Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release-1.11] Upgrade to latest dependencies #7390

Merged
merged 1 commit into from
Oct 24, 2023
Merged

[release-1.11] Upgrade to latest dependencies #7390

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,8 +46,8 @@ require (
k8s.io/utils v0.0.0-20221108210102-8e77b1f39fe2
knative.dev/hack v0.0.0-20230712131415-ddae80293c43
knative.dev/hack/schema v0.0.0-20230712131415-ddae80293c43
knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7
knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831
knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626
knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2
sigs.k8s.io/yaml v1.3.0
)

Expand Down
8 changes: 4 additions & 4 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -934,10 +934,10 @@ knative.dev/hack v0.0.0-20230712131415-ddae80293c43 h1:3SE06uNfSFGm/5XS+0trbyCUp
knative.dev/hack v0.0.0-20230712131415-ddae80293c43/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
knative.dev/hack/schema v0.0.0-20230712131415-ddae80293c43 h1:FqKKg9cUKc2I9bw27fbGkmTtI3CUiqrnMdbuXm+yPUc=
knative.dev/hack/schema v0.0.0-20230712131415-ddae80293c43/go.mod h1:GeIb+PLd5mllawcpHEGF5J5fYTQrvgEO5liao8lUKUs=
knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7 h1:y3qbfYX1SuSr/1ysXvKfpV8q/kCwWLWieCUgAhBUHmQ=
knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7/go.mod h1:g+UCgSKQ2f15kHYu/V3CPtoKo5F1x/2Y1ot0NSK7gA0=
knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831 h1:rOisVvTe0yuJNImgOex1Z4vdqXRPP1FAg5xPxbLOSlU=
knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831/go.mod h1:i+/PWK/n3HPgjXMoj5U7CA6WRW/C3c3EfHCQ0FmrhNM=
knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626 h1:qFE+UDBRg6cpF5LbA0sv1XK4XZ36Z7aTRCa+HcuxnNQ=
knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626/go.mod h1:g+UCgSKQ2f15kHYu/V3CPtoKo5F1x/2Y1ot0NSK7gA0=
knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2 h1:Lenj/sGhPYZoCdl4bvoeZzA4Y1VS4LNEIWH1/HTU+6I=
knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2/go.mod h1:HgugJUOhHZ3F6Tbhte92ecL0sBqJtCeJtd7K8jX+IJk=
pgregory.net/rapid v0.3.3 h1:jCjBsY4ln4Atz78QoBWxUEvAHaFyNDQg9+WU62aCn1U=
pgregory.net/rapid v0.3.3/go.mod h1:UYpPVyjFHzYBGHIxLFoupi8vwk6rXNzRY9OMvVxFIOU=
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
Expand Down
18 changes: 18 additions & 0 deletions vendor/knative.dev/pkg/webhook/webhook.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,17 @@ type Options struct {
// ControllerOptions encapsulates options for creating a new controller,
// including throttling and stats behavior.
ControllerOptions *controller.ControllerOptions

// EnableHTTP2 enables HTTP2 for webhooks.
// Mitigate CVE-2023-44487 by disabling HTTP2 by default until the Go
// standard library and golang.org/x/net are fully fixed.
// Right now, it is possible for authenticated and unauthenticated users to
// hold open HTTP2 connections and consume huge amounts of memory.
// See:
// * https://github.com/kubernetes/kubernetes/pull/121120
// * https://github.com/kubernetes/kubernetes/issues/121197
// * https://github.com/golang/go/issues/63417#issuecomment-1758858612
EnableHTTP2 bool
}

// Operation is the verb being operated on
Expand Down Expand Up @@ -237,12 +248,19 @@ func (wh *Webhook) Run(stop <-chan struct{}) error {
QuietPeriod: wh.Options.GracePeriod,
}

