acme/types_issuer.go @@ -421,6 +421,9 @@ type ACMEIssuerDNS01ProviderDigitalOcean struct { // ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53 // configuration for AWS type ACMEIssuerDNS01ProviderRoute53 struct { + // Auth configures how cert-manager authenticates. + Auth *Route53Auth + // The AccessKeyID is used for authentication. // Cannot be set when SecretAccessKeyID is set. // If neither the Access Key nor Key ID are set, we fall-back to using env @@ -451,10 +454,35 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string +} + +// Route53Auth is configuration used to authenticate with a Route53. +type Route53Auth struct { + // Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + // by passing a bound ServiceAccount token. + Kubernetes *Route53KubernetesAuth +} + +// Route53KubernetesAuth is a configuration to authenticate against Route53 +// using a bound Kubernetes ServiceAccount token. +type Route53KubernetesAuth struct { + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). To use this field, you must + // configure an RBAC rule to let cert-manager request a token. + ServiceAccountRef *ServiceAccountRef +} + +// ServiceAccountRef is a service account used by cert-manager to request a +// token. The expiration of the token is also set by cert-manager to 10 minutes. +type ServiceAccountRef struct { + // Name of the ServiceAccount used to request a token. + Name string - // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. - // Both Region and Role must be set. - WebIdentityToken string `json:"webIdentityToken,omitempty"` + // TokenAudiences is an optional list of audiences to include in the + // token passed to AWS. The default token consisting of the issuer's namespace + // and name is always included. + // If unset the audience defaults to `sts.amazonaws.com`. + TokenAudiences []string } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/internal/apis/acme/v1/zz_generated.conversion.go b/internal/apis/acme/v1/zz_generated.conversion.go index 722f870016d..b49ce9928dd 100644 --- a/internal/apis/acme/v1/zz_generated.conversion.go +++ b/internal/apis/acme/v1/zz_generated.conversion.go @@ -374,6 +374,36 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*v1.Route53Auth)(nil), (*acme.Route53Auth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_Route53Auth_To_acme_Route53Auth(a.(*v1.Route53Auth), b.(*acme.Route53Auth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.Route53Auth)(nil), (*v1.Route53Auth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_Route53Auth_To_v1_Route53Auth(a.(*acme.Route53Auth), b.(*v1.Route53Auth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1.Route53KubernetesAuth)(nil), (*acme.Route53KubernetesAuth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(a.(*v1.Route53KubernetesAuth), b.(*acme.Route53KubernetesAuth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.Route53KubernetesAuth)(nil), (*v1.Route53KubernetesAuth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_Route53KubernetesAuth_To_v1_Route53KubernetesAuth(a.(*acme.Route53KubernetesAuth), b.(*v1.Route53KubernetesAuth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1.ServiceAccountRef)(nil), (*acme.ServiceAccountRef)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1_ServiceAccountRef_To_acme_ServiceAccountRef(a.(*v1.ServiceAccountRef), b.(*acme.ServiceAccountRef), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.ServiceAccountRef)(nil), (*v1.ServiceAccountRef)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_ServiceAccountRef_To_v1_ServiceAccountRef(a.(*acme.ServiceAccountRef), b.(*v1.ServiceAccountRef), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*acme.ACMEIssuer)(nil), (*v1.ACMEIssuer)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_acme_ACMEIssuer_To_v1_ACMEIssuer(a.(*acme.ACMEIssuer), b.(*v1.ACMEIssuer), scope) }); err != nil { @@ -1210,6 +1240,7 @@ func Convert_acme_ACMEIssuerDNS01ProviderRFC2136_To_v1_ACMEIssuerDNS01ProviderRF } func autoConvert_v1_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01ProviderRoute53(in *v1.ACMEIssuerDNS01ProviderRoute53, out *acme.ACMEIssuerDNS01ProviderRoute53, s conversion.Scope) error { + out.Auth = (*acme.Route53Auth)(unsafe.Pointer(in.Auth)) out.AccessKeyID = in.AccessKeyID if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID @@ -1226,7 +1257,6 @@ func autoConvert_v1_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01Provid out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region - out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1236,6 +1266,7 @@ func Convert_v1_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01ProviderRo } func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1_ACMEIssuerDNS01ProviderRoute53(in *acme.ACMEIssuerDNS01ProviderRoute53, out *v1.ACMEIssuerDNS01ProviderRoute53, s conversion.Scope) error { + out.Auth = (*v1.Route53Auth)(unsafe.Pointer(in.Auth)) out.AccessKeyID = in.AccessKeyID if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID @@ -1252,7 +1283,6 @@ func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1_ACMEIssuerDNS01Provid out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region - out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1638,3 +1668,65 @@ func autoConvert_acme_OrderStatus_To_v1_OrderStatus(in *acme.OrderStatus, out *v func Convert_acme_OrderStatus_To_v1_OrderStatus(in *acme.OrderStatus, out *v1.OrderStatus, s conversion.Scope) error { return autoConvert_acme_OrderStatus_To_v1_OrderStatus(in, out, s) } + +func autoConvert_v1_Route53Auth_To_acme_Route53Auth(in *v1.Route53Auth, out *acme.Route53Auth, s conversion.Scope) error { + out.Kubernetes = (*acme.Route53KubernetesAuth)(unsafe.Pointer(in.Kubernetes)) + return nil +} + +// Convert_v1_Route53Auth_To_acme_Route53Auth is an autogenerated conversion function. +func Convert_v1_Route53Auth_To_acme_Route53Auth(in *v1.Route53Auth, out *acme.Route53Auth, s conversion.Scope) error { + return autoConvert_v1_Route53Auth_To_acme_Route53Auth(in, out, s) +} + +func autoConvert_acme_Route53Auth_To_v1_Route53Auth(in *acme.Route53Auth, out *v1.Route53Auth, s conversion.Scope) error { + out.Kubernetes = (*v1.Route53KubernetesAuth)(unsafe.Pointer(in.Kubernetes)) + return nil +} + +// Convert_acme_Route53Auth_To_v1_Route53Auth is an autogenerated conversion function. +func Convert_acme_Route53Auth_To_v1_Route53Auth(in *acme.Route53Auth, out *v1.Route53Auth, s conversion.Scope) error { + return autoConvert_acme_Route53Auth_To_v1_Route53Auth(in, out, s) +} + +func autoConvert_v1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in *v1.Route53KubernetesAuth, out *acme.Route53KubernetesAuth, s conversion.Scope) error { + out.ServiceAccountRef = (*acme.ServiceAccountRef)(unsafe.Pointer(in.ServiceAccountRef)) + return nil +} + +// Convert_v1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth is an autogenerated conversion function. +func Convert_v1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in *v1.Route53KubernetesAuth, out *acme.Route53KubernetesAuth, s conversion.Scope) error { + return autoConvert_v1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in, out, s) +} + +func autoConvert_acme_Route53KubernetesAuth_To_v1_Route53KubernetesAuth(in *acme.Route53KubernetesAuth, out *v1.Route53KubernetesAuth, s conversion.Scope) error { + out.ServiceAccountRef = (*v1.ServiceAccountRef)(unsafe.Pointer(in.ServiceAccountRef)) + return nil +} + +// Convert_acme_Route53KubernetesAuth_To_v1_Route53KubernetesAuth is an autogenerated conversion function. +func Convert_acme_Route53KubernetesAuth_To_v1_Route53KubernetesAuth(in *acme.Route53KubernetesAuth, out *v1.Route53KubernetesAuth, s conversion.Scope) error { + return autoConvert_acme_Route53KubernetesAuth_To_v1_Route53KubernetesAuth(in, out, s) +} + +func autoConvert_v1_ServiceAccountRef_To_acme_ServiceAccountRef(in *v1.ServiceAccountRef, out *acme.ServiceAccountRef, s conversion.Scope) error { + out.Name = in.Name + out.TokenAudiences = *(*[]string)(unsafe.Pointer(&in.TokenAudiences)) + return nil +} + +// Convert_v1_ServiceAccountRef_To_acme_ServiceAccountRef is an autogenerated conversion function. +func Convert_v1_ServiceAccountRef_To_acme_ServiceAccountRef(in *v1.ServiceAccountRef, out *acme.ServiceAccountRef, s conversion.Scope) error { + return autoConvert_v1_ServiceAccountRef_To_acme_ServiceAccountRef(in, out, s) +} + +func autoConvert_acme_ServiceAccountRef_To_v1_ServiceAccountRef(in *acme.ServiceAccountRef, out *v1.ServiceAccountRef, s conversion.Scope) error { + out.Name = in.Name + out.TokenAudiences = *(*[]string)(unsafe.Pointer(&in.TokenAudiences)) + return nil +} + +// Convert_acme_ServiceAccountRef_To_v1_ServiceAccountRef is an autogenerated conversion function. +func Convert_acme_ServiceAccountRef_To_v1_ServiceAccountRef(in *acme.ServiceAccountRef, out *v1.ServiceAccountRef, s conversion.Scope) error { + return autoConvert_acme_ServiceAccountRef_To_v1_ServiceAccountRef(in, out, s) +} diff --git a/internal/apis/acme/v1alpha2/types_issuer.go b/internal/apis/acme/v1alpha2/types_issuer.go index 96bc92ee51d..6c9459d5f42 100644 --- a/internal/apis/acme/v1alpha2/types_issuer.go +++ b/internal/apis/acme/v1alpha2/types_issuer.go @@ -475,6 +475,10 @@ type ACMEIssuerDNS01ProviderDigitalOcean struct { // ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53 // configuration for AWS type ACMEIssuerDNS01ProviderRoute53 struct { + // Auth configures how cert-manager authenticates. + // +optional + Auth *Route53Auth `json:"auth,omitempty"` + // The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional @@ -501,11 +505,36 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string `json:"region"` +} + +// Route53Auth is configuration used to authenticate with a Route53. +type Route53Auth struct { + // Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + // by passing a bound ServiceAccount token. + Kubernetes *Route53KubernetesAuth `json:"kubernetes"` +} + +// Route53KubernetesAuth is a configuration to authenticate against Route53 +// using a bound Kubernetes ServiceAccount token. +type Route53KubernetesAuth struct { + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). To use this field, you must + // configure an RBAC rule to let cert-manager request a token. + ServiceAccountRef *ServiceAccountRef `json:"serviceAccountRef"` +} + +// ServiceAccountRef is a service account used by cert-manager to request a +// token. The expiration of the token is also set by cert-manager to 10 minutes. +type ServiceAccountRef struct { + // Name of the ServiceAccount used to request a token. + Name string `json:"name"` - // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. - // Both Region and Role must be set. + // TokenAudiences is an optional list of audiences to include in the + // token passed to AWS. The default token consisting of the issuer's namespace + // and name is always included. + // If unset the audience defaults to `sts.amazonaws.com`. // +optional - WebIdentityToken string `json:"webIdentityToken,omitempty"` + TokenAudiences []string `json:"audiences,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/internal/apis/acme/v1alpha2/zz_generated.conversion.go b/internal/apis/acme/v1alpha2/zz_generated.conversion.go index bf2135deb2e..22d2d583353 100644 --- a/internal/apis/acme/v1alpha2/zz_generated.conversion.go +++ b/internal/apis/acme/v1alpha2/zz_generated.conversion.go @@ -353,6 +353,36 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*Route53Auth)(nil), (*acme.Route53Auth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_Route53Auth_To_acme_Route53Auth(a.(*Route53Auth), b.(*acme.Route53Auth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.Route53Auth)(nil), (*Route53Auth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_Route53Auth_To_v1alpha2_Route53Auth(a.(*acme.Route53Auth), b.(*Route53Auth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*Route53KubernetesAuth)(nil), (*acme.Route53KubernetesAuth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(a.(*Route53KubernetesAuth), b.(*acme.Route53KubernetesAuth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.Route53KubernetesAuth)(nil), (*Route53KubernetesAuth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_Route53KubernetesAuth_To_v1alpha2_Route53KubernetesAuth(a.(*acme.Route53KubernetesAuth), b.(*Route53KubernetesAuth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*ServiceAccountRef)(nil), (*acme.ServiceAccountRef)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha2_ServiceAccountRef_To_acme_ServiceAccountRef(a.(*ServiceAccountRef), b.(*acme.ServiceAccountRef), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.ServiceAccountRef)(nil), (*ServiceAccountRef)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_ServiceAccountRef_To_v1alpha2_ServiceAccountRef(a.(*acme.ServiceAccountRef), b.(*ServiceAccountRef), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*acme.ACMEIssuer)(nil), (*ACMEIssuer)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_acme_ACMEIssuer_To_v1alpha2_ACMEIssuer(a.(*acme.ACMEIssuer), b.(*ACMEIssuer), scope) }); err != nil { @@ -1209,6 +1239,7 @@ func Convert_acme_ACMEIssuerDNS01ProviderRFC2136_To_v1alpha2_ACMEIssuerDNS01Prov } func autoConvert_v1alpha2_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01ProviderRoute53(in *ACMEIssuerDNS01ProviderRoute53, out *acme.ACMEIssuerDNS01ProviderRoute53, s conversion.Scope) error { + out.Auth = (*acme.Route53Auth)(unsafe.Pointer(in.Auth)) out.AccessKeyID = in.AccessKeyID if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID @@ -1225,7 +1256,6 @@ func autoConvert_v1alpha2_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01 out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region - out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1235,6 +1265,7 @@ func Convert_v1alpha2_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01Prov } func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1alpha2_ACMEIssuerDNS01ProviderRoute53(in *acme.ACMEIssuerDNS01ProviderRoute53, out *ACMEIssuerDNS01ProviderRoute53, s conversion.Scope) error { + out.Auth = (*Route53Auth)(unsafe.Pointer(in.Auth)) out.AccessKeyID = in.AccessKeyID if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID @@ -1251,7 +1282,6 @@ func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1alpha2_ACMEIssuerDNS01 out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region - out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1617,3 +1647,65 @@ func autoConvert_acme_OrderStatus_To_v1alpha2_OrderStatus(in *acme.OrderStatus, func Convert_acme_OrderStatus_To_v1alpha2_OrderStatus(in *acme.OrderStatus, out *OrderStatus, s conversion.Scope) error { return autoConvert_acme_OrderStatus_To_v1alpha2_OrderStatus(in, out, s) } + +func autoConvert_v1alpha2_Route53Auth_To_acme_Route53Auth(in *Route53Auth, out *acme.Route53Auth, s conversion.Scope) error { + out.Kubernetes = (*acme.Route53KubernetesAuth)(unsafe.Pointer(in.Kubernetes)) + return nil +} + +// Convert_v1alpha2_Route53Auth_To_acme_Route53Auth is an autogenerated conversion function. +func Convert_v1alpha2_Route53Auth_To_acme_Route53Auth(in *Route53Auth, out *acme.Route53Auth, s conversion.Scope) error { + return autoConvert_v1alpha2_Route53Auth_To_acme_Route53Auth(in, out, s) +} + +func autoConvert_acme_Route53Auth_To_v1alpha2_Route53Auth(in *acme.Route53Auth, out *Route53Auth, s conversion.Scope) error { + out.Kubernetes = (*Route53KubernetesAuth)(unsafe.Pointer(in.Kubernetes)) + return nil +} + +// Convert_acme_Route53Auth_To_v1alpha2_Route53Auth is an autogenerated conversion function. +func Convert_acme_Route53Auth_To_v1alpha2_Route53Auth(in *acme.Route53Auth, out *Route53Auth, s conversion.Scope) error { + return autoConvert_acme_Route53Auth_To_v1alpha2_Route53Auth(in, out, s) +} + +func autoConvert_v1alpha2_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in *Route53KubernetesAuth, out *acme.Route53KubernetesAuth, s conversion.Scope) error { + out.ServiceAccountRef = (*acme.ServiceAccountRef)(unsafe.Pointer(in.ServiceAccountRef)) + return nil +} + +// Convert_v1alpha2_Route53KubernetesAuth_To_acme_Route53KubernetesAuth is an autogenerated conversion function. +func Convert_v1alpha2_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in *Route53KubernetesAuth, out *acme.Route53KubernetesAuth, s conversion.Scope) error { + return autoConvert_v1alpha2_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in, out, s) +} + +func autoConvert_acme_Route53KubernetesAuth_To_v1alpha2_Route53KubernetesAuth(in *acme.Route53KubernetesAuth, out *Route53KubernetesAuth, s conversion.Scope) error { + out.ServiceAccountRef = (*ServiceAccountRef)(unsafe.Pointer(in.ServiceAccountRef)) + return nil +} + +// Convert_acme_Route53KubernetesAuth_To_v1alpha2_Route53KubernetesAuth is an autogenerated conversion function. +func Convert_acme_Route53KubernetesAuth_To_v1alpha2_Route53KubernetesAuth(in *acme.Route53KubernetesAuth, out *Route53KubernetesAuth, s conversion.Scope) error { + return autoConvert_acme_Route53KubernetesAuth_To_v1alpha2_Route53KubernetesAuth(in, out, s) +} + +func autoConvert_v1alpha2_ServiceAccountRef_To_acme_ServiceAccountRef(in *ServiceAccountRef, out *acme.ServiceAccountRef, s conversion.Scope) error { + out.Name = in.Name + out.TokenAudiences = *(*[]string)(unsafe.Pointer(&in.TokenAudiences)) + return nil +} + +// Convert_v1alpha2_ServiceAccountRef_To_acme_ServiceAccountRef is an autogenerated conversion function. +func Convert_v1alpha2_ServiceAccountRef_To_acme_ServiceAccountRef(in *ServiceAccountRef, out *acme.ServiceAccountRef, s conversion.Scope) error { + return autoConvert_v1alpha2_ServiceAccountRef_To_acme_ServiceAccountRef(in, out, s) +} + +func autoConvert_acme_ServiceAccountRef_To_v1alpha2_ServiceAccountRef(in *acme.ServiceAccountRef, out *ServiceAccountRef, s conversion.Scope) error { + out.Name = in.Name + out.TokenAudiences = *(*[]string)(unsafe.Pointer(&in.TokenAudiences)) + return nil +} + +// Convert_acme_ServiceAccountRef_To_v1alpha2_ServiceAccountRef is an autogenerated conversion function. +func Convert_acme_ServiceAccountRef_To_v1alpha2_ServiceAccountRef(in *acme.ServiceAccountRef, out *ServiceAccountRef, s conversion.Scope) error { + return autoConvert_acme_ServiceAccountRef_To_v1alpha2_ServiceAccountRef(in, out, s) +} diff --git a/internal/apis/acme/v1alpha2/zz_generated.deepcopy.go b/internal/apis/acme/v1alpha2/zz_generated.deepcopy.go index a8b7073f135..da7fcb70235 100644 --- a/internal/apis/acme/v1alpha2/zz_generated.deepcopy.go +++ b/internal/apis/acme/v1alpha2/zz_generated.deepcopy.go @@ -588,6 +588,11 @@ func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) { *out = *in + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(Route53Auth) + (*in).DeepCopyInto(*out) + } if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID *out = new(metav1.SecretKeySelector) @@ -917,3 +922,66 @@ func (in *OrderStatus) DeepCopy() *OrderStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53Auth) DeepCopyInto(out *Route53Auth) { + *out = *in + if in.Kubernetes != nil { + in, out := &in.Kubernetes, &out.Kubernetes + *out = new(Route53KubernetesAuth) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53Auth. +func (in *Route53Auth) DeepCopy() *Route53Auth { + if in == nil { + return nil + } + out := new(Route53Auth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53KubernetesAuth) DeepCopyInto(out *Route53KubernetesAuth) { + *out = *in + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(ServiceAccountRef) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53KubernetesAuth. +func (in *Route53KubernetesAuth) DeepCopy() *Route53KubernetesAuth { + if in == nil { + return nil + } + out := new(Route53KubernetesAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) { + *out = *in + if in.TokenAudiences != nil { + in, out := &in.TokenAudiences, &out.TokenAudiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountRef. +func (in *ServiceAccountRef) DeepCopy() *ServiceAccountRef { + if in == nil { + return nil + } + out := new(ServiceAccountRef) + in.DeepCopyInto(out) + return out +} diff --git a/internal/apis/acme/v1alpha3/types_issuer.go b/internal/apis/acme/v1alpha3/types_issuer.go index 6cd0347f98b..b92222e2744 100644 --- a/internal/apis/acme/v1alpha3/types_issuer.go +++ b/internal/apis/acme/v1alpha3/types_issuer.go @@ -475,6 +475,10 @@ type ACMEIssuerDNS01ProviderDigitalOcean struct { // ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53 // configuration for AWS type ACMEIssuerDNS01ProviderRoute53 struct { + // Auth configures how cert-manager authenticates. + // +optional + Auth *Route53Auth `json:"auth,omitempty"` + // The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional @@ -501,11 +505,36 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string `json:"region"` +} + +// Route53Auth is configuration used to authenticate with a Route53. +type Route53Auth struct { + // Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + // by passing a bound ServiceAccount token. + Kubernetes *Route53KubernetesAuth `json:"kubernetes"` +} + +// Route53KubernetesAuth is a configuration to authenticate against Route53 +// using a bound Kubernetes ServiceAccount token. +type Route53KubernetesAuth struct { + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). To use this field, you must + // configure an RBAC rule to let cert-manager request a token. + ServiceAccountRef *ServiceAccountRef `json:"serviceAccountRef"` +} + +// ServiceAccountRef is a service account used by cert-manager to request a +// token. The expiration of the token is also set by cert-manager to 10 minutes. +type ServiceAccountRef struct { + // Name of the ServiceAccount used to request a token. + Name string `json:"name"` - // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. - // Both Region and Role must be set. + // TokenAudiences is an optional list of audiences to include in the + // token passed to AWS. The default token consisting of the issuer's namespace + // and name is always included. + // If unset the audience defaults to `sts.amazonaws.com`. // +optional - WebIdentityToken string `json:"webIdentityToken,omitempty"` + TokenAudiences []string `json:"audiences,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/internal/apis/acme/v1alpha3/zz_generated.conversion.go b/internal/apis/acme/v1alpha3/zz_generated.conversion.go index 78f5e7772bd..e3525c8a987 100644 --- a/internal/apis/acme/v1alpha3/zz_generated.conversion.go +++ b/internal/apis/acme/v1alpha3/zz_generated.conversion.go @@ -353,6 +353,36 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*Route53Auth)(nil), (*acme.Route53Auth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha3_Route53Auth_To_acme_Route53Auth(a.(*Route53Auth), b.(*acme.Route53Auth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.Route53Auth)(nil), (*Route53Auth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_Route53Auth_To_v1alpha3_Route53Auth(a.(*acme.Route53Auth), b.(*Route53Auth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*Route53KubernetesAuth)(nil), (*acme.Route53KubernetesAuth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha3_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(a.(*Route53KubernetesAuth), b.(*acme.Route53KubernetesAuth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.Route53KubernetesAuth)(nil), (*Route53KubernetesAuth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_Route53KubernetesAuth_To_v1alpha3_Route53KubernetesAuth(a.(*acme.Route53KubernetesAuth), b.(*Route53KubernetesAuth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*ServiceAccountRef)(nil), (*acme.ServiceAccountRef)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha3_ServiceAccountRef_To_acme_ServiceAccountRef(a.(*ServiceAccountRef), b.(*acme.ServiceAccountRef), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.ServiceAccountRef)(nil), (*ServiceAccountRef)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_ServiceAccountRef_To_v1alpha3_ServiceAccountRef(a.(*acme.ServiceAccountRef), b.(*ServiceAccountRef), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*acme.ACMEIssuer)(nil), (*ACMEIssuer)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_acme_ACMEIssuer_To_v1alpha3_ACMEIssuer(a.(*acme.ACMEIssuer), b.(*ACMEIssuer), scope) }); err != nil { @@ -1209,6 +1239,7 @@ func Convert_acme_ACMEIssuerDNS01ProviderRFC2136_To_v1alpha3_ACMEIssuerDNS01Prov } func autoConvert_v1alpha3_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01ProviderRoute53(in *ACMEIssuerDNS01ProviderRoute53, out *acme.ACMEIssuerDNS01ProviderRoute53, s conversion.Scope) error { + out.Auth = (*acme.Route53Auth)(unsafe.Pointer(in.Auth)) out.AccessKeyID = in.AccessKeyID if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID @@ -1225,7 +1256,6 @@ func autoConvert_v1alpha3_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01 out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region - out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1235,6 +1265,7 @@ func Convert_v1alpha3_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01Prov } func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1alpha3_ACMEIssuerDNS01ProviderRoute53(in *acme.ACMEIssuerDNS01ProviderRoute53, out *ACMEIssuerDNS01ProviderRoute53, s conversion.Scope) error { + out.Auth = (*Route53Auth)(unsafe.Pointer(in.Auth)) out.AccessKeyID = in.AccessKeyID if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID @@ -1251,7 +1282,6 @@ func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1alpha3_ACMEIssuerDNS01 out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region - out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1617,3 +1647,65 @@ func autoConvert_acme_OrderStatus_To_v1alpha3_OrderStatus(in *acme.OrderStatus, func Convert_acme_OrderStatus_To_v1alpha3_OrderStatus(in *acme.OrderStatus, out *OrderStatus, s conversion.Scope) error { return autoConvert_acme_OrderStatus_To_v1alpha3_OrderStatus(in, out, s) } + +func autoConvert_v1alpha3_Route53Auth_To_acme_Route53Auth(in *Route53Auth, out *acme.Route53Auth, s conversion.Scope) error { + out.Kubernetes = (*acme.Route53KubernetesAuth)(unsafe.Pointer(in.Kubernetes)) + return nil +} + +// Convert_v1alpha3_Route53Auth_To_acme_Route53Auth is an autogenerated conversion function. +func Convert_v1alpha3_Route53Auth_To_acme_Route53Auth(in *Route53Auth, out *acme.Route53Auth, s conversion.Scope) error { + return autoConvert_v1alpha3_Route53Auth_To_acme_Route53Auth(in, out, s) +} + +func autoConvert_acme_Route53Auth_To_v1alpha3_Route53Auth(in *acme.Route53Auth, out *Route53Auth, s conversion.Scope) error { + out.Kubernetes = (*Route53KubernetesAuth)(unsafe.Pointer(in.Kubernetes)) + return nil +} + +// Convert_acme_Route53Auth_To_v1alpha3_Route53Auth is an autogenerated conversion function. +func Convert_acme_Route53Auth_To_v1alpha3_Route53Auth(in *acme.Route53Auth, out *Route53Auth, s conversion.Scope) error { + return autoConvert_acme_Route53Auth_To_v1alpha3_Route53Auth(in, out, s) +} + +func autoConvert_v1alpha3_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in *Route53KubernetesAuth, out *acme.Route53KubernetesAuth, s conversion.Scope) error { + out.ServiceAccountRef = (*acme.ServiceAccountRef)(unsafe.Pointer(in.ServiceAccountRef)) + return nil +} + +// Convert_v1alpha3_Route53KubernetesAuth_To_acme_Route53KubernetesAuth is an autogenerated conversion function. +func Convert_v1alpha3_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in *Route53KubernetesAuth, out *acme.Route53KubernetesAuth, s conversion.Scope) error { + return autoConvert_v1alpha3_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in, out, s) +} + +func autoConvert_acme_Route53KubernetesAuth_To_v1alpha3_Route53KubernetesAuth(in *acme.Route53KubernetesAuth, out *Route53KubernetesAuth, s conversion.Scope) error { + out.ServiceAccountRef = (*ServiceAccountRef)(unsafe.Pointer(in.ServiceAccountRef)) + return nil +} + +// Convert_acme_Route53KubernetesAuth_To_v1alpha3_Route53KubernetesAuth is an autogenerated conversion function. +func Convert_acme_Route53KubernetesAuth_To_v1alpha3_Route53KubernetesAuth(in *acme.Route53KubernetesAuth, out *Route53KubernetesAuth, s conversion.Scope) error { + return autoConvert_acme_Route53KubernetesAuth_To_v1alpha3_Route53KubernetesAuth(in, out, s) +} + +func autoConvert_v1alpha3_ServiceAccountRef_To_acme_ServiceAccountRef(in *ServiceAccountRef, out *acme.ServiceAccountRef, s conversion.Scope) error { + out.Name = in.Name + out.TokenAudiences = *(*[]string)(unsafe.Pointer(&in.TokenAudiences)) + return nil +} + +// Convert_v1alpha3_ServiceAccountRef_To_acme_ServiceAccountRef is an autogenerated conversion function. +func Convert_v1alpha3_ServiceAccountRef_To_acme_ServiceAccountRef(in *ServiceAccountRef, out *acme.ServiceAccountRef, s conversion.Scope) error { + return autoConvert_v1alpha3_ServiceAccountRef_To_acme_ServiceAccountRef(in, out, s) +} + +func autoConvert_acme_ServiceAccountRef_To_v1alpha3_ServiceAccountRef(in *acme.ServiceAccountRef, out *ServiceAccountRef, s conversion.Scope) error { + out.Name = in.Name + out.TokenAudiences = *(*[]string)(unsafe.Pointer(&in.TokenAudiences)) + return nil +} + +// Convert_acme_ServiceAccountRef_To_v1alpha3_ServiceAccountRef is an autogenerated conversion function. +func Convert_acme_ServiceAccountRef_To_v1alpha3_ServiceAccountRef(in *acme.ServiceAccountRef, out *ServiceAccountRef, s conversion.Scope) error { + return autoConvert_acme_ServiceAccountRef_To_v1alpha3_ServiceAccountRef(in, out, s) +} diff --git a/internal/apis/acme/v1alpha3/zz_generated.deepcopy.go b/internal/apis/acme/v1alpha3/zz_generated.deepcopy.go index ab0decbccad..80ef90d6743 100644 --- a/internal/apis/acme/v1alpha3/zz_generated.deepcopy.go +++ b/internal/apis/acme/v1alpha3/zz_generated.deepcopy.go @@ -588,6 +588,11 @@ func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) { *out = *in + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(Route53Auth) + (*in).DeepCopyInto(*out) + } if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID *out = new(metav1.SecretKeySelector) @@ -917,3 +922,66 @@ func (in *OrderStatus) DeepCopy() *OrderStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53Auth) DeepCopyInto(out *Route53Auth) { + *out = *in + if in.Kubernetes != nil { + in, out := &in.Kubernetes, &out.Kubernetes + *out = new(Route53KubernetesAuth) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53Auth. +func (in *Route53Auth) DeepCopy() *Route53Auth { + if in == nil { + return nil + } + out := new(Route53Auth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53KubernetesAuth) DeepCopyInto(out *Route53KubernetesAuth) { + *out = *in + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(ServiceAccountRef) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53KubernetesAuth. +func (in *Route53KubernetesAuth) DeepCopy() *Route53KubernetesAuth { + if in == nil { + return nil + } + out := new(Route53KubernetesAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) { + *out = *in + if in.TokenAudiences != nil { + in, out := &in.TokenAudiences, &out.TokenAudiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountRef. +func (in *ServiceAccountRef) DeepCopy() *ServiceAccountRef { + if in == nil { + return nil + } + out := new(ServiceAccountRef) + in.DeepCopyInto(out) + return out +} diff --git a/internal/apis/acme/v1beta1/types_issuer.go b/internal/apis/acme/v1beta1/types_issuer.go index d6408e4ad1b..4c164a25ccf 100644 --- a/internal/apis/acme/v1beta1/types_issuer.go +++ b/internal/apis/acme/v1beta1/types_issuer.go @@ -474,6 +474,10 @@ type ACMEIssuerDNS01ProviderDigitalOcean struct { // ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53 // configuration for AWS type ACMEIssuerDNS01ProviderRoute53 struct { + // Auth configures how cert-manager authenticates. + // +optional + Auth *Route53Auth `json:"auth,omitempty"` + // The AccessKeyID is used for authentication. If not set we fall-back to using env vars, shared credentials file or AWS Instance metadata // see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials // +optional @@ -500,11 +504,36 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string `json:"region"` +} + +// Route53Auth is configuration used to authenticate with a Route53. +type Route53Auth struct { + // Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + // by passing a bound ServiceAccount token. + Kubernetes *Route53KubernetesAuth `json:"kubernetes"` +} + +// Route53KubernetesAuth is a configuration to authenticate against Route53 +// using a bound Kubernetes ServiceAccount token. +type Route53KubernetesAuth struct { + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). To use this field, you must + // configure an RBAC rule to let cert-manager request a token. + ServiceAccountRef *ServiceAccountRef `json:"serviceAccountRef"` +} + +// ServiceAccountRef is a service account used by cert-manager to request a +// token. The expiration of the token is also set by cert-manager to 10 minutes. +type ServiceAccountRef struct { + // Name of the ServiceAccount used to request a token. + Name string `json:"name"` - // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. - // Both Region and Role must be set. + // TokenAudiences is an optional list of audiences to include in the + // token passed to AWS. The default token consisting of the issuer's namespace + // and name is always included. + // If unset the audience defaults to `sts.amazonaws.com`. // +optional - WebIdentityToken string `json:"webIdentityToken,omitempty"` + TokenAudiences []string `json:"audiences,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/internal/apis/acme/v1beta1/zz_generated.conversion.go b/internal/apis/acme/v1beta1/zz_generated.conversion.go index 500529ee23f..17223764866 100644 --- a/internal/apis/acme/v1beta1/zz_generated.conversion.go +++ b/internal/apis/acme/v1beta1/zz_generated.conversion.go @@ -373,6 +373,36 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddGeneratedConversionFunc((*Route53Auth)(nil), (*acme.Route53Auth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta1_Route53Auth_To_acme_Route53Auth(a.(*Route53Auth), b.(*acme.Route53Auth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.Route53Auth)(nil), (*Route53Auth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_Route53Auth_To_v1beta1_Route53Auth(a.(*acme.Route53Auth), b.(*Route53Auth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*Route53KubernetesAuth)(nil), (*acme.Route53KubernetesAuth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(a.(*Route53KubernetesAuth), b.(*acme.Route53KubernetesAuth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.Route53KubernetesAuth)(nil), (*Route53KubernetesAuth)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_Route53KubernetesAuth_To_v1beta1_Route53KubernetesAuth(a.(*acme.Route53KubernetesAuth), b.(*Route53KubernetesAuth), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*ServiceAccountRef)(nil), (*acme.ServiceAccountRef)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1beta1_ServiceAccountRef_To_acme_ServiceAccountRef(a.(*ServiceAccountRef), b.(*acme.ServiceAccountRef), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*acme.ServiceAccountRef)(nil), (*ServiceAccountRef)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_acme_ServiceAccountRef_To_v1beta1_ServiceAccountRef(a.(*acme.ServiceAccountRef), b.(*ServiceAccountRef), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*acme.ACMEIssuer)(nil), (*ACMEIssuer)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_acme_ACMEIssuer_To_v1beta1_ACMEIssuer(a.(*acme.ACMEIssuer), b.(*ACMEIssuer), scope) }); err != nil { @@ -1209,6 +1239,7 @@ func Convert_acme_ACMEIssuerDNS01ProviderRFC2136_To_v1beta1_ACMEIssuerDNS01Provi } func autoConvert_v1beta1_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01ProviderRoute53(in *ACMEIssuerDNS01ProviderRoute53, out *acme.ACMEIssuerDNS01ProviderRoute53, s conversion.Scope) error { + out.Auth = (*acme.Route53Auth)(unsafe.Pointer(in.Auth)) out.AccessKeyID = in.AccessKeyID if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID @@ -1225,7 +1256,6 @@ func autoConvert_v1beta1_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01P out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region - out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1235,6 +1265,7 @@ func Convert_v1beta1_ACMEIssuerDNS01ProviderRoute53_To_acme_ACMEIssuerDNS01Provi } func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1beta1_ACMEIssuerDNS01ProviderRoute53(in *acme.ACMEIssuerDNS01ProviderRoute53, out *ACMEIssuerDNS01ProviderRoute53, s conversion.Scope) error { + out.Auth = (*Route53Auth)(unsafe.Pointer(in.Auth)) out.AccessKeyID = in.AccessKeyID if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID @@ -1251,7 +1282,6 @@ func autoConvert_acme_ACMEIssuerDNS01ProviderRoute53_To_v1beta1_ACMEIssuerDNS01P out.Role = in.Role out.HostedZoneID = in.HostedZoneID out.Region = in.Region - out.WebIdentityToken = in.WebIdentityToken return nil } @@ -1637,3 +1667,65 @@ func autoConvert_acme_OrderStatus_To_v1beta1_OrderStatus(in *acme.OrderStatus, o func Convert_acme_OrderStatus_To_v1beta1_OrderStatus(in *acme.OrderStatus, out *OrderStatus, s conversion.Scope) error { return autoConvert_acme_OrderStatus_To_v1beta1_OrderStatus(in, out, s) } + +func autoConvert_v1beta1_Route53Auth_To_acme_Route53Auth(in *Route53Auth, out *acme.Route53Auth, s conversion.Scope) error { + out.Kubernetes = (*acme.Route53KubernetesAuth)(unsafe.Pointer(in.Kubernetes)) + return nil +} + +// Convert_v1beta1_Route53Auth_To_acme_Route53Auth is an autogenerated conversion function. +func Convert_v1beta1_Route53Auth_To_acme_Route53Auth(in *Route53Auth, out *acme.Route53Auth, s conversion.Scope) error { + return autoConvert_v1beta1_Route53Auth_To_acme_Route53Auth(in, out, s) +} + +func autoConvert_acme_Route53Auth_To_v1beta1_Route53Auth(in *acme.Route53Auth, out *Route53Auth, s conversion.Scope) error { + out.Kubernetes = (*Route53KubernetesAuth)(unsafe.Pointer(in.Kubernetes)) + return nil +} + +// Convert_acme_Route53Auth_To_v1beta1_Route53Auth is an autogenerated conversion function. +func Convert_acme_Route53Auth_To_v1beta1_Route53Auth(in *acme.Route53Auth, out *Route53Auth, s conversion.Scope) error { + return autoConvert_acme_Route53Auth_To_v1beta1_Route53Auth(in, out, s) +} + +func autoConvert_v1beta1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in *Route53KubernetesAuth, out *acme.Route53KubernetesAuth, s conversion.Scope) error { + out.ServiceAccountRef = (*acme.ServiceAccountRef)(unsafe.Pointer(in.ServiceAccountRef)) + return nil +} + +// Convert_v1beta1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth is an autogenerated conversion function. +func Convert_v1beta1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in *Route53KubernetesAuth, out *acme.Route53KubernetesAuth, s conversion.Scope) error { + return autoConvert_v1beta1_Route53KubernetesAuth_To_acme_Route53KubernetesAuth(in, out, s) +} + +func autoConvert_acme_Route53KubernetesAuth_To_v1beta1_Route53KubernetesAuth(in *acme.Route53KubernetesAuth, out *Route53KubernetesAuth, s conversion.Scope) error { + out.ServiceAccountRef = (*ServiceAccountRef)(unsafe.Pointer(in.ServiceAccountRef)) + return nil +} + +// Convert_acme_Route53KubernetesAuth_To_v1beta1_Route53KubernetesAuth is an autogenerated conversion function. +func Convert_acme_Route53KubernetesAuth_To_v1beta1_Route53KubernetesAuth(in *acme.Route53KubernetesAuth, out *Route53KubernetesAuth, s conversion.Scope) error { + return autoConvert_acme_Route53KubernetesAuth_To_v1beta1_Route53KubernetesAuth(in, out, s) +} + +func autoConvert_v1beta1_ServiceAccountRef_To_acme_ServiceAccountRef(in *ServiceAccountRef, out *acme.ServiceAccountRef, s conversion.Scope) error { + out.Name = in.Name + out.TokenAudiences = *(*[]string)(unsafe.Pointer(&in.TokenAudiences)) + return nil +} + +// Convert_v1beta1_ServiceAccountRef_To_acme_ServiceAccountRef is an autogenerated conversion function. +func Convert_v1beta1_ServiceAccountRef_To_acme_ServiceAccountRef(in *ServiceAccountRef, out *acme.ServiceAccountRef, s conversion.Scope) error { + return autoConvert_v1beta1_ServiceAccountRef_To_acme_ServiceAccountRef(in, out, s) +} + +func autoConvert_acme_ServiceAccountRef_To_v1beta1_ServiceAccountRef(in *acme.ServiceAccountRef, out *ServiceAccountRef, s conversion.Scope) error { + out.Name = in.Name + out.TokenAudiences = *(*[]string)(unsafe.Pointer(&in.TokenAudiences)) + return nil +} + +// Convert_acme_ServiceAccountRef_To_v1beta1_ServiceAccountRef is an autogenerated conversion function. +func Convert_acme_ServiceAccountRef_To_v1beta1_ServiceAccountRef(in *acme.ServiceAccountRef, out *ServiceAccountRef, s conversion.Scope) error { + return autoConvert_acme_ServiceAccountRef_To_v1beta1_ServiceAccountRef(in, out, s) +} diff --git a/internal/apis/acme/v1beta1/zz_generated.deepcopy.go b/internal/apis/acme/v1beta1/zz_generated.deepcopy.go index a1aaba007d5..07e73a07683 100644 --- a/internal/apis/acme/v1beta1/zz_generated.deepcopy.go +++ b/internal/apis/acme/v1beta1/zz_generated.deepcopy.go @@ -588,6 +588,11 @@ func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) { *out = *in + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(Route53Auth) + (*in).DeepCopyInto(*out) + } if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID *out = new(metav1.SecretKeySelector) @@ -917,3 +922,66 @@ func (in *OrderStatus) DeepCopy() *OrderStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53Auth) DeepCopyInto(out *Route53Auth) { + *out = *in + if in.Kubernetes != nil { + in, out := &in.Kubernetes, &out.Kubernetes + *out = new(Route53KubernetesAuth) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53Auth. +func (in *Route53Auth) DeepCopy() *Route53Auth { + if in == nil { + return nil + } + out := new(Route53Auth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53KubernetesAuth) DeepCopyInto(out *Route53KubernetesAuth) { + *out = *in + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(ServiceAccountRef) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53KubernetesAuth. +func (in *Route53KubernetesAuth) DeepCopy() *Route53KubernetesAuth { + if in == nil { + return nil + } + out := new(Route53KubernetesAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) { + *out = *in + if in.TokenAudiences != nil { + in, out := &in.TokenAudiences, &out.TokenAudiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountRef. +func (in *ServiceAccountRef) DeepCopy() *ServiceAccountRef { + if in == nil { + return nil + } + out := new(ServiceAccountRef) + in.DeepCopyInto(out) + return out +} diff --git a/internal/apis/acme/zz_generated.deepcopy.go b/internal/apis/acme/zz_generated.deepcopy.go index d0598cf1351..c798aecce58 100644 --- a/internal/apis/acme/zz_generated.deepcopy.go +++ b/internal/apis/acme/zz_generated.deepcopy.go @@ -588,6 +588,11 @@ func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) { *out = *in + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(Route53Auth) + (*in).DeepCopyInto(*out) + } if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID *out = new(meta.SecretKeySelector) @@ -917,3 +922,66 @@ func (in *OrderStatus) DeepCopy() *OrderStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53Auth) DeepCopyInto(out *Route53Auth) { + *out = *in + if in.Kubernetes != nil { + in, out := &in.Kubernetes, &out.Kubernetes + *out = new(Route53KubernetesAuth) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53Auth. +func (in *Route53Auth) DeepCopy() *Route53Auth { + if in == nil { + return nil + } + out := new(Route53Auth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53KubernetesAuth) DeepCopyInto(out *Route53KubernetesAuth) { + *out = *in + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(ServiceAccountRef) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53KubernetesAuth. +func (in *Route53KubernetesAuth) DeepCopy() *Route53KubernetesAuth { + if in == nil { + return nil + } + out := new(Route53KubernetesAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) { + *out = *in + if in.TokenAudiences != nil { + in, out := &in.TokenAudiences, &out.TokenAudiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountRef. +func (in *ServiceAccountRef) DeepCopy() *ServiceAccountRef { + if in == nil { + return nil + } + out := new(ServiceAccountRef) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/apis/acme/v1/types_issuer.go b/pkg/apis/acme/v1/types_issuer.go index aab41070d9d..0da9444f4b6 100644 --- a/pkg/apis/acme/v1/types_issuer.go +++ b/pkg/apis/acme/v1/types_issuer.go @@ -479,6 +479,10 @@ type ACMEIssuerDNS01ProviderDigitalOcean struct { // ACMEIssuerDNS01ProviderRoute53 is a structure containing the Route 53 // configuration for AWS type ACMEIssuerDNS01ProviderRoute53 struct { + // Auth configures how cert-manager authenticates. + // +optional + Auth *Route53Auth `json:"auth,omitempty"` + // The AccessKeyID is used for authentication. // Cannot be set when SecretAccessKeyID is set. // If neither the Access Key nor Key ID are set, we fall-back to using env @@ -514,11 +518,36 @@ type ACMEIssuerDNS01ProviderRoute53 struct { // Always set the region when using AccessKeyID and SecretAccessKey Region string `json:"region"` +} + +// Route53Auth is configuration used to authenticate with a Route53. +type Route53Auth struct { + // Kubernetes authenticates with Route53 using AssumeRoleWithWebIdentity + // by passing a bound ServiceAccount token. + Kubernetes *Route53KubernetesAuth `json:"kubernetes"` +} + +// Route53KubernetesAuth is a configuration to authenticate against Route53 +// using a bound Kubernetes ServiceAccount token. +type Route53KubernetesAuth struct { + // A reference to a service account that will be used to request a bound + // token (also known as "projected token"). To use this field, you must + // configure an RBAC rule to let cert-manager request a token. + ServiceAccountRef *ServiceAccountRef `json:"serviceAccountRef"` +} + +// ServiceAccountRef is a service account used by cert-manager to request a +// token. The expiration of the token is also set by cert-manager to 10 minutes. +type ServiceAccountRef struct { + // Name of the ServiceAccount used to request a token. + Name string `json:"name"` - // WebIdentityToken is the path to the OAuth 2.0 access token or OpenID Connect ID token that is provided by an identity provider. - // Both Region and Role must be set. + // TokenAudiences is an optional list of audiences to include in the + // token passed to AWS. The default token consisting of the issuer's namespace + // and name is always included. + // If unset the audience defaults to `sts.amazonaws.com`. // +optional - WebIdentityToken string `json:"webIdentityToken,omitempty"` + TokenAudiences []string `json:"audiences,omitempty"` } // ACMEIssuerDNS01ProviderAzureDNS is a structure containing the diff --git a/pkg/apis/acme/v1/zz_generated.deepcopy.go b/pkg/apis/acme/v1/zz_generated.deepcopy.go index 86e91f7b3d8..655be302a57 100644 --- a/pkg/apis/acme/v1/zz_generated.deepcopy.go +++ b/pkg/apis/acme/v1/zz_generated.deepcopy.go @@ -588,6 +588,11 @@ func (in *ACMEIssuerDNS01ProviderRFC2136) DeepCopy() *ACMEIssuerDNS01ProviderRFC // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ACMEIssuerDNS01ProviderRoute53) DeepCopyInto(out *ACMEIssuerDNS01ProviderRoute53) { *out = *in + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(Route53Auth) + (*in).DeepCopyInto(*out) + } if in.SecretAccessKeyID != nil { in, out := &in.SecretAccessKeyID, &out.SecretAccessKeyID *out = new(metav1.SecretKeySelector) @@ -917,3 +922,66 @@ func (in *OrderStatus) DeepCopy() *OrderStatus { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53Auth) DeepCopyInto(out *Route53Auth) { + *out = *in + if in.Kubernetes != nil { + in, out := &in.Kubernetes, &out.Kubernetes + *out = new(Route53KubernetesAuth) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53Auth. +func (in *Route53Auth) DeepCopy() *Route53Auth { + if in == nil { + return nil + } + out := new(Route53Auth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Route53KubernetesAuth) DeepCopyInto(out *Route53KubernetesAuth) { + *out = *in + if in.ServiceAccountRef != nil { + in, out := &in.ServiceAccountRef, &out.ServiceAccountRef + *out = new(ServiceAccountRef) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Route53KubernetesAuth. +func (in *Route53KubernetesAuth) DeepCopy() *Route53KubernetesAuth { + if in == nil { + return nil + } + out := new(Route53KubernetesAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceAccountRef) DeepCopyInto(out *ServiceAccountRef) { + *out = *in + if in.TokenAudiences != nil { + in, out := &in.TokenAudiences, &out.TokenAudiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceAccountRef. +func (in *ServiceAccountRef) DeepCopy() *ServiceAccountRef { + if in == nil { + return nil + } + out := new(ServiceAccountRef) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go index a0c9a7f1824..d6b50393e15 100644 --- a/pkg/issuer/acme/dns/dns.go +++ b/pkg/issuer/acme/dns/dns.go @@ -23,7 +23,9 @@ import ( "strings" "time" + authv1 "k8s.io/api/authentication/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/utils/ptr" internalinformers "github.com/cert-manager/cert-manager/internal/informers" "github.com/cert-manager/cert-manager/pkg/acme/webhook" @@ -43,6 +45,7 @@ import ( "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" webhookslv "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/webhook" logf "github.com/cert-manager/cert-manager/pkg/logs" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // solver is the old solver type interface. @@ -58,7 +61,7 @@ type solver interface { type dnsProviderConstructors struct { cloudDNS func(ctx context.Context, project string, serviceAccount []byte, dns01Nameservers []string, ambient bool, hostedZoneName string) (*clouddns.DNSProvider, error) cloudFlare func(email, apikey, apiToken string, dns01Nameservers []string, userAgent string) (*cloudflare.DNSProvider, error) - route53 func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role string, webIdentityToken string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) + route53 func(ctx context.Context, accessKey, secretKey, hostedZoneID, region, role, webIdentityToken string, ambient bool, dns01Nameservers []string, userAgent string) (*route53.DNSProvider, error) azureDNS func(environment, clientID, clientSecret, subscriptionID, tenantID, resourceGroupName, hostedZoneName string, dns01Nameservers []string, ambient bool, managedIdentity *cmacme.AzureManagedIdentity) (*azuredns.DNSProvider, error) acmeDNS func(host string, accountJson []byte, dns01Nameservers []string) (*acmedns.DNSProvider, error) digitalOcean func(token string, dns01Nameservers []string, userAgent string) (*digitalocean.DNSProvider, error) @@ -343,6 +346,21 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer secretAccessKey = string(secretAccessKeyBytes) } + webIdentityToken := "" + if providerConfig.Route53.Auth != nil { + audiences := []string{"sts.amazonaws.com"} + if len(providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.TokenAudiences) != 0 { + audiences = providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.TokenAudiences + } + + jwt, err := s.createToken(resourceNamespace, providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.Name, audiences) + if err != nil { + return nil, nil, fmt.Errorf("error getting service account token: %w", err) + } + + webIdentityToken = jwt + } + impl, err = s.dnsProviderConstructors.route53( ctx, secretAccessKeyID, @@ -350,7 +368,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer providerConfig.Route53.HostedZoneID, providerConfig.Route53.Region, providerConfig.Route53.Role, - providerConfig.Route53.WebIdentityToken, + webIdentityToken, canUseAmbientCredentials, s.DNS01Nameservers, s.RESTConfig.UserAgent, @@ -537,3 +555,17 @@ func (s *Solver) loadSecretData(selector *cmmeta.SecretKeySelector, ns string) ( return nil, fmt.Errorf("no key %q in secret %q", selector.Key, ns+"/"+selector.Name) } + +func (s *Solver) createToken(ns, serviceAccount string, audiences []string) (string, error) { + tokenrequest, err := s.Client.CoreV1().ServiceAccounts(ns).CreateToken(context.Background(), serviceAccount, &authv1.TokenRequest{ + Spec: authv1.TokenRequestSpec{ + Audiences: audiences, + ExpirationSeconds: ptr.To(int64(600)), + }, + }, metav1.CreateOptions{}) + if err != nil { + return "", fmt.Errorf("failed to request token for %s/%s: %w", ns, serviceAccount, err) + } + + return tokenrequest.Status.Token, nil +} diff --git a/pkg/issuer/acme/dns/dns_test.go b/pkg/issuer/acme/dns/dns_test.go index e17bd55653e..81aba151301 100644 --- a/pkg/issuer/acme/dns/dns_test.go +++ b/pkg/issuer/acme/dns/dns_test.go @@ -636,41 +636,6 @@ func TestRoute53AssumeRole(t *testing.T) { }, }, }, - { - solverFixture{ - Builder: &test.Builder{ - Context: &controller.Context{ - RESTConfig: new(rest.Config), - ContextOptions: controller.ContextOptions{ - IssuerOptions: controller.IssuerOptions{ - IssuerAmbientCredentials: false, - }, - }, - }, - }, - Issuer: newIssuer(), - dnsProviders: newFakeDNSProviders(), - Challenge: &cmacme.Challenge{ - Spec: cmacme.ChallengeSpec{ - Solver: cmacme.ACMEChallengeSolver{ - DNS01: &cmacme.ACMEChallengeSolverDNS01{ - Route53: &cmacme.ACMEIssuerDNS01ProviderRoute53{ - Region: "us-west-2", - Role: "my-other-role", - WebIdentityToken: "path/to/token", - }, - }, - }, - }, - }, - }, - result{ - expectedCall: &fakeDNSProviderCall{ - name: "route53", - args: []interface{}{"", "", "", "us-west-2", "my-other-role", "path/to/token", false, util.RecursiveNameservers}, - }, - }, - }, } for _, tt := range tests { diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index cff0362bd94..b8a1dc6eefc 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -14,7 +14,6 @@ import ( "context" "errors" "fmt" - "os" "strings" "time" @@ -117,17 +116,13 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { } if d.Role != "" && d.WebIdentityToken != "" { - d.log.V(logf.DebugLevel).WithValues("role", d.Role).WithValues("path", d.WebIdentityToken).Info("assuming role with web identity") - token, err := os.ReadFile(d.WebIdentityToken) - if err != nil { - return aws.Config{}, fmt.Errorf("failed to read token from file: %s", err) - } + d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role with web identity") stsSvc := d.StsProvider(cfg) result, err := stsSvc.AssumeRoleWithWebIdentity(context.TODO(), &sts.AssumeRoleWithWebIdentityInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), - WebIdentityToken: aws.String(string(token)), + WebIdentityToken: aws.String(d.WebIdentityToken), }) if err != nil { return aws.Config{}, fmt.Errorf("unable to assume role with web identity: %s", err) From 910ca56d589cce9feef4b9d7504040f891dac6a0 Mon Sep 17 00:00:00 2001 From: Paul Whitehead Date: Tue, 7 May 2024 14:00:04 -0600 Subject: [PATCH 110/177] fix golangci linting Signed-off-by: Paul Whitehead --- pkg/issuer/acme/dns/dns.go | 8 ++++---- pkg/issuer/acme/dns/route53/route53.go | 17 +++++++++-------- 2 files changed, 13 insertions(+), 12 deletions(-) diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go index d6b50393e15..6c895309bec 100644 --- a/pkg/issuer/acme/dns/dns.go +++ b/pkg/issuer/acme/dns/dns.go @@ -25,6 +25,7 @@ import ( authv1 "k8s.io/api/authentication/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" internalinformers "github.com/cert-manager/cert-manager/internal/informers" @@ -45,7 +46,6 @@ import ( "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util" webhookslv "github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/webhook" logf "github.com/cert-manager/cert-manager/pkg/logs" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // solver is the old solver type interface. @@ -353,7 +353,7 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer audiences = providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.TokenAudiences } - jwt, err := s.createToken(resourceNamespace, providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.Name, audiences) + jwt, err := s.createToken(ctx, resourceNamespace, providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.Name, audiences) if err != nil { return nil, nil, fmt.Errorf("error getting service account token: %w", err) } @@ -556,8 +556,8 @@ func (s *Solver) loadSecretData(selector *cmmeta.SecretKeySelector, ns string) ( return nil, fmt.Errorf("no key %q in secret %q", selector.Key, ns+"/"+selector.Name) } -func (s *Solver) createToken(ns, serviceAccount string, audiences []string) (string, error) { - tokenrequest, err := s.Client.CoreV1().ServiceAccounts(ns).CreateToken(context.Background(), serviceAccount, &authv1.TokenRequest{ +func (s *Solver) createToken(ctx context.Context, ns, serviceAccount string, audiences []string) (string, error) { + tokenrequest, err := s.Client.CoreV1().ServiceAccounts(ns).CreateToken(ctx, serviceAccount, &authv1.TokenRequest{ Spec: authv1.TokenRequestSpec{ Audiences: audiences, ExpirationSeconds: ptr.To(int64(600)), diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index b8a1dc6eefc..36e375af471 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -64,13 +64,14 @@ type StsClient interface { } func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { - if d.Role == "" && d.WebIdentityToken != "" { + switch { + case d.Role == "" && d.WebIdentityToken != "": return aws.Config{}, fmt.Errorf("unable to construct route53 provider: role must be set when web identity token is set") - } else if d.AccessKeyID == "" && d.SecretAccessKey == "" { + case d.AccessKeyID == "" && d.SecretAccessKey == "": if !d.Ambient && d.WebIdentityToken == "" { return aws.Config{}, fmt.Errorf("unable to construct route53 provider: empty credentials; perhaps you meant to enable ambient credentials?") } - } else if d.AccessKeyID == "" || d.SecretAccessKey == "" { + case d.AccessKeyID == "" || d.SecretAccessKey == "": // It's always an error to set one of those but not the other return aws.Config{}, fmt.Errorf("unable to construct route53 provider: only one of access and secret key was provided") } @@ -78,16 +79,16 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { useAmbientCredentials := d.Ambient && (d.AccessKeyID == "" && d.SecretAccessKey == "") && d.WebIdentityToken == "" var optFns []func(*config.LoadOptions) error - - if d.Role != "" && d.WebIdentityToken != "" { + switch { + case d.Role != "" && d.WebIdentityToken != "": d.log.V(logf.DebugLevel).Info("using assume role with web identity") optFns = append(optFns, config.WithRegion(d.Region)) - } else if useAmbientCredentials { + case useAmbientCredentials: d.log.V(logf.DebugLevel).Info("using ambient credentials") // Leaving credentials unset results in a default credential chain being // used; this chain is a reasonable default for getting ambient creds. // https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials - } else { + default: d.log.V(logf.DebugLevel).Info("not using ambient credentials") optFns = append(optFns, config.WithCredentialsProvider(credentials.NewStaticCredentialsProvider(d.AccessKeyID, d.SecretAccessKey, ""))) } @@ -119,7 +120,7 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role with web identity") stsSvc := d.StsProvider(cfg) - result, err := stsSvc.AssumeRoleWithWebIdentity(context.TODO(), &sts.AssumeRoleWithWebIdentityInput{ + result, err := stsSvc.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), WebIdentityToken: aws.String(d.WebIdentityToken), From 4183b636fd4ddfa47477980ef8d3a6e4fa9c5a63 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Wed, 8 May 2024 00:17:49 +0000 Subject: [PATCH 111/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/klone.yaml b/klone.yaml index 43891c945c8..ca5dbf1c46e 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 + repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 + repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 + repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 + repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 + repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 + repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: ed50ac284f8e2a389ee33d4dcb90eb4de108bb98 + repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 repo_path: modules/tools From d0e635fc36e20815e11c0927144b994691bf8dba Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 8 May 2024 18:05:25 +0200 Subject: [PATCH 112/177] remove deprecated ParseSubjectStringToRawDERBytes function & refactor and move tests Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/util/pki/parse_test.go | 104 ------------------------------- pkg/util/pki/subject.go | 10 --- pkg/util/pki/subject_test.go | 116 +++++++++++++++++++++++++++++++++++ 3 files changed, 116 insertions(+), 114 deletions(-) create mode 100644 pkg/util/pki/subject_test.go diff --git a/pkg/util/pki/parse_test.go b/pkg/util/pki/parse_test.go index 88c303dc59b..13f6109ef3e 100644 --- a/pkg/util/pki/parse_test.go +++ b/pkg/util/pki/parse_test.go @@ -19,14 +19,10 @@ package pki import ( "crypto/ecdsa" "crypto/rsa" - "crypto/x509/pkix" - "encoding/asn1" "encoding/pem" "strings" "testing" - "github.com/stretchr/testify/assert" - v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" ) @@ -178,103 +174,3 @@ func TestDecodePrivateKeyBytes(t *testing.T) { t.Run(test.name, testFn(test)) } } - -func TestMustParseRDN(t *testing.T) { - subject := "SERIALNUMBER=42, L=some-locality, ST=some-state-or-province, STREET=some-street, CN=foo-long.com, OU=FooLong, OU=Barq, OU=Baz, OU=Dept., O=Corp., C=US" - rdnSeq, err := UnmarshalSubjectStringToRDNSequence(subject) - if err != nil { - t.Fatal(err) - } - - expectedRdnSeq := - pkix.RDNSequence{ - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.Country, Value: "US"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.Organization, Value: "Corp."}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.OrganizationalUnit, Value: "Dept."}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.OrganizationalUnit, Value: "Baz"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.OrganizationalUnit, Value: "Barq"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.OrganizationalUnit, Value: "FooLong"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.CommonName, Value: "foo-long.com"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.StreetAddress, Value: "some-street"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.Province, Value: "some-state-or-province"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.Locality, Value: "some-locality"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.SerialNumber, Value: "42"}, - }, - } - - assert.Equal(t, expectedRdnSeq, rdnSeq) -} - -func TestMustKeepOrderInRawDerBytes(t *testing.T) { - subject := "CN=foo-long.com,OU=FooLong,OU=Barq,OU=Baz,OU=Dept.,O=Corp.,C=US" - bytes, err := ParseSubjectStringToRawDERBytes(subject) - if err != nil { - t.Fatal(err) - } - - var rdnSeq pkix.RDNSequence - _, err2 := asn1.Unmarshal(bytes, &rdnSeq) - if err2 != nil { - t.Fatal(err2) - } - - t.Log(bytes) - - expectedRdnSeq := - pkix.RDNSequence{ - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.Country, Value: "US"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.Organization, Value: "Corp."}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.OrganizationalUnit, Value: "Dept."}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.OrganizationalUnit, Value: "Baz"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.OrganizationalUnit, Value: "Barq"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.OrganizationalUnit, Value: "FooLong"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.CommonName, Value: "foo-long.com"}, - }, - } - - assert.Equal(t, expectedRdnSeq, rdnSeq) - assert.Equal(t, subject, rdnSeq.String()) -} - -func TestShouldFailForHexDER(t *testing.T) { - _, err := ParseSubjectStringToRawDERBytes("DF=#6666666666665006838820013100000746939546349182108463491821809FBFFFFFFFFF") - if err == nil { - t.Fatal("expected error, but got none") - } - - assert.Contains(t, err.Error(), "failed to unmarshal hex-encoded string: asn1: syntax error: data truncated") -} diff --git a/pkg/util/pki/subject.go b/pkg/util/pki/subject.go index 77d6199def8..4f04b97d5c7 100644 --- a/pkg/util/pki/subject.go +++ b/pkg/util/pki/subject.go @@ -126,13 +126,3 @@ func ExtractCommonNameFromRDNSequence(rdns pkix.RDNSequence) string { return "" } - -// Deprecated: this function will be removed in a future release. -func ParseSubjectStringToRawDERBytes(subject string) ([]byte, error) { - rdnSequence, err := UnmarshalSubjectStringToRDNSequence(subject) - if err != nil { - return nil, err - } - - return MarshalRDNSequenceToRawDERBytes(rdnSequence) -} diff --git a/pkg/util/pki/subject_test.go b/pkg/util/pki/subject_test.go new file mode 100644 index 00000000000..66ee2bc19c4 --- /dev/null +++ b/pkg/util/pki/subject_test.go @@ -0,0 +1,116 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package pki + +import ( + "crypto/x509/pkix" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestMustParseRDN(t *testing.T) { + subject := "SERIALNUMBER=42, L=some-locality, ST=some-state-or-province, STREET=some-street, CN=foo-long.com, OU=FooLong, OU=Barq, OU=Baz, OU=Dept., O=Corp., C=US" + rdnSeq, err := UnmarshalSubjectStringToRDNSequence(subject) + if err != nil { + t.Fatal(err) + } + + expectedRdnSeq := + pkix.RDNSequence{ + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Country, Value: "US"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Organization, Value: "Corp."}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.OrganizationalUnit, Value: "Dept."}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.OrganizationalUnit, Value: "Baz"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.OrganizationalUnit, Value: "Barq"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.OrganizationalUnit, Value: "FooLong"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.CommonName, Value: "foo-long.com"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.StreetAddress, Value: "some-street"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Province, Value: "some-state-or-province"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Locality, Value: "some-locality"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.SerialNumber, Value: "42"}, + }, + } + + assert.Equal(t, expectedRdnSeq, rdnSeq) +} + +func TestMustKeepOrderInRawDerBytes(t *testing.T) { + subject := "CN=foo-long.com,OU=FooLong,OU=Barq,OU=Baz,OU=Dept.,O=Corp.,C=US" + rdnSeq, err := UnmarshalSubjectStringToRDNSequence(subject) + if err != nil { + t.Fatal(err) + } + + expectedRdnSeq := + pkix.RDNSequence{ + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Country, Value: "US"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Organization, Value: "Corp."}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.OrganizationalUnit, Value: "Dept."}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.OrganizationalUnit, Value: "Baz"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.OrganizationalUnit, Value: "Barq"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.OrganizationalUnit, Value: "FooLong"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.CommonName, Value: "foo-long.com"}, + }, + } + + assert.Equal(t, expectedRdnSeq, rdnSeq) + assert.Equal(t, subject, rdnSeq.String()) +} + +func TestShouldFailForHexDER(t *testing.T) { + _, err := UnmarshalSubjectStringToRDNSequence("DF=#6666666666665006838820013100000746939546349182108463491821809FBFFFFFFFFF") + if err == nil { + t.Fatal("expected error, but got none") + } + + assert.Contains(t, err.Error(), "failed to unmarshal hex-encoded string: asn1: syntax error: data truncated") +} From 7adcef495c706a11820fcabb717e50a6d9c3cd8a Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Thu, 9 May 2024 17:47:12 +0100 Subject: [PATCH 113/177] move roadmap to community repo Signed-off-by: Ashley Davis --- ROADMAP.md | 64 +----------------------------------------------------- 1 file changed, 1 insertion(+), 63 deletions(-) diff --git a/ROADMAP.md b/ROADMAP.md index 04d7df47854..9d2adfdc7f3 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -1,66 +1,4 @@ Roadmap ======= -The roadmap items are categorised into themes based on the larger goals we want to achieve with cert-manager. - - -While this is a summary of the direction we want to go we welcome all PRs, even if they don't fall under any of the roadmap items -listed here. We unfortunately can't merge every change, and if you're looking to contribute a new feature you might want to -check the [contributing guide](https://cert-manager.io/docs/contributing/) on the cert-manager website. - - -### Integration with other projects in the cloud-native landscape - -cert-manager should be able to deliver and manage X.509 certificates to popular -projects in the cloud-native ecosystem. - -- Service Mesh Integration: While we have good Istio and Open Service Mesh integration, expand to other projects such as Linkerd, cilium - -### Adoption of upstream APIs - -Continue to support latest APIs for upstream K8s and related SIGs. - -- Kubernetes APIs: keep up to date with Kubernetes API changes and release cadence -- CSR API: support the sig-auth CSR API for certificate requests in kubernetes -- [Trust Anchor Sets](https://github.com/kubernetes/enhancements/pull/3258) -- Gateway API - -### Extensibility - -Widen the scope of integrations with cert-manager. - -- EST support: support a standard for ACME-like issuance within an enterprise -- External DNS plugin: enable ACME DNS01 requests to be completed using external-dns -- Improve external issuer development experience: documentation and examples for people developing external issuers - -### PKI lifecycle - -Enable best-practice PKI management with cert-manager. - -- Handle CA certs being renewed: deal with the cases where the CA cert is renewed and allow for all signed certs to be renewed -- Make cert-manager a viable way to create and manage private PKI deployments at scale -- Trust root distribution: handle distributing all trust roots within a cluster, solving trust for private and public certificates - -See also [trust-manager](https://cert-manager.io/docs/projects/trust/) for more on trust distribution. - -### End-user experience - -- Graduate alpha / beta features in good time: - - SIG-Auth CSR API support - - SIG-Network Gateway API support -- Easier diagnosis of problems: improve cert-manager output to make status clearer, and provide tools to aid debugging -- Improve the new contributor experience - -### Developer experience - -- Better user experience for installation, operation and use with applications -- Zero test flakiness and increased testing confidence -- Improve release process by adding more automation - -### Shrinking Core - -Minimise the surface area of cert-manager, reducing attack surface, binary size, container size and default deployment complexity - -- Move "core" issuers with dependencies (ACME, Vault, Venafi) into external issuers, which might still be bundled by default -- Likewise, change all "core" DNS solvers into external solvers -- Provide a minimal "pick and mix" distribution of cert-manager which allows users to specify exactly which issuer types / DNS solvers they want to install +The cert-manager project roadmap has moved to the [cert-manager/community repo](https://github.com/cert-manager/community/blob/main/ROADMAP.md). From 4d65ca8e4e53e933ae367ca2a3e8d45d951927ea Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Thu, 9 May 2024 18:44:23 +0000 Subject: [PATCH 114/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- OWNERS_ALIASES | 1 + klone.yaml | 14 +++++++------- .../repository-base/base/OWNERS_ALIASES | 1 + make/_shared/tools/00_mod.mk | 18 ++++++++++++------ 4 files changed, 21 insertions(+), 13 deletions(-) diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES index 6d51f05b459..10d1279af3a 100644 --- a/OWNERS_ALIASES +++ b/OWNERS_ALIASES @@ -11,3 +11,4 @@ aliases: - irbekrm - sgtcodfish - inteon + - thatsmrtalbot diff --git a/klone.yaml b/klone.yaml index ca5dbf1c46e..d7446d1c060 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 + repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 + repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 + repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 + repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 + repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 + repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b22d7b9ed81a3770d994432e0f0e0f5a51c420e1 + repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd repo_path: modules/tools diff --git a/make/_shared/repository-base/base/OWNERS_ALIASES b/make/_shared/repository-base/base/OWNERS_ALIASES index 6d51f05b459..10d1279af3a 100644 --- a/make/_shared/repository-base/base/OWNERS_ALIASES +++ b/make/_shared/repository-base/base/OWNERS_ALIASES @@ -11,3 +11,4 @@ aliases: - irbekrm - sgtcodfish - inteon + - thatsmrtalbot diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 295b1617889..b986e641506 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -150,7 +150,7 @@ ADDITIONAL_TOOLS ?= tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.22.2 +VENDORED_GO_VERSION := 1.22.3 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -359,10 +359,10 @@ $(call for_each_kv,go_dependency,$(go_dependencies)) # File downloads # ################## -go_linux_amd64_SHA256SUM=5901c52b7a78002aeff14a21f93e0f064f74ce1360fce51c6ee68cd471216a17 -go_linux_arm64_SHA256SUM=36e720b2d564980c162a48c7e97da2e407dfcc4239e1e58d98082dfa2486a0c1 -go_darwin_amd64_SHA256SUM=33e7f63077b1c5bce4f1ecadd4d990cf229667c40bfb00686990c950911b7ab7 -go_darwin_arm64_SHA256SUM=660298be38648723e783ba0398e90431de1cb288c637880cdb124f39bd977f0d +go_linux_amd64_SHA256SUM=8920ea521bad8f6b7bc377b4824982e011c19af27df88a815e3586ea895f1b36 +go_linux_arm64_SHA256SUM=6c33e52a5b26e7aa021b94475587fce80043a727a54ceb0eee2f9fc160646434 +go_darwin_amd64_SHA256SUM=610e48c1df4d2f852de8bc2e7fd2dc1521aac216f0c0026625db12f67f192024 +go_darwin_arm64_SHA256SUM=02abeab3f4b8981232237ebd88f0a9bad933bc9621791cd7720a9ca29eacbe9d .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @@ -615,6 +615,12 @@ tools: $(tools_paths) self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk +# see https://stackoverflow.com/a/53408233 +sed_inplace := sed -i'' +ifeq ($(HOST_OS),darwin) + sed_inplace := sed -i '' +endif + # This target is used to learn the sha256sum of the tools. It is used only # in the makefile-modules repo, and should not be used in any other repo. .PHONY: tools-learn-sha @@ -635,5 +641,5 @@ tools-learn-sha: | $(bin_dir) HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) vendor-go while read p; do \ - sed -i "$$p" $(self_file); \ + $(sed_inplace) "$$p" $(self_file); \ done <"$(LEARN_FILE)" From 81232c2fe310ea8ebd784e9146ad38acea913971 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 9 May 2024 21:41:09 +0200 Subject: [PATCH 115/177] revert in-tree ParseDN function now that upstream ParseDN function has been fixed Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- LICENSES | 3 + cmd/controller/LICENSES | 3 + cmd/controller/go.mod | 6 + cmd/controller/go.sum | 35 +++++ cmd/webhook/LICENSES | 5 +- cmd/webhook/go.mod | 6 + cmd/webhook/go.sum | 49 +++++++ go.mod | 6 + go.sum | 35 +++++ pkg/util/pki/internal/dn.go | 234 ------------------------------- pkg/util/pki/internal/dn_test.go | 184 ------------------------ pkg/util/pki/subject.go | 10 +- pkg/util/pki/subject_test.go | 104 +++++++++++++- test/e2e/LICENSES | 5 +- test/e2e/go.mod | 6 + test/e2e/go.sum | 54 +++++++ test/integration/LICENSES | 3 + test/integration/go.mod | 8 +- test/integration/go.sum | 47 +++++++ 19 files changed, 375 insertions(+), 428 deletions(-) delete mode 100644 pkg/util/pki/internal/dn.go delete mode 100644 pkg/util/pki/internal/dn_test.go diff --git a/LICENSES b/LICENSES index 7cf4fb6307e..391af5ca277 100644 --- a/LICENSES +++ b/LICENSES @@ -3,6 +3,7 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk- github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.1/sdk/azidentity/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.5.2/sdk/internal/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT +github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.1/LICENSE,MIT github.com/NYTimes/gziphandler,https://github.com/NYTimes/gziphandler/blob/v1.1.1/LICENSE,Apache-2.0 github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.4.0/LICENSE,Apache-2.0 @@ -47,8 +48,10 @@ github.com/evanphx/json-patch,https://github.com/evanphx/json-patch/blob/v5.9.0/ github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause +github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.3/LICENSE,Apache-2.0 github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.3/json/LICENSE,BSD-3-Clause +github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index e2aaeb9650f..526a5754902 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -3,6 +3,7 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk- github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.1/sdk/azidentity/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.5.2/sdk/internal/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT +github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.1/LICENSE,MIT github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.4.0/LICENSE,Apache-2.0 github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0 @@ -42,8 +43,10 @@ github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.109.0/ github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.109.0/LICENSE.txt,BSD-3-Clause github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT +github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.3/LICENSE,Apache-2.0 github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.3/json/LICENSE,BSD-3-Clause +github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index c3c84012f83..7c7ac9ca705 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -6,6 +6,9 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. +replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 + replace github.com/cert-manager/cert-manager => ../../ require ( @@ -27,6 +30,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect github.com/Venafi/vcert/v5 v5.4.0 // indirect github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 // indirect @@ -56,7 +60,9 @@ require ( github.com/digitalocean/godo v1.109.0 // indirect github.com/emicklei/go-restful/v3 v3.11.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index 53606641c38..b446dd29ed1 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -11,6 +11,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aM github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -18,6 +20,8 @@ github.com/Venafi/vcert/v5 v5.4.0 h1:jsbFNoIO8Ffs5mlOIedj0IecaHFvorY/6gKraj/tbcc github.com/Venafi/vcert/v5 v5.4.0/go.mod h1:iFLQvf78b/8MEBql3ff/B0ZSP97UnQPquRpMc877YrA= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/aws/aws-sdk-go-v2 v1.25.0 h1:sv7+1JVJxOu/dD/sz/csHX7jFqmP001TIY7aytBWDSQ= github.com/aws/aws-sdk-go-v2 v1.25.0/go.mod h1:G104G1Aho5WqF+SR3mDIobTABQzpYV0WxMsKxlMggOA= github.com/aws/aws-sdk-go-v2/config v1.27.0 h1:J5sdGCAHuWKIXLeXiqr8II/adSvetkx0qdZwdbXXpb0= @@ -101,8 +105,12 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= +github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= +github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -181,6 +189,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksP github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= @@ -213,6 +223,9 @@ github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4= @@ -223,6 +236,18 @@ github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= +github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= +github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -318,6 +343,7 @@ github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -383,7 +409,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -404,13 +432,17 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -439,6 +471,7 @@ golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -446,6 +479,7 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -524,6 +558,7 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index ac3993f2a38..e6b3965511d 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -1,3 +1,4 @@ +github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT @@ -10,6 +11,8 @@ github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3 github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause +github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT +github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 @@ -52,7 +55,7 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 8552ee8ef9d..6eb110e34ad 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -6,6 +6,9 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. +replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 + replace github.com/cert-manager/cert-manager => ../../ require ( @@ -17,6 +20,7 @@ require ( ) require ( + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -27,6 +31,8 @@ require ( github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect + github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index 94f7f0c864d..8896578a9cf 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -1,3 +1,7 @@ +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -23,6 +27,10 @@ github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2 github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= +github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= +github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -61,12 +69,29 @@ github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJ github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= +github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= +github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -116,6 +141,7 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= @@ -150,6 +176,9 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= @@ -157,12 +186,19 @@ golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/i golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= @@ -171,6 +207,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -180,16 +217,26 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -199,6 +246,7 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -226,6 +274,7 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/go.mod b/go.mod index d440d387627..ecf7ff2328f 100644 --- a/go.mod +++ b/go.mod @@ -6,6 +6,9 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. +replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 + require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 @@ -20,6 +23,7 @@ require ( github.com/aws/smithy-go v1.20.0 github.com/cpu/goacmedns v0.1.1 github.com/digitalocean/godo v1.109.0 + github.com/go-ldap/ldap/v3 v3.4.8 github.com/go-logr/logr v1.4.1 github.com/google/gnostic-models v0.6.8 github.com/google/gofuzz v1.2.0 @@ -56,6 +60,7 @@ require ( cloud.google.com/go/compute v1.23.3 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect @@ -83,6 +88,7 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/frankban/quicktest v1.14.6 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect github.com/go-jose/go-jose/v3 v3.0.