From 7187476333873f791fd54e8fbe293a1b0ca56d07 Mon Sep 17 00:00:00 2001 From: Vasi Vasireddy Date: Tue, 17 Dec 2024 12:23:55 -0800 Subject: [PATCH 1/5] bump version to v0.42.0 --- VERSION | 2 +- docs/releases/v0.42.0.md | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 docs/releases/v0.42.0.md diff --git a/VERSION b/VERSION index d0cca40aac..01efe7f3aa 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -v0.41.1 +v0.42.0 diff --git a/docs/releases/v0.42.0.md b/docs/releases/v0.42.0.md new file mode 100644 index 0000000000..00b7a7e2f8 --- /dev/null +++ b/docs/releases/v0.42.0.md @@ -0,0 +1,26 @@ +# Changelog + +## [v0.42.0](https://github.com/aws-observability/aws-otel-collector/tree/v0.42.0) (2024-12-17) + +[Full Changelog](https://github.com/aws-observability/aws-otel-collector/compare/v0.41.1...v0.42.0) + +**Closed issues:** + +- AWS Distro for OpenTelemetry EKS add-on for kubernetes 1.31? [\#2873](https://github.com/aws-observability/aws-otel-collector/issues/2873) + +**Merged pull requests:** + +- \[chore\] Bump OTel Collector and collector contrib v0.115.0, Removed logging exporter and ballast extension [\#2915](https://github.com/aws-observability/aws-otel-collector/pull/2915) ([vasireddy99](https://github.com/vasireddy99)) +- \[chore\]: fix incorrect AWS credentials extracfg field name [\#2909](https://github.com/aws-observability/aws-otel-collector/pull/2909) ([vasireddy99](https://github.com/vasireddy99)) +- fix: incorrect AWS credentials extracfg field name [\#2901](https://github.com/aws-observability/aws-otel-collector/pull/2901) ([danmrichards](https://github.com/danmrichards)) +- chore: Update GitHub Actions workflow to use Ubuntu 22.04 runner [\#2900](https://github.com/aws-observability/aws-otel-collector/pull/2900) ([vasireddy99](https://github.com/vasireddy99)) +- pin markdown lint in workflows to 3.12.2 [\#2896](https://github.com/aws-observability/aws-otel-collector/pull/2896) ([vasireddy99](https://github.com/vasireddy99)) +- Bump Upload/download artifacts to v4 [\#2895](https://github.com/aws-observability/aws-otel-collector/pull/2895) ([vasireddy99](https://github.com/vasireddy99)) +- Merge v0.41.1 changes [\#2879](https://github.com/aws-observability/aws-otel-collector/pull/2879) ([roystchiang](https://github.com/roystchiang)) +- Mirror kube-rbac image v0.18.1 [\#2871](https://github.com/aws-observability/aws-otel-collector/pull/2871) ([vasireddy99](https://github.com/vasireddy99)) +- make link to logging exporter permalink to last used release tag [\#2862](https://github.com/aws-observability/aws-otel-collector/pull/2862) ([Aneurysm9](https://github.com/Aneurysm9)) +- Prepare release v0.41.0 \(\#2860\) [\#2861](https://github.com/aws-observability/aws-otel-collector/pull/2861) ([Aneurysm9](https://github.com/Aneurysm9)) + + + +\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* From d30a4b327c1fe5b539763975b337814005df46f1 Mon Sep 17 00:00:00 2001 From: Vasi Vasireddy Date: Tue, 17 Dec 2024 13:05:35 -0800 Subject: [PATCH 2/5] Update version and release file --- docs/releases/v0.42.0.md | 17 ++++------------- tools/packaging/windows/aws-otel-collector.wxs | 2 +- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/docs/releases/v0.42.0.md b/docs/releases/v0.42.0.md index 00b7a7e2f8..5cc79e17a0 100644 --- a/docs/releases/v0.42.0.md +++ b/docs/releases/v0.42.0.md @@ -4,23 +4,14 @@ [Full Changelog](https://github.com/aws-observability/aws-otel-collector/compare/v0.41.1...v0.42.0) -**Closed issues:** - -- AWS Distro for OpenTelemetry EKS add-on for kubernetes 1.31? [\#2873](https://github.com/aws-observability/aws-otel-collector/issues/2873) - **Merged pull requests:** - \[chore\] Bump OTel Collector and collector contrib v0.115.0, Removed logging exporter and ballast extension [\#2915](https://github.com/aws-observability/aws-otel-collector/pull/2915) ([vasireddy99](https://github.com/vasireddy99)) -- \[chore\]: fix incorrect AWS credentials extracfg field name [\#2909](https://github.com/aws-observability/aws-otel-collector/pull/2909) ([vasireddy99](https://github.com/vasireddy99)) -- fix: incorrect AWS credentials extracfg field name [\#2901](https://github.com/aws-observability/aws-otel-collector/pull/2901) ([danmrichards](https://github.com/danmrichards)) -- chore: Update GitHub Actions workflow to use Ubuntu 22.04 runner [\#2900](https://github.com/aws-observability/aws-otel-collector/pull/2900) ([vasireddy99](https://github.com/vasireddy99)) -- pin markdown lint in workflows to 3.12.2 [\#2896](https://github.com/aws-observability/aws-otel-collector/pull/2896) ([vasireddy99](https://github.com/vasireddy99)) -- Bump Upload/download artifacts to v4 [\#2895](https://github.com/aws-observability/aws-otel-collector/pull/2895) ([vasireddy99](https://github.com/vasireddy99)) -- Merge v0.41.1 changes [\#2879](https://github.com/aws-observability/aws-otel-collector/pull/2879) ([roystchiang](https://github.com/roystchiang)) -- Mirror kube-rbac image v0.18.1 [\#2871](https://github.com/aws-observability/aws-otel-collector/pull/2871) ([vasireddy99](https://github.com/vasireddy99)) -- make link to logging exporter permalink to last used release tag [\#2862](https://github.com/aws-observability/aws-otel-collector/pull/2862) ([Aneurysm9](https://github.com/Aneurysm9)) -- Prepare release v0.41.0 \(\#2860\) [\#2861](https://github.com/aws-observability/aws-otel-collector/pull/2861) ([Aneurysm9](https://github.com/Aneurysm9)) +**Breaking Changes:** + +- The `memory_ballast` extension was removed upstream and ADOT Collector in favor of the `GOMEMLIMIT` environment variable, See the [Go documentation](https://pkg.go.dev/runtime#hdr-Environment_Variables) for more information about `GOMEMLIMIT`'s usage. +- The `logging` exporter has been removed upstream in favor of the `debug` exporter. This release removes the logging exporter. See [#11337](https://github.com/open-telemetry/opentelemetry-collector/issues/11337) to migrate to the debug exporter. \* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)* diff --git a/tools/packaging/windows/aws-otel-collector.wxs b/tools/packaging/windows/aws-otel-collector.wxs index 47ed0ce495..6b848b8c0b 100644 --- a/tools/packaging/windows/aws-otel-collector.wxs +++ b/tools/packaging/windows/aws-otel-collector.wxs @@ -3,7 +3,7 @@ From 97625a117d914b0e0ea42e46fb472c03009cb1e6 Mon Sep 17 00:00:00 2001 From: Vasi Vasireddy Date: Tue, 17 Dec 2024 21:08:17 -0800 Subject: [PATCH 3/5] Bump go 1.22.10 --- .github/workflows/CI.yml | 2 +- .github/workflows/PR-build.yml | 2 +- .github/workflows/aws-resources-clean.yml | 2 +- .github/workflows/canary.yml | 2 +- .github/workflows/perf.yml | 2 +- .github/workflows/prod-image-mirror.yml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 2f804d7102..6d3692cc17 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -50,7 +50,7 @@ env: DDB_TABLE_NAME: BatchTestCache MAX_JOBS: 110 BATCH_INCLUDED_SERVICES: EKS,ECS,EC2,EKS_ARM64,EKS_FARGATE - GO_VERSION: ~1.22.7 + GO_VERSION: ~1.22.10 concurrency: diff --git a/.github/workflows/PR-build.yml b/.github/workflows/PR-build.yml index 0f2379152a..a80da484c7 100644 --- a/.github/workflows/PR-build.yml +++ b/.github/workflows/PR-build.yml @@ -25,7 +25,7 @@ env: IMAGE_NAME: aws-otel-collector PACKAGING_ROOT: build/packages TESTING_FRAMEWORK_REPO: aws-observability/aws-otel-test-framework - GO_VERSION: ~1.22.7 + GO_VERSION: ~1.22.10 concurrency: group: pr-build-${{ github.event.pull_request.number }} diff --git a/.github/workflows/aws-resources-clean.yml b/.github/workflows/aws-resources-clean.yml index f3c617ffb3..6808d56e80 100644 --- a/.github/workflows/aws-resources-clean.yml +++ b/.github/workflows/aws-resources-clean.yml @@ -24,7 +24,7 @@ on: default: "3" env: DAYS_TO_KEEP: 3 - GO_VERSION: ~1.22.7 + GO_VERSION: ~1.22.10 