// If TLSNextProto is not nil, HTTP/2 support is not enabled automatically.
nextProto := map[string]func(*http.Server, *tls.Conn, http.Handler){}
if wh.Options.EnableHTTP2 {
nextProto = nil
}

server := &http.Server{
ErrorLog: log.New(&zapWrapper{logger}, "", 0),
Handler: drainer,
Addr: fmt.Sprint(":", wh.Options.Port),
TLSConfig: wh.tlsConfig,
ReadHeaderTimeout: time.Minute, //https://medium.com/a-journey-with-go/go-understand-and-mitigate-slowloris-attack-711c1b1403f6
TLSNextProto: nextProto,
}

var serve = server.ListenAndServe
Expand Down
20 changes: 17 additions & 3 deletions vendor/knative.dev/reconciler-test/pkg/environment/namespace.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,12 +122,26 @@ func (mr *MagicEnvironment) CreateNamespaceIfNeeded() error {
return fmt.Errorf("error copying the image pull Secret: %s", err)
}

_, err = c.CoreV1().ServiceAccounts(mr.namespace).Patch(context.Background(), sa.Name, types.StrategicMergePatchType,
[]byte(`{"imagePullSecrets":[{"name":"`+mr.imagePullSecretName+`"}]}`), metav1.PatchOptions{})
for _, secret := range sa.ImagePullSecrets {
if secret.Name == mr.imagePullSecretName {
return nil
}
}

// Prevent overwriting existing imagePullSecrets
patch := `[{"op":"add","path":"/imagePullSecrets/-","value":{"name":"` + mr.imagePullSecretName + `"}}]`
if len(sa.ImagePullSecrets) == 0 {
patch = `[{"op":"add","path":"/imagePullSecrets","value":[{"name":"` + mr.imagePullSecretName + `"}]}]`
}

_, err = c.CoreV1().ServiceAccounts(mr.namespace).Patch(context.Background(), sa.Name, types.JSONPatchType,
[]byte(patch), metav1.PatchOptions{})
if err != nil {
return fmt.Errorf("patch failed on NS/SA (%s/%s): %s", mr.namespace, sa.Name, err)
return fmt.Errorf("patch failed on NS/SA (%s/%s): %w",
mr.namespace, sa.Name, err)
}
}

return nil
}

Expand Down
6 changes: 6 additions & 0 deletions vendor/knative.dev/reconciler-test/pkg/eventshub/rbac/100-sa.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,9 @@ kind: ServiceAccount
metadata:
name: {{ .name }}
namespace: {{ .namespace }}
{{ if .withPullSecrets }}
imagePullSecrets:
{{ range $_, $value := .withPullSecrets.secrets }}
- name: {{ $value }}
{{ end }}
{{ end }}
27 changes: 26 additions & 1 deletion vendor/knative.dev/reconciler-test/pkg/eventshub/rbac/rbac.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@ import (
"embed"

apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kubeclient "knative.dev/pkg/client/injection/kube/client"
"knative.dev/reconciler-test/pkg/environment"

"knative.dev/reconciler-test/pkg/feature"
"knative.dev/reconciler-test/pkg/manifest"
Expand All @@ -30,11 +33,33 @@ import (
var templates embed.FS

// Install creates the necessary ServiceAccount, Role, RoleBinding for the eventshub.
// The resources are named according to the current namespace defined in the environment.
func Install(cfg map[string]interface{}) feature.StepFn {
return func(ctx context.Context, t feature.T) {
WithPullSecrets(ctx, t)(cfg)
if _, err := manifest.InstallYamlFS(ctx, templates, cfg); err != nil && !apierrors.IsAlreadyExists(err) {
t.Fatal(err)
}
}
}

func WithPullSecrets(ctx context.Context, t feature.T) manifest.CfgFn {
namespace := environment.FromContext(ctx).Namespace()
serviceAccount, err := kubeclient.Get(ctx).CoreV1().ServiceAccounts(namespace).Get(ctx, "default", metav1.GetOptions{})
if err != nil {
t.Fatalf("Failed to read default SA in %s namespace: %v", namespace, err)
}