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect diff --git a/go.sum b/go.sum index 4cfda6b6bf3..cf5b3bc592d 100644 --- a/go.sum +++ b/go.sum @@ -11,6 +11,8 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aM github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -20,6 +22,8 @@ github.com/Venafi/vcert/v5 v5.4.0 h1:jsbFNoIO8Ffs5mlOIedj0IecaHFvorY/6gKraj/tbcc github.com/Venafi/vcert/v5 v5.4.0/go.mod h1:iFLQvf78b/8MEBql3ff/B0ZSP97UnQPquRpMc877YrA= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -107,8 +111,12 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= +github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= +github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -189,6 +197,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksP github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= @@ -221,6 +231,9 @@ github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9 github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4= @@ -231,6 +244,18 @@ github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= +github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= +github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 h1:liMMTbpW34dhU4az1GN0pTPADwNmvoRSeoZ6PItiqnY= github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8= @@ -328,6 +353,7 @@ github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= @@ -394,7 +420,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -415,13 +443,17 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -451,6 +483,7 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -458,6 +491,7 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -536,6 +570,7 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/pkg/util/pki/internal/dn.go b/pkg/util/pki/internal/dn.go deleted file mode 100644 index dd6b33cb996..00000000000 --- a/pkg/util/pki/internal/dn.go +++ /dev/null @@ -1,234 +0,0 @@ -/* -Copyright 2020 The cert-manager Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Initial implementation is based on https://github.com/go-ldap/ldap/blob/25b14db0ff3f3c0e927771e4441cdf61400367fd/dn.go - -package internal - -import ( - "encoding/asn1" - "encoding/hex" - "errors" - "fmt" - "strings" -) - -type AttributeTypeAndValue struct { - Type string - Value any -} - -type RelativeDN struct { - Attributes []AttributeTypeAndValue -} - -// ParseDN parses a string representation of a Distinguished Name (DN) into a -// slice of RelativeDNs. The input string should be in the format of a DN as -// defined in RFC 4514 and RFC 2253. The input string is split into Relative -// Distinguished Names (RDNs) by the ',' or ';' character. Each RDN is then -// split into AttributeType and AttributeValue pairs by the '=' character. -// Multiple Attributes in an RDN are separated by the '+' character. The input -// string may contain escaped characters using the '\' character. The following -// characters can be escaped: ' ', '"', '#', '+', ',', ';', '<', '=', '>', and '\'. -// The escaped character is removed and the following character is treated as -// a literal. If the input string contains hex-encoded characters of the form '\XX' -// where XX is a two-character hexadecimal number, the hex-encoded character is -// replaced with the decoded character. If the value of an AttributeValue starts -// with a '#' character, the value is assumed to be hex-encoded asn1 DER and is -// decoded before being added to the RelativeDN. -func ParseDN(str string) ([]RelativeDN, error) { - if len(strings.TrimSpace(str)) == 0 { - return nil, nil - } - - var rdns []RelativeDN - - var attribute AttributeTypeAndValue - var addAttribute func(last bool) - var setType func(string) error - var setValue func(string) error - { - rdn := RelativeDN{} - // addAttribute is a closure that adds the current attribute to the - // current RDN and resets the attribute for the next one. If last is - // true, it also adds the current RDN to the list of RDNs and resets - // the RDN for the next one. - addAttribute = func(last bool) { - rdn.Attributes = append(rdn.Attributes, attribute) - attribute = AttributeTypeAndValue{} - if last { - rdns = append(rdns, rdn) - rdn = RelativeDN{} - } - } - // setType is a closure that sets the type of the current attribute - setType = func(s string) error { - typeVal, err := decodeString(s) - if err != nil { - return err - } - attribute.Type = typeVal - return nil - } - // setValue is a closure that sets the value of the current attribute - setValue = func(s string) error { - if len(s) > 0 && s[0] == '#' { - valueVal, err := decodeEncodedString(s[1:]) - if err != nil { - return err - } - attribute.Value = valueVal - return nil - } else { - valueVal, err := decodeString(s) - if err != nil { - return err - } - attribute.Value = valueVal - return nil - } - } - } - - valueStart := 0 - escaping := false - for pos, char := range str { - switch { - case escaping: - escaping = false - case char == '\\': - escaping = true - case char == '=' && len(attribute.Type) == 0: - if err := setType(str[valueStart:pos]); err != nil { - return nil, err - } - valueStart = pos + 1 - case char == ',' || char == '+' || char == ';': - if len(attribute.Type) == 0 { - return nil, errors.New("incomplete type, value pair") - } - if err := setValue(str[valueStart:pos]); err != nil { - return nil, err - } - valueStart = pos + 1 - - // The attribute value is complete, add it to the RDN - // only go to the next RDN if the separator is a comma - // or semicolon - addAttribute(char == ',' || char == ';') - } - } - - if len(attribute.Type) == 0 { - return nil, errors.New("DN ended with incomplete type, value pair") - } - if err := setValue(str[valueStart:]); err != nil { - return nil, err - } - - // The attribute value is complete, add it to the RDN - addAttribute(true) - - return rdns, nil -} - -// If the string starts with a #, it's a hex-encoded DER value -// This function decodes the value after the # and returns the decoded value. -func decodeEncodedString(inVal string) (any, error) { - decoded, err := hex.DecodeString(inVal) - if err != nil { - return "", fmt.Errorf("failed to decode hex-encoded string: %s", err) - } - - var rawValue asn1.RawValue - rest, err := asn1.Unmarshal(decoded, &rawValue) - if err != nil { - return "", fmt.Errorf("failed to unmarshal hex-encoded string: %s", err) - } - if len(rest) != 0 { - return "", errors.New("trailing data after unmarshalling hex-encoded string") - } - - return rawValue, nil -} - -// Remove leading and trailing spaces from the attribute type and value -// and unescape any escaped characters in these fields -func decodeString(inVal string) (string, error) { - s := []rune(strings.TrimSpace(inVal)) - // Re-add the trailing space if the last character was an escape character - if (len(s) > 0 && s[len(s)-1] == '\\') && (len(inVal) > 0 && inVal[len(inVal)-1] == ' ') { - s = append(s, ' ') - } - - builder := strings.Builder{} - for i := 0; i < len(s); i++ { - r := s[i] - - // If the character is not an escape character, just add it to the - // builder and continue - if r != '\\' { - builder.WriteRune(r) - continue - } - - // If the escape character is the last character, it's a corrupted - // escaped character - if i+1 >= len(s) { - return "", errors.New("got corrupted escaped character") - } - - // If the escaped character is a special character, just add it to - // the builder and continue - switch s[i+1] { - case ' ', '"', '#', '+', ',', ';', '<', '=', '>', '\\': - builder.WriteRune(s[i+1]) - i++ - continue - } - - // If the escaped character is not a special character, it should - // be a hex-encoded character of the form \XX if it's not at least - // two characters long, it's a corrupted escaped character - if i+2 >= len(s) { - return "", errors.New("failed to decode escaped character: encoding/hex: invalid byte: " + string(s[i+1])) - } - - // Get the runes for the two characters after the escape character - // and convert them to a byte slice - xx := []byte(string(s[i+1 : i+3])) - - // If the two runes are not hex characters and result in more than - // two bytes when converted to a byte slice, it's a corrupted - // escaped character - if len(xx) != 2 { - return "", errors.New("failed to decode escaped character: encoding/hex: invalid byte: " + string(xx)) - } - - // Decode the hex-encoded character and add it to the builder - dst := []byte{0} - if n, err := hex.Decode(dst, xx); err != nil { - return "", errors.New("failed to decode escaped character: " + err.Error()) - } else if n != 1 { - return "", fmt.Errorf("failed to decode escaped character: encoding/hex: expected 1 byte when un-escaping, got %d", n) - } - - builder.WriteByte(dst[0]) - i += 2 - } - - return builder.String(), nil -} diff --git a/pkg/util/pki/internal/dn_test.go b/pkg/util/pki/internal/dn_test.go deleted file mode 100644 index 58f9c5783c5..00000000000 --- a/pkg/util/pki/internal/dn_test.go +++ /dev/null @@ -1,184 +0,0 @@ -/* -Copyright 2020 The cert-manager Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -// Initial implementation is based on https://github.com/go-ldap/ldap/blob/25b14db0ff3f3c0e927771e4441cdf61400367fd/dn_test.go - -package internal - -import ( - "encoding/asn1" - "reflect" - "testing" -) - -func TestSuccessfulDNParsing(t *testing.T) { - testcases := map[string][]RelativeDN{ - "": nil, - "cn=Jim\\2C \\22Hasse Hö\\22 Hansson!,dc=dummy,dc=com": { - {[]AttributeTypeAndValue{{"cn", "Jim, \"Hasse Hö\" Hansson!"}}}, - {[]AttributeTypeAndValue{{"dc", "dummy"}}}, - {[]AttributeTypeAndValue{{"dc", "com"}}}, - }, - "UID=jsmith,DC=example,DC=net": { - {[]AttributeTypeAndValue{{"UID", "jsmith"}}}, - {[]AttributeTypeAndValue{{"DC", "example"}}}, - {[]AttributeTypeAndValue{{"DC", "net"}}}, - }, - "OU=Sales+CN=J. Smith,DC=example,DC=net": { - {[]AttributeTypeAndValue{ - {"OU", "Sales"}, - {"CN", "J. Smith"}, - }}, - {[]AttributeTypeAndValue{{"DC", "example"}}}, - {[]AttributeTypeAndValue{{"DC", "net"}}}, - }, - "CN=Lu\\C4\\8Di\\C4\\87": { - {[]AttributeTypeAndValue{{"CN", "Lučić"}}}, - }, - " CN = Lu\\C4\\8Di\\C4\\87 ": { - {[]AttributeTypeAndValue{{"CN", "Lučić"}}}, - }, - ` A = 1 , B = 2 `: { - {[]AttributeTypeAndValue{{"A", "1"}}}, - {[]AttributeTypeAndValue{{"B", "2"}}}, - }, - ` A = 1 + B = 2 `: { - {[]AttributeTypeAndValue{ - {"A", "1"}, - {"B", "2"}, - }}, - }, - ` \ \ A\ \ = \ \ 1\ \ , \ \ B\ \ = \ \ 2\ \ `: { - {[]AttributeTypeAndValue{{" A ", " 1 "}}}, - {[]AttributeTypeAndValue{{" B ", " 2 "}}}, - }, - ` \ \ A\ \ = \ \ 1\ \ + \ \ B\ \ = \ \ 2\ \ `: { - {[]AttributeTypeAndValue{ - {" A ", " 1 "}, - {" B ", " 2 "}, - }}, - }, - `cn=john.doe;dc=example,dc=net`: { - {[]AttributeTypeAndValue{{"cn", "john.doe"}}}, - {[]AttributeTypeAndValue{{"dc", "example"}}}, - {[]AttributeTypeAndValue{{"dc", "net"}}}, - }, - `cn=⭐;dc=❤️=\==,dc=❤️\\`: { - {[]AttributeTypeAndValue{{"cn", "⭐"}}}, - {[]AttributeTypeAndValue{{"dc", "❤️==="}}}, - {[]AttributeTypeAndValue{{"dc", "❤️\\"}}}, - }, - - // Escaped `;` should not be treated as RDN - `cn=john.doe\;weird name,dc=example,dc=net`: { - {[]AttributeTypeAndValue{{"cn", "john.doe;weird name"}}}, - {[]AttributeTypeAndValue{{"dc", "example"}}}, - {[]AttributeTypeAndValue{{"dc", "net"}}}, - }, - `cn=ZXhhbXBsZVRleHQ=,dc=dummy,dc=com`: { - {[]AttributeTypeAndValue{{"cn", "ZXhhbXBsZVRleHQ="}}}, - {[]AttributeTypeAndValue{{"dc", "dummy"}}}, - {[]AttributeTypeAndValue{{"dc", "com"}}}, - }, - `1.3.6.1.4.1.1466.0=test`: { - {[]AttributeTypeAndValue{{"1.3.6.1.4.1.1466.0", "test"}}}, - }, - `1=#04024869`: { - {[]AttributeTypeAndValue{{"1", asn1.RawValue{ - Tag: 4, Class: 0, - IsCompound: false, - Bytes: []byte{0x48, 0x69}, - FullBytes: []byte{0x04, 0x02, 0x48, 0x69}, - }}}}, - }, - `1.3.6.1.4.1.1466.0=#04024869`: { - {[]AttributeTypeAndValue{{"1.3.6.1.4.1.1466.0", asn1.RawValue{ - Tag: 4, Class: 0, - IsCompound: false, - Bytes: []byte{0x48, 0x69}, - FullBytes: []byte{0x04, 0x02, 0x48, 0x69}, - }}}}, - }, - `1.3.6.1.4.1.1466.0=#04024869,DC=net`: { - {[]AttributeTypeAndValue{{"1.3.6.1.4.1.1466.0", asn1.RawValue{ - Tag: 4, Class: 0, - IsCompound: false, - Bytes: []byte{0x48, 0x69}, - FullBytes: []byte{0x04, 0x02, 0x48, 0x69}, - }}}}, - {[]AttributeTypeAndValue{{"DC", "net"}}}, - }, - } - - for test, answer := range testcases { - t.Log("Testing:", test) - - dn, err := ParseDN(test) - if err != nil { - t.Fatal(err) - continue - } - if !reflect.DeepEqual(dn, answer) { - t.Errorf("Parsed DN %s is not equal to the expected structure", test) - t.Logf("Expected:") - for _, rdn := range answer { - for _, attribs := range rdn.Attributes { - t.Logf("#%v\n", attribs) - } - } - t.Logf("Actual:") - for _, rdn := range dn { - for _, attribs := range rdn.Attributes { - t.Logf("#%v\n", attribs) - } - } - } - } -} - -func TestErrorDNParsing(t *testing.T) { - testcases := map[string]string{ - "*": "DN ended with incomplete type, value pair", - "cn=Jim\\0Test": "failed to decode escaped character: encoding/hex: invalid byte: U+0054 'T'", - "cn=Jim\\0": "failed to decode escaped character: encoding/hex: invalid byte: 0", - "DC=example,=net": "DN ended with incomplete type, value pair", - "test,DC=example,DC=com": "incomplete type, value pair", - "=test,DC=example,DC=com": "incomplete type, value pair", - "1.3.6.1.4.1.1466.0=test+": "DN ended with incomplete type, value pair", - `1.3.6.1.4.1.1466.0=test;`: "DN ended with incomplete type, value pair", - "1.3.6.1.4.1.1466.0=test+,": "incomplete type, value pair", - "1=#0402486": "failed to decode hex-encoded string: encoding/hex: odd length hex string", - "DF=#6666666666665006838820013100000746939546349182108463491821809FBFFFFFFFFF": "failed to unmarshal hex-encoded string: asn1: syntax error: data truncated", - } - - for test, answer := range testcases { - _, err := ParseDN(test) - if err == nil { - t.Errorf("Expected %s to fail parsing but succeeded\n", test) - } else if err.Error() != answer { - t.Errorf("Unexpected error on %s:\n%s\nvs.\n%s\n", test, answer, err.Error()) - } - } -} - -func BenchmarkParseSubject(b *testing.B) { - for n := 0; n < b.N; n++ { - _, err := ParseDN("DF=#6666666666665006838820013100000746939546349182108463491821809FBFFFFFFFFF") - if err == nil { - b.Fatal("expected error, but got none") - } - } -} diff --git a/pkg/util/pki/subject.go b/pkg/util/pki/subject.go index 4f04b97d5c7..d7b14625f9f 100644 --- a/pkg/util/pki/subject.go +++ b/pkg/util/pki/subject.go @@ -22,7 +22,7 @@ import ( "encoding/asn1" "errors" - "github.com/cert-manager/cert-manager/pkg/util/pki/internal" + "github.com/go-ldap/ldap/v3" ) var OIDConstants = struct { @@ -66,16 +66,16 @@ var attributeTypeNames = map[string][]int{ } func UnmarshalSubjectStringToRDNSequence(subject string) (pkix.RDNSequence, error) { - dns, err := internal.ParseDN(subject) + dn, err := ldap.ParseDN(subject) if err != nil { return nil, err } // Traverse the parsed RDNSequence in REVERSE order as RDNs in String format are expected to be written in reverse order. // Meaning, a string of "CN=Foo,OU=Bar,O=Baz" actually should have "O=Baz" as the first element in the RDNSequence. - rdns := make(pkix.RDNSequence, 0, len(dns)) - for i := range dns { - ldapRelativeDN := dns[len(dns)-i-1] + rdns := make(pkix.RDNSequence, 0, len(dn.RDNs)) + for i := range dn.RDNs { + ldapRelativeDN := dn.RDNs[len(dn.RDNs)-i-1] atvs := make([]pkix.AttributeTypeAndValue, 0, len(ldapRelativeDN.Attributes)) for _, ldapATV := range ldapRelativeDN.Attributes { diff --git a/pkg/util/pki/subject_test.go b/pkg/util/pki/subject_test.go index 66ee2bc19c4..10d3f387e65 100644 --- a/pkg/util/pki/subject_test.go +++ b/pkg/util/pki/subject_test.go @@ -1,5 +1,5 @@ /* -Copyright 2020 The cert-manager Authors. +Copyright 2024 The cert-manager Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -112,5 +112,105 @@ func TestShouldFailForHexDER(t *testing.T) { t.Fatal("expected error, but got none") } - assert.Contains(t, err.Error(), "failed to unmarshal hex-encoded string: asn1: syntax error: data truncated") + assert.Contains(t, err.Error(), "failed to decode BER encoding: unexpected EOF") +} + +// TestRoundTripRDNSequence tests a set of RDNSequences to ensure that they are +// the same after a round trip through String() and UnmarshalSubjectStringToRDNSequence(). +func TestRoundTripRDNSequence(t *testing.T) { + rdnSequences := []pkix.RDNSequence{ + { + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Organization, Value: "Corp."}, + {Type: OIDConstants.OrganizationalUnit, Value: "FooLong"}, + }, + }, + { + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.CommonName, Value: "foo-lon❤️\\g.com "}, + {Type: OIDConstants.OrganizationalUnit, Value: "Foo===Long"}, + {Type: OIDConstants.OrganizationalUnit, Value: "Ba rq"}, + {Type: OIDConstants.OrganizationalUnit, Value: "Baz"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Organization, Value: "C; orp."}, + {Type: OIDConstants.Country, Value: "US"}, + }, + }, + { + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.CommonName, Value: "fo\x00o-long.com"}, + }, + }, + } + + for _, rdnSeq := range rdnSequences { + newRDNSeq, err := UnmarshalSubjectStringToRDNSequence(rdnSeq.String()) + if err != nil { + t.Fatal(err) + } + + assert.Equal(t, rdnSeq, newRDNSeq) + } +} + +// FuzzRoundTripRDNSequence fuzzes the UnmarshalSubjectStringToRDNSequence function +// by generating random subject strings and for each successfully parsed RDNSequence, +// it will ensure that the round trip through String() and UnmarshalSubjectStringToRDNSequence() +// results in the same RDNSequence. +func FuzzRoundTripRDNSequence(f *testing.F) { + f.Add("CN=foo-long.com,OU=FooLong,OU=Barq,OU=Baz,OU=Dept.,O=Corp.,C=US") + f.Add("CN=foo-lon❤️\\,g.com,OU=Foo===Long,OU=Ba # rq,OU=Baz,O=C\\; orp.,C=US") + f.Add("CN=fo\x00o-long.com,OU=\x04FooLong") + + f.Fuzz(func(t *testing.T, subjectString string) { + t.Parallel() + rdnSeq, err := UnmarshalSubjectStringToRDNSequence(subjectString) + if err != nil { + t.Skip() + } + + // See pkix.go for the list of known attribute types + var knownMarshalTypes = map[string]bool{ + "2.5.4.6": true, + "2.5.4.10": true, + "2.5.4.11": true, + "2.5.4.3": true, + "2.5.4.5": true, + "2.5.4.7": true, + "2.5.4.8": true, + "2.5.4.9": true, + "2.5.4.17": true, + } + hasSpecialChar := func(s string) bool { + for _, char := range s { + if char < ' ' || char > '~' { + return true + } + } + return false + } + for _, rdn := range rdnSeq { + for _, tv := range rdn { + // Skip if the String() function will return a literal OID type, as we + // do not yet support parsing these. + if _, ok := knownMarshalTypes[tv.Type.String()]; !ok { + t.Skip() + } + + // Skip if the value contains special characters, as the String() function + // will not escape them. + if hasSpecialChar(tv.Value.(string)) { + t.Skip() + } + } + } + + newRDNSeq, err := UnmarshalSubjectStringToRDNSequence(rdnSeq.String()) + if err != nil { + t.Fatal(err) + } + + assert.Equal(t, rdnSeq, newRDNSeq) + }) } diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index a0d556d3e80..23a5c3b27a8 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -1,3 +1,4 @@ +github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 @@ -7,6 +8,8 @@ github.com/cloudflare/cloudflare-go,https://github.com/cloudflare/cloudflare-go/ github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause +github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT +github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.20.2/LICENSE,Apache-2.0 @@ -51,7 +54,7 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto/cryptobyte,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 0b07c775f1d..d7c881375c6 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -6,6 +6,9 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. +replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 + replace github.com/cert-manager/cert-manager => ../../ require ( @@ -29,6 +32,7 @@ require ( ) require ( + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect @@ -36,6 +40,8 @@ require ( github.com/emicklei/go-restful/v3 v3.11.2 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect + github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index df56de70017..c55b6e95cba 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -1,3 +1,7 @@ +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -25,6 +29,10 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= +github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= +github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -63,6 +71,8 @@ github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJ github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -77,12 +87,27 @@ github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5O github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/vault-client-go v0.4.3 h1:zG7STGVgn/VK6rnZc0k8PGbfv2x/sJExRKHSUg3ljWc= github.com/hashicorp/vault-client-go v0.4.3/go.mod h1:4tDw7Uhq5XOxS1fO+oMtotHL7j4sB9cp0T7U6m4FzDY= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= +github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= +github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -145,10 +170,16 @@ github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyh github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= +github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -164,6 +195,9 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= @@ -171,12 +205,19 @@ golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/i golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= @@ -185,6 +226,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -197,16 +239,26 @@ golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= @@ -216,6 +268,7 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -235,6 +288,7 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/test/integration/LICENSES b/test/integration/LICENSES index f6298f58b1c..e20ba258234 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -1,3 +1,4 @@ +github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT @@ -12,6 +13,8 @@ github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3 github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause +github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT +github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 diff --git a/test/integration/go.mod b/test/integration/go.mod index 994f89967c9..d1a9fcadd75 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -6,6 +6,9 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. +replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 + replace github.com/cert-manager/cert-manager => ../../ replace github.com/cert-manager/cert-manager/webhook-binary => ../../cmd/webhook/ @@ -23,7 +26,6 @@ require ( k8s.io/apiextensions-apiserver v0.30.0 k8s.io/apimachinery v0.30.0 k8s.io/client-go v0.30.0 - k8s.io/component-base v0.30.0 k8s.io/kube-aggregator v0.30.0 k8s.io/kubectl v0.30.0 k8s.io/utils v0.0.0-20240102154912-e7106e64919e @@ -32,6 +34,7 @@ require ( ) require ( + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect @@ -44,6 +47,8 @@ require ( github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect + github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.20.2 // indirect @@ -112,6 +117,7 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/apiserver v0.30.0 // indirect + k8s.io/component-base v0.30.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 548f163d2a9..dbade6eb5a4 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -14,6 +14,8 @@ github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxB github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -24,6 +26,8 @@ github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdko github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= +github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= @@ -100,7 +104,11 @@ github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2H github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= +github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= +github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= +github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -214,6 +222,8 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= +github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= +github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= @@ -229,6 +239,9 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4 github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No= github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= @@ -239,6 +252,18 @@ github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+h github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= +github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= +github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= +github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= +github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= +github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= +github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= +github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= +github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= +github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= +github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= +github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= +github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9qUBdQ= github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= @@ -457,6 +482,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -469,6 +497,7 @@ golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHl golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -488,10 +517,16 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -507,6 +542,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -529,10 +565,18 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -542,6 +586,8 @@ golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -566,6 +612,7 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 8bed53266e4a56f982011291381ca5df69da6a74 Mon Sep 17 00:00:00 2001 From: Paul Whitehead Date: Thu, 9 May 2024 15:15:09 -0600 Subject: [PATCH 116/177] move token to constant Signed-off-by: Paul Whitehead --- hack/webIdentityToken | 1 - pkg/issuer/acme/dns/route53/route53_test.go | 6 ++++-- 2 files changed, 4 insertions(+), 3 deletions(-) delete mode 100644 hack/webIdentityToken diff --git a/hack/webIdentityToken b/hack/webIdentityToken deleted file mode 100644 index 7b0fd0e46f8..00000000000 --- a/hack/webIdentityToken +++ /dev/null @@ -1 +0,0 @@ -eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNzEwMzUxNjM4LCJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tIiwiYXVkIjoiaHR0cHM6Ly9leGFtcGxlLmNvbSIsImV4cCI6MTc0MTg4NzYwOH0.yu4G8_3ZDsWA1wJC4jZjh9FCEGbW0eke1ffFw1Xhvvw diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index ad7cae95017..7f563dbe51f 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -32,6 +32,8 @@ import ( logf "github.com/cert-manager/cert-manager/pkg/logs" ) +const jwt string = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJzdHMuYW1hem9uYXdzLmNvbSIsImV4cCI6MTc0MTg4NzYwOCwiaWF0IjoxNzEwMzUxNjM4LCJpc3MiOiJodHRwczovL2V4YW1wbGUuY29tIiwibmFtZSI6IkpvaG4gRG9lIiwic3ViIjoiMTIzNDU2Nzg5MCJ9.SfuV3SW-vEdV-tLFIr2PK2DnN6QYmozygav5OeoH36Q" + func makeRoute53Provider(ts *httptest.Server) (*DNSProvider, error) { cfg, err := config.LoadDefaultConfig( context.TODO(), @@ -228,7 +230,7 @@ func TestAssumeRole(t *testing.T) { { name: "should assume role with web identity", role: "my-role", - webIdentityToken: "../../../../../hack/webIdentityToken", + webIdentityToken: jwt, expErr: false, expCreds: creds, mockSTS: &mockSTS{ @@ -241,7 +243,7 @@ func TestAssumeRole(t *testing.T) { }, { name: "require role when using assume role with web identity", - webIdentityToken: "../../../../../hack/webIdentityToken", + webIdentityToken: jwt, expErr: true, expCreds: nil, mockSTS: &mockSTS{ From dead7c221121370df87fff466c8ff7a83d187be9 Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Mon, 28 Aug 2023 11:37:40 +0200 Subject: [PATCH 117/177] feat: Support concurrent updates for Azure DNS Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns.go | 60 ++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index da5a768e1ff..aca2c92dacd 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -255,3 +255,63 @@ func stabilizeError(err error) error { return err } + +// Updates or removes DNS TXT record while respecting optimistic concurrency control +func (c *DNSProvider) updateTXTRecord(zone, name string, updater func(*dns.RecordSet)) error { + var set *dns.RecordSet + + resp, err := c.recordClient.Get(context.TODO(), c.resourceGroupName, zone, name, dns.RecordTypeTXT, nil) + if err != nil { + var respErr *azcore.ResponseError + if errors.As(err, &respErr); respErr.StatusCode == 404 { + set = &dns.RecordSet{ + Properties: &dns.RecordSetProperties{ + TTL: to.Ptr(int64(60)), + TxtRecords: []*dns.TxtRecord{}, + }, + Etag: to.Ptr(""), + } + } else { + return fmt.Errorf("cannot get DNS record set: %w", err) + } + } else { + set = &resp.RecordSet + } + + updater(set) + + if len(set.Properties.TxtRecords) == 0 { + if *set.Etag != "" { + // Etag will cause the deletion to fail if any updates happen concurrently + _, err = c.recordClient.Delete(context.TODO(), c.resourceGroupName, zone, name, dns.RecordTypeTXT, &dns.RecordSetsClientDeleteOptions{IfMatch: set.Etag}) + if err != nil { + return fmt.Errorf("cannot delete DNS record set: %w", err) + } + } + + return nil + } + + opts := &dns.RecordSetsClientCreateOrUpdateOptions{} + if *set.Etag == "" { + // This is used to indicate that we want the API call to fail if a conflicting record was created concurrently + // Only relevant when this is a new record, for updates conflicts are solved with Etag + opts.IfNoneMatch = to.Ptr("*") + } else { + opts.IfMatch = set.Etag + } + + _, err = c.recordClient.CreateOrUpdate( + context.TODO(), + c.resourceGroupName, + zone, + name, + dns.RecordTypeTXT, + *set, + opts) + if err != nil { + return fmt.Errorf("cannot upsert DNS record set: %w", err) + } + + return nil +} From 53f73d589162a89417d025706c1c8f9c59934aee Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Mon, 18 Sep 2023 16:30:17 +0200 Subject: [PATCH 118/177] Fix error handling and add basic test Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index 1d5947e4bba..c8d9f85cb6a 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -69,6 +69,19 @@ func TestLiveAzureDnsPresent(t *testing.T) { assert.NoError(t, err) } +func TestLiveAzureDnsPresentMultiple(t *testing.T) { + if !azureLiveTest { + t.Skip("skipping live test") + } + provider, err := NewDNSProviderCredentials("", azureClientID, azureClientSecret, azuresubscriptionID, azureTenantID, azureResourceGroupName, azureHostedZoneName, util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) + assert.NoError(t, err) + + err = provider.Present(azureDomain, "_acme-challenge."+azureDomain+".", "123d==") + assert.NoError(t, err) + err = provider.Present(azureDomain, "_acme-challenge."+azureDomain+".", "1123d==") + assert.NoError(t, err) +} + func TestLiveAzureDnsCleanUp(t *testing.T) { if !azureLiveTest { t.Skip("skipping live test") @@ -83,6 +96,22 @@ func TestLiveAzureDnsCleanUp(t *testing.T) { assert.NoError(t, err) } +func TestLiveAzureDnsCleanUpMultiple(t *testing.T) { + if !azureLiveTest { + t.Skip("skipping live test") + } + + time.Sleep(time.Second * 10) + + provider, err := NewDNSProviderCredentials("", azureClientID, azureClientSecret, azuresubscriptionID, azureTenantID, azureResourceGroupName, azureHostedZoneName, util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) + assert.NoError(t, err) + + err = provider.CleanUp(azureDomain, "_acme-challenge."+azureDomain+".", "123d==") + assert.NoError(t, err) + err = provider.CleanUp(azureDomain, "_acme-challenge."+azureDomain+".", "1123d==") + assert.NoError(t, err) +} + func TestInvalidAzureDns(t *testing.T) { validEnv := []string{"", "AzurePublicCloud", "AzureChinaCloud", "AzureUSGovernmentCloud"} for _, env := range validEnv { From 747d88ce663593e110d4abbb6392d6b967c0265c Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Fri, 10 May 2024 11:05:14 +0200 Subject: [PATCH 119/177] Rewrite to new Azure SDK Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns.go | 163 ++++++++---------- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 8 +- 2 files changed, 80 insertions(+), 91 deletions(-) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index aca2c92dacd..f7a1b3a949a 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -27,6 +27,7 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" dns "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns" + "github.com/aws/smithy-go/ptr" "github.com/go-logr/logr" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" @@ -138,57 +139,35 @@ func getAuthorization(clientOpt policy.ClientOptions, clientID, clientSecret, te // Present creates a TXT record using the specified parameters func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) error { - return c.createRecord(ctx, fqdn, value, 60) + return c.updateTXTRecord(ctx, fqdn, func(set *dns.RecordSet) { + var found bool + for _, r := range set.Properties.TxtRecords { + if len(r.Value) > 0 && *r.Value[0] == value { + found = true + break + } + } + + if !found { + set.Properties.TxtRecords = append(set.Properties.TxtRecords, &dns.TxtRecord{ + Value: []*string{ptr.String(value)}, + }) + } + }) } // CleanUp removes the TXT record matching the specified parameters func (c *DNSProvider) CleanUp(ctx context.Context, domain, fqdn, value string) error { - z, err := c.getHostedZoneName(ctx, fqdn) - if err != nil { - c.log.Error(err, "Error getting hosted zone name for fqdn", "fqdn", fqdn) - return err - } + return c.updateTXTRecord(ctx, fqdn, func(set *dns.RecordSet) { + var records []*dns.TxtRecord + for _, r := range set.Properties.TxtRecords { + if len(r.Value) > 0 && *r.Value[0] != value { + records = append(records, r) + } + } - _, err = c.recordClient.Delete( - ctx, - c.resourceGroupName, - z, - c.trimFqdn(fqdn, z), - dns.RecordTypeTXT, nil) - if err != nil { - c.log.Error(err, "Error deleting TXT", "zone", z, "domain", fqdn, "resource group", c.resourceGroupName) - return stabilizeError(err) - } - return nil -} - -func (c *DNSProvider) createRecord(ctx context.Context, fqdn, value string, ttl int) error { - rparams := &dns.RecordSet{ - Properties: &dns.RecordSetProperties{ - TTL: to.Ptr(int64(ttl)), - TxtRecords: []*dns.TxtRecord{ - {Value: []*string{&value}}, - }, - }, - } - - z, err := c.getHostedZoneName(ctx, fqdn) - if err != nil { - return err - } - - _, err = c.recordClient.CreateOrUpdate( - ctx, - c.resourceGroupName, - z, - c.trimFqdn(fqdn, z), - dns.RecordTypeTXT, - *rparams, nil) - if err != nil { - c.log.Error(err, "Error creating TXT", "zone", z, "domain", fqdn, "resource group", c.resourceGroupName) - return stabilizeError(err) - } - return nil + set.Properties.TxtRecords = records + }) } func (c *DNSProvider) getHostedZoneName(ctx context.Context, fqdn string) (string, error) { @@ -220,47 +199,18 @@ func (c *DNSProvider) trimFqdn(fqdn string, zone string) string { return strings.TrimSuffix(strings.TrimSuffix(fqdn, "."), "."+z) } -// The azure-sdk library returns the contents of the HTTP requests in its -// error messages. We want our error messages to be the same when the cause -// is the same to avoid spurious challenge updates. -// -// The given error must not be nil. This function must be called everywhere -// we have a non-nil error coming from a azure-sdk func that makes API calls. -func stabilizeError(err error) error { - if err == nil { - return nil - } - - redactResponse := func(resp *http.Response) *http.Response { - if resp == nil { - return nil - } - - response := *resp - response.Body = io.NopCloser(bytes.NewReader([]byte(""))) - return &response - } - - var authErr *azidentity.AuthenticationFailedError - if errors.As(err, &authErr) { - //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. - authErr.RawResponse = redactResponse(authErr.RawResponse) - } - - var respErr *azcore.ResponseError - if errors.As(err, &respErr) { - //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. - respErr.RawResponse = redactResponse(respErr.RawResponse) +// Updates or removes DNS TXT record while respecting optimistic concurrency control +func (c *DNSProvider) updateTXTRecord(ctx context.Context, fqdn string, updater func(*dns.RecordSet)) error { + zone, err := c.getHostedZoneName(ctx, fqdn) + if err != nil { + return err } - return err -} + name := c.trimFqdn(fqdn, zone) -// Updates or removes DNS TXT record while respecting optimistic concurrency control -func (c *DNSProvider) updateTXTRecord(zone, name string, updater func(*dns.RecordSet)) error { var set *dns.RecordSet - resp, err := c.recordClient.Get(context.TODO(), c.resourceGroupName, zone, name, dns.RecordTypeTXT, nil) + resp, err := c.recordClient.Get(ctx, c.resourceGroupName, zone, name, dns.RecordTypeTXT, nil) if err != nil { var respErr *azcore.ResponseError if errors.As(err, &respErr); respErr.StatusCode == 404 { @@ -272,7 +222,8 @@ func (c *DNSProvider) updateTXTRecord(zone, name string, updater func(*dns.Recor Etag: to.Ptr(""), } } else { - return fmt.Errorf("cannot get DNS record set: %w", err) + c.log.Error(err, "Error reading TXT", "zone", zone, "domain", fqdn, "resource group", c.resourceGroupName) + return stabilizeError(err) } } else { set = &resp.RecordSet @@ -283,9 +234,10 @@ func (c *DNSProvider) updateTXTRecord(zone, name string, updater func(*dns.Recor if len(set.Properties.TxtRecords) == 0 { if *set.Etag != "" { // Etag will cause the deletion to fail if any updates happen concurrently - _, err = c.recordClient.Delete(context.TODO(), c.resourceGroupName, zone, name, dns.RecordTypeTXT, &dns.RecordSetsClientDeleteOptions{IfMatch: set.Etag}) + _, err = c.recordClient.Delete(ctx, c.resourceGroupName, zone, name, dns.RecordTypeTXT, &dns.RecordSetsClientDeleteOptions{IfMatch: set.Etag}) if err != nil { - return fmt.Errorf("cannot delete DNS record set: %w", err) + c.log.Error(err, "Error deleting TXT", "zone", zone, "domain", fqdn, "resource group", c.resourceGroupName) + return stabilizeError(err) } } @@ -302,7 +254,7 @@ func (c *DNSProvider) updateTXTRecord(zone, name string, updater func(*dns.Recor } _, err = c.recordClient.CreateOrUpdate( - context.TODO(), + ctx, c.resourceGroupName, zone, name, @@ -310,8 +262,45 @@ func (c *DNSProvider) updateTXTRecord(zone, name string, updater func(*dns.Recor *set, opts) if err != nil { - return fmt.Errorf("cannot upsert DNS record set: %w", err) + c.log.Error(err, "Error upserting TXT", "zone", zone, "domain", fqdn, "resource group", c.resourceGroupName) + return stabilizeError(err) } return nil } + +// The azure-sdk library returns the contents of the HTTP requests in its +// error messages. We want our error messages to be the same when the cause +// is the same to avoid spurious challenge updates. +// +// The given error must not be nil. This function must be called everywhere +// we have a non-nil error coming from a azure-sdk func that makes API calls. +func stabilizeError(err error) error { + if err == nil { + return nil + } + + redactResponse := func(resp *http.Response) *http.Response { + if resp == nil { + return nil + } + + response := *resp + response.Body = io.NopCloser(bytes.NewReader([]byte(""))) + return &response + } + + var authErr *azidentity.AuthenticationFailedError + if errors.As(err, &authErr) { + //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. + authErr.RawResponse = redactResponse(authErr.RawResponse) + } + + var respErr *azcore.ResponseError + if errors.As(err, &respErr) { + //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. + respErr.RawResponse = redactResponse(respErr.RawResponse) + } + + return err +} diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index c8d9f85cb6a..0cd7c0c31b2 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -76,9 +76,9 @@ func TestLiveAzureDnsPresentMultiple(t *testing.T) { provider, err := NewDNSProviderCredentials("", azureClientID, azureClientSecret, azuresubscriptionID, azureTenantID, azureResourceGroupName, azureHostedZoneName, util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) assert.NoError(t, err) - err = provider.Present(azureDomain, "_acme-challenge."+azureDomain+".", "123d==") + err = provider.Present(context.TODO(), azureDomain, "_acme-challenge."+azureDomain+".", "123d==") assert.NoError(t, err) - err = provider.Present(azureDomain, "_acme-challenge."+azureDomain+".", "1123d==") + err = provider.Present(context.TODO(), azureDomain, "_acme-challenge."+azureDomain+".", "1123d==") assert.NoError(t, err) } @@ -106,9 +106,9 @@ func TestLiveAzureDnsCleanUpMultiple(t *testing.T) { provider, err := NewDNSProviderCredentials("", azureClientID, azureClientSecret, azuresubscriptionID, azureTenantID, azureResourceGroupName, azureHostedZoneName, util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) assert.NoError(t, err) - err = provider.CleanUp(azureDomain, "_acme-challenge."+azureDomain+".", "123d==") + err = provider.CleanUp(context.TODO(), azureDomain, "_acme-challenge."+azureDomain+".", "123d==") assert.NoError(t, err) - err = provider.CleanUp(azureDomain, "_acme-challenge."+azureDomain+".", "1123d==") + err = provider.CleanUp(context.TODO(), azureDomain, "_acme-challenge."+azureDomain+".", "1123d==") assert.NoError(t, err) } From c180fefc9c14e5a837ae44740203a9c37be6c15d Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Fri, 10 May 2024 11:08:43 +0200 Subject: [PATCH 120/177] Remove unnecessary AWS SDK dependency Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index f7a1b3a949a..0b6181ec5a4 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -27,7 +27,6 @@ import ( "github.com/Azure/azure-sdk-for-go/sdk/azcore/to" "github.com/Azure/azure-sdk-for-go/sdk/azidentity" dns "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns" - "github.com/aws/smithy-go/ptr" "github.com/go-logr/logr" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" @@ -150,7 +149,7 @@ func (c *DNSProvider) Present(ctx context.Context, domain, fqdn, value string) e if !found { set.Properties.TxtRecords = append(set.Properties.TxtRecords, &dns.TxtRecord{ - Value: []*string{ptr.String(value)}, + Value: []*string{to.Ptr(value)}, }) } }) From 0f6eaa9ab818a29f9dff374bc08285189934c631 Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Fri, 10 May 2024 11:28:01 +0200 Subject: [PATCH 121/177] Fix lint Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index 0b6181ec5a4..27994c73be5 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -212,7 +212,7 @@ func (c *DNSProvider) updateTXTRecord(ctx context.Context, fqdn string, updater resp, err := c.recordClient.Get(ctx, c.resourceGroupName, zone, name, dns.RecordTypeTXT, nil) if err != nil { var respErr *azcore.ResponseError - if errors.As(err, &respErr); respErr.StatusCode == 404 { + if errors.As(err, &respErr); respErr.StatusCode == http.StatusNotFound { set = &dns.RecordSet{ Properties: &dns.RecordSetProperties{ TTL: to.Ptr(int64(60)), From 9d1c959a1eaf7d649e9fcfe27410b3870b9b174d Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 10 May 2024 09:27:50 +0200 Subject: [PATCH 122/177] LiteralSubject: add support for literal oid type values Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/util/pki/subject.go | 13 ++++++++++++- pkg/util/pki/subject_test.go | 25 ++++++++----------------- 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/pkg/util/pki/subject.go b/pkg/util/pki/subject.go index d7b14625f9f..87ebe7f0659 100644 --- a/pkg/util/pki/subject.go +++ b/pkg/util/pki/subject.go @@ -79,8 +79,19 @@ func UnmarshalSubjectStringToRDNSequence(subject string) (pkix.RDNSequence, erro atvs := make([]pkix.AttributeTypeAndValue, 0, len(ldapRelativeDN.Attributes)) for _, ldapATV := range ldapRelativeDN.Attributes { + oid, ok := attributeTypeNames[ldapATV.Type] + if !ok { + // If the attribute type is not known, we try to parse it as an OID. + // If it is not an OID, we set Type=nil + + oid, err = ParseObjectIdentifier(ldapATV.Type) + if err != nil { + oid = nil + } + } + atvs = append(atvs, pkix.AttributeTypeAndValue{ - Type: attributeTypeNames[ldapATV.Type], + Type: oid, Value: ldapATV.Value, }) } diff --git a/pkg/util/pki/subject_test.go b/pkg/util/pki/subject_test.go index 10d3f387e65..1a701741ca0 100644 --- a/pkg/util/pki/subject_test.go +++ b/pkg/util/pki/subject_test.go @@ -18,13 +18,14 @@ package pki import ( "crypto/x509/pkix" + "encoding/asn1" "testing" "github.com/stretchr/testify/assert" ) func TestMustParseRDN(t *testing.T) { - subject := "SERIALNUMBER=42, L=some-locality, ST=some-state-or-province, STREET=some-street, CN=foo-long.com, OU=FooLong, OU=Barq, OU=Baz, OU=Dept., O=Corp., C=US" + subject := "SERIALNUMBER=42, L=some-locality, ST=some-state-or-province, STREET=some-street, CN=foo-long.com, OU=FooLong, OU=Barq, OU=Baz, OU=Dept., O=Corp., C=US+123.544.555= A Test Value " rdnSeq, err := UnmarshalSubjectStringToRDNSequence(subject) if err != nil { t.Fatal(err) @@ -34,6 +35,7 @@ func TestMustParseRDN(t *testing.T) { pkix.RDNSequence{ []pkix.AttributeTypeAndValue{ {Type: OIDConstants.Country, Value: "US"}, + {Type: asn1.ObjectIdentifier{123, 544, 555}, Value: "A Test Value"}, }, []pkix.AttributeTypeAndValue{ {Type: OIDConstants.Organization, Value: "Corp."}, @@ -139,7 +141,7 @@ func TestRoundTripRDNSequence(t *testing.T) { }, { []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.CommonName, Value: "fo\x00o-long.com"}, + {Type: asn1.ObjectIdentifier{0, 5, 80, 99, 58962185}, Value: "fo\x00o-long.com"}, }, }, } @@ -170,18 +172,6 @@ func FuzzRoundTripRDNSequence(f *testing.F) { t.Skip() } - // See pkix.go for the list of known attribute types - var knownMarshalTypes = map[string]bool{ - "2.5.4.6": true, - "2.5.4.10": true, - "2.5.4.11": true, - "2.5.4.3": true, - "2.5.4.5": true, - "2.5.4.7": true, - "2.5.4.8": true, - "2.5.4.9": true, - "2.5.4.17": true, - } hasSpecialChar := func(s string) bool { for _, char := range s { if char < ' ' || char > '~' { @@ -192,9 +182,10 @@ func FuzzRoundTripRDNSequence(f *testing.F) { } for _, rdn := range rdnSeq { for _, tv := range rdn { - // Skip if the String() function will return a literal OID type, as we - // do not yet support parsing these. - if _, ok := knownMarshalTypes[tv.Type.String()]; !ok { + // Skip if the Type was not recognized. The String() output will be + // an invalid type, value pair with empty type, which will give a "DN ended with + // an incomplete type, value pair" error when parsing. + if tv.Type.String() == "" { t.Skip() } From 0a452989710971700b7a29a14cb100e18c4cd415 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 10 May 2024 20:43:54 +0200 Subject: [PATCH 123/177] improve tests based on review Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/util/pki/subject_test.go | 61 +++++++++++++++++++++++------------- 1 file changed, 40 insertions(+), 21 deletions(-) diff --git a/pkg/util/pki/subject_test.go b/pkg/util/pki/subject_test.go index 1a701741ca0..33e0c8b19ff 100644 --- a/pkg/util/pki/subject_test.go +++ b/pkg/util/pki/subject_test.go @@ -120,39 +120,56 @@ func TestShouldFailForHexDER(t *testing.T) { // TestRoundTripRDNSequence tests a set of RDNSequences to ensure that they are // the same after a round trip through String() and UnmarshalSubjectStringToRDNSequence(). func TestRoundTripRDNSequence(t *testing.T) { - rdnSequences := []pkix.RDNSequence{ + type testCase struct { + name string + rdn pkix.RDNSequence + } + rdnSequences := []testCase{ { - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.Organization, Value: "Corp."}, - {Type: OIDConstants.OrganizationalUnit, Value: "FooLong"}, + name: "Simple RDNSequence", + rdn: pkix.RDNSequence{ + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Organization, Value: "Corp."}, + {Type: OIDConstants.OrganizationalUnit, Value: "FooLong"}, + }, }, }, { - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.CommonName, Value: "foo-lon❤️\\g.com "}, - {Type: OIDConstants.OrganizationalUnit, Value: "Foo===Long"}, - {Type: OIDConstants.OrganizationalUnit, Value: "Ba rq"}, - {Type: OIDConstants.OrganizationalUnit, Value: "Baz"}, - }, - []pkix.AttributeTypeAndValue{ - {Type: OIDConstants.Organization, Value: "C; orp."}, - {Type: OIDConstants.Country, Value: "US"}, + name: "Character Escaping", + rdn: pkix.RDNSequence{ + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.CommonName, Value: "foo-lon❤️\\g.com "}, + {Type: OIDConstants.OrganizationalUnit, Value: "Foo===Long"}, + {Type: OIDConstants.OrganizationalUnit, Value: "Ba rq"}, + {Type: OIDConstants.OrganizationalUnit, Value: "Baz"}, + {Type: OIDConstants.Country, Value: "fo\x00o-long.com"}, + }, + []pkix.AttributeTypeAndValue{ + {Type: OIDConstants.Organization, Value: "C; orp."}, + {Type: OIDConstants.Country, Value: "US"}, + }, }, }, { - []pkix.AttributeTypeAndValue{ - {Type: asn1.ObjectIdentifier{0, 5, 80, 99, 58962185}, Value: "fo\x00o-long.com"}, + name: "Numeric OID", + rdn: pkix.RDNSequence{ + []pkix.AttributeTypeAndValue{ + {Type: asn1.ObjectIdentifier{0, 5, 80, 99, 58962185}, Value: "String Value"}, + }, }, }, } - for _, rdnSeq := range rdnSequences { - newRDNSeq, err := UnmarshalSubjectStringToRDNSequence(rdnSeq.String()) - if err != nil { - t.Fatal(err) - } + for _, tc := range rdnSequences { + tc := tc + t.Run(tc.name, func(t *testing.T) { + newRDNSeq, err := UnmarshalSubjectStringToRDNSequence(tc.rdn.String()) + if err != nil { + t.Fatal(err) + } - assert.Equal(t, rdnSeq, newRDNSeq) + assert.Equal(t, tc.rdn, newRDNSeq) + }) } } @@ -164,6 +181,8 @@ func FuzzRoundTripRDNSequence(f *testing.F) { f.Add("CN=foo-long.com,OU=FooLong,OU=Barq,OU=Baz,OU=Dept.,O=Corp.,C=US") f.Add("CN=foo-lon❤️\\,g.com,OU=Foo===Long,OU=Ba # rq,OU=Baz,O=C\\; orp.,C=US") f.Add("CN=fo\x00o-long.com,OU=\x04FooLong") + f.Add("1.2.3.4=String Value") + f.Add("1.3.6.1.4.1.1466.0=#04024869") f.Fuzz(func(t *testing.T, subjectString string) { t.Parallel() From a07b0c1fad943c54b38dc50ca4b4dbdf2bfb4d69 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Mon, 13 May 2024 00:21:03 +0000 Subject: [PATCH 124/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- make/_shared/tools/00_mod.mk | 5 ++++- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/klone.yaml b/klone.yaml index d7446d1c060..fd4e5a533d1 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd + repo_hash: b6dc86973e937be38a138f38cf83134760487f26 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd + repo_hash: b6dc86973e937be38a138f38cf83134760487f26 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd + repo_hash: b6dc86973e937be38a138f38cf83134760487f26 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd + repo_hash: b6dc86973e937be38a138f38cf83134760487f26 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd + repo_hash: b6dc86973e937be38a138f38cf83134760487f26 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd + repo_hash: b6dc86973e937be38a138f38cf83134760487f26 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 7f6ae2a9f6de1aad0bb32b0cd89ca43989d0d6dd + repo_hash: b6dc86973e937be38a138f38cf83134760487f26 repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index b986e641506..6807190b657 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -126,8 +126,10 @@ tools += operator-sdk=v1.34.1 tools += gh=v2.49.0 # https:///github.com/redhat-openshift-ecosystem/openshift-preflight/releases tools += preflight=1.9.2 -# https://github.com/daixiang0/gci/releases/ +# https://github.com/daixiang0/gci/releases tools += gci=v0.13.4 +# https://github.com/google/yamlfmt/releases +tools += yamlfmt=v0.12.1 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions K8S_CODEGEN_VERSION := v0.29.3 @@ -326,6 +328,7 @@ go_dependencies += govulncheck=golang.org/x/vuln/cmd/govulncheck go_dependencies += operator-sdk=github.com/operator-framework/operator-sdk/cmd/operator-sdk go_dependencies += gh=github.com/cli/cli/v2/cmd/gh go_dependencies += gci=github.com/daixiang0/gci +go_dependencies += yamlfmt=github.com/google/yamlfmt/cmd/yamlfmt ################# # go build tags # From 44f79d6c479ee32dfa2e0bcaeaf61e1672592873 Mon Sep 17 00:00:00 2001 From: Paul Whitehead Date: Mon, 13 May 2024 09:44:12 -0600 Subject: [PATCH 125/177] better handling of nil structs Signed-off-by: Paul Whitehead --- pkg/issuer/acme/dns/dns.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/issuer/acme/dns/dns.go b/pkg/issuer/acme/dns/dns.go index 6c895309bec..239a7302ee3 100644 --- a/pkg/issuer/acme/dns/dns.go +++ b/pkg/issuer/acme/dns/dns.go @@ -347,7 +347,11 @@ func (s *Solver) solverForChallenge(ctx context.Context, issuer v1.GenericIssuer } webIdentityToken := "" - if providerConfig.Route53.Auth != nil { + if providerConfig.Route53.Auth != nil && providerConfig.Route53.Auth.Kubernetes != nil && providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef != nil { + if providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.Name == "" { + return nil, nil, fmt.Errorf("service account name is required for Kubernetes auth") + } + audiences := []string{"sts.amazonaws.com"} if len(providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.TokenAudiences) != 0 { audiences = providerConfig.Route53.Auth.Kubernetes.ServiceAccountRef.TokenAudiences From cfe974b77517c985aad8297604a17a7b2dfd96a4 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 14 May 2024 09:28:10 +0200 Subject: [PATCH 126/177] deduplicate shared config API structs Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- cmd/controller/app/controller.go | 3 +- hack/k8s-codegen.sh | 31 ++- internal/apis/config/cainjector/types.go | 31 +-- .../config/cainjector/v1alpha1/defaults.go | 33 --- .../v1alpha1/zz_generated.conversion.go | 48 +---- .../v1alpha1/zz_generated.defaults.go | 3 +- .../cainjector/zz_generated.deepcopy.go | 16 -- internal/apis/config/controller/types.go | 93 +-------- .../config/controller/v1alpha1/conversion.go | 51 ----- .../config/controller/v1alpha1/defaults.go | 27 --- .../v1alpha1/testdata/defaults.json | 2 +- .../v1alpha1/zz_generated.conversion.go | 165 ++------------- .../v1alpha1/zz_generated.defaults.go | 3 + .../controller/validation/validation_test.go | 35 ++-- .../controller/zz_generated.deepcopy.go | 61 +----- internal/apis/config/shared/doc.go | 20 ++ .../config/shared/types_leaderelection.go | 44 ++++ .../apis/config/shared/types_tlsconfig.go | 85 ++++++++ .../apis/config/shared/v1alpha1/conversion.go | 78 +++++++ .../apis/config/shared/v1alpha1/defaults.go | 61 ++++++ internal/apis/config/shared/v1alpha1/doc.go | 22 ++ .../apis/config/shared/v1alpha1/register.go | 25 +++ .../v1alpha1/zz_generated.conversion.go | 197 ++++++++++++++++++ .../shared/v1alpha1/zz_generated.defaults.go | 33 +++ .../config/shared/zz_generated.deepcopy.go | 98 +++++++++ internal/apis/config/webhook/types.go | 74 +------ .../webhook/v1alpha1/testdata/defaults.json | 2 +- .../v1alpha1/zz_generated.conversion.go | 118 +---------- .../webhook/v1alpha1/zz_generated.defaults.go | 2 + .../webhook/validation/validation_test.go | 35 ++-- .../config/webhook/zz_generated.deepcopy.go | 60 ------ internal/webhook/webhook.go | 3 +- pkg/apis/config/cainjector/v1alpha1/types.go | 31 +-- .../v1alpha1/zz_generated.deepcopy.go | 21 -- pkg/apis/config/controller/v1alpha1/types.go | 95 +-------- .../v1alpha1/zz_generated.deepcopy.go | 87 +------- .../apis/config/shared/doc.go | 3 +- .../apis/config/shared/v1alpha1/doc.go | 1 + .../shared/v1alpha1/types_leaderelection.go | 44 ++++ .../config/shared/v1alpha1/types_tlsconfig.go | 71 +++++++ .../shared/v1alpha1/zz_generated.deepcopy.go | 103 +++++++++ pkg/apis/config/webhook/v1alpha1/types.go | 60 +----- .../webhook/v1alpha1/zz_generated.deepcopy.go | 60 ------ 43 files changed, 998 insertions(+), 1137 deletions(-) delete mode 100644 internal/apis/config/controller/v1alpha1/conversion.go create mode 100644 internal/apis/config/shared/doc.go create mode 100644 internal/apis/config/shared/types_leaderelection.go create mode 100644 internal/apis/config/shared/types_tlsconfig.go create mode 100644 internal/apis/config/shared/v1alpha1/conversion.go create mode 100644 internal/apis/config/shared/v1alpha1/defaults.go create mode 100644 internal/apis/config/shared/v1alpha1/doc.go create mode 100644 internal/apis/config/shared/v1alpha1/register.go create mode 100644 internal/apis/config/shared/v1alpha1/zz_generated.conversion.go create mode 100644 internal/apis/config/shared/v1alpha1/zz_generated.defaults.go create mode 100644 internal/apis/config/shared/zz_generated.deepcopy.go rename internal/apis/config/webhook/v1alpha1/conversion.go => pkg/apis/config/shared/doc.go (85%) rename internal/apis/config/cainjector/v1alpha1/conversion.go => pkg/apis/config/shared/v1alpha1/doc.go (93%) create mode 100644 pkg/apis/config/shared/v1alpha1/types_leaderelection.go create mode 100644 pkg/apis/config/shared/v1alpha1/types_tlsconfig.go create mode 100644 pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go diff --git a/cmd/controller/app/controller.go b/cmd/controller/app/controller.go index 9490c3ca1d6..4e38de81224 100644 --- a/cmd/controller/app/controller.go +++ b/cmd/controller/app/controller.go @@ -39,6 +39,7 @@ import ( "github.com/cert-manager/cert-manager/controller-binary/app/options" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" + "github.com/cert-manager/cert-manager/internal/apis/config/shared" "github.com/cert-manager/cert-manager/internal/controller/feature" "github.com/cert-manager/cert-manager/pkg/acme/accounts" "github.com/cert-manager/cert-manager/pkg/controller" @@ -411,7 +412,7 @@ func startLeaderElection(ctx context.Context, opts *config.ControllerConfigurati return nil } -func buildCertificateSource(log logr.Logger, tlsConfig config.TLSConfig, restCfg *rest.Config) tls.CertificateSource { +func buildCertificateSource(log logr.Logger, tlsConfig shared.TLSConfig, restCfg *rest.Config) tls.CertificateSource { switch { case tlsConfig.FilesystemConfigProvided(): log.V(logf.InfoLevel).Info("using TLS certificate from local filesystem", "private_key_path", tlsConfig.Filesystem.KeyFile, "certificate", tlsConfig.Filesystem.CertFile) diff --git a/hack/k8s-codegen.sh b/hack/k8s-codegen.sh index 40c887060de..01d33abdef2 100755 --- a/hack/k8s-codegen.sh +++ b/hack/k8s-codegen.sh @@ -62,6 +62,8 @@ deepcopy_inputs=( internal/apis/config/webhook \ pkg/apis/config/controller/v1alpha1 \ internal/apis/config/controller \ + pkg/apis/config/shared/v1alpha1 \ + internal/apis/config/shared \ pkg/apis/meta/v1 \ internal/apis/meta \ pkg/acme/webhook/apis/acme/v1alpha1 \ @@ -85,6 +87,7 @@ defaulter_inputs=( internal/apis/acme/v1alpha3 \ internal/apis/acme/v1beta1 \ internal/apis/acme/v1 \ + internal/apis/config/shared/v1alpha1 \ internal/apis/config/cainjector/v1alpha1 \ internal/apis/config/webhook/v1alpha1 \ internal/apis/config/controller/v1alpha1 \ @@ -101,6 +104,7 @@ conversion_inputs=( internal/apis/acme/v1alpha3 \ internal/apis/acme/v1beta1 \ internal/apis/acme/v1 \ + internal/apis/config/shared/v1alpha1 \ internal/apis/config/cainjector/v1alpha1 \ internal/apis/config/webhook/v1alpha1 \ internal/apis/config/controller/v1alpha1 \ @@ -208,12 +212,22 @@ gen-defaulters() { clean internal/apis 'zz_generated.defaults.go' clean pkg/webhook/handlers/testdata/apis 'zz_generated.defaults.go' echo "+++ ${VERB} defaulting functions..." >&2 - prefixed_inputs=( "${defaulter_inputs[@]/#/$module_name/}" ) - joined=$( IFS=$','; echo "${prefixed_inputs[*]}" ) + + DEFAULT_EXTRA_PEER_PKGS=( + github.com/cert-manager/cert-manager/internal/apis/meta \ + github.com/cert-manager/cert-manager/internal/apis/meta/v1 \ + github.com/cert-manager/cert-manager/internal/apis/config/shared \ + github.com/cert-manager/cert-manager/internal/apis/config/shared/v1alpha1 \ + github.com/cert-manager/cert-manager/pkg/apis/meta/v1 \ + github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1 \ + ) + DEFAULT_PKGS=( "${defaulter_inputs[@]/#/$module_name/}" ) + "$defaultergen" \ ${VERIFY_FLAGS} \ --go-header-file hack/boilerplate-go.txt \ - --input-dirs "$joined" \ + --extra-peer-dirs "$( IFS=$','; echo "${DEFAULT_EXTRA_PEER_PKGS[*]}" )" \ + --input-dirs "$( IFS=$','; echo "${DEFAULT_PKGS[*]}" )" \ --trim-path-prefix="$module_name" \ -O zz_generated.defaults \ --output-base ./ @@ -227,16 +241,19 @@ gen-conversions() { CONVERSION_EXTRA_PEER_PKGS=( github.com/cert-manager/cert-manager/internal/apis/meta \ github.com/cert-manager/cert-manager/internal/apis/meta/v1 \ - github.com/cert-manager/cert-manager/pkg/apis/meta/v1 + github.com/cert-manager/cert-manager/internal/apis/config/shared \ + github.com/cert-manager/cert-manager/internal/apis/config/shared/v1alpha1 \ + github.com/cert-manager/cert-manager/pkg/apis/meta/v1 \ + github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1 \ ) CONVERSION_PKGS=( "${conversion_inputs[@]/#/$module_name/}" ) "$conversiongen" \ ${VERIFY_FLAGS} \ --go-header-file hack/boilerplate-go.txt \ - --extra-peer-dirs $( IFS=$','; echo "${CONVERSION_EXTRA_PEER_PKGS[*]}" ) \ - --extra-dirs $( IFS=$','; echo "${CONVERSION_PKGS[*]}" ) \ - --input-dirs $( IFS=$','; echo "${CONVERSION_PKGS[*]}" ) \ + --extra-peer-dirs "$( IFS=$','; echo "${CONVERSION_EXTRA_PEER_PKGS[*]}" )" \ + --extra-dirs "$( IFS=$','; echo "${CONVERSION_PKGS[*]}" )" \ + --input-dirs "$( IFS=$','; echo "${CONVERSION_PKGS[*]}" )" \ --trim-path-prefix="$module_name" \ -O zz_generated.conversion \ --output-base ./ diff --git a/internal/apis/config/cainjector/types.go b/internal/apis/config/cainjector/types.go index 4dbaa11da04..66e76850e44 100644 --- a/internal/apis/config/cainjector/types.go +++ b/internal/apis/config/cainjector/types.go @@ -17,10 +17,10 @@ limitations under the License. package cainjector import ( - "time" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" logsapi "k8s.io/component-base/logs/api/v1" + + shared "github.com/cert-manager/cert-manager/internal/apis/config/shared" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -37,7 +37,7 @@ type CAInjectorConfiguration struct { Namespace string // LeaderElectionConfig configures the behaviour of the leader election - LeaderElectionConfig LeaderElectionConfig + LeaderElectionConfig shared.LeaderElectionConfig // EnableDataSourceConfig determines whether cainjector's control loops will watch // cert-manager resources as potential sources of CA data. @@ -63,31 +63,6 @@ type CAInjectorConfiguration struct { FeatureGates map[string]bool } -type LeaderElectionConfig struct { - // If true, cert-manager will perform leader election between instances to - // ensure no more than one instance of cert-manager operates at a time - Enabled bool - - // Namespace used to perform leader election. Only used if leader election is enabled - Namespace string - - // The duration that non-leader candidates will wait after observing a leadership - // renewal until attempting to acquire leadership of a led but unrenewed leader - // slot. This is effectively the maximum duration that a leader can be stopped - // before it is replaced by another candidate. This is only applicable if leader - // election is enabled. - LeaseDuration time.Duration - - // The interval between attempts by the acting master to renew a leadership slot - // before it stops leading. This must be less than or equal to the lease duration. - // This is only applicable if leader election is enabled. - RenewDeadline time.Duration - - // The duration the clients should wait between attempting acquisition and renewal - // of a leadership. This is only applicable if leader election is enabled. - RetryPeriod time.Duration -} - type EnableDataSourceConfig struct { // Certificates detemines whether cainjector's control loops will watch // cert-manager Certificate resources as potential sources of CA data. diff --git a/internal/apis/config/cainjector/v1alpha1/defaults.go b/internal/apis/config/cainjector/v1alpha1/defaults.go index 59863d1fdc1..3be6ab374a8 100644 --- a/internal/apis/config/cainjector/v1alpha1/defaults.go +++ b/internal/apis/config/cainjector/v1alpha1/defaults.go @@ -17,8 +17,6 @@ limitations under the License. package v1alpha1 import ( - time "time" - "k8s.io/apimachinery/pkg/runtime" logsapi "k8s.io/component-base/logs/api/v1" "k8s.io/utils/ptr" @@ -26,14 +24,6 @@ import ( "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" ) -var ( - defaultLeaderElect = true - defaultLeaderElectionNamespace = "kube-system" - defaultLeaderElectionLeaseDuration = 60 * time.Second - defaultLeaderElectionRenewDeadline = 40 * time.Second - defaultLeaderElectionRetryPeriod = 15 * time.Second -) - func addDefaultingFuncs(scheme *runtime.Scheme) error { return RegisterDefaults(scheme) } @@ -46,29 +36,6 @@ func SetDefaults_CAInjectorConfiguration(obj *v1alpha1.CAInjectorConfiguration) logsapi.SetRecommendedLoggingConfiguration(&obj.Logging) } -func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) { - if obj.Enabled == nil { - obj.Enabled = &defaultLeaderElect - } - - if obj.Namespace == "" { - obj.Namespace = defaultLeaderElectionNamespace - } - - // TODO: Does it make sense to have a duration of 0? - if obj.LeaseDuration == time.Duration(0) { - obj.LeaseDuration = defaultLeaderElectionLeaseDuration - } - - if obj.RenewDeadline == time.Duration(0) { - obj.RenewDeadline = defaultLeaderElectionRenewDeadline - } - - if obj.RetryPeriod == time.Duration(0) { - obj.RetryPeriod = defaultLeaderElectionRetryPeriod - } -} - func SetDefaults_EnableDataSourceConfig(obj *v1alpha1.EnableDataSourceConfig) { if obj.Certificates == nil { obj.Certificates = ptr.To(true) diff --git a/internal/apis/config/cainjector/v1alpha1/zz_generated.conversion.go b/internal/apis/config/cainjector/v1alpha1/zz_generated.conversion.go index 1a5e68e76ec..bd7ed9c2c91 100644 --- a/internal/apis/config/cainjector/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/config/cainjector/v1alpha1/zz_generated.conversion.go @@ -22,10 +22,10 @@ limitations under the License. package v1alpha1 import ( - time "time" unsafe "unsafe" cainjector "github.com/cert-manager/cert-manager/internal/apis/config/cainjector" + sharedv1alpha1 "github.com/cert-manager/cert-manager/internal/apis/config/shared/v1alpha1" v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" @@ -69,23 +69,13 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*v1alpha1.LeaderElectionConfig)(nil), (*cainjector.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_LeaderElectionConfig_To_cainjector_LeaderElectionConfig(a.(*v1alpha1.LeaderElectionConfig), b.(*cainjector.LeaderElectionConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*cainjector.LeaderElectionConfig)(nil), (*v1alpha1.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_cainjector_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(a.(*cainjector.LeaderElectionConfig), b.(*v1alpha1.LeaderElectionConfig), scope) - }); err != nil { - return err - } return nil } func autoConvert_v1alpha1_CAInjectorConfiguration_To_cainjector_CAInjectorConfiguration(in *v1alpha1.CAInjectorConfiguration, out *cainjector.CAInjectorConfiguration, s conversion.Scope) error { out.KubeConfig = in.KubeConfig out.Namespace = in.Namespace - if err := Convert_v1alpha1_LeaderElectionConfig_To_cainjector_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { + if err := sharedv1alpha1.Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { return err } if err := Convert_v1alpha1_EnableDataSourceConfig_To_cainjector_EnableDataSourceConfig(&in.EnableDataSourceConfig, &out.EnableDataSourceConfig, s); err != nil { @@ -109,7 +99,7 @@ func Convert_v1alpha1_CAInjectorConfiguration_To_cainjector_CAInjectorConfigurat func autoConvert_cainjector_CAInjectorConfiguration_To_v1alpha1_CAInjectorConfiguration(in *cainjector.CAInjectorConfiguration, out *v1alpha1.CAInjectorConfiguration, s conversion.Scope) error { out.KubeConfig = in.KubeConfig out.Namespace = in.Namespace - if err := Convert_cainjector_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { + if err := sharedv1alpha1.Convert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { return err } if err := Convert_cainjector_EnableDataSourceConfig_To_v1alpha1_EnableDataSourceConfig(&in.EnableDataSourceConfig, &out.EnableDataSourceConfig, s); err != nil { @@ -195,35 +185,3 @@ func autoConvert_cainjector_EnableInjectableConfig_To_v1alpha1_EnableInjectableC func Convert_cainjector_EnableInjectableConfig_To_v1alpha1_EnableInjectableConfig(in *cainjector.EnableInjectableConfig, out *v1alpha1.EnableInjectableConfig, s conversion.Scope) error { return autoConvert_cainjector_EnableInjectableConfig_To_v1alpha1_EnableInjectableConfig(in, out, s) } - -func autoConvert_v1alpha1_LeaderElectionConfig_To_cainjector_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *cainjector.LeaderElectionConfig, s conversion.Scope) error { - if err := v1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil { - return err - } - out.Namespace = in.Namespace - out.LeaseDuration = time.Duration(in.LeaseDuration) - out.RenewDeadline = time.Duration(in.RenewDeadline) - out.RetryPeriod = time.Duration(in.RetryPeriod) - return nil -} - -// Convert_v1alpha1_LeaderElectionConfig_To_cainjector_LeaderElectionConfig is an autogenerated conversion function. -func Convert_v1alpha1_LeaderElectionConfig_To_cainjector_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *cainjector.LeaderElectionConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_LeaderElectionConfig_To_cainjector_LeaderElectionConfig(in, out, s) -} - -func autoConvert_cainjector_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *cainjector.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error { - if err := v1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil { - return err - } - out.Namespace = in.Namespace - out.LeaseDuration = time.Duration(in.LeaseDuration) - out.RenewDeadline = time.Duration(in.RenewDeadline) - out.RetryPeriod = time.Duration(in.RetryPeriod) - return nil -} - -// Convert_cainjector_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig is an autogenerated conversion function. -func Convert_cainjector_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *cainjector.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error { - return autoConvert_cainjector_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in, out, s) -} diff --git a/internal/apis/config/cainjector/v1alpha1/zz_generated.defaults.go b/internal/apis/config/cainjector/v1alpha1/zz_generated.defaults.go index d6ecc623494..73beef8e2a0 100644 --- a/internal/apis/config/cainjector/v1alpha1/zz_generated.defaults.go +++ b/internal/apis/config/cainjector/v1alpha1/zz_generated.defaults.go @@ -22,6 +22,7 @@ limitations under the License. package v1alpha1 import ( + sharedv1alpha1 "github.com/cert-manager/cert-manager/internal/apis/config/shared/v1alpha1" v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/cainjector/v1alpha1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -38,7 +39,7 @@ func RegisterDefaults(scheme *runtime.Scheme) error { func SetObjectDefaults_CAInjectorConfiguration(in *v1alpha1.CAInjectorConfiguration) { SetDefaults_CAInjectorConfiguration(in) - SetDefaults_LeaderElectionConfig(&in.LeaderElectionConfig) + sharedv1alpha1.SetDefaults_LeaderElectionConfig(&in.LeaderElectionConfig) SetDefaults_EnableDataSourceConfig(&in.EnableDataSourceConfig) SetDefaults_EnableInjectableConfig(&in.EnableInjectableConfig) } diff --git a/internal/apis/config/cainjector/zz_generated.deepcopy.go b/internal/apis/config/cainjector/zz_generated.deepcopy.go index 97e6a09a5b3..417ac1aa0b9 100644 --- a/internal/apis/config/cainjector/zz_generated.deepcopy.go +++ b/internal/apis/config/cainjector/zz_generated.deepcopy.go @@ -92,19 +92,3 @@ func (in *EnableInjectableConfig) DeepCopy() *EnableInjectableConfig { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig. -func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig { - if in == nil { - return nil - } - out := new(LeaderElectionConfig) - in.DeepCopyInto(out) - return out -} diff --git a/internal/apis/config/controller/types.go b/internal/apis/config/controller/types.go index 8f46c03d9ae..9a8fcc570bb 100644 --- a/internal/apis/config/controller/types.go +++ b/internal/apis/config/controller/types.go @@ -21,6 +21,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" logsapi "k8s.io/component-base/logs/api/v1" + + shared "github.com/cert-manager/cert-manager/internal/apis/config/shared" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -102,7 +104,7 @@ type ControllerConfiguration struct { MetricsListenAddress string // Metrics endpoint TLS config - MetricsTLSConfig TLSConfig + MetricsTLSConfig shared.TLSConfig // The host and port address, separated by a ':', that the healthz server // should listen on. @@ -134,28 +136,7 @@ type ControllerConfiguration struct { } type LeaderElectionConfig struct { - // If true, cert-manager will perform leader election between instances to - // ensure no more than one instance of cert-manager operates at a time - Enabled bool - - // Namespace used to perform leader election. Only used if leader election is enabled - Namespace string - - // The duration that non-leader candidates will wait after observing a leadership - // renewal until attempting to acquire leadership of a led but unrenewed leader - // slot. This is effectively the maximum duration that a leader can be stopped - // before it is replaced by another candidate. This is only applicable if leader - // election is enabled. - LeaseDuration time.Duration - - // The interval between attempts by the acting master to renew a leadership slot - // before it stops leading. This must be less than or equal to the lease duration. - // This is only applicable if leader election is enabled. - RenewDeadline time.Duration - - // The duration the clients should wait between attempting acquisition and renewal - // of a leadership. This is only applicable if leader election is enabled. - RetryPeriod time.Duration + shared.LeaderElectionConfig // Leader election healthz checks within this timeout period after the lease // expires will still return healthy. @@ -238,69 +219,3 @@ type ACMEDNS01Config struct { // string, for example 180s or 1h CheckRetryPeriod time.Duration } - -// TLSConfig configures how TLS certificates are sourced for serving. -// Only one of 'filesystem' or 'dynamic' may be specified. -type TLSConfig struct { - // cipherSuites is the list of allowed cipher suites for the server. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // If not specified, the default for the Go version will be used and may change over time. - CipherSuites []string - - // minTLSVersion is the minimum TLS version supported. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // If not specified, the default for the Go version will be used and may change over time. - MinTLSVersion string - - // Filesystem enables using a certificate and private key found on the local filesystem. - // These files will be periodically polled in case they have changed, and dynamically reloaded. - Filesystem FilesystemServingConfig - - // When Dynamic serving is enabled, the controller will generate a CA used to sign - // certificates and persist it into a Kubernetes Secret resource (for other replicas of the - // controller to consume). - // It will then generate a certificate in-memory for itself using this CA to serve with. - Dynamic DynamicServingConfig -} - -func (c *TLSConfig) FilesystemConfigProvided() bool { - if c.Filesystem.KeyFile != "" || c.Filesystem.CertFile != "" { - return true - } - return false -} - -func (c *TLSConfig) DynamicConfigProvided() bool { - if c.Dynamic.SecretNamespace != "" || c.Dynamic.SecretName != "" || len(c.Dynamic.DNSNames) > 0 { - return true - } - return false -} - -// DynamicServingConfig makes the controller generate a CA and persist it into Secret resources. -// This CA will be used by all instances of the controller for signing serving certificates. -type DynamicServingConfig struct { - // Namespace of the Kubernetes Secret resource containing the TLS certificate - // used as a CA to sign dynamic serving certificates. - SecretNamespace string - - // Secret resource name containing the TLS certificate - // used as a CA to sign dynamic serving certificates. - SecretName string - - // DNSNames that must be present on serving certificates signed by the CA. - DNSNames []string - - // LeafDuration is a customizable duration on serving certificates signed by the CA. - LeafDuration time.Duration -} - -// FilesystemServingConfig enables using a certificate and private key found on the local filesystem. -// These files will be periodically polled in case they have changed, and dynamically reloaded. -type FilesystemServingConfig struct { - // Path to a file containing TLS certificate & chain to serve with - CertFile string - - // Path to a file containing a TLS private key to serve with - KeyFile string -} diff --git a/internal/apis/config/controller/v1alpha1/conversion.go b/internal/apis/config/controller/v1alpha1/conversion.go deleted file mode 100644 index c21be804523..00000000000 --- a/internal/apis/config/controller/v1alpha1/conversion.go +++ /dev/null @@ -1,51 +0,0 @@ -/* -Copyright 2021 The cert-manager Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - conversion "k8s.io/apimachinery/pkg/conversion" -) - -func Convert_Pointer_float32_To_float32(in **float32, out *float32, s conversion.Scope) error { - if *in == nil { - *out = 0 - return nil - } - *out = float32(**in) - return nil -} - -func Convert_float32_To_Pointer_float32(in *float32, out **float32, s conversion.Scope) error { - temp := float32(*in) - *out = &temp - return nil -} - -func Convert_Pointer_int32_To_int(in **int32, out *int, s conversion.Scope) error { - if *in == nil { - *out = 0 - return nil - } - *out = int(**in) - return nil -} - -func Convert_int_To_Pointer_int32(in *int, out **int32, s conversion.Scope) error { - temp := int32(*in) - *out = &temp - return nil -} diff --git a/internal/apis/config/controller/v1alpha1/defaults.go b/internal/apis/config/controller/v1alpha1/defaults.go index 5d101d6ced6..9f8c29b0935 100644 --- a/internal/apis/config/controller/v1alpha1/defaults.go +++ b/internal/apis/config/controller/v1alpha1/defaults.go @@ -61,12 +61,6 @@ var ( defaultClusterResourceNamespace = "kube-system" defaultNamespace = "" - defaultLeaderElect = true - defaultLeaderElectionNamespace = "kube-system" - defaultLeaderElectionLeaseDuration = 60 * time.Second - defaultLeaderElectionRenewDeadline = 40 * time.Second - defaultLeaderElectionRetryPeriod = 15 * time.Second - defaultEnableProfiling = false defaultProfilerAddr = "localhost:6060" @@ -249,27 +243,6 @@ func SetDefaults_ControllerConfiguration(obj *v1alpha1.ControllerConfiguration) } func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) { - if obj.Enabled == nil { - obj.Enabled = &defaultLeaderElect - } - - if obj.Namespace == "" { - obj.Namespace = defaultLeaderElectionNamespace - } - - // TODO: Does it make sense to have a duration of 0? - if obj.LeaseDuration == time.Duration(0) { - obj.LeaseDuration = defaultLeaderElectionLeaseDuration - } - - if obj.RenewDeadline == time.Duration(0) { - obj.RenewDeadline = defaultLeaderElectionRenewDeadline - } - - if obj.RetryPeriod == time.Duration(0) { - obj.RetryPeriod = defaultLeaderElectionRetryPeriod - } - if obj.HealthzTimeout == time.Duration(0) { obj.HealthzTimeout = defaultHealthzLeaderElectionTimeout } diff --git a/internal/apis/config/controller/v1alpha1/testdata/defaults.json b/internal/apis/config/controller/v1alpha1/testdata/defaults.json index 0e967f55928..8ac5dc3472a 100644 --- a/internal/apis/config/controller/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/controller/v1alpha1/testdata/defaults.json @@ -29,7 +29,7 @@ "metricsTLSConfig": { "filesystem": {}, "dynamic": { - "LeafDuration": 0 + "leafDuration": 604800000000000 } }, "healthzListenAddress": "0.0.0.0:9403", diff --git a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go index ba253403258..5e4930963f4 100644 --- a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go @@ -26,6 +26,7 @@ import ( unsafe "unsafe" controller "github.com/cert-manager/cert-manager/internal/apis/config/controller" + sharedv1alpha1 "github.com/cert-manager/cert-manager/internal/apis/config/shared/v1alpha1" v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" conversion "k8s.io/apimachinery/pkg/conversion" @@ -69,26 +70,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*v1alpha1.DynamicServingConfig)(nil), (*controller.DynamicServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_DynamicServingConfig_To_controller_DynamicServingConfig(a.(*v1alpha1.DynamicServingConfig), b.(*controller.DynamicServingConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*controller.DynamicServingConfig)(nil), (*v1alpha1.DynamicServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_controller_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(a.(*controller.DynamicServingConfig), b.(*v1alpha1.DynamicServingConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.FilesystemServingConfig)(nil), (*controller.FilesystemServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_FilesystemServingConfig_To_controller_FilesystemServingConfig(a.(*v1alpha1.FilesystemServingConfig), b.(*controller.FilesystemServingConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*controller.FilesystemServingConfig)(nil), (*v1alpha1.FilesystemServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_controller_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(a.(*controller.FilesystemServingConfig), b.(*v1alpha1.FilesystemServingConfig), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*v1alpha1.IngressShimConfig)(nil), (*controller.IngressShimConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(a.(*v1alpha1.IngressShimConfig), b.(*controller.IngressShimConfig), scope) }); err != nil { @@ -109,36 +90,6 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } - if err := s.AddGeneratedConversionFunc((*v1alpha1.TLSConfig)(nil), (*controller.TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_TLSConfig_To_controller_TLSConfig(a.(*v1alpha1.TLSConfig), b.(*controller.TLSConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*controller.TLSConfig)(nil), (*v1alpha1.TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_controller_TLSConfig_To_v1alpha1_TLSConfig(a.(*controller.TLSConfig), b.(*v1alpha1.TLSConfig), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((**float32)(nil), (*float32)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_Pointer_float32_To_float32(a.(**float32), b.(*float32), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((**int32)(nil), (*int)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_Pointer_int32_To_int(a.(**int32), b.(*int), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*float32)(nil), (**float32)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_float32_To_Pointer_float32(a.(*float32), b.(**float32), scope) - }); err != nil { - return err - } - if err := s.AddConversionFunc((*int)(nil), (**int32)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_int_To_Pointer_int32(a.(*int), b.(**int32), scope) - }); err != nil { - return err - } return nil } @@ -209,10 +160,10 @@ func Convert_controller_ACMEHTTP01Config_To_v1alpha1_ACMEHTTP01Config(in *contro func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfiguration(in *v1alpha1.ControllerConfiguration, out *controller.ControllerConfiguration, s conversion.Scope) error { out.KubeConfig = in.KubeConfig out.APIServerHost = in.APIServerHost - if err := Convert_Pointer_float32_To_float32(&in.KubernetesAPIQPS, &out.KubernetesAPIQPS, s); err != nil { + if err := sharedv1alpha1.Convert_Pointer_float32_To_float32(&in.KubernetesAPIQPS, &out.KubernetesAPIQPS, s); err != nil { return err } - if err := Convert_Pointer_int32_To_int(&in.KubernetesAPIBurst, &out.KubernetesAPIBurst, s); err != nil { + if err := sharedv1alpha1.Convert_Pointer_int32_To_int(&in.KubernetesAPIBurst, &out.KubernetesAPIBurst, s); err != nil { return err } out.Namespace = in.Namespace @@ -234,14 +185,14 @@ func autoConvert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfig return err } out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes)) - if err := Convert_Pointer_int32_To_int(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil { + if err := sharedv1alpha1.Convert_Pointer_int32_To_int(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil { return err } - if err := Convert_Pointer_int32_To_int(&in.MaxConcurrentChallenges, &out.MaxConcurrentChallenges, s); err != nil { + if err := sharedv1alpha1.Convert_Pointer_int32_To_int(&in.MaxConcurrentChallenges, &out.MaxConcurrentChallenges, s); err != nil { return err } out.MetricsListenAddress = in.MetricsListenAddress - if err := Convert_v1alpha1_TLSConfig_To_controller_TLSConfig(&in.MetricsTLSConfig, &out.MetricsTLSConfig, s); err != nil { + if err := sharedv1alpha1.Convert_v1alpha1_TLSConfig_To_shared_TLSConfig(&in.MetricsTLSConfig, &out.MetricsTLSConfig, s); err != nil { return err } out.HealthzListenAddress = in.HealthzListenAddress @@ -271,10 +222,10 @@ func Convert_v1alpha1_ControllerConfiguration_To_controller_ControllerConfigurat func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in *controller.ControllerConfiguration, out *v1alpha1.ControllerConfiguration, s conversion.Scope) error { out.APIServerHost = in.APIServerHost out.KubeConfig = in.KubeConfig - if err := Convert_float32_To_Pointer_float32(&in.KubernetesAPIQPS, &out.KubernetesAPIQPS, s); err != nil { + if err := sharedv1alpha1.Convert_float32_To_Pointer_float32(&in.KubernetesAPIQPS, &out.KubernetesAPIQPS, s); err != nil { return err } - if err := Convert_int_To_Pointer_int32(&in.KubernetesAPIBurst, &out.KubernetesAPIBurst, s); err != nil { + if err := sharedv1alpha1.Convert_int_To_Pointer_int32(&in.KubernetesAPIBurst, &out.KubernetesAPIBurst, s); err != nil { return err } out.Namespace = in.Namespace @@ -296,14 +247,14 @@ func autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfig return err } out.CopiedAnnotationPrefixes = *(*[]string)(unsafe.Pointer(&in.CopiedAnnotationPrefixes)) - if err := Convert_int_To_Pointer_int32(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil { + if err := sharedv1alpha1.Convert_int_To_Pointer_int32(&in.NumberOfConcurrentWorkers, &out.NumberOfConcurrentWorkers, s); err != nil { return err } - if err := Convert_int_To_Pointer_int32(&in.MaxConcurrentChallenges, &out.MaxConcurrentChallenges, s); err != nil { + if err := sharedv1alpha1.Convert_int_To_Pointer_int32(&in.MaxConcurrentChallenges, &out.MaxConcurrentChallenges, s); err != nil { return err } out.MetricsListenAddress = in.MetricsListenAddress - if err := Convert_controller_TLSConfig_To_v1alpha1_TLSConfig(&in.MetricsTLSConfig, &out.MetricsTLSConfig, s); err != nil { + if err := sharedv1alpha1.Convert_shared_TLSConfig_To_v1alpha1_TLSConfig(&in.MetricsTLSConfig, &out.MetricsTLSConfig, s); err != nil { return err } out.HealthzListenAddress = in.HealthzListenAddress @@ -330,54 +281,6 @@ func Convert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfigurat return autoConvert_controller_ControllerConfiguration_To_v1alpha1_ControllerConfiguration(in, out, s) } -func autoConvert_v1alpha1_DynamicServingConfig_To_controller_DynamicServingConfig(in *v1alpha1.DynamicServingConfig, out *controller.DynamicServingConfig, s conversion.Scope) error { - out.SecretNamespace = in.SecretNamespace - out.SecretName = in.SecretName - out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) - out.LeafDuration = time.Duration(in.LeafDuration) - return nil -} - -// Convert_v1alpha1_DynamicServingConfig_To_controller_DynamicServingConfig is an autogenerated conversion function. -func Convert_v1alpha1_DynamicServingConfig_To_controller_DynamicServingConfig(in *v1alpha1.DynamicServingConfig, out *controller.DynamicServingConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_DynamicServingConfig_To_controller_DynamicServingConfig(in, out, s) -} - -func autoConvert_controller_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in *controller.DynamicServingConfig, out *v1alpha1.DynamicServingConfig, s conversion.Scope) error { - out.SecretNamespace = in.SecretNamespace - out.SecretName = in.SecretName - out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) - out.LeafDuration = time.Duration(in.LeafDuration) - return nil -} - -// Convert_controller_DynamicServingConfig_To_v1alpha1_DynamicServingConfig is an autogenerated conversion function. -func Convert_controller_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in *controller.DynamicServingConfig, out *v1alpha1.DynamicServingConfig, s conversion.Scope) error { - return autoConvert_controller_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in, out, s) -} - -func autoConvert_v1alpha1_FilesystemServingConfig_To_controller_FilesystemServingConfig(in *v1alpha1.FilesystemServingConfig, out *controller.FilesystemServingConfig, s conversion.Scope) error { - out.CertFile = in.CertFile - out.KeyFile = in.KeyFile - return nil -} - -// Convert_v1alpha1_FilesystemServingConfig_To_controller_FilesystemServingConfig is an autogenerated conversion function. -func Convert_v1alpha1_FilesystemServingConfig_To_controller_FilesystemServingConfig(in *v1alpha1.FilesystemServingConfig, out *controller.FilesystemServingConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_FilesystemServingConfig_To_controller_FilesystemServingConfig(in, out, s) -} - -func autoConvert_controller_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in *controller.FilesystemServingConfig, out *v1alpha1.FilesystemServingConfig, s conversion.Scope) error { - out.CertFile = in.CertFile - out.KeyFile = in.KeyFile - return nil -} - -// Convert_controller_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig is an autogenerated conversion function. -func Convert_controller_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in *controller.FilesystemServingConfig, out *v1alpha1.FilesystemServingConfig, s conversion.Scope) error { - return autoConvert_controller_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in, out, s) -} - func autoConvert_v1alpha1_IngressShimConfig_To_controller_IngressShimConfig(in *v1alpha1.IngressShimConfig, out *controller.IngressShimConfig, s conversion.Scope) error { out.DefaultIssuerName = in.DefaultIssuerName out.DefaultIssuerKind = in.DefaultIssuerKind @@ -405,13 +308,9 @@ func Convert_controller_IngressShimConfig_To_v1alpha1_IngressShimConfig(in *cont } func autoConvert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *controller.LeaderElectionConfig, s conversion.Scope) error { - if err := v1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil { + if err := sharedv1alpha1.Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { return err } - out.Namespace = in.Namespace - out.LeaseDuration = time.Duration(in.LeaseDuration) - out.RenewDeadline = time.Duration(in.RenewDeadline) - out.RetryPeriod = time.Duration(in.RetryPeriod) out.HealthzTimeout = time.Duration(in.HealthzTimeout) return nil } @@ -422,13 +321,9 @@ func Convert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfig(in } func autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *controller.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error { - if err := v1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil { + if err := sharedv1alpha1.Convert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { return err } - out.Namespace = in.Namespace - out.LeaseDuration = time.Duration(in.LeaseDuration) - out.RenewDeadline = time.Duration(in.RenewDeadline) - out.RetryPeriod = time.Duration(in.RetryPeriod) out.HealthzTimeout = time.Duration(in.HealthzTimeout) return nil } @@ -437,37 +332,3 @@ func autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfi func Convert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *controller.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error { return autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in, out, s) } - -func autoConvert_v1alpha1_TLSConfig_To_controller_TLSConfig(in *v1alpha1.TLSConfig, out *controller.TLSConfig, s conversion.Scope) error { - out.CipherSuites = *(*[]string)(unsafe.Pointer(&in.CipherSuites)) - out.MinTLSVersion = in.MinTLSVersion - if err := Convert_v1alpha1_FilesystemServingConfig_To_controller_FilesystemServingConfig(&in.Filesystem, &out.Filesystem, s); err != nil { - return err - } - if err := Convert_v1alpha1_DynamicServingConfig_To_controller_DynamicServingConfig(&in.Dynamic, &out.Dynamic, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_TLSConfig_To_controller_TLSConfig is an autogenerated conversion function. -func Convert_v1alpha1_TLSConfig_To_controller_TLSConfig(in *v1alpha1.TLSConfig, out *controller.TLSConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_TLSConfig_To_controller_TLSConfig(in, out, s) -} - -func autoConvert_controller_TLSConfig_To_v1alpha1_TLSConfig(in *controller.TLSConfig, out *v1alpha1.TLSConfig, s conversion.Scope) error { - out.CipherSuites = *(*[]string)(unsafe.Pointer(&in.CipherSuites)) - out.MinTLSVersion = in.MinTLSVersion - if err := Convert_controller_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(&in.Filesystem, &out.Filesystem, s); err != nil { - return err - } - if err := Convert_controller_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(&in.Dynamic, &out.Dynamic, s); err != nil { - return err - } - return nil -} - -// Convert_controller_TLSConfig_To_v1alpha1_TLSConfig is an autogenerated conversion function. -func Convert_controller_TLSConfig_To_v1alpha1_TLSConfig(in *controller.TLSConfig, out *v1alpha1.TLSConfig, s conversion.Scope) error { - return autoConvert_controller_TLSConfig_To_v1alpha1_TLSConfig(in, out, s) -} diff --git a/internal/apis/config/controller/v1alpha1/zz_generated.defaults.go b/internal/apis/config/controller/v1alpha1/zz_generated.defaults.go index c5d663baaab..8d85da6430f 100644 --- a/internal/apis/config/controller/v1alpha1/zz_generated.defaults.go +++ b/internal/apis/config/controller/v1alpha1/zz_generated.defaults.go @@ -22,6 +22,7 @@ limitations under the License. package v1alpha1 import ( + sharedv1alpha1 "github.com/cert-manager/cert-manager/internal/apis/config/shared/v1alpha1" v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -39,6 +40,8 @@ func RegisterDefaults(scheme *runtime.Scheme) error { func SetObjectDefaults_ControllerConfiguration(in *v1alpha1.ControllerConfiguration) { SetDefaults_ControllerConfiguration(in) SetDefaults_LeaderElectionConfig(&in.LeaderElectionConfig) + sharedv1alpha1.SetDefaults_LeaderElectionConfig(&in.LeaderElectionConfig.LeaderElectionConfig) + sharedv1alpha1.SetDefaults_DynamicServingConfig(&in.MetricsTLSConfig.Dynamic) SetDefaults_IngressShimConfig(&in.IngressShimConfig) SetDefaults_ACMEHTTP01Config(&in.ACMEHTTP01Config) SetDefaults_ACMEDNS01Config(&in.ACMEDNS01Config) diff --git a/internal/apis/config/controller/validation/validation_test.go b/internal/apis/config/controller/validation/validation_test.go index aaefb1b1434..8c15179e7cb 100644 --- a/internal/apis/config/controller/validation/validation_test.go +++ b/internal/apis/config/controller/validation/validation_test.go @@ -20,6 +20,7 @@ import ( "testing" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" + "github.com/cert-manager/cert-manager/internal/apis/config/shared" ) func TestValidateControllerConfiguration(t *testing.T) { @@ -47,12 +48,12 @@ func TestValidateControllerConfiguration(t *testing.T) { }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: config.TLSConfig{ - Filesystem: config.FilesystemServingConfig{ + MetricsTLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ CertFile: "/test.crt", KeyFile: "/test.key", }, - Dynamic: config.DynamicServingConfig{ + Dynamic: shared.DynamicServingConfig{ SecretNamespace: "cert-manager", SecretName: "test", DNSNames: []string{"example.com"}, @@ -69,8 +70,8 @@ func TestValidateControllerConfiguration(t *testing.T) { }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: config.TLSConfig{ - Filesystem: config.FilesystemServingConfig{ + MetricsTLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ CertFile: "/test.crt", KeyFile: "/test.key", }, @@ -86,8 +87,8 @@ func TestValidateControllerConfiguration(t *testing.T) { }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: config.TLSConfig{ - Filesystem: config.FilesystemServingConfig{ + MetricsTLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ CertFile: "/test.crt", }, }, @@ -102,8 +103,8 @@ func TestValidateControllerConfiguration(t *testing.T) { }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: config.TLSConfig{ - Filesystem: config.FilesystemServingConfig{ + MetricsTLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ KeyFile: "/test.key", }, }, @@ -118,8 +119,8 @@ func TestValidateControllerConfiguration(t *testing.T) { }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: config.TLSConfig{ - Dynamic: config.DynamicServingConfig{ + MetricsTLSConfig: shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ SecretNamespace: "cert-manager", SecretName: "test", DNSNames: []string{"example.com"}, @@ -131,8 +132,8 @@ func TestValidateControllerConfiguration(t *testing.T) { { "with dynamic tls missing secret namespace", &config.ControllerConfiguration{ - MetricsTLSConfig: config.TLSConfig{ - Dynamic: config.DynamicServingConfig{ + MetricsTLSConfig: shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ SecretName: "test", DNSNames: []string{"example.com"}, }, @@ -148,8 +149,8 @@ func TestValidateControllerConfiguration(t *testing.T) { }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: config.TLSConfig{ - Dynamic: config.DynamicServingConfig{ + MetricsTLSConfig: shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ SecretNamespace: "cert-manager", DNSNames: []string{"example.com"}, }, @@ -165,8 +166,8 @@ func TestValidateControllerConfiguration(t *testing.T) { }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: config.TLSConfig{ - Dynamic: config.DynamicServingConfig{ + MetricsTLSConfig: shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ SecretName: "test", SecretNamespace: "cert-manager", DNSNames: nil, diff --git a/internal/apis/config/controller/zz_generated.deepcopy.go b/internal/apis/config/controller/zz_generated.deepcopy.go index 723f3b38dcd..150e4b4ed7f 100644 --- a/internal/apis/config/controller/zz_generated.deepcopy.go +++ b/internal/apis/config/controller/zz_generated.deepcopy.go @@ -115,43 +115,6 @@ func (in *ControllerConfiguration) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) { - *out = *in - if in.DNSNames != nil { - in, out := &in.DNSNames, &out.DNSNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicServingConfig. -func (in *DynamicServingConfig) DeepCopy() *DynamicServingConfig { - if in == nil { - return nil - } - out := new(DynamicServingConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FilesystemServingConfig) DeepCopyInto(out *FilesystemServingConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesystemServingConfig. -func (in *FilesystemServingConfig) DeepCopy() *FilesystemServingConfig { - if in == nil { - return nil - } - out := new(FilesystemServingConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressShimConfig) DeepCopyInto(out *IngressShimConfig) { *out = *in @@ -176,6 +139,7 @@ func (in *IngressShimConfig) DeepCopy() *IngressShimConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { *out = *in + out.LeaderElectionConfig = in.LeaderElectionConfig return } @@ -188,26 +152,3 @@ func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { - *out = *in - if in.CipherSuites != nil { - in, out := &in.CipherSuites, &out.CipherSuites - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.Filesystem = in.Filesystem - in.Dynamic.DeepCopyInto(&out.Dynamic) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. -func (in *TLSConfig) DeepCopy() *TLSConfig { - if in == nil { - return nil - } - out := new(TLSConfig) - in.DeepCopyInto(out) - return out -} diff --git a/internal/apis/config/shared/doc.go b/internal/apis/config/shared/doc.go new file mode 100644 index 00000000000..4c2afbe0660 --- /dev/null +++ b/internal/apis/config/shared/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:deepcopy-gen=package,register + +// Package shared contains shared types for the cert-manager configuration API +package shared diff --git a/internal/apis/config/shared/types_leaderelection.go b/internal/apis/config/shared/types_leaderelection.go new file mode 100644 index 00000000000..d1bab2a2a50 --- /dev/null +++ b/internal/apis/config/shared/types_leaderelection.go @@ -0,0 +1,44 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package shared + +import "time" + +type LeaderElectionConfig struct { + // If true, cert-manager will perform leader election between instances to + // ensure no more than one instance of cert-manager operates at a time + Enabled bool + + // Namespace used to perform leader election. Only used if leader election is enabled + Namespace string + + // The duration that non-leader candidates will wait after observing a leadership + // renewal until attempting to acquire leadership of a led but unrenewed leader + // slot. This is effectively the maximum duration that a leader can be stopped + // before it is replaced by another candidate. This is only applicable if leader + // election is enabled. + LeaseDuration time.Duration + + // The interval between attempts by the acting master to renew a leadership slot + // before it stops leading. This must be less than or equal to the lease duration. + // This is only applicable if leader election is enabled. + RenewDeadline time.Duration + + // The duration the clients should wait between attempting acquisition and renewal + // of a leadership. This is only applicable if leader election is enabled. + RetryPeriod time.Duration +} diff --git a/internal/apis/config/shared/types_tlsconfig.go b/internal/apis/config/shared/types_tlsconfig.go new file mode 100644 index 00000000000..d73210ce9de --- /dev/null +++ b/internal/apis/config/shared/types_tlsconfig.go @@ -0,0 +1,85 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package shared + +import "time" + +// TLSConfig configures how TLS certificates are sourced for serving. +// Only one of 'filesystem' or 'dynamic' may be specified. +type TLSConfig struct { + // cipherSuites is the list of allowed cipher suites for the server. + // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). + // If not specified, the default for the Go version will be used and may change over time. + CipherSuites []string + + // minTLSVersion is the minimum TLS version supported. + // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). + // If not specified, the default for the Go version will be used and may change over time. + MinTLSVersion string + + // Filesystem enables using a certificate and private key found on the local filesystem. + // These files will be periodically polled in case they have changed, and dynamically reloaded. + Filesystem FilesystemServingConfig + + // When Dynamic serving is enabled, the controller will generate a CA used to sign + // certificates and persist it into a Kubernetes Secret resource (for other replicas of the + // controller to consume). + // It will then generate a certificate in-memory for itself using this CA to serve with. + Dynamic DynamicServingConfig +} + +func (c *TLSConfig) FilesystemConfigProvided() bool { + if c.Filesystem.KeyFile != "" || c.Filesystem.CertFile != "" { + return true + } + return false +} + +func (c *TLSConfig) DynamicConfigProvided() bool { + if c.Dynamic.SecretNamespace != "" || c.Dynamic.SecretName != "" || len(c.Dynamic.DNSNames) > 0 { + return true + } + return false +} + +// DynamicServingConfig makes the controller generate a CA and persist it into Secret resources. +// This CA will be used by all instances of the controller for signing serving certificates. +type DynamicServingConfig struct { + // Namespace of the Kubernetes Secret resource containing the TLS certificate + // used as a CA to sign dynamic serving certificates. + SecretNamespace string + + // Secret resource name containing the TLS certificate + // used as a CA to sign dynamic serving certificates. + SecretName string + + // DNSNames that must be present on serving certificates signed by the CA. + DNSNames []string + + // LeafDuration is a customizable duration on serving certificates signed by the CA. + LeafDuration time.Duration +} + +// FilesystemServingConfig enables using a certificate and private key found on the local filesystem. +// These files will be periodically polled in case they have changed, and dynamically reloaded. +type FilesystemServingConfig struct { + // Path to a file containing TLS certificate & chain to serve with + CertFile string + + // Path to a file containing a TLS private key to serve with + KeyFile string +} diff --git a/internal/apis/config/shared/v1alpha1/conversion.go b/internal/apis/config/shared/v1alpha1/conversion.go new file mode 100644 index 00000000000..8baa182def7 --- /dev/null +++ b/internal/apis/config/shared/v1alpha1/conversion.go @@ -0,0 +1,78 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + conversion "k8s.io/apimachinery/pkg/conversion" + + shared "github.com/cert-manager/cert-manager/internal/apis/config/shared" + "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1" +) + +// Convert_shared_TLSConfig_To_v1alpha1_TLSConfig is explicitly defined to avoid issues in conversion-gen +// when referencing types in other API groups. +func Convert_shared_TLSConfig_To_v1alpha1_TLSConfig(in *shared.TLSConfig, out *v1alpha1.TLSConfig, s conversion.Scope) error { + return autoConvert_shared_TLSConfig_To_v1alpha1_TLSConfig(in, out, s) +} + +// Convert_v1alpha1_TLSConfig_To_shared_TLSConfig is explicitly defined to avoid issues in conversion-gen +// when referencing types in other API groups. +func Convert_v1alpha1_TLSConfig_To_shared_TLSConfig(in *v1alpha1.TLSConfig, out *shared.TLSConfig, s conversion.Scope) error { + return autoConvert_v1alpha1_TLSConfig_To_shared_TLSConfig(in, out, s) +} + +// Convert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig is explicitly defined to avoid issues in conversion-gen +// when referencing types in other API groups. +func Convert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *shared.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error { + return autoConvert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in, out, s) +} + +// Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig is explicitly defined to avoid issues in conversion-gen +// when referencing types in other API groups. +func Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *shared.LeaderElectionConfig, s conversion.Scope) error { + return autoConvert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(in, out, s) +} + +func Convert_Pointer_float32_To_float32(in **float32, out *float32, s conversion.Scope) error { + if *in == nil { + *out = 0 + return nil + } + *out = float32(**in) + return nil +} + +func Convert_float32_To_Pointer_float32(in *float32, out **float32, s conversion.Scope) error { + temp := float32(*in) + *out = &temp + return nil +} + +func Convert_Pointer_int32_To_int(in **int32, out *int, s conversion.Scope) error { + if *in == nil { + *out = 0 + return nil + } + *out = int(**in) + return nil +} + +func Convert_int_To_Pointer_int32(in *int, out **int32, s conversion.Scope) error { + temp := int32(*in) + *out = &temp + return nil +} diff --git a/internal/apis/config/shared/v1alpha1/defaults.go b/internal/apis/config/shared/v1alpha1/defaults.go new file mode 100644 index 00000000000..7266f42343e --- /dev/null +++ b/internal/apis/config/shared/v1alpha1/defaults.go @@ -0,0 +1,61 @@ +/* +Copyright 2023 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "time" + + "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1" +) + +var ( + defaultLeafDuration = time.Hour * 24 * 7 + + defaultLeaderElect = true + defaultLeaderElectionNamespace = "kube-system" + defaultLeaderElectionLeaseDuration = 60 * time.Second + defaultLeaderElectionRenewDeadline = 40 * time.Second + defaultLeaderElectionRetryPeriod = 15 * time.Second +) + +func SetDefaults_DynamicServingConfig(obj *v1alpha1.DynamicServingConfig) { + if obj.LeafDuration == time.Duration(0) { + obj.LeafDuration = defaultLeafDuration + } +} + +func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) { + if obj.Enabled == nil { + obj.Enabled = &defaultLeaderElect + } + + if obj.Namespace == "" { + obj.Namespace = defaultLeaderElectionNamespace + } + + if obj.LeaseDuration == time.Duration(0) { + obj.LeaseDuration = defaultLeaderElectionLeaseDuration + } + + if obj.RenewDeadline == time.Duration(0) { + obj.RenewDeadline = defaultLeaderElectionRenewDeadline + } + + if obj.RetryPeriod == time.Duration(0) { + obj.RetryPeriod = defaultLeaderElectionRetryPeriod + } +} diff --git a/internal/apis/config/shared/v1alpha1/doc.go b/internal/apis/config/shared/v1alpha1/doc.go new file mode 100644 index 00000000000..4514993b90a --- /dev/null +++ b/internal/apis/config/shared/v1alpha1/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// +k8s:conversion-gen=github.com/cert-manager/cert-manager/internal/apis/config/shared +// +k8s:conversion-gen-external-types=github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1 +// +k8s:defaulter-gen=TypeMeta +// +k8s:defaulter-gen-input=github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1 + +package v1alpha1 diff --git a/internal/apis/config/shared/v1alpha1/register.go b/internal/apis/config/shared/v1alpha1/register.go new file mode 100644 index 00000000000..5b6d0669f08 --- /dev/null +++ b/internal/apis/config/shared/v1alpha1/register.go @@ -0,0 +1,25 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" +) + +var ( + localSchemeBuilder = &v1alpha1.SchemeBuilder +) diff --git a/internal/apis/config/shared/v1alpha1/zz_generated.conversion.go b/internal/apis/config/shared/v1alpha1/zz_generated.conversion.go new file mode 100644 index 00000000000..6b4326ee5da --- /dev/null +++ b/internal/apis/config/shared/v1alpha1/zz_generated.conversion.go @@ -0,0 +1,197 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by conversion-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + time "time" + unsafe "unsafe" + + shared "github.com/cert-manager/cert-manager/internal/apis/config/shared" + v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + conversion "k8s.io/apimachinery/pkg/conversion" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +func init() { + localSchemeBuilder.Register(RegisterConversions) +} + +// RegisterConversions adds conversion functions to the given scheme. +// Public to allow building arbitrary schemes. +func RegisterConversions(s *runtime.Scheme) error { + if err := s.AddGeneratedConversionFunc((*v1alpha1.DynamicServingConfig)(nil), (*shared.DynamicServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_DynamicServingConfig_To_shared_DynamicServingConfig(a.(*v1alpha1.DynamicServingConfig), b.(*shared.DynamicServingConfig), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*shared.DynamicServingConfig)(nil), (*v1alpha1.DynamicServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_shared_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(a.(*shared.DynamicServingConfig), b.(*v1alpha1.DynamicServingConfig), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*v1alpha1.FilesystemServingConfig)(nil), (*shared.FilesystemServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_FilesystemServingConfig_To_shared_FilesystemServingConfig(a.(*v1alpha1.FilesystemServingConfig), b.(*shared.FilesystemServingConfig), scope) + }); err != nil { + return err + } + if err := s.AddGeneratedConversionFunc((*shared.FilesystemServingConfig)(nil), (*v1alpha1.FilesystemServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_shared_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(a.(*shared.FilesystemServingConfig), b.(*v1alpha1.FilesystemServingConfig), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((**float32)(nil), (*float32)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_Pointer_float32_To_float32(a.(**float32), b.(*float32), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((**int32)(nil), (*int)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_Pointer_int32_To_int(a.(**int32), b.(*int), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*float32)(nil), (**float32)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_float32_To_Pointer_float32(a.(*float32), b.(**float32), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*int)(nil), (**int32)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_int_To_Pointer_int32(a.(*int), b.(**int32), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*shared.LeaderElectionConfig)(nil), (*v1alpha1.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(a.(*shared.LeaderElectionConfig), b.(*v1alpha1.LeaderElectionConfig), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*shared.TLSConfig)(nil), (*v1alpha1.TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_shared_TLSConfig_To_v1alpha1_TLSConfig(a.(*shared.TLSConfig), b.(*v1alpha1.TLSConfig), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*v1alpha1.LeaderElectionConfig)(nil), (*shared.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(a.(*v1alpha1.LeaderElectionConfig), b.(*shared.LeaderElectionConfig), scope) + }); err != nil { + return err + } + if err := s.AddConversionFunc((*v1alpha1.TLSConfig)(nil), (*shared.TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_v1alpha1_TLSConfig_To_shared_TLSConfig(a.(*v1alpha1.TLSConfig), b.(*shared.TLSConfig), scope) + }); err != nil { + return err + } + return nil +} + +func autoConvert_v1alpha1_DynamicServingConfig_To_shared_DynamicServingConfig(in *v1alpha1.DynamicServingConfig, out *shared.DynamicServingConfig, s conversion.Scope) error { + out.SecretNamespace = in.SecretNamespace + out.SecretName = in.SecretName + out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) + out.LeafDuration = time.Duration(in.LeafDuration) + return nil +} + +// Convert_v1alpha1_DynamicServingConfig_To_shared_DynamicServingConfig is an autogenerated conversion function. +func Convert_v1alpha1_DynamicServingConfig_To_shared_DynamicServingConfig(in *v1alpha1.DynamicServingConfig, out *shared.DynamicServingConfig, s conversion.Scope) error { + return autoConvert_v1alpha1_DynamicServingConfig_To_shared_DynamicServingConfig(in, out, s) +} + +func autoConvert_shared_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in *shared.DynamicServingConfig, out *v1alpha1.DynamicServingConfig, s conversion.Scope) error { + out.SecretNamespace = in.SecretNamespace + out.SecretName = in.SecretName + out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) + out.LeafDuration = time.Duration(in.LeafDuration) + return nil +} + +// Convert_shared_DynamicServingConfig_To_v1alpha1_DynamicServingConfig is an autogenerated conversion function. +func Convert_shared_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in *shared.DynamicServingConfig, out *v1alpha1.DynamicServingConfig, s conversion.Scope) error { + return autoConvert_shared_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in, out, s) +} + +func autoConvert_v1alpha1_FilesystemServingConfig_To_shared_FilesystemServingConfig(in *v1alpha1.FilesystemServingConfig, out *shared.FilesystemServingConfig, s conversion.Scope) error { + out.CertFile = in.CertFile + out.KeyFile = in.KeyFile + return nil +} + +// Convert_v1alpha1_FilesystemServingConfig_To_shared_FilesystemServingConfig is an autogenerated conversion function. +func Convert_v1alpha1_FilesystemServingConfig_To_shared_FilesystemServingConfig(in *v1alpha1.FilesystemServingConfig, out *shared.FilesystemServingConfig, s conversion.Scope) error { + return autoConvert_v1alpha1_FilesystemServingConfig_To_shared_FilesystemServingConfig(in, out, s) +} + +func autoConvert_shared_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in *shared.FilesystemServingConfig, out *v1alpha1.FilesystemServingConfig, s conversion.Scope) error { + out.CertFile = in.CertFile + out.KeyFile = in.KeyFile + return nil +} + +// Convert_shared_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig is an autogenerated conversion function. +func Convert_shared_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in *shared.FilesystemServingConfig, out *v1alpha1.FilesystemServingConfig, s conversion.Scope) error { + return autoConvert_shared_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in, out, s) +} + +func autoConvert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(in *v1alpha1.LeaderElectionConfig, out *shared.LeaderElectionConfig, s conversion.Scope) error { + if err := v1.Convert_Pointer_bool_To_bool(&in.Enabled, &out.Enabled, s); err != nil { + return err + } + out.Namespace = in.Namespace + out.LeaseDuration = time.Duration(in.LeaseDuration) + out.RenewDeadline = time.Duration(in.RenewDeadline) + out.RetryPeriod = time.Duration(in.RetryPeriod) + return nil +} + +func autoConvert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in *shared.LeaderElectionConfig, out *v1alpha1.LeaderElectionConfig, s conversion.Scope) error { + if err := v1.Convert_bool_To_Pointer_bool(&in.Enabled, &out.Enabled, s); err != nil { + return err + } + out.Namespace = in.Namespace + out.LeaseDuration = time.Duration(in.LeaseDuration) + out.RenewDeadline = time.Duration(in.RenewDeadline) + out.RetryPeriod = time.Duration(in.RetryPeriod) + return nil +} + +func autoConvert_v1alpha1_TLSConfig_To_shared_TLSConfig(in *v1alpha1.TLSConfig, out *shared.TLSConfig, s conversion.Scope) error { + out.CipherSuites = *(*[]string)(unsafe.Pointer(&in.CipherSuites)) + out.MinTLSVersion = in.MinTLSVersion + if err := Convert_v1alpha1_FilesystemServingConfig_To_shared_FilesystemServingConfig(&in.Filesystem, &out.Filesystem, s); err != nil { + return err + } + if err := Convert_v1alpha1_DynamicServingConfig_To_shared_DynamicServingConfig(&in.Dynamic, &out.Dynamic, s); err != nil { + return err + } + return nil +} + +func autoConvert_shared_TLSConfig_To_v1alpha1_TLSConfig(in *shared.TLSConfig, out *v1alpha1.TLSConfig, s conversion.Scope) error { + out.CipherSuites = *(*[]string)(unsafe.Pointer(&in.CipherSuites)) + out.MinTLSVersion = in.MinTLSVersion + if err := Convert_shared_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(&in.Filesystem, &out.Filesystem, s); err != nil { + return err + } + if err := Convert_shared_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(&in.Dynamic, &out.Dynamic, s); err != nil { + return err + } + return nil +} diff --git a/internal/apis/config/shared/v1alpha1/zz_generated.defaults.go b/internal/apis/config/shared/v1alpha1/zz_generated.defaults.go new file mode 100644 index 00000000000..48c7e75b495 --- /dev/null +++ b/internal/apis/config/shared/v1alpha1/zz_generated.defaults.go @@ -0,0 +1,33 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by defaulter-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// RegisterDefaults adds defaulters functions to the given scheme. +// Public to allow building arbitrary schemes. +// All generated defaulters are covering - they call all nested defaulters. +func RegisterDefaults(scheme *runtime.Scheme) error { + return nil +} diff --git a/internal/apis/config/shared/zz_generated.deepcopy.go b/internal/apis/config/shared/zz_generated.deepcopy.go new file mode 100644 index 00000000000..428716cdcf0 --- /dev/null +++ b/internal/apis/config/shared/zz_generated.deepcopy.go @@ -0,0 +1,98 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package shared + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) { + *out = *in + if in.DNSNames != nil { + in, out := &in.DNSNames, &out.DNSNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicServingConfig. +func (in *DynamicServingConfig) DeepCopy() *DynamicServingConfig { + if in == nil { + return nil + } + out := new(DynamicServingConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FilesystemServingConfig) DeepCopyInto(out *FilesystemServingConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesystemServingConfig. +func (in *FilesystemServingConfig) DeepCopy() *FilesystemServingConfig { + if in == nil { + return nil + } + out := new(FilesystemServingConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig. +func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig { + if in == nil { + return nil + } + out := new(LeaderElectionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { + *out = *in + if in.CipherSuites != nil { + in, out := &in.CipherSuites, &out.CipherSuites + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.Filesystem = in.Filesystem + in.Dynamic.DeepCopyInto(&out.Dynamic) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. +func (in *TLSConfig) DeepCopy() *TLSConfig { + if in == nil { + return nil + } + out := new(TLSConfig) + in.DeepCopyInto(out) + return out +} diff --git a/internal/apis/config/webhook/types.go b/internal/apis/config/webhook/types.go index 2c1d545ba00..ebb20730fd3 100644 --- a/internal/apis/config/webhook/types.go +++ b/internal/apis/config/webhook/types.go @@ -17,10 +17,10 @@ limitations under the License. package webhook import ( - "time" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" logsapi "k8s.io/component-base/logs/api/v1" + + shared "github.com/cert-manager/cert-manager/internal/apis/config/shared" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -39,7 +39,7 @@ type WebhookConfiguration struct { HealthzPort int32 // tlsConfig is used to configure the secure listener's TLS settings. - TLSConfig TLSConfig + TLSConfig shared.TLSConfig // kubeConfig is the kubeconfig file used to connect to the Kubernetes apiserver. // If not specified, the webhook will attempt to load the in-cluster-config. @@ -63,71 +63,3 @@ type WebhookConfiguration struct { // features. FeatureGates map[string]bool } - -// TLSConfig configures how TLS certificates are sourced for serving. -// Only one of 'filesystem' or 'dynamic' may be specified. -type TLSConfig struct { - // cipherSuites is the list of allowed cipher suites for the server. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // If not specified, the default for the Go version will be used and may change over time. - CipherSuites []string - - // minTLSVersion is the minimum TLS version supported. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // If not specified, the default for the Go version will be used and may change over time. - MinTLSVersion string - - // Filesystem enables using a certificate and private key found on the local filesystem. - // These files will be periodically polled in case they have changed, and dynamically reloaded. - Filesystem FilesystemServingConfig - - // When Dynamic serving is enabled, the webhook will generate a CA used to sign webhook - // certificates and persist it into a Kubernetes Secret resource (for other replicas of the - // webhook to consume). - // It will then generate a certificate in-memory for itself using this CA to serve with. - // The CAs certificate can then be copied into the appropriate Validating, Mutating and Conversion - // webhook configuration objects (typically by cainjector). - Dynamic DynamicServingConfig -} - -func (c *TLSConfig) FilesystemConfigProvided() bool { - if c.Filesystem.KeyFile != "" || c.Filesystem.CertFile != "" { - return true - } - return false -} - -func (c *TLSConfig) DynamicConfigProvided() bool { - if c.Dynamic.SecretNamespace != "" || c.Dynamic.SecretName != "" || len(c.Dynamic.DNSNames) > 0 { - return true - } - return false -} - -// DynamicServingConfig makes the webhook generate a CA and persist it into Secret resources. -// This CA will be used by all instances of the webhook for signing serving certificates. -type DynamicServingConfig struct { - // Namespace of the Kubernetes Secret resource containing the TLS certificate - // used as a CA to sign dynamic serving certificates. - SecretNamespace string - - // Secret resource name containing the TLS certificate - // used as a CA to sign dynamic serving certificates. - SecretName string - - // DNSNames that must be present on serving certificates signed by the CA. - DNSNames []string - - // LeafDuration is a customizable duration on serving certificates signed by the CA. - LeafDuration time.Duration -} - -// FilesystemServingConfig enables using a certificate and private key found on the local filesystem. -// These files will be periodically polled in case they have changed, and dynamically reloaded. -type FilesystemServingConfig struct { - // Path to a file containing TLS certificate & chain to serve with - CertFile string - - // Path to a file containing a TLS private key to serve with - KeyFile string -} diff --git a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json index 72d7d029681..f4df5a74217 100644 --- a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json @@ -4,7 +4,7 @@ "tlsConfig": { "filesystem": {}, "dynamic": { - "LeafDuration": 0 + "leafDuration": 604800000000000 } }, "enablePprof": false, diff --git a/internal/apis/config/webhook/v1alpha1/zz_generated.conversion.go b/internal/apis/config/webhook/v1alpha1/zz_generated.conversion.go index 3acf8870d82..d23776b65c2 100644 --- a/internal/apis/config/webhook/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/config/webhook/v1alpha1/zz_generated.conversion.go @@ -22,9 +22,9 @@ limitations under the License. package v1alpha1 import ( - time "time" unsafe "unsafe" + sharedv1alpha1 "github.com/cert-manager/cert-manager/internal/apis/config/shared/v1alpha1" webhook "github.com/cert-manager/cert-manager/internal/apis/config/webhook" v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -39,36 +39,6 @@ func init() { // RegisterConversions adds conversion functions to the given scheme. // Public to allow building arbitrary schemes. func RegisterConversions(s *runtime.Scheme) error { - if err := s.AddGeneratedConversionFunc((*v1alpha1.DynamicServingConfig)(nil), (*webhook.DynamicServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_DynamicServingConfig_To_webhook_DynamicServingConfig(a.(*v1alpha1.DynamicServingConfig), b.(*webhook.DynamicServingConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*webhook.DynamicServingConfig)(nil), (*v1alpha1.DynamicServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_webhook_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(a.(*webhook.DynamicServingConfig), b.(*v1alpha1.DynamicServingConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.FilesystemServingConfig)(nil), (*webhook.FilesystemServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_FilesystemServingConfig_To_webhook_FilesystemServingConfig(a.(*v1alpha1.FilesystemServingConfig), b.(*webhook.FilesystemServingConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*webhook.FilesystemServingConfig)(nil), (*v1alpha1.FilesystemServingConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_webhook_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(a.(*webhook.FilesystemServingConfig), b.(*v1alpha1.FilesystemServingConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*v1alpha1.TLSConfig)(nil), (*webhook.TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_v1alpha1_TLSConfig_To_webhook_TLSConfig(a.(*v1alpha1.TLSConfig), b.(*webhook.TLSConfig), scope) - }); err != nil { - return err - } - if err := s.AddGeneratedConversionFunc((*webhook.TLSConfig)(nil), (*v1alpha1.TLSConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { - return Convert_webhook_TLSConfig_To_v1alpha1_TLSConfig(a.(*webhook.TLSConfig), b.(*v1alpha1.TLSConfig), scope) - }); err != nil { - return err - } if err := s.AddGeneratedConversionFunc((*v1alpha1.WebhookConfiguration)(nil), (*webhook.WebhookConfiguration)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_WebhookConfiguration_To_webhook_WebhookConfiguration(a.(*v1alpha1.WebhookConfiguration), b.(*webhook.WebhookConfiguration), scope) }); err != nil { @@ -82,88 +52,6 @@ func RegisterConversions(s *runtime.Scheme) error { return nil } -func autoConvert_v1alpha1_DynamicServingConfig_To_webhook_DynamicServingConfig(in *v1alpha1.DynamicServingConfig, out *webhook.DynamicServingConfig, s conversion.Scope) error { - out.SecretNamespace = in.SecretNamespace - out.SecretName = in.SecretName - out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) - out.LeafDuration = time.Duration(in.LeafDuration) - return nil -} - -// Convert_v1alpha1_DynamicServingConfig_To_webhook_DynamicServingConfig is an autogenerated conversion function. -func Convert_v1alpha1_DynamicServingConfig_To_webhook_DynamicServingConfig(in *v1alpha1.DynamicServingConfig, out *webhook.DynamicServingConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_DynamicServingConfig_To_webhook_DynamicServingConfig(in, out, s) -} - -func autoConvert_webhook_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in *webhook.DynamicServingConfig, out *v1alpha1.DynamicServingConfig, s conversion.Scope) error { - out.SecretNamespace = in.SecretNamespace - out.SecretName = in.SecretName - out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) - out.LeafDuration = time.Duration(in.LeafDuration) - return nil -} - -// Convert_webhook_DynamicServingConfig_To_v1alpha1_DynamicServingConfig is an autogenerated conversion function. -func Convert_webhook_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in *webhook.DynamicServingConfig, out *v1alpha1.DynamicServingConfig, s conversion.Scope) error { - return autoConvert_webhook_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in, out, s) -} - -func autoConvert_v1alpha1_FilesystemServingConfig_To_webhook_FilesystemServingConfig(in *v1alpha1.FilesystemServingConfig, out *webhook.FilesystemServingConfig, s conversion.Scope) error { - out.CertFile = in.CertFile - out.KeyFile = in.KeyFile - return nil -} - -// Convert_v1alpha1_FilesystemServingConfig_To_webhook_FilesystemServingConfig is an autogenerated conversion function. -func Convert_v1alpha1_FilesystemServingConfig_To_webhook_FilesystemServingConfig(in *v1alpha1.FilesystemServingConfig, out *webhook.FilesystemServingConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_FilesystemServingConfig_To_webhook_FilesystemServingConfig(in, out, s) -} - -func autoConvert_webhook_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in *webhook.FilesystemServingConfig, out *v1alpha1.FilesystemServingConfig, s conversion.Scope) error { - out.CertFile = in.CertFile - out.KeyFile = in.KeyFile - return nil -} - -// Convert_webhook_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig is an autogenerated conversion function. -func Convert_webhook_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in *webhook.FilesystemServingConfig, out *v1alpha1.FilesystemServingConfig, s conversion.Scope) error { - return autoConvert_webhook_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(in, out, s) -} - -func autoConvert_v1alpha1_TLSConfig_To_webhook_TLSConfig(in *v1alpha1.TLSConfig, out *webhook.TLSConfig, s conversion.Scope) error { - out.CipherSuites = *(*[]string)(unsafe.Pointer(&in.CipherSuites)) - out.MinTLSVersion = in.MinTLSVersion - if err := Convert_v1alpha1_FilesystemServingConfig_To_webhook_FilesystemServingConfig(&in.Filesystem, &out.Filesystem, s); err != nil { - return err - } - if err := Convert_v1alpha1_DynamicServingConfig_To_webhook_DynamicServingConfig(&in.Dynamic, &out.Dynamic, s); err != nil { - return err - } - return nil -} - -// Convert_v1alpha1_TLSConfig_To_webhook_TLSConfig is an autogenerated conversion function. -func Convert_v1alpha1_TLSConfig_To_webhook_TLSConfig(in *v1alpha1.TLSConfig, out *webhook.TLSConfig, s conversion.Scope) error { - return autoConvert_v1alpha1_TLSConfig_To_webhook_TLSConfig(in, out, s) -} - -func autoConvert_webhook_TLSConfig_To_v1alpha1_TLSConfig(in *webhook.TLSConfig, out *v1alpha1.TLSConfig, s conversion.Scope) error { - out.CipherSuites = *(*[]string)(unsafe.Pointer(&in.CipherSuites)) - out.MinTLSVersion = in.MinTLSVersion - if err := Convert_webhook_FilesystemServingConfig_To_v1alpha1_FilesystemServingConfig(&in.Filesystem, &out.Filesystem, s); err != nil { - return err - } - if err := Convert_webhook_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(&in.Dynamic, &out.Dynamic, s); err != nil { - return err - } - return nil -} - -// Convert_webhook_TLSConfig_To_v1alpha1_TLSConfig is an autogenerated conversion function. -func Convert_webhook_TLSConfig_To_v1alpha1_TLSConfig(in *webhook.TLSConfig, out *v1alpha1.TLSConfig, s conversion.Scope) error { - return autoConvert_webhook_TLSConfig_To_v1alpha1_TLSConfig(in, out, s) -} - func autoConvert_v1alpha1_WebhookConfiguration_To_webhook_WebhookConfiguration(in *v1alpha1.WebhookConfiguration, out *webhook.WebhookConfiguration, s conversion.Scope) error { if err := v1.Convert_Pointer_int32_To_int32(&in.SecurePort, &out.SecurePort, s); err != nil { return err @@ -171,7 +59,7 @@ func autoConvert_v1alpha1_WebhookConfiguration_To_webhook_WebhookConfiguration(i if err := v1.Convert_Pointer_int32_To_int32(&in.HealthzPort, &out.HealthzPort, s); err != nil { return err } - if err := Convert_v1alpha1_TLSConfig_To_webhook_TLSConfig(&in.TLSConfig, &out.TLSConfig, s); err != nil { + if err := sharedv1alpha1.Convert_v1alpha1_TLSConfig_To_shared_TLSConfig(&in.TLSConfig, &out.TLSConfig, s); err != nil { return err } out.KubeConfig = in.KubeConfig @@ -195,7 +83,7 @@ func autoConvert_webhook_WebhookConfiguration_To_v1alpha1_WebhookConfiguration(i if err := v1.Convert_int32_To_Pointer_int32(&in.HealthzPort, &out.HealthzPort, s); err != nil { return err } - if err := Convert_webhook_TLSConfig_To_v1alpha1_TLSConfig(&in.TLSConfig, &out.TLSConfig, s); err != nil { + if err := sharedv1alpha1.Convert_shared_TLSConfig_To_v1alpha1_TLSConfig(&in.TLSConfig, &out.TLSConfig, s); err != nil { return err } out.KubeConfig = in.KubeConfig diff --git a/internal/apis/config/webhook/v1alpha1/zz_generated.defaults.go b/internal/apis/config/webhook/v1alpha1/zz_generated.defaults.go index 39c82e224ab..616dc64db15 100644 --- a/internal/apis/config/webhook/v1alpha1/zz_generated.defaults.go +++ b/internal/apis/config/webhook/v1alpha1/zz_generated.defaults.go @@ -22,6 +22,7 @@ limitations under the License. package v1alpha1 import ( + sharedv1alpha1 "github.com/cert-manager/cert-manager/internal/apis/config/shared/v1alpha1" v1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/webhook/v1alpha1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -36,4 +37,5 @@ func RegisterDefaults(scheme *runtime.Scheme) error { func SetObjectDefaults_WebhookConfiguration(in *v1alpha1.WebhookConfiguration) { SetDefaults_WebhookConfiguration(in) + sharedv1alpha1.SetDefaults_DynamicServingConfig(&in.TLSConfig.Dynamic) } diff --git a/internal/apis/config/webhook/validation/validation_test.go b/internal/apis/config/webhook/validation/validation_test.go index d80733141fd..cd366585013 100644 --- a/internal/apis/config/webhook/validation/validation_test.go +++ b/internal/apis/config/webhook/validation/validation_test.go @@ -19,6 +19,7 @@ package validation import ( "testing" + "github.com/cert-manager/cert-manager/internal/apis/config/shared" config "github.com/cert-manager/cert-manager/internal/apis/config/webhook" ) @@ -36,12 +37,12 @@ func TestValidateWebhookConfiguration(t *testing.T) { { "with both filesystem and dynamic tls configured", &config.WebhookConfiguration{ - TLSConfig: config.TLSConfig{ - Filesystem: config.FilesystemServingConfig{ + TLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ CertFile: "/test.crt", KeyFile: "/test.key", }, - Dynamic: config.DynamicServingConfig{ + Dynamic: shared.DynamicServingConfig{ SecretNamespace: "cert-manager", SecretName: "test", DNSNames: []string{"example.com"}, @@ -53,8 +54,8 @@ func TestValidateWebhookConfiguration(t *testing.T) { { "with valid filesystem tls config", &config.WebhookConfiguration{ - TLSConfig: config.TLSConfig{ - Filesystem: config.FilesystemServingConfig{ + TLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ CertFile: "/test.crt", KeyFile: "/test.key", }, @@ -65,8 +66,8 @@ func TestValidateWebhookConfiguration(t *testing.T) { { "with valid tls config missing keyfile", &config.WebhookConfiguration{ - TLSConfig: config.TLSConfig{ - Filesystem: config.FilesystemServingConfig{ + TLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ CertFile: "/test.crt", }, }, @@ -76,8 +77,8 @@ func TestValidateWebhookConfiguration(t *testing.T) { { "with valid tls config missing certfile", &config.WebhookConfiguration{ - TLSConfig: config.TLSConfig{ - Filesystem: config.FilesystemServingConfig{ + TLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ KeyFile: "/test.key", }, }, @@ -87,8 +88,8 @@ func TestValidateWebhookConfiguration(t *testing.T) { { "with valid dynamic tls config", &config.WebhookConfiguration{ - TLSConfig: config.TLSConfig{ - Dynamic: config.DynamicServingConfig{ + TLSConfig: shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ SecretNamespace: "cert-manager", SecretName: "test", DNSNames: []string{"example.com"}, @@ -100,8 +101,8 @@ func TestValidateWebhookConfiguration(t *testing.T) { { "with dynamic tls missing secret namespace", &config.WebhookConfiguration{ - TLSConfig: config.TLSConfig{ - Dynamic: config.DynamicServingConfig{ + TLSConfig: shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ SecretName: "test", DNSNames: []string{"example.com"}, }, @@ -112,8 +113,8 @@ func TestValidateWebhookConfiguration(t *testing.T) { { "with dynamic tls missing secret name", &config.WebhookConfiguration{ - TLSConfig: config.TLSConfig{ - Dynamic: config.DynamicServingConfig{ + TLSConfig: shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ SecretNamespace: "cert-manager", DNSNames: []string{"example.com"}, }, @@ -124,8 +125,8 @@ func TestValidateWebhookConfiguration(t *testing.T) { { "with dynamic tls missing dns names", &config.WebhookConfiguration{ - TLSConfig: config.TLSConfig{ - Dynamic: config.DynamicServingConfig{ + TLSConfig: shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ SecretName: "test", SecretNamespace: "cert-manager", DNSNames: nil, diff --git a/internal/apis/config/webhook/zz_generated.deepcopy.go b/internal/apis/config/webhook/zz_generated.deepcopy.go index ad34e289484..ed819dc7b00 100644 --- a/internal/apis/config/webhook/zz_generated.deepcopy.go +++ b/internal/apis/config/webhook/zz_generated.deepcopy.go @@ -25,66 +25,6 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) { - *out = *in - if in.DNSNames != nil { - in, out := &in.DNSNames, &out.DNSNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicServingConfig. -func (in *DynamicServingConfig) DeepCopy() *DynamicServingConfig { - if in == nil { - return nil - } - out := new(DynamicServingConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FilesystemServingConfig) DeepCopyInto(out *FilesystemServingConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesystemServingConfig. -func (in *FilesystemServingConfig) DeepCopy() *FilesystemServingConfig { - if in == nil { - return nil - } - out := new(FilesystemServingConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { - *out = *in - if in.CipherSuites != nil { - in, out := &in.CipherSuites, &out.CipherSuites - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.Filesystem = in.Filesystem - in.Dynamic.DeepCopyInto(&out.Dynamic) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. -func (in *TLSConfig) DeepCopy() *TLSConfig { - if in == nil { - return nil - } - out := new(TLSConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebhookConfiguration) DeepCopyInto(out *WebhookConfiguration) { *out = *in diff --git a/internal/webhook/webhook.go b/internal/webhook/webhook.go index b0de30d8eff..f1d8abc8c15 100644 --- a/internal/webhook/webhook.go +++ b/internal/webhook/webhook.go @@ -31,6 +31,7 @@ import ( acmeinstall "github.com/cert-manager/cert-manager/internal/apis/acme/install" cminstall "github.com/cert-manager/cert-manager/internal/apis/certmanager/install" + "github.com/cert-manager/cert-manager/internal/apis/config/shared" config "github.com/cert-manager/cert-manager/internal/apis/config/webhook" metainstall "github.com/cert-manager/cert-manager/internal/apis/meta/install" crapproval "github.com/cert-manager/cert-manager/internal/webhook/admission/certificaterequest/approval" @@ -114,7 +115,7 @@ func buildAdmissionChain(client kubernetes.Interface) (admission.PluginChain, er return pluginChain, nil } -func buildCertificateSource(log logr.Logger, tlsConfig config.TLSConfig, restCfg *rest.Config) tls.CertificateSource { +func buildCertificateSource(log logr.Logger, tlsConfig shared.TLSConfig, restCfg *rest.Config) tls.CertificateSource { switch { case tlsConfig.FilesystemConfigProvided(): log.V(logf.InfoLevel).Info("using TLS certificate from local filesystem", "private_key_path", tlsConfig.Filesystem.KeyFile, "certificate", tlsConfig.Filesystem.CertFile) diff --git a/pkg/apis/config/cainjector/v1alpha1/types.go b/pkg/apis/config/cainjector/v1alpha1/types.go index fc5dccccf53..deb33771e0a 100644 --- a/pkg/apis/config/cainjector/v1alpha1/types.go +++ b/pkg/apis/config/cainjector/v1alpha1/types.go @@ -17,10 +17,10 @@ limitations under the License. package v1alpha1 import ( - "time" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" logsapi "k8s.io/component-base/logs/api/v1" + + sharedv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -38,7 +38,7 @@ type CAInjectorConfiguration struct { Namespace string `json:"namespace,omitempty"` // LeaderElectionConfig configures the behaviour of the leader election - LeaderElectionConfig LeaderElectionConfig `json:"leaderElectionConfig"` + LeaderElectionConfig sharedv1alpha1.LeaderElectionConfig `json:"leaderElectionConfig"` // EnableDataSourceConfig determines whether cainjector's control loops will watch // cert-manager resources as potential sources of CA data. @@ -66,31 +66,6 @@ type CAInjectorConfiguration struct { FeatureGates map[string]bool `json:"featureGates,omitempty"` } -type LeaderElectionConfig struct { - // If true, cert-manager will perform leader election between instances to - // ensure no more than one instance of cert-manager operates at a time - Enabled *bool `json:"enabled,omitempty"` - - // Namespace used to perform leader election. Only used if leader election is enabled - Namespace string `json:"namespace,omitempty"` - - // The duration that non-leader candidates will wait after observing a leadership - // renewal until attempting to acquire leadership of a led but unrenewed leader - // slot. This is effectively the maximum duration that a leader can be stopped - // before it is replaced by another candidate. This is only applicable if leader - // election is enabled. - LeaseDuration time.Duration `json:"leaseDuration,omitempty"` - - // The interval between attempts by the acting master to renew a leadership slot - // before it stops leading. This must be less than or equal to the lease duration. - // This is only applicable if leader election is enabled. - RenewDeadline time.Duration `json:"renewDeadline,omitempty"` - - // The duration the clients should wait between attempting acquisition and renewal - // of a leadership. This is only applicable if leader election is enabled. - RetryPeriod time.Duration `json:"retryPeriod,omitempty"` -} - type EnableDataSourceConfig struct { // Certificates detemines whether cainjector's control loops will watch // cert-manager Certificate resources as potential sources of CA data. diff --git a/pkg/apis/config/cainjector/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/config/cainjector/v1alpha1/zz_generated.deepcopy.go index c453f3d7a5e..684d06dcd29 100644 --- a/pkg/apis/config/cainjector/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/config/cainjector/v1alpha1/zz_generated.deepcopy.go @@ -117,24 +117,3 @@ func (in *EnableInjectableConfig) DeepCopy() *EnableInjectableConfig { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig. -func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig { - if in == nil { - return nil - } - out := new(LeaderElectionConfig) - in.DeepCopyInto(out) - return out -} diff --git a/pkg/apis/config/controller/v1alpha1/types.go b/pkg/apis/config/controller/v1alpha1/types.go index 718dceac524..8848f4f83b3 100644 --- a/pkg/apis/config/controller/v1alpha1/types.go +++ b/pkg/apis/config/controller/v1alpha1/types.go @@ -21,6 +21,8 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" logsapi "k8s.io/component-base/logs/api/v1" + + sharedv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -104,7 +106,7 @@ type ControllerConfiguration struct { MetricsListenAddress string `json:"metricsListenAddress,omitempty"` // TLS config for the metrics endpoint - MetricsTLSConfig TLSConfig `json:"metricsTLSConfig"` + MetricsTLSConfig sharedv1alpha1.TLSConfig `json:"metricsTLSConfig"` // The host and port address, separated by a ':', that the healthz server // should listen on. @@ -137,45 +139,8 @@ type ControllerConfiguration struct { ACMEDNS01Config ACMEDNS01Config `json:"acmeDNS01Config,omitempty"` } -type KubeConfig struct { - // Path to a kubeconfig. Only required if out-of-cluster. - Path string `json:"path,omitempty"` - - // If true, use the current context from the kubeconfig file. - // If false, use the context specified by ControllerConfiguration.Context. - // Default: true - // +optional - CurrentContext *bool `json:"currentContext,omitempty"` - - // The kubeconfig context to use. - // Default: current-context from kubeconfig file - // +optional - Context string `json:"context,omitempty"` -} - type LeaderElectionConfig struct { - // If true, cert-manager will perform leader election between instances to - // ensure no more than one instance of cert-manager operates at a time - Enabled *bool `json:"enabled,omitempty"` - - // Namespace used to perform leader election. Only used if leader election is enabled - Namespace string `json:"namespace,omitempty"` - - // The duration that non-leader candidates will wait after observing a leadership - // renewal until attempting to acquire leadership of a led but unrenewed leader - // slot. This is effectively the maximum duration that a leader can be stopped - // before it is replaced by another candidate. This is only applicable if leader - // election is enabled. - LeaseDuration time.Duration `json:"leaseDuration,omitempty"` - - // The interval between attempts by the acting master to renew a leadership slot - // before it stops leading. This must be less than or equal to the lease duration. - // This is only applicable if leader election is enabled. - RenewDeadline time.Duration `json:"renewDeadline,omitempty"` - - // The duration the clients should wait between attempting acquisition and renewal - // of a leadership. This is only applicable if leader election is enabled. - RetryPeriod time.Duration `json:"retryPeriod,omitempty"` + sharedv1alpha1.LeaderElectionConfig `json:",inline"` // Leader election healthz checks within this timeout period after the lease // expires will still return healthy. @@ -258,55 +223,3 @@ type ACMEDNS01Config struct { // string, for example 180s or 1h CheckRetryPeriod time.Duration `json:"checkRetryPeriod,omitempty"` } - -// TLSConfig configures how TLS certificates are sourced for serving. -// Only one of 'filesystem' or 'dynamic' may be specified. -type TLSConfig struct { - // cipherSuites is the list of allowed cipher suites for the server. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // If not specified, the default for the Go version will be used and may change over time. - CipherSuites []string `json:"cipherSuites,omitempty"` - - // minTLSVersion is the minimum TLS version supported. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // If not specified, the default for the Go version will be used and may change over time. - MinTLSVersion string `json:"minTLSVersion,omitempty"` - - // Filesystem enables using a certificate and private key found on the local filesystem. - // These files will be periodically polled in case they have changed, and dynamically reloaded. - Filesystem FilesystemServingConfig `json:"filesystem"` - - // When Dynamic serving is enabled, the controller will generate a CA used to sign - // certificates and persist it into a Kubernetes Secret resource (for other replicas of the - // controller to consume). - // It will then generate a certificate in-memory for itself using this CA to serve with. - Dynamic DynamicServingConfig `json:"dynamic"` -} - -// DynamicServingConfig makes the controller generate a CA and persist it into Secret resources. -// This CA will be used by all instances of the controller for signing serving certificates. -type DynamicServingConfig struct { - // Namespace of the Kubernetes Secret resource containing the TLS certificate - // used as a CA to sign dynamic serving certificates. - SecretNamespace string `json:"secretNamespace,omitempty"` - - // Secret resource name containing the TLS certificate - // used as a CA to sign dynamic serving certificates. - SecretName string `json:"secretName,omitempty"` - - // DNSNames that must be present on serving certificates signed by the CA. - DNSNames []string `json:"dnsNames,omitempty"` - - // LeafDuration is a customizable duration on serving certificates signed by the CA. - LeafDuration time.Duration -} - -// FilesystemServingConfig enables using a certificate and private key found on the local filesystem. -// These files will be periodically polled in case they have changed, and dynamically reloaded. -type FilesystemServingConfig struct { - // Path to a file containing TLS certificate & chain to serve with - CertFile string `json:"certFile,omitempty"` - - // Path to a file containing a TLS private key to serve with - KeyFile string `json:"keyFile,omitempty"` -} diff --git a/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go index dea240802a8..4d71c038e54 100644 --- a/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go @@ -170,43 +170,6 @@ func (in *ControllerConfiguration) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) { - *out = *in - if in.DNSNames != nil { - in, out := &in.DNSNames, &out.DNSNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicServingConfig. -func (in *DynamicServingConfig) DeepCopy() *DynamicServingConfig { - if in == nil { - return nil - } - out := new(DynamicServingConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FilesystemServingConfig) DeepCopyInto(out *FilesystemServingConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesystemServingConfig. -func (in *FilesystemServingConfig) DeepCopy() *FilesystemServingConfig { - if in == nil { - return nil - } - out := new(FilesystemServingConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressShimConfig) DeepCopyInto(out *IngressShimConfig) { *out = *in @@ -228,35 +191,10 @@ func (in *IngressShimConfig) DeepCopy() *IngressShimConfig { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *KubeConfig) DeepCopyInto(out *KubeConfig) { - *out = *in - if in.CurrentContext != nil { - in, out := &in.CurrentContext, &out.CurrentContext - *out = new(bool) - **out = **in - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubeConfig. -func (in *KubeConfig) DeepCopy() *KubeConfig { - if in == nil { - return nil - } - out := new(KubeConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = new(bool) - **out = **in - } + in.LeaderElectionConfig.DeepCopyInto(&out.LeaderElectionConfig) return } @@ -269,26 +207,3 @@ func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig { in.DeepCopyInto(out) return out } - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { - *out = *in - if in.CipherSuites != nil { - in, out := &in.CipherSuites, &out.CipherSuites - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.Filesystem = in.Filesystem - in.Dynamic.DeepCopyInto(&out.Dynamic) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. -func (in *TLSConfig) DeepCopy() *TLSConfig { - if in == nil { - return nil - } - out := new(TLSConfig) - in.DeepCopyInto(out) - return out -} diff --git a/internal/apis/config/webhook/v1alpha1/conversion.go b/pkg/apis/config/shared/doc.go similarity index 85% rename from internal/apis/config/webhook/v1alpha1/conversion.go rename to pkg/apis/config/shared/doc.go index 335956697c5..f598e21362f 100644 --- a/internal/apis/config/webhook/v1alpha1/conversion.go +++ b/pkg/apis/config/shared/doc.go @@ -14,4 +14,5 @@ See the License for the specific language governing permissions and limitations under the License. */ -package v1alpha1 +// Package shared contains shared types for the cert-manager configuration API +package shared diff --git a/internal/apis/config/cainjector/v1alpha1/conversion.go b/pkg/apis/config/shared/v1alpha1/doc.go similarity index 93% rename from internal/apis/config/cainjector/v1alpha1/conversion.go rename to pkg/apis/config/shared/v1alpha1/doc.go index 335956697c5..ab45229806e 100644 --- a/internal/apis/config/cainjector/v1alpha1/conversion.go +++ b/pkg/apis/config/shared/v1alpha1/doc.go @@ -14,4 +14,5 @@ See the License for the specific language governing permissions and limitations under the License. */ +// +k8s:deepcopy-gen=package,register package v1alpha1 diff --git a/pkg/apis/config/shared/v1alpha1/types_leaderelection.go b/pkg/apis/config/shared/v1alpha1/types_leaderelection.go new file mode 100644 index 00000000000..b99fd5eec6f --- /dev/null +++ b/pkg/apis/config/shared/v1alpha1/types_leaderelection.go @@ -0,0 +1,44 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import "time" + +type LeaderElectionConfig struct { + // If true, cert-manager will perform leader election between instances to + // ensure no more than one instance of cert-manager operates at a time + Enabled *bool `json:"enabled,omitempty"` + + // Namespace used to perform leader election. Only used if leader election is enabled + Namespace string `json:"namespace,omitempty"` + + // The duration that non-leader candidates will wait after observing a leadership + // renewal until attempting to acquire leadership of a led but unrenewed leader + // slot. This is effectively the maximum duration that a leader can be stopped + // before it is replaced by another candidate. This is only applicable if leader + // election is enabled. + LeaseDuration time.Duration `json:"leaseDuration,omitempty"` + + // The interval between attempts by the acting master to renew a leadership slot + // before it stops leading. This must be less than or equal to the lease duration. + // This is only applicable if leader election is enabled. + RenewDeadline time.Duration `json:"renewDeadline,omitempty"` + + // The duration the clients should wait between attempting acquisition and renewal + // of a leadership. This is only applicable if leader election is enabled. + RetryPeriod time.Duration `json:"retryPeriod,omitempty"` +} diff --git a/pkg/apis/config/shared/v1alpha1/types_tlsconfig.go b/pkg/apis/config/shared/v1alpha1/types_tlsconfig.go new file mode 100644 index 00000000000..3cd36714b00 --- /dev/null +++ b/pkg/apis/config/shared/v1alpha1/types_tlsconfig.go @@ -0,0 +1,71 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import "time" + +// TLSConfig configures how TLS certificates are sourced for serving. +// Only one of 'filesystem' or 'dynamic' may be specified. +type TLSConfig struct { + // cipherSuites is the list of allowed cipher suites for the server. + // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). + // If not specified, the default for the Go version will be used and may change over time. + CipherSuites []string `json:"cipherSuites,omitempty"` + + // minTLSVersion is the minimum TLS version supported. + // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). + // If not specified, the default for the Go version will be used and may change over time. + MinTLSVersion string `json:"minTLSVersion,omitempty"` + + // Filesystem enables using a certificate and private key found on the local filesystem. + // These files will be periodically polled in case they have changed, and dynamically reloaded. + Filesystem FilesystemServingConfig `json:"filesystem"` + + // When Dynamic serving is enabled, the controller will generate a CA used to sign + // certificates and persist it into a Kubernetes Secret resource (for other replicas of the + // controller to consume). + // It will then generate a certificate in-memory for itself using this CA to serve with. + Dynamic DynamicServingConfig `json:"dynamic"` +} + +// DynamicServingConfig makes the controller generate a CA and persist it into Secret resources. +// This CA will be used by all instances of the controller for signing serving certificates. +type DynamicServingConfig struct { + // Namespace of the Kubernetes Secret resource containing the TLS certificate + // used as a CA to sign dynamic serving certificates. + SecretNamespace string `json:"secretNamespace,omitempty"` + + // Secret resource name containing the TLS certificate + // used as a CA to sign dynamic serving certificates. + SecretName string `json:"secretName,omitempty"` + + // DNSNames that must be present on serving certificates signed by the CA. + DNSNames []string `json:"dnsNames,omitempty"` + + // LeafDuration is a customizable duration on serving certificates signed by the CA. + LeafDuration time.Duration `json:"leafDuration,omitempty"` +} + +// FilesystemServingConfig enables using a certificate and private key found on the local filesystem. +// These files will be periodically polled in case they have changed, and dynamically reloaded. +type FilesystemServingConfig struct { + // Path to a file containing TLS certificate & chain to serve with + CertFile string `json:"certFile,omitempty"` + + // Path to a file containing a TLS private key to serve with + KeyFile string `json:"keyFile,omitempty"` +} diff --git a/pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..14d857977ee --- /dev/null +++ b/pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,103 @@ +//go:build !ignore_autogenerated +// +build !ignore_autogenerated + +/* +Copyright The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) { + *out = *in + if in.DNSNames != nil { + in, out := &in.DNSNames, &out.DNSNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicServingConfig. +func (in *DynamicServingConfig) DeepCopy() *DynamicServingConfig { + if in == nil { + return nil + } + out := new(DynamicServingConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FilesystemServingConfig) DeepCopyInto(out *FilesystemServingConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesystemServingConfig. +func (in *FilesystemServingConfig) DeepCopy() *FilesystemServingConfig { + if in == nil { + return nil + } + out := new(FilesystemServingConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = new(bool) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LeaderElectionConfig. +func (in *LeaderElectionConfig) DeepCopy() *LeaderElectionConfig { + if in == nil { + return nil + } + out := new(LeaderElectionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { + *out = *in + if in.CipherSuites != nil { + in, out := &in.CipherSuites, &out.CipherSuites + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.Filesystem = in.Filesystem + in.Dynamic.DeepCopyInto(&out.Dynamic) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. +func (in *TLSConfig) DeepCopy() *TLSConfig { + if in == nil { + return nil + } + out := new(TLSConfig) + in.DeepCopyInto(out) + return out +} diff --git a/pkg/apis/config/webhook/v1alpha1/types.go b/pkg/apis/config/webhook/v1alpha1/types.go index 313fd1490f5..2b5fbb22597 100644 --- a/pkg/apis/config/webhook/v1alpha1/types.go +++ b/pkg/apis/config/webhook/v1alpha1/types.go @@ -17,10 +17,10 @@ limitations under the License. package v1alpha1 import ( - "time" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" logsapi "k8s.io/component-base/logs/api/v1" + + sharedv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1" ) // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -39,7 +39,7 @@ type WebhookConfiguration struct { HealthzPort *int32 `json:"healthzPort,omitempty"` // tlsConfig is used to configure the secure listener's TLS settings. - TLSConfig TLSConfig `json:"tlsConfig"` + TLSConfig sharedv1alpha1.TLSConfig `json:"tlsConfig"` // kubeConfig is the kubeconfig file used to connect to the Kubernetes apiserver. // If not specified, the webhook will attempt to load the in-cluster-config. @@ -65,57 +65,3 @@ type WebhookConfiguration struct { // +optional FeatureGates map[string]bool `json:"featureGates,omitempty"` } - -// TLSConfig configures how TLS certificates are sourced for serving. -// Only one of 'filesystem' or 'dynamic' may be specified. -type TLSConfig struct { - // cipherSuites is the list of allowed cipher suites for the server. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // If not specified, the default for the Go version will be used and may change over time. - CipherSuites []string `json:"cipherSuites,omitempty"` - - // minTLSVersion is the minimum TLS version supported. - // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). - // If not specified, the default for the Go version will be used and may change over time. - MinTLSVersion string `json:"minTLSVersion,omitempty"` - - // Filesystem enables using a certificate and private key found on the local filesystem. - // These files will be periodically polled in case they have changed, and dynamically reloaded. - Filesystem FilesystemServingConfig `json:"filesystem"` - - // When Dynamic serving is enabled, the webhook will generate a CA used to sign webhook - // certificates and persist it into a Kubernetes Secret resource (for other replicas of the - // webhook to consume). - // It will then generate a certificate in-memory for itself using this CA to serve with. - // The CAs certificate can then be copied into the appropriate Validating, Mutating and Conversion - // webhook configuration objects (typically by cainjector). - Dynamic DynamicServingConfig `json:"dynamic"` -} - -// DynamicServingConfig makes the webhook generate a CA and persist it into Secret resources. -// This CA will be used by all instances of the webhook for signing serving certificates. -type DynamicServingConfig struct { - // Namespace of the Kubernetes Secret resource containing the TLS certificate - // used as a CA to sign dynamic serving certificates. - SecretNamespace string `json:"secretNamespace,omitempty"` - - // Secret resource name containing the TLS certificate - // used as a CA to sign dynamic serving certificates. - SecretName string `json:"secretName,omitempty"` - - // DNSNames that must be present on serving certificates signed by the CA. - DNSNames []string `json:"dnsNames,omitempty"` - - // LeafDuration is a customizable duration on serving certificates signed by the CA. - LeafDuration time.Duration -} - -// FilesystemServingConfig enables using a certificate and private key found on the local filesystem. -// These files will be periodically polled in case they have changed, and dynamically reloaded. -type FilesystemServingConfig struct { - // Path to a file containing TLS certificate & chain to serve with - CertFile string `json:"certFile,omitempty"` - - // Path to a file containing a TLS private key to serve with - KeyFile string `json:"keyFile,omitempty"` -} diff --git a/pkg/apis/config/webhook/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/config/webhook/v1alpha1/zz_generated.deepcopy.go index 9fe3d916bbb..e284758ae86 100644 --- a/pkg/apis/config/webhook/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/config/webhook/v1alpha1/zz_generated.deepcopy.go @@ -25,66 +25,6 @@ import ( runtime "k8s.io/apimachinery/pkg/runtime" ) -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) { - *out = *in - if in.DNSNames != nil { - in, out := &in.DNSNames, &out.DNSNames - *out = make([]string, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DynamicServingConfig. -func (in *DynamicServingConfig) DeepCopy() *DynamicServingConfig { - if in == nil { - return nil - } - out := new(DynamicServingConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FilesystemServingConfig) DeepCopyInto(out *FilesystemServingConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FilesystemServingConfig. -func (in *FilesystemServingConfig) DeepCopy() *FilesystemServingConfig { - if in == nil { - return nil - } - out := new(FilesystemServingConfig) - in.DeepCopyInto(out) - return out -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *TLSConfig) DeepCopyInto(out *TLSConfig) { - *out = *in - if in.CipherSuites != nil { - in, out := &in.CipherSuites, &out.CipherSuites - *out = make([]string, len(*in)) - copy(*out, *in) - } - out.Filesystem = in.Filesystem - in.Dynamic.DeepCopyInto(&out.Dynamic) - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSConfig. -func (in *TLSConfig) DeepCopy() *TLSConfig { - if in == nil { - return nil - } - out := new(TLSConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *WebhookConfiguration) DeepCopyInto(out *WebhookConfiguration) { *out = *in From 22516fddf56ded979e2a02f203ee983ac44e5463 Mon Sep 17 00:00:00 2001 From: Pieter van der Giessen Date: Tue, 14 May 2024 13:16:53 +0200 Subject: [PATCH 127/177] Add hostAliases to controller pod Signed-off-by: Pieter van der Giessen --- deploy/charts/cert-manager/README.template.md | 7 +++++++ deploy/charts/cert-manager/templates/deployment.yaml | 3 +++ deploy/charts/cert-manager/values.yaml | 11 +++++++++++ 3 files changed, 21 insertions(+) diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index 0edb2719045..ab0073bfdd9 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -504,6 +504,13 @@ For more information, see [Pod's DNS Policy](https://kubernetes.io/docs/concepts Pod DNS configuration. The podDnsConfig field is optional and can work with any podDnsPolicy settings. However, when a Pod's dnsPolicy is set to "None", the dnsConfig field has to be specified. For more information, see [Pod's DNS Config](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config). +#### **hostAliases** ~ `array` +> Default value: +> ```yaml +> [] +> ``` + +Optional hostAliases for cert-manager-controller pods. May be useful when performing ACME DNS-01 self checks. #### **nodeSelector** ~ `object` > Default value: > ```yaml diff --git a/deploy/charts/cert-manager/templates/deployment.yaml b/deploy/charts/cert-manager/templates/deployment.yaml index 8e09f525ef2..8c7403dd90e 100644 --- a/deploy/charts/cert-manager/templates/deployment.yaml +++ b/deploy/charts/cert-manager/templates/deployment.yaml @@ -223,3 +223,6 @@ spec: dnsConfig: {{- toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hostAliases }} + hostAliases: {{ toYaml . | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 9540fb9d2dd..958e3589b59 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -337,6 +337,17 @@ podLabels: {} # - "1.1.1.1" # - "8.8.8.8" +# Optional hostAliases for cert-manager-controller pods. May be useful when performing ACME DNS-01 self checks. +hostAliases: [] +# - ip: 127.0.0.1 +# hostnames: +# - foo.local +# - bar.local +# - ip: 10.1.2.3 +# hostnames: +# - foo.remote +# - bar.remote + # The nodeSelector on Pods tells Kubernetes to schedule Pods on the nodes with # matching labels. # For more information, see [Assigning Pods to Nodes](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/). From 89a00b22a778131b73dd9b89c1c51624160edc3c Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 14 May 2024 14:51:11 +0200 Subject: [PATCH 128/177] fix typo in bash script Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- make/e2e-ci.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/make/e2e-ci.sh b/make/e2e-ci.sh index dfbddb18da8..b7104785b4c 100755 --- a/make/e2e-ci.sh +++ b/make/e2e-ci.sh @@ -24,4 +24,4 @@ trap 'make kind-logs' EXIT # (i.e. "I want to run the exact same e2e test that will be run in CI") # and because it allows us to be explicit about where it's getting set when we call "make e2e-ci" -make --no-print-directory e2e FLAKE_ATTEMPTS=2 CI=true K8S_VERSION="$(K8S_VERSION)" +make --no-print-directory e2e FLAKE_ATTEMPTS=2 CI=true K8S_VERSION="$K8S_VERSION" From 28eaf8754efc2f34f830fa2156c5d60a3c84c671 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Tue, 14 May 2024 12:15:16 +0000 Subject: [PATCH 129/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- make/_shared/tools/00_mod.mk | 10 +++++----- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/klone.yaml b/klone.yaml index fd4e5a533d1..3dcee7dee0e 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b6dc86973e937be38a138f38cf83134760487f26 + repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b6dc86973e937be38a138f38cf83134760487f26 + repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b6dc86973e937be38a138f38cf83134760487f26 + repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b6dc86973e937be38a138f38cf83134760487f26 + repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b6dc86973e937be38a138f38cf83134760487f26 + repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b6dc86973e937be38a138f38cf83134760487f26 + repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: b6dc86973e937be38a138f38cf83134760487f26 + repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 6807190b657..3d296b67d9b 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -50,7 +50,7 @@ tools += helm=v3.14.4 # https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl tools += kubectl=v1.30.0 # https://github.com/kubernetes-sigs/kind/releases -tools += kind=v0.22.0 +tools += kind=v0.23.0 # https://www.vaultproject.io/downloads tools += vault=1.16.2 # https://github.com/Azure/azure-workload-identity/releases @@ -399,10 +399,10 @@ $(DOWNLOAD_DIR)/tools/kubectl@$(KUBECTL_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DO $(checkhash_script) $(outfile) $(kubectl_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM); \ chmod +x $(outfile) -kind_linux_amd64_SHA256SUM=e4264d7ee07ca642fe52818d7c0ed188b193c214889dd055c929dbcb968d1f62 -kind_linux_arm64_SHA256SUM=4431805115da3b54290e3e976fe2db9a7e703f116177aace6735dfa1d8a4f3fe -kind_darwin_amd64_SHA256SUM=28a9f7ad7fd77922c639e21c034d0f989b33402693f4f842099cd9185b144d20 -kind_darwin_arm64_SHA256SUM=c8dd3b287965150ae4db668294edc48229116e95d94620c306d8fae932ee633f +kind_linux_amd64_SHA256SUM=1d86e3069ffbe3da9f1a918618aecbc778e00c75f838882d0dfa2d363bc4a68c +kind_linux_arm64_SHA256SUM=a416d6c311882337f0e56910e4a2e1f8c106ec70c22cbf0ac1dd8f33c1e284fe +kind_darwin_amd64_SHA256SUM=81c77f104b4b668812f7930659dc01ad88fa4d1cfc56900863eacdfb2731c457 +kind_darwin_arm64_SHA256SUM=68ec87c1e1ea2a708df883f4b94091150d19552d7b344e80ca59f449b301c2a0 .PRECIOUS: $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH) $(DOWNLOAD_DIR)/tools/kind@$(KIND_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD_DIR)/tools From 11431419877d9f01d9c093ba1277c044a19426ea Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Tue, 14 May 2024 11:28:55 +0100 Subject: [PATCH 130/177] bump kind images to latest for v0.23.0, use K8s v1.30.0 by default Also removes support for old K8s versions unsupported by Kind v0.23.0 Signed-off-by: Ashley Davis --- hack/latest-kind-images.sh | 2 +- make/cluster.sh | 6 ++---- make/e2e-setup.mk | 2 +- make/kind_images.sh | 15 +++++++-------- 4 files changed, 11 insertions(+), 14 deletions(-) diff --git a/hack/latest-kind-images.sh b/hack/latest-kind-images.sh index 175fb77a9dc..6581585b7ad 100755 --- a/hack/latest-kind-images.sh +++ b/hack/latest-kind-images.sh @@ -41,7 +41,7 @@ cp ./hack/boilerplate-sh.txt ./make/kind_images.sh.tmp cat << EOF >> ./make/kind_images.sh.tmp -# generated by "$0 $@" via "make update-kind-images" +# generated by "$0 $@" EOF diff --git a/make/cluster.sh b/make/cluster.sh index 156a50606d9..759903e52de 100755 --- a/make/cluster.sh +++ b/make/cluster.sh @@ -25,7 +25,7 @@ set -e source ./make/kind_images.sh mode=kind -k8s_version=1.28 +k8s_version=1.30 name=kind help() { @@ -105,14 +105,12 @@ if printenv K8S_VERSION >/dev/null && [ -n "$K8S_VERSION" ]; then fi case "$k8s_version" in -1.22*) image=$KIND_IMAGE_K8S_122 ;; -1.23*) image=$KIND_IMAGE_K8S_123 ;; -1.24*) image=$KIND_IMAGE_K8S_124 ;; 1.25*) image=$KIND_IMAGE_K8S_125 ;; 1.26*) image=$KIND_IMAGE_K8S_126 ;; 1.27*) image=$KIND_IMAGE_K8S_127 ;; 1.28*) image=$KIND_IMAGE_K8S_128 ;; 1.29*) image=$KIND_IMAGE_K8S_129 ;; +1.30*) image=$KIND_IMAGE_K8S_130 ;; v*) printf "${red}${redcross}Error${end}: Kubernetes version must be given without the leading 'v'\n" >&2 && exit 1 ;; *) printf "${red}${redcross}Error${end}: unsupported Kubernetes version ${yel}${k8s_version}${end}\n" >&2 && exit 1 ;; esac diff --git a/make/e2e-setup.mk b/make/e2e-setup.mk index e51ded52d93..a24780c98a0 100644 --- a/make/e2e-setup.mk +++ b/make/e2e-setup.mk @@ -24,7 +24,7 @@ CRI_ARCH := $(HOST_ARCH) # TODO: this version is also defaulted in ./make/cluster.sh. Make it so that it # is set in one place only. -K8S_VERSION := 1.28 +K8S_VERSION := 1.30 IMAGE_ingressnginx_amd64 := registry.k8s.io/ingress-nginx/controller:v1.9.4@sha256:0115d7e01987c13e1be90b09c223c3e0d8e9a92e97c0421e712ad3577e2d78e5 IMAGE_kyverno_amd64 := ghcr.io/kyverno/kyverno:v1.10.3@sha256:031d2da484f3d89c78007cbb1cf1d7ae992e069683a2cdca0a0efb63a63fc735 diff --git a/make/kind_images.sh b/make/kind_images.sh index 242c941ae09..87ef7bb3042 100755 --- a/make/kind_images.sh +++ b/make/kind_images.sh @@ -12,12 +12,11 @@ # See the License for the specific language governing permissions and # limitations under the License. -# generated by "./hack/latest-kind-images.sh v0.21.0" via "make update-kind-images" +# generated by "./hack/latest-kind-images.sh v0.23.0" -KIND_IMAGE_K8S_123=docker.io/kindest/node@sha256:fbb92ac580fce498473762419df27fa8664dbaa1c5a361b5957e123b4035bdcf -KIND_IMAGE_K8S_124=docker.io/kindest/node@sha256:ea292d57ec5dd0e2f3f5a2d77efa246ac883c051ff80e887109fabefbd3125c7 -KIND_IMAGE_K8S_125=docker.io/kindest/node@sha256:9d0a62b55d4fe1e262953be8d406689b947668626a357b5f9d0cfbddbebbc727 -KIND_IMAGE_K8S_126=docker.io/kindest/node@sha256:15ae92d507b7d4aec6e8920d358fc63d3b980493db191d7327541fbaaed1f789 -KIND_IMAGE_K8S_127=docker.io/kindest/node@sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f -KIND_IMAGE_K8S_128=docker.io/kindest/node@sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b -KIND_IMAGE_K8S_129=docker.io/kindest/node@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144 +KIND_IMAGE_K8S_125=docker.io/kindest/node@sha256:5da57dfc290ac3599e775e63b8b6c49c0c85d3fec771cd7d55b45fae14b38d3b +KIND_IMAGE_K8S_126=docker.io/kindest/node@sha256:84333e26cae1d70361bb7339efb568df1871419f2019c80f9a12b7e2d485fe19 +KIND_IMAGE_K8S_127=docker.io/kindest/node@sha256:17439fa5b32290e3ead39ead1250dca1d822d94a10d26f1981756cd51b24b9d8 +KIND_IMAGE_K8S_128=docker.io/kindest/node@sha256:dca54bc6a6079dd34699d53d7d4ffa2e853e46a20cd12d619a09207e35300bd0 +KIND_IMAGE_K8S_129=docker.io/kindest/node@sha256:3abb816a5b1061fb15c6e9e60856ec40d56b7b52bcea5f5f1350bc6e2320b6f8 +KIND_IMAGE_K8S_130=docker.io/kindest/node@sha256:047357ac0cfea04663786a612ba1eaba9702bef25227a794b52890dd8bcd692e From 1aacfd826adebd27a63e7cbd974ced630b3d4e33 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 14 May 2024 13:18:54 +0200 Subject: [PATCH 131/177] promote the LiteralCertificateSubject feature to Beta Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- internal/controller/feature/features.go | 2 +- internal/webhook/feature/features.