permissions: id-token: write diff --git a/.github/workflows/canary.yml b/.github/workflows/canary.yml index 7ea423f4c7..d4910c940b 100644 --- a/.github/workflows/canary.yml +++ b/.github/workflows/canary.yml @@ -57,7 +57,7 @@ jobs: - name: Set up Go 1.x uses: actions/setup-go@v5 with: - go-version: '~1.22.7' + go-version: '~1.22.10' cache-dependency-path: testing-framework/cmd/aotutil/go.sum - name: Build aotutil run: cd testing-framework/cmd/aotutil && make build diff --git a/.github/workflows/perf.yml b/.github/workflows/perf.yml index 86540e37c8..cf419c3cb1 100644 --- a/.github/workflows/perf.yml +++ b/.github/workflows/perf.yml @@ -27,7 +27,7 @@ env: COMMIT_USER: Github Actions COMMIT_EMAIL: actions@github.com TESTING_FRAMEWORK_REPO: aws-observability/aws-otel-test-framework - GO_VERSION: ~1.22.7 + GO_VERSION: ~1.22.10 permissions: id-token: write diff --git a/.github/workflows/prod-image-mirror.yml b/.github/workflows/prod-image-mirror.yml index a845691069..aaeac6377d 100644 --- a/.github/workflows/prod-image-mirror.yml +++ b/.github/workflows/prod-image-mirror.yml @@ -29,7 +29,7 @@ jobs: - name: Set up Go 1.x uses: actions/setup-go@v5 with: - go-version: ~1.22.7 + go-version: ~1.22.10 - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v4 From 8c4fcb03799c15d8c5ce00068d1ea82274b57bb6 Mon Sep 17 00:00:00 2001 From: Vasi Vasireddy Date: Wed, 18 Dec 2024 14:13:23 -0800 Subject: [PATCH 4/5] Bump golang.org/x/net v0.33.0 --- go.mod | 5 +- go.sum | 4 +- testbed/go.mod | 2 +- testbed/go.sum | 4 +- vendor/golang.org/x/net/html/doctype.go | 2 +- vendor/golang.org/x/net/html/foreign.go | 3 +- vendor/golang.org/x/net/html/parse.go | 8 +- vendor/golang.org/x/net/http2/frame.go | 4 +- vendor/golang.org/x/net/http2/http2.go | 42 ++++--- vendor/golang.org/x/net/http2/server.go | 35 ++++-- vendor/golang.org/x/net/http2/transport.go | 137 ++++++++++++++++----- vendor/modules.txt | 2 +- 12 files changed, 178 insertions(+), 70 deletions(-) diff --git a/go.mod b/go.mod index 79ba336b58..b9c7fa1fb8 100644 --- a/go.mod +++ b/go.mod @@ -503,7 +503,7 @@ require ( golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.31.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/term v0.27.0 // indirect @@ -547,3 +547,6 @@ exclude github.com/openshift/api v3.9.0+incompatible // https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ?pli=1 exclude golang.org/x/crypto v0.29.0 + +// https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ +exclude golang.org/x/net v0.31.0 diff --git a/go.sum b/go.sum index b55f8ec16f..4d7b95b7fc 100644 --- a/go.sum +++ b/go.sum @@ -1631,8 +1631,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/testbed/go.mod b/testbed/go.mod index 850242f590..20d0d09be4 100644 --- a/testbed/go.mod +++ b/testbed/go.mod @@ -515,7 +515,7 @@ require ( golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.31.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.23.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect diff --git a/testbed/go.sum b/testbed/go.sum index 4beac6d740..f20de1cc48 100644 --- a/testbed/go.sum +++ b/testbed/go.sum @@ -1681,8 +1681,8 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/vendor/golang.org/x/net/html/doctype.go b/vendor/golang.org/x/net/html/doctype.go index c484e5a94f..bca3ae9a0c 100644 --- a/vendor/golang.org/x/net/html/doctype.go +++ b/vendor/golang.org/x/net/html/doctype.go @@ -87,7 +87,7 @@ func parseDoctype(s string) (n *Node, quirks bool) { } } if lastAttr := n.Attr[len(n.Attr)-1]; lastAttr.Key == "system" && - strings.ToLower(lastAttr.Val) == "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd" { + strings.EqualFold(lastAttr.Val, "http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd") { quirks = true } } diff --git a/vendor/golang.org/x/net/html/foreign.go b/vendor/golang.org/x/net/html/foreign.go index 9da9e9dc42..e8515d8e88 100644 --- a/vendor/golang.org/x/net/html/foreign.go +++ b/vendor/golang.org/x/net/html/foreign.go @@ -40,8 +40,7 @@ func htmlIntegrationPoint(n *Node) bool { if n.Data == "annotation-xml" { for _, a := range n.Attr { if a.Key == "encoding" { - val := strings.ToLower(a.Val) - if val == "text/html" || val == "application/xhtml+xml" { + if strings.EqualFold(a.Val, "text/html") || strings.EqualFold(a.Val, "application/xhtml+xml") { return true } } diff --git a/vendor/golang.org/x/net/html/parse.go b/vendor/golang.org/x/net/html/parse.go index 46a89eda6c..643c674e37 100644 --- a/vendor/golang.org/x/net/html/parse.go +++ b/vendor/golang.org/x/net/html/parse.go @@ -840,6 +840,10 @@ func afterHeadIM(p *parser) bool { p.parseImpliedToken(StartTagToken, a.Body, a.Body.String()) p.framesetOK = true + if p.tok.Type == ErrorToken { + // Stop parsing. + return true + } return false } @@ -1031,7 +1035,7 @@ func inBodyIM(p *parser) bool { if p.tok.DataAtom == a.Input { for _, t := range p.tok.Attr { if t.Key == "type" { - if strings.ToLower(t.Val) == "hidden" { + if strings.EqualFold(t.Val, "hidden") { // Skip setting framesetOK = false return true } @@ -1459,7 +1463,7 @@ func inTableIM(p *parser) bool { return inHeadIM(p) case a.Input: for _, t := range p.tok.Attr { - if t.Key == "type" && strings.ToLower(t.Val) == "hidden" { + if t.Key == "type" && strings.EqualFold(t.Val, "hidden") { p.addElement() p.oe.pop() return true diff --git a/vendor/golang.org/x/net/http2/frame.go b/vendor/golang.org/x/net/http2/frame.go index 105c3b279c..81faec7e75 100644 --- a/vendor/golang.org/x/net/http2/frame.go +++ b/vendor/golang.org/x/net/http2/frame.go @@ -1490,7 +1490,7 @@ func (mh *MetaHeadersFrame) checkPseudos() error { pf := mh.PseudoFields() for i, hf := range pf { switch hf.Name { - case ":method", ":path", ":scheme", ":authority": + case ":method", ":path", ":scheme", ":authority", ":protocol": isRequest = true case ":status": isResponse = true @@ -1498,7 +1498,7 @@ func (mh *MetaHeadersFrame) checkPseudos() error { return pseudoHeaderError(hf.Name) } // Check for duplicates. - // This would be a bad algorithm, but N is 4. + // This would be a bad algorithm, but N is 5. // And this doesn't allocate. for _, hf2 := range pf[:i] { if hf.Name == hf2.Name { diff --git a/vendor/golang.org/x/net/http2/http2.go b/vendor/golang.org/x/net/http2/http2.go index 7688c356b7..c7601c909f 100644 --- a/vendor/golang.org/x/net/http2/http2.go +++ b/vendor/golang.org/x/net/http2/http2.go @@ -34,10 +34,11 @@ import ( ) var ( - VerboseLogs bool - logFrameWrites bool - logFrameReads bool - inTests bool + VerboseLogs bool + logFrameWrites bool + logFrameReads bool + inTests bool + disableExtendedConnectProtocol bool ) func init() { @@ -50,6 +51,9 @@ func init() { logFrameWrites = true logFrameReads = true } + if strings.Contains(e, "http2xconnect=0") { + disableExtendedConnectProtocol = true + } } const ( @@ -141,6 +145,10 @@ func (s Setting) Valid() error { if s.Val < 16384 || s.Val > 1<<24-1 { return ConnectionError(ErrCodeProtocol) } + case SettingEnableConnectProtocol: + if s.Val != 1 && s.Val != 0 { + return ConnectionError(ErrCodeProtocol) + } } return nil } @@ -150,21 +158,23 @@ func (s Setting) Valid() error { type SettingID uint16 const ( - SettingHeaderTableSize SettingID = 0x1 - SettingEnablePush SettingID = 0x2 - SettingMaxConcurrentStreams SettingID = 0x3 - SettingInitialWindowSize SettingID = 0x4 - SettingMaxFrameSize SettingID = 0x5 - SettingMaxHeaderListSize SettingID = 0x6 + SettingHeaderTableSize SettingID = 0x1 + SettingEnablePush SettingID = 0x2 + SettingMaxConcurrentStreams SettingID = 0x3 + SettingInitialWindowSize SettingID = 0x4 + SettingMaxFrameSize SettingID = 0x5 + SettingMaxHeaderListSize SettingID = 0x6 + SettingEnableConnectProtocol SettingID = 0x8 ) var settingName = map[SettingID]string{ - SettingHeaderTableSize: "HEADER_TABLE_SIZE", - SettingEnablePush: "ENABLE_PUSH", - SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS", - SettingInitialWindowSize: "INITIAL_WINDOW_SIZE", - SettingMaxFrameSize: "MAX_FRAME_SIZE", - SettingMaxHeaderListSize: "MAX_HEADER_LIST_SIZE", + SettingHeaderTableSize: "HEADER_TABLE_SIZE", + SettingEnablePush: "ENABLE_PUSH", + SettingMaxConcurrentStreams: "MAX_CONCURRENT_STREAMS", + SettingInitialWindowSize: "INITIAL_WINDOW_SIZE", + SettingMaxFrameSize: "MAX_FRAME_SIZE", + SettingMaxHeaderListSize: "MAX_HEADER_LIST_SIZE", + SettingEnableConnectProtocol: "ENABLE_CONNECT_PROTOCOL", } func (s SettingID) String() string { diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go index 832414b450..b55547aec6 100644 --- a/vendor/golang.org/x/net/http2/server.go +++ b/vendor/golang.org/x/net/http2/server.go @@ -932,14 +932,18 @@ func (sc *serverConn) serve(conf http2Config) { sc.vlogf("http2: server connection from %v on %p", sc.conn.RemoteAddr(), sc.hs) } + settings := writeSettings{ + {SettingMaxFrameSize, conf.MaxReadFrameSize}, + {SettingMaxConcurrentStreams, sc.advMaxStreams}, + {SettingMaxHeaderListSize, sc.maxHeaderListSize()}, + {SettingHeaderTableSize, conf.MaxDecoderHeaderTableSize}, + {SettingInitialWindowSize, uint32(sc.initialStreamRecvWindowSize)}, + } + if !disableExtendedConnectProtocol { + settings = append(settings, Setting{SettingEnableConnectProtocol, 1}) + } sc.writeFrame(FrameWriteRequest{ - write: writeSettings{ - {SettingMaxFrameSize, conf.MaxReadFrameSize}, - {SettingMaxConcurrentStreams, sc.advMaxStreams}, - {SettingMaxHeaderListSize, sc.maxHeaderListSize()}, - {SettingHeaderTableSize, conf.MaxDecoderHeaderTableSize}, - {SettingInitialWindowSize, uint32(sc.initialStreamRecvWindowSize)}, - }, + write: settings, }) sc.unackedSettings++ @@ -1801,6 +1805,9 @@ func (sc *serverConn) processSetting(s Setting) error { sc.maxFrameSize = int32(s.Val) // the maximum valid s.Val is < 2^31 case SettingMaxHeaderListSize: sc.peerMaxHeaderListSize = s.Val + case SettingEnableConnectProtocol: + // Receipt of this parameter by a server does not + // have any impact default: // Unknown setting: "An endpoint that receives a SETTINGS // frame with any unknown or unsupported identifier MUST @@ -2231,11 +2238,17 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res scheme: f.PseudoValue("scheme"), authority: f.PseudoValue("authority"), path: f.PseudoValue("path"), + protocol: f.PseudoValue("protocol"), + } + + // extended connect is disabled, so we should not see :protocol + if disableExtendedConnectProtocol && rp.protocol != "" { + return nil, nil, sc.countError("bad_connect", streamError(f.StreamID, ErrCodeProtocol)) } isConnect := rp.method == "CONNECT" if isConnect { - if rp.path != "" || rp.scheme != "" || rp.authority == "" { + if rp.protocol == "" && (rp.path != "" || rp.scheme != "" || rp.authority == "") { return nil, nil, sc.countError("bad_connect", streamError(f.StreamID, ErrCodeProtocol)) } } else if rp.method == "" || rp.path == "" || (rp.scheme != "https" && rp.scheme != "http") { @@ -2259,6 +2272,9 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res if rp.authority == "" { rp.authority = rp.header.Get("Host") } + if rp.protocol != "" { + rp.header.Set(":protocol", rp.protocol) + } rw, req, err := sc.newWriterAndRequestNoBody(st, rp) if err != nil { @@ -2285,6 +2301,7 @@ func (sc *serverConn) newWriterAndRequest(st *stream, f *MetaHeadersFrame) (*res type requestParam struct { method string scheme, authority, path string + protocol string header http.Header } @@ -2326,7 +2343,7 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r var url_ *url.URL var requestURI string - if rp.method == "CONNECT" { + if rp.method == "CONNECT" && rp.protocol == "" { url_ = &url.URL{Host: rp.authority} requestURI = rp.authority // mimic HTTP/1 server behavior } else { diff --git a/vendor/golang.org/x/net/http2/transport.go b/vendor/golang.org/x/net/http2/transport.go