return func(cfg map[string]interface{}) {
if len(serviceAccount.ImagePullSecrets) == 0 {
return
}
if _, set := cfg["withPullSecrets"]; !set {
cfg["withPullSecrets"] = map[string]interface{}{}
}
withPullSecrets := cfg["withPullSecrets"].(map[string]interface{})
withPullSecrets["secrets"] = []string{}
for _, secret := range serviceAccount.ImagePullSecrets {
withPullSecrets["secrets"] = append(withPullSecrets["secrets"].([]string), secret.Name)
}
}
}
4 changes: 4 additions & 0 deletions vendor/knative.dev/reconciler-test/pkg/feature/feature.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -227,6 +227,8 @@ func DeleteResources(ctx context.Context, t T, refs []corev1.ObjectReference) er
}
}

var lastResource corev1.ObjectReference // One still present resource

err := wait.Poll(time.Second, 4*time.Minute, func() (bool, error) {
for _, ref := range refs {
gv, err := schema.ParseGroupVersion(ref.APIVersion)
Expand All @@ -248,13 +250,15 @@ func DeleteResources(ctx context.Context, t T, refs []corev1.ObjectReference) er
return false, fmt.Errorf("failed to get resource %+v %s/%s: %w", resource, ref.Namespace, ref.Name, err)
}

lastResource = ref
t.Logf("Resource %+v %s/%s still present", resource, ref.Namespace, ref.Name)
return false, nil
}

return true, nil
})
if err != nil {
LogReferences(lastResource)(ctx, t)
return fmt.Errorf("failed to wait for resources to be deleted: %v", err)
}

Expand Down
18 changes: 16 additions & 2 deletions vendor/knative.dev/reconciler-test/pkg/feature/logging.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime/schema"
"knative.dev/pkg/apis"
kubeclient "knative.dev/pkg/client/injection/kube/client"
"knative.dev/pkg/injection/clients/dynamicclient"
)

Expand Down Expand Up @@ -62,13 +63,26 @@ func logReference(ref corev1.ObjectReference) StepFn {
return
}

b, err := json.MarshalIndent(r, "", " ")
b, err := json.MarshalIndent(r, "", " ")
if err != nil {
t.Logf("Failed to marshal %s: %v\n", resourceStr, err)
return
}

t.Logf("%s\n%s", resourceStr, string(b))
// Get events for the given resource
events, _ := kubeclient.Get(ctx).EventsV1().
Events(ref.Namespace).
List(ctx, metav1.ListOptions{
TypeMeta: metav1.TypeMeta{
Kind: ref.Kind,
APIVersion: ref.APIVersion,
},
FieldSelector: fmt.Sprintf("involvedObject.name=%s", ref.Name),
Limit: 50,
})
eBytes, _ := json.MarshalIndent(events, "", " ")

t.Logf("%s\n%s\nEvents:\n%s\n", resourceStr, string(b), string(eBytes))

// Recursively log owners
for _, or := range r.GetOwnerReferences() {
Expand Down
4 changes: 2 additions & 2 deletions vendor/modules.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1177,7 +1177,7 @@ knative.dev/hack/schema/commands
knative.dev/hack/schema/docs
knative.dev/hack/schema/registry
knative.dev/hack/schema/schema
# knative.dev/pkg v0.0.0-20231011193800-bd99f2f98be7
# knative.dev/pkg v0.0.0-20231023150739-56bfe0dd9626
## explicit; go 1.18
knative.dev/pkg/apiextensions/storageversion
knative.dev/pkg/apiextensions/storageversion/cmd/migrate
Expand Down Expand Up @@ -1315,7 +1315,7 @@ knative.dev/pkg/webhook/resourcesemantics
knative.dev/pkg/webhook/resourcesemantics/conversion
knative.dev/pkg/webhook/resourcesemantics/defaulting
knative.dev/pkg/webhook/resourcesemantics/validation
# knative.dev/reconciler-test v0.0.0-20231010075208-03cc77c11831
# knative.dev/reconciler-test v0.0.0-20231023114057-785e0bd2d9a2
## explicit; go 1.18
knative.dev/reconciler-test/cmd/eventshub
knative.dev/reconciler-test/pkg/environment
Expand Down
Loading