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/controller/feature/features.go b/internal/controller/feature/features.go index 70dfbc0a2b5..a638faafd08 100644 --- a/internal/controller/feature/features.go +++ b/internal/controller/feature/features.go @@ -156,7 +156,7 @@ var defaultCertManagerFeatureGates = map[featuregate.Feature]featuregate.Feature ExperimentalGatewayAPISupport: {Default: true, PreRelease: featuregate.Beta}, AdditionalCertificateOutputFormats: {Default: true, PreRelease: featuregate.Beta}, ServerSideApply: {Default: false, PreRelease: featuregate.Alpha}, - LiteralCertificateSubject: {Default: false, PreRelease: featuregate.Alpha}, + LiteralCertificateSubject: {Default: true, PreRelease: featuregate.Beta}, UseCertificateRequestBasicConstraints: {Default: false, PreRelease: featuregate.Alpha}, NameConstraints: {Default: false, PreRelease: featuregate.Alpha}, OtherNames: {Default: false, PreRelease: featuregate.Alpha}, diff --git a/internal/webhook/feature/features.go b/internal/webhook/feature/features.go index 04c1ae20a68..b63483b1d40 100644 --- a/internal/webhook/feature/features.go +++ b/internal/webhook/feature/features.go @@ -96,7 +96,7 @@ var webhookFeatureGates = map[featuregate.Feature]featuregate.FeatureSpec{ DisallowInsecureCSRUsageDefinition: {Default: true, PreRelease: featuregate.GA}, AdditionalCertificateOutputFormats: {Default: true, PreRelease: featuregate.Beta}, - LiteralCertificateSubject: {Default: false, PreRelease: featuregate.Alpha}, + LiteralCertificateSubject: {Default: true, PreRelease: featuregate.Beta}, NameConstraints: {Default: false, PreRelease: featuregate.Alpha}, OtherNames: {Default: false, PreRelease: featuregate.Alpha}, } From 60324bcb5e572c03c820ba22e7c2e4a512f178fd Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 14 May 2024 09:41:18 +0200 Subject: [PATCH 132/177] Add support for duration values in "Go time.ParseDuration" format. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../v1alpha1/testdata/defaults.json | 6 +- .../config/controller/v1alpha1/defaults.go | 9 +-- .../v1alpha1/testdata/defaults.json | 12 ++-- .../v1alpha1/zz_generated.conversion.go | 17 +++-- .../apis/config/shared/v1alpha1/conversion.go | 16 +++++ .../apis/config/shared/v1alpha1/defaults.go | 16 ++--- .../v1alpha1/zz_generated.conversion.go | 42 +++++++++--- .../webhook/v1alpha1/testdata/defaults.json | 2 +- pkg/apis/config/controller/v1alpha1/types.go | 6 +- .../v1alpha1/zz_generated.deepcopy.go | 11 ++++ .../config/shared/v1alpha1/types_duration.go | 64 +++++++++++++++++++ .../shared/v1alpha1/types_leaderelection.go | 8 +-- .../config/shared/v1alpha1/types_tlsconfig.go | 4 +- .../shared/v1alpha1/zz_generated.deepcopy.go | 37 +++++++++++ 14 files changed, 203 insertions(+), 47 deletions(-) create mode 100644 pkg/apis/config/shared/v1alpha1/types_duration.go diff --git a/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json b/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json index 90ad8240535..706ce7b6a01 100644 --- a/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/cainjector/v1alpha1/testdata/defaults.json @@ -2,9 +2,9 @@ "leaderElectionConfig": { "enabled": true, "namespace": "kube-system", - "leaseDuration": 60000000000, - "renewDeadline": 40000000000, - "retryPeriod": 15000000000 + "leaseDuration": "1m0s", + "renewDeadline": "40s", + "retryPeriod": "15s" }, "enableDataSourceConfig": { "certificates": true diff --git a/internal/apis/config/controller/v1alpha1/defaults.go b/internal/apis/config/controller/v1alpha1/defaults.go index 9f8c29b0935..db4bf30a15f 100644 --- a/internal/apis/config/controller/v1alpha1/defaults.go +++ b/internal/apis/config/controller/v1alpha1/defaults.go @@ -25,6 +25,7 @@ import ( cm "github.com/cert-manager/cert-manager/pkg/apis/certmanager" "github.com/cert-manager/cert-manager/pkg/apis/config/controller/v1alpha1" + sharedv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1" challengescontroller "github.com/cert-manager/cert-manager/pkg/controller/acmechallenges" orderscontroller "github.com/cert-manager/cert-manager/pkg/controller/acmeorders" shimgatewaycontroller "github.com/cert-manager/cert-manager/pkg/controller/certificate-shim/gateways" @@ -243,8 +244,8 @@ func SetDefaults_ControllerConfiguration(obj *v1alpha1.ControllerConfiguration) } func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) { - if obj.HealthzTimeout == time.Duration(0) { - obj.HealthzTimeout = defaultHealthzLeaderElectionTimeout + if obj.HealthzTimeout.IsZero() { + obj.HealthzTimeout = sharedv1alpha1.DurationFromTime(defaultHealthzLeaderElectionTimeout) } } @@ -306,7 +307,7 @@ func SetDefaults_ACMEDNS01Config(obj *v1alpha1.ACMEDNS01Config) { obj.RecursiveNameserversOnly = &defaultDNS01RecursiveNameserversOnly } - if obj.CheckRetryPeriod == time.Duration(0) { - obj.CheckRetryPeriod = defaultDNS01CheckRetryPeriod + if obj.CheckRetryPeriod.IsZero() { + obj.CheckRetryPeriod = sharedv1alpha1.DurationFromTime(defaultDNS01CheckRetryPeriod) } } diff --git a/internal/apis/config/controller/v1alpha1/testdata/defaults.json b/internal/apis/config/controller/v1alpha1/testdata/defaults.json index 8ac5dc3472a..9df951afe27 100644 --- a/internal/apis/config/controller/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/controller/v1alpha1/testdata/defaults.json @@ -5,10 +5,10 @@ "leaderElectionConfig": { "enabled": true, "namespace": "kube-system", - "leaseDuration": 60000000000, - "renewDeadline": 40000000000, - "retryPeriod": 15000000000, - "healthzTimeout": 20000000000 + "leaseDuration": "1m0s", + "renewDeadline": "40s", + "retryPeriod": "15s", + "healthzTimeout": "20s" }, "controllers": [ "*" @@ -29,7 +29,7 @@ "metricsTLSConfig": { "filesystem": {}, "dynamic": { - "leafDuration": 604800000000000 + "leafDuration": "168h0m0s" } }, "healthzListenAddress": "0.0.0.0:9403", @@ -65,6 +65,6 @@ }, "acmeDNS01Config": { "recursiveNameserversOnly": false, - "checkRetryPeriod": 10000000000 + "checkRetryPeriod": "10s" } } \ No newline at end of file diff --git a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go index 5e4930963f4..446cdc3f927 100644 --- a/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/config/controller/v1alpha1/zz_generated.conversion.go @@ -22,7 +22,6 @@ limitations under the License. package v1alpha1 import ( - time "time" unsafe "unsafe" controller "github.com/cert-manager/cert-manager/internal/apis/config/controller" @@ -98,7 +97,9 @@ func autoConvert_v1alpha1_ACMEDNS01Config_To_controller_ACMEDNS01Config(in *v1al if err := v1.Convert_Pointer_bool_To_bool(&in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly, s); err != nil { return err } - out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod) + if err := sharedv1alpha1.Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.CheckRetryPeriod, &out.CheckRetryPeriod, s); err != nil { + return err + } return nil } @@ -112,7 +113,9 @@ func autoConvert_controller_ACMEDNS01Config_To_v1alpha1_ACMEDNS01Config(in *cont if err := v1.Convert_bool_To_Pointer_bool(&in.RecursiveNameserversOnly, &out.RecursiveNameserversOnly, s); err != nil { return err } - out.CheckRetryPeriod = time.Duration(in.CheckRetryPeriod) + if err := sharedv1alpha1.Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.CheckRetryPeriod, &out.CheckRetryPeriod, s); err != nil { + return err + } return nil } @@ -311,7 +314,9 @@ func autoConvert_v1alpha1_LeaderElectionConfig_To_controller_LeaderElectionConfi if err := sharedv1alpha1.Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { return err } - out.HealthzTimeout = time.Duration(in.HealthzTimeout) + if err := sharedv1alpha1.Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.HealthzTimeout, &out.HealthzTimeout, s); err != nil { + return err + } return nil } @@ -324,7 +329,9 @@ func autoConvert_controller_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfi if err := sharedv1alpha1.Convert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(&in.LeaderElectionConfig, &out.LeaderElectionConfig, s); err != nil { return err } - out.HealthzTimeout = time.Duration(in.HealthzTimeout) + if err := sharedv1alpha1.Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.HealthzTimeout, &out.HealthzTimeout, s); err != nil { + return err + } return nil } diff --git a/internal/apis/config/shared/v1alpha1/conversion.go b/internal/apis/config/shared/v1alpha1/conversion.go index 8baa182def7..182ac865da0 100644 --- a/internal/apis/config/shared/v1alpha1/conversion.go +++ b/internal/apis/config/shared/v1alpha1/conversion.go @@ -17,6 +17,8 @@ limitations under the License. package v1alpha1 import ( + "time" + conversion "k8s.io/apimachinery/pkg/conversion" shared "github.com/cert-manager/cert-manager/internal/apis/config/shared" @@ -76,3 +78,17 @@ func Convert_int_To_Pointer_int32(in *int, out **int32, s conversion.Scope) erro *out = &temp return nil } + +func Convert_Pointer_v1alpha1_Duration_To_time_Duration(in **v1alpha1.Duration, out *time.Duration, s conversion.Scope) error { + if *in == nil { + *out = 0 + return nil + } + *out = (*in).Duration.Duration + return nil +} + +func Convert_time_Duration_To_Pointer_v1alpha1_Duration(in *time.Duration, out **v1alpha1.Duration, s conversion.Scope) error { + *out = v1alpha1.DurationFromTime(*in) + return nil +} diff --git a/internal/apis/config/shared/v1alpha1/defaults.go b/internal/apis/config/shared/v1alpha1/defaults.go index 7266f42343e..e2939904bd1 100644 --- a/internal/apis/config/shared/v1alpha1/defaults.go +++ b/internal/apis/config/shared/v1alpha1/defaults.go @@ -33,8 +33,8 @@ var ( ) func SetDefaults_DynamicServingConfig(obj *v1alpha1.DynamicServingConfig) { - if obj.LeafDuration == time.Duration(0) { - obj.LeafDuration = defaultLeafDuration + if obj.LeafDuration.IsZero() { + obj.LeafDuration = v1alpha1.DurationFromTime(defaultLeafDuration) } } @@ -47,15 +47,15 @@ func SetDefaults_LeaderElectionConfig(obj *v1alpha1.LeaderElectionConfig) { obj.Namespace = defaultLeaderElectionNamespace } - if obj.LeaseDuration == time.Duration(0) { - obj.LeaseDuration = defaultLeaderElectionLeaseDuration + if obj.LeaseDuration.IsZero() { + obj.LeaseDuration = v1alpha1.DurationFromTime(defaultLeaderElectionLeaseDuration) } - if obj.RenewDeadline == time.Duration(0) { - obj.RenewDeadline = defaultLeaderElectionRenewDeadline + if obj.RenewDeadline.IsZero() { + obj.RenewDeadline = v1alpha1.DurationFromTime(defaultLeaderElectionRenewDeadline) } - if obj.RetryPeriod == time.Duration(0) { - obj.RetryPeriod = defaultLeaderElectionRetryPeriod + if obj.RetryPeriod.IsZero() { + obj.RetryPeriod = v1alpha1.DurationFromTime(defaultLeaderElectionRetryPeriod) } } diff --git a/internal/apis/config/shared/v1alpha1/zz_generated.conversion.go b/internal/apis/config/shared/v1alpha1/zz_generated.conversion.go index 6b4326ee5da..e180b2f7b9f 100644 --- a/internal/apis/config/shared/v1alpha1/zz_generated.conversion.go +++ b/internal/apis/config/shared/v1alpha1/zz_generated.conversion.go @@ -69,6 +69,11 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddConversionFunc((**v1alpha1.Duration)(nil), (*time.Duration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_Pointer_v1alpha1_Duration_To_time_Duration(a.(**v1alpha1.Duration), b.(*time.Duration), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*float32)(nil), (**float32)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_float32_To_Pointer_float32(a.(*float32), b.(**float32), scope) }); err != nil { @@ -89,6 +94,11 @@ func RegisterConversions(s *runtime.Scheme) error { }); err != nil { return err } + if err := s.AddConversionFunc((*time.Duration)(nil), (**v1alpha1.Duration)(nil), func(a, b interface{}, scope conversion.Scope) error { + return Convert_time_Duration_To_Pointer_v1alpha1_Duration(a.(*time.Duration), b.(**v1alpha1.Duration), scope) + }); err != nil { + return err + } if err := s.AddConversionFunc((*v1alpha1.LeaderElectionConfig)(nil), (*shared.LeaderElectionConfig)(nil), func(a, b interface{}, scope conversion.Scope) error { return Convert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(a.(*v1alpha1.LeaderElectionConfig), b.(*shared.LeaderElectionConfig), scope) }); err != nil { @@ -106,7 +116,9 @@ func autoConvert_v1alpha1_DynamicServingConfig_To_shared_DynamicServingConfig(in out.SecretNamespace = in.SecretNamespace out.SecretName = in.SecretName out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) - out.LeafDuration = time.Duration(in.LeafDuration) + if err := Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.LeafDuration, &out.LeafDuration, s); err != nil { + return err + } return nil } @@ -119,7 +131,9 @@ func autoConvert_shared_DynamicServingConfig_To_v1alpha1_DynamicServingConfig(in out.SecretNamespace = in.SecretNamespace out.SecretName = in.SecretName out.DNSNames = *(*[]string)(unsafe.Pointer(&in.DNSNames)) - out.LeafDuration = time.Duration(in.LeafDuration) + if err := Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.LeafDuration, &out.LeafDuration, s); err != nil { + return err + } return nil } @@ -155,9 +169,15 @@ func autoConvert_v1alpha1_LeaderElectionConfig_To_shared_LeaderElectionConfig(in return err } out.Namespace = in.Namespace - out.LeaseDuration = time.Duration(in.LeaseDuration) - out.RenewDeadline = time.Duration(in.RenewDeadline) - out.RetryPeriod = time.Duration(in.RetryPeriod) + if err := Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.LeaseDuration, &out.LeaseDuration, s); err != nil { + return err + } + if err := Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.RenewDeadline, &out.RenewDeadline, s); err != nil { + return err + } + if err := Convert_Pointer_v1alpha1_Duration_To_time_Duration(&in.RetryPeriod, &out.RetryPeriod, s); err != nil { + return err + } return nil } @@ -166,9 +186,15 @@ func autoConvert_shared_LeaderElectionConfig_To_v1alpha1_LeaderElectionConfig(in return err } out.Namespace = in.Namespace - out.LeaseDuration = time.Duration(in.LeaseDuration) - out.RenewDeadline = time.Duration(in.RenewDeadline) - out.RetryPeriod = time.Duration(in.RetryPeriod) + if err := Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.LeaseDuration, &out.LeaseDuration, s); err != nil { + return err + } + if err := Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.RenewDeadline, &out.RenewDeadline, s); err != nil { + return err + } + if err := Convert_time_Duration_To_Pointer_v1alpha1_Duration(&in.RetryPeriod, &out.RetryPeriod, s); err != nil { + return err + } return nil } diff --git a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json index f4df5a74217..3328d326442 100644 --- a/internal/apis/config/webhook/v1alpha1/testdata/defaults.json +++ b/internal/apis/config/webhook/v1alpha1/testdata/defaults.json @@ -4,7 +4,7 @@ "tlsConfig": { "filesystem": {}, "dynamic": { - "leafDuration": 604800000000000 + "leafDuration": "168h0m0s" } }, "enablePprof": false, diff --git a/pkg/apis/config/controller/v1alpha1/types.go b/pkg/apis/config/controller/v1alpha1/types.go index 8848f4f83b3..4b370a444ff 100644 --- a/pkg/apis/config/controller/v1alpha1/types.go +++ b/pkg/apis/config/controller/v1alpha1/types.go @@ -17,8 +17,6 @@ limitations under the License. package v1alpha1 import ( - "time" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" logsapi "k8s.io/component-base/logs/api/v1" @@ -144,7 +142,7 @@ type LeaderElectionConfig struct { // Leader election healthz checks within this timeout period after the lease // expires will still return healthy. - HealthzTimeout time.Duration `json:"healthzTimeout,omitempty"` + HealthzTimeout *sharedv1alpha1.Duration `json:"healthzTimeout,omitempty"` } type IngressShimConfig struct { @@ -221,5 +219,5 @@ type ACMEDNS01Config struct { // For HTTP01 challenges the propagation check verifies that the challenge // token is served at the challenge URL. This should be a valid duration // string, for example 180s or 1h - CheckRetryPeriod time.Duration `json:"checkRetryPeriod,omitempty"` + CheckRetryPeriod *sharedv1alpha1.Duration `json:"checkRetryPeriod,omitempty"` } diff --git a/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go index 4d71c038e54..4f33ec23375 100644 --- a/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/config/controller/v1alpha1/zz_generated.deepcopy.go @@ -22,6 +22,7 @@ limitations under the License. package v1alpha1 import ( + sharedv1alpha1 "github.com/cert-manager/cert-manager/pkg/apis/config/shared/v1alpha1" runtime "k8s.io/apimachinery/pkg/runtime" ) @@ -38,6 +39,11 @@ func (in *ACMEDNS01Config) DeepCopyInto(out *ACMEDNS01Config) { *out = new(bool) **out = **in } + if in.CheckRetryPeriod != nil { + in, out := &in.CheckRetryPeriod, &out.CheckRetryPeriod + *out = new(sharedv1alpha1.Duration) + **out = **in + } return } @@ -195,6 +201,11 @@ func (in *IngressShimConfig) DeepCopy() *IngressShimConfig { func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { *out = *in in.LeaderElectionConfig.DeepCopyInto(&out.LeaderElectionConfig) + if in.HealthzTimeout != nil { + in, out := &in.HealthzTimeout, &out.HealthzTimeout + *out = new(sharedv1alpha1.Duration) + **out = **in + } return } diff --git a/pkg/apis/config/shared/v1alpha1/types_duration.go b/pkg/apis/config/shared/v1alpha1/types_duration.go new file mode 100644 index 00000000000..dc9dd3bc302 --- /dev/null +++ b/pkg/apis/config/shared/v1alpha1/types_duration.go @@ -0,0 +1,64 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "encoding/json" + "fmt" + "time" + + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// Duration is present for backwards compatibility for fields that +// previously used time.Duration. +// +k8s:conversion-gen=false +type Duration struct { + // Duration holds the duration + Duration metav1.Duration +} + +func DurationFromMetav1(d metav1.Duration) *Duration { + return &Duration{Duration: d} +} + +func DurationFromTime(d time.Duration) *Duration { + return DurationFromMetav1(metav1.Duration{Duration: d}) +} + +func (t *Duration) MarshalJSON() ([]byte, error) { + return t.Duration.MarshalJSON() +} + +func (t *Duration) UnmarshalJSON(b []byte) error { + if len(b) > 0 && b[0] == '"' { + // string values unmarshal as metav1.Duration + return json.Unmarshal(b, &t.Duration) + } + if err := json.Unmarshal(b, &t.Duration.Duration); err != nil { + return fmt.Errorf("invalid duration %q: %w", string(b), err) + } + return nil +} + +func (t *Duration) IsZero() bool { + if t == nil { + return true + } + + return t.Duration.Duration == 0 +} diff --git a/pkg/apis/config/shared/v1alpha1/types_leaderelection.go b/pkg/apis/config/shared/v1alpha1/types_leaderelection.go index b99fd5eec6f..d5f06f224b9 100644 --- a/pkg/apis/config/shared/v1alpha1/types_leaderelection.go +++ b/pkg/apis/config/shared/v1alpha1/types_leaderelection.go @@ -16,8 +16,6 @@ limitations under the License. package v1alpha1 -import "time" - type LeaderElectionConfig struct { // If true, cert-manager will perform leader election between instances to // ensure no more than one instance of cert-manager operates at a time @@ -31,14 +29,14 @@ type LeaderElectionConfig struct { // slot. This is effectively the maximum duration that a leader can be stopped // before it is replaced by another candidate. This is only applicable if leader // election is enabled. - LeaseDuration time.Duration `json:"leaseDuration,omitempty"` + LeaseDuration *Duration `json:"leaseDuration,omitempty"` // The interval between attempts by the acting master to renew a leadership slot // before it stops leading. This must be less than or equal to the lease duration. // This is only applicable if leader election is enabled. - RenewDeadline time.Duration `json:"renewDeadline,omitempty"` + RenewDeadline *Duration `json:"renewDeadline,omitempty"` // The duration the clients should wait between attempting acquisition and renewal // of a leadership. This is only applicable if leader election is enabled. - RetryPeriod time.Duration `json:"retryPeriod,omitempty"` + RetryPeriod *Duration `json:"retryPeriod,omitempty"` } diff --git a/pkg/apis/config/shared/v1alpha1/types_tlsconfig.go b/pkg/apis/config/shared/v1alpha1/types_tlsconfig.go index 3cd36714b00..1ff7a35d8de 100644 --- a/pkg/apis/config/shared/v1alpha1/types_tlsconfig.go +++ b/pkg/apis/config/shared/v1alpha1/types_tlsconfig.go @@ -16,8 +16,6 @@ limitations under the License. package v1alpha1 -import "time" - // TLSConfig configures how TLS certificates are sourced for serving. // Only one of 'filesystem' or 'dynamic' may be specified. type TLSConfig struct { @@ -57,7 +55,7 @@ type DynamicServingConfig struct { DNSNames []string `json:"dnsNames,omitempty"` // LeafDuration is a customizable duration on serving certificates signed by the CA. - LeafDuration time.Duration `json:"leafDuration,omitempty"` + LeafDuration *Duration `json:"leafDuration,omitempty"` } // FilesystemServingConfig enables using a certificate and private key found on the local filesystem. diff --git a/pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go index 14d857977ee..cec22bf41a4 100644 --- a/pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/config/shared/v1alpha1/zz_generated.deepcopy.go @@ -21,6 +21,23 @@ limitations under the License. package v1alpha1 +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Duration) DeepCopyInto(out *Duration) { + *out = *in + out.Duration = in.Duration + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Duration. +func (in *Duration) DeepCopy() *Duration { + if in == nil { + return nil + } + out := new(Duration) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) { *out = *in @@ -29,6 +46,11 @@ func (in *DynamicServingConfig) DeepCopyInto(out *DynamicServingConfig) { *out = make([]string, len(*in)) copy(*out, *in) } + if in.LeafDuration != nil { + in, out := &in.LeafDuration, &out.LeafDuration + *out = new(Duration) + **out = **in + } return } @@ -66,6 +88,21 @@ func (in *LeaderElectionConfig) DeepCopyInto(out *LeaderElectionConfig) { *out = new(bool) **out = **in } + if in.LeaseDuration != nil { + in, out := &in.LeaseDuration, &out.LeaseDuration + *out = new(Duration) + **out = **in + } + if in.RenewDeadline != nil { + in, out := &in.RenewDeadline, &out.RenewDeadline + *out = new(Duration) + **out = **in + } + if in.RetryPeriod != nil { + in, out := &in.RetryPeriod, &out.RetryPeriod + *out = new(Duration) + **out = **in + } return } From b4dc1621566be2ca6533331b71bf57d52d0912d5 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 14 May 2024 08:29:38 +0200 Subject: [PATCH 133/177] Complete validation logic for config API and obtain 100% coverage for its tests. Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- cmd/cainjector/app/cainjector.go | 11 +- cmd/controller/app/options/options_test.go | 50 +-- cmd/controller/app/start.go | 11 +- cmd/webhook/app/webhook.go | 11 +- .../certmanager/validation/issuer_test.go | 11 +- .../cainjector/validation/validation.go | 13 +- .../cainjector/validation/validation_test.go | 59 +++- .../controller/validation/validation.go | 71 ++--- .../controller/validation/validation_test.go | 287 ++++++++++-------- .../config/shared/validation/validation.go | 74 +++++ .../shared/validation/validation_test.go | 196 ++++++++++++ .../config/webhook/validation/validation.go | 43 +-- .../webhook/validation/validation_test.go | 146 ++++----- pkg/logs/logs.go | 5 - 14 files changed, 624 insertions(+), 364 deletions(-) create mode 100644 internal/apis/config/shared/validation/validation.go create mode 100644 internal/apis/config/shared/validation/validation_test.go diff --git a/cmd/cainjector/app/cainjector.go b/cmd/cainjector/app/cainjector.go index 41dc2252918..57ee9c5f149 100644 --- a/cmd/cainjector/app/cainjector.go +++ b/cmd/cainjector/app/cainjector.go @@ -23,7 +23,6 @@ import ( "path/filepath" "github.com/spf13/cobra" - "k8s.io/apimachinery/pkg/util/validation/field" "github.com/cert-manager/cert-manager/cainjector-binary/app/options" config "github.com/cert-manager/cert-manager/internal/apis/config/cainjector" @@ -90,11 +89,15 @@ servers and webhook servers.`, return err } - if err := validation.ValidateCAInjectorConfiguration(cainjectorConfig); err != nil { - return fmt.Errorf("error validating flags: %w", err) + if err := validation.ValidateCAInjectorConfiguration(cainjectorConfig, nil); len(err) > 0 { + return fmt.Errorf("error validating flags: %w", err.ToAggregate()) } - if err := logf.ValidateAndApplyAsField(&cainjectorConfig.Logging, field.NewPath("logging")); err != nil { + // ValidateCAInjectorConfiguration should already have validated the + // logging flags, the logging API does not have a Apply-only function + // so we validate again here. This should not catch any validation errors + // anymore. + if err := logf.ValidateAndApply(&cainjectorConfig.Logging); err != nil { return fmt.Errorf("failed to validate cainjector logging flags: %w", err) } diff --git a/cmd/controller/app/options/options_test.go b/cmd/controller/app/options/options_test.go index acefc2e247d..8c86f308c87 100644 --- a/cmd/controller/app/options/options_test.go +++ b/cmd/controller/app/options/options_test.go @@ -17,14 +17,12 @@ limitations under the License. package options import ( - "strings" "testing" "k8s.io/apimachinery/pkg/util/sets" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" defaults "github.com/cert-manager/cert-manager/internal/apis/config/controller/v1alpha1" - "github.com/cert-manager/cert-manager/internal/apis/config/controller/validation" ) func TestEnabledControllers(t *testing.T) { @@ -38,19 +36,19 @@ func TestEnabledControllers(t *testing.T) { }, "if some controllers enabled, return list": { controllers: []string{"foo", "bar"}, - expEnabled: sets.New[string]("foo", "bar"), + expEnabled: sets.New("foo", "bar"), }, "if some controllers enabled, one then disabled, return list without disabled": { controllers: []string{"foo", "bar", "-foo"}, - expEnabled: sets.New[string]("bar"), + expEnabled: sets.New("bar"), }, "if all default controllers enabled, return all default controllers": { controllers: []string{"*"}, - expEnabled: sets.New[string](defaults.DefaultEnabledControllers...), + expEnabled: sets.New(defaults.DefaultEnabledControllers...), }, "if all controllers enabled, some diabled, return all controllers with disabled": { controllers: []string{"*", "-clusterissuers", "-issuers"}, - expEnabled: sets.New[string](defaults.DefaultEnabledControllers...).Delete("clusterissuers", "issuers"), + expEnabled: sets.New(defaults.DefaultEnabledControllers...).Delete("clusterissuers", "issuers"), }, } @@ -68,43 +66,3 @@ func TestEnabledControllers(t *testing.T) { }) } } - -func TestValidate(t *testing.T) { - tests := map[string]struct { - DNS01RecursiveServers []string - expError string - }{ - "if valid dns servers with ip address and port, return no errors": { - DNS01RecursiveServers: []string{"192.168.0.1:53", "10.0.0.1:5353"}, - expError: "", - }, - "if valid DNS servers with DoH server addresses including https prefix, return no errors": { - DNS01RecursiveServers: []string{"https://dns.example.com", "https://doh.server"}, - expError: "", - }, - "if invalid DNS server format due to missing https prefix, return 'invalid DNS server' error": { - DNS01RecursiveServers: []string{"dns.example.com"}, - expError: "invalid DNS server", - }, - "if invalid DNS server format due to invalid IP address length and no port, return 'invalid DNS server' error": { - DNS01RecursiveServers: []string{"192.168.0.1.53"}, - expError: "invalid DNS server", - }, - } - - for name, test := range tests { - t.Run(name, func(t *testing.T) { - o, _ := NewControllerConfiguration() - o.ACMEDNS01Config.RecursiveNameservers = test.DNS01RecursiveServers - - err := validation.ValidateControllerConfiguration(o) - if test.expError != "" { - if err == nil || !strings.Contains(err.Error(), test.expError) { - t.Errorf("expected error containing '%s', but got: %v", test.expError, err) - } - } else if err != nil { - t.Errorf("unexpected error: %v", err) - } - }) - } -} diff --git a/cmd/controller/app/start.go b/cmd/controller/app/start.go index e3b4a934371..341096a0be5 100644 --- a/cmd/controller/app/start.go +++ b/cmd/controller/app/start.go @@ -23,7 +23,6 @@ import ( "path/filepath" "github.com/spf13/cobra" - "k8s.io/apimachinery/pkg/util/validation/field" "github.com/cert-manager/cert-manager/controller-binary/app/options" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" @@ -100,11 +99,15 @@ to renew certificates at an appropriate time before expiry.`, return err } - if err := validation.ValidateControllerConfiguration(controllerConfig); err != nil { - return fmt.Errorf("error validating flags: %w", err) + if err := validation.ValidateControllerConfiguration(controllerConfig, nil); len(err) > 0 { + return fmt.Errorf("error validating flags: %w", err.ToAggregate()) } - if err := logf.ValidateAndApplyAsField(&controllerConfig.Logging, field.NewPath("logging")); err != nil { + // ValidateControllerConfiguration should already have validated the + // logging flags, the logging API does not have a Apply-only function + // so we validate again here. This should not catch any validation errors + // anymore. + if err := logf.ValidateAndApply(&controllerConfig.Logging); err != nil { return fmt.Errorf("failed to validate controller logging flags: %w", err) } diff --git a/cmd/webhook/app/webhook.go b/cmd/webhook/app/webhook.go index 0009c59e7dc..2114dea19db 100644 --- a/cmd/webhook/app/webhook.go +++ b/cmd/webhook/app/webhook.go @@ -23,7 +23,6 @@ import ( "path/filepath" "github.com/spf13/cobra" - "k8s.io/apimachinery/pkg/util/validation/field" config "github.com/cert-manager/cert-manager/internal/apis/config/webhook" "github.com/cert-manager/cert-manager/internal/apis/config/webhook/validation" @@ -97,11 +96,15 @@ functionality for cert-manager.`, return err } - if err := validation.ValidateWebhookConfiguration(webhookConfig); err != nil { - return fmt.Errorf("error validating flags: %w", err) + if err := validation.ValidateWebhookConfiguration(webhookConfig, nil); len(err) > 0 { + return fmt.Errorf("error validating flags: %w", err.ToAggregate()) } - if err := logf.ValidateAndApplyAsField(&webhookConfig.Logging, field.NewPath("logging")); err != nil { + // ValidateWebhookConfiguration should already have validated the + // logging flags, the logging API does not have a Apply-only function + // so we validate again here. This should not catch any validation errors + // anymore. + if err := logf.ValidateAndApply(&webhookConfig.Logging); err != nil { return fmt.Errorf("failed to validate webhook logging flags: %w", err) } diff --git a/internal/apis/certmanager/validation/issuer_test.go b/internal/apis/certmanager/validation/issuer_test.go index 6865d82fd50..c13e87c5777 100644 --- a/internal/apis/certmanager/validation/issuer_test.go +++ b/internal/apis/certmanager/validation/issuer_test.go @@ -349,7 +349,7 @@ func TestValidateVaultIssuerAuth(t *testing.T) { } func TestValidateACMEIssuerConfig(t *testing.T) { - fldPath := field.NewPath("") + fldPath := (*field.Path)(nil) caBundle := unitcrypto.MustCreateCryptoBundle(t, &pubcmapi.Certificate{Spec: pubcmapi.CertificateSpec{CommonName: "test"}}, @@ -694,7 +694,8 @@ func TestValidateACMEIssuerConfig(t *testing.T) { } func TestValidateIssuerSpec(t *testing.T) { - fldPath := field.NewPath("") + fldPath := (*field.Path)(nil) + scenarios := map[string]struct { spec *cmapi.IssuerSpec errs field.ErrorList @@ -822,7 +823,8 @@ func TestValidateIssuerSpec(t *testing.T) { } func TestValidateACMEIssuerHTTP01Config(t *testing.T) { - fldPath := field.NewPath("") + fldPath := (*field.Path)(nil) + scenarios := map[string]struct { isExpectedFailure bool cfg *cmacme.ACMEChallengeSolverHTTP01 @@ -1519,7 +1521,8 @@ func TestValidateSecretKeySelector(t *testing.T) { validKey := "key" // invalidName := cmmeta.LocalObjectReference{"-name-"} // invalidKey := "-key-" - fldPath := field.NewPath("") + fldPath := (*field.Path)(nil) + scenarios := map[string]struct { isExpectedFailure bool selector *cmmeta.SecretKeySelector diff --git a/internal/apis/config/cainjector/validation/validation.go b/internal/apis/config/cainjector/validation/validation.go index 9f18c14ffdd..619fd8dd70b 100644 --- a/internal/apis/config/cainjector/validation/validation.go +++ b/internal/apis/config/cainjector/validation/validation.go @@ -17,9 +17,18 @@ limitations under the License. package validation import ( + "k8s.io/apimachinery/pkg/util/validation/field" + logsapi "k8s.io/component-base/logs/api/v1" + config "github.com/cert-manager/cert-manager/internal/apis/config/cainjector" + sharedvalidation "github.com/cert-manager/cert-manager/internal/apis/config/shared/validation" ) -func ValidateCAInjectorConfiguration(cfg *config.CAInjectorConfiguration) error { - return nil +func ValidateCAInjectorConfiguration(cfg *config.CAInjectorConfiguration, fldPath *field.Path) field.ErrorList { + var allErrors field.ErrorList + + allErrors = append(allErrors, logsapi.Validate(&cfg.Logging, nil, fldPath.Child("logging"))...) + allErrors = append(allErrors, sharedvalidation.ValidateLeaderElectionConfig(&cfg.LeaderElectionConfig, fldPath.Child("leaderElectionConfig"))...) + + return allErrors } diff --git a/internal/apis/config/cainjector/validation/validation_test.go b/internal/apis/config/cainjector/validation/validation_test.go index 9f91a092f84..b1a49bda00c 100644 --- a/internal/apis/config/cainjector/validation/validation_test.go +++ b/internal/apis/config/cainjector/validation/validation_test.go @@ -19,22 +19,69 @@ package validation import ( "testing" + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/util/validation/field" + logsapi "k8s.io/component-base/logs/api/v1" + config "github.com/cert-manager/cert-manager/internal/apis/config/cainjector" + "github.com/cert-manager/cert-manager/internal/apis/config/shared" ) func TestValidateCAInjectorConfiguration(t *testing.T) { tests := []struct { - name string - config *config.CAInjectorConfiguration - wantErr bool + name string + config *config.CAInjectorConfiguration + errs func(*config.CAInjectorConfiguration) field.ErrorList }{ - // TODO: Add test cases once validation function padded out. + { + "with valid config", + &config.CAInjectorConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, + }, + nil, + }, + { + "with invalid logging config", + &config.CAInjectorConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "unknown", + }, + }, + func(wc *config.CAInjectorConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("logging.format"), wc.Logging.Format, "Unsupported log format"), + } + }, + }, + { + "with invalid leader election config", + &config.CAInjectorConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, + LeaderElectionConfig: shared.LeaderElectionConfig{ + Enabled: true, + }, + }, + func(cc *config.CAInjectorConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("leaderElectionConfig.leaseDuration"), cc.LeaderElectionConfig.LeaseDuration, "must be greater than 0"), + field.Invalid(field.NewPath("leaderElectionConfig.renewDeadline"), cc.LeaderElectionConfig.RenewDeadline, "must be greater than 0"), + field.Invalid(field.NewPath("leaderElectionConfig.retryPeriod"), cc.LeaderElectionConfig.RetryPeriod, "must be greater than 0"), + } + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := ValidateCAInjectorConfiguration(tt.config); (err != nil) != tt.wantErr { - t.Errorf("ValidateCAInjectorConfiguration() error = %v, wantErr %v", err, tt.wantErr) + errList := ValidateCAInjectorConfiguration(tt.config, nil) + var expErrs field.ErrorList + if tt.errs != nil { + expErrs = tt.errs(tt.config) } + assert.ElementsMatch(t, expErrs, errList) }) } } diff --git a/internal/apis/config/controller/validation/validation.go b/internal/apis/config/controller/validation/validation.go index 3dde40f188f..972fde7347d 100644 --- a/internal/apis/config/controller/validation/validation.go +++ b/internal/apis/config/controller/validation/validation.go @@ -17,102 +17,81 @@ limitations under the License. package validation import ( - "errors" - "fmt" "net" "net/url" "strings" - utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/apimachinery/pkg/util/validation/field" + logsapi "k8s.io/component-base/logs/api/v1" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" defaults "github.com/cert-manager/cert-manager/internal/apis/config/controller/v1alpha1" + sharedvalidation "github.com/cert-manager/cert-manager/internal/apis/config/shared/validation" ) -func ValidateControllerConfiguration(cfg *config.ControllerConfiguration) error { - var allErrors []error +func ValidateControllerConfiguration(cfg *config.ControllerConfiguration, fldPath *field.Path) field.ErrorList { + var allErrors field.ErrorList - if cfg.MetricsTLSConfig.FilesystemConfigProvided() && cfg.MetricsTLSConfig.DynamicConfigProvided() { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: cannot specify both filesystem based and dynamic TLS configuration")) - } else { - if cfg.MetricsTLSConfig.FilesystemConfigProvided() { - if cfg.MetricsTLSConfig.Filesystem.KeyFile == "" { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: metricsTLSConfig.filesystem.keyFile (--metrics-tls-private-key-file) must be specified when using filesystem based TLS config")) - } - if cfg.MetricsTLSConfig.Filesystem.CertFile == "" { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: metricsTLSConfig.filesystem.certFile (--metrics-tls-cert-file) must be specified when using filesystem based TLS config")) - } - } else if cfg.MetricsTLSConfig.DynamicConfigProvided() { - if cfg.MetricsTLSConfig.Dynamic.SecretNamespace == "" { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: metricsTLSConfig.dynamic.secretNamespace (--metrics-dynamic-serving-ca-secret-namespace) must be specified when using dynamic TLS config")) - } - if cfg.MetricsTLSConfig.Dynamic.SecretName == "" { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: metricsTLSConfig.dynamic.secretName (--metrics-dynamic-serving-ca-secret-name) must be specified when using dynamic TLS config")) - } - if len(cfg.MetricsTLSConfig.Dynamic.DNSNames) == 0 { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: metricsTLSConfig.dynamic.dnsNames (--metrics-dynamic-serving-dns-names) must be specified when using dynamic TLS config")) - } - } + allErrors = append(allErrors, logsapi.Validate(&cfg.Logging, nil, fldPath.Child("logging"))...) + allErrors = append(allErrors, sharedvalidation.ValidateTLSConfig(&cfg.MetricsTLSConfig, fldPath.Child("metricsTLSConfig"))...) + + if cfg.LeaderElectionConfig.Enabled && cfg.LeaderElectionConfig.HealthzTimeout <= 0 { + allErrors = append(allErrors, field.Invalid(fldPath.Child("leaderElectionConfig").Child("healthzTimeout"), cfg.LeaderElectionConfig.HealthzTimeout, "must be higher than 0")) } + allErrors = append(allErrors, sharedvalidation.ValidateLeaderElectionConfig(&cfg.LeaderElectionConfig.LeaderElectionConfig, fldPath.Child("leaderElectionConfig"))...) if len(cfg.IngressShimConfig.DefaultIssuerKind) == 0 { - allErrors = append(allErrors, errors.New("the --default-issuer-kind flag must not be empty")) + allErrors = append(allErrors, field.Required(fldPath.Child("ingressShimConfig").Child("defaultIssuerKind"), "must not be empty")) } if cfg.KubernetesAPIBurst <= 0 { - allErrors = append(allErrors, fmt.Errorf("invalid value for kube-api-burst: %v must be higher than 0", cfg.KubernetesAPIBurst)) + allErrors = append(allErrors, field.Invalid(fldPath.Child("kubernetesAPIBurst"), cfg.KubernetesAPIBurst, "must be higher than 0")) } if cfg.KubernetesAPIQPS <= 0 { - allErrors = append(allErrors, fmt.Errorf("invalid value for kube-api-qps: %v must be higher than 0", cfg.KubernetesAPIQPS)) + allErrors = append(allErrors, field.Invalid(fldPath.Child("kubernetesAPIQPS"), cfg.KubernetesAPIQPS, "must be higher than 0")) } if float32(cfg.KubernetesAPIBurst) < cfg.KubernetesAPIQPS { - allErrors = append(allErrors, fmt.Errorf("invalid value for kube-api-burst: %v must be higher or equal to kube-api-qps: %v", cfg.KubernetesAPIQPS, cfg.KubernetesAPIQPS)) + allErrors = append(allErrors, field.Invalid(fldPath.Child("kubernetesAPIBurst"), cfg.KubernetesAPIBurst, "must be higher or equal to kubernetesAPIQPS")) } - for _, server := range cfg.ACMEHTTP01Config.SolverNameservers { + for i, server := range cfg.ACMEHTTP01Config.SolverNameservers { // ensure all servers have a port number _, _, err := net.SplitHostPort(server) if err != nil { - allErrors = append(allErrors, fmt.Errorf("invalid DNS server (%v): %v", err, server)) + allErrors = append(allErrors, field.Invalid(fldPath.Child("acmeHTTP01Config").Child("solverNameservers").Index(i), server, "must be in the format :")) } } - for _, server := range cfg.ACMEDNS01Config.RecursiveNameservers { + for i, server := range cfg.ACMEDNS01Config.RecursiveNameservers { // ensure all servers follow one of the following formats: // - : // - https:// if strings.HasPrefix(server, "https://") { - _, err := url.ParseRequestURI(server) - if err != nil { - allErrors = append(allErrors, fmt.Errorf("invalid DNS server (%v): %v", err, server)) + if u, err := url.ParseRequestURI(server); err != nil || u.Scheme != "https" || u.Host == "" { + allErrors = append(allErrors, field.Invalid(fldPath.Child("acmeDNS01Config").Child("recursiveNameservers").Index(i), server, "must be in the format https://")) } } else { - _, _, err := net.SplitHostPort(server) - if err != nil { - allErrors = append(allErrors, fmt.Errorf("invalid DNS server (%v): %v", err, server)) + if _, _, err := net.SplitHostPort(server); err != nil { + allErrors = append(allErrors, field.Invalid(fldPath.Child("acmeDNS01Config").Child("recursiveNameservers").Index(i), server, "must be in the format :")) } } } - controllerErrors := []error{} allControllersSet := sets.NewString(defaults.AllControllers...) - for _, controller := range cfg.Controllers { + for i, controller := range cfg.Controllers { if controller == "*" { continue } controller = strings.TrimPrefix(controller, "-") if !allControllersSet.Has(controller) { - controllerErrors = append(controllerErrors, fmt.Errorf("%q is not in the list of known controllers", controller)) + allErrors = append(allErrors, field.Invalid(fldPath.Child("controllers").Index(i), controller, "is not in the list of known controllers")) } } - if len(controllerErrors) > 0 { - allErrors = append(allErrors, fmt.Errorf("validation failed for '--controllers': %v", controllerErrors)) - } - return utilerrors.NewAggregate(allErrors) + return allErrors } diff --git a/internal/apis/config/controller/validation/validation_test.go b/internal/apis/config/controller/validation/validation_test.go index 8c15179e7cb..ab18d9679cf 100644 --- a/internal/apis/config/controller/validation/validation_test.go +++ b/internal/apis/config/controller/validation/validation_test.go @@ -18,6 +18,11 @@ package validation import ( "testing" + "time" + + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/util/validation/field" + logsapi "k8s.io/component-base/logs/api/v1" config "github.com/cert-manager/cert-manager/internal/apis/config/controller" "github.com/cert-manager/cert-manager/internal/apis/config/shared" @@ -25,201 +30,200 @@ import ( func TestValidateControllerConfiguration(t *testing.T) { tests := []struct { - name string - config *config.ControllerConfiguration - wantErr bool + name string + config *config.ControllerConfiguration + errs func(*config.ControllerConfiguration) field.ErrorList }{ { "with valid config", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, }, - false, + nil, }, { - "with both filesystem and dynamic tls configured", + "with invalid logging config", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "unknown", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: shared.TLSConfig{ - Filesystem: shared.FilesystemServingConfig{ - CertFile: "/test.crt", - KeyFile: "/test.key", - }, - Dynamic: shared.DynamicServingConfig{ - SecretNamespace: "cert-manager", - SecretName: "test", - DNSNames: []string{"example.com"}, - }, - }, }, - true, + func(wc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("logging.format"), wc.Logging.Format, "Unsupported log format"), + } + }, }, { - "with valid filesystem tls config", + "with invalid leader election healthz timeout", &config.ControllerConfiguration{ - IngressShimConfig: config.IngressShimConfig{ - DefaultIssuerKind: "Issuer", + Logging: logsapi.LoggingConfiguration{ + Format: "text", }, - KubernetesAPIBurst: 1, - KubernetesAPIQPS: 1, - MetricsTLSConfig: shared.TLSConfig{ - Filesystem: shared.FilesystemServingConfig{ - CertFile: "/test.crt", - KeyFile: "/test.key", + LeaderElectionConfig: config.LeaderElectionConfig{ + LeaderElectionConfig: shared.LeaderElectionConfig{ + Enabled: true, + LeaseDuration: time.Second, + RenewDeadline: time.Second, + RetryPeriod: time.Second, }, + HealthzTimeout: 0, }, - }, - false, - }, - { - "with valid tls config missing keyfile", - &config.ControllerConfiguration{ IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: shared.TLSConfig{ - Filesystem: shared.FilesystemServingConfig{ - CertFile: "/test.crt", - }, - }, }, - true, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("leaderElectionConfig.healthzTimeout"), cc.LeaderElectionConfig.HealthzTimeout, "must be higher than 0"), + } + }, }, { - "with valid tls config missing certfile", + "with invalid leader election config", &config.ControllerConfiguration{ - IngressShimConfig: config.IngressShimConfig{ - DefaultIssuerKind: "Issuer", + Logging: logsapi.LoggingConfiguration{ + Format: "text", }, - KubernetesAPIBurst: 1, - KubernetesAPIQPS: 1, - MetricsTLSConfig: shared.TLSConfig{ - Filesystem: shared.FilesystemServingConfig{ - KeyFile: "/test.key", + LeaderElectionConfig: config.LeaderElectionConfig{ + LeaderElectionConfig: shared.LeaderElectionConfig{ + Enabled: true, }, }, - }, - true, - }, - { - "with valid dynamic tls config", - &config.ControllerConfiguration{ IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, - MetricsTLSConfig: shared.TLSConfig{ - Dynamic: shared.DynamicServingConfig{ - SecretNamespace: "cert-manager", - SecretName: "test", - DNSNames: []string{"example.com"}, - }, - }, }, - false, - }, - { - "with dynamic tls missing secret namespace", - &config.ControllerConfiguration{ - MetricsTLSConfig: shared.TLSConfig{ - Dynamic: shared.DynamicServingConfig{ - SecretName: "test", - DNSNames: []string{"example.com"}, - }, - }, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("leaderElectionConfig.healthzTimeout"), cc.LeaderElectionConfig.HealthzTimeout, "must be higher than 0"), + field.Invalid(field.NewPath("leaderElectionConfig.leaseDuration"), cc.LeaderElectionConfig.LeaseDuration, "must be greater than 0"), + field.Invalid(field.NewPath("leaderElectionConfig.renewDeadline"), cc.LeaderElectionConfig.RenewDeadline, "must be greater than 0"), + field.Invalid(field.NewPath("leaderElectionConfig.retryPeriod"), cc.LeaderElectionConfig.RetryPeriod, "must be greater than 0"), + } }, - true, }, { - "with dynamic tls missing secret name", + "with invalid metrics tls config", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, MetricsTLSConfig: shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ + CertFile: "/test.crt", + KeyFile: "/test.key", + }, Dynamic: shared.DynamicServingConfig{ SecretNamespace: "cert-manager", + SecretName: "test", DNSNames: []string{"example.com"}, }, }, }, - true, - }, - { - "with dynamic tls missing dns names", - &config.ControllerConfiguration{ - IngressShimConfig: config.IngressShimConfig{ - DefaultIssuerKind: "Issuer", - }, - KubernetesAPIBurst: 1, - KubernetesAPIQPS: 1, - MetricsTLSConfig: shared.TLSConfig{ - Dynamic: shared.DynamicServingConfig{ - SecretName: "test", - SecretNamespace: "cert-manager", - DNSNames: nil, - }, - }, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("metricsTLSConfig"), &cc.MetricsTLSConfig, "cannot specify both filesystem based and dynamic TLS configuration"), + } }, - true, }, { "with missing issuer kind", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, KubernetesAPIBurst: 1, KubernetesAPIQPS: 1, }, - true, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Required(field.NewPath("ingressShimConfig.defaultIssuerKind"), "must not be empty"), + } + }, }, { "with invalid kube-api-burst config", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, KubernetesAPIBurst: -1, // Must be positive KubernetesAPIQPS: 1, }, - true, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("kubernetesAPIBurst"), cc.KubernetesAPIBurst, "must be higher than 0"), + field.Invalid(field.NewPath("kubernetesAPIBurst"), cc.KubernetesAPIBurst, "must be higher or equal to kubernetesAPIQPS"), + } + }, }, { "with invalid kube-api-burst config", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, KubernetesAPIBurst: 1, // Must be greater than KubernetesAPIQPS KubernetesAPIQPS: 2, }, - true, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("kubernetesAPIBurst"), cc.KubernetesAPIBurst, "must be higher or equal to kubernetesAPIQPS"), + } + }, }, { "with invalid kube-api-qps config", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, KubernetesAPIBurst: 1, KubernetesAPIQPS: -1, // Must be positive }, - true, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("kubernetesAPIQPS"), cc.KubernetesAPIQPS, "must be higher than 0"), + } + }, }, { "with valid acme http solver nameservers", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, @@ -232,11 +236,14 @@ func TestValidateControllerConfiguration(t *testing.T) { }, }, }, - false, + nil, }, { "with invalid acme http solver nameserver missing port", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, @@ -249,11 +256,18 @@ func TestValidateControllerConfiguration(t *testing.T) { }, }, }, - true, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("acmeHTTP01Config.solverNameservers[1]"), cc.ACMEHTTP01Config.SolverNameservers[1], "must be in the format :"), + } + }, }, { "with valid acme dns recursive nameservers", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, @@ -266,11 +280,14 @@ func TestValidateControllerConfiguration(t *testing.T) { }, }, }, - false, + nil, }, { "with inalid acme dns recursive nameserver missing port", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, @@ -283,31 +300,42 @@ func TestValidateControllerConfiguration(t *testing.T) { }, }, }, - true, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("acmeDNS01Config.recursiveNameservers[0]"), cc.ACMEDNS01Config.RecursiveNameservers[0], "must be in the format :"), + } + }, + }, + { + "with inalid acme dns recursive nameserver invalid url", + &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, + IngressShimConfig: config.IngressShimConfig{ + DefaultIssuerKind: "Issuer", + }, + KubernetesAPIBurst: 1, + KubernetesAPIQPS: 1, + ACMEDNS01Config: config.ACMEDNS01Config{ + RecursiveNameservers: []string{ + "1.1.1.1:53", + "https://", + }, + }, + }, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("acmeDNS01Config.recursiveNameservers[1]"), cc.ACMEDNS01Config.RecursiveNameservers[1], "must be in the format https://"), + } + }, }, - // TODO: Turns out url.ParseRequestURI allows a lot of bad URLs through, - // including empty urls. We should replace that and uncomment this test. - // - // { - // "with inalid acme dns recursive nameserver invalid url", - // &config.ControllerConfiguration{ - // IngressShimConfig: config.IngressShimConfig{ - // DefaultIssuerKind: "Issuer", - // }, - // KubernetesAPIBurst: 1, - // KubernetesAPIQPS: 1, - // ACMEDNS01Config: config.ACMEDNS01Config{ - // RecursiveNameservers: []string{ - // "1.1.1.1:53", - // "https://", - // }, - // }, - // }, - // true, - // }, { "with valid controllers named", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, @@ -315,11 +343,14 @@ func TestValidateControllerConfiguration(t *testing.T) { KubernetesAPIQPS: 1, Controllers: []string{"issuers", "clusterissuers"}, }, - false, + nil, }, { "with wildcard controllers named", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, @@ -327,11 +358,14 @@ func TestValidateControllerConfiguration(t *testing.T) { KubernetesAPIQPS: 1, Controllers: []string{"*"}, }, - false, + nil, }, { "with invalid controllers named", &config.ControllerConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, IngressShimConfig: config.IngressShimConfig{ DefaultIssuerKind: "Issuer", }, @@ -339,14 +373,21 @@ func TestValidateControllerConfiguration(t *testing.T) { KubernetesAPIQPS: 1, Controllers: []string{"foo"}, }, - true, + func(cc *config.ControllerConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("controllers").Index(0), "foo", "is not in the list of known controllers"), + } + }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := ValidateControllerConfiguration(tt.config); (err != nil) != tt.wantErr { - t.Errorf("ValidateControllerConfiguration() error = %v, wantErr %v", err, tt.wantErr) + errList := ValidateControllerConfiguration(tt.config, nil) + var expErrs field.ErrorList + if tt.errs != nil { + expErrs = tt.errs(tt.config) } + assert.ElementsMatch(t, expErrs, errList) }) } } diff --git a/internal/apis/config/shared/validation/validation.go b/internal/apis/config/shared/validation/validation.go new file mode 100644 index 00000000000..a38b716de50 --- /dev/null +++ b/internal/apis/config/shared/validation/validation.go @@ -0,0 +1,74 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package validation + +import ( + "k8s.io/apimachinery/pkg/util/validation/field" + + shared "github.com/cert-manager/cert-manager/internal/apis/config/shared" +) + +func ValidateTLSConfig(tlsConfig *shared.TLSConfig, fldPath *field.Path) field.ErrorList { + var allErrors field.ErrorList + + if tlsConfig.FilesystemConfigProvided() && tlsConfig.DynamicConfigProvided() { + allErrors = append(allErrors, field.Invalid(fldPath, tlsConfig, "cannot specify both filesystem based and dynamic TLS configuration")) + } else { + if tlsConfig.FilesystemConfigProvided() { + fileSystemPath := fldPath.Child("filesystem") + if tlsConfig.Filesystem.KeyFile == "" { + allErrors = append(allErrors, field.Required(fileSystemPath.Child("keyFile"), "must be specified when using filesystem based TLS config")) + } + if tlsConfig.Filesystem.CertFile == "" { + allErrors = append(allErrors, field.Required(fileSystemPath.Child("certFile"), "must be specified when using filesystem based TLS config")) + } + } else if tlsConfig.DynamicConfigProvided() { + dynamicPath := fldPath.Child("dynamic") + if tlsConfig.Dynamic.SecretNamespace == "" { + allErrors = append(allErrors, field.Required(dynamicPath.Child("secretNamespace"), "must be specified when using dynamic TLS config")) + } + if tlsConfig.Dynamic.SecretName == "" { + allErrors = append(allErrors, field.Required(dynamicPath.Child("secretName"), "must be specified when using dynamic TLS config")) + } + if len(tlsConfig.Dynamic.DNSNames) == 0 { + allErrors = append(allErrors, field.Required(dynamicPath.Child("dnsNames"), "must be specified when using dynamic TLS config")) + } + } + } + + return allErrors +} + +func ValidateLeaderElectionConfig(leaderElectionConfig *shared.LeaderElectionConfig, fldPath *field.Path) field.ErrorList { + var allErrors field.ErrorList + + if !leaderElectionConfig.Enabled { + return allErrors + } + + if leaderElectionConfig.LeaseDuration <= 0 { + allErrors = append(allErrors, field.Invalid(fldPath.Child("leaseDuration"), leaderElectionConfig.LeaseDuration, "must be greater than 0")) + } + if leaderElectionConfig.RenewDeadline <= 0 { + allErrors = append(allErrors, field.Invalid(fldPath.Child("renewDeadline"), leaderElectionConfig.RenewDeadline, "must be greater than 0")) + } + if leaderElectionConfig.RetryPeriod <= 0 { + allErrors = append(allErrors, field.Invalid(fldPath.Child("retryPeriod"), leaderElectionConfig.RetryPeriod, "must be greater than 0")) + } + + return allErrors +} diff --git a/internal/apis/config/shared/validation/validation_test.go b/internal/apis/config/shared/validation/validation_test.go new file mode 100644 index 00000000000..e99adccb254 --- /dev/null +++ b/internal/apis/config/shared/validation/validation_test.go @@ -0,0 +1,196 @@ +/* +Copyright 2021 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package validation + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/util/validation/field" + + "github.com/cert-manager/cert-manager/internal/apis/config/shared" +) + +func TestValidateTLSConfig(t *testing.T) { + tests := []struct { + name string + config *shared.TLSConfig + errs func(*shared.TLSConfig) field.ErrorList + }{ + { + "with valid config", + &shared.TLSConfig{}, + nil, + }, + { + "with both filesystem and dynamic tls configured", + &shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ + CertFile: "/test.crt", + KeyFile: "/test.key", + }, + Dynamic: shared.DynamicServingConfig{ + SecretNamespace: "cert-manager", + SecretName: "test", + DNSNames: []string{"example.com"}, + }, + }, + func(cc *shared.TLSConfig) field.ErrorList { + return field.ErrorList{ + field.Invalid(nil, cc, "cannot specify both filesystem based and dynamic TLS configuration"), + } + }, + }, + { + "with valid filesystem tls config", + &shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ + CertFile: "/test.crt", + KeyFile: "/test.key", + }, + }, + nil, + }, + { + "with valid tls config missing keyfile", + &shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ + CertFile: "/test.crt", + }, + }, + func(cc *shared.TLSConfig) field.ErrorList { + return field.ErrorList{ + field.Required(field.NewPath("filesystem.keyFile"), "must be specified when using filesystem based TLS config"), + } + }, + }, + { + "with valid tls config missing certfile", + &shared.TLSConfig{ + Filesystem: shared.FilesystemServingConfig{ + KeyFile: "/test.key", + }, + }, + func(cc *shared.TLSConfig) field.ErrorList { + return field.ErrorList{ + field.Required(field.NewPath("filesystem.certFile"), "must be specified when using filesystem based TLS config"), + } + }, + }, + { + "with valid dynamic tls config", + &shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ + SecretNamespace: "cert-manager", + SecretName: "test", + DNSNames: []string{"example.com"}, + }, + }, + nil, + }, + { + "with dynamic tls missing secret namespace", + &shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ + SecretName: "test", + DNSNames: []string{"example.com"}, + }, + }, + func(cc *shared.TLSConfig) field.ErrorList { + return field.ErrorList{ + field.Required(field.NewPath("dynamic.secretNamespace"), "must be specified when using dynamic TLS config"), + } + }, + }, + { + "with dynamic tls missing secret name", + &shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ + SecretNamespace: "cert-manager", + DNSNames: []string{"example.com"}, + }, + }, + func(cc *shared.TLSConfig) field.ErrorList { + return field.ErrorList{ + field.Required(field.NewPath("dynamic.secretName"), "must be specified when using dynamic TLS config"), + } + }, + }, + { + "with dynamic tls missing dns names", + &shared.TLSConfig{ + Dynamic: shared.DynamicServingConfig{ + SecretName: "test", + SecretNamespace: "cert-manager", + DNSNames: nil, + }, + }, + func(cc *shared.TLSConfig) field.ErrorList { + return field.ErrorList{ + field.Required(field.NewPath("dynamic.dnsNames"), "must be specified when using dynamic TLS config"), + } + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + errList := ValidateTLSConfig(tt.config, nil) + var expErrs field.ErrorList + if tt.errs != nil { + expErrs = tt.errs(tt.config) + } + assert.ElementsMatch(t, expErrs, errList) + }) + } +} + +func TestValidateLeaderElectionConfig(t *testing.T) { + tests := []struct { + name string + config *shared.LeaderElectionConfig + errs func(*shared.LeaderElectionConfig) field.ErrorList + }{ + { + "with valid config", + &shared.LeaderElectionConfig{}, + nil, + }, + { + "with leader election enabled but missing durations", + &shared.LeaderElectionConfig{ + Enabled: true, + }, + func(cc *shared.LeaderElectionConfig) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("leaseDuration"), cc.LeaseDuration, "must be greater than 0"), + field.Invalid(field.NewPath("renewDeadline"), cc.RenewDeadline, "must be greater than 0"), + field.Invalid(field.NewPath("retryPeriod"), cc.RetryPeriod, "must be greater than 0"), + } + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + errList := ValidateLeaderElectionConfig(tt.config, nil) + var expErrs field.ErrorList + if tt.errs != nil { + expErrs = tt.errs(tt.config) + } + assert.ElementsMatch(t, expErrs, errList) + }) + } +} diff --git a/internal/apis/config/webhook/validation/validation.go b/internal/apis/config/webhook/validation/validation.go index d2535d8a91c..a3b83c8468c 100644 --- a/internal/apis/config/webhook/validation/validation.go +++ b/internal/apis/config/webhook/validation/validation.go @@ -17,42 +17,25 @@ limitations under the License. package validation import ( - "fmt" - - utilerrors "k8s.io/apimachinery/pkg/util/errors" + "k8s.io/apimachinery/pkg/util/validation/field" + logsapi "k8s.io/component-base/logs/api/v1" + sharedvalidation "github.com/cert-manager/cert-manager/internal/apis/config/shared/validation" config "github.com/cert-manager/cert-manager/internal/apis/config/webhook" ) -func ValidateWebhookConfiguration(cfg *config.WebhookConfiguration) error { - var allErrors []error - if cfg.TLSConfig.FilesystemConfigProvided() && cfg.TLSConfig.DynamicConfigProvided() { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: cannot specify both filesystem based and dynamic TLS configuration")) - } else { - if cfg.TLSConfig.FilesystemConfigProvided() { - if cfg.TLSConfig.Filesystem.KeyFile == "" { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: tlsConfig.filesystem.keyFile (--tls-private-key-file) must be specified when using filesystem based TLS config")) - } - if cfg.TLSConfig.Filesystem.CertFile == "" { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: tlsConfig.filesystem.certFile (--tls-cert-file) must be specified when using filesystem based TLS config")) - } - } else if cfg.TLSConfig.DynamicConfigProvided() { - if cfg.TLSConfig.Dynamic.SecretNamespace == "" { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: tlsConfig.dynamic.secretNamespace (--dynamic-serving-ca-secret-namespace) must be specified when using dynamic TLS config")) - } - if cfg.TLSConfig.Dynamic.SecretName == "" { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: tlsConfig.dynamic.secretName (--dynamic-serving-ca-secret-name) must be specified when using dynamic TLS config")) - } - if len(cfg.TLSConfig.Dynamic.DNSNames) == 0 { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: tlsConfig.dynamic.dnsNames (--dynamic-serving-dns-names) must be specified when using dynamic TLS config")) - } - } - } +func ValidateWebhookConfiguration(cfg *config.WebhookConfiguration, fldPath *field.Path) field.ErrorList { + var allErrors field.ErrorList + + allErrors = append(allErrors, logsapi.Validate(&cfg.Logging, nil, fldPath.Child("logging"))...) + allErrors = append(allErrors, sharedvalidation.ValidateTLSConfig(&cfg.TLSConfig, fldPath.Child("tlsConfig"))...) + if cfg.HealthzPort < 0 || cfg.HealthzPort > 65535 { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: healthzPort must be a valid port number")) + allErrors = append(allErrors, field.Invalid(fldPath.Child("healthzPort"), cfg.HealthzPort, "must be a valid port number")) } if cfg.SecurePort < 0 || cfg.SecurePort > 65535 { - allErrors = append(allErrors, fmt.Errorf("invalid configuration: securePort must be a valid port number")) + allErrors = append(allErrors, field.Invalid(fldPath.Child("securePort"), cfg.SecurePort, "must be a valid port number")) } - return utilerrors.NewAggregate(allErrors) + + return allErrors } diff --git a/internal/apis/config/webhook/validation/validation_test.go b/internal/apis/config/webhook/validation/validation_test.go index cd366585013..19a781ae835 100644 --- a/internal/apis/config/webhook/validation/validation_test.go +++ b/internal/apis/config/webhook/validation/validation_test.go @@ -19,76 +19,53 @@ package validation import ( "testing" + "github.com/stretchr/testify/assert" + "k8s.io/apimachinery/pkg/util/validation/field" + logsapi "k8s.io/component-base/logs/api/v1" + "github.com/cert-manager/cert-manager/internal/apis/config/shared" config "github.com/cert-manager/cert-manager/internal/apis/config/webhook" ) func TestValidateWebhookConfiguration(t *testing.T) { tests := []struct { - name string - config *config.WebhookConfiguration - wantErr bool + name string + config *config.WebhookConfiguration + errs func(*config.WebhookConfiguration) field.ErrorList }{ { "with no tls config", - &config.WebhookConfiguration{}, - false, - }, - { - "with both filesystem and dynamic tls configured", &config.WebhookConfiguration{ - TLSConfig: shared.TLSConfig{ - Filesystem: shared.FilesystemServingConfig{ - CertFile: "/test.crt", - KeyFile: "/test.key", - }, - Dynamic: shared.DynamicServingConfig{ - SecretNamespace: "cert-manager", - SecretName: "test", - DNSNames: []string{"example.com"}, - }, + Logging: logsapi.LoggingConfiguration{ + Format: "text", }, }, - true, + nil, }, { - "with valid filesystem tls config", + "with invalid logging config", &config.WebhookConfiguration{ - TLSConfig: shared.TLSConfig{ - Filesystem: shared.FilesystemServingConfig{ - CertFile: "/test.crt", - KeyFile: "/test.key", - }, + Logging: logsapi.LoggingConfiguration{ + Format: "unknown", }, }, - false, - }, - { - "with valid tls config missing keyfile", - &config.WebhookConfiguration{ - TLSConfig: shared.TLSConfig{ - Filesystem: shared.FilesystemServingConfig{ - CertFile: "/test.crt", - }, - }, + func(wc *config.WebhookConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("logging.format"), wc.Logging.Format, "Unsupported log format"), + } }, - true, }, { - "with valid tls config missing certfile", + "with invalid tls config", &config.WebhookConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, TLSConfig: shared.TLSConfig{ Filesystem: shared.FilesystemServingConfig{ - KeyFile: "/test.key", + CertFile: "/test.crt", + KeyFile: "/test.key", }, - }, - }, - true, - }, - { - "with valid dynamic tls config", - &config.WebhookConfiguration{ - TLSConfig: shared.TLSConfig{ Dynamic: shared.DynamicServingConfig{ SecretNamespace: "cert-manager", SecretName: "test", @@ -96,80 +73,69 @@ func TestValidateWebhookConfiguration(t *testing.T) { }, }, }, - false, - }, - { - "with dynamic tls missing secret namespace", - &config.WebhookConfiguration{ - TLSConfig: shared.TLSConfig{ - Dynamic: shared.DynamicServingConfig{ - SecretName: "test", - DNSNames: []string{"example.com"}, - }, - }, - }, - true, - }, - { - "with dynamic tls missing secret name", - &config.WebhookConfiguration{ - TLSConfig: shared.TLSConfig{ - Dynamic: shared.DynamicServingConfig{ - SecretNamespace: "cert-manager", - DNSNames: []string{"example.com"}, - }, - }, + func(wc *config.WebhookConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("tlsConfig"), &wc.TLSConfig, "cannot specify both filesystem based and dynamic TLS configuration"), + } }, - true, - }, - { - "with dynamic tls missing dns names", - &config.WebhookConfiguration{ - TLSConfig: shared.TLSConfig{ - Dynamic: shared.DynamicServingConfig{ - SecretName: "test", - SecretNamespace: "cert-manager", - DNSNames: nil, - }, - }, - }, - true, }, { "with valid healthz port", &config.WebhookConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, HealthzPort: 8080, }, - false, + nil, }, { "with invalid healthz port", &config.WebhookConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, HealthzPort: 99999999, }, - true, + func(wc *config.WebhookConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("healthzPort"), wc.HealthzPort, "must be a valid port number"), + } + }, }, - { "with valid secure port", &config.WebhookConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, SecurePort: 8080, }, - false, + nil, }, { "with invalid secure port", &config.WebhookConfiguration{ + Logging: logsapi.LoggingConfiguration{ + Format: "text", + }, SecurePort: 99999999, }, - true, + func(wc *config.WebhookConfiguration) field.ErrorList { + return field.ErrorList{ + field.Invalid(field.NewPath("securePort"), wc.SecurePort, "must be a valid port number"), + } + }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if err := ValidateWebhookConfiguration(tt.config); (err != nil) != tt.wantErr { - t.Errorf("ValidateWebhookConfiguration() error = %v, wantErr %v", err, tt.wantErr) + errList := ValidateWebhookConfiguration(tt.config, nil) + var expErrs field.ErrorList + if tt.errs != nil { + expErrs = tt.errs(tt.config) } + assert.ElementsMatch(t, expErrs, errList) }) } } diff --git a/pkg/logs/logs.go b/pkg/logs/logs.go index 199d17adb30..9af6d275429 100644 --- a/pkg/logs/logs.go +++ b/pkg/logs/logs.go @@ -26,7 +26,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" "k8s.io/component-base/logs" logsapi "k8s.io/component-base/logs/api/v1" "k8s.io/klog/v2" @@ -90,10 +89,6 @@ func ValidateAndApply(opts *logsapi.LoggingConfiguration) error { return logsapi.ValidateAndApply(opts, nil) } -func ValidateAndApplyAsField(opts *logsapi.LoggingConfiguration, fldPath *field.Path) error { - return logsapi.ValidateAndApplyAsField(opts, nil, fldPath) -} - // FlushLogs flushes logs immediately. func FlushLogs() { logs.FlushLogs() From e51f4a46db9f8de667d6a80d4561afa019d26ad8 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 14 May 2024 17:49:56 +0200 Subject: [PATCH 134/177] update CRD field comments Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- deploy/crds/crd-certificates.yaml | 3 --- internal/apis/certmanager/types_certificate.go | 3 --- .../apis/certmanager/v1alpha2/types_certificate.go | 13 ++++++++++--- .../apis/certmanager/v1alpha3/types_certificate.go | 13 ++++++++++--- .../apis/certmanager/v1beta1/types_certificate.go | 13 ++++++++++--- pkg/apis/certmanager/v1/types_certificate.go | 3 --- 6 files changed, 30 insertions(+), 18 deletions(-) diff --git a/deploy/crds/crd-certificates.yaml b/deploy/crds/crd-certificates.yaml index 30ee0d85a45..461ae1bc277 100644 --- a/deploy/crds/crd-certificates.yaml +++ b/deploy/crds/crd-certificates.yaml @@ -308,9 +308,6 @@ spec: Cannot be set if the `subject` or `commonName` field is set. - This is an Alpha Feature and is only enabled with the - `--feature-gates=LiteralCertificateSubject=true` option set on both - the controller and webhook components. type: string nameConstraints: description: |- diff --git a/internal/apis/certmanager/types_certificate.go b/internal/apis/certmanager/types_certificate.go index e3367d9bc4c..97a5ff94e08 100644 --- a/internal/apis/certmanager/types_certificate.go +++ b/internal/apis/certmanager/types_certificate.go @@ -117,9 +117,6 @@ type CertificateSpec struct { // More info: https://github.com/cert-manager/cert-manager/issues/4424 // // Cannot be set if the `subject` or `commonName` field is set. - // This is an Alpha Feature and is only enabled with the - // `--feature-gates=LiteralCertificateSubject=true` option set on both - // the controller and webhook components. LiteralSubject string // Requested common name X509 certificate subject attribute. diff --git a/internal/apis/certmanager/v1alpha2/types_certificate.go b/internal/apis/certmanager/v1alpha2/types_certificate.go index efb4cfa40f4..6772b1f078a 100644 --- a/internal/apis/certmanager/v1alpha2/types_certificate.go +++ b/internal/apis/certmanager/v1alpha2/types_certificate.go @@ -84,9 +84,16 @@ type CertificateSpec struct { // +optional Subject *X509Subject `json:"subject,omitempty"` - // LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). - // Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. - // This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. + // Requested X.509 certificate subject, represented using the LDAP "String + // Representation of a Distinguished Name" [1]. + // Important: the LDAP string format also specifies the order of the attributes + // in the subject, this is important when issuing certs for LDAP authentication. + // Example: `CN=foo,DC=corp,DC=example,DC=com` + // More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 + // More info: https://github.com/cert-manager/cert-manager/issues/3203 + // More info: https://github.com/cert-manager/cert-manager/issues/4424 + // + // Cannot be set if the `subject` or `commonName` field is set. // +optional LiteralSubject string `json:"literalSubject,omitempty"` diff --git a/internal/apis/certmanager/v1alpha3/types_certificate.go b/internal/apis/certmanager/v1alpha3/types_certificate.go index 1fc37bbad3d..580d00c6187 100644 --- a/internal/apis/certmanager/v1alpha3/types_certificate.go +++ b/internal/apis/certmanager/v1alpha3/types_certificate.go @@ -86,9 +86,16 @@ type CertificateSpec struct { // +optional Subject *X509Subject `json:"subject,omitempty"` - // LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). - // Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. - // This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. + // Requested X.509 certificate subject, represented using the LDAP "String + // Representation of a Distinguished Name" [1]. + // Important: the LDAP string format also specifies the order of the attributes + // in the subject, this is important when issuing certs for LDAP authentication. + // Example: `CN=foo,DC=corp,DC=example,DC=com` + // More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 + // More info: https://github.com/cert-manager/cert-manager/issues/3203 + // More info: https://github.com/cert-manager/cert-manager/issues/4424 + // + // Cannot be set if the `subject` or `commonName` field is set. // +optional LiteralSubject string `json:"literalSubject,omitempty"` diff --git a/internal/apis/certmanager/v1beta1/types_certificate.go b/internal/apis/certmanager/v1beta1/types_certificate.go index 7ed3eadd812..14404b5f907 100644 --- a/internal/apis/certmanager/v1beta1/types_certificate.go +++ b/internal/apis/certmanager/v1beta1/types_certificate.go @@ -87,9 +87,16 @@ type CertificateSpec struct { // +optional Subject *X509Subject `json:"subject,omitempty"` - // LiteralSubject is an LDAP formatted string that represents the [X.509 Subject field](https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.6). - // Use this *instead* of the Subject field if you need to ensure the correct ordering of the RDN sequence, such as when issuing certs for LDAP authentication. See https://github.com/cert-manager/cert-manager/issues/3203, https://github.com/cert-manager/cert-manager/issues/4424. - // This field is alpha level and is only supported by cert-manager installations where LiteralCertificateSubject feature gate is enabled on both cert-manager controller and webhook. + // Requested X.509 certificate subject, represented using the LDAP "String + // Representation of a Distinguished Name" [1]. + // Important: the LDAP string format also specifies the order of the attributes + // in the subject, this is important when issuing certs for LDAP authentication. + // Example: `CN=foo,DC=corp,DC=example,DC=com` + // More info [1]: https://datatracker.ietf.org/doc/html/rfc4514 + // More info: https://github.com/cert-manager/cert-manager/issues/3203 + // More info: https://github.com/cert-manager/cert-manager/issues/4424 + // + // Cannot be set if the `subject` or `commonName` field is set. // +optional LiteralSubject string `json:"literalSubject,omitempty"` diff --git a/pkg/apis/certmanager/v1/types_certificate.go b/pkg/apis/certmanager/v1/types_certificate.go index 0448cf395db..b37cf1b6e25 100644 --- a/pkg/apis/certmanager/v1/types_certificate.go +++ b/pkg/apis/certmanager/v1/types_certificate.go @@ -128,9 +128,6 @@ type CertificateSpec struct { // More info: https://github.com/cert-manager/cert-manager/issues/4424 // // Cannot be set if the `subject` or `commonName` field is set. - // This is an Alpha Feature and is only enabled with the - // `--feature-gates=LiteralCertificateSubject=true` option set on both - // the controller and webhook components. // +optional LiteralSubject string `json:"literalSubject,omitempty"` From 085c63dd9a750351e2978c711a38cbdc3c2971c7 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 17 May 2024 14:20:28 +0200 Subject: [PATCH 135/177] apply PR feedback: add kubebuilder annotations Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/apis/config/shared/v1alpha1/types_duration.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/apis/config/shared/v1alpha1/types_duration.go b/pkg/apis/config/shared/v1alpha1/types_duration.go index dc9dd3bc302..7d222281488 100644 --- a/pkg/apis/config/shared/v1alpha1/types_duration.go +++ b/pkg/apis/config/shared/v1alpha1/types_duration.go @@ -27,6 +27,7 @@ import ( // Duration is present for backwards compatibility for fields that // previously used time.Duration. // +k8s:conversion-gen=false +// +kubebuilder:validation:XIntOrString type Duration struct { // Duration holds the duration Duration metav1.Duration From 9483f5ddc214df6b1de147c3051c00673e3d69fe Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 17 May 2024 09:28:25 +0200 Subject: [PATCH 136/177] upgrade dependencies Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- LICENSES | 179 ++-- cmd/acmesolver/LICENSES | 32 +- cmd/acmesolver/go.mod | 37 +- cmd/acmesolver/go.sum | 60 +- cmd/cainjector/LICENSES | 58 +- cmd/cainjector/go.mod | 60 +- cmd/cainjector/go.sum | 145 ++- cmd/controller/LICENSES | 167 ++-- cmd/controller/go.mod | 165 ++-- cmd/controller/go.sum | 366 ++++---- cmd/startupapicheck/LICENSES | 72 +- cmd/startupapicheck/go.mod | 70 +- cmd/startupapicheck/go.sum | 169 ++-- cmd/webhook/LICENSES | 90 +- cmd/webhook/go.mod | 92 +- cmd/webhook/go.sum | 196 ++-- go.mod | 177 ++-- go.sum | 376 ++++---- test/e2e/LICENSES | 66 +- test/e2e/go.mod | 77 +- test/e2e/go.sum | 161 ++-- test/integration/LICENSES | 100 +- test/integration/go.mod | 111 +-- test/integration/go.sum | 1677 +++++++++++++++++++++++++++++++--- 24 files changed, 3022 insertions(+), 1681 deletions(-) diff --git a/LICENSES b/LICENSES index 391af5ca277..90a4eb776fe 100644 --- a/LICENSES +++ b/LICENSES @@ -1,65 +1,68 @@ -cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.2.3/compute/metadata/LICENSE,Apache-2.0 -github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.9.2/sdk/azcore/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.1/sdk/azidentity/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.5.2/sdk/internal/LICENSE.txt,MIT +cloud.google.com/go/auth,https://github.com/googleapis/google-cloud-go/blob/auth/v0.4.2/auth/LICENSE,Apache-2.0 +cloud.google.com/go/auth/oauth2adapt,https://github.com/googleapis/google-cloud-go/blob/auth/oauth2adapt/v0.2.2/auth/oauth2adapt/LICENSE,Apache-2.0 +cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.3.0/compute/metadata/LICENSE,Apache-2.0 +github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.11.1/sdk/azcore/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.2/sdk/azidentity/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.8.0/sdk/internal/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT -github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.1/LICENSE,MIT +github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.2/LICENSE,MIT github.com/NYTimes/gziphandler,https://github.com/NYTimes/gziphandler/blob/v1.1.1/LICENSE,Apache-2.0 -github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.4.0/LICENSE,Apache-2.0 +github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.6.4/LICENSE,Apache-2.0 github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0 github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause github.com/asaskevich/govalidator,https://github.com/asaskevich/govalidator/blob/a9d515a09cc2/LICENSE,MIT -github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.25.0/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.27.0/config/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.17.0/credentials/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.15.0/feature/ec2/imds/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.3.0/internal/configsources/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.6.0/internal/endpoints/v2/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.27.0/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.27.15/config/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.17.15/credentials/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.16.3/feature/ec2/imds/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.3.7/internal/configsources/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.6.7/internal/endpoints/v2/LICENSE.txt,Apache-2.0 github.com/aws/aws-sdk-go-v2/internal/ini,https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.8.0/internal/ini/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.25.0/internal/sync/singleflight/LICENSE,BSD-3-Clause -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.11.0/service/internal/accept-encoding/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.11.0/service/internal/presigned-url/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.39.0/service/route53/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.19.0/service/sso/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.22.0/service/ssooidc/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.27.0/service/sts/LICENSE.txt,Apache-2.0 -github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.20.0/LICENSE,Apache-2.0 -github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.20.0/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.27.0/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.11.2/service/internal/accept-encoding/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.11.9/service/internal/presigned-url/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.40.7/service/route53/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.20.8/service/sso/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.24.2/service/ssooidc/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.28.9/service/sts/LICENSE.txt,Apache-2.0 +github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.20.2/LICENSE,Apache-2.0 +github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.20.2/internal/sync/singleflight/LICENSE,BSD-3-Clause github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.2.2/LICENSE,MIT -github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.2.1/LICENSE,MIT +github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.3.0/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/azuredns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/azuredns/LICENSE,MIT github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/clouddns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/clouddns/LICENSE,MIT github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/cloudflare,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/cloudflare/LICENSE,MIT github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/route53,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/route53/LICENSE,MIT github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/util/LICENSE,MIT -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.1/LICENSE,Apache-2.0 github.com/coreos/go-systemd/v22,https://github.com/coreos/go-systemd/blob/v22.5.0/LICENSE,Apache-2.0 github.com/cpu/goacmedns,https://github.com/cpu/goacmedns/blob/v0.1.1/LICENSE,MIT github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC -github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.109.0/LICENSE.txt,MIT -github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.109.0/LICENSE.txt,BSD-3-Clause -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT +github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.116.0/LICENSE.txt,MIT +github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.116.0/LICENSE.txt,BSD-3-Clause +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.12.0/LICENSE,MIT github.com/evanphx/json-patch,https://github.com/evanphx/json-patch/blob/v5.9.0/LICENSE,BSD-3-Clause github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT -github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.3/LICENSE,Apache-2.0 -github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.3/json/LICENSE,BSD-3-Clause +github.com/go-http-utils/headers,https://github.com/go-http-utils/headers/blob/fed159eddc2a/LICENSE,MIT +github.com/go-jose/go-jose/v4,https://github.com/go-jose/go-jose/blob/v4.0.2/LICENSE,Apache-2.0 +github.com/go-jose/go-jose/v4/json,https://github.com/go-jose/go-jose/blob/v4.0.2/json/LICENSE,BSD-3-Clause github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.20.2/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.4/LICENSE,Apache-2.0 -github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.23.0/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause -github.com/golang-jwt/jwt/v5,https://github.com/golang-jwt/jwt/blob/v5.2.0/LICENSE,MIT +github.com/golang-jwt/jwt/v5,https://github.com/golang-jwt/jwt/blob/v5.2.1/LICENSE,MIT github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause @@ -72,20 +75,20 @@ github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Ap github.com/google/s2a-go,https://github.com/google/s2a-go/blob/v0.1.7/LICENSE.md,Apache-2.0 github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause github.com/googleapis/enterprise-certificate-proxy/client,https://github.com/googleapis/enterprise-certificate-proxy/blob/v0.3.2/LICENSE,Apache-2.0 -github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.12.0/v2/LICENSE,BSD-3-Clause +github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.12.4/v2/LICENSE,BSD-3-Clause github.com/grpc-ecosystem/go-grpc-prometheus,https://github.com/grpc-ecosystem/go-grpc-prometheus/blob/v1.2.0/LICENSE,Apache-2.0 -github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.19.0/LICENSE,BSD-3-Clause +github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.20.0/LICENSE,BSD-3-Clause github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.5/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.8/parseutil/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 github.com/hashicorp/go-sockaddr,https://github.com/hashicorp/go-sockaddr/blob/v1.0.6/LICENSE,MPL-2.0 github.com/hashicorp/hcl,https://github.com/hashicorp/hcl/blob/v1.0.1-vault-5/LICENSE,MPL-2.0 -github.com/hashicorp/vault/api,https://github.com/hashicorp/vault/blob/api/v1.12.0/api/LICENSE,MPL-2.0 -github.com/hashicorp/vault/sdk/helper,https://github.com/hashicorp/vault/blob/sdk/v0.11.0/sdk/LICENSE,MPL-2.0 +github.com/hashicorp/vault/api,https://github.com/hashicorp/vault/blob/api/v1.13.0/api/LICENSE,MPL-2.0 +github.com/hashicorp/vault/sdk/helper,https://github.com/hashicorp/vault/blob/sdk/v0.12.0/sdk/LICENSE,MPL-2.0 github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.16/LICENSE,BSD-3-Clause github.com/jmespath/go-jmespath,https://github.com/jmespath/go-jmespath/blob/b0104c826a24/LICENSE,Apache-2.0 github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT @@ -94,7 +97,7 @@ github.com/kr/pretty,https://github.com/kr/pretty/blob/v0.3.1/License,MIT github.com/kr/text,https://github.com/kr/text/blob/v0.2.0/License,MIT github.com/kylelemons/godebug,https://github.com/kylelemons/godebug/blob/v1.1.0/LICENSE,Apache-2.0 github.com/mailru/easyjson,https://github.com/mailru/easyjson/blob/v0.7.7/LICENSE,MIT -github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.58/LICENSE,BSD-3-Clause +github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.59/LICENSE,BSD-3-Clause github.com/mitchellh/go-homedir,https://github.com/mitchellh/go-homedir/blob/v1.1.0/LICENSE,MIT github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob/v1.5.0/LICENSE,MIT github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0 @@ -106,74 +109,74 @@ github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.6.1/LICENSE,BSD-3- github.com/pkg/browser,https://github.com/pkg/browser/blob/5ac0b6a4141c/LICENSE,BSD-2-Clause github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.46.