index f5968f4407..090d0e1bdb 100644 --- a/vendor/golang.org/x/net/http2/transport.go +++ b/vendor/golang.org/x/net/http2/transport.go @@ -368,25 +368,26 @@ type ClientConn struct { idleTimeout time.Duration // or 0 for never idleTimer timer - mu sync.Mutex // guards following - cond *sync.Cond // hold mu; broadcast on flow/closed changes - flow outflow // our conn-level flow control quota (cs.outflow is per stream) - inflow inflow // peer's conn-level flow control - doNotReuse bool // whether conn is marked to not be reused for any future requests - closing bool - closed bool - seenSettings bool // true if we've seen a settings frame, false otherwise - wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back - goAway *GoAwayFrame // if non-nil, the GoAwayFrame we received - goAwayDebug string // goAway frame's debug data, retained as a string - streams map[uint32]*clientStream // client-initiated - streamsReserved int // incr by ReserveNewRequest; decr on RoundTrip - nextStreamID uint32 - pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams - pings map[[8]byte]chan struct{} // in flight ping data to notification channel - br *bufio.Reader - lastActive time.Time - lastIdle time.Time // time last idle + mu sync.Mutex // guards following + cond *sync.Cond // hold mu; broadcast on flow/closed changes + flow outflow // our conn-level flow control quota (cs.outflow is per stream) + inflow inflow // peer's conn-level flow control + doNotReuse bool // whether conn is marked to not be reused for any future requests + closing bool + closed bool + seenSettings bool // true if we've seen a settings frame, false otherwise + seenSettingsChan chan struct{} // closed when seenSettings is true or frame reading fails + wantSettingsAck bool // we sent a SETTINGS frame and haven't heard back + goAway *GoAwayFrame // if non-nil, the GoAwayFrame we received + goAwayDebug string // goAway frame's debug data, retained as a string + streams map[uint32]*clientStream // client-initiated + streamsReserved int // incr by ReserveNewRequest; decr on RoundTrip + nextStreamID uint32 + pendingRequests int // requests blocked and waiting to be sent because len(streams) == maxConcurrentStreams + pings map[[8]byte]chan struct{} // in flight ping data to notification channel + br *bufio.Reader + lastActive time.Time + lastIdle time.Time // time last idle // Settings from peer: (also guarded by wmu) maxFrameSize uint32 maxConcurrentStreams uint32 @@ -396,6 +397,17 @@ type ClientConn struct { initialStreamRecvWindowSize int32 readIdleTimeout time.Duration pingTimeout time.Duration + extendedConnectAllowed bool + + // rstStreamPingsBlocked works around an unfortunate gRPC behavior. + // gRPC strictly limits the number of PING frames that it will receive. + // The default is two pings per two hours, but the limit resets every time + // the gRPC endpoint sends a HEADERS or DATA frame. See golang/go#70575. + // + // rstStreamPingsBlocked is set after receiving a response to a PING frame + // bundled with an RST_STREAM (see pendingResets below), and cleared after + // receiving a HEADERS or DATA frame. + rstStreamPingsBlocked bool // pendingResets is the number of RST_STREAM frames we have sent to the peer, // without confirming that the peer has received them. When we send a RST_STREAM, @@ -819,6 +831,7 @@ func (t *Transport) newClientConn(c net.Conn, singleUse bool) (*ClientConn, erro peerMaxHeaderListSize: 0xffffffffffffffff, // "infinite", per spec. Use 2^64-1 instead. streams: make(map[uint32]*clientStream), singleUse: singleUse, + seenSettingsChan: make(chan struct{}), wantSettingsAck: true, readIdleTimeout: conf.SendPingTimeout, pingTimeout: conf.PingTimeout, @@ -1466,6 +1479,8 @@ func (cs *clientStream) doRequest(req *http.Request, streamf func(*clientStream) cs.cleanupWriteRequest(err) } +var errExtendedConnectNotSupported = errors.New("net/http: extended connect not supported by peer") + // writeRequest sends a request. // // It returns nil after the request is written, the response read, @@ -1481,12 +1496,31 @@ func (cs *clientStream) writeRequest(req *http.Request, streamf func(*clientStre return err } + // wait for setting frames to be received, a server can change this value later, + // but we just wait for the first settings frame + var isExtendedConnect bool + if req.Method == "CONNECT" && req.Header.Get(":protocol") != "" { + isExtendedConnect = true + } + // Acquire the new-request lock by writing to reqHeaderMu. // This lock guards the critical section covering allocating a new stream ID // (requires mu) and creating the stream (requires wmu). if cc.reqHeaderMu == nil { panic("RoundTrip on uninitialized ClientConn") // for tests } + if isExtendedConnect { + select { + case <-cs.reqCancel: + return errRequestCanceled + case <-ctx.Done(): + return ctx.Err() + case <-cc.seenSettingsChan: + if !cc.extendedConnectAllowed { + return errExtendedConnectNotSupported + } + } + } select { case cc.reqHeaderMu <- struct{}{}: case <-cs.reqCancel: @@ -1714,10 +1748,14 @@ func (cs *clientStream) cleanupWriteRequest(err error) { ping := false if !closeOnIdle { cc.mu.Lock() - if cc.pendingResets == 0 { - ping = true + // rstStreamPingsBlocked works around a gRPC behavior: + // see comment on the field for details. + if !cc.rstStreamPingsBlocked { + if cc.pendingResets == 0 { + ping = true + } + cc.pendingResets++ } - cc.pendingResets++ cc.mu.Unlock() } cc.writeStreamReset(cs.ID, ErrCodeCancel, ping, err) @@ -2030,7 +2068,7 @@ func (cs *clientStream) awaitFlowControl(maxBytes int) (taken int32, err error) func validateHeaders(hdrs http.Header) string { for k, vv := range hdrs { - if !httpguts.ValidHeaderFieldName(k) { + if !httpguts.ValidHeaderFieldName(k) && k != ":protocol" { return fmt.Sprintf("name %q", k) } for _, v := range vv { @@ -2046,6 +2084,10 @@ func validateHeaders(hdrs http.Header) string { var errNilRequestURL = errors.New("http2: Request.URI is nil") +func isNormalConnect(req *http.Request) bool { + return req.Method == "CONNECT" && req.Header.Get(":protocol") == "" +} + // requires cc.wmu be held. func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trailers string, contentLength int64) ([]byte, error) { cc.hbuf.Reset() @@ -2066,7 +2108,7 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail } var path string - if req.Method != "CONNECT" { + if !isNormalConnect(req) { path = req.URL.RequestURI() if !validPseudoPath(path) { orig := path @@ -2103,7 +2145,7 @@ func (cc *ClientConn) encodeHeaders(req *http.Request, addGzipHeader bool, trail m = http.MethodGet } f(":method", m) - if req.Method != "CONNECT" { + if !isNormalConnect(req) { f(":path", path) f(":scheme", req.URL.Scheme) } @@ -2461,7 +2503,7 @@ func (rl *clientConnReadLoop) run() error { cc.vlogf("http2: Transport readFrame error on conn %p: (%T) %v", cc, err, err) } if se, ok := err.(StreamError); ok { - if cs := rl.streamByID(se.StreamID); cs != nil { + if cs := rl.streamByID(se.StreamID, notHeaderOrDataFrame); cs != nil { if se.Cause == nil { se.Cause = cc.fr.errDetail } @@ -2507,13 +2549,16 @@ func (rl *clientConnReadLoop) run() error { if VerboseLogs { cc.vlogf("http2: Transport conn %p received error from processing frame %v: %v", cc, summarizeFrame(f), err) } + if !cc.seenSettings { + close(cc.seenSettingsChan) + } return err } } } func (rl *clientConnReadLoop) processHeaders(f *MetaHeadersFrame) error { - cs := rl.streamByID(f.StreamID) + cs := rl.streamByID(f.StreamID, headerOrDataFrame) if cs == nil { // We'd get here if we canceled a request while the // server had its response still in flight. So if this @@ -2842,7 +2887,7 @@ func (b transportResponseBody) Close() error { func (rl *clientConnReadLoop) processData(f *DataFrame) error { cc := rl.cc - cs := rl.streamByID(f.StreamID) + cs := rl.streamByID(f.StreamID, headerOrDataFrame) data := f.Data() if cs == nil { cc.mu.Lock() @@ -2977,9 +3022,22 @@ func (rl *clientConnReadLoop) endStreamError(cs *clientStream, err error) { cs.abortStream(err) } -func (rl *clientConnReadLoop) streamByID(id uint32) *clientStream { +// Constants passed to streamByID for documentation purposes. +const ( + headerOrDataFrame = true + notHeaderOrDataFrame = false +) + +// streamByID returns the stream with the given id, or nil if no stream has that id. +// If headerOrData is true, it clears rst.StreamPingsBlocked. +func (rl *clientConnReadLoop) streamByID(id uint32, headerOrData bool) *clientStream { rl.cc.mu.Lock() defer rl.cc.mu.Unlock() + if headerOrData { + // Work around an unfortunate gRPC behavior. + // See comment on ClientConn.rstStreamPingsBlocked for details. + rl.cc.rstStreamPingsBlocked = false + } cs := rl.cc.streams[id] if cs != nil && !cs.readAborted { return cs @@ -3073,6 +3131,21 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { case SettingHeaderTableSize: cc.henc.SetMaxDynamicTableSize(s.Val) cc.peerMaxHeaderTableSize = s.Val + case SettingEnableConnectProtocol: + if err := s.Valid(); err != nil { + return err + } + // If the peer wants to send us SETTINGS_ENABLE_CONNECT_PROTOCOL, + // we require that it do so in the first SETTINGS frame. + // + // When we attempt to use extended CONNECT, we wait for the first + // SETTINGS frame to see if the server supports it. If we let the + // server enable the feature with a later SETTINGS frame, then + // users will see inconsistent results depending on whether we've + // seen that frame or not. + if !cc.seenSettings { + cc.extendedConnectAllowed = s.Val == 1 + } default: cc.vlogf("Unhandled Setting: %v", s) } @@ -3090,6 +3163,7 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { // connection can establish to our default. cc.maxConcurrentStreams = defaultMaxConcurrentStreams } + close(cc.seenSettingsChan) cc.seenSettings = true } @@ -3098,7 +3172,7 @@ func (rl *clientConnReadLoop) processSettingsNoWrite(f *SettingsFrame) error { func (rl *clientConnReadLoop) processWindowUpdate(f *WindowUpdateFrame) error { cc := rl.cc - cs := rl.streamByID(f.StreamID) + cs := rl.streamByID(f.StreamID, notHeaderOrDataFrame) if f.StreamID != 0 && cs == nil { return nil } @@ -3127,7 +3201,7 @@ func (rl *clientConnReadLoop) processWindowUpdate(f *WindowUpdateFrame) error { } func (rl *clientConnReadLoop) processResetStream(f *RSTStreamFrame) error { - cs := rl.streamByID(f.StreamID) + cs := rl.streamByID(f.StreamID, notHeaderOrDataFrame) if cs == nil { // TODO: return error if server tries to RST_STREAM an idle stream return nil @@ -3205,6 +3279,7 @@ func (rl *clientConnReadLoop) processPing(f *PingFrame) error { if cc.pendingResets > 0 { // See clientStream.cleanupWriteRequest. cc.pendingResets = 0 + cc.rstStreamPingsBlocked = true cc.cond.Broadcast() } return nil diff --git a/vendor/modules.txt b/vendor/modules.txt index 5fea26c24e..60f28e1f98 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -2588,7 +2588,7 @@ golang.org/x/exp/slices # golang.org/x/mod v0.21.0 ## explicit; go 1.22.0 golang.org/x/mod/semver -# golang.org/x/net v0.31.0 +# golang.org/x/net v0.33.0 ## explicit; go 1.18 golang.org/x/net/bpf golang.org/x/net/context From 26e622d253b9d875f553db6285bce67caecffcc1 Mon Sep 17 00:00:00 2001 From: Vasi Vasireddy Date: Wed, 18 Dec 2024 14:21:19 -0800 Subject: [PATCH 5/5] Remove exclude statement --- go.mod | 3 --- 1 file changed, 3 deletions(-) diff --git a/go.mod b/go.mod index b9c7fa1fb8..d60656dfe6 100644 --- a/go.mod +++ b/go.mod @@ -547,6 +547,3 @@ exclude github.com/openshift/api v3.9.0+incompatible // https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ?pli=1 exclude golang.org/x/crypto v0.29.0 - -// https://groups.google.com/g/golang-announce/c/wSCRmFnNmPA/m/Lvcd0mRMAwAJ -exclude golang.org/x/net v0.31.0