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.46.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.12.0/LICENSE,Apache-2.0 +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.0/LICENSE,Apache-2.0 github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.12.0/LICENSE,BSD-3-Clause github.com/ryanuber/go-glob,https://github.com/ryanuber/go-glob/blob/v1.0.0/LICENSE,MIT github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.9.3/LICENSE,MIT -github.com/sosodev/duration,https://github.com/sosodev/duration/blob/v1.2.0/LICENSE,MIT +github.com/sosodev/duration,https://github.com/sosodev/duration/blob/v1.3.1/LICENSE,MIT github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.3.0/LICENSE,MIT -github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/1326539a0a0a/LICENSE,MIT -go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.11/api/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.11/client/pkg/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.11/client/v3/LICENSE,Apache-2.0 +github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/3c2c7870ae76/LICENSE,MIT +go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.13/api/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.13/client/pkg/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.13/client/v3/LICENSE,Apache-2.0 go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.24.0/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.47.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.47.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 -go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.23.0/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.22.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.22.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.23.0/metric/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.22.0/sdk/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.23.0/trace/LICENSE,Apache-2.0 -go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.51.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.51.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 +go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.26.0/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.26.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.26.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.26.0/metric/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.26.0/sdk/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.26.0/trace/LICENSE,Apache-2.0 +go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause -golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 -google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.165.0/LICENSE,BSD-3-Clause -google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.165.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause -google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/1f4bbc51befe/googleapis/api/LICENSE,Apache-2.0 -google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/31a09d347014/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.61.0/LICENSE,Apache-2.0 -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause +google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/LICENSE,BSD-3-Clause +google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause +google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 +google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 gopkg.in/natefinch/lumberjack.v2,https://github.com/natefinch/lumberjack/blob/v2.2.1/LICENSE,MIT gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.1/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/errors/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/strfmt/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.29.0/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 +k8s.io/kms,https://github.com/kubernetes/kms/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/errors,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/errors/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/validation/strfmt,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/strfmt/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.30.3/konnectivity-client/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.2/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 diff --git a/cmd/acmesolver/LICENSES b/cmd/acmesolver/LICENSES index b6ed4a88c88..39d66194d11 100644 --- a/cmd/acmesolver/LICENSES +++ b/cmd/acmesolver/LICENSES @@ -2,7 +2,7 @@ github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LIC github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/acmesolver-binary,https://github.com/cert-manager/cert-manager/blob/HEAD/acmesolver-binary/LICENSE,Apache-2.0 -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause @@ -12,29 +12,29 @@ github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LIC github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0 github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0 github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.46.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.46.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.12.0/LICENSE,Apache-2.0 +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.0/LICENSE,Apache-2.0 github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 -k8s.io/api/core/v1,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang/reflect,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/api/core/v1,https://github.com/kubernetes/api/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang/reflect,https://github.com/kubernetes/apimachinery/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.1/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause sigs.k8s.io/structured-merge-diff/v4/value,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 diff --git a/cmd/acmesolver/go.mod b/cmd/acmesolver/go.mod index 1e1681d7464..d90d9dc7ad5 100644 --- a/cmd/acmesolver/go.mod +++ b/cmd/acmesolver/go.mod @@ -6,18 +6,23 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 + +replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + replace github.com/cert-manager/cert-manager => ../../ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 - k8s.io/component-base v0.30.0 + k8s.io/component-base v0.30.1 ) require ( github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/zapr v1.3.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -27,25 +32,25 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/api v0.30.0 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect - k8s.io/apimachinery v0.30.0 // indirect + k8s.io/api v0.30.1 // indirect + k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/apimachinery v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect - sigs.k8s.io/gateway-api v1.0.0 // indirect + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/cmd/acmesolver/go.sum b/cmd/acmesolver/go.sum index b10f606fb55..93d827325f0 100644 --- a/cmd/acmesolver/go.sum +++ b/cmd/acmesolver/go.sum @@ -2,8 +2,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -41,12 +41,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -56,16 +56,16 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -75,20 +75,20 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -97,8 +97,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -109,20 +109,20 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/cmd/cainjector/LICENSES b/cmd/cainjector/LICENSES index 7d25e98afa9..c416ceb023a 100644 --- a/cmd/cainjector/LICENSES +++ b/cmd/cainjector/LICENSES @@ -2,16 +2,16 @@ github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LIC github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/cainjector-binary,https://github.com/cert-manager/cert-manager/blob/HEAD/cainjector-binary/LICENSE,Apache-2.0 -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.12.0/LICENSE,MIT github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.20.2/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.4/LICENSE,Apache-2.0 -github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.23.0/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause @@ -28,41 +28,41 @@ github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/ github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.46.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.46.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.12.0/LICENSE,Apache-2.0 +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.0/LICENSE,Apache-2.0 github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT +golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.1/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.2/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 diff --git a/cmd/cainjector/go.mod b/cmd/cainjector/go.mod index b83eede050c..38e6ae7c1b5 100644 --- a/cmd/cainjector/go.mod +++ b/cmd/cainjector/go.mod @@ -6,33 +6,38 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 + +replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + replace github.com/cert-manager/cert-manager => ../../ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 - k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/component-base v0.30.0 - k8s.io/kube-aggregator v0.30.0 - sigs.k8s.io/controller-runtime v0.18.0 + k8s.io/apiextensions-apiserver v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/client-go v0.30.1 + k8s.io/component-base v0.30.1 + k8s.io/kube-aggregator v0.30.1 + sigs.k8s.io/controller-runtime v0.18.2 ) require ( github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.11.2 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.9 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -49,30 +54,29 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.30.0 // indirect + k8s.io/api v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect - sigs.k8s.io/gateway-api v1.0.0 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/cmd/cainjector/go.sum b/cmd/cainjector/go.sum index 47dc5a6a7ae..3a8b2162889 100644 --- a/cmd/cainjector/go.sum +++ b/cmd/cainjector/go.sum @@ -2,15 +2,15 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= -github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -21,33 +21,31 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJBhIMxBBdlZJl31YNQC11EiyvA= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= @@ -73,10 +71,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -84,12 +82,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -99,80 +97,61 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -183,28 +162,28 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= -k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +k8s.io/kube-aggregator v0.30.1 h1:ymR2BsxDacTKwzKTuNhGZttuk009c+oZbSeD+IPX5q4= +k8s.io/kube-aggregator v0.30.1/go.mod h1:SFbqWsM6ea8dHd3mPLsZFzJHbjBOS5ykIgJh4znZ5iQ= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index 526a5754902..e6de9f70e53 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -1,32 +1,34 @@ -cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.2.3/compute/metadata/LICENSE,Apache-2.0 -github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.9.2/sdk/azcore/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.1/sdk/azidentity/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.5.2/sdk/internal/LICENSE.txt,MIT +cloud.google.com/go/auth,https://github.com/googleapis/google-cloud-go/blob/auth/v0.4.2/auth/LICENSE,Apache-2.0 +cloud.google.com/go/auth/oauth2adapt,https://github.com/googleapis/google-cloud-go/blob/auth/oauth2adapt/v0.2.2/auth/oauth2adapt/LICENSE,Apache-2.0 +cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.3.0/compute/metadata/LICENSE,Apache-2.0 +github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.11.1/sdk/azcore/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.2/sdk/azidentity/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.8.0/sdk/internal/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT -github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.1/LICENSE,MIT -github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.4.0/LICENSE,Apache-2.0 +github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.2/LICENSE,MIT +github.com/Venafi/vcert/v5,https://github.com/Venafi/vcert/blob/v5.6.4/LICENSE,Apache-2.0 github.com/akamai/AkamaiOPEN-edgegrid-golang,https://github.com/akamai/AkamaiOPEN-edgegrid-golang/blob/v1.2.2/LICENSE,Apache-2.0 -github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.25.0/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.27.0/config/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.17.0/credentials/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.15.0/feature/ec2/imds/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.3.0/internal/configsources/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.6.0/internal/endpoints/v2/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2,https://github.com/aws/aws-sdk-go-v2/blob/v1.27.0/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/config,https://github.com/aws/aws-sdk-go-v2/blob/config/v1.27.15/config/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/credentials,https://github.com/aws/aws-sdk-go-v2/blob/credentials/v1.17.15/credentials/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/feature/ec2/imds,https://github.com/aws/aws-sdk-go-v2/blob/feature/ec2/imds/v1.16.3/feature/ec2/imds/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/configsources,https://github.com/aws/aws-sdk-go-v2/blob/internal/configsources/v1.3.7/internal/configsources/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2,https://github.com/aws/aws-sdk-go-v2/blob/internal/endpoints/v2.6.7/internal/endpoints/v2/LICENSE.txt,Apache-2.0 github.com/aws/aws-sdk-go-v2/internal/ini,https://github.com/aws/aws-sdk-go-v2/blob/internal/ini/v1.8.0/internal/ini/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.25.0/internal/sync/singleflight/LICENSE,BSD-3-Clause -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.11.0/service/internal/accept-encoding/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.11.0/service/internal/presigned-url/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.39.0/service/route53/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.19.0/service/sso/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.22.0/service/ssooidc/LICENSE.txt,Apache-2.0 -github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.27.0/service/sts/LICENSE.txt,Apache-2.0 -github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.20.0/LICENSE,Apache-2.0 -github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.20.0/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/aws/aws-sdk-go-v2/internal/sync/singleflight,https://github.com/aws/aws-sdk-go-v2/blob/v1.27.0/internal/sync/singleflight/LICENSE,BSD-3-Clause +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/accept-encoding/v1.11.2/service/internal/accept-encoding/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url,https://github.com/aws/aws-sdk-go-v2/blob/service/internal/presigned-url/v1.11.9/service/internal/presigned-url/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/route53,https://github.com/aws/aws-sdk-go-v2/blob/service/route53/v1.40.7/service/route53/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sso,https://github.com/aws/aws-sdk-go-v2/blob/service/sso/v1.20.8/service/sso/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/ssooidc,https://github.com/aws/aws-sdk-go-v2/blob/service/ssooidc/v1.24.2/service/ssooidc/LICENSE.txt,Apache-2.0 +github.com/aws/aws-sdk-go-v2/service/sts,https://github.com/aws/aws-sdk-go-v2/blob/service/sts/v1.28.9/service/sts/LICENSE.txt,Apache-2.0 +github.com/aws/smithy-go,https://github.com/aws/smithy-go/blob/v1.20.2/LICENSE,Apache-2.0 +github.com/aws/smithy-go/internal/sync/singleflight,https://github.com/aws/smithy-go/blob/v1.20.2/internal/sync/singleflight/LICENSE,BSD-3-Clause github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cenkalti/backoff/v3,https://github.com/cenkalti/backoff/blob/v3.2.2/LICENSE,MIT -github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.2.1/LICENSE,MIT +github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.3.0/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/controller-binary,https://github.com/cert-manager/cert-manager/blob/HEAD/controller-binary/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/azuredns,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/azuredns/LICENSE,MIT @@ -34,27 +36,28 @@ github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/clouddns,https://github github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/cloudflare,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/cloudflare/LICENSE,MIT github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/route53,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/route53/LICENSE,MIT github.com/cert-manager/cert-manager/pkg/issuer/acme/dns/util,https://github.com/cert-manager/cert-manager/blob/HEAD/pkg/issuer/acme/dns/util/LICENSE,MIT -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.1/LICENSE,Apache-2.0 github.com/coreos/go-systemd/v22/journal,https://github.com/coreos/go-systemd/blob/v22.5.0/LICENSE,Apache-2.0 github.com/cpu/goacmedns,https://github.com/cpu/goacmedns/blob/v0.1.1/LICENSE,MIT github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC -github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.109.0/LICENSE.txt,MIT -github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.109.0/LICENSE.txt,BSD-3-Clause -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT +github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.116.0/LICENSE.txt,MIT +github.com/digitalocean/godo,https://github.com/digitalocean/godo/blob/v1.116.0/LICENSE.txt,BSD-3-Clause +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.12.0/LICENSE,MIT github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT -github.com/go-jose/go-jose/v3,https://github.com/go-jose/go-jose/blob/v3.0.3/LICENSE,Apache-2.0 -github.com/go-jose/go-jose/v3/json,https://github.com/go-jose/go-jose/blob/v3.0.3/json/LICENSE,BSD-3-Clause +github.com/go-http-utils/headers,https://github.com/go-http-utils/headers/blob/fed159eddc2a/LICENSE,MIT +github.com/go-jose/go-jose/v4,https://github.com/go-jose/go-jose/blob/v4.0.2/LICENSE,Apache-2.0 +github.com/go-jose/go-jose/v4/json,https://github.com/go-jose/go-jose/blob/v4.0.2/json/LICENSE,BSD-3-Clause github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.20.2/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.4/LICENSE,Apache-2.0 -github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.23.0/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause -github.com/golang-jwt/jwt/v5,https://github.com/golang-jwt/jwt/blob/v5.2.0/LICENSE,MIT +github.com/golang-jwt/jwt/v5,https://github.com/golang-jwt/jwt/blob/v5.2.1/LICENSE,MIT github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause github.com/golang/snappy,https://github.com/golang/snappy/blob/v0.0.4/LICENSE,BSD-3-Clause @@ -65,20 +68,20 @@ github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Ap github.com/google/s2a-go,https://github.com/google/s2a-go/blob/v0.1.7/LICENSE.md,Apache-2.0 github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause github.com/googleapis/enterprise-certificate-proxy/client,https://github.com/googleapis/enterprise-certificate-proxy/blob/v0.3.2/LICENSE,Apache-2.0 -github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.12.0/v2/LICENSE,BSD-3-Clause +github.com/googleapis/gax-go/v2,https://github.com/googleapis/gax-go/blob/v2.12.4/v2/LICENSE,BSD-3-Clause github.com/grpc-ecosystem/go-grpc-prometheus,https://github.com/grpc-ecosystem/go-grpc-prometheus/blob/v1.2.0/LICENSE,Apache-2.0 -github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.19.0/LICENSE,BSD-3-Clause +github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.20.0/LICENSE,BSD-3-Clause github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.5/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.8/parseutil/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 github.com/hashicorp/go-sockaddr,https://github.com/hashicorp/go-sockaddr/blob/v1.0.6/LICENSE,MPL-2.0 github.com/hashicorp/hcl,https://github.com/hashicorp/hcl/blob/v1.0.1-vault-5/LICENSE,MPL-2.0 -github.com/hashicorp/vault/api,https://github.com/hashicorp/vault/blob/api/v1.12.0/api/LICENSE,MPL-2.0 -github.com/hashicorp/vault/sdk/helper,https://github.com/hashicorp/vault/blob/sdk/v0.11.0/sdk/LICENSE,MPL-2.0 +github.com/hashicorp/vault/api,https://github.com/hashicorp/vault/blob/api/v1.13.0/api/LICENSE,MPL-2.0 +github.com/hashicorp/vault/sdk/helper,https://github.com/hashicorp/vault/blob/sdk/v0.12.0/sdk/LICENSE,MPL-2.0 github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.16/LICENSE,BSD-3-Clause github.com/jmespath/go-jmespath,https://github.com/jmespath/go-jmespath/blob/b0104c826a24/LICENSE,Apache-2.0 github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT @@ -87,7 +90,7 @@ github.com/kr/pretty,https://github.com/kr/pretty/blob/v0.3.1/License,MIT github.com/kr/text,https://github.com/kr/text/blob/v0.2.0/License,MIT github.com/kylelemons/godebug,https://github.com/kylelemons/godebug/blob/v1.1.0/LICENSE,Apache-2.0 github.com/mailru/easyjson,https://github.com/mailru/easyjson/blob/v0.7.7/LICENSE,MIT -github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.58/LICENSE,BSD-3-Clause +github.com/miekg/dns,https://github.com/miekg/dns/blob/v1.1.59/LICENSE,BSD-3-Clause github.com/mitchellh/go-homedir,https://github.com/mitchellh/go-homedir/blob/v1.1.0/LICENSE,MIT github.com/mitchellh/mapstructure,https://github.com/mitchellh/mapstructure/blob/v1.5.0/LICENSE,MIT github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bacd9c7ef1dd/LICENSE,Apache-2.0 @@ -98,65 +101,65 @@ github.com/pavlo-v-chernykh/keystore-go/v4,https://github.com/pavlo-v-chernykh/k github.com/pierrec/lz4,https://github.com/pierrec/lz4/blob/v2.6.1/LICENSE,BSD-3-Clause github.com/pkg/browser,https://github.com/pkg/browser/blob/5ac0b6a4141c/LICENSE,BSD-2-Clause github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.46.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.46.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.12.0/LICENSE,Apache-2.0 +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.0/LICENSE,Apache-2.0 github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.12.0/LICENSE,BSD-3-Clause github.com/ryanuber/go-glob,https://github.com/ryanuber/go-glob/blob/v1.0.0/LICENSE,MIT github.com/sirupsen/logrus,https://github.com/sirupsen/logrus/blob/v1.9.3/LICENSE,MIT -github.com/sosodev/duration,https://github.com/sosodev/duration/blob/v1.2.0/LICENSE,MIT +github.com/sosodev/duration,https://github.com/sosodev/duration/blob/v1.3.1/LICENSE,MIT github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause -github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/1326539a0a0a/LICENSE,MIT -go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.11/api/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.11/client/pkg/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.11/client/v3/LICENSE,Apache-2.0 +github.com/youmark/pkcs8,https://github.com/youmark/pkcs8/blob/3c2c7870ae76/LICENSE,MIT +go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.13/api/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.13/client/pkg/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.13/client/v3/LICENSE,Apache-2.0 go.opencensus.io,https://github.com/census-instrumentation/opencensus-go/blob/v0.24.0/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.47.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.47.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 -go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.23.0/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.22.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.22.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.23.0/metric/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.22.0/sdk/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.23.0/trace/LICENSE,Apache-2.0 -go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.51.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.51.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 +go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.26.0/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.26.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.26.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.26.0/metric/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.26.0/sdk/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.26.0/trace/LICENSE,Apache-2.0 +go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause -google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.165.0/LICENSE,BSD-3-Clause -google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.165.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause -google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/1f4bbc51befe/googleapis/api/LICENSE,Apache-2.0 -google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/31a09d347014/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.61.0/LICENSE,Apache-2.0 -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause +google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/LICENSE,BSD-3-Clause +google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause +google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 +google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver/pkg,https://github.com/kubernetes/apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver/pkg,https://github.com/kubernetes/apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.1/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.29.0/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.30.3/konnectivity-client/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index 7c7ac9ca705..9fa4a672d1b 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -6,6 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 + +replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + // Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 @@ -16,60 +21,62 @@ require ( github.com/go-logr/logr v1.4.1 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 - golang.org/x/sync v0.6.0 - k8s.io/apimachinery v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/component-base v0.30.0 - k8s.io/utils v0.0.0-20240102154912-e7106e64919e + golang.org/x/sync v0.7.0 + k8s.io/apimachinery v0.30.1 + k8s.io/client-go v0.30.1 + k8s.io/component-base v0.30.1 + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 ) require ( - cloud.google.com/go/compute v1.23.3 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + cloud.google.com/go/auth v0.4.2 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect - github.com/Venafi/vcert/v5 v5.4.0 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect + github.com/Venafi/vcert/v5 v5.6.4 // indirect github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 // indirect - github.com/aws/aws-sdk-go-v2 v1.25.0 // indirect - github.com/aws/aws-sdk-go-v2/config v1.27.0 // indirect - github.com/aws/aws-sdk-go-v2/credentials v1.17.0 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 // indirect + github.com/aws/aws-sdk-go-v2 v1.27.0 // indirect + github.com/aws/aws-sdk-go-v2/config v1.27.15 // indirect + github.com/aws/aws-sdk-go-v2/credentials v1.17.15 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0 // indirect - github.com/aws/aws-sdk-go-v2/service/route53 v1.39.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sts v1.27.0 // indirect - github.com/aws/smithy-go v1.20.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 // indirect + github.com/aws/aws-sdk-go-v2/service/route53 v1.40.7 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.8 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2 // indirect + github.com/aws/aws-sdk-go-v2/service/sts v1.28.9 // indirect + github.com/aws/smithy-go v1.20.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/cpu/goacmedns v0.1.1 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/digitalocean/godo v1.109.0 // indirect - github.com/emicklei/go-restful/v3 v3.11.2 // indirect + github.com/digitalocean/godo v1.116.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.9 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v5 v5.2.0 // indirect + github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect @@ -80,20 +87,20 @@ require ( github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect + github.com/googleapis/gax-go/v2 v2.12.4 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hashicorp/go-retryablehttp v0.7.6 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.6 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect - github.com/hashicorp/vault/api v1.12.0 // indirect - github.com/hashicorp/vault/sdk v0.11.0 // indirect + github.com/hashicorp/vault/api v1.13.0 // indirect + github.com/hashicorp/vault/sdk v0.12.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.1-0.20220621161143-b0104c826a24 // indirect @@ -103,7 +110,7 @@ require ( github.com/kr/text v0.2.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/miekg/dns v1.1.58 // indirect + github.com/miekg/dns v1.1.59 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -113,57 +120,55 @@ require ( github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 // indirect github.com/pierrec/lz4 v2.6.1+incompatible // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/sosodev/duration v1.2.0 // indirect - github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect - go.etcd.io/etcd/api/v3 v3.5.11 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect - go.etcd.io/etcd/client/v3 v3.5.11 // indirect + github.com/sosodev/duration v1.3.1 // indirect + github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 // indirect + go.etcd.io/etcd/api/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/v3 v3.5.13 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect - go.opentelemetry.io/otel v1.23.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.23.0 // indirect - go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/otel/trace v1.23.0 // indirect - go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/sdk v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect + go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.22.0 // indirect - golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/crypto v0.23.0 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.18.0 // indirect - google.golang.org/api v0.165.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 // indirect - google.golang.org/grpc v1.61.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + golang.org/x/tools v0.21.0 // indirect + google.golang.org/api v0.181.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/grpc v1.64.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.30.0 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect - k8s.io/apiserver v0.30.0 // indirect + k8s.io/api v0.30.1 // indirect + k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/apiserver v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect - sigs.k8s.io/gateway-api v1.0.0 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect + sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index b446dd29ed1..c7a392534bf 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -1,70 +1,70 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 h1:c4k2FIYIh4xtwqrQwV0Ct1v5+ehlNXj5NI/MWVsiTkQ= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2/go.mod h1:5FDJtLEO/GxwNgUxbwrY3LP0pEoThTQJtk2oysdXHxM= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= +cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg= +cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc= +cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= +cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/Venafi/vcert/v5 v5.4.0 h1:jsbFNoIO8Ffs5mlOIedj0IecaHFvorY/6gKraj/tbcc= -github.com/Venafi/vcert/v5 v5.4.0/go.mod h1:iFLQvf78b/8MEBql3ff/B0ZSP97UnQPquRpMc877YrA= +github.com/Venafi/vcert/v5 v5.6.4 h1:7sAI5MwKa1KAX1HVP/GHeRLVX8QxjcwPgOFmNPRWrKo= +github.com/Venafi/vcert/v5 v5.6.4/go.mod h1:6NgXvi7m0MJzma4vNDmoMt0Pj12pGPKLPr293kcdyEA= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= -github.com/aws/aws-sdk-go-v2 v1.25.0 h1:sv7+1JVJxOu/dD/sz/csHX7jFqmP001TIY7aytBWDSQ= -github.com/aws/aws-sdk-go-v2 v1.25.0/go.mod h1:G104G1Aho5WqF+SR3mDIobTABQzpYV0WxMsKxlMggOA= -github.com/aws/aws-sdk-go-v2/config v1.27.0 h1:J5sdGCAHuWKIXLeXiqr8II/adSvetkx0qdZwdbXXpb0= -github.com/aws/aws-sdk-go-v2/config v1.27.0/go.mod h1:cfh8v69nuSUohNFMbIISP2fhmblGmYEOKs5V53HiHnk= -github.com/aws/aws-sdk-go-v2/credentials v1.17.0 h1:lMW2x6sKBsiAJrpi1doOXqWFyEPoE886DTb1X0wb7So= -github.com/aws/aws-sdk-go-v2/credentials v1.17.0/go.mod h1:uT41FIH8cCIxOdUYIL0PYyHlL1NoneDuDSCwg5VE/5o= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 h1:xWCwjjvVz2ojYTP4kBKUuUh9ZrXfcAXpflhOUUeXg1k= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0/go.mod h1:j3fACuqXg4oMTQOR2yY7m0NmJY0yBK4L4sLsRXq1Ins= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 h1:NPs/EqVO+ajwOoq56EfcGKa3L3ruWuazkIw1BqxwOPw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0/go.mod h1:D+duLy2ylgatV+yTlQ8JTuLfDD0BnFvnQRc+o6tbZ4M= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 h1:ks7KGMVUMoDzcxNWUlEdI+/lokMFD136EL6DWmUOV80= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0/go.mod h1:hL6BWM/d/qz113fVitZjbXR0E+RCTU1+x+1Idyn5NgE= +github.com/aws/aws-sdk-go-v2 v1.27.0 h1:7bZWKoXhzI+mMR/HjdMx8ZCC5+6fY0lS5tr0bbgiLlo= +github.com/aws/aws-sdk-go-v2 v1.27.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.15 h1:uNnGLZ+DutuNEkuPh6fwqK7LpEiPmzb7MIMA1mNWEUc= +github.com/aws/aws-sdk-go-v2/config v1.27.15/go.mod h1:7j7Kxx9/7kTmL7z4LlhwQe63MYEE5vkVV6nWg4ZAI8M= +github.com/aws/aws-sdk-go-v2/credentials v1.17.15 h1:YDexlvDRCA8ems2T5IP1xkMtOZ1uLJOCJdTr0igs5zo= +github.com/aws/aws-sdk-go-v2/credentials v1.17.15/go.mod h1:vxHggqW6hFNaeNC0WyXS3VdyjcV0a4KMUY4dKJ96buU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 h1:dQLK4TjtnlRGb0czOht2CevZ5l6RSyRWAnKeGd7VAFE= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3/go.mod h1:TL79f2P6+8Q7dTsILpiVST+AL9lkF6PPGI167Ny0Cjw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 h1:lf/8VTF2cM+N4SLzaYJERKEWAXq8MOMpZfU6wEPWsPk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7/go.mod h1:4SjkU7QiqK2M9oozyMzfZ/23LmUY+h3oFqhdeP5OMiI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 h1:4OYVp0705xu8yjdyoWix0r9wPIRXnIzzOoUpQVHIJ/g= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7/go.mod h1:vd7ESTEvI76T2Na050gODNmNU7+OyKrIKroYTu4ABiI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0 h1:a33HuFlO0KsveiP90IUJh8Xr/cx9US2PqkSroaLc+o8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0/go.mod h1:SxIkWpByiGbhbHYTo9CMTUnx2G4p4ZQMrDPcRRy//1c= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0 h1:SHN/umDLTmFTmYfI+gkanz6da3vK8Kvj/5wkqnTHbuA= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0/go.mod h1:l8gPU5RYGOFHJqWEpPMoRTP0VoaWQSkJdKo+hwWnnDA= -github.com/aws/aws-sdk-go-v2/service/route53 v1.39.0 h1:EuBvW+sNIX5Xhl4J4vmDAIFtVXEHr7sRfieG+Lzp5nw= -github.com/aws/aws-sdk-go-v2/service/route53 v1.39.0/go.mod h1:7yv8DO9ZBVoBYAO7yqq1yHrJS7RLNuUp/ok1fdfKLuY= -github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 h1:u6OkVDxtBPnxPkZ9/63ynEe+8kHbtS5IfaC4PzVxzWM= -github.com/aws/aws-sdk-go-v2/service/sso v1.19.0/go.mod h1:YqbU3RS/pkDVu+v+Nwxvn0i1WB0HkNWEePWbmODEbbs= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 h1:6DL0qu5+315wbsAEEmzK+P9leRwNbkp+lGjPC+CEvb8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0/go.mod h1:olUAyg+FaoFaL/zFaeQQONjOZ9HXoxgvI/c7mQTYz7M= -github.com/aws/aws-sdk-go-v2/service/sts v1.27.0 h1:cjTRjh700H36MQ8M0LnDn33W3JmwC77mdxIIyPWCdpM= -github.com/aws/aws-sdk-go-v2/service/sts v1.27.0/go.mod h1:nXfOBMWPokIbOY+Gi7a1psWMSvskUCemZzI+SMB7Akc= -github.com/aws/smithy-go v1.20.0 h1:6+kZsCXZwKxZS9RfISnPc4EXlHoyAkm2hPuM8X2BrrQ= -github.com/aws/smithy-go v1.20.0/go.mod h1:uo5RKksAl4PzhqaAbjd4rLgFoq5koTsQKYuGe7dklGc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 h1:Wx0rlZoEJR7JwlSZcHnEa7CNjrSIyVxMFWGAaXy4fJY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9/go.mod h1:aVMHdE0aHO3v+f/iw01fmXV/5DbfQ3Bi9nN7nd9bE9Y= +github.com/aws/aws-sdk-go-v2/service/route53 v1.40.7 h1:dP8gy5fBzlwU5f4QFJtFFYfSHeuom1vuC8e2LJaEgS8= +github.com/aws/aws-sdk-go-v2/service/route53 v1.40.7/go.mod h1:CxB0DFnZHDkZZWurSFWDdgkKmjaAFtRIk85hoUy4XhI= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.8 h1:Kv1hwNG6jHC/sxMTe5saMjH6t6ZLkgfvVxyEjfWL1ks= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.8/go.mod h1:c1qtZUWtygI6ZdvKppzCSXsDOq5I4luJPZ0Ud3juFCA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2 h1:nWBZ1xHCF+A7vv9sDzJOq4NWIdzFYm0kH7Pr4OjHYsQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2/go.mod h1:9lmoVDVLz/yUZwLaQ676TK02fhCu4+PgRSmMaKR1ozk= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.9 h1:Qp6Boy0cGDloOE3zI6XhNLNZgjNS8YmiFQFHe71SaW0= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.9/go.mod h1:0Aqn1MnEuitqfsCNyKsdKLhDUOr4txD/g19EfiUqgws= +github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= +github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -77,20 +77,16 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/digitalocean/godo v1.109.0 h1:4W97RJLJSUQ3veRZDNbp1Ol3Rbn6Lmt9bKGvfqYI5SU= -github.com/digitalocean/godo v1.109.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= -github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= +github.com/digitalocean/godo v1.116.0 h1:SuF/Imd1/dE/nYrUFVkJ2itesQNnJQE1a/vmtHknxeE= +github.com/digitalocean/godo v1.116.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= -github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -107,8 +103,10 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a h1:v6zMvHuY9yue4+QkG/HQ/W67wvtQmWJ4SDo9aK/GIno= +github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a/go.mod h1:I79BieaU4fxrw4LMXby6q5OS9XnoR9UIKLOzDFjUmuw= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -118,14 +116,15 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -133,8 +132,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= -github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= @@ -149,8 +148,6 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= @@ -166,7 +163,6 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -176,8 +172,8 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJBhIMxBBdlZJl31YNQC11EiyvA= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -186,21 +182,21 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= +github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -208,13 +204,12 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= -github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= -github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= +github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= @@ -228,10 +223,10 @@ github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/C github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4= -github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= -github.com/hashicorp/vault/sdk v0.11.0 h1:KP/tBUywaVcvOebAfMPNCCiXKeCNEbm3JauYmrZd7RI= -github.com/hashicorp/vault/sdk v0.11.0/go.mod h1:cG0OZ7Ebq09Xn2N7OWtHbVqq6LpYP6fkyWo0PIvkLsA= +github.com/hashicorp/vault/api v1.13.0 h1:RTCGpE2Rgkn9jyPcFlc7YmNocomda44k5ck8FKMH41Y= +github.com/hashicorp/vault/api v1.13.0/go.mod h1:0cb/uZUv1w2cVu9DIvuW1SMlXXC6qtATJt+LXJRx+kg= +github.com/hashicorp/vault/sdk v0.12.0 h1:c2WeMWtF08zKQmrJya7paM4IVnsXIXF5UlhQTBdwZwQ= +github.com/hashicorp/vault/sdk v0.12.0/go.mod h1:2kN1F5owc/Yh1OwL32GGnYrX9E3vFOIKA/cGJxCNQ30= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -274,8 +269,8 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= -github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs= +github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -288,10 +283,10 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= -github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE= -github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= @@ -309,12 +304,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= @@ -329,8 +324,8 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sosodev/duration v1.2.0 h1:pqK/FLSjsAADWY74SyWDCjOcd5l7H8GSnnOGEB9A1Us= -github.com/sosodev/duration v1.2.0/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg= +github.com/sosodev/duration v1.3.1 h1:qtHBDMQ6lvMQsL15g4aopM4HEfOaYuhWBw3NPTtlqq4= +github.com/sosodev/duration v1.3.1/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -339,8 +334,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= -github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -348,8 +343,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -357,21 +352,21 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk= -github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4= +github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= +github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= -go.etcd.io/etcd/api/v3 v3.5.11 h1:B54KwXbWDHyD3XYAwprxNzTe7vlhR69LuBgZnMVvS7E= -go.etcd.io/etcd/api/v3 v3.5.11/go.mod h1:Ot+o0SWSyT6uHhA56al1oCED0JImsRiU9Dc26+C2a+4= -go.etcd.io/etcd/client/pkg/v3 v3.5.11 h1:bT2xVspdiCj2910T0V+/KHcVKjkUrCZVtk8J2JF2z1A= -go.etcd.io/etcd/client/pkg/v3 v3.5.11/go.mod h1:seTzl2d9APP8R5Y2hFL3NVlD6qC/dOT+3kvrqPyTas4= +go.etcd.io/etcd/api/v3 v3.5.13 h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4= +go.etcd.io/etcd/api/v3 v3.5.13/go.mod h1:gBqlqkcMMZMVTMm4NDZloEVJzxQOQIls8splbqBDa0c= +go.etcd.io/etcd/client/pkg/v3 v3.5.13 h1:RVZSAnWWWiI5IrYAXjQorajncORbS0zI48LQlE2kQWg= +go.etcd.io/etcd/client/pkg/v3 v3.5.13/go.mod h1:XxHT4u1qU12E2+po+UVPrEeL94Um6zL58ppuJWXSAB8= go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4= go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= -go.etcd.io/etcd/client/v3 v3.5.11 h1:ajWtgoNSZJ1gmS8k+icvPtqsqEav+iUorF7b0qozgUU= -go.etcd.io/etcd/client/v3 v3.5.11/go.mod h1:a6xQUEqFJ8vztO1agJh/KQKOMfFI8og52ZconzcDJwE= +go.etcd.io/etcd/client/v3 v3.5.13 h1:o0fHTNJLeO0MyVbc7I3fsCf6nrOqn5d+diSarKnB2js= +go.etcd.io/etcd/client/v3 v3.5.13/go.mod h1:cqiAeY8b5DEEcpxvgWKsbLIWNM/8Wy2xJSDMtioMcoI= go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM= go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA= @@ -380,43 +375,42 @@ go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= -go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= -go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ= -go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= -go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= -go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= -go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= -go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= -go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= -go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 h1:A3SayB3rNyt+1S6qpI9mHPkeHTZbD7XILEqWnYZb2l0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0/go.mod h1:27iA5uvhuRNmalO+iEUdVn5ZMj2qy10Mm+XRIpRmyuU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0/go.mod h1:z46paqbJ9l7c9fIPCXTqTGwhQZ5XoTIsfeFYWboizjs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 h1:Waw9Wfpo/IXzOI8bCB7DIk+0JZcqqsyn1JFnAc+iam8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0/go.mod h1:wnJIG4fOqyynOnnQF/eQb4/16VlX2EJAHhHgqIqWfAo= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= +go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -424,8 +418,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -443,11 +437,11 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -455,8 +449,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -472,24 +466,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -503,36 +497,34 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.165.0 h1:zd5d4JIIIaYYsfVy1HzoXYZ9rWCSBxxAglbczzo7Bgc= -google.golang.org/api v0.165.0/go.mod h1:2OatzO7ZDQsoS7IFf3rvsE17/TldiU3F/zxFHeqUB5o= +google.golang.org/api v0.181.0 h1:rPdjwnWgiPPOJx3IcSAQ2III5aX5tCer6wMpa/xmZi4= +google.golang.org/api v0.181.0/go.mod h1:MnQ+M0CFsfUwA5beZ+g/vCBCPXvtmZwRz2qzZk8ih1k= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe h1:USL2DhxfgRchafRvt/wYyyQNzwgL7ZiURcozOE/Pkvo= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 h1:FSL3lRCkhaPFxqi0s9o+V4UI2WTzAVOvkgbd4kVV4Wg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4= +google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw= +google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -542,10 +534,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -567,30 +557,30 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= -k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= +k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/cmd/startupapicheck/LICENSES b/cmd/startupapicheck/LICENSES index 1b72926dfab..dd5015014fb 100644 --- a/cmd/startupapicheck/LICENSES +++ b/cmd/startupapicheck/LICENSES @@ -2,18 +2,18 @@ github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LIC github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/startupapicheck-binary,https://github.com/cert-manager/cert-manager/blob/HEAD/startupapicheck-binary/LICENSE,Apache-2.0 -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.12.0/LICENSE,MIT github.com/evanphx/json-patch,https://github.com/evanphx/json-patch/blob/v5.9.0/LICENSE,BSD-3-Clause github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause github.com/go-errors/errors,https://github.com/go-errors/errors/blob/v1.5.1/LICENSE.MIT,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.20.2/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.4/LICENSE,Apache-2.0 -github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.23.0/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause @@ -37,51 +37,51 @@ github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c github.com/peterbourgon/diskv,https://github.com/peterbourgon/diskv/blob/v2.0.1/LICENSE,MIT github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.46.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.46.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.12.0/LICENSE,Apache-2.0 +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.0/LICENSE,Apache-2.0 github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause github.com/xlab/treeprint,https://github.com/xlab/treeprint/blob/v1.2.0/LICENSE,MIT -go.starlark.net,https://github.com/google/starlark-go/blob/f86470692795/LICENSE,BSD-3-Clause +go.starlark.net,https://github.com/google/starlark-go/blob/f457c4c2b267/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT +golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause -gopkg.in/evanphx/json-patch.v5,https://github.com/evanphx/json-patch/blob/v5.9.0/LICENSE,BSD-3-Clause +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause +gopkg.in/evanphx/json-patch.v4,https://github.com/evanphx/json-patch/blob/v4.12.0/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/cli-runtime/pkg,https://github.com/kubernetes/cli-runtime/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/client-go/third_party/forked/golang/template,https://github.com/kubernetes/client-go/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/cli-runtime/pkg,https://github.com/kubernetes/cli-runtime/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/client-go/third_party/forked/golang/template,https://github.com/kubernetes/client-go/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.1/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.2/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause -sigs.k8s.io/kustomize/api,https://github.com/kubernetes-sigs/kustomize/blob/api/v0.16.0/api/LICENSE,Apache-2.0 -sigs.k8s.io/kustomize/kyaml,https://github.com/kubernetes-sigs/kustomize/blob/kyaml/v0.16.0/kyaml/LICENSE,Apache-2.0 -sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri-io/starlib/util,https://github.com/kubernetes-sigs/kustomize/blob/kyaml/v0.16.0/kyaml/internal/forked/github.com/qri-io/starlib/util/LICENSE,MIT +sigs.k8s.io/kustomize/api,https://github.com/kubernetes-sigs/kustomize/blob/api/v0.17.1/api/LICENSE,Apache-2.0 +sigs.k8s.io/kustomize/kyaml,https://github.com/kubernetes-sigs/kustomize/blob/kyaml/v0.17.0/kyaml/LICENSE,Apache-2.0 +sigs.k8s.io/kustomize/kyaml/internal/forked/github.com/qri-io/starlib/util,https://github.com/kubernetes-sigs/kustomize/blob/kyaml/v0.17.0/kyaml/internal/forked/github.com/qri-io/starlib/util/LICENSE,MIT sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.4.0/LICENSE,MIT sigs.k8s.io/yaml,https://github.com/kubernetes-sigs/yaml/blob/v1.4.0/LICENSE,Apache-2.0 diff --git a/cmd/startupapicheck/go.mod b/cmd/startupapicheck/go.mod index baa786d4409..4d1626f056f 100644 --- a/cmd/startupapicheck/go.mod +++ b/cmd/startupapicheck/go.mod @@ -6,35 +6,40 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 + +replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + replace github.com/cert-manager/cert-manager => ../../ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 - k8s.io/apimachinery v0.30.0 - k8s.io/cli-runtime v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/component-base v0.30.0 - sigs.k8s.io/controller-runtime v0.18.0 + k8s.io/apimachinery v0.30.1 + k8s.io/cli-runtime v0.30.1 + k8s.io/client-go v0.30.1 + k8s.io/component-base v0.30.1 + sigs.k8s.io/controller-runtime v0.18.2 ) require ( github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.11.2 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-errors/errors v1.5.1 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.9 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -58,39 +63,38 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/peterbourgon/diskv v2.0.1+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/sergi/go-diff v1.3.1 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.starlark.net v0.0.0-20240123142251-f86470692795 // indirect + go.starlark.net v0.0.0-20240510163022-f457c4c2b267 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.33.0 // indirect - gopkg.in/evanphx/json-patch.v5 v5.9.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.30.0 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect + k8s.io/api v0.30.1 // indirect + k8s.io/apiextensions-apiserver v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect - sigs.k8s.io/gateway-api v1.0.0 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect - sigs.k8s.io/kustomize/api v0.16.0 // indirect - sigs.k8s.io/kustomize/kyaml v0.16.0 // indirect + sigs.k8s.io/kustomize/api v0.17.1 // indirect + sigs.k8s.io/kustomize/kyaml v0.17.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/cmd/startupapicheck/go.sum b/cmd/startupapicheck/go.sum index 114cdc6ece8..e25d1c2b86b 100644 --- a/cmd/startupapicheck/go.sum +++ b/cmd/startupapicheck/go.sum @@ -4,8 +4,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= @@ -13,8 +13,8 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= -github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -27,35 +27,33 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v1.1.2 h1:xf4v41cLI2Z6FxbKm+8Bu+m8ifhj15JuZ9sa0jZCMUU= github.com/google/btree v1.1.2/go.mod h1:qOPhT0dTNdNzV6Z/lhRX0YXUafgPLFUh+gZMl761Gm4= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJBhIMxBBdlZJl31YNQC11EiyvA= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= @@ -94,10 +92,10 @@ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 h1:n6/ github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00/go.mod h1:Pm3mSP3c5uWn86xMLZ5Sa7JB9GsEZySvHYXCTK4E9q4= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -107,12 +105,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -123,98 +121,79 @@ github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyh github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= -github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/xlab/treeprint v1.2.0 h1:HzHnuAF1plUN2zGlAFHbSQP2qJ0ZAD3XF5XD7OesXRQ= github.com/xlab/treeprint v1.2.0/go.mod h1:gj5Gd3gPdKtR1ikdDK6fnFLdmIS0X30kTTuNd/WEJu0= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.starlark.net v0.0.0-20240123142251-f86470692795 h1:LmbG8Pq7KDGkglKVn8VpZOZj6vb9b8nKEGcg9l03epM= -go.starlark.net v0.0.0-20240123142251-f86470692795/go.mod h1:LcLNIzVOMp4oV+uusnpk+VU+SzXaJakUuBjoCSWH5dM= +go.starlark.net v0.0.0-20240510163022-f457c4c2b267 h1:nHGP5vKtg2WaXA/AozoZWx/DI9wvwxCeikONJbdKdFo= +go.starlark.net v0.0.0-20240510163022-f457c4c2b267/go.mod h1:YKMCv9b1WrfWmeqdV5MAuEHWsu5iC+fe6kYl2sQjdI8= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= -golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/evanphx/json-patch.v5 v5.9.0 h1:hx1VU2SGj4F8r9b8GUwJLdc8DNO8sy79ZGui0G05GLo= -gopkg.in/evanphx/json-patch.v5 v5.9.0/go.mod h1:/kvTRh1TVm5wuM6OkHxqXtE/1nUZZpihg29RtuIyfvk= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -224,34 +203,34 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/cli-runtime v0.30.0 h1:0vn6/XhOvn1RJ2KJOC6IRR2CGqrpT6QQF4+8pYpWQ48= -k8s.io/cli-runtime v0.30.0/go.mod h1:vATpDMATVTMA79sZ0YUCzlMelf6rUjoBzlp+RnoM+cg= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/cli-runtime v0.30.1 h1:kSBBpfrJGS6lllc24KeniI9JN7ckOOJKnmFYH1RpTOw= +k8s.io/cli-runtime v0.30.1/go.mod h1:zhHgbqI4J00pxb6gM3gJPVf2ysDjhQmQtnTxnMScab8= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= -sigs.k8s.io/kustomize/api v0.16.0 h1:/zAR4FOQDCkgSDmVzV2uiFbuy9bhu3jEzthrHCuvm1g= -sigs.k8s.io/kustomize/api v0.16.0/go.mod h1:MnFZ7IP2YqVyVwMWoRxPtgl/5hpA+eCCrQR/866cm5c= -sigs.k8s.io/kustomize/kyaml v0.16.0 h1:6J33uKSoATlKZH16unr2XOhDI+otoe2sR3M8PDzW3K0= -sigs.k8s.io/kustomize/kyaml v0.16.0/go.mod h1:xOK/7i+vmE14N2FdFyugIshB8eF6ALpy7jI87Q2nRh4= +sigs.k8s.io/kustomize/api v0.17.1 h1:MYJBOP/yQ3/5tp4/sf6HiiMfNNyO97LmtnirH9SLNr4= +sigs.k8s.io/kustomize/api v0.17.1/go.mod h1:ffn5491s2EiNrJSmgqcWGzQUVhc/pB0OKNI0HsT/0tA= +sigs.k8s.io/kustomize/kyaml v0.17.0 h1:G2bWs03V9Ur2PinHLzTUJ8Ded+30SzXZKiO92SRDs3c= +sigs.k8s.io/kustomize/kyaml v0.17.0/go.mod h1:6lxkYF1Cv9Ic8g/N7I86cvxNc5iinUo/P2vKsHNmpyE= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index e6b3965511d..daaf3a4c2a5 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -2,12 +2,12 @@ github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e6932135 github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT -github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.2.1/LICENSE,MIT +github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.3.0/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/webhook-binary,https://github.com/cert-manager/cert-manager/blob/HEAD/webhook-binary/LICENSE,Apache-2.0 -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.12.0/LICENSE,MIT github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause @@ -16,9 +16,9 @@ github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENS github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.20.2/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.4/LICENSE,Apache-2.0 -github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.23.0/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause @@ -28,7 +28,7 @@ github.com/google/gnostic-models,https://github.com/google/gnostic-models/blob/v github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENSE,BSD-3-Clause github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause -github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.19.0/LICENSE,BSD-3-Clause +github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.20.0/LICENSE,BSD-3-Clause github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.16/LICENSE,BSD-3-Clause github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT @@ -38,56 +38,56 @@ github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/ github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.46.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.46.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.12.0/LICENSE,Apache-2.0 +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.0/LICENSE,Apache-2.0 github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.3.0/LICENSE,MIT -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.47.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 -go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.23.0/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.22.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.22.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.23.0/metric/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.22.0/sdk/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.23.0/trace/LICENSE,Apache-2.0 -go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.51.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 +go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.26.0/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.26.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.26.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.26.0/metric/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.26.0/sdk/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.26.0/trace/LICENSE,Apache-2.0 +go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause -golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 -google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/1f4bbc51befe/googleapis/api/LICENSE,Apache-2.0 -google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/31a09d347014/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.61.0/LICENSE,Apache-2.0 -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause +google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 +google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg/apis/apiextensions,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.1/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.29.0/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.30.3/konnectivity-client/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.2/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api/apis/v1,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 6eb110e34ad..b5357b697e8 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -6,6 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 + +replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + // Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 @@ -14,9 +19,9 @@ replace github.com/cert-manager/cert-manager => ../../ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 - k8s.io/apimachinery v0.30.0 - k8s.io/component-base v0.30.0 - sigs.k8s.io/controller-runtime v0.18.0 + k8s.io/apimachinery v0.30.1 + k8s.io/component-base v0.30.1 + sigs.k8s.io/controller-runtime v0.18.2 ) require ( @@ -24,10 +29,10 @@ require ( github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.11.2 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect @@ -36,9 +41,9 @@ require ( github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.9 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -47,7 +52,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -57,49 +62,48 @@ require ( github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect - go.opentelemetry.io/otel v1.23.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.23.0 // indirect - go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/otel/trace v1.23.0 // indirect - go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/sdk v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect + go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.22.0 // indirect - golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sync v0.6.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/crypto v0.23.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 // indirect - google.golang.org/grpc v1.61.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/grpc v1.64.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.30.0 // indirect - k8s.io/apiextensions-apiserver v0.30.0 // indirect - k8s.io/apiserver v0.30.0 // indirect - k8s.io/client-go v0.30.0 // indirect + k8s.io/api v0.30.1 // indirect + k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/apiserver v0.30.1 // indirect + k8s.io/client-go v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - k8s.io/utils v0.0.0-20240102154912-e7106e64919e // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect - sigs.k8s.io/gateway-api v1.0.0 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect + sigs.k8s.io/gateway-api v1.1.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index 8896578a9cf..48fdfa92e6b 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -8,17 +8,17 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= -github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -38,41 +38,39 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJBhIMxBBdlZJl31YNQC11EiyvA= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -111,10 +109,10 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -122,12 +120,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -145,33 +143,33 @@ github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81P github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= -go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= -go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ= -go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= -go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= -go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= -go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= -go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= -go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= -go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0/go.mod h1:z46paqbJ9l7c9fIPCXTqTGwhQZ5XoTIsfeFYWboizjs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 h1:Waw9Wfpo/IXzOI8bCB7DIk+0JZcqqsyn1JFnAc+iam8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0/go.mod h1:wnJIG4fOqyynOnnQF/eQb4/16VlX2EJAHhHgqIqWfAo= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= +go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -179,10 +177,10 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -199,17 +197,17 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -221,24 +219,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -247,28 +245,22 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe h1:USL2DhxfgRchafRvt/wYyyQNzwgL7ZiURcozOE/Pkvo= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 h1:FSL3lRCkhaPFxqi0s9o+V4UI2WTzAVOvkgbd4kVV4Wg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -281,30 +273,30 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= -k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= +k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/go.mod b/go.mod index ecf7ff2328f..8d0c20c369c 100644 --- a/go.mod +++ b/go.mod @@ -6,114 +6,119 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 + +replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + // Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 - github.com/Venafi/vcert/v5 v5.4.0 + github.com/Venafi/vcert/v5 v5.6.4 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 - github.com/aws/aws-sdk-go-v2 v1.25.0 - github.com/aws/aws-sdk-go-v2/config v1.27.0 - github.com/aws/aws-sdk-go-v2/credentials v1.17.0 - github.com/aws/aws-sdk-go-v2/service/route53 v1.39.0 - github.com/aws/aws-sdk-go-v2/service/sts v1.27.0 - github.com/aws/smithy-go v1.20.0 + github.com/aws/aws-sdk-go-v2 v1.27.0 + github.com/aws/aws-sdk-go-v2/config v1.27.15 + github.com/aws/aws-sdk-go-v2/credentials v1.17.15 + github.com/aws/aws-sdk-go-v2/service/route53 v1.40.7 + github.com/aws/aws-sdk-go-v2/service/sts v1.28.9 + github.com/aws/smithy-go v1.20.2 github.com/cpu/goacmedns v0.1.1 - github.com/digitalocean/godo v1.109.0 + github.com/digitalocean/godo v1.116.0 github.com/go-ldap/ldap/v3 v3.4.8 github.com/go-logr/logr v1.4.1 github.com/google/gnostic-models v0.6.8 github.com/google/gofuzz v1.2.0 - github.com/hashicorp/vault/api v1.12.0 - github.com/hashicorp/vault/sdk v0.11.0 + github.com/hashicorp/vault/api v1.13.0 + github.com/hashicorp/vault/sdk v0.12.0 github.com/kr/pretty v0.3.1 - github.com/miekg/dns v1.1.58 + github.com/miekg/dns v1.1.59 github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 github.com/prometheus/client_golang v1.18.0 github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 - github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.22.0 - golang.org/x/oauth2 v0.17.0 - golang.org/x/sync v0.6.0 - google.golang.org/api v0.165.0 - k8s.io/api v0.30.0 - k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/apiserver v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/component-base v0.30.0 + github.com/stretchr/testify v1.9.0 + golang.org/x/crypto v0.23.0 + golang.org/x/oauth2 v0.20.0 + golang.org/x/sync v0.7.0 + google.golang.org/api v0.181.0 + k8s.io/api v0.30.1 + k8s.io/apiextensions-apiserver v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/apiserver v0.30.1 + k8s.io/client-go v0.30.1 + k8s.io/component-base v0.30.1 k8s.io/klog/v2 v2.120.1 - k8s.io/kube-aggregator v0.30.0 - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 - k8s.io/utils v0.0.0-20240102154912-e7106e64919e - sigs.k8s.io/controller-runtime v0.18.0 - sigs.k8s.io/gateway-api v1.0.0 + k8s.io/kube-aggregator v0.30.1 + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 + sigs.k8s.io/controller-runtime v0.18.2 + sigs.k8s.io/gateway-api v1.1.0 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/compute v1.23.3 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + cloud.google.com/go/auth v0.4.2 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect - github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 // indirect - github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 // indirect + github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 // indirect + github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 // indirect + github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 // indirect github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0 // indirect - github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0 // indirect - github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 // indirect - github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect + github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 // indirect + github.com/aws/aws-sdk-go-v2/service/sso v1.20.8 // indirect + github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.11.2 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch v5.9.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect - github.com/fatih/color v1.16.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/frankban/quicktest v1.14.6 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.9 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v5 v5.2.0 // indirect + github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/golang/snappy v0.0.4 // indirect github.com/google/cel-go v0.17.8 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect - github.com/google/pprof v0.0.0-20240125082051-42cd04596328 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.0 // indirect + github.com/googleapis/gax-go/v2 v2.12.4 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hashicorp/go-retryablehttp v0.7.6 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect @@ -127,7 +132,6 @@ require ( github.com/kr/text v0.2.0 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -138,53 +142,52 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_model v0.5.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/sosodev/duration v1.2.0 // indirect + github.com/sosodev/duration v1.3.1 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect - github.com/stretchr/objx v0.5.1 // indirect - github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a // indirect - go.etcd.io/etcd/api/v3 v3.5.11 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect - go.etcd.io/etcd/client/v3 v3.5.11 // indirect + github.com/stretchr/objx v0.5.2 // indirect + github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 // indirect + go.etcd.io/etcd/api/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/v3 v3.5.13 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect - go.opentelemetry.io/otel v1.23.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.23.0 // indirect - go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/otel/trace v1.23.0 // indirect - go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/sdk v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect + go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.18.0 // indirect + golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 // indirect - google.golang.org/grpc v1.61.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/grpc v1.64.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/kms v0.30.0 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect + k8s.io/kms v0.30.1 // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/go.sum b/go.sum index cf5b3bc592d..85982c57585 100644 --- a/go.sum +++ b/go.sum @@ -1,25 +1,27 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2 h1:c4k2FIYIh4xtwqrQwV0Ct1v5+ehlNXj5NI/MWVsiTkQ= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.2/go.mod h1:5FDJtLEO/GxwNgUxbwrY3LP0pEoThTQJtk2oysdXHxM= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 h1:sO0/P7g68FrryJzljemN+6GTssUXdANk6aJ7T1ZxnsQ= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1/go.mod h1:h8hyGFDsU5HMivxiS2iYFZsgDbU9OnnJ163x5UGVKYo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= +cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg= +cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc= +cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= +cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 h1:DzHpqpoJVaCgOUdVHxE8QB52S6NiVdDQvGlny1qvPqA= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= -github.com/Venafi/vcert/v5 v5.4.0 h1:jsbFNoIO8Ffs5mlOIedj0IecaHFvorY/6gKraj/tbcc= -github.com/Venafi/vcert/v5 v5.4.0/go.mod h1:iFLQvf78b/8MEBql3ff/B0ZSP97UnQPquRpMc877YrA= +github.com/Venafi/vcert/v5 v5.6.4 h1:7sAI5MwKa1KAX1HVP/GHeRLVX8QxjcwPgOFmNPRWrKo= +github.com/Venafi/vcert/v5 v5.6.4/go.mod h1:6NgXvi7m0MJzma4vNDmoMt0Pj12pGPKLPr293kcdyEA= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 h1:F1j7z+/DKEsYqZNoxC6wvfmaiDneLsQOFQmuq9NADSY= github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2/go.mod h1:QlXr/TrICfQ/ANa76sLeQyhAJyNR9sEcfNuZBkY9jgY= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= @@ -28,49 +30,47 @@ github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/aws/aws-sdk-go-v2 v1.25.0 h1:sv7+1JVJxOu/dD/sz/csHX7jFqmP001TIY7aytBWDSQ= -github.com/aws/aws-sdk-go-v2 v1.25.0/go.mod h1:G104G1Aho5WqF+SR3mDIobTABQzpYV0WxMsKxlMggOA= -github.com/aws/aws-sdk-go-v2/config v1.27.0 h1:J5sdGCAHuWKIXLeXiqr8II/adSvetkx0qdZwdbXXpb0= -github.com/aws/aws-sdk-go-v2/config v1.27.0/go.mod h1:cfh8v69nuSUohNFMbIISP2fhmblGmYEOKs5V53HiHnk= -github.com/aws/aws-sdk-go-v2/credentials v1.17.0 h1:lMW2x6sKBsiAJrpi1doOXqWFyEPoE886DTb1X0wb7So= -github.com/aws/aws-sdk-go-v2/credentials v1.17.0/go.mod h1:uT41FIH8cCIxOdUYIL0PYyHlL1NoneDuDSCwg5VE/5o= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0 h1:xWCwjjvVz2ojYTP4kBKUuUh9ZrXfcAXpflhOUUeXg1k= -github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.15.0/go.mod h1:j3fACuqXg4oMTQOR2yY7m0NmJY0yBK4L4sLsRXq1Ins= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0 h1:NPs/EqVO+ajwOoq56EfcGKa3L3ruWuazkIw1BqxwOPw= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.0/go.mod h1:D+duLy2ylgatV+yTlQ8JTuLfDD0BnFvnQRc+o6tbZ4M= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0 h1:ks7KGMVUMoDzcxNWUlEdI+/lokMFD136EL6DWmUOV80= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.0/go.mod h1:hL6BWM/d/qz113fVitZjbXR0E+RCTU1+x+1Idyn5NgE= +github.com/aws/aws-sdk-go-v2 v1.27.0 h1:7bZWKoXhzI+mMR/HjdMx8ZCC5+6fY0lS5tr0bbgiLlo= +github.com/aws/aws-sdk-go-v2 v1.27.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM= +github.com/aws/aws-sdk-go-v2/config v1.27.15 h1:uNnGLZ+DutuNEkuPh6fwqK7LpEiPmzb7MIMA1mNWEUc= +github.com/aws/aws-sdk-go-v2/config v1.27.15/go.mod h1:7j7Kxx9/7kTmL7z4LlhwQe63MYEE5vkVV6nWg4ZAI8M= +github.com/aws/aws-sdk-go-v2/credentials v1.17.15 h1:YDexlvDRCA8ems2T5IP1xkMtOZ1uLJOCJdTr0igs5zo= +github.com/aws/aws-sdk-go-v2/credentials v1.17.15/go.mod h1:vxHggqW6hFNaeNC0WyXS3VdyjcV0a4KMUY4dKJ96buU= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3 h1:dQLK4TjtnlRGb0czOht2CevZ5l6RSyRWAnKeGd7VAFE= +github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.3/go.mod h1:TL79f2P6+8Q7dTsILpiVST+AL9lkF6PPGI167Ny0Cjw= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7 h1:lf/8VTF2cM+N4SLzaYJERKEWAXq8MOMpZfU6wEPWsPk= +github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.7/go.mod h1:4SjkU7QiqK2M9oozyMzfZ/23LmUY+h3oFqhdeP5OMiI= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7 h1:4OYVp0705xu8yjdyoWix0r9wPIRXnIzzOoUpQVHIJ/g= +github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.7/go.mod h1:vd7ESTEvI76T2Na050gODNmNU7+OyKrIKroYTu4ABiI= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU= github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0 h1:a33HuFlO0KsveiP90IUJh8Xr/cx9US2PqkSroaLc+o8= -github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.0/go.mod h1:SxIkWpByiGbhbHYTo9CMTUnx2G4p4ZQMrDPcRRy//1c= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0 h1:SHN/umDLTmFTmYfI+gkanz6da3vK8Kvj/5wkqnTHbuA= -github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.0/go.mod h1:l8gPU5RYGOFHJqWEpPMoRTP0VoaWQSkJdKo+hwWnnDA= -github.com/aws/aws-sdk-go-v2/service/route53 v1.39.0 h1:EuBvW+sNIX5Xhl4J4vmDAIFtVXEHr7sRfieG+Lzp5nw= -github.com/aws/aws-sdk-go-v2/service/route53 v1.39.0/go.mod h1:7yv8DO9ZBVoBYAO7yqq1yHrJS7RLNuUp/ok1fdfKLuY= -github.com/aws/aws-sdk-go-v2/service/sso v1.19.0 h1:u6OkVDxtBPnxPkZ9/63ynEe+8kHbtS5IfaC4PzVxzWM= -github.com/aws/aws-sdk-go-v2/service/sso v1.19.0/go.mod h1:YqbU3RS/pkDVu+v+Nwxvn0i1WB0HkNWEePWbmODEbbs= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0 h1:6DL0qu5+315wbsAEEmzK+P9leRwNbkp+lGjPC+CEvb8= -github.com/aws/aws-sdk-go-v2/service/ssooidc v1.22.0/go.mod h1:olUAyg+FaoFaL/zFaeQQONjOZ9HXoxgvI/c7mQTYz7M= -github.com/aws/aws-sdk-go-v2/service/sts v1.27.0 h1:cjTRjh700H36MQ8M0LnDn33W3JmwC77mdxIIyPWCdpM= -github.com/aws/aws-sdk-go-v2/service/sts v1.27.0/go.mod h1:nXfOBMWPokIbOY+Gi7a1psWMSvskUCemZzI+SMB7Akc= -github.com/aws/smithy-go v1.20.0 h1:6+kZsCXZwKxZS9RfISnPc4EXlHoyAkm2hPuM8X2BrrQ= -github.com/aws/smithy-go v1.20.0/go.mod h1:uo5RKksAl4PzhqaAbjd4rLgFoq5koTsQKYuGe7dklGc= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs= +github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9 h1:Wx0rlZoEJR7JwlSZcHnEa7CNjrSIyVxMFWGAaXy4fJY= +github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.9/go.mod h1:aVMHdE0aHO3v+f/iw01fmXV/5DbfQ3Bi9nN7nd9bE9Y= +github.com/aws/aws-sdk-go-v2/service/route53 v1.40.7 h1:dP8gy5fBzlwU5f4QFJtFFYfSHeuom1vuC8e2LJaEgS8= +github.com/aws/aws-sdk-go-v2/service/route53 v1.40.7/go.mod h1:CxB0DFnZHDkZZWurSFWDdgkKmjaAFtRIk85hoUy4XhI= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.8 h1:Kv1hwNG6jHC/sxMTe5saMjH6t6ZLkgfvVxyEjfWL1ks= +github.com/aws/aws-sdk-go-v2/service/sso v1.20.8/go.mod h1:c1qtZUWtygI6ZdvKppzCSXsDOq5I4luJPZ0Ud3juFCA= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2 h1:nWBZ1xHCF+A7vv9sDzJOq4NWIdzFYm0kH7Pr4OjHYsQ= +github.com/aws/aws-sdk-go-v2/service/ssooidc v1.24.2/go.mod h1:9lmoVDVLz/yUZwLaQ676TK02fhCu4+PgRSmMaKR1ozk= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.9 h1:Qp6Boy0cGDloOE3zI6XhNLNZgjNS8YmiFQFHe71SaW0= +github.com/aws/aws-sdk-go-v2/service/sts v1.28.9/go.mod h1:0Aqn1MnEuitqfsCNyKsdKLhDUOr4txD/g19EfiUqgws= +github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q= +github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/coreos/go-semver v0.3.1 h1:yi21YpKnrx1gt5R+la8n5WgS0kCrsPp33dmEyHReZr4= github.com/coreos/go-semver v0.3.1/go.mod h1:irMmmIw/7yzSRPWryHsK7EYSg09caPQL03VsM8rvUec= github.com/coreos/go-systemd/v22 v22.5.0 h1:RrqgGjYQKalulkV8NGVIfkXQf6YYmOyiJKk8iXXhfZs= @@ -83,20 +83,16 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/digitalocean/godo v1.109.0 h1:4W97RJLJSUQ3veRZDNbp1Ol3Rbn6Lmt9bKGvfqYI5SU= -github.com/digitalocean/godo v1.109.0/go.mod h1:R6EmmWI8CT1+fCtjWY9UCB+L5uufuZH13wk3YhxycCs= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= -github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= +github.com/digitalocean/godo v1.116.0 h1:SuF/Imd1/dE/nYrUFVkJ2itesQNnJQE1a/vmtHknxeE= +github.com/digitalocean/godo v1.116.0/go.mod h1:Vk0vpCot2HOAJwc5WE8wljZGtJ3ZtWIc8MQ8rF38sdo= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= -github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -113,8 +109,10 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a h1:v6zMvHuY9yue4+QkG/HQ/W67wvtQmWJ4SDo9aK/GIno= +github.com/go-http-utils/headers v0.0.0-20181008091004-fed159eddc2a/go.mod h1:I79BieaU4fxrw4LMXby6q5OS9XnoR9UIKLOzDFjUmuw= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -124,14 +122,15 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg= github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= @@ -139,8 +138,8 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang-jwt/jwt/v5 v5.2.0 h1:d/ix8ftRUorsN+5eMIlF4T6J8CAt9rch3My2winC1Jw= -github.com/golang-jwt/jwt/v5 v5.2.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= +github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= @@ -155,8 +154,6 @@ github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:W github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= @@ -174,7 +171,6 @@ github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -184,8 +180,8 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJBhIMxBBdlZJl31YNQC11EiyvA= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -194,21 +190,21 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= -github.com/googleapis/gax-go/v2 v2.12.0 h1:A+gCJKdRfqXkr+BIRGtZLibNXf0m1f9E4HG56etFpas= -github.com/googleapis/gax-go/v2 v2.12.0/go.mod h1:y+aIqrI5eb1YGMVJfuV3185Ts/D7qKpsEkdD5+I6QGU= +github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= +github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -216,13 +212,12 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= -github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= -github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= +github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= @@ -236,10 +231,10 @@ github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/C github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.12.0 h1:meCpJSesvzQyao8FCOgk2fGdoADAnbDu2WPJN1lDLJ4= -github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= -github.com/hashicorp/vault/sdk v0.11.0 h1:KP/tBUywaVcvOebAfMPNCCiXKeCNEbm3JauYmrZd7RI= -github.com/hashicorp/vault/sdk v0.11.0/go.mod h1:cG0OZ7Ebq09Xn2N7OWtHbVqq6LpYP6fkyWo0PIvkLsA= +github.com/hashicorp/vault/api v1.13.0 h1:RTCGpE2Rgkn9jyPcFlc7YmNocomda44k5ck8FKMH41Y= +github.com/hashicorp/vault/api v1.13.0/go.mod h1:0cb/uZUv1w2cVu9DIvuW1SMlXXC6qtATJt+LXJRx+kg= +github.com/hashicorp/vault/sdk v0.12.0 h1:c2WeMWtF08zKQmrJya7paM4IVnsXIXF5UlhQTBdwZwQ= +github.com/hashicorp/vault/sdk v0.12.0/go.mod h1:2kN1F5owc/Yh1OwL32GGnYrX9E3vFOIKA/cGJxCNQ30= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -282,8 +277,8 @@ github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxec github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= -github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs= +github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= @@ -296,10 +291,10 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjY github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc= github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= @@ -317,12 +312,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= @@ -337,8 +332,8 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1 github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= -github.com/sosodev/duration v1.2.0 h1:pqK/FLSjsAADWY74SyWDCjOcd5l7H8GSnnOGEB9A1Us= -github.com/sosodev/duration v1.2.0/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg= +github.com/sosodev/duration v1.3.1 h1:qtHBDMQ6lvMQsL15g4aopM4HEfOaYuhWBw3NPTtlqq4= +github.com/sosodev/duration v1.3.1/go.mod h1:RQIBBX0+fMLc/D9+Jb/fwvVmo0eZvDDEERAikUR6SDg= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -349,8 +344,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= -github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -358,9 +353,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1:KO6IkyS8Y3j8OdNO85qEYBsRPuteD+YciPomcXdrMnk= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= @@ -368,21 +362,21 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1: github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= -github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk= -github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4= +github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= +github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= -go.etcd.io/etcd/api/v3 v3.5.11 h1:B54KwXbWDHyD3XYAwprxNzTe7vlhR69LuBgZnMVvS7E= -go.etcd.io/etcd/api/v3 v3.5.11/go.mod h1:Ot+o0SWSyT6uHhA56al1oCED0JImsRiU9Dc26+C2a+4= -go.etcd.io/etcd/client/pkg/v3 v3.5.11 h1:bT2xVspdiCj2910T0V+/KHcVKjkUrCZVtk8J2JF2z1A= -go.etcd.io/etcd/client/pkg/v3 v3.5.11/go.mod h1:seTzl2d9APP8R5Y2hFL3NVlD6qC/dOT+3kvrqPyTas4= +go.etcd.io/etcd/api/v3 v3.5.13 h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4= +go.etcd.io/etcd/api/v3 v3.5.13/go.mod h1:gBqlqkcMMZMVTMm4NDZloEVJzxQOQIls8splbqBDa0c= +go.etcd.io/etcd/client/pkg/v3 v3.5.13 h1:RVZSAnWWWiI5IrYAXjQorajncORbS0zI48LQlE2kQWg= +go.etcd.io/etcd/client/pkg/v3 v3.5.13/go.mod h1:XxHT4u1qU12E2+po+UVPrEeL94Um6zL58ppuJWXSAB8= go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4= go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= -go.etcd.io/etcd/client/v3 v3.5.11 h1:ajWtgoNSZJ1gmS8k+icvPtqsqEav+iUorF7b0qozgUU= -go.etcd.io/etcd/client/v3 v3.5.11/go.mod h1:a6xQUEqFJ8vztO1agJh/KQKOMfFI8og52ZconzcDJwE= +go.etcd.io/etcd/client/v3 v3.5.13 h1:o0fHTNJLeO0MyVbc7I3fsCf6nrOqn5d+diSarKnB2js= +go.etcd.io/etcd/client/v3 v3.5.13/go.mod h1:cqiAeY8b5DEEcpxvgWKsbLIWNM/8Wy2xJSDMtioMcoI= go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM= go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA= @@ -391,43 +385,42 @@ go.etcd.io/etcd/server/v3 v3.5.10 h1:4NOGyOwD5sUZ22PiWYKmfxqoeh72z6EhYjNosKGLmZg go.etcd.io/etcd/server/v3 v3.5.10/go.mod h1:gBplPHfs6YI0L+RpGkTQO7buDbHv5HJGG/Bst0/zIPo= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= -go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= -go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ= -go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= -go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= -go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= -go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= -go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= -go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= -go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 h1:A3SayB3rNyt+1S6qpI9mHPkeHTZbD7XILEqWnYZb2l0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0/go.mod h1:27iA5uvhuRNmalO+iEUdVn5ZMj2qy10Mm+XRIpRmyuU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0/go.mod h1:z46paqbJ9l7c9fIPCXTqTGwhQZ5XoTIsfeFYWboizjs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 h1:Waw9Wfpo/IXzOI8bCB7DIk+0JZcqqsyn1JFnAc+iam8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0/go.mod h1:wnJIG4fOqyynOnnQF/eQb4/16VlX2EJAHhHgqIqWfAo= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= +go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= @@ -435,8 +428,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -454,11 +447,11 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -466,8 +459,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -480,28 +473,27 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -515,36 +507,34 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/api v0.165.0 h1:zd5d4JIIIaYYsfVy1HzoXYZ9rWCSBxxAglbczzo7Bgc= -google.golang.org/api v0.165.0/go.mod h1:2OatzO7ZDQsoS7IFf3rvsE17/TldiU3F/zxFHeqUB5o= +google.golang.org/api v0.181.0 h1:rPdjwnWgiPPOJx3IcSAQ2III5aX5tCer6wMpa/xmZi4= +google.golang.org/api v0.181.0/go.mod h1:MnQ+M0CFsfUwA5beZ+g/vCBCPXvtmZwRz2qzZk8ih1k= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe h1:USL2DhxfgRchafRvt/wYyyQNzwgL7ZiURcozOE/Pkvo= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 h1:FSL3lRCkhaPFxqi0s9o+V4UI2WTzAVOvkgbd4kVV4Wg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4= +google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw= +google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -554,10 +544,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -579,34 +567,34 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= -k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= +k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kms v0.30.0 h1:ZlnD/ei5lpvUlPw6eLfVvH7d8i9qZ6HwUQgydNVks8g= -k8s.io/kms v0.30.0/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= -k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= -k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +k8s.io/kms v0.30.1 h1:gEIbEeCbFiaN2tNfp/EUhFdGr5/CSj8Eyq6Mkr7cCiY= +k8s.io/kms v0.30.1/go.mod h1:GrMurD0qk3G4yNgGcsCEmepqf9KyyIrTXYR2lyUOJC4= +k8s.io/kube-aggregator v0.30.1 h1:ymR2BsxDacTKwzKTuNhGZttuk009c+oZbSeD+IPX5q4= +k8s.io/kube-aggregator v0.30.1/go.mod h1:SFbqWsM6ea8dHd3mPLsZFzJHbjBOS5ykIgJh4znZ5iQ= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index 23a5c3b27a8..838b42075ac 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -3,18 +3,18 @@ github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LIC github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/e2e-tests,https://github.com/cert-manager/cert-manager/blob/HEAD/e2e-tests/LICENSE,Apache-2.0 -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT github.com/cloudflare/cloudflare-go,https://github.com/cloudflare/cloudflare-go/blob/v0.88.0/LICENSE,BSD-3-Clause github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.12.0/LICENSE,MIT github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/go-asn1-ber/asn1-ber,https://github.com/go-asn1-ber/asn1-ber/blob/v1.5.6/LICENSE,MIT github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENSE,MIT github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.20.2/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.4/LICENSE,Apache-2.0 -github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.23.0/LICENSE,Apache-2.0 github.com/goccy/go-json,https://github.com/goccy/go-json/blob/v0.10.2/LICENSE,MIT github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause @@ -23,9 +23,9 @@ github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENS github.com/google/go-querystring/query,https://github.com/google/go-querystring/blob/v1.1.0/LICENSE,BSD-3-Clause github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause -github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.0/LICENSE,BSD-2-Clause +github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.1/LICENSE,BSD-3-Clause github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.5/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 github.com/hashicorp/vault-client-go,https://github.com/hashicorp/vault-client-go/blob/v0.4.3/LICENSE,MPL-2.0 @@ -40,46 +40,46 @@ github.com/modern-go/concurrent,https://github.com/modern-go/concurrent/blob/bac github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/LICENSE,Apache-2.0 github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause github.com/mxk/go-flowrate/flowrate,https://github.com/mxk/go-flowrate/blob/cca7078d478f/LICENSE,BSD-3-Clause -github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.17.1/LICENSE,MIT -github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.32.0/LICENSE,MIT +github.com/onsi/ginkgo/v2,https://github.com/onsi/ginkgo/blob/v2.17.2/LICENSE,MIT +github.com/onsi/gomega,https://github.com/onsi/gomega/blob/v1.33.1/LICENSE,MIT github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.46.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.46.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.12.0/LICENSE,Apache-2.0 +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.0/LICENSE,Apache-2.0 github.com/rogpeppe/go-internal/fmtsort,https://github.com/rogpeppe/go-internal/blob/v1.12.0/LICENSE,BSD-3-Clause github.com/ryanuber/go-glob,https://github.com/ryanuber/go-glob/blob/v1.0.0/LICENSE,MIT github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.1/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/controller-runtime/pkg,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang/net,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/controller-runtime/pkg,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.2/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 diff --git a/test/e2e/go.mod b/test/e2e/go.mod index d7c881375c6..1c8b4c65939 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -6,6 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 + +replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + // Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 @@ -16,18 +21,18 @@ require ( github.com/cloudflare/cloudflare-go v0.88.0 github.com/hashicorp/vault-client-go v0.4.3 github.com/kr/pretty v0.3.1 - github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.32.0 + github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/gomega v1.33.1 github.com/spf13/pflag v1.0.5 - k8s.io/api v0.30.0 - k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/component-base v0.30.0 - k8s.io/kube-aggregator v0.30.0 - k8s.io/utils v0.0.0-20240102154912-e7106e64919e - sigs.k8s.io/controller-runtime v0.18.0 - sigs.k8s.io/gateway-api v1.0.0 + k8s.io/api v0.30.1 + k8s.io/apiextensions-apiserver v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/client-go v0.30.1 + k8s.io/component-base v0.30.1 + k8s.io/kube-aggregator v0.30.1 + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 + sigs.k8s.io/controller-runtime v0.18.2 + sigs.k8s.io/gateway-api v1.1.0 sigs.k8s.io/structured-merge-diff/v4 v4.4.1 ) @@ -35,19 +40,19 @@ require ( github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.11.2 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-asn1-ber/asn1-ber v1.5.6 // indirect github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.9 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/goccy/go-json v0.10.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -56,12 +61,11 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240125082051-42cd04596328 // indirect + github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/gorilla/websocket v1.5.0 // indirect + github.com/gorilla/websocket v1.5.1 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-hclog v1.5.0 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hashicorp/go-retryablehttp v0.7.6 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/imdario/mergo v0.3.16 // indirect @@ -77,32 +81,31 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/spf13/cobra v1.8.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/crypto v0.22.0 // indirect - golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/crypto v0.23.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.18.0 // indirect + golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/yaml v1.4.0 // indirect ) diff --git a/test/e2e/go.sum b/test/e2e/go.sum index c55b6e95cba..718b48b8115 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -8,8 +8,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= -github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cloudflare/cloudflare-go v0.88.0 h1:9CEnvaDMs8ydEBUSPChXmHDe2uJJKZoPpBO2QEr41gY= github.com/cloudflare/cloudflare-go v0.88.0/go.mod h1:eyuehb1i6BNRc+ZwaTZAiRHeE+4jbKvHAns19oGeakg= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= @@ -18,13 +18,12 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= -github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= @@ -37,28 +36,25 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= -github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -67,22 +63,21 @@ github.com/google/go-querystring v1.1.0/go.mod h1:Kcdr2DB4koayq7X8pmAG4sNG59So17 github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJBhIMxBBdlZJl31YNQC11EiyvA= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= -github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= -github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= +github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= @@ -120,12 +115,8 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= -github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= @@ -141,10 +132,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -153,12 +144,12 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= -github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= @@ -172,16 +163,13 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= -github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -189,8 +177,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -198,10 +186,10 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -218,10 +206,10 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -229,38 +217,33 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -269,20 +252,16 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= -google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= -google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -295,28 +274,28 @@ gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= -k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +k8s.io/kube-aggregator v0.30.1 h1:ymR2BsxDacTKwzKTuNhGZttuk009c+oZbSeD+IPX5q4= +k8s.io/kube-aggregator v0.30.1/go.mod h1:SFbqWsM6ea8dHd3mPLsZFzJHbjBOS5ykIgJh4znZ5iQ= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/test/integration/LICENSES b/test/integration/LICENSES index e20ba258234..8b9f343dbed 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -2,14 +2,14 @@ github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e6932135 github.com/antlr/antlr4/runtime/Go/antlr/v4,https://github.com/antlr/antlr4/blob/8188dc5388df/runtime/Go/antlr/v4/LICENSE,BSD-3-Clause github.com/beorn7/perks/quantile,https://github.com/beorn7/perks/blob/v1.0.1/LICENSE,MIT github.com/blang/semver/v4,https://github.com/blang/semver/blob/v4.0.0/v4/LICENSE,MIT -github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.2.1/LICENSE,MIT +github.com/cenkalti/backoff/v4,https://github.com/cenkalti/backoff/blob/v4.3.0/LICENSE,MIT github.com/cert-manager/cert-manager,https://github.com/cert-manager/cert-manager/blob/HEAD/LICENSE,Apache-2.0 github.com/cert-manager/cert-manager/integration-tests/framework,https://github.com/cert-manager/cert-manager/blob/HEAD/integration-tests/LICENSE,Apache-2.0 -github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.2.0/LICENSE.txt,MIT +github.com/cespare/xxhash/v2,https://github.com/cespare/xxhash/blob/v2.3.0/LICENSE.txt,MIT github.com/coreos/go-semver/semver,https://github.com/coreos/go-semver/blob/v0.3.1/LICENSE,Apache-2.0 github.com/coreos/go-systemd/v22/journal,https://github.com/coreos/go-systemd/blob/v22.5.0/LICENSE,Apache-2.0 github.com/davecgh/go-spew/spew,https://github.com/davecgh/go-spew/blob/d8f796af33cc/LICENSE,ISC -github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.11.2/LICENSE,MIT +github.com/emicklei/go-restful/v3,https://github.com/emicklei/go-restful/blob/v3.12.0/LICENSE,MIT github.com/evanphx/json-patch/v5,https://github.com/evanphx/json-patch/blob/v5.9.0/v5/LICENSE,BSD-3-Clause github.com/felixge/httpsnoop,https://github.com/felixge/httpsnoop/blob/v1.0.4/LICENSE.txt,MIT github.com/fsnotify/fsnotify,https://github.com/fsnotify/fsnotify/blob/v1.7.0/LICENSE,BSD-3-Clause @@ -18,9 +18,9 @@ github.com/go-ldap/ldap/v3,https://github.com/go-ldap/ldap/blob/v3.4.8/v3/LICENS github.com/go-logr/logr,https://github.com/go-logr/logr/blob/v1.4.1/LICENSE,Apache-2.0 github.com/go-logr/stdr,https://github.com/go-logr/stdr/blob/v1.2.2/LICENSE,Apache-2.0 github.com/go-logr/zapr,https://github.com/go-logr/zapr/blob/v1.3.0/LICENSE,Apache-2.0 -github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.20.2/LICENSE,Apache-2.0 -github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.20.4/LICENSE,Apache-2.0 -github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.22.9/LICENSE,Apache-2.0 +github.com/go-openapi/jsonpointer,https://github.com/go-openapi/jsonpointer/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/jsonreference,https://github.com/go-openapi/jsonreference/blob/v0.21.0/LICENSE,Apache-2.0 +github.com/go-openapi/swag,https://github.com/go-openapi/swag/blob/v0.23.0/LICENSE,Apache-2.0 github.com/gogo/protobuf,https://github.com/gogo/protobuf/blob/v1.3.2/LICENSE,BSD-3-Clause github.com/golang/groupcache/lru,https://github.com/golang/groupcache/blob/41bb18bfe9da/LICENSE,Apache-2.0 github.com/golang/protobuf,https://github.com/golang/protobuf/blob/v1.5.4/LICENSE,BSD-3-Clause @@ -31,7 +31,7 @@ github.com/google/go-cmp/cmp,https://github.com/google/go-cmp/blob/v0.6.0/LICENS github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Apache-2.0 github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause github.com/grpc-ecosystem/go-grpc-prometheus,https://github.com/grpc-ecosystem/go-grpc-prometheus/blob/v1.2.0/LICENSE,Apache-2.0 -github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.19.0/LICENSE,BSD-3-Clause +github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc-gateway/blob/v2.20.0/LICENSE,BSD-3-Clause github.com/imdario/mergo,https://github.com/imdario/mergo/blob/v0.3.16/LICENSE,BSD-3-Clause github.com/josharian/intern,https://github.com/josharian/intern/blob/v1.0.0/license.md,MIT github.com/json-iterator/go,https://github.com/json-iterator/go/blob/v1.1.12/LICENSE,MIT @@ -41,62 +41,62 @@ github.com/modern-go/reflect2,https://github.com/modern-go/reflect2/blob/v1.0.2/ github.com/munnerz/goautoneg,https://github.com/munnerz/goautoneg/blob/a7dc8b61c822/LICENSE,BSD-3-Clause github.com/pkg/errors,https://github.com/pkg/errors/blob/v0.9.1/LICENSE,BSD-2-Clause github.com/prometheus/client_golang/prometheus,https://github.com/prometheus/client_golang/blob/v1.18.0/LICENSE,Apache-2.0 -github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.5.0/LICENSE,Apache-2.0 +github.com/prometheus/client_model/go,https://github.com/prometheus/client_model/blob/v0.6.1/LICENSE,Apache-2.0 github.com/prometheus/common,https://github.com/prometheus/common/blob/v0.46.0/LICENSE,Apache-2.0 github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg,https://github.com/prometheus/common/blob/v0.46.0/internal/bitbucket.org/ww/goautoneg/README.txt,BSD-3-Clause -github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.12.0/LICENSE,Apache-2.0 +github.com/prometheus/procfs,https://github.com/prometheus/procfs/blob/v0.15.0/LICENSE,Apache-2.0 github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Apache-2.0 github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause github.com/stoewer/go-strcase,https://github.com/stoewer/go-strcase/blob/v1.3.0/LICENSE,MIT -go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.11/api/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.11/client/pkg/LICENSE,Apache-2.0 -go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.11/client/v3/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.47.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.47.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 -go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.23.0/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.22.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.22.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.23.0/metric/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.22.0/sdk/LICENSE,Apache-2.0 -go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.23.0/trace/LICENSE,Apache-2.0 -go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.1.0/otlp/LICENSE,Apache-2.0 +go.etcd.io/etcd/api/v3,https://github.com/etcd-io/etcd/blob/api/v3.5.13/api/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/pkg/v3,https://github.com/etcd-io/etcd/blob/client/pkg/v3.5.13/client/pkg/LICENSE,Apache-2.0 +go.etcd.io/etcd/client/v3,https://github.com/etcd-io/etcd/blob/client/v3.5.13/client/v3/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.51.0/instrumentation/google.golang.org/grpc/otelgrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp,https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/net/http/otelhttp/v0.51.0/instrumentation/net/http/otelhttp/LICENSE,Apache-2.0 +go.opentelemetry.io/otel,https://github.com/open-telemetry/opentelemetry-go/blob/v1.26.0/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/v1.26.0/exporters/otlp/otlptrace/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc,https://github.com/open-telemetry/opentelemetry-go/blob/exporters/otlp/otlptrace/otlptracegrpc/v1.26.0/exporters/otlp/otlptrace/otlptracegrpc/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/metric,https://github.com/open-telemetry/opentelemetry-go/blob/metric/v1.26.0/metric/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/sdk,https://github.com/open-telemetry/opentelemetry-go/blob/sdk/v1.26.0/sdk/LICENSE,Apache-2.0 +go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-go/blob/trace/v1.26.0/trace/LICENSE,Apache-2.0 +go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT -go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.26.0/LICENSE.txt,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.22.0:LICENSE,BSD-3-Clause -golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/1b970713:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.24.0:LICENSE,BSD-3-Clause -golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.17.0:LICENSE,BSD-3-Clause -golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.6.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.19.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.14.0:LICENSE,BSD-3-Clause +go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 -google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/1f4bbc51befe/googleapis/api/LICENSE,Apache-2.0 -google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/31a09d347014/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.61.0/LICENSE,Apache-2.0 -google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.33.0/LICENSE,BSD-3-Clause +google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 +google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 gopkg.in/yaml.v3,https://github.com/go-yaml/yaml/blob/v3.0.1/LICENSE,MIT -k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.0/third_party/forked/golang/LICENSE,BSD-3-Clause -k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.0/LICENSE,Apache-2.0 +k8s.io/api,https://github.com/kubernetes/api/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apiextensions-apiserver/pkg,https://github.com/kubernetes/apiextensions-apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/pkg,https://github.com/kubernetes/apimachinery/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/apimachinery/third_party/forked/golang,https://github.com/kubernetes/apimachinery/blob/v0.30.1/third_party/forked/golang/LICENSE,BSD-3-Clause +k8s.io/apiserver,https://github.com/kubernetes/apiserver/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/client-go,https://github.com/kubernetes/client-go/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/component-base,https://github.com/kubernetes/component-base/blob/v0.30.1/LICENSE,Apache-2.0 k8s.io/klog/v2,https://github.com/kubernetes/klog/blob/v2.120.1/LICENSE,Apache-2.0 -k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/LICENSE,Apache-2.0 -k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause -k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/70dd3763d340/pkg/validation/spec/LICENSE,Apache-2.0 +k8s.io/kube-aggregator/pkg/apis/apiregistration,https://github.com/kubernetes/kube-aggregator/blob/v0.30.1/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/LICENSE,Apache-2.0 +k8s.io/kube-openapi/pkg/internal/third_party/go-json-experiment/json,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/internal/third_party/go-json-experiment/json/LICENSE,BSD-3-Clause +k8s.io/kube-openapi/pkg/validation/spec,https://github.com/kubernetes/kube-openapi/blob/f0e62f92d13f/pkg/validation/spec/LICENSE,Apache-2.0 k8s.io/kubectl/pkg/util/openapi,https://github.com/kubernetes/kubectl/blob/v0.30.0/LICENSE,Apache-2.0 -k8s.io/utils,https://github.com/kubernetes/utils/blob/e7106e64919e/LICENSE,Apache-2.0 -k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/e7106e64919e/internal/third_party/forked/golang/LICENSE,BSD-3-Clause -sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.29.0/konnectivity-client/LICENSE,Apache-2.0 -sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.0/LICENSE,Apache-2.0 -sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.0.0/LICENSE,Apache-2.0 +k8s.io/utils,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/LICENSE,Apache-2.0 +k8s.io/utils/internal/third_party/forked/golang,https://github.com/kubernetes/utils/blob/fe8a2dddb1d0/internal/third_party/forked/golang/LICENSE,BSD-3-Clause +sigs.k8s.io/apiserver-network-proxy/konnectivity-client,https://github.com/kubernetes-sigs/apiserver-network-proxy/blob/konnectivity-client/v0.30.3/konnectivity-client/LICENSE,Apache-2.0 +sigs.k8s.io/controller-runtime,https://github.com/kubernetes-sigs/controller-runtime/blob/v0.18.2/LICENSE,Apache-2.0 +sigs.k8s.io/gateway-api,https://github.com/kubernetes-sigs/gateway-api/blob/v1.1.0/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,Apache-2.0 sigs.k8s.io/json,https://github.com/kubernetes-sigs/json/blob/bc3834ca7abd/LICENSE,BSD-3-Clause sigs.k8s.io/structured-merge-diff/v4,https://github.com/kubernetes-sigs/structured-merge-diff/blob/v4.4.1/LICENSE,Apache-2.0 diff --git a/test/integration/go.mod b/test/integration/go.mod index d1a9fcadd75..720508a7d7a 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -6,6 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed +// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 + +replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 + // Can be removed once github.com/go-ldap/ldap/v3 releases a version that requires this version. replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 @@ -16,21 +21,21 @@ replace github.com/cert-manager/cert-manager/webhook-binary => ../../cmd/webhook require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/go-logr/logr v1.4.1 - github.com/miekg/dns v1.1.58 + github.com/miekg/dns v1.1.59 github.com/munnerz/crd-schema-fuzz v1.0.0 github.com/segmentio/encoding v0.4.0 - github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.22.0 - golang.org/x/sync v0.6.0 - k8s.io/api v0.30.0 - k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/client-go v0.30.0 - k8s.io/kube-aggregator v0.30.0 + github.com/stretchr/testify v1.9.0 + golang.org/x/crypto v0.23.0 + golang.org/x/sync v0.7.0 + k8s.io/api v0.30.1 + k8s.io/apiextensions-apiserver v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/client-go v0.30.1 + k8s.io/kube-aggregator v0.30.1 k8s.io/kubectl v0.30.0 - k8s.io/utils v0.0.0-20240102154912-e7106e64919e - sigs.k8s.io/controller-runtime v0.18.0 - sigs.k8s.io/gateway-api v1.0.0 + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 + sigs.k8s.io/controller-runtime v0.18.2 + sigs.k8s.io/gateway-api v1.1.0 ) require ( @@ -38,12 +43,12 @@ require ( github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver/v4 v4.0.0 // indirect - github.com/cenkalti/backoff/v4 v4.2.1 // indirect - github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/coreos/go-semver v0.3.1 // indirect github.com/coreos/go-systemd/v22 v22.5.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.11.2 // indirect + github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect @@ -51,9 +56,9 @@ require ( github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.20.2 // indirect - github.com/go-openapi/jsonreference v0.20.4 // indirect - github.com/go-openapi/swag v0.22.9 // indirect + github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonreference v0.21.0 // indirect + github.com/go-openapi/swag v0.23.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect @@ -63,7 +68,7 @@ require ( github.com/google/gofuzz v1.2.0 // indirect github.com/google/uuid v1.6.0 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 // indirect + github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -75,52 +80,50 @@ require ( github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.46.0 // indirect - github.com/prometheus/procfs v0.12.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.1 // indirect + github.com/prometheus/common v0.48.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/segmentio/asm v1.1.3 // indirect github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/stoewer/go-strcase v1.3.0 // indirect - go.etcd.io/etcd/api/v3 v3.5.11 // indirect - go.etcd.io/etcd/client/pkg/v3 v3.5.11 // indirect - go.etcd.io/etcd/client/v3 v3.5.11 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect - go.opentelemetry.io/otel v1.23.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect - go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect - go.opentelemetry.io/otel/metric v1.23.0 // indirect - go.opentelemetry.io/otel/sdk v1.22.0 // indirect - go.opentelemetry.io/otel/trace v1.23.0 // indirect - go.opentelemetry.io/proto/otlp v1.1.0 // indirect + go.etcd.io/etcd/api/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/pkg/v3 v3.5.13 // indirect + go.etcd.io/etcd/client/v3 v3.5.13 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 // indirect + go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/sdk v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect + go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.uber.org/zap v1.26.0 // indirect - golang.org/x/exp v0.0.0-20240119083558-1b970713d09a // indirect - golang.org/x/mod v0.15.0 // indirect - golang.org/x/net v0.24.0 // indirect - golang.org/x/oauth2 v0.17.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + go.uber.org/zap v1.27.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/mod v0.17.0 // indirect + golang.org/x/net v0.25.0 // indirect + golang.org/x/oauth2 v0.20.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.18.0 // indirect + golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 // indirect - google.golang.org/grpc v1.61.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/grpc v1.64.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiserver v0.30.0 // indirect - k8s.io/component-base v0.30.0 // indirect + k8s.io/apiserver v0.30.1 // indirect + k8s.io/component-base v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect - sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect sigs.k8s.io/yaml v1.4.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index dbade6eb5a4..64bdfd89f23 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -1,11 +1,602 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= -cloud.google.com/go v0.112.0 h1:tpFCD7hpHFlQ8yPwT3x+QeXqc2T6+n6T+hmABHfDUSM= -cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= -cloud.google.com/go/compute v1.23.3/go.mod h1:VCgBUoMnIVIR0CscqQiPJLAG25E3ZRZMzcFZeQ+h8CI= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= +cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= +cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= +cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= +cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0= +cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To= +cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4= +cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M= +cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc= +cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk= +cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs= +cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc= +cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY= +cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI= +cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk= +cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY= +cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= +cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= +cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= +cloud.google.com/go v0.83.0/go.mod h1:Z7MJUsANfY0pYPdw0lbnivPx4/vhy/e2FEkSkF7vAVY= +cloud.google.com/go v0.84.0/go.mod h1:RazrYuxIK6Kb7YrzzhPoLmCVzl7Sup4NrbKPg8KHSUM= +cloud.google.com/go v0.87.0/go.mod h1:TpDYlFy7vuLzZMMZ+B6iRiELaY7z/gJPaqbMx6mlWcY= +cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aDQ= +cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= +cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= +cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= +cloud.google.com/go v0.99.0/go.mod h1:w0Xx2nLzqWJPuozYQX+hFfCSI8WioryfRDzkoI/Y2ZA= +cloud.google.com/go v0.100.1/go.mod h1:fs4QogzfH5n2pBXBP9vRiU+eCny7lD2vmFZy79Iuw1U= +cloud.google.com/go v0.100.2/go.mod h1:4Xra9TjzAeYHrl5+oeLlzbM2k3mjVhZh4UqTZ//w99A= +cloud.google.com/go v0.102.0/go.mod h1:oWcCzKlqJ5zgHQt9YsaeTY9KzIvjyy0ArmiBUgpQ+nc= +cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34hIU= +cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= +cloud.google.com/go v0.105.0/go.mod h1:PrLgOJNe5nfE9UMxKxgXj4mD3voiP+YQ6gdt6KMFOKM= +cloud.google.com/go v0.107.0/go.mod h1:wpc2eNrD7hXUTy8EKS10jkxpZBjASrORK7goS+3YX2I= +cloud.google.com/go v0.110.0/go.mod h1:SJnCLqQ0FCFGSZMUNUf84MV3Aia54kn7pi8st7tMzaY= +cloud.google.com/go v0.110.2/go.mod h1:k04UEeEtb6ZBRTv3dZz4CeJC3jKGxyhl0sAiVVquxiw= +cloud.google.com/go/accessapproval v1.4.0/go.mod h1:zybIuC3KpDOvotz59lFe5qxRZx6C75OtwbisN56xYB4= +cloud.google.com/go/accessapproval v1.5.0/go.mod h1:HFy3tuiGvMdcd/u+Cu5b9NkO1pEICJ46IR82PoUdplw= +cloud.google.com/go/accessapproval v1.6.0/go.mod h1:R0EiYnwV5fsRFiKZkPHr6mwyk2wxUJ30nL4j2pcFY2E= +cloud.google.com/go/accesscontextmanager v1.3.0/go.mod h1:TgCBehyr5gNMz7ZaH9xubp+CE8dkrszb4oK9CWyvD4o= +cloud.google.com/go/accesscontextmanager v1.4.0/go.mod h1:/Kjh7BBu/Gh83sv+K60vN9QE5NJcd80sU33vIe2IFPE= +cloud.google.com/go/accesscontextmanager v1.6.0/go.mod h1:8XCvZWfYw3K/ji0iVnp+6pu7huxoQTLmxAbVjbloTtM= +cloud.google.com/go/accesscontextmanager v1.7.0/go.mod h1:CEGLewx8dwa33aDAZQujl7Dx+uYhS0eay198wB/VumQ= +cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= +cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= +cloud.google.com/go/aiplatform v1.27.0/go.mod h1:Bvxqtl40l0WImSb04d0hXFU7gDOiq9jQmorivIiWcKg= +cloud.google.com/go/aiplatform v1.35.0/go.mod h1:7MFT/vCaOyZT/4IIFfxH4ErVg/4ku6lKv3w0+tFTgXQ= +cloud.google.com/go/aiplatform v1.36.1/go.mod h1:WTm12vJRPARNvJ+v6P52RDHCNe4AhvjcIZ/9/RRHy/k= +cloud.google.com/go/aiplatform v1.37.0/go.mod h1:IU2Cv29Lv9oCn/9LkFiiuKfwrRTq+QQMbW+hPCxJGZw= +cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= +cloud.google.com/go/analytics v0.12.0/go.mod h1:gkfj9h6XRf9+TS4bmuhPEShsh3hH8PAZzm/41OOhQd4= +cloud.google.com/go/analytics v0.17.0/go.mod h1:WXFa3WSym4IZ+JiKmavYdJwGG/CvpqiqczmL59bTD9M= +cloud.google.com/go/analytics v0.18.0/go.mod h1:ZkeHGQlcIPkw0R/GW+boWHhCOR43xz9RN/jn7WcqfIE= +cloud.google.com/go/analytics v0.19.0/go.mod h1:k8liqf5/HCnOUkbawNtrWWc+UAzyDlW89doe8TtoDsE= +cloud.google.com/go/apigateway v1.3.0/go.mod h1:89Z8Bhpmxu6AmUxuVRg/ECRGReEdiP3vQtk4Z1J9rJk= +cloud.google.com/go/apigateway v1.4.0/go.mod h1:pHVY9MKGaH9PQ3pJ4YLzoj6U5FUDeDFBllIz7WmzJoc= +cloud.google.com/go/apigateway v1.5.0/go.mod h1:GpnZR3Q4rR7LVu5951qfXPJCHquZt02jf7xQx7kpqN8= +cloud.google.com/go/apigeeconnect v1.3.0/go.mod h1:G/AwXFAKo0gIXkPTVfZDd2qA1TxBXJ3MgMRBQkIi9jc= +cloud.google.com/go/apigeeconnect v1.4.0/go.mod h1:kV4NwOKqjvt2JYR0AoIWo2QGfoRtn/pkS3QlHp0Ni04= +cloud.google.com/go/apigeeconnect v1.5.0/go.mod h1:KFaCqvBRU6idyhSNyn3vlHXc8VMDJdRmwDF6JyFRqZ8= +cloud.google.com/go/apigeeregistry v0.4.0/go.mod h1:EUG4PGcsZvxOXAdyEghIdXwAEi/4MEaoqLMLDMIwKXY= +cloud.google.com/go/apigeeregistry v0.5.0/go.mod h1:YR5+s0BVNZfVOUkMa5pAR2xGd0A473vA5M7j247o1wM= +cloud.google.com/go/apigeeregistry v0.6.0/go.mod h1:BFNzW7yQVLZ3yj0TKcwzb8n25CFBri51GVGOEUcgQsc= +cloud.google.com/go/apikeys v0.4.0/go.mod h1:XATS/yqZbaBK0HOssf+ALHp8jAlNHUgyfprvNcBIszU= +cloud.google.com/go/apikeys v0.5.0/go.mod h1:5aQfwY4D+ewMMWScd3hm2en3hCj+BROlyrt3ytS7KLI= +cloud.google.com/go/apikeys v0.6.0/go.mod h1:kbpXu5upyiAlGkKrJgQl8A0rKNNJ7dQ377pdroRSSi8= +cloud.google.com/go/appengine v1.4.0/go.mod h1:CS2NhuBuDXM9f+qscZ6V86m1MIIqPj3WC/UoEuR1Sno= +cloud.google.com/go/appengine v1.5.0/go.mod h1:TfasSozdkFI0zeoxW3PTBLiNqRmzraodCWatWI9Dmak= +cloud.google.com/go/appengine v1.6.0/go.mod h1:hg6i0J/BD2cKmDJbaFSYHFyZkgBEfQrDg/X0V5fJn84= +cloud.google.com/go/appengine v1.7.0/go.mod h1:eZqpbHFCqRGa2aCdope7eC0SWLV1j0neb/QnMJVWx6A= +cloud.google.com/go/appengine v1.7.1/go.mod h1:IHLToyb/3fKutRysUlFO0BPt5j7RiQ45nrzEJmKTo6E= +cloud.google.com/go/area120 v0.5.0/go.mod h1:DE/n4mp+iqVyvxHN41Vf1CR602GiHQjFPusMFW6bGR4= +cloud.google.com/go/area120 v0.6.0/go.mod h1:39yFJqWVgm0UZqWTOdqkLhjoC7uFfgXRC8g/ZegeAh0= +cloud.google.com/go/area120 v0.7.0/go.mod h1:a3+8EUD1SX5RUcCs3MY5YasiO1z6yLiNLRiFrykbynY= +cloud.google.com/go/area120 v0.7.1/go.mod h1:j84i4E1RboTWjKtZVWXPqvK5VHQFJRF2c1Nm69pWm9k= +cloud.google.com/go/artifactregistry v1.6.0/go.mod h1:IYt0oBPSAGYj/kprzsBjZ/4LnG/zOcHyFHjWPCi6SAQ= +cloud.google.com/go/artifactregistry v1.7.0/go.mod h1:mqTOFOnGZx8EtSqK/ZWcsm/4U8B77rbcLP6ruDU2Ixk= +cloud.google.com/go/artifactregistry v1.8.0/go.mod h1:w3GQXkJX8hiKN0v+at4b0qotwijQbYUqF2GWkZzAhC0= +cloud.google.com/go/artifactregistry v1.9.0/go.mod h1:2K2RqvA2CYvAeARHRkLDhMDJ3OXy26h3XW+3/Jh2uYc= +cloud.google.com/go/artifactregistry v1.11.1/go.mod h1:lLYghw+Itq9SONbCa1YWBoWs1nOucMH0pwXN1rOBZFI= +cloud.google.com/go/artifactregistry v1.11.2/go.mod h1:nLZns771ZGAwVLzTX/7Al6R9ehma4WUEhZGWV6CeQNQ= +cloud.google.com/go/artifactregistry v1.12.0/go.mod h1:o6P3MIvtzTOnmvGagO9v/rOjjA0HmhJ+/6KAXrmYDCI= +cloud.google.com/go/artifactregistry v1.13.0/go.mod h1:uy/LNfoOIivepGhooAUpL1i30Hgee3Cu0l4VTWHUC08= +cloud.google.com/go/asset v1.5.0/go.mod h1:5mfs8UvcM5wHhqtSv8J1CtxxaQq3AdBxxQi2jGW/K4o= +cloud.google.com/go/asset v1.7.0/go.mod h1:YbENsRK4+xTiL+Ofoj5Ckf+O17kJtgp3Y3nn4uzZz5s= +cloud.google.com/go/asset v1.8.0/go.mod h1:mUNGKhiqIdbr8X7KNayoYvyc4HbbFO9URsjbytpUaW0= +cloud.google.com/go/asset v1.9.0/go.mod h1:83MOE6jEJBMqFKadM9NLRcs80Gdw76qGuHn8m3h8oHQ= +cloud.google.com/go/asset v1.10.0/go.mod h1:pLz7uokL80qKhzKr4xXGvBQXnzHn5evJAEAtZiIb0wY= +cloud.google.com/go/asset v1.11.1/go.mod h1:fSwLhbRvC9p9CXQHJ3BgFeQNM4c9x10lqlrdEUYXlJo= +cloud.google.com/go/asset v1.12.0/go.mod h1:h9/sFOa4eDIyKmH6QMpm4eUK3pDojWnUhTgJlk762Hg= +cloud.google.com/go/asset v1.13.0/go.mod h1:WQAMyYek/b7NBpYq/K4KJWcRqzoalEsxz/t/dTk4THw= +cloud.google.com/go/assuredworkloads v1.5.0/go.mod h1:n8HOZ6pff6re5KYfBXcFvSViQjDwxFkAkmUFffJRbbY= +cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMKymF9OP+QXWlKXUkXw= +cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= +cloud.google.com/go/assuredworkloads v1.8.0/go.mod h1:AsX2cqyNCOvEQC8RMPnoc0yEarXQk6WEKkxYfL6kGIo= +cloud.google.com/go/assuredworkloads v1.9.0/go.mod h1:kFuI1P78bplYtT77Tb1hi0FMxM0vVpRC7VVoJC3ZoT0= +cloud.google.com/go/assuredworkloads v1.10.0/go.mod h1:kwdUQuXcedVdsIaKgKTp9t0UJkE5+PAVNhdQm4ZVq2E= +cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= +cloud.google.com/go/automl v1.6.0/go.mod h1:ugf8a6Fx+zP0D59WLhqgTDsQI9w07o64uf/Is3Nh5p8= +cloud.google.com/go/automl v1.7.0/go.mod h1:RL9MYCCsJEOmt0Wf3z9uzG0a7adTT1fe+aObgSpkCt8= +cloud.google.com/go/automl v1.8.0/go.mod h1:xWx7G/aPEe/NP+qzYXktoBSDfjO+vnKMGgsApGJJquM= +cloud.google.com/go/automl v1.12.0/go.mod h1:tWDcHDp86aMIuHmyvjuKeeHEGq76lD7ZqfGLN6B0NuU= +cloud.google.com/go/baremetalsolution v0.3.0/go.mod h1:XOrocE+pvK1xFfleEnShBlNAXf+j5blPPxrhjKgnIFc= +cloud.google.com/go/baremetalsolution v0.4.0/go.mod h1:BymplhAadOO/eBa7KewQ0Ppg4A4Wplbn+PsFKRLo0uI= +cloud.google.com/go/baremetalsolution v0.5.0/go.mod h1:dXGxEkmR9BMwxhzBhV0AioD0ULBmuLZI8CdwalUxuss= +cloud.google.com/go/batch v0.3.0/go.mod h1:TR18ZoAekj1GuirsUsR1ZTKN3FC/4UDnScjT8NXImFE= +cloud.google.com/go/batch v0.4.0/go.mod h1:WZkHnP43R/QCGQsZ+0JyG4i79ranE2u8xvjq/9+STPE= +cloud.google.com/go/batch v0.7.0/go.mod h1:vLZN95s6teRUqRQ4s3RLDsH8PvboqBK+rn1oevL159g= +cloud.google.com/go/beyondcorp v0.2.0/go.mod h1:TB7Bd+EEtcw9PCPQhCJtJGjk/7TC6ckmnSFS+xwTfm4= +cloud.google.com/go/beyondcorp v0.3.0/go.mod h1:E5U5lcrcXMsCuoDNyGrpyTm/hn7ne941Jz2vmksAxW8= +cloud.google.com/go/beyondcorp v0.4.0/go.mod h1:3ApA0mbhHx6YImmuubf5pyW8srKnCEPON32/5hj+RmM= +cloud.google.com/go/beyondcorp v0.5.0/go.mod h1:uFqj9X+dSfrheVp7ssLTaRHd2EHqSL4QZmH4e8WXGGU= +cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= +cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= +cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= +cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= +cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= +cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= +cloud.google.com/go/bigquery v1.42.0/go.mod h1:8dRTJxhtG+vwBKzE5OseQn/hiydoQN3EedCaOdYmxRA= +cloud.google.com/go/bigquery v1.43.0/go.mod h1:ZMQcXHsl+xmU1z36G2jNGZmKp9zNY5BUua5wDgmNCfw= +cloud.google.com/go/bigquery v1.44.0/go.mod h1:0Y33VqXTEsbamHJvJHdFmtqHvMIY28aK1+dFsvaChGc= +cloud.google.com/go/bigquery v1.47.0/go.mod h1:sA9XOgy0A8vQK9+MWhEQTY6Tix87M/ZurWFIxmF9I/E= +cloud.google.com/go/bigquery v1.48.0/go.mod h1:QAwSz+ipNgfL5jxiaK7weyOhzdoAy1zFm0Nf1fysJac= +cloud.google.com/go/bigquery v1.49.0/go.mod h1:Sv8hMmTFFYBlt/ftw2uN6dFdQPzBlREY9yBh7Oy7/4Q= +cloud.google.com/go/bigquery v1.50.0/go.mod h1:YrleYEh2pSEbgTBZYMJ5SuSr0ML3ypjRB1zgf7pvQLU= +cloud.google.com/go/billing v1.4.0/go.mod h1:g9IdKBEFlItS8bTtlrZdVLWSSdSyFUZKXNS02zKMOZY= +cloud.google.com/go/billing v1.5.0/go.mod h1:mztb1tBc3QekhjSgmpf/CV4LzWXLzCArwpLmP2Gm88s= +cloud.google.com/go/billing v1.6.0/go.mod h1:WoXzguj+BeHXPbKfNWkqVtDdzORazmCjraY+vrxcyvI= +cloud.google.com/go/billing v1.7.0/go.mod h1:q457N3Hbj9lYwwRbnlD7vUpyjq6u5U1RAOArInEiD5Y= +cloud.google.com/go/billing v1.12.0/go.mod h1:yKrZio/eu+okO/2McZEbch17O5CB5NpZhhXG6Z766ss= +cloud.google.com/go/billing v1.13.0/go.mod h1:7kB2W9Xf98hP9Sr12KfECgfGclsH3CQR0R08tnRlRbc= +cloud.google.com/go/binaryauthorization v1.1.0/go.mod h1:xwnoWu3Y84jbuHa0zd526MJYmtnVXn0syOjaJgy4+dM= +cloud.google.com/go/binaryauthorization v1.2.0/go.mod h1:86WKkJHtRcv5ViNABtYMhhNWRrD1Vpi//uKEy7aYEfI= +cloud.google.com/go/binaryauthorization v1.3.0/go.mod h1:lRZbKgjDIIQvzYQS1p99A7/U1JqvqeZg0wiI5tp6tg0= +cloud.google.com/go/binaryauthorization v1.4.0/go.mod h1:tsSPQrBd77VLplV70GUhBf/Zm3FsKmgSqgm4UmiDItk= +cloud.google.com/go/binaryauthorization v1.5.0/go.mod h1:OSe4OU1nN/VswXKRBmciKpo9LulY41gch5c68htf3/Q= +cloud.google.com/go/certificatemanager v1.3.0/go.mod h1:n6twGDvcUBFu9uBgt4eYvvf3sQ6My8jADcOVwHmzadg= +cloud.google.com/go/certificatemanager v1.4.0/go.mod h1:vowpercVFyqs8ABSmrdV+GiFf2H/ch3KyudYQEMM590= +cloud.google.com/go/certificatemanager v1.6.0/go.mod h1:3Hh64rCKjRAX8dXgRAyOcY5vQ/fE1sh8o+Mdd6KPgY8= +cloud.google.com/go/channel v1.8.0/go.mod h1:W5SwCXDJsq/rg3tn3oG0LOxpAo6IMxNa09ngphpSlnk= +cloud.google.com/go/channel v1.9.0/go.mod h1:jcu05W0my9Vx4mt3/rEHpfxc9eKi9XwsdDL8yBMbKUk= +cloud.google.com/go/channel v1.11.0/go.mod h1:IdtI0uWGqhEeatSB62VOoJ8FSUhJ9/+iGkJVqp74CGE= +cloud.google.com/go/channel v1.12.0/go.mod h1:VkxCGKASi4Cq7TbXxlaBezonAYpp1GCnKMY6tnMQnLU= +cloud.google.com/go/cloudbuild v1.3.0/go.mod h1:WequR4ULxlqvMsjDEEEFnOG5ZSRSgWOywXYDb1vPE6U= +cloud.google.com/go/cloudbuild v1.4.0/go.mod h1:5Qwa40LHiOXmz3386FrjrYM93rM/hdRr7b53sySrTqA= +cloud.google.com/go/cloudbuild v1.6.0/go.mod h1:UIbc/w9QCbH12xX+ezUsgblrWv+Cv4Tw83GiSMHOn9M= +cloud.google.com/go/cloudbuild v1.7.0/go.mod h1:zb5tWh2XI6lR9zQmsm1VRA+7OCuve5d8S+zJUul8KTg= +cloud.google.com/go/cloudbuild v1.9.0/go.mod h1:qK1d7s4QlO0VwfYn5YuClDGg2hfmLZEb4wQGAbIgL1s= +cloud.google.com/go/clouddms v1.3.0/go.mod h1:oK6XsCDdW4Ib3jCCBugx+gVjevp2TMXFtgxvPSee3OM= +cloud.google.com/go/clouddms v1.4.0/go.mod h1:Eh7sUGCC+aKry14O1NRljhjyrr0NFC0G2cjwX0cByRk= +cloud.google.com/go/clouddms v1.5.0/go.mod h1:QSxQnhikCLUw13iAbffF2CZxAER3xDGNHjsTAkQJcQA= +cloud.google.com/go/cloudtasks v1.5.0/go.mod h1:fD92REy1x5woxkKEkLdvavGnPJGEn8Uic9nWuLzqCpY= +cloud.google.com/go/cloudtasks v1.6.0/go.mod h1:C6Io+sxuke9/KNRkbQpihnW93SWDU3uXt92nu85HkYI= +cloud.google.com/go/cloudtasks v1.7.0/go.mod h1:ImsfdYWwlWNJbdgPIIGJWC+gemEGTBK/SunNQQNCAb4= +cloud.google.com/go/cloudtasks v1.8.0/go.mod h1:gQXUIwCSOI4yPVK7DgTVFiiP0ZW/eQkydWzwVMdHxrI= +cloud.google.com/go/cloudtasks v1.9.0/go.mod h1:w+EyLsVkLWHcOaqNEyvcKAsWp9p29dL6uL9Nst1cI7Y= +cloud.google.com/go/cloudtasks v1.10.0/go.mod h1:NDSoTLkZ3+vExFEWu2UJV1arUyzVDAiZtdWcsUyNwBs= +cloud.google.com/go/compute v0.1.0/go.mod h1:GAesmwr110a34z04OlxYkATPBEfVhkymfTBXtfbBFow= +cloud.google.com/go/compute v1.3.0/go.mod h1:cCZiE1NHEtai4wiufUhW8I8S1JKkAnhnQJWM7YD99wM= +cloud.google.com/go/compute v1.5.0/go.mod h1:9SMHyhJlzhlkJqrPAc839t2BZFTSk6Jdj6mkzQJeu0M= +cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz/FMzPu0s= +cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= +cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= +cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= +cloud.google.com/go/compute v1.12.0/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= +cloud.google.com/go/compute v1.12.1/go.mod h1:e8yNOBcBONZU1vJKCvCoDw/4JQsA0dpM4x/6PIIOocU= +cloud.google.com/go/compute v1.13.0/go.mod h1:5aPTS0cUNMIc1CE546K+Th6weJUNQErARyZtRXDJ8GE= +cloud.google.com/go/compute v1.14.0/go.mod h1:YfLtxrj9sU4Yxv+sXzZkyPjEyPBZfXHUvjxega5vAdo= +cloud.google.com/go/compute v1.15.1/go.mod h1:bjjoF/NtFUrkD/urWfdHaKuOPDR5nWIs63rR+SXhcpA= +cloud.google.com/go/compute v1.18.0/go.mod h1:1X7yHxec2Ga+Ss6jPyjxRxpu2uu7PLgsOVXvgU0yacs= +cloud.google.com/go/compute v1.19.0/go.mod h1:rikpw2y+UMidAe9tISo04EHNOIf42RLYF/q8Bs93scU= +cloud.google.com/go/compute v1.19.3/go.mod h1:qxvISKp/gYnXkSAD1ppcSOveRAmzxicEv/JlizULFrI= +cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= +cloud.google.com/go/compute/metadata v0.1.0/go.mod h1:Z1VN+bulIf6bt4P/C37K4DyZYZEXYonfTBHHFPO/4UU= +cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.2.1/go.mod h1:jgHgmJd2RKBGzXqF5LR2EZMGxBkeanZ9wwa75XHJgOM= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/contactcenterinsights v1.3.0/go.mod h1:Eu2oemoePuEFc/xKFPjbTuPSj0fYJcPls9TFlPNnHHY= +cloud.google.com/go/contactcenterinsights v1.4.0/go.mod h1:L2YzkGbPsv+vMQMCADxJoT9YiTTnSEd6fEvCeHTYVck= +cloud.google.com/go/contactcenterinsights v1.6.0/go.mod h1:IIDlT6CLcDoyv79kDv8iWxMSTZhLxSCofVV5W6YFM/w= +cloud.google.com/go/container v1.6.0/go.mod h1:Xazp7GjJSeUYo688S+6J5V+n/t+G5sKBTFkKNudGRxg= +cloud.google.com/go/container v1.7.0/go.mod h1:Dp5AHtmothHGX3DwwIHPgq45Y8KmNsgN3amoYfxVkLo= +cloud.google.com/go/container v1.13.1/go.mod h1:6wgbMPeQRw9rSnKBCAJXnds3Pzj03C4JHamr8asWKy4= +cloud.google.com/go/container v1.14.0/go.mod h1:3AoJMPhHfLDxLvrlVWaK57IXzaPnLaZq63WX59aQBfM= +cloud.google.com/go/container v1.15.0/go.mod h1:ft+9S0WGjAyjDggg5S06DXj+fHJICWg8L7isCQe9pQA= +cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= +cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= +cloud.google.com/go/containeranalysis v0.7.0/go.mod h1:9aUL+/vZ55P2CXfuZjS4UjQ9AgXoSw8Ts6lemfmxBxI= +cloud.google.com/go/containeranalysis v0.9.0/go.mod h1:orbOANbwk5Ejoom+s+DUCTTJ7IBdBQJDcSylAx/on9s= +cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= +cloud.google.com/go/datacatalog v1.5.0/go.mod h1:M7GPLNQeLfWqeIm3iuiruhPzkt65+Bx8dAKvScX8jvs= +cloud.google.com/go/datacatalog v1.6.0/go.mod h1:+aEyF8JKg+uXcIdAmmaMUmZ3q1b/lKLtXCmXdnc0lbc= +cloud.google.com/go/datacatalog v1.7.0/go.mod h1:9mEl4AuDYWw81UGc41HonIHH7/sn52H0/tc8f8ZbZIE= +cloud.google.com/go/datacatalog v1.8.0/go.mod h1:KYuoVOv9BM8EYz/4eMFxrr4DUKhGIOXxZoKYF5wdISM= +cloud.google.com/go/datacatalog v1.8.1/go.mod h1:RJ58z4rMp3gvETA465Vg+ag8BGgBdnRPEMMSTr5Uv+M= +cloud.google.com/go/datacatalog v1.12.0/go.mod h1:CWae8rFkfp6LzLumKOnmVh4+Zle4A3NXLzVJ1d1mRm0= +cloud.google.com/go/datacatalog v1.13.0/go.mod h1:E4Rj9a5ZtAxcQJlEBTLgMTphfP11/lNaAshpoBgemX8= +cloud.google.com/go/dataflow v0.6.0/go.mod h1:9QwV89cGoxjjSR9/r7eFDqqjtvbKxAK2BaYU6PVk9UM= +cloud.google.com/go/dataflow v0.7.0/go.mod h1:PX526vb4ijFMesO1o202EaUmouZKBpjHsTlCtB4parQ= +cloud.google.com/go/dataflow v0.8.0/go.mod h1:Rcf5YgTKPtQyYz8bLYhFoIV/vP39eL7fWNcSOyFfLJE= +cloud.google.com/go/dataform v0.3.0/go.mod h1:cj8uNliRlHpa6L3yVhDOBrUXH+BPAO1+KFMQQNSThKo= +cloud.google.com/go/dataform v0.4.0/go.mod h1:fwV6Y4Ty2yIFL89huYlEkwUPtS7YZinZbzzj5S9FzCE= +cloud.google.com/go/dataform v0.5.0/go.mod h1:GFUYRe8IBa2hcomWplodVmUx/iTL0FrsauObOM3Ipr0= +cloud.google.com/go/dataform v0.6.0/go.mod h1:QPflImQy33e29VuapFdf19oPbE4aYTJxr31OAPV+ulA= +cloud.google.com/go/dataform v0.7.0/go.mod h1:7NulqnVozfHvWUBpMDfKMUESr+85aJsC/2O0o3jWPDE= +cloud.google.com/go/datafusion v1.4.0/go.mod h1:1Zb6VN+W6ALo85cXnM1IKiPw+yQMKMhB9TsTSRDo/38= +cloud.google.com/go/datafusion v1.5.0/go.mod h1:Kz+l1FGHB0J+4XF2fud96WMmRiq/wj8N9u007vyXZ2w= +cloud.google.com/go/datafusion v1.6.0/go.mod h1:WBsMF8F1RhSXvVM8rCV3AeyWVxcC2xY6vith3iw3S+8= +cloud.google.com/go/datalabeling v0.5.0/go.mod h1:TGcJ0G2NzcsXSE/97yWjIZO0bXj0KbVlINXMG9ud42I= +cloud.google.com/go/datalabeling v0.6.0/go.mod h1:WqdISuk/+WIGeMkpw/1q7bK/tFEZxsrFJOJdY2bXvTQ= +cloud.google.com/go/datalabeling v0.7.0/go.mod h1:WPQb1y08RJbmpM3ww0CSUAGweL0SxByuW2E+FU+wXcM= +cloud.google.com/go/dataplex v1.3.0/go.mod h1:hQuRtDg+fCiFgC8j0zV222HvzFQdRd+SVX8gdmFcZzA= +cloud.google.com/go/dataplex v1.4.0/go.mod h1:X51GfLXEMVJ6UN47ESVqvlsRplbLhcsAt0kZCCKsU0A= +cloud.google.com/go/dataplex v1.5.2/go.mod h1:cVMgQHsmfRoI5KFYq4JtIBEUbYwc3c7tXmIDhRmNNVQ= +cloud.google.com/go/dataplex v1.6.0/go.mod h1:bMsomC/aEJOSpHXdFKFGQ1b0TDPIeL28nJObeO1ppRs= +cloud.google.com/go/dataproc v1.7.0/go.mod h1:CKAlMjII9H90RXaMpSxQ8EU6dQx6iAYNPcYPOkSbi8s= +cloud.google.com/go/dataproc v1.8.0/go.mod h1:5OW+zNAH0pMpw14JVrPONsxMQYMBqJuzORhIBfBn9uI= +cloud.google.com/go/dataproc v1.12.0/go.mod h1:zrF3aX0uV3ikkMz6z4uBbIKyhRITnxvr4i3IjKsKrw4= +cloud.google.com/go/dataqna v0.5.0/go.mod h1:90Hyk596ft3zUQ8NkFfvICSIfHFh1Bc7C4cK3vbhkeo= +cloud.google.com/go/dataqna v0.6.0/go.mod h1:1lqNpM7rqNLVgWBJyk5NF6Uen2PHym0jtVJonplVsDA= +cloud.google.com/go/dataqna v0.7.0/go.mod h1:Lx9OcIIeqCrw1a6KdO3/5KMP1wAmTc0slZWwP12Qq3c= +cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= +cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= +cloud.google.com/go/datastore v1.10.0/go.mod h1:PC5UzAmDEkAmkfaknstTYbNpgE49HAgW2J1gcgUfmdM= +cloud.google.com/go/datastore v1.11.0/go.mod h1:TvGxBIHCS50u8jzG+AW/ppf87v1of8nwzFNgEZU1D3c= +cloud.google.com/go/datastream v1.2.0/go.mod h1:i/uTP8/fZwgATHS/XFu0TcNUhuA0twZxxQ3EyCUQMwo= +cloud.google.com/go/datastream v1.3.0/go.mod h1:cqlOX8xlyYF/uxhiKn6Hbv6WjwPPuI9W2M9SAXwaLLQ= +cloud.google.com/go/datastream v1.4.0/go.mod h1:h9dpzScPhDTs5noEMQVWP8Wx8AFBRyS0s8KWPx/9r0g= +cloud.google.com/go/datastream v1.5.0/go.mod h1:6TZMMNPwjUqZHBKPQ1wwXpb0d5VDVPl2/XoS5yi88q4= +cloud.google.com/go/datastream v1.6.0/go.mod h1:6LQSuswqLa7S4rPAOZFVjHIG3wJIjZcZrw8JDEDJuIs= +cloud.google.com/go/datastream v1.7.0/go.mod h1:uxVRMm2elUSPuh65IbZpzJNMbuzkcvu5CjMqVIUHrww= +cloud.google.com/go/deploy v1.4.0/go.mod h1:5Xghikd4VrmMLNaF6FiRFDlHb59VM59YoDQnOUdsH/c= +cloud.google.com/go/deploy v1.5.0/go.mod h1:ffgdD0B89tToyW/U/D2eL0jN2+IEV/3EMuXHA0l4r+s= +cloud.google.com/go/deploy v1.6.0/go.mod h1:f9PTHehG/DjCom3QH0cntOVRm93uGBDt2vKzAPwpXQI= +cloud.google.com/go/deploy v1.8.0/go.mod h1:z3myEJnA/2wnB4sgjqdMfgxCA0EqC3RBTNcVPs93mtQ= +cloud.google.com/go/dialogflow v1.15.0/go.mod h1:HbHDWs33WOGJgn6rfzBW1Kv807BE3O1+xGbn59zZWI4= +cloud.google.com/go/dialogflow v1.16.1/go.mod h1:po6LlzGfK+smoSmTBnbkIZY2w8ffjz/RcGSS+sh1el0= +cloud.google.com/go/dialogflow v1.17.0/go.mod h1:YNP09C/kXA1aZdBgC/VtXX74G/TKn7XVCcVumTflA+8= +cloud.google.com/go/dialogflow v1.18.0/go.mod h1:trO7Zu5YdyEuR+BhSNOqJezyFQ3aUzz0njv7sMx/iek= +cloud.google.com/go/dialogflow v1.19.0/go.mod h1:JVmlG1TwykZDtxtTXujec4tQ+D8SBFMoosgy+6Gn0s0= +cloud.google.com/go/dialogflow v1.29.0/go.mod h1:b+2bzMe+k1s9V+F2jbJwpHPzrnIyHihAdRFMtn2WXuM= +cloud.google.com/go/dialogflow v1.31.0/go.mod h1:cuoUccuL1Z+HADhyIA7dci3N5zUssgpBJmCzI6fNRB4= +cloud.google.com/go/dialogflow v1.32.0/go.mod h1:jG9TRJl8CKrDhMEcvfcfFkkpp8ZhgPz3sBGmAUYJ2qE= +cloud.google.com/go/dlp v1.6.0/go.mod h1:9eyB2xIhpU0sVwUixfBubDoRwP+GjeUoxxeueZmqvmM= +cloud.google.com/go/dlp v1.7.0/go.mod h1:68ak9vCiMBjbasxeVD17hVPxDEck+ExiHavX8kiHG+Q= +cloud.google.com/go/dlp v1.9.0/go.mod h1:qdgmqgTyReTz5/YNSSuueR8pl7hO0o9bQ39ZhtgkWp4= +cloud.google.com/go/documentai v1.7.0/go.mod h1:lJvftZB5NRiFSX4moiye1SMxHx0Bc3x1+p9e/RfXYiU= +cloud.google.com/go/documentai v1.8.0/go.mod h1:xGHNEB7CtsnySCNrCFdCyyMz44RhFEEX2Q7UD0c5IhU= +cloud.google.com/go/documentai v1.9.0/go.mod h1:FS5485S8R00U10GhgBC0aNGrJxBP8ZVpEeJ7PQDZd6k= +cloud.google.com/go/documentai v1.10.0/go.mod h1:vod47hKQIPeCfN2QS/jULIvQTugbmdc0ZvxxfQY1bg4= +cloud.google.com/go/documentai v1.16.0/go.mod h1:o0o0DLTEZ+YnJZ+J4wNfTxmDVyrkzFvttBXXtYRMHkM= +cloud.google.com/go/documentai v1.18.0/go.mod h1:F6CK6iUH8J81FehpskRmhLq/3VlwQvb7TvwOceQ2tbs= +cloud.google.com/go/domains v0.6.0/go.mod h1:T9Rz3GasrpYk6mEGHh4rymIhjlnIuB4ofT1wTxDeT4Y= +cloud.google.com/go/domains v0.7.0/go.mod h1:PtZeqS1xjnXuRPKE/88Iru/LdfoRyEHYA9nFQf4UKpg= +cloud.google.com/go/domains v0.8.0/go.mod h1:M9i3MMDzGFXsydri9/vW+EWz9sWb4I6WyHqdlAk0idE= +cloud.google.com/go/edgecontainer v0.1.0/go.mod h1:WgkZ9tp10bFxqO8BLPqv2LlfmQF1X8lZqwW4r1BTajk= +cloud.google.com/go/edgecontainer v0.2.0/go.mod h1:RTmLijy+lGpQ7BXuTDa4C4ssxyXT34NIuHIgKuP4s5w= +cloud.google.com/go/edgecontainer v0.3.0/go.mod h1:FLDpP4nykgwwIfcLt6zInhprzw0lEi2P1fjO6Ie0qbc= +cloud.google.com/go/edgecontainer v1.0.0/go.mod h1:cttArqZpBB2q58W/upSG++ooo6EsblxDIolxa3jSjbY= +cloud.google.com/go/errorreporting v0.3.0/go.mod h1:xsP2yaAp+OAW4OIm60An2bbLpqIhKXdWR/tawvl7QzU= +cloud.google.com/go/essentialcontacts v1.3.0/go.mod h1:r+OnHa5jfj90qIfZDO/VztSFqbQan7HV75p8sA+mdGI= +cloud.google.com/go/essentialcontacts v1.4.0/go.mod h1:8tRldvHYsmnBCHdFpvU+GL75oWiBKl80BiqlFh9tp+8= +cloud.google.com/go/essentialcontacts v1.5.0/go.mod h1:ay29Z4zODTuwliK7SnX8E86aUF2CTzdNtvv42niCX0M= +cloud.google.com/go/eventarc v1.7.0/go.mod h1:6ctpF3zTnaQCxUjHUdcfgcA1A2T309+omHZth7gDfmc= +cloud.google.com/go/eventarc v1.8.0/go.mod h1:imbzxkyAU4ubfsaKYdQg04WS1NvncblHEup4kvF+4gw= +cloud.google.com/go/eventarc v1.10.0/go.mod h1:u3R35tmZ9HvswGRBnF48IlYgYeBcPUCjkr4BTdem2Kw= +cloud.google.com/go/eventarc v1.11.0/go.mod h1:PyUjsUKPWoRBCHeOxZd/lbOOjahV41icXyUY5kSTvVY= +cloud.google.com/go/filestore v1.3.0/go.mod h1:+qbvHGvXU1HaKX2nD0WEPo92TP/8AQuCVEBXNY9z0+w= +cloud.google.com/go/filestore v1.4.0/go.mod h1:PaG5oDfo9r224f8OYXURtAsY+Fbyq/bLYoINEK8XQAI= +cloud.google.com/go/filestore v1.5.0/go.mod h1:FqBXDWBp4YLHqRnVGveOkHDf8svj9r5+mUDLupOWEDs= +cloud.google.com/go/filestore v1.6.0/go.mod h1:di5unNuss/qfZTw2U9nhFqo8/ZDSc466dre85Kydllg= +cloud.google.com/go/firestore v1.9.0/go.mod h1:HMkjKHNTtRyZNiMzu7YAsLr9K3X2udY2AMwDaMEQiiE= +cloud.google.com/go/functions v1.6.0/go.mod h1:3H1UA3qiIPRWD7PeZKLvHZ9SaQhR26XIJcC0A5GbvAk= +cloud.google.com/go/functions v1.7.0/go.mod h1:+d+QBcWM+RsrgZfV9xo6KfA1GlzJfxcfZcRPEhDDfzg= +cloud.google.com/go/functions v1.8.0/go.mod h1:RTZ4/HsQjIqIYP9a9YPbU+QFoQsAlYgrwOXJWHn1POY= +cloud.google.com/go/functions v1.9.0/go.mod h1:Y+Dz8yGguzO3PpIjhLTbnqV1CWmgQ5UwtlpzoyquQ08= +cloud.google.com/go/functions v1.10.0/go.mod h1:0D3hEOe3DbEvCXtYOZHQZmD+SzYsi1YbI7dGvHfldXw= +cloud.google.com/go/functions v1.12.0/go.mod h1:AXWGrF3e2C/5ehvwYo/GH6O5s09tOPksiKhz+hH8WkA= +cloud.google.com/go/functions v1.13.0/go.mod h1:EU4O007sQm6Ef/PwRsI8N2umygGqPBS/IZQKBQBcJ3c= +cloud.google.com/go/gaming v1.5.0/go.mod h1:ol7rGcxP/qHTRQE/RO4bxkXq+Fix0j6D4LFPzYTIrDM= +cloud.google.com/go/gaming v1.6.0/go.mod h1:YMU1GEvA39Qt3zWGyAVA9bpYz/yAhTvaQ1t2sK4KPUA= +cloud.google.com/go/gaming v1.7.0/go.mod h1:LrB8U7MHdGgFG851iHAfqUdLcKBdQ55hzXy9xBJz0+w= +cloud.google.com/go/gaming v1.8.0/go.mod h1:xAqjS8b7jAVW0KFYeRUxngo9My3f33kFmua++Pi+ggM= +cloud.google.com/go/gaming v1.9.0/go.mod h1:Fc7kEmCObylSWLO334NcO+O9QMDyz+TKC4v1D7X+Bc0= +cloud.google.com/go/gkebackup v0.2.0/go.mod h1:XKvv/4LfG829/B8B7xRkk8zRrOEbKtEam6yNfuQNH60= +cloud.google.com/go/gkebackup v0.3.0/go.mod h1:n/E671i1aOQvUxT541aTkCwExO/bTer2HDlj4TsBRAo= +cloud.google.com/go/gkebackup v0.4.0/go.mod h1:byAyBGUwYGEEww7xsbnUTBHIYcOPy/PgUWUtOeRm9Vg= +cloud.google.com/go/gkeconnect v0.5.0/go.mod h1:c5lsNAg5EwAy7fkqX/+goqFsU1Da/jQFqArp+wGNr/o= +cloud.google.com/go/gkeconnect v0.6.0/go.mod h1:Mln67KyU/sHJEBY8kFZ0xTeyPtzbq9StAVvEULYK16A= +cloud.google.com/go/gkeconnect v0.7.0/go.mod h1:SNfmVqPkaEi3bF/B3CNZOAYPYdg7sU+obZ+QTky2Myw= +cloud.google.com/go/gkehub v0.9.0/go.mod h1:WYHN6WG8w9bXU0hqNxt8rm5uxnk8IH+lPY9J2TV7BK0= +cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y977wO+hBH0= +cloud.google.com/go/gkehub v0.11.0/go.mod h1:JOWHlmN+GHyIbuWQPl47/C2RFhnFKH38jH9Ascu3n0E= +cloud.google.com/go/gkehub v0.12.0/go.mod h1:djiIwwzTTBrF5NaXCGv3mf7klpEMcST17VBTVVDcuaw= +cloud.google.com/go/gkemulticloud v0.3.0/go.mod h1:7orzy7O0S+5kq95e4Hpn7RysVA7dPs8W/GgfUtsPbrA= +cloud.google.com/go/gkemulticloud v0.4.0/go.mod h1:E9gxVBnseLWCk24ch+P9+B2CoDFJZTyIgLKSalC7tuI= +cloud.google.com/go/gkemulticloud v0.5.0/go.mod h1:W0JDkiyi3Tqh0TJr//y19wyb1yf8llHVto2Htf2Ja3Y= +cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= +cloud.google.com/go/gsuiteaddons v1.3.0/go.mod h1:EUNK/J1lZEZO8yPtykKxLXI6JSVN2rg9bN8SXOa0bgM= +cloud.google.com/go/gsuiteaddons v1.4.0/go.mod h1:rZK5I8hht7u7HxFQcFei0+AtfS9uSushomRlg+3ua1o= +cloud.google.com/go/gsuiteaddons v1.5.0/go.mod h1:TFCClYLd64Eaa12sFVmUyG62tk4mdIsI7pAnSXRkcFo= +cloud.google.com/go/iam v0.1.0/go.mod h1:vcUNEa0pEm0qRVpmWepWaFMIAI8/hjB9mO8rNCJtF6c= +cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= +cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= +cloud.google.com/go/iam v0.6.0/go.mod h1:+1AH33ueBne5MzYccyMHtEKqLE4/kJOibtffMHDMFMc= +cloud.google.com/go/iam v0.7.0/go.mod h1:H5Br8wRaDGNc8XP3keLc4unfUUZeyH3Sfl9XpQEYOeg= +cloud.google.com/go/iam v0.8.0/go.mod h1:lga0/y3iH6CX7sYqypWJ33hf7kkfXJag67naqGESjkE= +cloud.google.com/go/iam v0.11.0/go.mod h1:9PiLDanza5D+oWFZiH1uG+RnRCfEGKoyl6yo4cgWZGY= +cloud.google.com/go/iam v0.12.0/go.mod h1:knyHGviacl11zrtZUoDuYpDgLjvr28sLQaG0YB2GYAY= +cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= +cloud.google.com/go/iap v1.4.0/go.mod h1:RGFwRJdihTINIe4wZ2iCP0zF/qu18ZwyKxrhMhygBEc= +cloud.google.com/go/iap v1.5.0/go.mod h1:UH/CGgKd4KyohZL5Pt0jSKE4m3FR51qg6FKQ/z/Ix9A= +cloud.google.com/go/iap v1.6.0/go.mod h1:NSuvI9C/j7UdjGjIde7t7HBz+QTwBcapPE07+sSRcLk= +cloud.google.com/go/iap v1.7.0/go.mod h1:beqQx56T9O1G1yNPph+spKpNibDlYIiIixiqsQXxLIo= +cloud.google.com/go/iap v1.7.1/go.mod h1:WapEwPc7ZxGt2jFGB/C/bm+hP0Y6NXzOYGjpPnmMS74= +cloud.google.com/go/ids v1.1.0/go.mod h1:WIuwCaYVOzHIj2OhN9HAwvW+DBdmUAdcWlFxRl+KubM= +cloud.google.com/go/ids v1.2.0/go.mod h1:5WXvp4n25S0rA/mQWAg1YEEBBq6/s+7ml1RDCW1IrcY= +cloud.google.com/go/ids v1.3.0/go.mod h1:JBdTYwANikFKaDP6LtW5JAi4gubs57SVNQjemdt6xV4= +cloud.google.com/go/iot v1.3.0/go.mod h1:r7RGh2B61+B8oz0AGE+J72AhA0G7tdXItODWsaA2oLs= +cloud.google.com/go/iot v1.4.0/go.mod h1:dIDxPOn0UvNDUMD8Ger7FIaTuvMkj+aGk94RPP0iV+g= +cloud.google.com/go/iot v1.5.0/go.mod h1:mpz5259PDl3XJthEmh9+ap0affn/MqNSP4My77Qql9o= +cloud.google.com/go/iot v1.6.0/go.mod h1:IqdAsmE2cTYYNO1Fvjfzo9po179rAtJeVGUvkLN3rLE= +cloud.google.com/go/kms v1.4.0/go.mod h1:fajBHndQ+6ubNw6Ss2sSd+SWvjL26RNo/dr7uxsnnOA= +cloud.google.com/go/kms v1.5.0/go.mod h1:QJS2YY0eJGBg3mnDfuaCyLauWwBJiHRboYxJ++1xJNg= +cloud.google.com/go/kms v1.6.0/go.mod h1:Jjy850yySiasBUDi6KFUwUv2n1+o7QZFyuUJg6OgjA0= +cloud.google.com/go/kms v1.8.0/go.mod h1:4xFEhYFqvW+4VMELtZyxomGSYtSQKzM178ylFW4jMAg= +cloud.google.com/go/kms v1.9.0/go.mod h1:qb1tPTgfF9RQP8e1wq4cLFErVuTJv7UsSC915J8dh3w= +cloud.google.com/go/kms v1.10.0/go.mod h1:ng3KTUtQQU9bPX3+QGLsflZIHlkbn8amFAMY63m8d24= +cloud.google.com/go/kms v1.10.1/go.mod h1:rIWk/TryCkR59GMC3YtHtXeLzd634lBbKenvyySAyYI= +cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= +cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= +cloud.google.com/go/language v1.7.0/go.mod h1:DJ6dYN/W+SQOjF8e1hLQXMF21AkH2w9wiPzPCJa2MIE= +cloud.google.com/go/language v1.8.0/go.mod h1:qYPVHf7SPoNNiCL2Dr0FfEFNil1qi3pQEyygwpgVKB8= +cloud.google.com/go/language v1.9.0/go.mod h1:Ns15WooPM5Ad/5no/0n81yUetis74g3zrbeJBE+ptUY= +cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= +cloud.google.com/go/lifesciences v0.6.0/go.mod h1:ddj6tSX/7BOnhxCSd3ZcETvtNr8NZ6t/iPhY2Tyfu08= +cloud.google.com/go/lifesciences v0.8.0/go.mod h1:lFxiEOMqII6XggGbOnKiyZ7IBwoIqA84ClvoezaA/bo= +cloud.google.com/go/logging v1.6.1/go.mod h1:5ZO0mHHbvm8gEmeEUHrmDlTDSu5imF6MUP9OfilNXBw= +cloud.google.com/go/logging v1.7.0/go.mod h1:3xjP2CjkM3ZkO73aj4ASA5wRPGGCRrPIAeNqVNkzY8M= +cloud.google.com/go/longrunning v0.1.1/go.mod h1:UUFxuDWkv22EuY93jjmDMFT5GPQKeFVJBIF6QlTqdsE= +cloud.google.com/go/longrunning v0.3.0/go.mod h1:qth9Y41RRSUE69rDcOn6DdK3HfQfsUI0YSmW3iIlLJc= +cloud.google.com/go/longrunning v0.4.1/go.mod h1:4iWDqhBZ70CvZ6BfETbvam3T8FMvLK+eFj0E6AaRQTo= +cloud.google.com/go/managedidentities v1.3.0/go.mod h1:UzlW3cBOiPrzucO5qWkNkh0w33KFtBJU281hacNvsdE= +cloud.google.com/go/managedidentities v1.4.0/go.mod h1:NWSBYbEMgqmbZsLIyKvxrYbtqOsxY1ZrGM+9RgDqInM= +cloud.google.com/go/managedidentities v1.5.0/go.mod h1:+dWcZ0JlUmpuxpIDfyP5pP5y0bLdRwOS4Lp7gMni/LA= +cloud.google.com/go/maps v0.1.0/go.mod h1:BQM97WGyfw9FWEmQMpZ5T6cpovXXSd1cGmFma94eubI= +cloud.google.com/go/maps v0.6.0/go.mod h1:o6DAMMfb+aINHz/p/jbcY+mYeXBoZoxTfdSQ8VAJaCw= +cloud.google.com/go/maps v0.7.0/go.mod h1:3GnvVl3cqeSvgMcpRlQidXsPYuDGQ8naBis7MVzpXsY= +cloud.google.com/go/mediatranslation v0.5.0/go.mod h1:jGPUhGTybqsPQn91pNXw0xVHfuJ3leR1wj37oU3y1f4= +cloud.google.com/go/mediatranslation v0.6.0/go.mod h1:hHdBCTYNigsBxshbznuIMFNe5QXEowAuNmmC7h8pu5w= +cloud.google.com/go/mediatranslation v0.7.0/go.mod h1:LCnB/gZr90ONOIQLgSXagp8XUW1ODs2UmUMvcgMfI2I= +cloud.google.com/go/memcache v1.4.0/go.mod h1:rTOfiGZtJX1AaFUrOgsMHX5kAzaTQ8azHiuDoTPzNsE= +cloud.google.com/go/memcache v1.5.0/go.mod h1:dk3fCK7dVo0cUU2c36jKb4VqKPS22BTkf81Xq617aWM= +cloud.google.com/go/memcache v1.6.0/go.mod h1:XS5xB0eQZdHtTuTF9Hf8eJkKtR3pVRCcvJwtm68T3rA= +cloud.google.com/go/memcache v1.7.0/go.mod h1:ywMKfjWhNtkQTxrWxCkCFkoPjLHPW6A7WOTVI8xy3LY= +cloud.google.com/go/memcache v1.9.0/go.mod h1:8oEyzXCu+zo9RzlEaEjHl4KkgjlNDaXbCQeQWlzNFJM= +cloud.google.com/go/metastore v1.5.0/go.mod h1:2ZNrDcQwghfdtCwJ33nM0+GrBGlVuh8rakL3vdPY3XY= +cloud.google.com/go/metastore v1.6.0/go.mod h1:6cyQTls8CWXzk45G55x57DVQ9gWg7RiH65+YgPsNh9s= +cloud.google.com/go/metastore v1.7.0/go.mod h1:s45D0B4IlsINu87/AsWiEVYbLaIMeUSoxlKKDqBGFS8= +cloud.google.com/go/metastore v1.8.0/go.mod h1:zHiMc4ZUpBiM7twCIFQmJ9JMEkDSyZS9U12uf7wHqSI= +cloud.google.com/go/metastore v1.10.0/go.mod h1:fPEnH3g4JJAk+gMRnrAnoqyv2lpUCqJPWOodSaf45Eo= +cloud.google.com/go/monitoring v1.7.0/go.mod h1:HpYse6kkGo//7p6sT0wsIC6IBDET0RhIsnmlA53dvEk= +cloud.google.com/go/monitoring v1.8.0/go.mod h1:E7PtoMJ1kQXWxPjB6mv2fhC5/15jInuulFdYYtlcvT4= +cloud.google.com/go/monitoring v1.12.0/go.mod h1:yx8Jj2fZNEkL/GYZyTLS4ZtZEZN8WtDEiEqG4kLK50w= +cloud.google.com/go/monitoring v1.13.0/go.mod h1:k2yMBAB1H9JT/QETjNkgdCGD9bPF712XiLTVr+cBrpw= +cloud.google.com/go/networkconnectivity v1.4.0/go.mod h1:nOl7YL8odKyAOtzNX73/M5/mGZgqqMeryi6UPZTk/rA= +cloud.google.com/go/networkconnectivity v1.5.0/go.mod h1:3GzqJx7uhtlM3kln0+x5wyFvuVH1pIBJjhCpjzSt75o= +cloud.google.com/go/networkconnectivity v1.6.0/go.mod h1:OJOoEXW+0LAxHh89nXd64uGG+FbQoeH8DtxCHVOMlaM= +cloud.google.com/go/networkconnectivity v1.7.0/go.mod h1:RMuSbkdbPwNMQjB5HBWD5MpTBnNm39iAVpC3TmsExt8= +cloud.google.com/go/networkconnectivity v1.10.0/go.mod h1:UP4O4sWXJG13AqrTdQCD9TnLGEbtNRqjuaaA7bNjF5E= +cloud.google.com/go/networkconnectivity v1.11.0/go.mod h1:iWmDD4QF16VCDLXUqvyspJjIEtBR/4zq5hwnY2X3scM= +cloud.google.com/go/networkmanagement v1.4.0/go.mod h1:Q9mdLLRn60AsOrPc8rs8iNV6OHXaGcDdsIQe1ohekq8= +cloud.google.com/go/networkmanagement v1.5.0/go.mod h1:ZnOeZ/evzUdUsnvRt792H0uYEnHQEMaz+REhhzJRcf4= +cloud.google.com/go/networkmanagement v1.6.0/go.mod h1:5pKPqyXjB/sgtvB5xqOemumoQNB7y95Q7S+4rjSOPYY= +cloud.google.com/go/networksecurity v0.5.0/go.mod h1:xS6fOCoqpVC5zx15Z/MqkfDwH4+m/61A3ODiDV1xmiQ= +cloud.google.com/go/networksecurity v0.6.0/go.mod h1:Q5fjhTr9WMI5mbpRYEbiexTzROf7ZbDzvzCrNl14nyU= +cloud.google.com/go/networksecurity v0.7.0/go.mod h1:mAnzoxx/8TBSyXEeESMy9OOYwo1v+gZ5eMRnsT5bC8k= +cloud.google.com/go/networksecurity v0.8.0/go.mod h1:B78DkqsxFG5zRSVuwYFRZ9Xz8IcQ5iECsNrPn74hKHU= +cloud.google.com/go/notebooks v1.2.0/go.mod h1:9+wtppMfVPUeJ8fIWPOq1UnATHISkGXGqTkxeieQ6UY= +cloud.google.com/go/notebooks v1.3.0/go.mod h1:bFR5lj07DtCPC7YAAJ//vHskFBxA5JzYlH68kXVdk34= +cloud.google.com/go/notebooks v1.4.0/go.mod h1:4QPMngcwmgb6uw7Po99B2xv5ufVoIQ7nOGDyL4P8AgA= +cloud.google.com/go/notebooks v1.5.0/go.mod h1:q8mwhnP9aR8Hpfnrc5iN5IBhrXUy8S2vuYs+kBJ/gu0= +cloud.google.com/go/notebooks v1.7.0/go.mod h1:PVlaDGfJgj1fl1S3dUwhFMXFgfYGhYQt2164xOMONmE= +cloud.google.com/go/notebooks v1.8.0/go.mod h1:Lq6dYKOYOWUCTvw5t2q1gp1lAp0zxAxRycayS0iJcqQ= +cloud.google.com/go/optimization v1.1.0/go.mod h1:5po+wfvX5AQlPznyVEZjGJTMr4+CAkJf2XSTQOOl9l4= +cloud.google.com/go/optimization v1.2.0/go.mod h1:Lr7SOHdRDENsh+WXVmQhQTrzdu9ybg0NecjHidBq6xs= +cloud.google.com/go/optimization v1.3.1/go.mod h1:IvUSefKiwd1a5p0RgHDbWCIbDFgKuEdB+fPPuP0IDLI= +cloud.google.com/go/orchestration v1.3.0/go.mod h1:Sj5tq/JpWiB//X/q3Ngwdl5K7B7Y0KZ7bfv0wL6fqVA= +cloud.google.com/go/orchestration v1.4.0/go.mod h1:6W5NLFWs2TlniBphAViZEVhrXRSMgUGDfW7vrWKvsBk= +cloud.google.com/go/orchestration v1.6.0/go.mod h1:M62Bevp7pkxStDfFfTuCOaXgaaqRAga1yKyoMtEoWPQ= +cloud.google.com/go/orgpolicy v1.4.0/go.mod h1:xrSLIV4RePWmP9P3tBl8S93lTmlAxjm06NSm2UTmKvE= +cloud.google.com/go/orgpolicy v1.5.0/go.mod h1:hZEc5q3wzwXJaKrsx5+Ewg0u1LxJ51nNFlext7Tanwc= +cloud.google.com/go/orgpolicy v1.10.0/go.mod h1:w1fo8b7rRqlXlIJbVhOMPrwVljyuW5mqssvBtU18ONc= +cloud.google.com/go/osconfig v1.7.0/go.mod h1:oVHeCeZELfJP7XLxcBGTMBvRO+1nQ5tFG9VQTmYS2Fs= +cloud.google.com/go/osconfig v1.8.0/go.mod h1:EQqZLu5w5XA7eKizepumcvWx+m8mJUhEwiPqWiZeEdg= +cloud.google.com/go/osconfig v1.9.0/go.mod h1:Yx+IeIZJ3bdWmzbQU4fxNl8xsZ4amB+dygAwFPlvnNo= +cloud.google.com/go/osconfig v1.10.0/go.mod h1:uMhCzqC5I8zfD9zDEAfvgVhDS8oIjySWh+l4WK6GnWw= +cloud.google.com/go/osconfig v1.11.0/go.mod h1:aDICxrur2ogRd9zY5ytBLV89KEgT2MKB2L/n6x1ooPw= +cloud.google.com/go/oslogin v1.4.0/go.mod h1:YdgMXWRaElXz/lDk1Na6Fh5orF7gvmJ0FGLIs9LId4E= +cloud.google.com/go/oslogin v1.5.0/go.mod h1:D260Qj11W2qx/HVF29zBg+0fd6YCSjSqLUkY/qEenQU= +cloud.google.com/go/oslogin v1.6.0/go.mod h1:zOJ1O3+dTU8WPlGEkFSh7qeHPPSoxrcMbbK1Nm2iX70= +cloud.google.com/go/oslogin v1.7.0/go.mod h1:e04SN0xO1UNJ1M5GP0vzVBFicIe4O53FOfcixIqTyXo= +cloud.google.com/go/oslogin v1.9.0/go.mod h1:HNavntnH8nzrn8JCTT5fj18FuJLFJc4NaZJtBnQtKFs= +cloud.google.com/go/phishingprotection v0.5.0/go.mod h1:Y3HZknsK9bc9dMi+oE8Bim0lczMU6hrX0UpADuMefr0= +cloud.google.com/go/phishingprotection v0.6.0/go.mod h1:9Y3LBLgy0kDTcYET8ZH3bq/7qni15yVUoAxiFxnlSUA= +cloud.google.com/go/phishingprotection v0.7.0/go.mod h1:8qJI4QKHoda/sb/7/YmMQ2omRLSLYSu9bU0EKCNI+Lk= +cloud.google.com/go/policytroubleshooter v1.3.0/go.mod h1:qy0+VwANja+kKrjlQuOzmlvscn4RNsAc0e15GGqfMxg= +cloud.google.com/go/policytroubleshooter v1.4.0/go.mod h1:DZT4BcRw3QoO8ota9xw/LKtPa8lKeCByYeKTIf/vxdE= +cloud.google.com/go/policytroubleshooter v1.5.0/go.mod h1:Rz1WfV+1oIpPdN2VvvuboLVRsB1Hclg3CKQ53j9l8vw= +cloud.google.com/go/policytroubleshooter v1.6.0/go.mod h1:zYqaPTsmfvpjm5ULxAyD/lINQxJ0DDsnWOP/GZ7xzBc= +cloud.google.com/go/privatecatalog v0.5.0/go.mod h1:XgosMUvvPyxDjAVNDYxJ7wBW8//hLDDYmnsNcMGq1K0= +cloud.google.com/go/privatecatalog v0.6.0/go.mod h1:i/fbkZR0hLN29eEWiiwue8Pb+GforiEIBnV9yrRUOKI= +cloud.google.com/go/privatecatalog v0.7.0/go.mod h1:2s5ssIFO69F5csTXcwBP7NPFTZvps26xGzvQ2PQaBYg= +cloud.google.com/go/privatecatalog v0.8.0/go.mod h1:nQ6pfaegeDAq/Q5lrfCQzQLhubPiZhSaNhIgfJlnIXs= +cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= +cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= +cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= +cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= +cloud.google.com/go/pubsub v1.26.0/go.mod h1:QgBH3U/jdJy/ftjPhTkyXNj543Tin1pRYcdcPRnFIRI= +cloud.google.com/go/pubsub v1.27.1/go.mod h1:hQN39ymbV9geqBnfQq6Xf63yNhUAhv9CZhzp5O6qsW0= +cloud.google.com/go/pubsub v1.28.0/go.mod h1:vuXFpwaVoIPQMGXqRyUQigu/AX1S3IWugR9xznmcXX8= +cloud.google.com/go/pubsub v1.30.0/go.mod h1:qWi1OPS0B+b5L+Sg6Gmc9zD1Y+HaM0MdUr7LsupY1P4= +cloud.google.com/go/pubsublite v1.5.0/go.mod h1:xapqNQ1CuLfGi23Yda/9l4bBCKz/wC3KIJ5gKcxveZg= +cloud.google.com/go/pubsublite v1.6.0/go.mod h1:1eFCS0U11xlOuMFV/0iBqw3zP12kddMeCbj/F3FSj9k= +cloud.google.com/go/pubsublite v1.7.0/go.mod h1:8hVMwRXfDfvGm3fahVbtDbiLePT3gpoiJYJY+vxWxVM= +cloud.google.com/go/recaptchaenterprise v1.3.1/go.mod h1:OdD+q+y4XGeAlxRaMn1Y7/GveP6zmq76byL6tjPE7d4= +cloud.google.com/go/recaptchaenterprise/v2 v2.1.0/go.mod h1:w9yVqajwroDNTfGuhmOjPDN//rZGySaf6PtFVcSCa7o= +cloud.google.com/go/recaptchaenterprise/v2 v2.2.0/go.mod h1:/Zu5jisWGeERrd5HnlS3EUGb/D335f9k51B/FVil0jk= +cloud.google.com/go/recaptchaenterprise/v2 v2.3.0/go.mod h1:O9LwGCjrhGHBQET5CA7dd5NwwNQUErSgEDit1DLNTdo= +cloud.google.com/go/recaptchaenterprise/v2 v2.4.0/go.mod h1:Am3LHfOuBstrLrNCBrlI5sbwx9LBg3te2N6hGvHn2mE= +cloud.google.com/go/recaptchaenterprise/v2 v2.5.0/go.mod h1:O8LzcHXN3rz0j+LBC91jrwI3R+1ZSZEWrfL7XHgNo9U= +cloud.google.com/go/recaptchaenterprise/v2 v2.6.0/go.mod h1:RPauz9jeLtB3JVzg6nCbe12qNoaa8pXc4d/YukAmcnA= +cloud.google.com/go/recaptchaenterprise/v2 v2.7.0/go.mod h1:19wVj/fs5RtYtynAPJdDTb69oW0vNHYDBTbB4NvMD9c= +cloud.google.com/go/recommendationengine v0.5.0/go.mod h1:E5756pJcVFeVgaQv3WNpImkFP8a+RptV6dDLGPILjvg= +cloud.google.com/go/recommendationengine v0.6.0/go.mod h1:08mq2umu9oIqc7tDy8sx+MNJdLG0fUi3vaSVbztHgJ4= +cloud.google.com/go/recommendationengine v0.7.0/go.mod h1:1reUcE3GIu6MeBz/h5xZJqNLuuVjNg1lmWMPyjatzac= +cloud.google.com/go/recommender v1.5.0/go.mod h1:jdoeiBIVrJe9gQjwd759ecLJbxCDED4A6p+mqoqDvTg= +cloud.google.com/go/recommender v1.6.0/go.mod h1:+yETpm25mcoiECKh9DEScGzIRyDKpZ0cEhWGo+8bo+c= +cloud.google.com/go/recommender v1.7.0/go.mod h1:XLHs/W+T8olwlGOgfQenXBTbIseGclClff6lhFVe9Bs= +cloud.google.com/go/recommender v1.8.0/go.mod h1:PkjXrTT05BFKwxaUxQmtIlrtj0kph108r02ZZQ5FE70= +cloud.google.com/go/recommender v1.9.0/go.mod h1:PnSsnZY7q+VL1uax2JWkt/UegHssxjUVVCrX52CuEmQ= +cloud.google.com/go/redis v1.7.0/go.mod h1:V3x5Jq1jzUcg+UNsRvdmsfuFnit1cfe3Z/PGyq/lm4Y= +cloud.google.com/go/redis v1.8.0/go.mod h1:Fm2szCDavWzBk2cDKxrkmWBqoCiL1+Ctwq7EyqBCA/A= +cloud.google.com/go/redis v1.9.0/go.mod h1:HMYQuajvb2D0LvMgZmLDZW8V5aOC/WxstZHiy4g8OiA= +cloud.google.com/go/redis v1.10.0/go.mod h1:ThJf3mMBQtW18JzGgh41/Wld6vnDDc/F/F35UolRZPM= +cloud.google.com/go/redis v1.11.0/go.mod h1:/X6eicana+BWcUda5PpwZC48o37SiFVTFSs0fWAJ7uQ= +cloud.google.com/go/resourcemanager v1.3.0/go.mod h1:bAtrTjZQFJkiWTPDb1WBjzvc6/kifjj4QBYuKCCoqKA= +cloud.google.com/go/resourcemanager v1.4.0/go.mod h1:MwxuzkumyTX7/a3n37gmsT3py7LIXwrShilPh3P1tR0= +cloud.google.com/go/resourcemanager v1.5.0/go.mod h1:eQoXNAiAvCf5PXxWxXjhKQoTMaUSNrEfg+6qdf/wots= +cloud.google.com/go/resourcemanager v1.6.0/go.mod h1:YcpXGRs8fDzcUl1Xw8uOVmI8JEadvhRIkoXXUNVYcVo= +cloud.google.com/go/resourcemanager v1.7.0/go.mod h1:HlD3m6+bwhzj9XCouqmeiGuni95NTrExfhoSrkC/3EI= +cloud.google.com/go/resourcesettings v1.3.0/go.mod h1:lzew8VfESA5DQ8gdlHwMrqZs1S9V87v3oCnKCWoOuQU= +cloud.google.com/go/resourcesettings v1.4.0/go.mod h1:ldiH9IJpcrlC3VSuCGvjR5of/ezRrOxFtpJoJo5SmXg= +cloud.google.com/go/resourcesettings v1.5.0/go.mod h1:+xJF7QSG6undsQDfsCJyqWXyBwUoJLhetkRMDRnIoXA= +cloud.google.com/go/retail v1.8.0/go.mod h1:QblKS8waDmNUhghY2TI9O3JLlFk8jybHeV4BF19FrE4= +cloud.google.com/go/retail v1.9.0/go.mod h1:g6jb6mKuCS1QKnH/dpu7isX253absFl6iE92nHwlBUY= +cloud.google.com/go/retail v1.10.0/go.mod h1:2gDk9HsL4HMS4oZwz6daui2/jmKvqShXKQuB2RZ+cCc= +cloud.google.com/go/retail v1.11.0/go.mod h1:MBLk1NaWPmh6iVFSz9MeKG/Psyd7TAgm6y/9L2B4x9Y= +cloud.google.com/go/retail v1.12.0/go.mod h1:UMkelN/0Z8XvKymXFbD4EhFJlYKRx1FGhQkVPU5kF14= +cloud.google.com/go/run v0.2.0/go.mod h1:CNtKsTA1sDcnqqIFR3Pb5Tq0usWxJJvsWOCPldRU3Do= +cloud.google.com/go/run v0.3.0/go.mod h1:TuyY1+taHxTjrD0ZFk2iAR+xyOXEA0ztb7U3UNA0zBo= +cloud.google.com/go/run v0.8.0/go.mod h1:VniEnuBwqjigv0A7ONfQUaEItaiCRVujlMqerPPiktM= +cloud.google.com/go/run v0.9.0/go.mod h1:Wwu+/vvg8Y+JUApMwEDfVfhetv30hCG4ZwDR/IXl2Qg= +cloud.google.com/go/scheduler v1.4.0/go.mod h1:drcJBmxF3aqZJRhmkHQ9b3uSSpQoltBPGPxGAWROx6s= +cloud.google.com/go/scheduler v1.5.0/go.mod h1:ri073ym49NW3AfT6DZi21vLZrG07GXr5p3H1KxN5QlI= +cloud.google.com/go/scheduler v1.6.0/go.mod h1:SgeKVM7MIwPn3BqtcBntpLyrIJftQISRrYB5ZtT+KOk= +cloud.google.com/go/scheduler v1.7.0/go.mod h1:jyCiBqWW956uBjjPMMuX09n3x37mtyPJegEWKxRsn44= +cloud.google.com/go/scheduler v1.8.0/go.mod h1:TCET+Y5Gp1YgHT8py4nlg2Sew8nUHMqcpousDgXJVQc= +cloud.google.com/go/scheduler v1.9.0/go.mod h1:yexg5t+KSmqu+njTIh3b7oYPheFtBWGcbVUYF1GGMIc= +cloud.google.com/go/secretmanager v1.6.0/go.mod h1:awVa/OXF6IiyaU1wQ34inzQNc4ISIDIrId8qE5QGgKA= +cloud.google.com/go/secretmanager v1.8.0/go.mod h1:hnVgi/bN5MYHd3Gt0SPuTPPp5ENina1/LxM+2W9U9J4= +cloud.google.com/go/secretmanager v1.9.0/go.mod h1:b71qH2l1yHmWQHt9LC80akm86mX8AL6X1MA01dW8ht4= +cloud.google.com/go/secretmanager v1.10.0/go.mod h1:MfnrdvKMPNra9aZtQFvBcvRU54hbPD8/HayQdlUgJpU= +cloud.google.com/go/security v1.5.0/go.mod h1:lgxGdyOKKjHL4YG3/YwIL2zLqMFCKs0UbQwgyZmfJl4= +cloud.google.com/go/security v1.7.0/go.mod h1:mZklORHl6Bg7CNnnjLH//0UlAlaXqiG7Lb9PsPXLfD0= +cloud.google.com/go/security v1.8.0/go.mod h1:hAQOwgmaHhztFhiQ41CjDODdWP0+AE1B3sX4OFlq+GU= +cloud.google.com/go/security v1.9.0/go.mod h1:6Ta1bO8LXI89nZnmnsZGp9lVoVWXqsVbIq/t9dzI+2Q= +cloud.google.com/go/security v1.10.0/go.mod h1:QtOMZByJVlibUT2h9afNDWRZ1G96gVywH8T5GUSb9IA= +cloud.google.com/go/security v1.12.0/go.mod h1:rV6EhrpbNHrrxqlvW0BWAIawFWq3X90SduMJdFwtLB8= +cloud.google.com/go/security v1.13.0/go.mod h1:Q1Nvxl1PAgmeW0y3HTt54JYIvUdtcpYKVfIB8AOMZ+0= +cloud.google.com/go/securitycenter v1.13.0/go.mod h1:cv5qNAqjY84FCN6Y9z28WlkKXyWsgLO832YiWwkCWcU= +cloud.google.com/go/securitycenter v1.14.0/go.mod h1:gZLAhtyKv85n52XYWt6RmeBdydyxfPeTrpToDPw4Auc= +cloud.google.com/go/securitycenter v1.15.0/go.mod h1:PeKJ0t8MoFmmXLXWm41JidyzI3PJjd8sXWaVqg43WWk= +cloud.google.com/go/securitycenter v1.16.0/go.mod h1:Q9GMaLQFUD+5ZTabrbujNWLtSLZIZF7SAR0wWECrjdk= +cloud.google.com/go/securitycenter v1.18.1/go.mod h1:0/25gAzCM/9OL9vVx4ChPeM/+DlfGQJDwBy/UC8AKK0= +cloud.google.com/go/securitycenter v1.19.0/go.mod h1:LVLmSg8ZkkyaNy4u7HCIshAngSQ8EcIRREP3xBnyfag= +cloud.google.com/go/servicecontrol v1.4.0/go.mod h1:o0hUSJ1TXJAmi/7fLJAedOovnujSEvjKCAFNXPQ1RaU= +cloud.google.com/go/servicecontrol v1.5.0/go.mod h1:qM0CnXHhyqKVuiZnGKrIurvVImCs8gmqWsDoqe9sU1s= +cloud.google.com/go/servicecontrol v1.10.0/go.mod h1:pQvyvSRh7YzUF2efw7H87V92mxU8FnFDawMClGCNuAA= +cloud.google.com/go/servicecontrol v1.11.0/go.mod h1:kFmTzYzTUIuZs0ycVqRHNaNhgR+UMUpw9n02l/pY+mc= +cloud.google.com/go/servicecontrol v1.11.1/go.mod h1:aSnNNlwEFBY+PWGQ2DoM0JJ/QUXqV5/ZD9DOLB7SnUk= +cloud.google.com/go/servicedirectory v1.4.0/go.mod h1:gH1MUaZCgtP7qQiI+F+A+OpeKF/HQWgtAddhTbhL2bs= +cloud.google.com/go/servicedirectory v1.5.0/go.mod h1:QMKFL0NUySbpZJ1UZs3oFAmdvVxhhxB6eJ/Vlp73dfg= +cloud.google.com/go/servicedirectory v1.6.0/go.mod h1:pUlbnWsLH9c13yGkxCmfumWEPjsRs1RlmJ4pqiNjVL4= +cloud.google.com/go/servicedirectory v1.7.0/go.mod h1:5p/U5oyvgYGYejufvxhgwjL8UVXjkuw7q5XcG10wx1U= +cloud.google.com/go/servicedirectory v1.8.0/go.mod h1:srXodfhY1GFIPvltunswqXpVxFPpZjf8nkKQT7XcXaY= +cloud.google.com/go/servicedirectory v1.9.0/go.mod h1:29je5JjiygNYlmsGz8k6o+OZ8vd4f//bQLtvzkPPT/s= +cloud.google.com/go/servicemanagement v1.4.0/go.mod h1:d8t8MDbezI7Z2R1O/wu8oTggo3BI2GKYbdG4y/SJTco= +cloud.google.com/go/servicemanagement v1.5.0/go.mod h1:XGaCRe57kfqu4+lRxaFEAuqmjzF0r+gWHjWqKqBvKFo= +cloud.google.com/go/servicemanagement v1.6.0/go.mod h1:aWns7EeeCOtGEX4OvZUWCCJONRZeFKiptqKf1D0l/Jc= +cloud.google.com/go/servicemanagement v1.8.0/go.mod h1:MSS2TDlIEQD/fzsSGfCdJItQveu9NXnUniTrq/L8LK4= +cloud.google.com/go/serviceusage v1.3.0/go.mod h1:Hya1cozXM4SeSKTAgGXgj97GlqUvF5JaoXacR1JTP/E= +cloud.google.com/go/serviceusage v1.4.0/go.mod h1:SB4yxXSaYVuUBYUml6qklyONXNLt83U0Rb+CXyhjEeU= +cloud.google.com/go/serviceusage v1.5.0/go.mod h1:w8U1JvqUqwJNPEOTQjrMHkw3IaIFLoLsPLvsE3xueec= +cloud.google.com/go/serviceusage v1.6.0/go.mod h1:R5wwQcbOWsyuOfbP9tGdAnCAc6B9DRwPG1xtWMDeuPA= +cloud.google.com/go/shell v1.3.0/go.mod h1:VZ9HmRjZBsjLGXusm7K5Q5lzzByZmJHf1d0IWHEN5X4= +cloud.google.com/go/shell v1.4.0/go.mod h1:HDxPzZf3GkDdhExzD/gs8Grqk+dmYcEjGShZgYa9URw= +cloud.google.com/go/shell v1.6.0/go.mod h1:oHO8QACS90luWgxP3N9iZVuEiSF84zNyLytb+qE2f9A= +cloud.google.com/go/spanner v1.41.0/go.mod h1:MLYDBJR/dY4Wt7ZaMIQ7rXOTLjYrmxLE/5ve9vFfWos= +cloud.google.com/go/spanner v1.44.0/go.mod h1:G8XIgYdOK+Fbcpbs7p2fiprDw4CaZX63whnSMLVBxjk= +cloud.google.com/go/spanner v1.45.0/go.mod h1:FIws5LowYz8YAE1J8fOS7DJup8ff7xJeetWEo5REA2M= +cloud.google.com/go/speech v1.6.0/go.mod h1:79tcr4FHCimOp56lwC01xnt/WPJZc4v3gzyT7FoBkCM= +cloud.google.com/go/speech v1.7.0/go.mod h1:KptqL+BAQIhMsj1kOP2la5DSEEerPDuOP/2mmkhHhZQ= +cloud.google.com/go/speech v1.8.0/go.mod h1:9bYIl1/tjsAnMgKGHKmBZzXKEkGgtU+MpdDPTE9f7y0= +cloud.google.com/go/speech v1.9.0/go.mod h1:xQ0jTcmnRFFM2RfX/U+rk6FQNUF6DQlydUSyoooSpco= +cloud.google.com/go/speech v1.14.1/go.mod h1:gEosVRPJ9waG7zqqnsHpYTOoAS4KouMRLDFMekpJ0J0= +cloud.google.com/go/speech v1.15.0/go.mod h1:y6oH7GhqCaZANH7+Oe0BhgIogsNInLlz542tg3VqeYI= +cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= +cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= +cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= +cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= +cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= +cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= +cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= +cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= +cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= +cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= +cloud.google.com/go/storagetransfer v1.5.0/go.mod h1:dxNzUopWy7RQevYFHewchb29POFv3/AaBgnhqzqiK0w= +cloud.google.com/go/storagetransfer v1.6.0/go.mod h1:y77xm4CQV/ZhFZH75PLEXY0ROiS7Gh6pSKrM8dJyg6I= +cloud.google.com/go/storagetransfer v1.7.0/go.mod h1:8Giuj1QNb1kfLAiWM1bN6dHzfdlDAVC9rv9abHot2W4= +cloud.google.com/go/storagetransfer v1.8.0/go.mod h1:JpegsHHU1eXg7lMHkvf+KE5XDJ7EQu0GwNJbbVGanEw= +cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= +cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= +cloud.google.com/go/talent v1.3.0/go.mod h1:CmcxwJ/PKfRgd1pBjQgU6W3YBwiewmUzQYH5HHmSCmM= +cloud.google.com/go/talent v1.4.0/go.mod h1:ezFtAgVuRf8jRsvyE6EwmbTK5LKciD4KVnHuDEFmOOA= +cloud.google.com/go/talent v1.5.0/go.mod h1:G+ODMj9bsasAEJkQSzO2uHQWXHHXUomArjWQQYkqK6c= +cloud.google.com/go/texttospeech v1.4.0/go.mod h1:FX8HQHA6sEpJ7rCMSfXuzBcysDAuWusNNNvN9FELDd8= +cloud.google.com/go/texttospeech v1.5.0/go.mod h1:oKPLhR4n4ZdQqWKURdwxMy0uiTS1xU161C8W57Wkea4= +cloud.google.com/go/texttospeech v1.6.0/go.mod h1:YmwmFT8pj1aBblQOI3TfKmwibnsfvhIBzPXcW4EBovc= +cloud.google.com/go/tpu v1.3.0/go.mod h1:aJIManG0o20tfDQlRIej44FcwGGl/cD0oiRyMKG19IQ= +cloud.google.com/go/tpu v1.4.0/go.mod h1:mjZaX8p0VBgllCzF6wcU2ovUXN9TONFLd7iz227X2Xg= +cloud.google.com/go/tpu v1.5.0/go.mod h1:8zVo1rYDFuW2l4yZVY0R0fb/v44xLh3llq7RuV61fPM= +cloud.google.com/go/trace v1.3.0/go.mod h1:FFUE83d9Ca57C+K8rDl/Ih8LwOzWIV1krKgxg6N0G28= +cloud.google.com/go/trace v1.4.0/go.mod h1:UG0v8UBqzusp+z63o7FK74SdFE+AXpCLdFb1rshXG+Y= +cloud.google.com/go/trace v1.8.0/go.mod h1:zH7vcsbAhklH8hWFig58HvxcxyQbaIqMarMg9hn5ECA= +cloud.google.com/go/trace v1.9.0/go.mod h1:lOQqpE5IaWY0Ixg7/r2SjixMuc6lfTFeO4QGM4dQWOk= +cloud.google.com/go/translate v1.3.0/go.mod h1:gzMUwRjvOqj5i69y/LYLd8RrNQk+hOmIXTi9+nb3Djs= +cloud.google.com/go/translate v1.4.0/go.mod h1:06Dn/ppvLD6WvA5Rhdp029IX2Mi3Mn7fpMRLPvXT5Wg= +cloud.google.com/go/translate v1.5.0/go.mod h1:29YDSYveqqpA1CQFD7NQuP49xymq17RXNaUDdc0mNu0= +cloud.google.com/go/translate v1.6.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= +cloud.google.com/go/translate v1.7.0/go.mod h1:lMGRudH1pu7I3n3PETiOB2507gf3HnfLV8qlkHZEyos= +cloud.google.com/go/video v1.8.0/go.mod h1:sTzKFc0bUSByE8Yoh8X0mn8bMymItVGPfTuUBUyRgxk= +cloud.google.com/go/video v1.9.0/go.mod h1:0RhNKFRF5v92f8dQt0yhaHrEuH95m068JYOvLZYnJSw= +cloud.google.com/go/video v1.12.0/go.mod h1:MLQew95eTuaNDEGriQdcYn0dTwf9oWiA4uYebxM5kdg= +cloud.google.com/go/video v1.13.0/go.mod h1:ulzkYlYgCp15N2AokzKjy7MQ9ejuynOJdf1tR5lGthk= +cloud.google.com/go/video v1.14.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= +cloud.google.com/go/video v1.15.0/go.mod h1:SkgaXwT+lIIAKqWAJfktHT/RbgjSuY6DobxEp0C5yTQ= +cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= +cloud.google.com/go/videointelligence v1.7.0/go.mod h1:k8pI/1wAhjznARtVT9U1llUaFNPh7muw8QyOUpavru4= +cloud.google.com/go/videointelligence v1.8.0/go.mod h1:dIcCn4gVDdS7yte/w+koiXn5dWVplOZkE+xwG9FgK+M= +cloud.google.com/go/videointelligence v1.9.0/go.mod h1:29lVRMPDYHikk3v8EdPSaL8Ku+eMzDljjuvRs105XoU= +cloud.google.com/go/videointelligence v1.10.0/go.mod h1:LHZngX1liVtUhZvi2uNS0VQuOzNi2TkY1OakiuoUOjU= +cloud.google.com/go/vision v1.2.0/go.mod h1:SmNwgObm5DpFBme2xpyOyasvBc1aPdjvMk2bBk0tKD0= +cloud.google.com/go/vision/v2 v2.2.0/go.mod h1:uCdV4PpN1S0jyCyq8sIM42v2Y6zOLkZs+4R9LrGYwFo= +cloud.google.com/go/vision/v2 v2.3.0/go.mod h1:UO61abBx9QRMFkNBbf1D8B1LXdS2cGiiCRx0vSpZoUo= +cloud.google.com/go/vision/v2 v2.4.0/go.mod h1:VtI579ll9RpVTrdKdkMzckdnwMyX2JILb+MhPqRbPsY= +cloud.google.com/go/vision/v2 v2.5.0/go.mod h1:MmaezXOOE+IWa+cS7OhRRLK2cNv1ZL98zhqFFZaaH2E= +cloud.google.com/go/vision/v2 v2.6.0/go.mod h1:158Hes0MvOS9Z/bDMSFpjwsUrZ5fPrdwuyyvKSGAGMY= +cloud.google.com/go/vision/v2 v2.7.0/go.mod h1:H89VysHy21avemp6xcf9b9JvZHVehWbET0uT/bcuY/0= +cloud.google.com/go/vmmigration v1.2.0/go.mod h1:IRf0o7myyWFSmVR1ItrBSFLFD/rJkfDCUTO4vLlJvsE= +cloud.google.com/go/vmmigration v1.3.0/go.mod h1:oGJ6ZgGPQOFdjHuocGcLqX4lc98YQ7Ygq8YQwHh9A7g= +cloud.google.com/go/vmmigration v1.5.0/go.mod h1:E4YQ8q7/4W9gobHjQg4JJSgXXSgY21nA5r8swQV+Xxc= +cloud.google.com/go/vmmigration v1.6.0/go.mod h1:bopQ/g4z+8qXzichC7GW1w2MjbErL54rk3/C843CjfY= +cloud.google.com/go/vmwareengine v0.1.0/go.mod h1:RsdNEf/8UDvKllXhMz5J40XxDrNJNN4sagiox+OI208= +cloud.google.com/go/vmwareengine v0.2.2/go.mod h1:sKdctNJxb3KLZkE/6Oui94iw/xs9PRNC2wnNLXsHvH8= +cloud.google.com/go/vmwareengine v0.3.0/go.mod h1:wvoyMvNWdIzxMYSpH/R7y2h5h3WFkx6d+1TIsP39WGY= +cloud.google.com/go/vpcaccess v1.4.0/go.mod h1:aQHVbTWDYUR1EbTApSVvMq1EnT57ppDmQzZ3imqIk4w= +cloud.google.com/go/vpcaccess v1.5.0/go.mod h1:drmg4HLk9NkZpGfCmZ3Tz0Bwnm2+DKqViEpeEpOq0m8= +cloud.google.com/go/vpcaccess v1.6.0/go.mod h1:wX2ILaNhe7TlVa4vC5xce1bCnqE3AeH27RV31lnmZes= +cloud.google.com/go/webrisk v1.4.0/go.mod h1:Hn8X6Zr+ziE2aNd8SliSDWpEnSS1u4R9+xXZmFiHmGE= +cloud.google.com/go/webrisk v1.5.0/go.mod h1:iPG6fr52Tv7sGk0H6qUFzmL3HHZev1htXuWDEEsqMTg= +cloud.google.com/go/webrisk v1.6.0/go.mod h1:65sW9V9rOosnc9ZY7A7jsy1zoHS5W9IAXv6dGqhMQMc= +cloud.google.com/go/webrisk v1.7.0/go.mod h1:mVMHgEYH0r337nmt1JyLthzMr6YxwN1aAIEc2fTcq7A= +cloud.google.com/go/webrisk v1.8.0/go.mod h1:oJPDuamzHXgUc+b8SiHRcVInZQuybnvEW72PqTc7sSg= +cloud.google.com/go/websecurityscanner v1.3.0/go.mod h1:uImdKm2wyeXQevQJXeh8Uun/Ym1VqworNDlBXQevGMo= +cloud.google.com/go/websecurityscanner v1.4.0/go.mod h1:ebit/Fp0a+FWu5j4JOmJEV8S8CzdTkAS77oDsiSqYWQ= +cloud.google.com/go/websecurityscanner v1.5.0/go.mod h1:Y6xdCPy81yi0SQnDY1xdNTNpfY1oAgXUlcfN3B3eSng= +cloud.google.com/go/workflows v1.6.0/go.mod h1:6t9F5h/unJz41YqfBmqSASJSXccBLtD1Vwf+KmJENM0= +cloud.google.com/go/workflows v1.7.0/go.mod h1:JhSrZuVZWuiDfKEFxU0/F1PQjmpnpcoISEXH2bcHC3M= +cloud.google.com/go/workflows v1.8.0/go.mod h1:ysGhmEajwZxGn1OhGOGKsTXc5PyxOc0vfKf5Af+to4M= +cloud.google.com/go/workflows v1.9.0/go.mod h1:ZGkj1aFIOd9c8Gerkjjq7OW7I5+l6cSvT3ujaO/WwSA= +cloud.google.com/go/workflows v1.10.0/go.mod h1:fZ8LmRmZQWacon9UCX1r/g/DfAXx5VcPALq2CxzdePw= +dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= +gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8= +git.sr.ht/~sbinet/gg v0.3.1/go.mod h1:KGYtlADtqsqANL9ueOFkWymvzUvLMQllU5Ixo+8v3pc= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= @@ -17,39 +608,70 @@ github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbt github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= +github.com/JohnCGriffin/overflow v0.0.0-20211019200055-46fa312c352c/go.mod h1:X0CRv0ky0k6m906ixxpzmDRLvX58TFUKS2eePweuyxk= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= +github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= -github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= -github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= +github.com/ajstarks/deck v0.0.0-20200831202436-30c9fc6549a9/go.mod h1:JynElWSGnm/4RlzPXRlREEwqTHAN3T56Bv2ITsFT3gY= +github.com/ajstarks/deck/generate v0.0.0-20210309230005-c3f852c02e19/go.mod h1:T13YZdzov6OU0A1+RfKZiZN9ca6VeKdBdyDV+BY97Tk= +github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw= +github.com/ajstarks/svgo v0.0.0-20211024235047-1546f124cd8b/go.mod h1:1KcenG0jGWcpt8ov532z81sp/kMMUG485J2InIOyADM= +github.com/alecthomas/kingpin/v2 v2.4.0/go.mod h1:0gyi0zQnjuFk8xrkNKamJoyUo382HRL7ATRpFZCw6tE= +github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137/go.mod h1:OMCwj8VM1Kc9e19TLln2VL61YJF0x1XFtfdL4JdbSyE= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= github.com/andreyvit/diff v0.0.0-20170406064948-c7f18ee00883/go.mod h1:rCTlJbsFo29Kk6CurOXKm700vrz8f0KW0JNfpkRJY/8= +github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df h1:7RFfzj4SSt6nnvCPbCqijJi1nWCd+TqAT3bYCStRC18= github.com/antlr/antlr4/runtime/Go/antlr/v4 v4.0.0-20230305170008-8188dc5388df/go.mod h1:pSwJ0fSY5KhvocuWSx4fz3BA8OrA1bQn+K1Eli3BRwM= +github.com/apache/arrow/go/v10 v10.0.1/go.mod h1:YvhnlEePVnBS4+0z3fhPfUy7W1Ikj0Ih0vcRo/gZ1M0= +github.com/apache/arrow/go/v11 v11.0.0/go.mod h1:Eg5OsL5H+e299f7u5ssuXsuHQVEGC4xei5aX110hRiI= +github.com/apache/thrift v0.16.0/go.mod h1:PHK3hniurgQaNMZYaCLEqXKsYK8upmhPbmdP2FXSqgU= github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= -github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= -github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= -github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM= -github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/census-instrumentation/opencensus-proto v0.3.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= +github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= +github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= +github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= +github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= +github.com/cncf/udpa/go v0.0.0-20210930031921-04548b0d99d4/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/udpa/go v0.0.0-20220112060539-c52dc94e7fbe/go.mod h1:6pvJx4me5XPnfI9Z40ddWsdw2W/uZgQLFXToKeRcDiI= +github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20210922020428-25de7278fc84/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211001041855-01bcc9b48dfe/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20220314180256-7f1daf1720fc/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230105202645-06c439db220b/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20230310173818-32f1caf87195/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= @@ -67,6 +689,7 @@ github.com/coreos/pkg v0.0.0-20180108230652-97fdf19511ea/go.mod h1:E3G3o1h8I7cfc github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= +github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -76,6 +699,7 @@ github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= +github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= @@ -83,12 +707,23 @@ github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+m github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc= github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= -github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU= -github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= +github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= +github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= +github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= +github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= +github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= +github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= +github.com/envoyproxy/go-control-plane v0.10.3/go.mod h1:fJJn/j26vwOu972OllsvAgJJM//w9BV6Fxbg2LuVd34= +github.com/envoyproxy/go-control-plane v0.11.0/go.mod h1:VnHyVMpzcLvCFt9yUz1UnCwHLhwx1WguiVDV7pTG/tI= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= +github.com/envoyproxy/protoc-gen-validate v0.6.7/go.mod h1:dyJXwwfPK2VSqiB9Klm1J6romD608Ba7Hij42vrOBCo= +github.com/envoyproxy/protoc-gen-validate v0.9.1/go.mod h1:OKNgG7TCp5pF4d6XftA0++PMirau2/yoOwVac3AbF2w= +github.com/envoyproxy/protoc-gen-validate v0.10.0/go.mod h1:DRjgyB0I43LtJapqN6NiRwroiAU2PaFuvk/vjgh61ss= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.9.0+incompatible h1:fBXyNpNMuTTDdquAq/uisOr2lShz4oaXpDTX2bLe7ls= github.com/evanphx/json-patch v5.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -97,6 +732,8 @@ github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= +github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= @@ -106,10 +743,20 @@ github.com/globalsign/mgo v0.0.0-20180905125535-1ca0a4f7cbcb/go.mod h1:xkRDCp4j0 github.com/globalsign/mgo v0.0.0-20181015135952-eeefdecb41b8/go.mod h1:xkRDCp4j0OGD1HRkm4kmhM+pmpv3AKq5SU7GMg4oO/Q= github.com/go-asn1-ber/asn1-ber v1.5.6 h1:CYsqysemXfEaQbyrLJmdsCRuufHoLa3P/gGWGl5TDrM= github.com/go-asn1-ber/asn1-ber v1.5.6/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= +github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g= +github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks= +github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= +github.com/go-fonts/liberation v0.2.0/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY= +github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY= +github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/go-kit/log v0.2.1/go.mod h1:NwTd00d/i8cPZ3xOwwiv2PO5MOcx78fFErGNcVmBjv0= +github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U= +github.com/go-latex/latex v0.0.0-20210823091927-c0d11ff05a81/go.mod h1:SX0U8uGpxhq9o2S/CELCSUxEWWAuoCUcVCQWv7G2OCk= github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= -github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= +github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KEVveWlfTs= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= @@ -131,15 +778,15 @@ github.com/go-openapi/jsonpointer v0.17.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwds github.com/go-openapi/jsonpointer v0.18.0/go.mod h1:cOnomiV+CVVwFLk0A/MExoFMjwdsUdVpsRhURCKh+3M= github.com/go-openapi/jsonpointer v0.19.2/go.mod h1:3akKfEdA7DF1sugOqz1dVQHBcuDBPKZGEoHC/NkiQRg= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= -github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= -github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= +github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= +github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg= github.com/go-openapi/jsonreference v0.17.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.18.0/go.mod h1:g4xxGn04lDIRh0GJb5QlpE3HfopLOL6uZrK/VgnsK9I= github.com/go-openapi/jsonreference v0.19.2/go.mod h1:jMjeRr2HHw6nAVajTXJ4eiUwohSTlpa0o73RUL1owJc= github.com/go-openapi/jsonreference v0.19.3/go.mod h1:rjx6GuL8TTa9VaixXglHmQmIL98+wF9xc8zWvFonSJ8= -github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= -github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= +github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= +github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/loads v0.17.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.18.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= github.com/go-openapi/loads v0.19.0/go.mod h1:72tmFy5wsWx89uEVddd0RjRWPZm92WRLhf7AC+0+OOU= @@ -162,47 +809,90 @@ github.com/go-openapi/swag v0.17.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/ github.com/go-openapi/swag v0.18.0/go.mod h1:AByQ+nYG6gQg71GINrmuDXCPWdL640yX49/kXLo40Tg= github.com/go-openapi/swag v0.19.2/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= -github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= -github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= +github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= +github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= +github.com/go-pdf/fpdf v0.5.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= +github.com/go-pdf/fpdf v0.6.0/go.mod h1:HzcnA+A23uwogo0tp9yU+l3V+KXhiESpt1PMayhOh5M= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/goccy/go-json v0.9.11/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4= +github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= +github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= +github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw= +github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4= +github.com/golang/mock v1.5.0/go.mod h1:CWnOUgYIOo4TcNZ0wHX3YZCqsaM1I1Jvs6v3mP3KVu8= +github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs= github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw= +github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= +github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8= +github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA= +github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs= +github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w= +github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0= +github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8= +github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= +github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= +github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx4u74HPM= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.17.8 h1:j9m730pMZt1Fc4oKhCLUHfjj6527LuhYcYw0Rl8gqto= github.com/google/cel-go v0.17.8/go.mod h1:HXZKzB0LXqer5lHHgfWAnlYwJaQBDKMjxjulNQzhwhY= +github.com/google/flatbuffers v2.0.8+incompatible/go.mod h1:1AeVuKshWv4vARoZatz6mlQ0JxURH0Kv5+zNeJKJCa8= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= +github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.6/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= +github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= @@ -211,23 +901,67 @@ github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/ github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs= +github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0= +github.com/google/martian/v3 v3.2.1/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= +github.com/google/martian/v3 v3.3.2/go.mod h1:oBOf6HBosgwRXnUGWUB05QECsc6uvmMiJ3+6W4l/CUk= github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328 h1:oI+lCI2DY1BsRrdzMJBhIMxBBdlZJl31YNQC11EiyvA= -github.com/google/pprof v0.0.0-20240125082051-42cd04596328/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc= +github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM= +github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.0/go.mod h1:OJpEgntRZo8ugHpF9hkoLJbS5dSI20XZeXJ9JVywLlM= +github.com/google/s2a-go v0.1.3/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= +github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/googleapis/enterprise-certificate-proxy v0.0.0-20220520183353-fd19c99a87aa/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.1.0/go.mod h1:17drOmN3MwGY7t0e+Ei9b45FFGA3fBs3x36SsCg1hq8= +github.com/googleapis/enterprise-certificate-proxy v0.2.0/go.mod h1:8C0jb7/mgJe/9KK8Lm7X9ctZC2t60YyIpYEI16jx0Qg= +github.com/googleapis/enterprise-certificate-proxy v0.2.1/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= +github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5Nm3pW+v7rGDHp09LsPtGY9MduiEsR9k= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= +github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= +github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= +github.com/googleapis/gax-go/v2 v2.1.1/go.mod h1:hddJymUZASv3XPyGkUpKj8pPO47Rmb0eJc8R6ouapiM= +github.com/googleapis/gax-go/v2 v2.2.0/go.mod h1:as02EH8zWkzwUoLbBaFeQ+arQaj/OthfcblKl4IGNaM= +github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99EXz9pXxye9YM= +github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= +github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= +github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= +github.com/googleapis/gax-go/v2 v2.7.0/go.mod h1:TEop28CZZQ2y+c0VxMUmu1lV+fQx57QpBWsYpwqHJx8= +github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.10.0/go.mod h1:4UOEnMCrxsSqQ940WnTiD6qJ63le2ev3xfyagutxiPw= +github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= +github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= +github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8= github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= -github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= -github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= +github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= @@ -237,8 +971,10 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0 h1:gmcG1KaJ57LophUzW0Hy8NmPhnMZb4M0+kPpLofRdBo= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0 h1:Wqo399gCIufwto+VfwCSvsnfGpF/w5E9CNxSwbpD6No= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.0/go.mod h1:qmOFXW2epJhM0qSnUUYpldc7gVz2KMQwJ/QYCDIa7XU= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.7.0/go.mod h1:hgWBS7lorOAVIJEQMi4ZsPv9hVvWI6+ch50m39Pf2Ks= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3/go.mod h1:o//XUCC/F+yRGJoPO/VU0GSB0f8Nhgmxx0VIRUvaC0w= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0= +github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k= github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= @@ -246,6 +982,9 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= +github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= +github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= @@ -269,20 +1008,30 @@ github.com/jonboulle/clockwork v0.2.2 h1:UOGuzwb1PwsrDAObMuhUnj0p5ULPj8V/xJ7Kx9q github.com/jonboulle/clockwork v0.2.2/go.mod h1:Pkfl5aHPm1nk2H9h0bjmnJD/BcgbGXUBGnn1kMkgxc8= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= +github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU= github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= -github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= +github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes= +github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/asmfmt v1.3.2/go.mod h1:AG8TuvYojzulgDAMCnYn50l/5QV3Bs/tp6j0HLHbNSE= +github.com/klauspost/compress v1.15.9/go.mod h1:PhcZ0MbTNciWF3rruxRgKxI5NkcHHrHUDtV4Yw2GlzU= +github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= +github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -290,6 +1039,9 @@ github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/lyft/protoc-gen-star v0.6.0/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= +github.com/lyft/protoc-gen-star v0.6.1/go.mod h1:TGAoBVkt8w7MPG72TrKIu85MIdXwDuzJYeZuUPFPNwA= +github.com/lyft/protoc-gen-star/v2 v2.0.1/go.mod h1:RcCdONR2ScXaYnQC5tUzxzlpA3WVYF7/opLeUgcQs/o= github.com/magiconair/properties v1.8.0/go.mod h1:PppfXfuXeibc/6YijjN8zIbojt8czPbwD3XqdrwzmxQ= github.com/mailru/easyjson v0.0.0-20160728113105-d5b7844b561a/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20180823135443-60711f1a8329/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= @@ -301,10 +1053,15 @@ github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-runewidth v0.0.2/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/miekg/dns v1.1.58 h1:ca2Hdkz+cDg/7eNF6V56jjzuZ4aCAE+DbVkILdQWG/4= -github.com/miekg/dns v1.1.58/go.mod h1:Ypv+3b/KadlvW9vJfXOTf300O4UqaHFzFCuHz+rPkBY= +github.com/mattn/go-sqlite3 v1.14.14/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU= +github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= +github.com/miekg/dns v1.1.59 h1:C9EXc/UToRwKLhK5wKU/I4QVsBUc8kE6MkHBkeypWZs= +github.com/miekg/dns v1.1.59/go.mod h1:nZpewl5p6IvctfgrckopVx2OlSEHPRO/U4SYkRklrEk= +github.com/minio/asm2plan9s v0.0.0-20200509001527-cdd76441f9d8/go.mod h1:mC1jAcsrzbxHt8iiaC+zU4b1ylILSosueou12R++wfY= +github.com/minio/c2goasm v0.0.0-20190812172519-36a3d3bbc4f3/go.mod h1:RagcQ7I8IeTMnF8JTXieKnO4Z6JCsikNEzj0DwauVzE= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v1.1.2/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -319,68 +1076,83 @@ github.com/munnerz/crd-schema-fuzz v1.0.0/go.mod h1:4z/rcm37JxUkSsExFcLL6ZIT1SgD github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= +github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/olekukonko/tablewriter v0.0.0-20170122224234-a0225b3f23b5/go.mod h1:vsDQFd/mU46D+Z4whnwzcISnGGzXWMclvtLoiIKAKIo= github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw= github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= -github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0 h1:2nosf3P75OZv2/ZO/9Px5ZgZ5gbKrzA3joN1QMfOGMQ= github.com/pavlo-v-chernykh/keystore-go/v4 v4.5.0/go.mod h1:lAVhWwbNaveeJmxrxuSTxMgKpF6DjnuVpn6T8WiBwYQ= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= -github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= +github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= +github.com/phpdave11/gofpdi v1.0.13/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI= +github.com/pierrec/lz4/v4 v4.1.15/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= +github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pkg/sftp v1.10.1/go.mod h1:lYOWFsE0bwd1+KfKJaKeuokY15vzFx25BLbzYYoAxZI= +github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021/go.mod h1:prYjPmNq4d1NPVmpShWobRqXY3q7Vp+80DqgxxUrUIA= -github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= -github.com/prometheus/client_golang v1.0.0/go.mod h1:db9x61etRT2tGnBNRi70OPL5FsnadC4Ky3P0J6CfImo= github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= -github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= +github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= -github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= -github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= +github.com/remyoudompheng/bigfft v0.0.0-20200410134404-eec4a21b6bb0/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= +github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= +github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= +github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs= +github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w= +github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk= github.com/segmentio/asm v1.1.3 h1:WM03sfUOENvvKexOLp+pCqgb/WDjsi7EK8gIsICtzhc= github.com/segmentio/asm v1.1.3/go.mod h1:Ld3L4ZXGNcSLRg4JBsZ3//1+f/TjYl0Mzen/DQy1EJg= github.com/segmentio/encoding v0.4.0 h1:MEBYvRqiUB2nfR2criEXWqwdY6HJOUrCn5hboVOVmy8= github.com/segmentio/encoding v0.4.0/go.mod h1:/d03Cd8PoaDeceuhUUUQWjU0KhWjrmYrWPgtJHYZSnI= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= -github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM= github.com/soheilhy/cmux v0.1.5 h1:jjzc5WVemNEDTLwv9tlmemhC73tI08BNOIGwBOo10Js= github.com/soheilhy/cmux v0.1.5/go.mod h1:T7TcVDs9LWfQgPlPsdngu6I6QIoyIFZDDC6sNE1GqG0= +github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/afero v1.1.2/go.mod h1:j4pytiNVoe2o6bmDsKpLACNPDBIoEAkihy7loJ1B0CQ= github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk= +github.com/spf13/afero v1.3.3/go.mod h1:5KUK8ByomD5Ti5Artl0RtHeI5pTF7MIDuXL3yY520V4= +github.com/spf13/afero v1.6.0/go.mod h1:Ai8FlHk4v/PARR026UzYexafAt9roJ7LcLMAmO6Z93I= +github.com/spf13/afero v1.9.2/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= github.com/spf13/cast v1.3.0/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ= github.com/spf13/cobra v0.0.5/go.mod h1:3K3wKZymM7VvHMDS9+Akkh4K60UwM26emMESw8tLCHU= @@ -403,11 +1175,15 @@ github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpE github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= +github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75 h1:6fotK7otjonDflCTK0BCfls4SPy3NcCVb5dqqmbRknE= @@ -415,25 +1191,32 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20220101234140-673ab2c3ae75/go.mod h1 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/vektah/gqlparser v1.1.2/go.mod h1:1ycwN7Ij5njmMkPPAOaRFY4rET2Enx7IkVv3vaXspKw= +github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8= github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= +github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= +github.com/zeebo/assert v1.3.0/go.mod h1:Pq9JiuJQpG8JLJdtkwrJESF0Foym2/D9XMU5ciN/wJ0= +github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.8 h1:xs88BrvEv273UsB79e0hcVrlUWmS0a8upikMFhSyAtA= go.etcd.io/bbolt v1.3.8/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0fZcnECiDrKJsfxka0= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd/api/v3 v3.5.11 h1:B54KwXbWDHyD3XYAwprxNzTe7vlhR69LuBgZnMVvS7E= -go.etcd.io/etcd/api/v3 v3.5.11/go.mod h1:Ot+o0SWSyT6uHhA56al1oCED0JImsRiU9Dc26+C2a+4= -go.etcd.io/etcd/client/pkg/v3 v3.5.11 h1:bT2xVspdiCj2910T0V+/KHcVKjkUrCZVtk8J2JF2z1A= -go.etcd.io/etcd/client/pkg/v3 v3.5.11/go.mod h1:seTzl2d9APP8R5Y2hFL3NVlD6qC/dOT+3kvrqPyTas4= +go.etcd.io/etcd/api/v3 v3.5.13 h1:8WXU2/NBge6AUF1K1gOexB6e07NgsN1hXK0rSTtgSp4= +go.etcd.io/etcd/api/v3 v3.5.13/go.mod h1:gBqlqkcMMZMVTMm4NDZloEVJzxQOQIls8splbqBDa0c= +go.etcd.io/etcd/client/pkg/v3 v3.5.13 h1:RVZSAnWWWiI5IrYAXjQorajncORbS0zI48LQlE2kQWg= +go.etcd.io/etcd/client/pkg/v3 v3.5.13/go.mod h1:XxHT4u1qU12E2+po+UVPrEeL94Um6zL58ppuJWXSAB8= go.etcd.io/etcd/client/v2 v2.305.10 h1:MrmRktzv/XF8CvtQt+P6wLUlURaNpSDJHFZhe//2QE4= go.etcd.io/etcd/client/v2 v2.305.10/go.mod h1:m3CKZi69HzilhVqtPDcjhSGp+kA1OmbNn0qamH80xjA= -go.etcd.io/etcd/client/v3 v3.5.11 h1:ajWtgoNSZJ1gmS8k+icvPtqsqEav+iUorF7b0qozgUU= -go.etcd.io/etcd/client/v3 v3.5.11/go.mod h1:a6xQUEqFJ8vztO1agJh/KQKOMfFI8og52ZconzcDJwE= +go.etcd.io/etcd/client/v3 v3.5.13 h1:o0fHTNJLeO0MyVbc7I3fsCf6nrOqn5d+diSarKnB2js= +go.etcd.io/etcd/client/v3 v3.5.13/go.mod h1:cqiAeY8b5DEEcpxvgWKsbLIWNM/8Wy2xJSDMtioMcoI= go.etcd.io/etcd/pkg/v3 v3.5.10 h1:WPR8K0e9kWl1gAhB5A7gEa5ZBTNkT9NdNWrR8Qpo1CM= go.etcd.io/etcd/pkg/v3 v3.5.10/go.mod h1:TKTuCKKcF1zxmfKWDkfz5qqYaE3JncKKZPFf8c1nFUs= go.etcd.io/etcd/raft/v3 v3.5.10 h1:cgNAYe7xrsrn/5kXMSaH8kM/Ky8mAdMqGOxyYwpP0LA= @@ -444,24 +1227,34 @@ go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qL go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.2/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 h1:UNQQKPfTDe1J81ViolILjTKPr9WetKW6uei2hFgJmFs= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0/go.mod h1:r9vWsPS/3AQItv3OSlEJ/E4mbrhUbbw18meOjArPtKQ= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 h1:sv9kVfal0MK0wBMCOGr+HeJm9v803BkJxGrk2au7j08= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0/go.mod h1:SK2UL73Zy1quvRPonmOmRDiWk1KBV3LyIeeIxcEApWw= -go.opentelemetry.io/otel v1.23.0 h1:Df0pqjqExIywbMCMTxkAwzjLZtRf+bBKLbUcpxO2C9E= -go.opentelemetry.io/otel v1.23.0/go.mod h1:YCycw9ZeKhcJFrb34iVSkyT0iczq/zYDtZYFufObyB0= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 h1:9M3+rhx7kZCIQQhQRYaZCdNu1V73tm4TvXs2ntl98C4= -go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0/go.mod h1:noq80iT8rrHP1SfybmPiRGc9dc5M8RPmGvtwo7Oo7tc= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 h1:H2JFgRcGiyHg7H7bwcwaQJYrNFqCqrbTQ8K4p1OvDu8= -go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0/go.mod h1:WfCWp1bGoYK8MeULtI15MmQVczfR+bFkk0DF3h06QmQ= -go.opentelemetry.io/otel/metric v1.23.0 h1:pazkx7ss4LFVVYSxYew7L5I6qvLXHA0Ap2pwV+9Cnpo= -go.opentelemetry.io/otel/metric v1.23.0/go.mod h1:MqUW2X2a6Q8RN96E2/nqNoT+z9BSms20Jb7Bbp+HiTo= -go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= -go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/trace v1.23.0 h1:37Ik5Ib7xfYVb4V1UtnT97T1jI+AoIYkJyPkuL4iJgI= -go.opentelemetry.io/otel/trace v1.23.0/go.mod h1:GSGTbIClEsuZrGIzoEHqsVfxgn5UkggkflQwDScNUsk= -go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= -go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= +go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= +go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= +go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= +go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= +go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 h1:A3SayB3rNyt+1S6qpI9mHPkeHTZbD7XILEqWnYZb2l0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0/go.mod h1:27iA5uvhuRNmalO+iEUdVn5ZMj2qy10Mm+XRIpRmyuU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0 h1:1u/AyyOqAWzy+SkPxDpahCNZParHV8Vid1RnI2clyDE= +go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.26.0/go.mod h1:z46paqbJ9l7c9fIPCXTqTGwhQZ5XoTIsfeFYWboizjs= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0 h1:Waw9Wfpo/IXzOI8bCB7DIk+0JZcqqsyn1JFnAc+iam8= +go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.26.0/go.mod h1:wnJIG4fOqyynOnnQF/eQb4/16VlX2EJAHhHgqIqWfAo= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/otel/sdk v1.26.0 h1:Y7bumHf5tAiDlRYFmGqetNcLaVUZmh4iYfmGxtmz7F8= +go.opentelemetry.io/otel/sdk v1.26.0/go.mod h1:0p8MXpqLeJ0pzcszQQN4F0S5FVjBLgypeGSngLsmirs= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= +go.opentelemetry.io/proto/otlp v0.15.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= +go.opentelemetry.io/proto/otlp v0.19.0/go.mod h1:H7XAot3MsfNsj7EXtrA2q5xSNQ10UqI405h3+duxN4U= +go.opentelemetry.io/proto/otlp v1.2.0 h1:pVeZGk7nXDC9O2hncA6nHldxEjm6LByfA2aN8IOkz94= +go.opentelemetry.io/proto/otlp v1.2.0/go.mod h1:gGpR8txAl5M03pDhMC79G6SdqNV26naRm/KDsgaHD8A= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= @@ -469,190 +1262,750 @@ go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= -go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= -golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= +go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= +go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190617133340-57b3e21c3d56/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= +golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= +golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a h1:Q8/wZp0KX97QFTc2ywcOE0YRjZPVIx+MXInMzdvQqcA= -golang.org/x/exp v0.0.0-20240119083558-1b970713d09a/go.mod h1:idGWGoKP1toJGkd5/ig9ZLuPcZBC3ewk7SzmH0uou08= +golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= +golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= +golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek= +golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE= +golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY= +golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= +golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= +golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= +golang.org/x/exp v0.0.0-20220827204233-334a2380cb91/go.mod h1:cyybsKvd6eL0RnXn6p/Grxp8F5bW7iYuBgsNCOHpMYE= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs= +golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= +golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.0.0-20210607152325-775e3b0c77b9/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20210628002857-a66eb6448b8d/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20211028202545-6944b10bf410/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= +golang.org/x/image v0.0.0-20220302094943-723b81ca9867/go.mod h1:023OzeP/+EPmXeapQh35lcL3II3LrY8Ic+EFFKVhULM= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs= +golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/lint v0.0.0-20210508222113-6edffad5e616/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY= +golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE= +golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o= +golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= +golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= +golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= +golang.org/x/mod v0.5.1/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.15.0 h1:SernR4v+D55NyBH2QiEQrlBAnj1ECL6AGrA5+dPaMY8= -golang.org/x/mod v0.15.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.9.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= +golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181005035420-146acd28ed58/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= -golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190320064053-1272bf9dcd53/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= +golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190813141303-74dc4d7220e7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= +golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= +golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= +golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20210813160813-60bc85c4be6d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220325170049-de3da57026de/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= +golang.org/x/net v0.0.0-20220607020251-c690dde0001d/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220617184016-355a448f1bc9/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220624214902-1bab6f366d9e/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20221012135044-0b7e1fb9d458/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk= +golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= +golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= +golang.org/x/net v0.4.0/go.mod h1:MBQ8lrhLObU/6UmLb4fmbmk5OcyYmqtbGd/9yIeKjEE= +golang.org/x/net v0.5.0/go.mod h1:DivGGAXEgPSlEBzxGzZI+ZLohi+xUj054jfeKui00ws= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= +golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= +golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= +golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= +golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220309155454-6242fa91716a/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220411215720-9780585627b5/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= +golang.org/x/oauth2 v0.0.0-20220608161450-d0670ef3b1eb/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220622183110-fd043fe589d2/go.mod h1:jaDAt6Dkxork7LmZnYtzbRWj0W47D86a3TGe0YHBvmE= +golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20221006150949-b44042a4b9c1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg= +golang.org/x/oauth2 v0.4.0/go.mod h1:RznEsdpjGAINPTOF0UH/t+xJ75L18YO3Ho6Pyn+uRec= +golang.org/x/oauth2 v0.5.0/go.mod h1:9/XBHVqLaWO3/BRHs5jbpYCnOZVjj5V0ndyaAM7KB4I= +golang.org/x/oauth2 v0.6.0/go.mod h1:ycmewcwgD4Rpr3eZJLSB4Kyyljb3qDh40vJ8STE5HKw= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.12.0/go.mod h1:A74bZ3aGXgCY0qaIC9Ahg6Lglin4AMAco8cIv9baba4= +golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220819030929-7fc1605a5dde/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= -golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20170830134202-bb24a47a89ea/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191022100944-742c48ecaeb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210514084401-e8d321eab015/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210603125802-9665404d3644/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210816183151-1e6c022a8912/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220128215802-99c3d69c2c27/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220209214540-3681064d5158/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220227234510-4e6760a101f9/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220328115105-d36c6a25d886/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220412211240-33da011f77ad/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220502124256-b6088ccd6cba/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220610221304-9f5ed59c137d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220624220833-87e55d714810/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220829200755-d48e67d00261/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.4.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= +golang.org/x/term v0.3.0/go.mod h1:q750SLmJuPmVoN1blW3UFBPREJfb1KmY3vwxfr+nFDA= +golang.org/x/term v0.4.0/go.mod h1:9P2UbLfCdcvo3p/nzKvsmas4TnlujnuoV9hGgYzW1lQ= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= +golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= +golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= +golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.5.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.6.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220922220347-f3bd1da661af/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.1.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181011042414-1f849cf54d09/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190125232054-d66bd3c5d5a6/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= +golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= +golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= +golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= golang.org/x/tools v0.0.0-20190617190820-da514acc4774/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= +golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= +golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw= +golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8= +golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= +golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= +golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE= +golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201124115921-2c860bdd6e78/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= +golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= +golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= +golang.org/x/tools v0.1.9/go.mod h1:nABZi5QlRsZVlzPpHl034qft6wpY4eDcsTt5AaioBiU= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.18.0 h1:k8NLag8AGHnn+PHbl7g43CtqZAwG60vZkLqgyZgIHgQ= -golang.org/x/tools v0.18.0/go.mod h1:GL7B4CwcLLeo59yx/9UWWuNOW1n3VZ4f5axWfML7Lcg= +golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220411194840-2f41105eb62f/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20220517211312-f3a8303e98df/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220609144429-65e65417b02f/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= +golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo= +gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0= +gonum.org/v1/gonum v0.9.3/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0= +gonum.org/v1/gonum v0.11.0/go.mod h1:fSG4YDCxxUZQJ7rKsQrj0gMOg00Il0Z96/qMA4bVQhA= +gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= +gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc= +gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY= +gonum.org/v1/plot v0.10.1/go.mod h1:VZW5OlhkL1mysU9vaqNHnsy86inf6Ot+jB3r+BczCEo= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= +google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= +google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= +google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI= +google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE= +google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE= +google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM= +google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc= +google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg= +google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE= +google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8= +google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= +google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= +google.golang.org/api v0.47.0/go.mod h1:Wbvgpq1HddcWVtzsVLyfLp8lDg6AA241LmgIL59tHXo= +google.golang.org/api v0.48.0/go.mod h1:71Pr1vy+TAZRPkPs/xlCf5SsU8WjuAWv1Pfjbtukyy4= +google.golang.org/api v0.50.0/go.mod h1:4bNT5pAuq5ji4SRZm+5QIkjny9JAyVD/3gaSihNefaw= +google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00sOU= +google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= +google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.56.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= +google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= +google.golang.org/api v0.61.0/go.mod h1:xQRti5UdCmoCEqFxcz93fTl338AVqDgyaDRuOZ3hg9I= +google.golang.org/api v0.63.0/go.mod h1:gs4ij2ffTRXwuzzgJl/56BdwJaA194ijkfn++9tDuPo= +google.golang.org/api v0.67.0/go.mod h1:ShHKP8E60yPsKNw/w8w+VYaj9H6buA5UqDp8dhbQZ6g= +google.golang.org/api v0.70.0/go.mod h1:Bs4ZM2HGifEvXwd50TtW70ovgJffJYw2oRCOFU/SkfA= +google.golang.org/api v0.71.0/go.mod h1:4PyU6e6JogV1f9eA4voyrTY2batOLdgZ5qZ5HOCc4j8= +google.golang.org/api v0.74.0/go.mod h1:ZpfMZOVRMywNyvJFeqL9HRWBgAuRfSjJFpe9QtRRyDs= +google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.77.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69ljA= +google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw= +google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg= +google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o= +google.golang.org/api v0.85.0/go.mod h1:AqZf8Ep9uZ2pyTvgL+x0D3Zt0eoT9b5E8fmzfu6FO2g= +google.golang.org/api v0.90.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.93.0/go.mod h1:+Sem1dnrKlrXMR/X0bPnMWyluQe4RsNoYfmNLhOIkzw= +google.golang.org/api v0.95.0/go.mod h1:eADj+UBuxkh5zlrSntJghuNeg8HwQ1w5lTKkuqaETEI= +google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= +google.golang.org/api v0.99.0/go.mod h1:1YOf74vkVndF7pG6hIHuINsM7eWwpVTAfNMNiL91A08= +google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= +google.golang.org/api v0.102.0/go.mod h1:3VFl6/fzoA+qNuS1N1/VfXY4LjoXN/wzeIp7TweWwGo= +google.golang.org/api v0.103.0/go.mod h1:hGtW6nK1AC+d9si/UBhw8Xli+QMOf6xyNAyJw4qU9w0= +google.golang.org/api v0.106.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= +google.golang.org/api v0.107.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= +google.golang.org/api v0.108.0/go.mod h1:2Ts0XTHNVWxypznxWOYUeI4g3WdP9Pk2Qk58+a/O9MY= +google.golang.org/api v0.110.0/go.mod h1:7FC4Vvx1Mooxh8C5HWjzZHcavuS2f6pmJpZx60ca7iI= +google.golang.org/api v0.111.0/go.mod h1:qtFHvU9mhgTJegR31csQ+rwxyUTHOKFqCKWp1J0fdw0= +google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= +google.golang.org/api v0.118.0/go.mod h1:76TtD3vkgmZ66zZzp72bUUklpmQmKlhh6sYtIjYK+5E= +google.golang.org/api v0.122.0/go.mod h1:gcitW0lvnyWjSp9nKxAbdHKIZ6vF4aajGueeslZOyms= +google.golang.org/api v0.124.0/go.mod h1:xu2HQurE5gi/3t1aFCvhPD781p0a3p11sdunTJ2BlP4= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= -google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM= -google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds= +google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0= +google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= +google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe h1:USL2DhxfgRchafRvt/wYyyQNzwgL7ZiURcozOE/Pkvo= -google.golang.org/genproto v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe h1:0poefMBYvYbs7g5UkjS6HcxBPaTRAmznle9jnxYoAI8= -google.golang.org/genproto/googleapis/api v0.0.0-20240125205218-1f4bbc51befe/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014 h1:FSL3lRCkhaPFxqi0s9o+V4UI2WTzAVOvkgbd4kVV4Wg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240205150955-31a09d347014/go.mod h1:SaPjaZGWb0lPqs6Ittu0spdfrOArqji4ZdeP5IC/9N4= +google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8= +google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA= +google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= +google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= +google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= +google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= +google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210222152913-aa3ee6e6a81c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210303154014-9728d6b83eeb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= +google.golang.org/genproto v0.0.0-20210329143202-679c6ae281ee/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= +google.golang.org/genproto v0.0.0-20210513213006-bf773b8c8384/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= +google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210604141403-392c879c8b08/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210608205507-b6d2f5bf0d7d/go.mod h1:UODoCrxHCcBojKKwX1terBiRUaqAsFqJiF615XL43r0= +google.golang.org/genproto v0.0.0-20210624195500-8bfb893ecb84/go.mod h1:SzzZ/N+nwJDaO1kznhnlzqS8ocJICar6hYhVyhi++24= +google.golang.org/genproto v0.0.0-20210713002101-d411969a0d9a/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210716133855-ce7ef5c701ea/go.mod h1:AxrInvYm1dci+enl5hChSFPOmmUF1+uAa/UsgNRWd7k= +google.golang.org/genproto v0.0.0-20210728212813-7823e685a01f/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210805201207-89edb61ffb67/go.mod h1:ob2IJxKrgPT52GcgX759i1sleT07tiKowYBGbczaW48= +google.golang.org/genproto v0.0.0-20210813162853-db860fec028c/go.mod h1:cFeNkxwySK631ADgubI+/XFU/xp8FD5KIVV4rj8UC5w= +google.golang.org/genproto v0.0.0-20210821163610-241b8fcbd6c8/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210828152312-66f60bf46e71/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210909211513-a8c4777a87af/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= +google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220222213610-43724f9ea8cf/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220304144024-325a89244dc8/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220310185008-1973136f34c6/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= +google.golang.org/genproto v0.0.0-20220324131243-acbaeb5b85eb/go.mod h1:hAL49I2IFola2sVEjAn7MEwsja0xp51I0tlGAf9hz4E= +google.golang.org/genproto v0.0.0-20220329172620-7be39ac1afc7/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220407144326-9054f6ed7bac/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220413183235-5e96e2839df9/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220414192740-2d67ff6cf2b4/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220421151946-72621c1f0bd3/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220429170224-98d788798c3e/go.mod h1:8w6bsBMX6yCPbAVTeqQHvzxW0EIFigd5lZyahWgyfDo= +google.golang.org/genproto v0.0.0-20220502173005-c8bf987b8c21/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220505152158-f39f71e6c8f3/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220518221133-4f43b3371335/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220523171625-347a074981d8/go.mod h1:RAyBrSAP7Fh3Nc84ghnVLDPuV51xc9agzmm4Ph6i0Q4= +google.golang.org/genproto v0.0.0-20220608133413-ed9918b62aac/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220616135557-88e70c0c3a90/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220617124728-180714bec0ad/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220624142145-8cd45d7dbd1f/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220628213854-d9e0b6570c03/go.mod h1:KEWEmljWE5zPzLBa/oHl6DaEt9LmfH6WtH1OHIvleBA= +google.golang.org/genproto v0.0.0-20220722212130-b98a9ff5e252/go.mod h1:GkXuJDJ6aQ7lnJcRF+SJVgFdQhypqgl3LB1C9vabdRE= +google.golang.org/genproto v0.0.0-20220801145646-83ce21fca29f/go.mod h1:iHe1svFLAZg9VWz891+QbRMwUv9O/1Ww+/mngYeThbc= +google.golang.org/genproto v0.0.0-20220815135757-37a418bb8959/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220817144833-d7fd3f11b9b1/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220822174746-9e6da59bd2fc/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220829144015-23454907ede3/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220829175752-36a9c930ecbf/go.mod h1:dbqgFATTzChvnt+ujMdZwITVAJHFtfyN1qUhDqEiIlk= +google.golang.org/genproto v0.0.0-20220913154956-18f8339a66a5/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220914142337-ca0e39ece12f/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220915135415-7fd63a7952de/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220916172020-2692e8806bfa/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220919141832-68c03719ef51/go.mod h1:0Nb8Qy+Sk5eDzHnzlStwW3itdNaWoZA5XeSG+R3JHSo= +google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006/go.mod h1:ht8XFiar2npT/g4vkk7O0WYS1sHOHbdujxbEp7CJWbw= +google.golang.org/genproto v0.0.0-20220926165614-551eb538f295/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= +google.golang.org/genproto v0.0.0-20220926220553-6981cbe3cfce/go.mod h1:woMGP53BroOrRY3xTxlbr8Y3eB/nzAvvFM83q7kG2OI= +google.golang.org/genproto v0.0.0-20221010155953-15ba04fc1c0e/go.mod h1:3526vdqwhZAwq4wsRUaVG555sVgsNmIjRtO7t/JH29U= +google.golang.org/genproto v0.0.0-20221014173430-6e2ab493f96b/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= +google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz9N9Jx0QA82PqRVauvCz1SGSz739p0f183jM= +google.golang.org/genproto v0.0.0-20221024153911-1573dae28c9c/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= +google.golang.org/genproto v0.0.0-20221024183307-1bc688fe9f3e/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= +google.golang.org/genproto v0.0.0-20221027153422-115e99e71e1c/go.mod h1:CGI5F/G+E5bKwmfYo09AXuVN4dD894kIKUFmVbP2/Fo= +google.golang.org/genproto v0.0.0-20221109142239-94d6d90a7d66/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221114212237-e4508ebdbee1/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221117204609-8f9c96812029/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221118155620-16455021b5e6/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221201164419-0e50fba7f41c/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221201204527-e3fa12d562f3/go.mod h1:rZS5c/ZVYMaOGBfO68GWtjOw/eLaZM1X6iVtgjZ+EWg= +google.golang.org/genproto v0.0.0-20221202195650-67e5cbc046fd/go.mod h1:cTsE614GARnxrLsqKREzmNYJACSWWpAWdNMwnD7c2BE= +google.golang.org/genproto v0.0.0-20221227171554-f9683d7f8bef/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230110181048-76db0878b65f/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230112194545-e10362b5ecf9/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230113154510-dbe35b8444a5/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230123190316-2c411cf9d197/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230124163310-31e0e69b6fc2/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230125152338-dcaf20b6aeaa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230127162408-596548ed4efa/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230209215440-0dfe4f8abfcc/go.mod h1:RGgjbofJ8xD9Sq1VVhDM1Vok1vRONV+rg+CjzG4SZKM= +google.golang.org/genproto v0.0.0-20230216225411-c8e22ba71e44/go.mod h1:8B0gmkoRebU8ukX6HP+4wrVQUY1+6PkQ44BSyIlflHA= +google.golang.org/genproto v0.0.0-20230222225845-10f96fb3dbec/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= +google.golang.org/genproto v0.0.0-20230223222841-637eb2293923/go.mod h1:3Dl5ZL0q0isWJt+FVcfpQyirqemEuLAK/iFvg1UP1Hw= +google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488/go.mod h1:TvhZT5f700eVlTNwND1xoEZQeWTB2RY/65kplwl/bFA= +google.golang.org/genproto v0.0.0-20230306155012-7f2fa6fef1f4/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230320184635-7606e756e683/go.mod h1:NWraEVixdDnqcqQ30jipen1STv2r/n24Wb7twVTGR4s= +google.golang.org/genproto v0.0.0-20230323212658-478b75c54725/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230330154414-c0448cd141ea/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230331144136-dcfb400f0633/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230403163135-c38d8f061ccd/go.mod h1:UUQDJDOlWu4KYeJZffbWgBkS1YFobzKbLVfK69pe0Ak= +google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1/go.mod h1:nKE/iIaLqn2bQwXBg8f1g2Ylh6r5MN5CmZvuzZCgsCU= +google.golang.org/genproto v0.0.0-20230525234025-438c736192d0/go.mod h1:9ExIQyXL5hZrHzQceCwuSYwZZ5QZBazOcprJ5rgs3lY= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= +google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda h1:wu/KJm9KJwpfHWhkkZGohVC6KRrc1oJNr4jwtQMOQXw= +google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda/go.mod h1:g2LLCvCeCSir/JJSWosk19BR4NVxGqHUC6rxIRsd7Aw= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234020-1aefcd67740a/go.mod h1:ts19tUU+Z0ZShN1y3aPyq2+O3d5FUNNgT6FtOzmrNn8= +google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= +google.golang.org/genproto/googleapis/bytestream v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:ylj+BE99M198VPbBh6A8d9n3w8fChvyLK3wwBOjXBFA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234015-3fc162c6f38a/go.mod h1:xURIpW9ES5+/GZhnV6beoEtxQrnkRGIfP5VQG2tCBLc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230525234030-28d5490b6b19/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= +google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= +google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= +google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60= +google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= +google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= +google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= +google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= +google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= +google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= +google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.37.1/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.38.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= +google.golang.org/grpc v1.39.0/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnDzfrE= +google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.40.1/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= +google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.44.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= +google.golang.org/grpc v1.46.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.46.2/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.47.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACuMGWk= +google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= +google.golang.org/grpc v1.51.0/go.mod h1:wgNDFcnuBGmxLKI/qn4T+m5BtEBYXJPvibbUPsAIPww= +google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5vorUY= +google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= +google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= +google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= +google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= +google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= +google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= +google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE= +google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo= +google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= +google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= +google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= -gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.29.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/cheggaaa/pb.v1 v1.0.25/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qStrOgw= +gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= @@ -665,6 +2018,7 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWD gopkg.in/yaml.v2 v2.0.0-20170812160011-eb3733d160e7/go.mod h1:JAlM8MvJe8wmxCU4Bli9HhUf9+ttbYbLASfIpnQbh74= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= @@ -675,26 +2029,31 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= +honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= +honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= +honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= k8s.io/api v0.18.0/go.mod h1:q2HRQkfDzHMBZL9l/y9rH63PkQl4vae0xRT+8prbrK8= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= k8s.io/apiextensions-apiserver v0.18.0/go.mod h1:18Cwn1Xws4xnWQNC00FLq1E350b9lUF+aOdIWDOZxgo= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= k8s.io/apimachinery v0.18.0/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/apiserver v0.18.0/go.mod h1:3S2O6FeBBd6XTo0njUrLxiqk8GNy6wWOftjhJcXYnjw= -k8s.io/apiserver v0.30.0 h1:QCec+U72tMQ+9tR6A0sMBB5Vh6ImCEkoKkTDRABWq6M= -k8s.io/apiserver v0.30.0/go.mod h1:smOIBq8t0MbKZi7O7SyIpjPsiKJ8qa+llcFCluKyqiY= +k8s.io/apiserver v0.30.1 h1:BEWEe8bzS12nMtDKXzCF5Q5ovp6LjjYkSp8qOPk8LZ8= +k8s.io/apiserver v0.30.1/go.mod h1:i87ZnQ+/PGAmSbD/iEKM68bm1D5reX8fO4Ito4B01mo= k8s.io/client-go v0.18.0/go.mod h1:uQSYDYs4WhVZ9i6AIoEZuwUggLVEF64HOD37boKAtF8= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= k8s.io/code-generator v0.18.0/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= k8s.io/component-base v0.18.0/go.mod h1:u3BCg0z1uskkzrnAKFzulmYaEpZF7XC9Pf/uFyb1v2c= -k8s.io/component-base v0.30.0 h1:cj6bp38g0ainlfYtaOQuRELh5KSYjhKxM+io7AUIk4o= -k8s.io/component-base v0.30.0/go.mod h1:V9x/0ePFNaKeKYA3bOvIbrNoluTSG+fSJKjLdjOoeXQ= +k8s.io/component-base v0.30.1 h1:bvAtlPh1UrdaZL20D9+sWxsJljMi0QZ3Lmw+kmZAaxQ= +k8s.io/component-base v0.30.1/go.mod h1:e/X9kDiOebwlI41AvBHuWdqFriSRrX50CdwA9TFaHLI= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= @@ -702,23 +2061,61 @@ k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-aggregator v0.30.0 h1:+Opc0lmhRmHbNM4m3mLSsUFmK/ikMapO9rvGirX5CEM= -k8s.io/kube-aggregator v0.30.0/go.mod h1:KbZZkSSjYE6vkB2TSuZ9GBjU3ucgL7YxT8yX8wll0iQ= +k8s.io/kube-aggregator v0.30.1 h1:ymR2BsxDacTKwzKTuNhGZttuk009c+oZbSeD+IPX5q4= +k8s.io/kube-aggregator v0.30.1/go.mod h1:SFbqWsM6ea8dHd3mPLsZFzJHbjBOS5ykIgJh4znZ5iQ= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag= -k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= k8s.io/kubectl v0.30.0 h1:xbPvzagbJ6RNYVMVuiHArC1grrV5vSmmIcSZuCdzRyk= k8s.io/kubectl v0.30.0/go.mod h1:zgolRw2MQXLPwmic2l/+iHs239L49fhSeICuMhQQXTI= k8s.io/utils v0.0.0-20200324210504-a9aa75ae1b89/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= -k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +lukechampine.com/uint128 v1.1.1/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= +lukechampine.com/uint128 v1.2.0/go.mod h1:c4eWIwlEGaxC/+H1VguhU4PHXNWDCDMUlWdIWl2j1gk= +modernc.org/cc/v3 v3.36.0/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/cc/v3 v3.36.2/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/cc/v3 v3.36.3/go.mod h1:NFUHyPn4ekoC/JHeZFfZurN6ixxawE1BnVonP/oahEI= +modernc.org/ccgo/v3 v3.0.0-20220428102840-41399a37e894/go.mod h1:eI31LL8EwEBKPpNpA4bU1/i+sKOwOrQy8D87zWUcRZc= +modernc.org/ccgo/v3 v3.0.0-20220430103911-bc99d88307be/go.mod h1:bwdAnOoaIt8Ax9YdWGjxWsdkPcZyRPHqrOvJxaKAKGw= +modernc.org/ccgo/v3 v3.16.4/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= +modernc.org/ccgo/v3 v3.16.6/go.mod h1:tGtX0gE9Jn7hdZFeU88slbTh1UtCYKusWOoCJuvkWsQ= +modernc.org/ccgo/v3 v3.16.8/go.mod h1:zNjwkizS+fIFDrDjIAgBSCLkWbJuHF+ar3QRn+Z9aws= +modernc.org/ccgo/v3 v3.16.9/go.mod h1:zNMzC9A9xeNUepy6KuZBbugn3c0Mc9TeiJO4lgvkJDo= +modernc.org/ccorpus v1.11.6/go.mod h1:2gEUTrWqdpH2pXsmTM1ZkjeSrUWDpjMu2T6m29L/ErQ= +modernc.org/httpfs v1.0.6/go.mod h1:7dosgurJGp0sPaRanU53W4xZYKh14wfzX420oZADeHM= +modernc.org/libc v0.0.0-20220428101251-2d5f3daf273b/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= +modernc.org/libc v1.16.0/go.mod h1:N4LD6DBE9cf+Dzf9buBlzVJndKr/iJHG97vGLHYnb5A= +modernc.org/libc v1.16.1/go.mod h1:JjJE0eu4yeK7tab2n4S1w8tlWd9MxXLRzheaRnAKymU= +modernc.org/libc v1.16.17/go.mod h1:hYIV5VZczAmGZAnG15Vdngn5HSF5cSkbvfz2B7GRuVU= +modernc.org/libc v1.16.19/go.mod h1:p7Mg4+koNjc8jkqwcoFBJx7tXkpj00G77X7A72jXPXA= +modernc.org/libc v1.17.0/go.mod h1:XsgLldpP4aWlPlsjqKRdHPqCxCjISdHfM/yeWC5GyW0= +modernc.org/libc v1.17.1/go.mod h1:FZ23b+8LjxZs7XtFMbSzL/EhPxNbfZbErxEHc7cbD9s= +modernc.org/mathutil v1.2.2/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/mathutil v1.4.1/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/mathutil v1.5.0/go.mod h1:mZW8CKdRPY1v87qxC/wUdX5O1qDzXMP5TH3wjfpga6E= +modernc.org/memory v1.1.1/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= +modernc.org/memory v1.2.0/go.mod h1:/0wo5ibyrQiaoUoH7f9D8dnglAmILJ5/cxZlRECf+Nw= +modernc.org/memory v1.2.1/go.mod h1:PkUhL0Mugw21sHPeskwZW4D6VscE/GQJOnIpCnW6pSU= +modernc.org/opt v0.1.1/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= +modernc.org/opt v0.1.3/go.mod h1:WdSiB5evDcignE70guQKxYUl14mgWtbClRi5wmkkTX0= +modernc.org/sqlite v1.18.1/go.mod h1:6ho+Gow7oX5V+OiOQ6Tr4xeqbx13UZ6t+Fw9IRUG4d4= +modernc.org/strutil v1.1.1/go.mod h1:DE+MQQ/hjKBZS2zNInV5hhcipt5rLPWkmpbGeW5mmdw= +modernc.org/strutil v1.1.3/go.mod h1:MEHNA7PdEnEwLvspRMtWTNnp2nnyvMfkimT1NKNAGbw= +modernc.org/tcl v1.13.1/go.mod h1:XOLfOwzhkljL4itZkK6T72ckMgvj0BDsnKNdZVUOecw= +modernc.org/token v1.0.0/go.mod h1:UGzOrNV1mAFSEB63lOFHIpNRUVMvYTc6yu1SMY/XTDM= +modernc.org/z v1.5.1/go.mod h1:eWFB510QWW5Th9YGZT81s+LwvaAs3Q2yr4sP0rmLkv8= +rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= +rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= +rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0 h1:/U5vjBbQn3RChhv7P11uhYvCSm5G2GaIi5AIGBS6r4c= -sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.29.0/go.mod h1:z7+wmGM2dfIiLRfrC6jb5kV2Mq/sK1ZP303cxzkV5Y4= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= -sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= -sigs.k8s.io/gateway-api v1.0.0/go.mod h1:4cUgr0Lnp5FZ0Cdq8FdRwCvpiWws7LVhLHGIudLlf4c= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3 h1:2770sDpzrjjsAtVhSeUFseziht227YAWYHLGNM8QPwY= +sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.30.3/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM= +sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= From 515559ac7ccd31a191bd8b2d6d6ebc1625d913b7 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 17 May 2024 09:33:41 +0200 Subject: [PATCH 137/177] re-generate crds Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- deploy/crds/crd-challenges.yaml | 22 +++++++++++----------- deploy/crds/crd-clusterissuers.yaml | 22 +++++++++++----------- deploy/crds/crd-issuers.yaml | 22 +++++++++++----------- 3 files changed, 33 insertions(+), 33 deletions(-) diff --git a/deploy/crds/crd-challenges.yaml b/deploy/crds/crd-challenges.yaml index 5db7f43c45e..8ffad4170d6 100644 --- a/deploy/crds/crd-challenges.yaml +++ b/deploy/crds/crd-challenges.yaml @@ -630,7 +630,7 @@ spec: * Gateway (Gateway conformance profile) - * Service (Mesh conformance profile, experimental, ClusterIP Services only) + * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent @@ -665,7 +665,7 @@ spec: * Gateway (Gateway conformance profile) - * Service (Mesh conformance profile, experimental, ClusterIP Services only) + * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific. @@ -752,9 +752,6 @@ spec: Support: Extended - - - type: integer format: int32 maximum: 65535 @@ -765,14 +762,12 @@ spec: following resources, SectionName is interpreted as the following: - * Gateway: Listener Name. When both Port (experimental) and SectionName + * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. - * Service: Port Name. When both Port (experimental) and SectionName + * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match - both specified values. Note that attaching Routes to Services as Parents - is part of experimental Mesh support and is not supported for any other - purpose. + both specified values. Implementations MAY choose to support attaching Routes to other resources. @@ -1779,9 +1774,14 @@ spec: name: description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string + default: "" x-kubernetes-map-type: atomic nodeSelector: description: |- diff --git a/deploy/crds/crd-clusterissuers.yaml b/deploy/crds/crd-clusterissuers.yaml index c0effdb0bf1..01c374561f9 100644 --- a/deploy/crds/crd-clusterissuers.yaml +++ b/deploy/crds/crd-clusterissuers.yaml @@ -737,7 +737,7 @@ spec: * Gateway (Gateway conformance profile) - * Service (Mesh conformance profile, experimental, ClusterIP Services only) + * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent @@ -772,7 +772,7 @@ spec: * Gateway (Gateway conformance profile) - * Service (Mesh conformance profile, experimental, ClusterIP Services only) + * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific. @@ -859,9 +859,6 @@ spec: Support: Extended - - - type: integer format: int32 maximum: 65535 @@ -872,14 +869,12 @@ spec: following resources, SectionName is interpreted as the following: - * Gateway: Listener Name. When both Port (experimental) and SectionName + * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. - * Service: Port Name. When both Port (experimental) and SectionName + * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match - both specified values. Note that attaching Routes to Services as Parents - is part of experimental Mesh support and is not supported for any other - purpose. + both specified values. Implementations MAY choose to support attaching Routes to other resources. @@ -1886,9 +1881,14 @@ spec: name: description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string + default: "" x-kubernetes-map-type: atomic nodeSelector: description: |- diff --git a/deploy/crds/crd-issuers.yaml b/deploy/crds/crd-issuers.yaml index 12a291b6d6c..bc75735c5e4 100644 --- a/deploy/crds/crd-issuers.yaml +++ b/deploy/crds/crd-issuers.yaml @@ -737,7 +737,7 @@ spec: * Gateway (Gateway conformance profile) - * Service (Mesh conformance profile, experimental, ClusterIP Services only) + * Service (Mesh conformance profile, ClusterIP Services only) This API may be extended in the future to support additional kinds of parent @@ -772,7 +772,7 @@ spec: * Gateway (Gateway conformance profile) - * Service (Mesh conformance profile, experimental, ClusterIP Services only) + * Service (Mesh conformance profile, ClusterIP Services only) Support for other resources is Implementation-Specific. @@ -859,9 +859,6 @@ spec: Support: Extended - - - type: integer format: int32 maximum: 65535 @@ -872,14 +869,12 @@ spec: following resources, SectionName is interpreted as the following: - * Gateway: Listener Name. When both Port (experimental) and SectionName + * Gateway: Listener name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match both specified values. - * Service: Port Name. When both Port (experimental) and SectionName + * Service: Port name. When both Port (experimental) and SectionName are specified, the name and port of the selected listener must match - both specified values. Note that attaching Routes to Services as Parents - is part of experimental Mesh support and is not supported for any other - purpose. + both specified values. Implementations MAY choose to support attaching Routes to other resources. @@ -1886,9 +1881,14 @@ spec: name: description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string + default: "" x-kubernetes-map-type: atomic nodeSelector: description: |- From c1fe43efe723ec27ef157205606cb127c82472c7 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 17 May 2024 10:42:43 +0200 Subject: [PATCH 138/177] bump code generators Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- hack/k8s-codegen.sh | 99 ++++++------------- hack/openapi_reports/acme.txt | 5 - klone.yaml | 14 +-- make/_shared/tools/00_mod.mk | 9 +- make/ci.mk | 15 --- .../webhook/openapi/zz_generated.openapi.go | 4 +- 6 files changed, 43 insertions(+), 103 deletions(-) diff --git a/hack/k8s-codegen.sh b/hack/k8s-codegen.sh index 01d33abdef2..386b187b2c7 100755 --- a/hack/k8s-codegen.sh +++ b/hack/k8s-codegen.sh @@ -26,21 +26,7 @@ defaultergen=$5 conversiongen=$6 openapigen=$7 -# If the envvar "VERIFY_ONLY" is set, we only check if everything's up to date -# and don't actually generate anything - -VERIFY_FLAGS="" -VERB="Generating" - -if [[ ${VERIFY_ONLY:-} ]]; then - VERIFY_FLAGS="--verify-only" - VERB="Verifying" -fi - -export VERIFY_FLAGS -export VERB - -echo "+++ ${VERB} code..." >&2 +echo "+++ Generating code..." >&2 module_name="github.com/cert-manager/cert-manager" @@ -113,11 +99,6 @@ conversion_inputs=( # clean will delete files matching name in path. clean() { - if [[ ${VERIFY_ONLY:-} ]]; then - # don't delete files if we're only verifying - return 0 - fi - path=$1 name=$2 if [[ ! -d "$path" ]]; then @@ -128,90 +109,76 @@ clean() { gen-openapi-acme() { clean pkg/acme/webhook/openapi 'zz_generated.openapi.go' - echo "+++ ${VERB} ACME openapi..." >&2 + echo "+++ Generating ACME openapi..." >&2 mkdir -p hack/openapi_reports "$openapigen" \ - ${VERIFY_FLAGS} \ --go-header-file "hack/boilerplate-go.txt" \ --report-filename "hack/openapi_reports/acme.txt" \ - --input-dirs "k8s.io/apimachinery/pkg/version" \ - --input-dirs "k8s.io/apimachinery/pkg/runtime" \ - --input-dirs "k8s.io/apimachinery/pkg/apis/meta/v1" \ - --input-dirs "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" \ - --input-dirs "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" \ - --trim-path-prefix "github.com/cert-manager/cert-manager" \ - --output-package "github.com/cert-manager/cert-manager/pkg/acme/webhook/openapi" \ - --output-base ./ \ - -O zz_generated.openapi + --output-dir ./pkg/acme/webhook/openapi/ \ + --output-pkg "github.com/cert-manager/cert-manager/pkg/acme/webhook/openapi" \ + --output-file zz_generated.openapi.go \ + "k8s.io/apimachinery/pkg/version" \ + "k8s.io/apimachinery/pkg/runtime" \ + "k8s.io/apimachinery/pkg/apis/meta/v1" \ + "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" \ + "github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1" } gen-deepcopy() { clean pkg/apis 'zz_generated.deepcopy.go' clean pkg/acme/webhook/apis 'zz_generated.deepcopy.go' clean pkg/webhook/handlers/testdata/apis 'zz_generated.deepcopy.go' - echo "+++ ${VERB} deepcopy methods..." >&2 + echo "+++ Generating deepcopy methods..." >&2 prefixed_inputs=( "${deepcopy_inputs[@]/#/$module_name/}" ) - joined=$( IFS=$','; echo "${prefixed_inputs[*]}" ) "$deepcopygen" \ - ${VERIFY_FLAGS} \ --go-header-file hack/boilerplate-go.txt \ - --input-dirs "$joined" \ - --output-file-base zz_generated.deepcopy \ - --trim-path-prefix="$module_name" \ + --output-file zz_generated.deepcopy.go \ --bounding-dirs "${module_name}" \ - --output-base ./ + "${prefixed_inputs[@]}" } gen-clientsets() { clean "${client_subpackage}"/clientset '*.go' - echo "+++ ${VERB} clientset..." >&2 + echo "+++ Generating clientset..." >&2 prefixed_inputs=( "${client_inputs[@]/#/$module_name/}" ) joined=$( IFS=$','; echo "${prefixed_inputs[*]}" ) "$clientgen" \ - ${VERIFY_FLAGS} \ --go-header-file hack/boilerplate-go.txt \ --clientset-name versioned \ --input-base "" \ --input "$joined" \ - --trim-path-prefix="$module_name" \ - --output-package "${client_package}"/clientset \ - --output-base ./ + --output-dir "${client_subpackage}"/clientset \ + --output-pkg "${client_package}"/clientset } gen-listers() { clean "${client_subpackage}/listers" '*.go' - echo "+++ ${VERB} listers..." >&2 + echo "+++ Generating listers..." >&2 prefixed_inputs=( "${client_inputs[@]/#/$module_name/}" ) - joined=$( IFS=$','; echo "${prefixed_inputs[*]}" ) "$listergen" \ - ${VERIFY_FLAGS} \ --go-header-file hack/boilerplate-go.txt \ - --input-dirs "$joined" \ - --trim-path-prefix="$module_name" \ - --output-package "${client_package}"/listers \ - --output-base ./ + --output-dir "${client_subpackage}"/listers \ + --output-pkg "${client_package}"/listers \ + "${prefixed_inputs[@]}" } gen-informers() { clean "${client_subpackage}"/informers '*.go' - echo "+++ ${VERB} informers..." >&2 + echo "+++ Generating informers..." >&2 prefixed_inputs=( "${client_inputs[@]/#/$module_name/}" ) - joined=$( IFS=$','; echo "${prefixed_inputs[*]}" ) "$informergen" \ - ${VERIFY_FLAGS} \ --go-header-file hack/boilerplate-go.txt \ - --input-dirs "$joined" \ --versioned-clientset-package "${client_package}"/clientset/versioned \ --listers-package "${client_package}"/listers \ - --trim-path-prefix="$module_name" \ - --output-package "${client_package}"/informers \ - --output-base ./ + --output-dir "${client_subpackage}"/informers \ + --output-pkg "${client_package}"/informers \ + "${prefixed_inputs[@]}" } gen-defaulters() { clean internal/apis 'zz_generated.defaults.go' clean pkg/webhook/handlers/testdata/apis 'zz_generated.defaults.go' - echo "+++ ${VERB} defaulting functions..." >&2 + echo "+++ Generating defaulting functions..." >&2 DEFAULT_EXTRA_PEER_PKGS=( github.com/cert-manager/cert-manager/internal/apis/meta \ @@ -224,19 +191,16 @@ gen-defaulters() { DEFAULT_PKGS=( "${defaulter_inputs[@]/#/$module_name/}" ) "$defaultergen" \ - ${VERIFY_FLAGS} \ --go-header-file hack/boilerplate-go.txt \ --extra-peer-dirs "$( IFS=$','; echo "${DEFAULT_EXTRA_PEER_PKGS[*]}" )" \ - --input-dirs "$( IFS=$','; echo "${DEFAULT_PKGS[*]}" )" \ - --trim-path-prefix="$module_name" \ - -O zz_generated.defaults \ - --output-base ./ + --output-file zz_generated.defaults.go \ + "${DEFAULT_PKGS[@]}" } gen-conversions() { clean internal/apis 'zz_generated.conversion.go' clean pkg/webhook/handlers/testdata/apis 'zz_generated.conversion.go' - echo "+++ ${VERB} conversion functions..." >&2 + echo "+++ Generating conversion functions..." >&2 CONVERSION_EXTRA_PEER_PKGS=( github.com/cert-manager/cert-manager/internal/apis/meta \ @@ -249,14 +213,11 @@ gen-conversions() { CONVERSION_PKGS=( "${conversion_inputs[@]/#/$module_name/}" ) "$conversiongen" \ - ${VERIFY_FLAGS} \ --go-header-file hack/boilerplate-go.txt \ --extra-peer-dirs "$( IFS=$','; echo "${CONVERSION_EXTRA_PEER_PKGS[*]}" )" \ --extra-dirs "$( IFS=$','; echo "${CONVERSION_PKGS[*]}" )" \ - --input-dirs "$( IFS=$','; echo "${CONVERSION_PKGS[*]}" )" \ - --trim-path-prefix="$module_name" \ - -O zz_generated.conversion \ - --output-base ./ + --output-file zz_generated.conversion.go \ + "${CONVERSION_PKGS[@]}" } gen-openapi-acme diff --git a/hack/openapi_reports/acme.txt b/hack/openapi_reports/acme.txt index 22e68562d0b..c63dc300d5d 100644 --- a/hack/openapi_reports/acme.txt +++ b/hack/openapi_reports/acme.txt @@ -1,8 +1,3 @@ -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSON,Raw -API rule violation: list_type_missing,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,WebhookClientConfig,CABundle -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/apis/meta/v1,FieldsV1,Raw -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,RawExtension,Raw -API rule violation: list_type_missing,k8s.io/apimachinery/pkg/runtime,Unknown,Raw API rule violation: names_match,github.com/cert-manager/cert-manager/pkg/acme/webhook/apis/acme/v1alpha1,ChallengeResponse,Result API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Ref API rule violation: names_match,k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1,JSONSchemaProps,Schema diff --git a/klone.yaml b/klone.yaml index 3dcee7dee0e..8c8e6b3b41a 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 + repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 + repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 + repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 + repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 + repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 + repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: e44cf74061351e8e463a786e47daacd98f4eab60 + repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 3d296b67d9b..e9c7cfb4d86 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -72,7 +72,7 @@ tools += rclone=v1.66.0 ### go packages # https://pkg.go.dev/sigs.k8s.io/controller-tools/cmd/controller-gen?tab=versions -tools += controller-gen=v0.14.0 +tools += controller-gen=v0.15.0 # https://pkg.go.dev/golang.org/x/tools/cmd/goimports?tab=versions tools += goimports=v0.20.0 # https://pkg.go.dev/github.com/google/go-licenses/licenses?tab=versions @@ -132,15 +132,16 @@ tools += gci=v0.13.4 tools += yamlfmt=v0.12.1 # https://pkg.go.dev/k8s.io/code-generator/cmd?tab=versions -K8S_CODEGEN_VERSION := v0.29.3 +K8S_CODEGEN_VERSION := v0.30.1 tools += client-gen=$(K8S_CODEGEN_VERSION) tools += deepcopy-gen=$(K8S_CODEGEN_VERSION) tools += informer-gen=$(K8S_CODEGEN_VERSION) tools += lister-gen=$(K8S_CODEGEN_VERSION) tools += applyconfiguration-gen=$(K8S_CODEGEN_VERSION) -tools += openapi-gen=$(K8S_CODEGEN_VERSION) tools += defaulter-gen=$(K8S_CODEGEN_VERSION) tools += conversion-gen=$(K8S_CODEGEN_VERSION) +# https://github.com/kubernetes/kube-openapi +tools += openapi-gen=f0e62f92d13f418e2732b21c952fd17cab771c75 # https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml KUBEBUILDER_ASSETS_VERSION := 1.30.0 @@ -317,9 +318,9 @@ go_dependencies += deepcopy-gen=k8s.io/code-generator/cmd/deepcopy-gen go_dependencies += informer-gen=k8s.io/code-generator/cmd/informer-gen go_dependencies += lister-gen=k8s.io/code-generator/cmd/lister-gen go_dependencies += applyconfiguration-gen=k8s.io/code-generator/cmd/applyconfiguration-gen -go_dependencies += openapi-gen=k8s.io/code-generator/cmd/openapi-gen go_dependencies += defaulter-gen=k8s.io/code-generator/cmd/defaulter-gen go_dependencies += conversion-gen=k8s.io/code-generator/cmd/conversion-gen +go_dependencies += openapi-gen=k8s.io/kube-openapi/cmd/openapi-gen go_dependencies += helm-tool=github.com/cert-manager/helm-tool go_dependencies += cmctl=github.com/cert-manager/cmctl/v2 go_dependencies += cmrel=github.com/cert-manager/release/cmd/cmrel diff --git a/make/ci.mk b/make/ci.mk index e5ae383d32e..81f05bb32f6 100644 --- a/make/ci.mk +++ b/make/ci.mk @@ -44,21 +44,6 @@ generate-crds: | $(NEEDS_CONTROLLER-GEN) shared_generate_targets += generate-crds -# Overwrite the verify-generate-codegen target with this -# optimised target. -.PHONY: verify-generate-codegen -verify-generate-codegen: | $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_INFORMER-GEN) $(NEEDS_LISTER-GEN) $(NEEDS_DEFAULTER-GEN) $(NEEDS_CONVERSION-GEN) $(NEEDS_OPENAPI-GEN) - VERIFY_ONLY="true" ./hack/k8s-codegen.sh \ - $(CLIENT-GEN) \ - $(DEEPCOPY-GEN) \ - $(INFORMER-GEN) \ - $(LISTER-GEN) \ - $(DEFAULTER-GEN) \ - $(CONVERSION-GEN) \ - $(OPENAPI-GEN) - -shared_verify_targets += verify-generate-codegen - .PHONY: generate-codegen generate-codegen: | $(NEEDS_CLIENT-GEN) $(NEEDS_DEEPCOPY-GEN) $(NEEDS_INFORMER-GEN) $(NEEDS_LISTER-GEN) $(NEEDS_DEFAULTER-GEN) $(NEEDS_CONVERSION-GEN) $(NEEDS_OPENAPI-GEN) ./hack/k8s-codegen.sh \ diff --git a/pkg/acme/webhook/openapi/zz_generated.openapi.go b/pkg/acme/webhook/openapi/zz_generated.openapi.go index 33608899f63..89366bd4c38 100644 --- a/pkg/acme/webhook/openapi/zz_generated.openapi.go +++ b/pkg/acme/webhook/openapi/zz_generated.openapi.go @@ -19,8 +19,6 @@ limitations under the License. // Code generated by openapi-gen. DO NOT EDIT. -// This file was autogenerated by openapi-gen. Do not edit it manually! - package openapi import ( @@ -1166,7 +1164,7 @@ func schema_pkg_apis_apiextensions_v1_JSONSchemaProps(ref common.ReferenceCallba }, "format": { SchemaProps: spec.SchemaProps{ - Description: "format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:\n\n- bsonobjectid: a bson object ID, i.e. a 24 characters hex string - uri: an URI as parsed by Golang net/url.ParseRequestURI - email: an email address as parsed by Golang net/mail.ParseAddress - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - cidr: a CIDR as parsed by Golang net.ParseCIDR - mac: a MAC address as parsed by Golang net.ParseMAC - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - isbn: an ISBN10 or ISBN13 number string like \"0321751043\" or \"978-0321751041\" - isbn10: an ISBN10 number string like \"0321751043\" - isbn13: an ISBN13 number string like \"978-0321751041\" - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})$ with any non digit characters mixed in - ssn: a U.S. social security number following the regex ^\\d{3}[- ]?\\d{2}[- ]?\\d{4}$ - hexcolor: an hexadecimal color code like \"#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - rgbcolor: an RGB color code like rgb like \"rgb(255,255,2559\" - byte: base64 encoded binary data - password: any kind of string - date: a date string like \"2006-01-02\" as defined by full-date in RFC3339 - duration: a duration string like \"22 ns\" as parsed by Golang time.ParseDuration or compatible with Scala duration format - datetime: a date time string like \"2014-12-15T19:30:20.000Z\" as defined by date-time in RFC3339.", + Description: "format is an OpenAPI v3 format string. Unknown formats are ignored. The following formats are validated:\n\n- bsonobjectid: a bson object ID, i.e. a 24 characters hex string - uri: an URI as parsed by Golang net/url.ParseRequestURI - email: an email address as parsed by Golang net/mail.ParseAddress - hostname: a valid representation for an Internet host name, as defined by RFC 1034, section 3.1 [RFC1034]. - ipv4: an IPv4 IP as parsed by Golang net.ParseIP - ipv6: an IPv6 IP as parsed by Golang net.ParseIP - cidr: a CIDR as parsed by Golang net.ParseCIDR - mac: a MAC address as parsed by Golang net.ParseMAC - uuid: an UUID that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid3: an UUID3 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?3[0-9a-f]{3}-?[0-9a-f]{4}-?[0-9a-f]{12}$ - uuid4: an UUID4 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?4[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - uuid5: an UUID5 that allows uppercase defined by the regex (?i)^[0-9a-f]{8}-?[0-9a-f]{4}-?5[0-9a-f]{3}-?[89ab][0-9a-f]{3}-?[0-9a-f]{12}$ - isbn: an ISBN10 or ISBN13 number string like \"0321751043\" or \"978-0321751041\" - isbn10: an ISBN10 number string like \"0321751043\" - isbn13: an ISBN13 number string like \"978-0321751041\" - creditcard: a credit card number defined by the regex ^(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\\\d{3})\\\\d{11})$ with any non digit characters mixed in - ssn: a U.S. social security number following the regex ^\\\\d{3}[- ]?\\\\d{2}[- ]?\\\\d{4}$ - hexcolor: an hexadecimal color code like \"#FFFFFF: following the regex ^#?([0-9a-fA-F]{3}|[0-9a-fA-F]{6})$ - rgbcolor: an RGB color code like rgb like \"rgb(255,255,2559\" - byte: base64 encoded binary data - password: any kind of string - date: a date string like \"2006-01-02\" as defined by full-date in RFC3339 - duration: a duration string like \"22 ns\" as parsed by Golang time.ParseDuration or compatible with Scala duration format - datetime: a date time string like \"2014-12-15T19:30:20.000Z\" as defined by date-time in RFC3339.", Type: []string{"string"}, Format: "", }, From 4e5c42a4bf409a08bc3b70ef4b2525e5bc709cc1 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 17 May 2024 14:42:07 +0200 Subject: [PATCH 139/177] use Install instead of AddToScheme due to deprecation Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- test/integration/framework/helpers.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test/integration/framework/helpers.go b/test/integration/framework/helpers.go index dfca528f548..86c23171401 100644 --- a/test/integration/framework/helpers.go +++ b/test/integration/framework/helpers.go @@ -72,7 +72,7 @@ func NewClients(t *testing.T, config *rest.Config) (kubernetes.Interface, intern certmgrscheme.AddToScheme(scheme) apiext.AddToScheme(scheme) apireg.AddToScheme(scheme) - gwapi.AddToScheme(scheme) + gwapi.Install(scheme) return cl, factory, cmCl, cmFactory, scheme } From 3c6883199497fd7e2a47278b53991e4d1df6c26b Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 21 May 2024 10:30:03 +0200 Subject: [PATCH 140/177] expand comment explaining replace statement Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- cmd/cainjector/go.mod | 6 +++++- cmd/controller/go.mod | 6 +++++- cmd/startupapicheck/go.mod | 6 +++++- cmd/webhook/go.mod | 6 +++++- go.mod | 6 +++++- test/e2e/go.mod | 6 +++++- test/integration/go.mod | 6 +++++- 7 files changed, 35 insertions(+), 7 deletions(-) diff --git a/cmd/cainjector/go.mod b/cmd/cainjector/go.mod index 38e6ae7c1b5..4576c68f436 100644 --- a/cmd/cainjector/go.mod +++ b/cmd/cainjector/go.mod @@ -6,7 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed -// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +// In prometheus/common v0.47.0 and v0.48.0, breaking changes were introduced in the "github.com/prometheus/common/expfmt" +// package. Not all our dependencies have been upgraded to use the new API. Until then, compiling cert-manager +// with the newer versions of "github.com/prometheus/common/expfmt" and "github.com/prometheus/client_golang" +// fails. These replace statements can be removed once expfmt.FmtText is no longer used by any of the libraries +// we depend on. replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index 9fa4a672d1b..0386c690cfd 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -6,7 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed -// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +// In prometheus/common v0.47.0 and v0.48.0, breaking changes were introduced in the "github.com/prometheus/common/expfmt" +// package. Not all our dependencies have been upgraded to use the new API. Until then, compiling cert-manager +// with the newer versions of "github.com/prometheus/common/expfmt" and "github.com/prometheus/client_golang" +// fails. These replace statements can be removed once expfmt.FmtText is no longer used by any of the libraries +// we depend on. replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 diff --git a/cmd/startupapicheck/go.mod b/cmd/startupapicheck/go.mod index 4d1626f056f..d502997aaa1 100644 --- a/cmd/startupapicheck/go.mod +++ b/cmd/startupapicheck/go.mod @@ -6,7 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed -// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +// In prometheus/common v0.47.0 and v0.48.0, breaking changes were introduced in the "github.com/prometheus/common/expfmt" +// package. Not all our dependencies have been upgraded to use the new API. Until then, compiling cert-manager +// with the newer versions of "github.com/prometheus/common/expfmt" and "github.com/prometheus/client_golang" +// fails. These replace statements can be removed once expfmt.FmtText is no longer used by any of the libraries +// we depend on. replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index b5357b697e8..64bb16f3606 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -6,7 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed -// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +// In prometheus/common v0.47.0 and v0.48.0, breaking changes were introduced in the "github.com/prometheus/common/expfmt" +// package. Not all our dependencies have been upgraded to use the new API. Until then, compiling cert-manager +// with the newer versions of "github.com/prometheus/common/expfmt" and "github.com/prometheus/client_golang" +// fails. These replace statements can be removed once expfmt.FmtText is no longer used by any of the libraries +// we depend on. replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 diff --git a/go.mod b/go.mod index 8d0c20c369c..9cdb5c9a19e 100644 --- a/go.mod +++ b/go.mod @@ -6,7 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed -// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +// In prometheus/common v0.47.0 and v0.48.0, breaking changes were introduced in the "github.com/prometheus/common/expfmt" +// package. Not all our dependencies have been upgraded to use the new API. Until then, compiling cert-manager +// with the newer versions of "github.com/prometheus/common/expfmt" and "github.com/prometheus/client_golang" +// fails. These replace statements can be removed once expfmt.FmtText is no longer used by any of the libraries +// we depend on. replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 1c8b4c65939..0f8b3d0814f 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -6,7 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed -// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +// In prometheus/common v0.47.0 and v0.48.0, breaking changes were introduced in the "github.com/prometheus/common/expfmt" +// package. Not all our dependencies have been upgraded to use the new API. Until then, compiling cert-manager +// with the newer versions of "github.com/prometheus/common/expfmt" and "github.com/prometheus/client_golang" +// fails. These replace statements can be removed once expfmt.FmtText is no longer used by any of the libraries +// we depend on. replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 diff --git a/test/integration/go.mod b/test/integration/go.mod index 720508a7d7a..5371e7ec810 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -6,7 +6,11 @@ go 1.22.0 // please place any replace statements here at the top for visibility and add a // comment to it as to when it can be removed -// Can be removed once expfmt.FmtText is no longer used by any of the libraries we depend on. +// In prometheus/common v0.47.0 and v0.48.0, breaking changes were introduced in the "github.com/prometheus/common/expfmt" +// package. Not all our dependencies have been upgraded to use the new API. Until then, compiling cert-manager +// with the newer versions of "github.com/prometheus/common/expfmt" and "github.com/prometheus/client_golang" +// fails. These replace statements can be removed once expfmt.FmtText is no longer used by any of the libraries +// we depend on. replace github.com/prometheus/common => github.com/prometheus/common v0.46.0 replace github.com/prometheus/client_golang => github.com/prometheus/client_golang v1.18.0 From 5b918d0dbc8da0035576fc4262b696e3886f2c14 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Tue, 21 May 2024 10:15:33 +0000 Subject: [PATCH 141/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/klone.yaml b/klone.yaml index 8c8e6b3b41a..eeabcf7c545 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 + repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 + repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 + repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 + repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 + repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 + repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: d9d816ad61c9ca979f815cc993304f21aae5b394 + repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d repo_path: modules/tools From 337137007e53d7488ad23be33af77e129159a467 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 21 May 2024 14:03:04 +0200 Subject: [PATCH 142/177] re-add hash.sh, which was also used by the release Make target Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- hack/util/hash.sh | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100755 hack/util/hash.sh diff --git a/hack/util/hash.sh b/hack/util/hash.sh new file mode 100755 index 00000000000..ec4fdeeceb6 --- /dev/null +++ b/hack/util/hash.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash + +# Copyright 2023 The cert-manager Authors. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +set -o errexit +set -o nounset +set -o pipefail + +# This script is used by the $(bin_dir)/metadata/cert-manager-manifests.tar.gz.metadata.json +# and $(bin_dir)/metadata/cert-manager-server-linux-amd64.tar.gz.metadata.json Make targets. + +# This script is a wrapper for outputting purely the sha256 hash of the input file, +# ideally in a portable way. + +case "$(uname -s)" in + Darwin*) shasum -a 256 "$1";; + *) sha256sum "$1" +esac | cut -d" " -f1 \ No newline at end of file From 8f475f6ef8d60ef55efb501cd0d51f4784f42091 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Thu, 23 May 2024 11:45:44 +0000 Subject: [PATCH 143/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- make/_shared/tools/00_mod.mk | 18 +++++++++--------- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/klone.yaml b/klone.yaml index eeabcf7c545..6486653b1a5 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: fea0c6218c515c7b6fe3fe4e5f8848f1ed129f0d + repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 repo_path: modules/tools diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index e9c7cfb4d86..e2400990825 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -143,8 +143,8 @@ tools += conversion-gen=$(K8S_CODEGEN_VERSION) # https://github.com/kubernetes/kube-openapi tools += openapi-gen=f0e62f92d13f418e2732b21c952fd17cab771c75 -# https://github.com/kubernetes-sigs/kubebuilder/blob/tools-releases/build/cloudbuild_tools.yaml -KUBEBUILDER_ASSETS_VERSION := 1.30.0 +# https://raw.githubusercontent.com/kubernetes-sigs/controller-tools/master/envtest-releases.yaml +KUBEBUILDER_ASSETS_VERSION := v1.30.0 tools += etcd=$(KUBEBUILDER_ASSETS_VERSION) tools += kube-apiserver=$(KUBEBUILDER_ASSETS_VERSION) @@ -439,24 +439,24 @@ $(DOWNLOAD_DIR)/tools/azwi@$(AZWI_VERSION)_$(HOST_OS)_$(HOST_ARCH): | $(DOWNLOAD tar xfO $(outfile).tar.gz azwi > $(outfile) && chmod 775 $(outfile); \ rm -f $(outfile).tar.gz -kubebuilder_tools_linux_amd64_SHA256SUM=d51dae845397b7548444157903f2d573493afb6f90ce9417c0f5c61d4b1f908d -kubebuilder_tools_linux_arm64_SHA256SUM=83123010f603390ee0f417ad1cf2a715f5bff335c5841dcd4221764e52732336 -kubebuilder_tools_darwin_amd64_SHA256SUM=46f5a680f28b6db9fdaaab4659dee68a1f2e04a0d9a39f9b0176562a9e95167b -kubebuilder_tools_darwin_arm64_SHA256SUM=ce37b6fcd7678d78a610da1ae5e8e68777025b2bf046558820f967fe7a8f0dfd +kubebuilder_tools_linux_amd64_SHA256SUM=2a9792cb5f1403f524543ce94c3115e3c4a4229f0e86af55fd26c078da448164 +kubebuilder_tools_linux_arm64_SHA256SUM=39cc7274a3075a650a20fcd24b9e2067375732bebaf5356088a8efb35155f068 +kubebuilder_tools_darwin_amd64_SHA256SUM=85890b864330baec88f53aabfc1d5d94a8ca8c17483f34f4823dec0fae7c6e3a +kubebuilder_tools_darwin_arm64_SHA256SUM=849362d26105b64193b4142982c710306d90248272731a81fb83efac27c5a750 .PRECIOUS: $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ - $(CURL) https://storage.googleapis.com/kubebuilder-tools/kubebuilder-tools-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ + $(CURL) https://github.com/kubernetes-sigs/controller-tools/releases/download/envtest-$(KUBEBUILDER_ASSETS_VERSION)/envtest-$(KUBEBUILDER_ASSETS_VERSION)-$(HOST_OS)-$(HOST_ARCH).tar.gz -o $(outfile); \ $(checkhash_script) $(outfile) $(kubebuilder_tools_$(HOST_OS)_$(HOST_ARCH)_SHA256SUM) $(DOWNLOAD_DIR)/tools/etcd@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ - tar xfO $< kubebuilder/bin/etcd > $(outfile) && chmod 775 $(outfile) + tar xfO $< controller-tools/envtest/etcd > $(outfile) && chmod 775 $(outfile) $(DOWNLOAD_DIR)/tools/kube-apiserver@$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH): $(DOWNLOAD_DIR)/tools/kubebuilder_tools_$(KUBEBUILDER_ASSETS_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz | $(DOWNLOAD_DIR)/tools @source $(lock_script) $@; \ - tar xfO $< kubebuilder/bin/kube-apiserver > $(outfile) && chmod 775 $(outfile) + tar xfO $< controller-tools/envtest/kube-apiserver > $(outfile) && chmod 775 $(outfile) kyverno_linux_amd64_SHA256SUM=a5f6e9070c17acc47168c8ce4db78e45258376551b8bf68ad2d5ed27454cf666 kyverno_linux_arm64_SHA256SUM=007e828d622e73614365f5f7e8e107e36ae686e97e8982b1eeb53511fb2363c3 From c92fb1cf782625b552c05d2b0e7577e11191a4ea Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 13:35:19 +0200 Subject: [PATCH 144/177] add Helm options to extend auto-approval or disable it Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../cert-manager/templates/deployment.yaml | 3 +++ deploy/charts/cert-manager/templates/rbac.yaml | 11 ++++++++++- deploy/charts/cert-manager/values.yaml | 17 +++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/deploy/charts/cert-manager/templates/deployment.yaml b/deploy/charts/cert-manager/templates/deployment.yaml index 8c7403dd90e..a33c171d7c4 100644 --- a/deploy/charts/cert-manager/templates/deployment.yaml +++ b/deploy/charts/cert-manager/templates/deployment.yaml @@ -137,6 +137,9 @@ spec: {{- with .Values.dns01RecursiveNameservers }} - --dns01-recursive-nameservers={{ . }} {{- end }} + {{- if .Values.disableAutoApproval }} + - --controllers=-certificaterequests-approver + {{- end }} ports: - containerPort: 9402 name: http-metrics diff --git a/deploy/charts/cert-manager/templates/rbac.yaml b/deploy/charts/cert-manager/templates/rbac.yaml index 94b0950b7f3..7a27d4f7af1 100644 --- a/deploy/charts/cert-manager/templates/rbac.yaml +++ b/deploy/charts/cert-manager/templates/rbac.yaml @@ -474,6 +474,8 @@ rules: --- +{{- if not .Values.disableAutoApproval -}} + # Permission to approve CertificateRequests referencing cert-manager.io Issuers and ClusterIssuers apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -489,7 +491,12 @@ rules: - apiGroups: ["cert-manager.io"] resources: ["signers"] verbs: ["approve"] - resourceNames: ["issuers.cert-manager.io/*", "clusterissuers.cert-manager.io/*"] + {{- with .Values.approveSignerNames }} + resourceNames: + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- end }} --- @@ -514,6 +521,8 @@ subjects: --- +{{- end -}} + # Permission to: # - Update and sign CertificatSigningeRequests referencing cert-manager.io Issuers and ClusterIssuers # - Perform SubjectAccessReviews to test whether users are able to reference Namespaced Issuers diff --git a/deploy/charts/cert-manager/values.yaml b/deploy/charts/cert-manager/values.yaml index 958e3589b59..7630c048e0d 100644 --- a/deploy/charts/cert-manager/values.yaml +++ b/deploy/charts/cert-manager/values.yaml @@ -241,6 +241,23 @@ dns01RecursiveNameservers: "" # Enabling this option could cause the DNS01 self check to take longer owing to caching performed by the recursive nameservers. dns01RecursiveNameserversOnly: false +# Option to disable cert-manager's build-in auto-approver. The auto-approver +# approves all CertificateRequests that reference issuers matching the 'approveSignerNames' +# option. This 'disableAutoApproval' option is useful when you want to make all approval decisions +# using a different approver (like approver-policy - https://github.com/cert-manager/approver-policy). +disableAutoApproval: false + +# List of signer names that cert-manager will approve by default. CertificateRequests +# referencing these signer names will be auto-approved by cert-manager. Defaults to just +# approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty +# array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, +# because eg. you are using approver-policy, you can enable 'disableAutoApproval'. +# ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval +# +docs:property +approveSignerNames: +- issuers.cert-manager.io/* +- clusterissuers.cert-manager.io/* + # Additional command line flags to pass to cert-manager controller binary. # To see all available flags run `docker run quay.io/jetstack/cert-manager-controller: --help`. # From dadd37dc204eb613a8add764e812c8eb48edfe28 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 23 May 2024 13:40:51 +0200 Subject: [PATCH 145/177] run 'make generate-helm-docs' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- deploy/charts/cert-manager/README.template.md | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/deploy/charts/cert-manager/README.template.md b/deploy/charts/cert-manager/README.template.md index ab0073bfdd9..85edf689f6a 100644 --- a/deploy/charts/cert-manager/README.template.md +++ b/deploy/charts/cert-manager/README.template.md @@ -387,6 +387,23 @@ A comma-separated string with the host and port of the recursive nameservers cer > ``` Forces cert-manager to use only the recursive nameservers for verification. Enabling this option could cause the DNS01 self check to take longer owing to caching performed by the recursive nameservers. +#### **disableAutoApproval** ~ `bool` +> Default value: +> ```yaml +> false +> ``` + +Option to disable cert-manager's build-in auto-approver. The auto-approver approves all CertificateRequests that reference issuers matching the 'approveSignerNames' option. This 'disableAutoApproval' option is useful when you want to make all approval decisions using a different approver (like approver-policy - https://github.com/cert-manager/approver-policy). +#### **approveSignerNames** ~ `array` +> Default value: +> ```yaml +> - issuers.cert-manager.io/* +> - clusterissuers.cert-manager.io/* +> ``` + +List of signer names that cert-manager will approve by default. CertificateRequests referencing these signer names will be auto-approved by cert-manager. Defaults to just approving the cert-manager.io Issuer and ClusterIssuer issuers. When set to an empty array, ALL issuers will be auto-approved by cert-manager. To disable the auto-approval, because eg. you are using approver-policy, you can enable 'disableAutoApproval'. +ref: https://cert-manager.io/docs/concepts/certificaterequest/#approval + #### **extraArgs** ~ `array` > Default value: > ```yaml From dfce6b9183109a5dfdc1313b6615b6bdbd8dad53 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Fri, 24 May 2024 09:03:15 +0200 Subject: [PATCH 146/177] if list of controllers only contains disabled controllers, implicitly enable all default controllers Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- cmd/controller/app/options/options.go | 5 +++++ cmd/controller/app/options/options_test.go | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/cmd/controller/app/options/options.go b/cmd/controller/app/options/options.go index 9a6d1e15971..4798b247245 100644 --- a/cmd/controller/app/options/options.go +++ b/cmd/controller/app/options/options.go @@ -243,6 +243,11 @@ func EnabledControllers(o *config.ControllerConfiguration) sets.Set[string] { } } + // Detect if "*" was implied (in case only disabled controllers were specified) + if len(disabled) > 0 && len(enabled) == 0 { + enabled = enabled.Insert(defaults.DefaultEnabledControllers...) + } + enabled = enabled.Delete(disabled...) if utilfeature.DefaultFeatureGate.Enabled(feature.ExperimentalCertificateSigningRequestControllers) { diff --git a/cmd/controller/app/options/options_test.go b/cmd/controller/app/options/options_test.go index 8c86f308c87..99256498e1f 100644 --- a/cmd/controller/app/options/options_test.go +++ b/cmd/controller/app/options/options_test.go @@ -50,6 +50,14 @@ func TestEnabledControllers(t *testing.T) { controllers: []string{"*", "-clusterissuers", "-issuers"}, expEnabled: sets.New(defaults.DefaultEnabledControllers...).Delete("clusterissuers", "issuers"), }, + "if only disabled controllers are specified, implicitly enable all default controllers": { + controllers: []string{"-clusterissuers", "-issuers"}, + expEnabled: sets.New(defaults.DefaultEnabledControllers...).Delete("clusterissuers", "issuers"), + }, + "if both enabled and disabled controllers are specified, return specified controllers": { + controllers: []string{"foo", "-bar"}, + expEnabled: sets.New("foo"), + }, } for name, test := range tests { From c392ea86a46dc0af68e5af61bb3639a826a6ef5a Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 28 May 2024 12:34:57 +0200 Subject: [PATCH 147/177] BUGFIX: correctly mount config files for components Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../templates/cainjector-deployment.yaml | 20 +++++++++++++++++-- .../cert-manager/templates/deployment.yaml | 8 ++++---- .../templates/webhook-deployment.yaml | 8 ++++---- 3 files changed, 26 insertions(+), 10 deletions(-) diff --git a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml index a2f7243e830..8f9f7f3315f 100644 --- a/deploy/charts/cert-manager/templates/cainjector-deployment.yaml +++ b/deploy/charts/cert-manager/templates/cainjector-deployment.yaml @@ -66,6 +66,9 @@ spec: {{- if not (has (quote .Values.global.logLevel) (list "" (quote ""))) }} - --v={{ .Values.global.logLevel }} {{- end }} + {{- if .Values.cainjector.config }} + - --config=/var/cert-manager/config/config.yaml + {{- end }} {{- with .Values.global.leaderElection }} - --leader-election-namespace={{ .namespace }} {{- if .leaseDuration }} @@ -97,9 +100,15 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- with .Values.cainjector.volumeMounts }} + {{- if or .Values.cainjector.config .Values.cainjector.volumeMounts }} volumeMounts: + {{- if .Values.cainjector.config }} + - name: config + mountPath: /var/cert-manager/config + {{- end }} + {{- with .Values.cainjector.volumeMounts }} {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} {{- with .Values.cainjector.nodeSelector }} nodeSelector: @@ -117,8 +126,15 @@ spec: topologySpreadConstraints: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.cainjector.volumes }} + {{- if or .Values.cainjector.volumes .Values.cainjector.config }} volumes: + {{- if .Values.cainjector.config }} + - name: config + configMap: + name: {{ include "cainjector.fullname" . }} + {{- end }} + {{ with .Values.cainjector.volumes }} {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/deploy/charts/cert-manager/templates/deployment.yaml b/deploy/charts/cert-manager/templates/deployment.yaml index 8c7403dd90e..4a37c72223f 100644 --- a/deploy/charts/cert-manager/templates/deployment.yaml +++ b/deploy/charts/cert-manager/templates/deployment.yaml @@ -66,10 +66,10 @@ spec: {{- end }} {{- if or .Values.volumes .Values.config}} volumes: - {{- if .Values.config }} + {{- if .Values.config }} - name: config configMap: - name: {{ include "cert-manager.fullname" . }} + name: {{ include "cert-manager.fullname" . }} {{- end }} {{ with .Values.volumes }} {{- toYaml . | nindent 8 }} @@ -150,11 +150,11 @@ spec: {{- end }} {{- if or .Values.config .Values.volumeMounts }} volumeMounts: - {{- if .Values.config}} + {{- if .Values.config }} - name: config mountPath: /var/cert-manager/config {{- end }} - {{- with .Values.volumeMounts }} + {{- with .Values.volumeMounts }} {{- toYaml . | nindent 12 }} {{- end }} {{- end }} diff --git a/deploy/charts/cert-manager/templates/webhook-deployment.yaml b/deploy/charts/cert-manager/templates/webhook-deployment.yaml index e55cd436183..ae5399e90ce 100644 --- a/deploy/charts/cert-manager/templates/webhook-deployment.yaml +++ b/deploy/charts/cert-manager/templates/webhook-deployment.yaml @@ -159,8 +159,8 @@ spec: - name: config mountPath: /var/cert-manager/config {{- end }} - {{- if .Values.webhook.volumeMounts }} - {{- toYaml .Values.webhook.volumeMounts | nindent 12 }} + {{- with .Values.webhook.volumeMounts }} + {{- toYaml . | nindent 12 }} {{- end }} {{- end }} {{- with .Values.webhook.nodeSelector }} @@ -186,7 +186,7 @@ spec: configMap: name: {{ include "webhook.fullname" . }} {{- end }} - {{- if .Values.webhook.volumes }} - {{- toYaml .Values.webhook.volumes | nindent 8 }} + {{- with .Values.webhook.volumes }} + {{- toYaml . | nindent 8 }} {{- end }} {{- end }} From 7ec86d2e240acbf9c1c216aa25de7ecd4e4f06a4 Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Thu, 13 Jun 2024 14:49:41 +0100 Subject: [PATCH 148/177] feat: normalize azure errors Signed-off-by: Adam Talbot --- pkg/issuer/acme/dns/azuredns/azuredns.go | 74 ++++++++++++++----- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 15 ++-- 2 files changed, 60 insertions(+), 29 deletions(-) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index 27994c73be5..c6148feff0d 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -11,11 +11,9 @@ this directory. package azuredns import ( - "bytes" "context" "errors" "fmt" - "io" "net/http" "os" "strings" @@ -279,27 +277,63 @@ func stabilizeError(err error) error { return nil } - redactResponse := func(resp *http.Response) *http.Response { - if resp == nil { - return nil + return NormalizedError{ + Cause: err, + } +} + +type NormalizedError struct { + Cause error +} + +func (e NormalizedError) Error() string { + var ( + authErr *azidentity.AuthenticationFailedError + respErr *azcore.ResponseError + ) + + switch { + case errors.As(e.Cause, &authErr): + msg := new(strings.Builder) + fmt.Fprintln(msg, "authentication failed:") + + if authErr.RawResponse != nil { + if authErr.RawResponse.Request != nil { + fmt.Fprintf(msg, "%s %s://%s%s\n", authErr.RawResponse.Request.Method, authErr.RawResponse.Request.URL.Scheme, authErr.RawResponse.Request.URL.Host, authErr.RawResponse.Request.URL.Path) + } + + fmt.Fprintln(msg, "--------------------------------------------------------------------------------") + fmt.Fprintf(msg, "RESPONSE %s\n", authErr.RawResponse.Status) + fmt.Fprintln(msg, "--------------------------------------------------------------------------------") } - response := *resp - response.Body = io.NopCloser(bytes.NewReader([]byte(""))) - return &response - } + fmt.Fprint(msg, "see logs for more information") - var authErr *azidentity.AuthenticationFailedError - if errors.As(err, &authErr) { - //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. - authErr.RawResponse = redactResponse(authErr.RawResponse) - } + return msg.String() + case errors.As(e.Cause, &respErr): + msg := new(strings.Builder) + fmt.Fprintln(msg, "request error:") - var respErr *azcore.ResponseError - if errors.As(err, &respErr) { - //nolint: bodyclose // False positive, this already a processed body, probably just pointing to a buffer. - respErr.RawResponse = redactResponse(respErr.RawResponse) - } + if respErr.RawResponse != nil { + if respErr.RawResponse.Request != nil { + fmt.Fprintf(msg, "%s %s://%s%s\n", respErr.RawResponse.Request.Method, respErr.RawResponse.Request.URL.Scheme, respErr.RawResponse.Request.URL.Host, respErr.RawResponse.Request.URL.Path) + } - return err + fmt.Fprintln(msg, "--------------------------------------------------------------------------------") + fmt.Fprintf(msg, "RESPONSE %s\n", respErr.RawResponse.Status) + if respErr.ErrorCode != "" { + fmt.Fprintf(msg, "ERROR CODE: %s\n", respErr.ErrorCode) + } else { + fmt.Fprintln(msg, "ERROR CODE UNAVAILABLE") + } + fmt.Fprintln(msg, "--------------------------------------------------------------------------------") + } + + fmt.Fprint(msg, "see logs for more information") + + return msg.String() + + default: + return e.Cause.Error() + } } diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index 0cd7c0c31b2..5823bab9836 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -356,14 +356,12 @@ func TestGetAuthorizationFederatedSPT(t *testing.T) { _, err = spt.GetToken(context.TODO(), policy.TokenRequestOptions{Scopes: []string{"test"}}) err = stabilizeError(err) assert.Error(t, err) - assert.ErrorContains(t, err, fmt.Sprintf(`WorkloadIdentityCredential authentication failed + assert.ErrorContains(t, err, fmt.Sprintf(`authentication failed: POST %s/adfs/oauth2/token -------------------------------------------------------------------------------- RESPONSE 502 Bad Gateway -------------------------------------------------------------------------------- - --------------------------------------------------------------------------------- -To troubleshoot, visit https://aka.ms/azsdk/go/identity/troubleshoot#workload`, ts.URL)) +see logs for more information`, ts.URL)) }) } @@ -406,12 +404,11 @@ func TestStabilizeResponseError(t *testing.T) { err = dnsProvider.Present(context.TODO(), "test.com", "fqdn.test.com.", "test123") require.Error(t, err) - require.ErrorContains(t, err, fmt.Sprintf(`Zone test.com. not found in AzureDNS for domain fqdn.test.com.. Err: GET %s/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Network/dnsZones/test.com + require.ErrorContains(t, err, fmt.Sprintf(`Zone test.com. not found in AzureDNS for domain fqdn.test.com.. Err: request error: +GET %s/subscriptions/subscriptionID/resourceGroups/resourceGroupName/providers/Microsoft.Network/dnsZones/test.com -------------------------------------------------------------------------------- -RESPONSE 502: 502 Bad Gateway +RESPONSE 502 Bad Gateway ERROR CODE: TEST_ERROR_CODE -------------------------------------------------------------------------------- - --------------------------------------------------------------------------------- -`, ts.URL)) +see logs for more information`, ts.URL)) } From 48bf30a1a43ebe9204054705b7408c68c276a635 Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Thu, 13 Jun 2024 17:30:47 +0100 Subject: [PATCH 149/177] chore: updating github.com/Azure/azure-sdk-for-go/sdk/azidentity to address CVE-2024-35255 Signed-off-by: Adam Talbot --- LICENSES | 16 ++++++++-------- cmd/acmesolver/LICENSES | 6 +++--- cmd/acmesolver/go.mod | 6 +++--- cmd/acmesolver/go.sum | 12 ++++++------ cmd/cainjector/LICENSES | 8 ++++---- cmd/cainjector/go.mod | 8 ++++---- cmd/cainjector/go.sum | 20 ++++++++++---------- cmd/controller/LICENSES | 16 ++++++++-------- cmd/controller/go.mod | 18 +++++++++--------- cmd/controller/go.sum | 36 ++++++++++++++++++------------------ cmd/startupapicheck/LICENSES | 8 ++++---- cmd/startupapicheck/go.mod | 8 ++++---- cmd/startupapicheck/go.sum | 20 ++++++++++---------- cmd/webhook/LICENSES | 10 +++++----- cmd/webhook/go.mod | 12 ++++++------ cmd/webhook/go.sum | 24 ++++++++++++------------ go.mod | 18 +++++++++--------- go.sum | 36 ++++++++++++++++++------------------ test/e2e/LICENSES | 10 +++++----- test/e2e/go.mod | 12 ++++++------ test/e2e/go.sum | 24 ++++++++++++------------ test/integration/LICENSES | 10 +++++----- test/integration/go.mod | 12 ++++++------ test/integration/go.sum | 24 ++++++++++++------------ 24 files changed, 187 insertions(+), 187 deletions(-) diff --git a/LICENSES b/LICENSES index 90a4eb776fe..0c479641b72 100644 --- a/LICENSES +++ b/LICENSES @@ -1,9 +1,9 @@ cloud.google.com/go/auth,https://github.com/googleapis/google-cloud-go/blob/auth/v0.4.2/auth/LICENSE,Apache-2.0 cloud.google.com/go/auth/oauth2adapt,https://github.com/googleapis/google-cloud-go/blob/auth/oauth2adapt/v0.2.2/auth/oauth2adapt/LICENSE,Apache-2.0 cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.3.0/compute/metadata/LICENSE,Apache-2.0 -github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.11.1/sdk/azcore/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.2/sdk/azidentity/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.8.0/sdk/internal/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.12.0/sdk/azcore/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.6.0/sdk/azidentity/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.9.0/sdk/internal/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.2/LICENSE,MIT @@ -136,14 +136,14 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/LICENSE,BSD-3-Clause diff --git a/cmd/acmesolver/LICENSES b/cmd/acmesolver/LICENSES index 39d66194d11..9311e6191e4 100644 --- a/cmd/acmesolver/LICENSES +++ b/cmd/acmesolver/LICENSES @@ -20,9 +20,9 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 diff --git a/cmd/acmesolver/go.mod b/cmd/acmesolver/go.mod index d90d9dc7ad5..b24cf5084b2 100644 --- a/cmd/acmesolver/go.mod +++ b/cmd/acmesolver/go.mod @@ -39,9 +39,9 @@ require ( github.com/spf13/pflag v1.0.5 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/cmd/acmesolver/go.sum b/cmd/acmesolver/go.sum index 93d827325f0..a615ff81e45 100644 --- a/cmd/acmesolver/go.sum +++ b/cmd/acmesolver/go.sum @@ -75,20 +75,20 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= diff --git a/cmd/cainjector/LICENSES b/cmd/cainjector/LICENSES index c416ceb023a..69e0e4246cc 100644 --- a/cmd/cainjector/LICENSES +++ b/cmd/cainjector/LICENSES @@ -37,11 +37,11 @@ github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3- go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause diff --git a/cmd/cainjector/go.mod b/cmd/cainjector/go.mod index 4576c68f436..61b2692ac1b 100644 --- a/cmd/cainjector/go.mod +++ b/cmd/cainjector/go.mod @@ -65,11 +65,11 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.1 // indirect diff --git a/cmd/cainjector/go.sum b/cmd/cainjector/go.sum index 3a8b2162889..0d757483816 100644 --- a/cmd/cainjector/go.sum +++ b/cmd/cainjector/go.sum @@ -118,8 +118,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -128,22 +128,22 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index e6de9f70e53..8d0b7212ff9 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -1,9 +1,9 @@ cloud.google.com/go/auth,https://github.com/googleapis/google-cloud-go/blob/auth/v0.4.2/auth/LICENSE,Apache-2.0 cloud.google.com/go/auth/oauth2adapt,https://github.com/googleapis/google-cloud-go/blob/auth/oauth2adapt/v0.2.2/auth/oauth2adapt/LICENSE,Apache-2.0 cloud.google.com/go/compute/metadata,https://github.com/googleapis/google-cloud-go/blob/compute/metadata/v0.3.0/compute/metadata/LICENSE,Apache-2.0 -github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.11.1/sdk/azcore/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.5.2/sdk/azidentity/LICENSE.txt,MIT -github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.8.0/sdk/internal/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azcore,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azcore/v1.12.0/sdk/azcore/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/azidentity,https://github.com/Azure/azure-sdk-for-go/blob/sdk/azidentity/v1.6.0/sdk/azidentity/LICENSE.txt,MIT +github.com/Azure/azure-sdk-for-go/sdk/internal,https://github.com/Azure/azure-sdk-for-go/blob/sdk/internal/v1.9.0/sdk/internal/LICENSE.txt,MIT github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns,https://github.com/Azure/azure-sdk-for-go/blob/sdk/resourcemanager/dns/armdns/v1.2.0/sdk/resourcemanager/dns/armdns/LICENSE.txt,MIT github.com/Azure/go-ntlmssp,https://github.com/Azure/go-ntlmssp/blob/754e69321358/LICENSE,MIT github.com/AzureAD/microsoft-authentication-library-for-go/apps,https://github.com/AzureAD/microsoft-authentication-library-for-go/blob/v1.2.2/LICENSE,MIT @@ -127,13 +127,13 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/LICENSE,BSD-3-Clause google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index 0386c690cfd..a6afde90d82 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -36,9 +36,9 @@ require ( cloud.google.com/go/auth v0.4.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect @@ -148,15 +148,15 @@ require ( go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect google.golang.org/api v0.181.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index c7a392534bf..be02917d25e 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -5,12 +5,12 @@ cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKF cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= @@ -406,8 +406,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= @@ -437,8 +437,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -466,24 +466,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -497,8 +497,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/cmd/startupapicheck/LICENSES b/cmd/startupapicheck/LICENSES index dd5015014fb..c5032b4af67 100644 --- a/cmd/startupapicheck/LICENSES +++ b/cmd/startupapicheck/LICENSES @@ -48,12 +48,12 @@ go.starlark.net,https://github.com/google/starlark-go/blob/f457c4c2b267/LICENSE, go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT golang.org/x/exp/maps,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync/errgroup,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause diff --git a/cmd/startupapicheck/go.mod b/cmd/startupapicheck/go.mod index d502997aaa1..c387a9ac37b 100644 --- a/cmd/startupapicheck/go.mod +++ b/cmd/startupapicheck/go.mod @@ -77,12 +77,12 @@ require ( go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.1 // indirect diff --git a/cmd/startupapicheck/go.sum b/cmd/startupapicheck/go.sum index e25d1c2b86b..91269310837 100644 --- a/cmd/startupapicheck/go.sum +++ b/cmd/startupapicheck/go.sum @@ -151,8 +151,8 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -164,22 +164,22 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index daaf3a4c2a5..5d0fc7316d0 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -55,14 +55,14 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 64bb16f3606..2f07315697c 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -23,7 +23,6 @@ replace github.com/cert-manager/cert-manager => ../../ require ( github.com/cert-manager/cert-manager v0.0.0-00010101000000-000000000000 github.com/spf13/cobra v1.8.0 - k8s.io/apimachinery v0.30.1 k8s.io/component-base v0.30.1 sigs.k8s.io/controller-runtime v0.18.2 ) @@ -82,14 +81,14 @@ require ( go.opentelemetry.io/proto/otlp v1.2.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect @@ -101,6 +100,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/api v0.30.1 // indirect k8s.io/apiextensions-apiserver v0.30.1 // indirect + k8s.io/apimachinery v0.30.1 // indirect k8s.io/apiserver v0.30.1 // indirect k8s.io/client-go v0.30.1 // indirect k8s.io/klog/v2 v2.120.1 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index 48fdfa92e6b..2f03222064a 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -177,8 +177,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -197,8 +197,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -219,24 +219,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -245,8 +245,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/go.mod b/go.mod index 9cdb5c9a19e..21c84a6d66e 100644 --- a/go.mod +++ b/go.mod @@ -19,8 +19,8 @@ replace github.com/prometheus/client_golang => github.com/prometheus/client_gola replace github.com/go-asn1-ber/asn1-ber => github.com/go-asn1-ber/asn1-ber v1.5.6 require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 github.com/Venafi/vcert/v5 v5.6.4 github.com/akamai/AkamaiOPEN-edgegrid-golang v1.2.2 @@ -45,7 +45,7 @@ require ( github.com/spf13/cobra v1.8.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.9.0 - golang.org/x/crypto v0.23.0 + golang.org/x/crypto v0.24.0 golang.org/x/oauth2 v0.20.0 golang.org/x/sync v0.7.0 google.golang.org/api v0.181.0 @@ -69,7 +69,7 @@ require ( cloud.google.com/go/auth v0.4.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/NYTimes/gziphandler v1.1.1 // indirect @@ -173,12 +173,12 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect diff --git a/go.sum b/go.sum index 85982c57585..deeca85169d 100644 --- a/go.sum +++ b/go.sum @@ -5,12 +5,12 @@ cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKF cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0 h1:lpOxwrQ919lCZoNCd69rVt8u1eLZuMORrGXqy8sNf3c= github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns v1.2.0/go.mod h1:fSvRkb8d26z9dbL40Uf/OO6Vo9iExtZK3D0ulRV+8M0= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= @@ -416,8 +416,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= @@ -447,8 +447,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= @@ -476,24 +476,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -507,8 +507,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index 838b42075ac..3f825478209 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -54,12 +54,12 @@ github.com/spf13/cobra,https://github.com/spf13/cobra/blob/v1.8.0/LICENSE.txt,Ap github.com/spf13/pflag,https://github.com/spf13/pflag/blob/v1.0.5/LICENSE,BSD-3-Clause go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 0f8b3d0814f..541e7ff9ed4 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -94,15 +94,15 @@ require ( github.com/spf13/cobra v1.8.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect + golang.org/x/crypto v0.24.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index 718b48b8115..2a98e9b3c29 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -186,8 +186,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -206,8 +206,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -226,24 +226,24 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -252,8 +252,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= diff --git a/test/integration/LICENSES b/test/integration/LICENSES index 8b9f343dbed..890bb787e10 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -62,14 +62,14 @@ go.opentelemetry.io/otel/trace,https://github.com/open-telemetry/opentelemetry-g go.opentelemetry.io/proto/otlp,https://github.com/open-telemetry/opentelemetry-proto-go/blob/otlp/v1.2.0/otlp/LICENSE,Apache-2.0 go.uber.org/multierr,https://github.com/uber-go/multierr/blob/v1.11.0/LICENSE.txt,MIT go.uber.org/zap,https://github.com/uber-go/zap/blob/v1.27.0/LICENSE,MIT -golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.23.0:LICENSE,BSD-3-Clause +golang.org/x/crypto,https://cs.opensource.google/go/x/crypto/+/v0.24.0:LICENSE,BSD-3-Clause golang.org/x/exp,https://cs.opensource.google/go/x/exp/+/9bf2ced1:LICENSE,BSD-3-Clause -golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.25.0:LICENSE,BSD-3-Clause +golang.org/x/net,https://cs.opensource.google/go/x/net/+/v0.26.0:LICENSE,BSD-3-Clause golang.org/x/oauth2,https://cs.opensource.google/go/x/oauth2/+/v0.20.0:LICENSE,BSD-3-Clause golang.org/x/sync,https://cs.opensource.google/go/x/sync/+/v0.7.0:LICENSE,BSD-3-Clause -golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.20.0:LICENSE,BSD-3-Clause -golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.15.0:LICENSE,BSD-3-Clause +golang.org/x/sys/unix,https://cs.opensource.google/go/x/sys/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/term,https://cs.opensource.google/go/x/term/+/v0.21.0:LICENSE,BSD-3-Clause +golang.org/x/text,https://cs.opensource.google/go/x/text/+/v0.16.0:LICENSE,BSD-3-Clause golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,BSD-3-Clause gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 diff --git a/test/integration/go.mod b/test/integration/go.mod index 5371e7ec810..1c766c4f20c 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -29,7 +29,7 @@ require ( github.com/munnerz/crd-schema-fuzz v1.0.0 github.com/segmentio/encoding v0.4.0 github.com/stretchr/testify v1.9.0 - golang.org/x/crypto v0.23.0 + golang.org/x/crypto v0.24.0 golang.org/x/sync v0.7.0 k8s.io/api v0.30.1 k8s.io/apiextensions-apiserver v0.30.1 @@ -108,13 +108,13 @@ require ( go.uber.org/zap v1.27.0 // indirect golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 64bdfd89f23..9440b80bf1c 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -1289,8 +1289,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -1426,8 +1426,8 @@ golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1577,8 +1577,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -1594,8 +1594,8 @@ golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1615,8 +1615,8 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1696,8 +1696,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc golang.org/x/tools v0.3.0/go.mod h1:/rWhSS2+zyEVwoJf8YAX6L2f0ntZ7Kn/mGgAWcipA5k= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.7.0/go.mod h1:4pg6aUX35JBAogB10C9AtvVL+qowtN4pT3CGSQex14s= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg= +golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From c91273a9d56a3375ef44097f7308344f1335f789 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Mon, 17 Jun 2024 16:51:53 +0200 Subject: [PATCH 150/177] BUGFIX: retry signing when encountering transient error Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/controller/certificaterequests/vault/vault.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/controller/certificaterequests/vault/vault.go b/pkg/controller/certificaterequests/vault/vault.go index 242f923a576..194ef736ddd 100644 --- a/pkg/controller/certificaterequests/vault/vault.go +++ b/pkg/controller/certificaterequests/vault/vault.go @@ -92,7 +92,7 @@ func (v *Vault) Sign(ctx context.Context, cr *v1.CertificateRequest, issuerObj v message := "Failed to initialise vault client for signing" v.reporter.Pending(cr, err, "VaultInitError", message) log.Error(err, message) - return nil, nil + return nil, err // Return error to requeue and retry } certDuration := apiutil.DefaultCertDuration(cr.Spec.Duration) From c680694215ec846a3ffc5191d6b264a7b110a54a Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Tue, 18 Jun 2024 10:12:50 +0200 Subject: [PATCH 151/177] only retry when encountering a Vault non-InvalidData error Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- internal/vault/vault.go | 3 ++- pkg/controller/certificaterequests/vault/vault.go | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/internal/vault/vault.go b/internal/vault/vault.go index 5bf82cebd9b..479023800ca 100644 --- a/internal/vault/vault.go +++ b/internal/vault/vault.go @@ -38,6 +38,7 @@ import ( internalinformers "github.com/cert-manager/cert-manager/internal/informers" v1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" cmmeta "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors" "github.com/cert-manager/cert-manager/pkg/util/pki" ) @@ -220,7 +221,7 @@ func (v *Vault) setToken(ctx context.Context, client Client) error { return nil } - return fmt.Errorf("error initializing Vault client: tokenSecretRef, appRoleSecretRef, or Kubernetes auth role not set") + return cmerrors.NewInvalidData("error initializing Vault client: tokenSecretRef, appRoleSecretRef, or Kubernetes auth role not set") } func (v *Vault) newConfig() (*vault.Config, error) { diff --git a/pkg/controller/certificaterequests/vault/vault.go b/pkg/controller/certificaterequests/vault/vault.go index 194ef736ddd..419b1cdd7c5 100644 --- a/pkg/controller/certificaterequests/vault/vault.go +++ b/pkg/controller/certificaterequests/vault/vault.go @@ -30,6 +30,7 @@ import ( crutil "github.com/cert-manager/cert-manager/pkg/controller/certificaterequests/util" "github.com/cert-manager/cert-manager/pkg/issuer" logf "github.com/cert-manager/cert-manager/pkg/logs" + cmerrors "github.com/cert-manager/cert-manager/pkg/util/errors" ) const ( @@ -87,11 +88,15 @@ func (v *Vault) Sign(ctx context.Context, cr *v1.CertificateRequest, issuerObj v return nil, nil } - // TODO: distinguish between network errors and other which might warrant a failure. if err != nil { message := "Failed to initialise vault client for signing" v.reporter.Pending(cr, err, "VaultInitError", message) log.Error(err, message) + + if cmerrors.IsInvalidData(err) { + return nil, nil // Don't retry, wait for the issuer to be updated + } + return nil, err // Return error to requeue and retry } From db2a8f5f9cb0365edaa065282248f446834e4b71 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 19 Jun 2024 16:59:03 +0200 Subject: [PATCH 152/177] add testcase Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .../certificaterequests/vault/vault_test.go | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/pkg/controller/certificaterequests/vault/vault_test.go b/pkg/controller/certificaterequests/vault/vault_test.go index 6996b4c6713..2f28114c5d4 100644 --- a/pkg/controller/certificaterequests/vault/vault_test.go +++ b/pkg/controller/certificaterequests/vault/vault_test.go @@ -329,6 +329,47 @@ func TestSign(t *testing.T) { }, }, }, + "a client with a token secret referenced with token but temporary failed to authenticate should report pending and return error": { + certificateRequest: baseCR.DeepCopy(), + builder: &testpkg.Builder{ + KubeObjects: []runtime.Object{tokenSecret}, + CertManagerObjects: []runtime.Object{baseCR.DeepCopy(), gen.IssuerFrom(baseIssuer, + gen.SetIssuerVault(cmapi.VaultIssuer{ + Auth: cmapi.VaultAuth{ + TokenSecretRef: &cmmeta.SecretKeySelector{ + Key: "my-token-key", + LocalObjectReference: cmmeta.LocalObjectReference{ + Name: "token-secret", + }, + }, + }, + }), + )}, + ExpectedEvents: []string{ + "Normal VaultInitError Failed to initialise vault client for signing: failed to create vault client, temporary auth failure", + }, + ExpectedActions: []testpkg.Action{ + testpkg.NewAction(coretesting.NewUpdateSubresourceAction( + cmapi.SchemeGroupVersion.WithResource("certificaterequests"), + "status", + gen.DefaultTestNamespace, + gen.CertificateRequestFrom(baseCR, + gen.SetCertificateRequestStatusCondition(cmapi.CertificateRequestCondition{ + Type: cmapi.CertificateRequestConditionReady, + Status: cmmeta.ConditionFalse, + Reason: cmapi.CertificateRequestReasonPending, + Message: "Failed to initialise vault client for signing: failed to create vault client, temporary auth failure", + LastTransitionTime: &metaFixedClockStart, + }), + ), + )), + }, + }, + fakeVault: fakevault.New().WithNew(func(string, internalinformers.SecretLister, cmapi.GenericIssuer) (*fakevault.Vault, error) { + return nil, errors.New("failed to create vault client, temporary auth failure") + }), + expectedErr: true, + }, "a client with a token secret referenced with token but failed to sign should report fail": { certificateRequest: baseCR.DeepCopy(), builder: &testpkg.Builder{ From 7936ff00e5cdd9dc4cf34a67c0defece52328c2d Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Tue, 25 Jun 2024 12:28:06 +0100 Subject: [PATCH 153/177] [release-1.15] Bump go-retryablehttp to address CVE-2024-6104 Signed-off-by: Ashley Davis --- LICENSES | 2 +- cmd/controller/LICENSES | 2 +- cmd/controller/go.mod | 2 +- cmd/controller/go.sum | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- test/e2e/LICENSES | 2 +- test/e2e/go.mod | 2 +- test/e2e/go.sum | 4 ++-- 9 files changed, 12 insertions(+), 12 deletions(-) diff --git a/LICENSES b/LICENSES index 0c479641b72..803503815e4 100644 --- a/LICENSES +++ b/LICENSES @@ -81,7 +81,7 @@ github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.7/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.8/parseutil/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index 8d0b7212ff9..ed6a341ca46 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -74,7 +74,7 @@ github.com/grpc-ecosystem/grpc-gateway/v2,https://github.com/grpc-ecosystem/grpc github.com/hashicorp/errwrap,https://github.com/hashicorp/errwrap/blob/v1.1.0/LICENSE,MPL-2.0 github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 github.com/hashicorp/go-multierror,https://github.com/hashicorp/go-multierror/blob/v1.1.1/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.7/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/parseutil,https://github.com/hashicorp/go-secure-stdlib/blob/parseutil/v0.1.8/parseutil/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index a6afde90d82..574f8c6a208 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -97,7 +97,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.6 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index be02917d25e..d355d7f50a8 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -208,8 +208,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= -github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= diff --git a/go.mod b/go.mod index 21c84a6d66e..39c55251332 100644 --- a/go.mod +++ b/go.mod @@ -122,7 +122,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.6 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect diff --git a/go.sum b/go.sum index deeca85169d..84363adf070 100644 --- a/go.sum +++ b/go.sum @@ -216,8 +216,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= -github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= diff --git a/test/e2e/LICENSES b/test/e2e/LICENSES index 3f825478209..2ebfc6a580f 100644 --- a/test/e2e/LICENSES +++ b/test/e2e/LICENSES @@ -25,7 +25,7 @@ github.com/google/gofuzz,https://github.com/google/gofuzz/blob/v1.2.0/LICENSE,Ap github.com/google/uuid,https://github.com/google/uuid/blob/v1.6.0/LICENSE,BSD-3-Clause github.com/gorilla/websocket,https://github.com/gorilla/websocket/blob/v1.5.1/LICENSE,BSD-3-Clause github.com/hashicorp/go-cleanhttp,https://github.com/hashicorp/go-cleanhttp/blob/v0.5.2/LICENSE,MPL-2.0 -github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.6/LICENSE,MPL-2.0 +github.com/hashicorp/go-retryablehttp,https://github.com/hashicorp/go-retryablehttp/blob/v0.7.7/LICENSE,MPL-2.0 github.com/hashicorp/go-rootcerts,https://github.com/hashicorp/go-rootcerts/blob/v1.0.2/LICENSE,MPL-2.0 github.com/hashicorp/go-secure-stdlib/strutil,https://github.com/hashicorp/go-secure-stdlib/blob/strutil/v0.1.2/strutil/LICENSE,MPL-2.0 github.com/hashicorp/vault-client-go,https://github.com/hashicorp/vault-client-go/blob/v0.4.3/LICENSE,MPL-2.0 diff --git a/test/e2e/go.mod b/test/e2e/go.mod index 541e7ff9ed4..ef7d52d0ade 100644 --- a/test/e2e/go.mod +++ b/test/e2e/go.mod @@ -69,7 +69,7 @@ require ( github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.1 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-retryablehttp v0.7.6 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/imdario/mergo v0.3.16 // indirect diff --git a/test/e2e/go.sum b/test/e2e/go.sum index 2a98e9b3c29..67507a9dfef 100644 --- a/test/e2e/go.sum +++ b/test/e2e/go.sum @@ -76,8 +76,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= -github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= From a1ad797611087dfcc566ec939040a8f0206447f6 Mon Sep 17 00:00:00 2001 From: cert-manager-bot Date: Wed, 10 Jul 2024 10:09:10 +0000 Subject: [PATCH 154/177] BOT: run 'make upgrade-klone' and 'make generate' Signed-off-by: cert-manager-bot --- klone.yaml | 14 +++++++------- make/_shared/go/01_mod.mk | 35 +++++++++++++++++++++++++++++++++++ make/_shared/tools/00_mod.mk | 12 ++++++------ 3 files changed, 48 insertions(+), 13 deletions(-) diff --git a/klone.yaml b/klone.yaml index 6486653b1a5..3ee4c0d986e 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: f370709172d660a1589ed120aa34fd9adbeadc64 + repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 repo_path: modules/tools diff --git a/make/_shared/go/01_mod.mk b/make/_shared/go/01_mod.mk index 0e4d4185cae..9a28ed31835 100644 --- a/make/_shared/go/01_mod.mk +++ b/make/_shared/go/01_mod.mk @@ -23,6 +23,41 @@ endif go_base_dir := $(dir $(lastword $(MAKEFILE_LIST)))/base/ golangci_lint_override := $(dir $(lastword $(MAKEFILE_LIST)))/.golangci.override.yaml +.PHONY: go-workspace +go-workspace: export GOWORK?=$(abspath go.work) +## Create a go.work file in the repository root (or GOWORK) +## +## @category Development +go-workspace: | $(NEEDS_GO) + @rm -f $(GOWORK) + $(GO) work init + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ + | while read d; do \ + target=$$(dirname $${d}); \ + $(GO) work use "$${target}"; \ + done + +.PHONY: go-tidy +## Alias for `make generate-go-mod-tidy` +## @category [shared] Generate/ Verify +go-tidy: generate-go-mod-tidy + +.PHONY: generate-go-mod-tidy +## Run `go mod tidy` on all Go modules +## @category [shared] Generate/ Verify +generate-go-mod-tidy: | $(NEEDS_GO) + @find . -name go.mod -not \( -path "./$(bin_dir)/*" -or -path "./make/_shared/*" \) \ + | while read d; do \ + target=$$(dirname $${d}); \ + echo "Running 'go mod tidy' in directory '$${target}'"; \ + pushd "$${target}" >/dev/null; \ + $(GO) mod tidy || exit; \ + popd >/dev/null; \ + echo ""; \ + done + +shared_generate_targets += generate-go-mod-tidy + .PHONY: generate-govulncheck ## Generate base files in the repository ## @category [shared] Generate/ Verify diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index e2400990825..39d76d50785 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -111,7 +111,7 @@ tools += goreleaser=v1.25.1 # https://pkg.go.dev/github.com/anchore/syft/cmd/syft?tab=versions tools += syft=v0.100.0 # https://github.com/cert-manager/helm-tool -tools += helm-tool=v0.4.2 +tools += helm-tool=v0.5.1 # https://github.com/cert-manager/cmctl tools += cmctl=v2.0.0 # https://pkg.go.dev/github.com/cert-manager/release/cmd/cmrel?tab=versions @@ -153,7 +153,7 @@ ADDITIONAL_TOOLS ?= tools += $(ADDITIONAL_TOOLS) # https://go.dev/dl/ -VENDORED_GO_VERSION := 1.22.3 +VENDORED_GO_VERSION := 1.22.5 # Print the go version which can be used in GH actions .PHONY: print-go-version @@ -363,10 +363,10 @@ $(call for_each_kv,go_dependency,$(go_dependencies)) # File downloads # ################## -go_linux_amd64_SHA256SUM=8920ea521bad8f6b7bc377b4824982e011c19af27df88a815e3586ea895f1b36 -go_linux_arm64_SHA256SUM=6c33e52a5b26e7aa021b94475587fce80043a727a54ceb0eee2f9fc160646434 -go_darwin_amd64_SHA256SUM=610e48c1df4d2f852de8bc2e7fd2dc1521aac216f0c0026625db12f67f192024 -go_darwin_arm64_SHA256SUM=02abeab3f4b8981232237ebd88f0a9bad933bc9621791cd7720a9ca29eacbe9d +go_linux_amd64_SHA256SUM=904b924d435eaea086515bc63235b192ea441bd8c9b198c507e85009e6e4c7f0 +go_linux_arm64_SHA256SUM=8d21325bfcf431be3660527c1a39d3d9ad71535fabdf5041c826e44e31642b5a +go_darwin_amd64_SHA256SUM=95d9933cdcf45f211243c42c7705c37353cccd99f27eb4d8e2d1bf2f4165cb50 +go_darwin_arm64_SHA256SUM=4cd1bcb05be03cecb77bccd765785d5ff69d79adf4dd49790471d00c06b41133 .PRECIOUS: $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz $(DOWNLOAD_DIR)/tools/go@$(VENDORED_GO_VERSION)_$(HOST_OS)_$(HOST_ARCH).tar.gz: | $(DOWNLOAD_DIR)/tools From d313a2075130aea0c368954447bfb40767d03461 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 10 Jul 2024 12:12:28 +0200 Subject: [PATCH 155/177] remove duplicate make targets Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- make/02_mod.mk | 23 +---------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/make/02_mod.mk b/make/02_mod.mk index e9259b44ee9..e429520623e 100644 --- a/make/02_mod.mk +++ b/make/02_mod.mk @@ -36,29 +36,8 @@ include make/e2e-setup.mk include make/scan.mk include make/ko.mk -.PHONY: go-workspace -go-workspace: export GOWORK?=$(abspath go.work) -## Create a go.work file in the repository root (or GOWORK) -## -## @category Development -go-workspace: | $(NEEDS_GO) - @rm -f $(GOWORK) - $(GO) work init - $(GO) work use . ./cmd/acmesolver ./cmd/cainjector ./cmd/controller ./cmd/startupapicheck ./cmd/webhook ./test/integration ./test/e2e - .PHONY: tidy -## Run "go mod tidy" on each module in this repo -## -## @category Development -tidy: | $(NEEDS_GO) - $(GO) mod tidy - cd cmd/acmesolver && $(GO) mod tidy - cd cmd/cainjector && $(GO) mod tidy - cd cmd/controller && $(GO) mod tidy - cd cmd/startupapicheck && $(GO) mod tidy - cd cmd/webhook && $(GO) mod tidy - cd test/integration && $(GO) mod tidy - cd test/e2e && $(GO) mod tidy +tidy: generate-go-mod-tidy .PHONY: update-base-images update-base-images: | $(NEEDS_CRANE) From a3f47806404a602d91673a254c4db13a224266e1 Mon Sep 17 00:00:00 2001 From: Ashley Davis Date: Wed, 10 Jul 2024 12:14:25 +0100 Subject: [PATCH 156/177] [release-1.15] bump go-grpc to fix GHSA-xr7q-jx4m-x55m Signed-off-by: Ashley Davis --- LICENSES | 2 +- cmd/controller/LICENSES | 2 +- cmd/controller/go.mod | 2 +- cmd/controller/go.sum | 4 ++-- cmd/webhook/LICENSES | 2 +- cmd/webhook/go.mod | 2 +- cmd/webhook/go.sum | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- test/integration/LICENSES | 2 +- test/integration/go.mod | 2 +- test/integration/go.sum | 4 ++-- 12 files changed, 16 insertions(+), 16 deletions(-) diff --git a/LICENSES b/LICENSES index 803503815e4..a1645b38151 100644 --- a/LICENSES +++ b/LICENSES @@ -150,7 +150,7 @@ google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0 google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 diff --git a/cmd/controller/LICENSES b/cmd/controller/LICENSES index ed6a341ca46..196f9568c4e 100644 --- a/cmd/controller/LICENSES +++ b/cmd/controller/LICENSES @@ -139,7 +139,7 @@ google.golang.org/api,https://github.com/googleapis/google-api-go-client/blob/v0 google.golang.org/api/internal/third_party/uritemplates,https://github.com/googleapis/google-api-go-client/blob/v0.181.0/internal/third_party/uritemplates/LICENSE,BSD-3-Clause google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/ini.v1,https://github.com/go-ini/ini/blob/v1.67.0/LICENSE,Apache-2.0 diff --git a/cmd/controller/go.mod b/cmd/controller/go.mod index 574f8c6a208..ce8ca2a69a6 100644 --- a/cmd/controller/go.mod +++ b/cmd/controller/go.mod @@ -160,7 +160,7 @@ require ( google.golang.org/api v0.181.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/cmd/controller/go.sum b/cmd/controller/go.sum index d355d7f50a8..3ba69cc13f9 100644 --- a/cmd/controller/go.sum +++ b/cmd/controller/go.sum @@ -523,8 +523,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/cmd/webhook/LICENSES b/cmd/webhook/LICENSES index 5d0fc7316d0..2e3ab7de91a 100644 --- a/cmd/webhook/LICENSES +++ b/cmd/webhook/LICENSES @@ -67,7 +67,7 @@ golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,B gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 diff --git a/cmd/webhook/go.mod b/cmd/webhook/go.mod index 2f07315697c..b9fb1dfb565 100644 --- a/cmd/webhook/go.mod +++ b/cmd/webhook/go.mod @@ -93,7 +93,7 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/cmd/webhook/go.sum b/cmd/webhook/go.sum index 2f03222064a..2d5ea797a54 100644 --- a/cmd/webhook/go.sum +++ b/cmd/webhook/go.sum @@ -257,8 +257,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1: google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/go.mod b/go.mod index 39c55251332..39186e51382 100644 --- a/go.mod +++ b/go.mod @@ -183,7 +183,7 @@ require ( google.golang.org/genproto v0.0.0-20240401170217-c3f982113cda // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/go.sum b/go.sum index 84363adf070..90f95f5a083 100644 --- a/go.sum +++ b/go.sum @@ -533,8 +533,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/test/integration/LICENSES b/test/integration/LICENSES index 890bb787e10..26d55bc5dc8 100644 --- a/test/integration/LICENSES +++ b/test/integration/LICENSES @@ -74,7 +74,7 @@ golang.org/x/time/rate,https://cs.opensource.google/go/x/time/+/v0.5.0:LICENSE,B gomodules.xyz/jsonpatch/v2,https://github.com/gomodules/jsonpatch/blob/v2.4.0/v2/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/api,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/api/LICENSE,Apache-2.0 google.golang.org/genproto/googleapis/rpc,https://github.com/googleapis/go-genproto/blob/fc5f0ca64291/googleapis/rpc/LICENSE,Apache-2.0 -google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.0/LICENSE,Apache-2.0 +google.golang.org/grpc,https://github.com/grpc/grpc-go/blob/v1.64.1/LICENSE,Apache-2.0 google.golang.org/protobuf,https://github.com/protocolbuffers/protobuf-go/blob/v1.34.1/LICENSE,BSD-3-Clause gopkg.in/inf.v0,https://github.com/go-inf/inf/blob/v0.9.1/LICENSE,BSD-3-Clause gopkg.in/yaml.v2,https://github.com/go-yaml/yaml/blob/v2.4.0/LICENSE,Apache-2.0 diff --git a/test/integration/go.mod b/test/integration/go.mod index 1c766c4f20c..d029754d981 100644 --- a/test/integration/go.mod +++ b/test/integration/go.mod @@ -118,7 +118,7 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/grpc v1.64.1 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/test/integration/go.sum b/test/integration/go.sum index 9440b80bf1c..912462f2e51 100644 --- a/test/integration/go.sum +++ b/test/integration/go.sum @@ -1976,8 +1976,8 @@ google.golang.org/grpc v1.52.0/go.mod h1:pu6fVzoFb+NBYNAvQL08ic+lvB2IojljRYuun5v google.golang.org/grpc v1.53.0/go.mod h1:OnIrk0ipVdj4N5d9IUoFUx72/VlD7+jUsHwZgwSMQpw= google.golang.org/grpc v1.54.0/go.mod h1:PUSEXI6iWghWaB6lXM4knEgpJNu2qUcKfDtNci3EC2g= google.golang.org/grpc v1.55.0/go.mod h1:iYEXKGkEBhg1PjZQvoYEVPTDkHo1/bjTnfwTeGONTY8= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= From a475a5f7642664a97cffee65e71646c68c9cb48f Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Tue, 16 Jul 2024 11:17:40 +0100 Subject: [PATCH 157/177] test: adds test for getHTTPRouteForChallenge Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 114 +++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 pkg/issuer/acme/http/httproute_test.go diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go new file mode 100644 index 00000000000..061bfee1995 --- /dev/null +++ b/pkg/issuer/acme/http/httproute_test.go @@ -0,0 +1,114 @@ +package http + +import ( + "context" + "reflect" + "testing" + + gwapi "sigs.k8s.io/gateway-api/apis/v1" + + cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" +) + +func TestGetGatewayHTTPRouteForChallenge(t *testing.T) { + const createdHTTPRouteKey = "createdHTTPRoute" + tests := map[string]solverFixture{ + "should return one httproute that matches": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + httpRoute, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + s.testResources[createdHTTPRouteKey] = httpRoute + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + createdHTTPRoute := s.testResources[createdHTTPRouteKey].(*gwapi.HTTPRoute) + gotHttpRoute := args[0].(*gwapi.HTTPRoute) + if !reflect.DeepEqual(gotHttpRoute, createdHTTPRoute) { + t.Errorf("Expected %v to equal %v", gotHttpRoute, createdHTTPRoute) + } + }, + }, + "should return one httproute for IP that matches": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "10.0.0.1", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + httpRoute, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + s.testResources[createdHTTPRouteKey] = httpRoute + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + createdHTTPRoute := s.testResources[createdHTTPRouteKey].(*gwapi.HTTPRoute) + gotHttpRoute := args[0].(*gwapi.HTTPRoute) + if !reflect.DeepEqual(gotHttpRoute, createdHTTPRoute) { + t.Errorf("Expected %v to equal %v", gotHttpRoute, createdHTTPRoute) + } + }, + }, + "should not return an httproute for the same certificate but different domain": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + differentChallenge := s.Challenge.DeepCopy() + differentChallenge.Spec.DNSName = "notexample.com" + _, err := s.Solver.createGatewayHTTPRoute(context.TODO(), differentChallenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + gotHttpRoute := args[0].(*gwapi.HTTPRoute) + if gotHttpRoute != nil { + t.Errorf("Expected function to not return an HTTPRoute, but got: %v", gotHttpRoute) + } + }, + }, + } + for name, test := range tests { + t.Run(name, func(t *testing.T) { + test.Setup(t) + resp, err := test.Solver.getGatewayHTTPRoute(context.TODO(), test.Challenge) + if err != nil && !test.Err { + t.Errorf("Expected function to not error, but got: %v", err) + } + if err == nil && test.Err { + t.Errorf("Expected function to get an error, but got: %v", err) + } + test.Finish(t, resp, err) + }) + } +} From a55f51d7831892933f17185310615e180a91de30 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Tue, 16 Jul 2024 16:24:48 +0100 Subject: [PATCH 158/177] fix: checkAndUpdateGatewayHTTPRoute function Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/issuer/acme/http/httproute.go b/pkg/issuer/acme/http/httproute.go index cf761b75d4e..6bd694fed40 100644 --- a/pkg/issuer/acme/http/httproute.go +++ b/pkg/issuer/acme/http/httproute.go @@ -117,7 +117,7 @@ func (s *Solver) checkAndUpdateGatewayHTTPRoute(ctx context.Context, ch *cmacme. for k, v := range ch.Spec.Solver.HTTP01.GatewayHTTPRoute.Labels { expectedLabels[k] = v } - actualLabels := ch.Labels + actualLabels := httpRoute.Labels if reflect.DeepEqual(expectedSpec, actualSpec) && reflect.DeepEqual(expectedLabels, actualLabels) { return httpRoute, nil } @@ -132,6 +132,7 @@ func (s *Solver) checkAndUpdateGatewayHTTPRoute(ctx context.Context, ch *cmacme. newHTTPRoute := oldHTTPRoute.DeepCopy() newHTTPRoute.Spec = expectedSpec newHTTPRoute.Labels = expectedLabels + newHTTPRoute.GenerateName = "" ret, err = s.GWClient.GatewayV1().HTTPRoutes(newHTTPRoute.Namespace).Update(ctx, newHTTPRoute, metav1.UpdateOptions{}) if err != nil { return err From 8365f8e3c29c2774ff86ac59271f30ff6b010073 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Tue, 16 Jul 2024 16:25:42 +0100 Subject: [PATCH 159/177] test: add test for ensureGatewayHTTPRoute Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 58 ++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go index 061bfee1995..3bf470164c4 100644 --- a/pkg/issuer/acme/http/httproute_test.go +++ b/pkg/issuer/acme/http/httproute_test.go @@ -5,6 +5,8 @@ import ( "reflect" "testing" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/utils/diff" gwapi "sigs.k8s.io/gateway-api/apis/v1" cmacme "github.com/cert-manager/cert-manager/pkg/apis/acme/v1" @@ -112,3 +114,59 @@ func TestGetGatewayHTTPRouteForChallenge(t *testing.T) { }) } } + +func TestEnsureGatewayHTTPRoute(t *testing.T) { + tests := map[string]solverFixture{ + "should update challenge httproute if service changes": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + _, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "anotherfakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + httpRoutes, err := s.Solver.httpRouteLister.List(labels.NewSelector()) + if err != nil { + t.Errorf("error listing HTTPRoutes: %v", err) + t.Fail() + return + } + + if len(httpRoutes) != 1 { + t.Errorf("Expected 1 HTTPRoute, but got: %v", len(httpRoutes)) + } + + gotHTTPRouteSpec := httpRoutes[0].Spec + expectedHTTPRoute := generateHTTPRouteSpec(s.Challenge, "fakeservice") + if !reflect.DeepEqual(gotHTTPRouteSpec, expectedHTTPRoute) { + t.Errorf("Expected HTTPRoute specs to match, but got diff:\n%v", + diff.ObjectDiff(gotHTTPRouteSpec, expectedHTTPRoute)) + } + }, + }, + } + for name, test := range tests { + t.Run(name, func(t *testing.T) { + test.Setup(t) + resp, err := test.Solver.ensureGatewayHTTPRoute(context.TODO(), test.Challenge, "fakeservice") + if err != nil && !test.Err { + t.Errorf("Expected function to not error, but got: %v", err) + } + if err == nil && test.Err { + t.Errorf("Expected function to get an error, but got: %v", err) + } + test.Finish(t, resp, err) + }) + } +} From 580044ba178846674b938ac1d3b4e56fa07404b5 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Tue, 16 Jul 2024 22:03:49 +0100 Subject: [PATCH 160/177] test: add test for multiple httproute resources Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 38 ++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go index 3bf470164c4..773bf3d7f4b 100644 --- a/pkg/issuer/acme/http/httproute_test.go +++ b/pkg/issuer/acme/http/httproute_test.go @@ -117,6 +117,44 @@ func TestGetGatewayHTTPRouteForChallenge(t *testing.T) { func TestEnsureGatewayHTTPRoute(t *testing.T) { tests := map[string]solverFixture{ + "should not create another httproute if one exists": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + PreFn: func(t *testing.T, s *solverFixture) { + _, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + httpRoutes, err := s.Solver.httpRouteLister.List(labels.NewSelector()) + if err != nil { + t.Errorf("error listing HTTPRoutes: %v", err) + t.Fail() + return + } + + if len(httpRoutes) != 1 { + t.Errorf("Expected 1 HTTPRoute, but got: %v", len(httpRoutes)) + } + + gotHTTPRouteSpec := httpRoutes[0].Spec + expectedHTTPRoute := generateHTTPRouteSpec(s.Challenge, "fakeservice") + if !reflect.DeepEqual(gotHTTPRouteSpec, expectedHTTPRoute) { + t.Errorf("Expected HTTPRoute specs to match, but got diff:\n%v", + diff.ObjectDiff(gotHTTPRouteSpec, expectedHTTPRoute)) + } + }, + }, "should update challenge httproute if service changes": { Challenge: &cmacme.Challenge{ Spec: cmacme.ChallengeSpec{ From 586e484efd847d4dc300cfd26736f29188dc3925 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Wed, 17 Jul 2024 11:39:51 +0100 Subject: [PATCH 161/177] test: check for httproute clean-up Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 37 ++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go index 773bf3d7f4b..bc325d5e5b0 100644 --- a/pkg/issuer/acme/http/httproute_test.go +++ b/pkg/issuer/acme/http/httproute_test.go @@ -99,6 +99,43 @@ func TestGetGatewayHTTPRouteForChallenge(t *testing.T) { } }, }, + "should clean-up if there are multiple httproute resources": { + Challenge: &cmacme.Challenge{ + Spec: cmacme.ChallengeSpec{ + DNSName: "example.com", + Solver: cmacme.ACMEChallengeSolver{ + HTTP01: &cmacme.ACMEChallengeSolverHTTP01{ + GatewayHTTPRoute: &cmacme.ACMEChallengeSolverHTTP01GatewayHTTPRoute{}, + }, + }, + }, + }, + Err: true, + PreFn: func(t *testing.T, s *solverFixture) { + _, err := s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + _, err = s.Solver.createGatewayHTTPRoute(context.TODO(), s.Challenge, "fakeservice") + if err != nil { + t.Errorf("error preparing test: %v", err) + } + + s.Builder.Sync() + }, + CheckFn: func(t *testing.T, s *solverFixture, args ...interface{}) { + httpRoutes, err := s.Solver.httpRouteLister.List(labels.NewSelector()) + if err != nil { + t.Errorf("error listing HTTPRoutes: %v", err) + t.Fail() + return + } + if len(httpRoutes) != 1 { + t.Errorf("Expected 1 HTTPRoute, but got: %v", len(httpRoutes)) + } + }, + }, } for name, test := range tests { t.Run(name, func(t *testing.T) { From cb975ffa8bd291d5dce1e1180dea117a7d50c68c Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Wed, 17 Jul 2024 11:40:17 +0100 Subject: [PATCH 162/177] fix: add missing hyphen to generateName Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/issuer/acme/http/httproute.go b/pkg/issuer/acme/http/httproute.go index 6bd694fed40..8f150e0de2d 100644 --- a/pkg/issuer/acme/http/httproute.go +++ b/pkg/issuer/acme/http/httproute.go @@ -95,7 +95,7 @@ func (s *Solver) createGatewayHTTPRoute(ctx context.Context, ch *cmacme.Challeng } httpRoute := &gwapi.HTTPRoute{ ObjectMeta: metav1.ObjectMeta{ - GenerateName: "cm-acme-http-solver", + GenerateName: "cm-acme-http-solver-", Namespace: ch.Namespace, Labels: labels, OwnerReferences: []metav1.OwnerReference{*metav1.NewControllerRef(ch, challengeGvk)}, From bdb4f1e8f4c9c325749999ff2bb6fe54ad699ccd Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Wed, 17 Jul 2024 12:23:30 +0100 Subject: [PATCH 163/177] fix: httproute spec deep equal Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/issuer/acme/http/httproute.go b/pkg/issuer/acme/http/httproute.go index 8f150e0de2d..a55ed8ab063 100644 --- a/pkg/issuer/acme/http/httproute.go +++ b/pkg/issuer/acme/http/httproute.go @@ -166,6 +166,7 @@ func generateHTTPRouteSpec(ch *cmacme.Challenge, svcName string) gwapi.HTTPRoute { BackendRef: gwapi.BackendRef{ BackendObjectReference: gwapi.BackendObjectReference{ + Group: func() *gwapi.Group { g := gwapi.Group(""); return &g }(), Kind: func() *gwapi.Kind { k := gwapi.Kind("Service"); return &k }(), Name: gwapi.ObjectName(svcName), Namespace: func() *gwapi.Namespace { n := gwapi.Namespace(ch.Namespace); return &n }(), From 8dc99995898ddacd6831aa276120265019c9665b Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Wed, 17 Jul 2024 17:57:33 +0100 Subject: [PATCH 164/177] revert: remove override for generate name Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute.go | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/issuer/acme/http/httproute.go b/pkg/issuer/acme/http/httproute.go index a55ed8ab063..d6059d053fd 100644 --- a/pkg/issuer/acme/http/httproute.go +++ b/pkg/issuer/acme/http/httproute.go @@ -132,7 +132,6 @@ func (s *Solver) checkAndUpdateGatewayHTTPRoute(ctx context.Context, ch *cmacme. newHTTPRoute := oldHTTPRoute.DeepCopy() newHTTPRoute.Spec = expectedSpec newHTTPRoute.Labels = expectedLabels - newHTTPRoute.GenerateName = "" ret, err = s.GWClient.GatewayV1().HTTPRoutes(newHTTPRoute.Namespace).Update(ctx, newHTTPRoute, metav1.UpdateOptions{}) if err != nil { return err From e218851d862b5c71b2b1c169e5e77dace4ceb56c Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Thu, 18 Jul 2024 11:49:27 +0100 Subject: [PATCH 165/177] fix: do not present challenge for Gateway API if feature not enabled Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/http.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkg/issuer/acme/http/http.go b/pkg/issuer/acme/http/http.go index 8858f166595..f1b71f799c3 100644 --- a/pkg/issuer/acme/http/http.go +++ b/pkg/issuer/acme/http/http.go @@ -125,6 +125,9 @@ func (s *Solver) Present(ctx context.Context, issuer v1.GenericIssuer, ch *cmacm return utilerrors.NewAggregate([]error{podErr, svcErr, ingressErr}) } if ch.Spec.Solver.HTTP01.GatewayHTTPRoute != nil { + if !s.GatewaySolverEnabled { + return fmt.Errorf("couldn't Present challenge %s/%s: gateway api is not enabled", ch.Namespace, ch.Name) + } _, gatewayErr = s.ensureGatewayHTTPRoute(ctx, ch, svcName) return utilerrors.NewAggregate([]error{podErr, svcErr, gatewayErr}) } From ff18804cdc8a3566fa26e1b253ccf7fc909b1501 Mon Sep 17 00:00:00 2001 From: Miguel Varela Ramos Date: Thu, 18 Jul 2024 11:58:24 +0100 Subject: [PATCH 166/177] fix: add boilerplate to test file Signed-off-by: Miguel Varela Ramos --- pkg/issuer/acme/http/httproute_test.go | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/pkg/issuer/acme/http/httproute_test.go b/pkg/issuer/acme/http/httproute_test.go index bc325d5e5b0..c6e86c010ef 100644 --- a/pkg/issuer/acme/http/httproute_test.go +++ b/pkg/issuer/acme/http/httproute_test.go @@ -1,3 +1,19 @@ +/* +Copyright 2020 The cert-manager Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package http import ( From b37218108b461cca479267b9cdcdf2786faa8916 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Thu, 18 Jul 2024 16:58:24 +0200 Subject: [PATCH 167/177] run 'make upgrade-klone' and 'make generate' Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- .github/workflows/govulncheck.yaml | 7 ++- .github/workflows/make-self-upgrade.yaml | 17 +++++-- klone.yaml | 14 ++--- .../base/.github/workflows/govulncheck.yaml | 7 ++- make/_shared/help/help.sh | 8 +-- .../.github/workflows/make-self-upgrade.yaml | 17 +++++-- make/_shared/tools/00_mod.mk | 51 +++++-------------- 7 files changed, 61 insertions(+), 60 deletions(-) diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml index 405e8dec99c..1a6ffc0ee54 100644 --- a/.github/workflows/govulncheck.yaml +++ b/.github/workflows/govulncheck.yaml @@ -10,18 +10,21 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/.github/workflows/make-self-upgrade.yaml b/.github/workflows/make-self-upgrade.yaml index 93beedff044..063c3529a3c 100644 --- a/.github/workflows/make-self-upgrade.yaml +++ b/.github/workflows/make-self-upgrade.yaml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: self_upgrade: runs-on: ubuntu-latest @@ -27,13 +30,13 @@ jobs: echo "This workflow should not be run on a non-branch-head." exit 1 - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ steps.go-version.outputs.result }} @@ -64,7 +67,7 @@ jobs: git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { repo, owner } = context.repo; @@ -77,7 +80,7 @@ jobs: }); if (pulls.data.length < 1) { - await github.rest.pulls.create({ + const result = await github.rest.pulls.create({ title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, @@ -87,4 +90,10 @@ jobs: 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), }); + await github.rest.issues.addLabels({ + owner, + repo, + issue_number: result.data.number, + labels: ['skip-review'] + }); } diff --git a/klone.yaml b/klone.yaml index 3ee4c0d986e..1c4f7184395 100644 --- a/klone.yaml +++ b/klone.yaml @@ -10,35 +10,35 @@ targets: - folder_name: boilerplate repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/boilerplate - folder_name: generate-verify repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/generate-verify - folder_name: go repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/go - folder_name: help repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/help - folder_name: klone repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/klone - folder_name: repository-base repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/repository-base - folder_name: tools repo_url: https://github.com/cert-manager/makefile-modules.git repo_ref: main - repo_hash: 140169ff41d87878ddb0fdfd5ecf567aee25d992 + repo_hash: 7200a66ad8f9488094e3ca72b06b9c0768323286 repo_path: modules/tools diff --git a/make/_shared/go/base/.github/workflows/govulncheck.yaml b/make/_shared/go/base/.github/workflows/govulncheck.yaml index 405e8dec99c..1a6ffc0ee54 100644 --- a/make/_shared/go/base/.github/workflows/govulncheck.yaml +++ b/make/_shared/go/base/.github/workflows/govulncheck.yaml @@ -10,18 +10,21 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: govulncheck: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ steps.go-version.outputs.result }} diff --git a/make/_shared/help/help.sh b/make/_shared/help/help.sh index d9c831ff774..400aab3d5fe 100755 --- a/make/_shared/help/help.sh +++ b/make/_shared/help/help.sh @@ -71,10 +71,10 @@ done <<< "$raw_expansions" ## 3. Sort and print the extracted line items -RULE_COLOR="$(tput setaf 6)" -CATEGORY_COLOR="$(tput setaf 3)" -CLEAR_STYLE="$(tput sgr0)" -PURPLE=$(tput setaf 125) +RULE_COLOR="$(TERM=xterm tput setaf 6)" +CATEGORY_COLOR="$(TERM=xterm tput setaf 3)" +CLEAR_STYLE="$(TERM=xterm tput sgr0)" +PURPLE=$(TERM=xterm tput setaf 125) extracted_lines=$(echo -e "$extracted_lines" | LC_ALL=C sort -r) current_category="" diff --git a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml index 93beedff044..063c3529a3c 100644 --- a/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml +++ b/make/_shared/repository-base/base/.github/workflows/make-self-upgrade.yaml @@ -8,6 +8,9 @@ on: schedule: - cron: '0 0 * * *' +permissions: + contents: read + jobs: self_upgrade: runs-on: ubuntu-latest @@ -27,13 +30,13 @@ jobs: echo "This workflow should not be run on a non-branch-head." exit 1 - - uses: actions/checkout@v4 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - id: go-version run: | make print-go-version >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@v5 + - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: ${{ steps.go-version.outputs.result }} @@ -64,7 +67,7 @@ jobs: git push -f origin "$SELF_UPGRADE_BRANCH" - if: ${{ steps.is-up-to-date.outputs.result != 'true' }} - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { repo, owner } = context.repo; @@ -77,7 +80,7 @@ jobs: }); if (pulls.data.length < 1) { - await github.rest.pulls.create({ + const result = await github.rest.pulls.create({ title: '[CI] Merge ' + process.env.SELF_UPGRADE_BRANCH + ' into ' + process.env.SOURCE_BRANCH, owner: owner, repo: repo, @@ -87,4 +90,10 @@ jobs: 'This PR is auto-generated to bump the Makefile modules.', ].join('\n'), }); + await github.rest.issues.addLabels({ + owner, + repo, + issue_number: result.data.number, + labels: ['skip-review'] + }); } diff --git a/make/_shared/tools/00_mod.mk b/make/_shared/tools/00_mod.mk index 39d76d50785..8d5ad2c96e1 100644 --- a/make/_shared/tools/00_mod.mk +++ b/make/_shared/tools/00_mod.mk @@ -42,7 +42,13 @@ for_each_kv = $(foreach item,$2,$(eval $(call $1,$(word 1,$(subst =, ,$(item))), # variables: https://stackoverflow.com/questions/54726457 export PATH := $(CURDIR)/$(bin_dir)/tools:$(PATH) -CTR=docker +CTR ?= docker +.PHONY: __require-ctr +ifneq ($(shell command -v $(CTR) >/dev/null || echo notfound),) +__require-ctr: + @:$(error "$(CTR) (or set CTR to a docker-compatible tool)") +endif +NEEDS_CTR = __require-ctr tools := # https://github.com/helm/helm/releases @@ -241,8 +247,13 @@ detected_vendoring := $(findstring vendor-go,$(MAKECMDGOALS))$(shell [ -f $(bin_ export VENDOR_GO ?= $(detected_vendoring) ifeq ($(VENDOR_GO),) +.PHONY: __require-go +ifneq ($(shell command -v go >/dev/null || echo notfound),) +__require-go: + @:$(error "$(GO) (or run 'make vendor-go')") +endif GO := go -NEEDS_GO := # +NEEDS_GO = __require-go else export GOROOT := $(CURDIR)/$(bin_dir)/tools/goroot export PATH := $(CURDIR)/$(bin_dir)/tools/goroot/bin:$(PATH) @@ -604,10 +615,7 @@ $(DOWNLOAD_DIR)/tools/preflight@$(PREFLIGHT_VERSION)_linux_$(HOST_ARCH): | $(DOW missing=$(shell (command -v curl >/dev/null || echo curl) \ && (command -v sha256sum >/dev/null || command -v shasum >/dev/null || echo sha256sum) \ && (command -v git >/dev/null || echo git) \ - && (command -v rsync >/dev/null || echo rsync) \ - && ([ -n "$(findstring vendor-go,$(MAKECMDGOALS),)" ] \ - || command -v $(GO) >/dev/null || echo "$(GO) (or run 'make vendor-go')") \ - && (command -v $(CTR) >/dev/null || echo "$(CTR) (or set CTR to a docker-compatible tool)")) + && (command -v rsync >/dev/null || echo rsync)) ifneq ($(missing),) $(error Missing required tools: $(missing)) endif @@ -616,34 +624,3 @@ endif ## Download and setup all tools ## @category [shared] Tools tools: $(tools_paths) - -self_file := $(dir $(lastword $(MAKEFILE_LIST)))/00_mod.mk - -# see https://stackoverflow.com/a/53408233 -sed_inplace := sed -i'' -ifeq ($(HOST_OS),darwin) - sed_inplace := sed -i '' -endif - -# This target is used to learn the sha256sum of the tools. It is used only -# in the makefile-modules repo, and should not be used in any other repo. -.PHONY: tools-learn-sha -tools-learn-sha: | $(bin_dir) - rm -rf ./$(bin_dir)/ - mkdir -p ./$(bin_dir)/scratch/ - $(eval export LEARN_FILE=$(CURDIR)/$(bin_dir)/scratch/learn_tools_file) - echo -n "" > "$(LEARN_FILE)" - - HOST_OS=linux HOST_ARCH=amd64 $(MAKE) tools - HOST_OS=linux HOST_ARCH=arm64 $(MAKE) tools - HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) tools - HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) tools - - HOST_OS=linux HOST_ARCH=amd64 $(MAKE) vendor-go - HOST_OS=linux HOST_ARCH=arm64 $(MAKE) vendor-go - HOST_OS=darwin HOST_ARCH=amd64 $(MAKE) vendor-go - HOST_OS=darwin HOST_ARCH=arm64 $(MAKE) vendor-go - - while read p; do \ - $(sed_inplace) "$$p" $(self_file); \ - done <"$(LEARN_FILE)" From c54c35f9ac8c096648b2a47fba2d01d870968d92 Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Tue, 16 Jul 2024 01:23:40 +0200 Subject: [PATCH 168/177] fix: Handle case of Azure returning auth error Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns.go b/pkg/issuer/acme/dns/azuredns/azuredns.go index c6148feff0d..7fedb0cbd46 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns.go @@ -210,7 +210,7 @@ func (c *DNSProvider) updateTXTRecord(ctx context.Context, fqdn string, updater resp, err := c.recordClient.Get(ctx, c.resourceGroupName, zone, name, dns.RecordTypeTXT, nil) if err != nil { var respErr *azcore.ResponseError - if errors.As(err, &respErr); respErr.StatusCode == http.StatusNotFound { + if errors.As(err, &respErr); respErr != nil && respErr.StatusCode == http.StatusNotFound { set = &dns.RecordSet{ Properties: &dns.RecordSetProperties{ TTL: to.Ptr(int64(60)), From 7c55820030042055216e15a054d3828b90147ea3 Mon Sep 17 00:00:00 2001 From: Bartosz Slawianowski Date: Tue, 16 Jul 2024 18:26:23 +0200 Subject: [PATCH 169/177] Add test case Signed-off-by: Bartosz Slawianowski --- pkg/issuer/acme/dns/azuredns/azuredns_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/issuer/acme/dns/azuredns/azuredns_test.go b/pkg/issuer/acme/dns/azuredns/azuredns_test.go index 5823bab9836..7dcf94ed7f5 100644 --- a/pkg/issuer/acme/dns/azuredns/azuredns_test.go +++ b/pkg/issuer/acme/dns/azuredns/azuredns_test.go @@ -128,6 +128,17 @@ func TestInvalidAzureDns(t *testing.T) { assert.Error(t, err) } +func TestAuthenticationError(t *testing.T) { + provider, err := NewDNSProviderCredentials("", "invalid-client-id", "invalid-client-secret", "subid", "tenid", "rg", "example.com", util.RecursiveNameservers, false, &v1.AzureManagedIdentity{}) + assert.NoError(t, err) + + err = provider.Present(context.TODO(), "example.com", "_acme-challenge.example.com.", "123d==") + assert.Error(t, err) + + err = provider.CleanUp(context.TODO(), "example.com", "_acme-challenge.example.com.", "123d==") + assert.Error(t, err) +} + func populateFederatedToken(t *testing.T, filename string, content string) { t.Helper() From b47c58b040789db934d06f7af94c290c9a0e13f1 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 19 Jun 2024 14:51:01 +0200 Subject: [PATCH 170/177] set global region when calling sts Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/issuer/acme/dns/route53/route53.go | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index 36e375af471..ea978affa07 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -82,7 +82,6 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { switch { case d.Role != "" && d.WebIdentityToken != "": d.log.V(logf.DebugLevel).Info("using assume role with web identity") - optFns = append(optFns, config.WithRegion(d.Region)) case useAmbientCredentials: d.log.V(logf.DebugLevel).Info("using ambient credentials") // Leaving credentials unset results in a default credential chain being @@ -98,9 +97,14 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err) } + // Explicitly set the region to aws-global so that AssumeRole can be used + // with the global sts endpoint. + stsCfg := cfg.Copy() + stsCfg.Region = "aws-global" + if d.Role != "" && d.WebIdentityToken == "" { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role") - stsSvc := d.StsProvider(cfg) + stsSvc := d.StsProvider(stsCfg) result, err := stsSvc.AssumeRole(ctx, &sts.AssumeRoleInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), @@ -119,7 +123,7 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { if d.Role != "" && d.WebIdentityToken != "" { d.log.V(logf.DebugLevel).WithValues("role", d.Role).Info("assuming role with web identity") - stsSvc := d.StsProvider(cfg) + stsSvc := d.StsProvider(stsCfg) result, err := stsSvc.AssumeRoleWithWebIdentity(ctx, &sts.AssumeRoleWithWebIdentityInput{ RoleArn: aws.String(d.Role), RoleSessionName: aws.String("cert-manager"), From ff2a82a9a7d7305d19413df3f490550d09c36888 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 19 Jun 2024 15:00:37 +0200 Subject: [PATCH 171/177] verify that the "aws-global" is used for sts in test Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/issuer/acme/dns/route53/route53_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pkg/issuer/acme/dns/route53/route53_test.go b/pkg/issuer/acme/dns/route53/route53_test.go index 7f563dbe51f..3134318043d 100644 --- a/pkg/issuer/acme/dns/route53/route53_test.go +++ b/pkg/issuer/acme/dns/route53/route53_test.go @@ -256,7 +256,8 @@ func TestAssumeRole(t *testing.T) { for _, c := range cases { t.Run(c.name, func(t *testing.T) { - provider := makeMockSessionProvider(func(aws.Config) StsClient { + provider := makeMockSessionProvider(func(cfg aws.Config) StsClient { + assert.Equal(t, "aws-global", cfg.Region) // verify that the global sts endpoint is used return c.mockSTS }, c.key, c.secret, c.region, c.role, c.webIdentityToken, c.ambient) cfg, err := provider.GetSession(context.TODO()) From bf03ee55065e7462999bbff9dc26477946f2a7e0 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 19 Jun 2024 17:15:07 +0200 Subject: [PATCH 172/177] improve aws GetSession comments that explain when and why regions have to be set Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/issuer/acme/dns/route53/route53.go | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/pkg/issuer/acme/dns/route53/route53.go b/pkg/issuer/acme/dns/route53/route53.go index ea978affa07..0cdec3fb546 100644 --- a/pkg/issuer/acme/dns/route53/route53.go +++ b/pkg/issuer/acme/dns/route53/route53.go @@ -97,8 +97,10 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { return aws.Config{}, fmt.Errorf("unable to create aws config: %s", err) } - // Explicitly set the region to aws-global so that AssumeRole can be used - // with the global sts endpoint. + // For backwards compatibility with cert-manager <= 1.14, where we used the aws-sdk-go v1 + // library, we configure the SDK here to use the global sts endpoint. This was the default + // behaviour of the SDK v1 library, but has to be explicitly set in the v2 library. For the + // route53 calls, we use the region provided by the user (see below). stsCfg := cfg.Copy() stsCfg.Region = "aws-global" @@ -142,7 +144,8 @@ func (d *sessionProvider) GetSession(ctx context.Context) (aws.Config, error) { // If ambient credentials aren't permitted, always set the region, even if to // empty string, to avoid it falling back on the environment. - // this has to be set after session is constructed + // This has to be set after session is constructed, as a different region (aws-global) + // is used for the STS service. if d.Region != "" || !useAmbientCredentials { cfg.Region = d.Region } From ae55ea1172eff68fd8d176ded5b88b14a2830d15 Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Fri, 19 Jul 2024 09:20:20 +0100 Subject: [PATCH 173/177] Fix incorrect value and indentation of the PodMonitor endpointAdditionalProperties template in the Helm chart Signed-off-by: Richard Wall --- deploy/charts/cert-manager/templates/podmonitor.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/charts/cert-manager/templates/podmonitor.yaml b/deploy/charts/cert-manager/templates/podmonitor.yaml index 1adc0609cc5..175460ebec3 100644 --- a/deploy/charts/cert-manager/templates/podmonitor.yaml +++ b/deploy/charts/cert-manager/templates/podmonitor.yaml @@ -44,7 +44,7 @@ spec: interval: {{ .Values.prometheus.podmonitor.interval }} scrapeTimeout: {{ .Values.prometheus.podmonitor.scrapeTimeout }} honorLabels: {{ .Values.prometheus.podmonitor.honorLabels }} - {{- with .Values.prometheus.servicemonitor.endpointAdditionalProperties }} - {{- toYaml . | nindent 4 }} + {{- with .Values.prometheus.podmonitor.endpointAdditionalProperties }} + {{- toYaml . | nindent 6 }} {{- end }} {{- end }} From 243cd7899c41c1e9fab6d48417b8c41586d9f92a Mon Sep 17 00:00:00 2001 From: Adam Talbot Date: Tue, 23 Jul 2024 17:25:22 +0100 Subject: [PATCH 174/177] fix: e2e feature flags disabled test failing There is logic in a BeforeEach block to skip GatewayAPI tests if the feature is disabled. However there was a bug so this only skipped the first test of each process. This does not impact 1.14 because GatewayAPI was disabled by default and does not impact master because the tests have been refactored Signed-off-by: Adam Talbot --- test/e2e/suite/conformance/certificates/tests.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/test/e2e/suite/conformance/certificates/tests.go b/test/e2e/suite/conformance/certificates/tests.go index fa60af3215f..f104a4b0e10 100644 --- a/test/e2e/suite/conformance/certificates/tests.go +++ b/test/e2e/suite/conformance/certificates/tests.go @@ -73,6 +73,11 @@ func (s *Suite) Define() { Skip("Not running public ACME tests against local cluster.") return } + + if s.HTTP01TestType == "Gateway" { + framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.ExperimentalGatewayAPISupport) + } + if s.completed { return } @@ -83,7 +88,6 @@ func (s *Suite) Define() { sharedIPAddress = f.Config.Addons.ACMEServer.IngressIP case "Gateway": sharedIPAddress = f.Config.Addons.ACMEServer.GatewayIP - framework.RequireFeatureGate(f, utilfeature.DefaultFeatureGate, feature.ExperimentalGatewayAPISupport) } }) From a94ad68d4e607443754c2dde5c2a1c6c05772b9a Mon Sep 17 00:00:00 2001 From: Richard Wall Date: Wed, 24 Jul 2024 12:05:51 +0100 Subject: [PATCH 175/177] Update the Google CloudBuild job image Signed-off-by: Richard Wall --- gcb/build_cert_manager.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gcb/build_cert_manager.yaml b/gcb/build_cert_manager.yaml index c866f062f39..72fea374267 100644 --- a/gcb/build_cert_manager.yaml +++ b/gcb/build_cert_manager.yaml @@ -15,7 +15,7 @@ steps: args: ['fetch', '--unshallow'] ## Build release artifacts and push to a bucket -- name: 'eu.gcr.io/jetstack-build-infra-images/make-dind:20230406-0ef4440-bullseye' +- name: 'europe-west1-docker.pkg.dev/cert-manager-tests-trusted/cert-manager-infra-images/make-dind:20240422-6b43e85-bookworm' entrypoint: bash args: - -c From 0749feea145c2ceedd35213bfd701f8c2b8c7e08 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:05:27 +0200 Subject: [PATCH 176/177] add caRequiresRegeneration unit test and fix incorrect renewal time calculation Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/server/tls/authority/authority.go | 2 +- pkg/server/tls/authority/authority_test.go | 148 +++++++++++++++++++++ 2 files changed, 149 insertions(+), 1 deletion(-) diff --git a/pkg/server/tls/authority/authority.go b/pkg/server/tls/authority/authority.go index 5b9b32550e4..c846c98ae5e 100644 --- a/pkg/server/tls/authority/authority.go +++ b/pkg/server/tls/authority/authority.go @@ -316,7 +316,7 @@ func (d *DynamicAuthority) caRequiresRegeneration(s *corev1.Secret) bool { return true } // renew the root CA when the current one is 2/3 of the way through its life - if time.Until(x509Cert.NotAfter) < (x509Cert.NotBefore.Sub(x509Cert.NotAfter) / 3) { + if time.Until(x509Cert.NotAfter) < (x509Cert.NotAfter.Sub(x509Cert.NotBefore) / 3) { d.log.V(logf.InfoLevel).Info("Root CA certificate is nearing expiry. Regenerating...") return true } diff --git a/pkg/server/tls/authority/authority_test.go b/pkg/server/tls/authority/authority_test.go index 17e4321c942..d265b0135b5 100644 --- a/pkg/server/tls/authority/authority_test.go +++ b/pkg/server/tls/authority/authority_test.go @@ -16,4 +16,152 @@ limitations under the License. package authority +import ( + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "testing" + "time" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + + cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" + "github.com/cert-manager/cert-manager/pkg/util/pki" +) + // Integration tests for the authority can be found in `test/integration/webhook/dynamic_authority_test.go`. + +func Test__caRequiresRegeneration(t *testing.T) { + generateSecretData := func(mod func(*x509.Certificate)) map[string][]byte { + // Generate a certificate and private key pair + pk, err := pki.GenerateECPrivateKey(384) + assert.NoError(t, err) + pkBytes, err := pki.EncodePrivateKey(pk, cmapi.PKCS8) + assert.NoError(t, err) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + assert.NoError(t, err) + cert := &x509.Certificate{ + Version: 3, + BasicConstraintsValid: true, + SerialNumber: serialNumber, + PublicKeyAlgorithm: x509.ECDSA, + Subject: pkix.Name{ + CommonName: "cert-manager-webhook-ca", + }, + IsCA: true, + NotBefore: time.Now(), + NotAfter: time.Now().Add(5 * time.Minute), + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment | x509.KeyUsageCertSign, + } + if mod != nil { + mod(cert) + } + _, cert, err = pki.SignCertificate(cert, cert, pk.Public(), pk) + assert.NoError(t, err) + certBytes, err := pki.EncodeX509(cert) + assert.NoError(t, err) + + return map[string][]byte{ + "tls.crt": certBytes, + "ca.crt": certBytes, + "tls.key": pkBytes, + } + } + + tests := []struct { + name string + secret *corev1.Secret + expect bool + }{ + { + name: "Missing data in CA secret (nil data)", + secret: &corev1.Secret{ + Data: nil, + }, + expect: true, + }, + { + name: "Missing data in CA secret (missing ca.crt)", + secret: &corev1.Secret{ + Data: map[string][]byte{ + "tls.key": []byte("private key"), + }, + }, + expect: true, + }, + { + name: "Different data in ca.crt and tls.crt", + secret: &corev1.Secret{ + Data: map[string][]byte{ + "tls.crt": []byte("data1"), + "ca.crt": []byte("data2"), + "tls.key": []byte("secret"), + }, + }, + expect: true, + }, + { + name: "Failed to parse data in CA secret", + secret: &corev1.Secret{ + Data: map[string][]byte{ + "tls.crt": []byte("cert"), + "ca.crt": []byte("cert"), + "tls.key": []byte("secret"), + }, + }, + expect: true, + }, + { + name: "Stored certificate is not marked as a CA", + secret: &corev1.Secret{ + Data: generateSecretData( + func(cert *x509.Certificate) { + cert.IsCA = false + }, + ), + }, + expect: true, + }, + { + name: "Root CA certificate is JUST nearing expiry", + secret: &corev1.Secret{ + Data: generateSecretData( + func(cert *x509.Certificate) { + cert.NotBefore = time.Now().Add(-2*time.Hour - 1*time.Minute) + cert.NotAfter = cert.NotBefore.Add(3 * time.Hour) + }, + ), + }, + expect: true, + }, + { + name: "Root CA certificate is ALMOST nearing expiry", + secret: &corev1.Secret{ + Data: generateSecretData( + func(cert *x509.Certificate) { + cert.NotBefore = time.Now().Add(-2*time.Hour + 1*time.Minute) + cert.NotAfter = cert.NotBefore.Add(3 * time.Hour) + }, + ), + }, + expect: false, + }, + { + name: "Ok", + secret: &corev1.Secret{ + Data: generateSecretData(nil), + }, + expect: false, + }, + } + + for _, test := range tests { + t.Run(test.name, func(t *testing.T) { + required := (&DynamicAuthority{}).caRequiresRegeneration(test.secret) + if required != test.expect { + t.Errorf("Expected %v, but got %v", test.expect, required) + } + }) + } +} From 87f4e1a964f6de405b92e19e638a92319f966642 Mon Sep 17 00:00:00 2001 From: Tim Ramlot <42113979+inteon@users.noreply.github.com> Date: Wed, 14 Aug 2024 10:23:41 +0200 Subject: [PATCH 177/177] add test case for expired certificate Signed-off-by: Tim Ramlot <42113979+inteon@users.noreply.github.com> --- pkg/server/tls/authority/authority_test.go | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/pkg/server/tls/authority/authority_test.go b/pkg/server/tls/authority/authority_test.go index d265b0135b5..782385755ac 100644 --- a/pkg/server/tls/authority/authority_test.go +++ b/pkg/server/tls/authority/authority_test.go @@ -147,6 +147,18 @@ func Test__caRequiresRegeneration(t *testing.T) { }, expect: false, }, + { + name: "Root CA certificate is expired", + secret: &corev1.Secret{ + Data: generateSecretData( + func(cert *x509.Certificate) { + cert.NotBefore = time.Now().Add(-1 * time.Hour) + cert.NotAfter = time.Now().Add(-1 * time.Minute) + }, + ), + }, + expect: true, + }, { name: "Ok", secret: &corev1.Secret{