From 7751c0bf5947e3a851da97056d469f6e0e994ec2 Mon Sep 17 00:00:00 2001 From: Ryan Richard Date: Mon, 6 Jun 2022 14:37:22 -0700 Subject: [PATCH] Bump project deps, including kube 0.23.6->0.24.1 and Go 1.18.1->1.18.3 Several API changes in Kube required changes in Pinniped code. Signed-off-by: Monis Khan --- Dockerfile | 2 +- go.mod | 26 +++---- go.sum | 42 +++++++++++ hack/Dockerfile_fips | 2 +- .../webhookcachefiller/webhookcachefiller.go | 24 ++++++- .../kubecertagent/mocks/mockdynamiccert.go | 11 +-- internal/dynamiccert/provider.go | 7 +- internal/kubeclient/kubeclient_test.go | 72 +++++++++---------- .../formposthtml/formposthtml_test.go | 4 +- 9 files changed, 129 insertions(+), 61 deletions(-) diff --git a/Dockerfile b/Dockerfile index a5434d4f..b972bd5e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,7 +3,7 @@ # Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. # SPDX-License-Identifier: Apache-2.0 -FROM golang:1.18.1 as build-env +FROM golang:1.18.3 as build-env WORKDIR /work COPY . . diff --git a/go.mod b/go.mod index 5ee1267e..3608bfcf 100644 --- a/go.mod +++ b/go.mod @@ -38,10 +38,10 @@ replace ( require ( github.com/MakeNowJust/heredoc/v2 v2.0.1 - github.com/coreos/go-oidc/v3 v3.1.0 + github.com/coreos/go-oidc/v3 v3.2.0 github.com/creack/pty v1.1.18 github.com/davecgh/go-spew v1.1.1 - github.com/felixge/httpsnoop v1.0.2 + github.com/felixge/httpsnoop v1.0.3 github.com/go-ldap/ldap/v3 v3.4.3 github.com/go-logr/logr v1.2.3 github.com/go-logr/stdr v1.2.2 @@ -63,7 +63,7 @@ require ( github.com/spf13/cobra v1.4.0 github.com/spf13/pflag v1.0.5 github.com/stretchr/testify v1.7.1 - github.com/tdewolff/minify/v2 v2.11.2 + github.com/tdewolff/minify/v2 v2.11.9 go.uber.org/atomic v1.9.0 go.uber.org/zap v1.21.0 golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f @@ -73,15 +73,15 @@ require ( golang.org/x/term v0.0.0-20220411215600-e5f449aeb171 golang.org/x/text v0.3.7 gopkg.in/square/go-jose.v2 v2.6.0 - k8s.io/api v0.23.6 - k8s.io/apiextensions-apiserver v0.23.6 - k8s.io/apimachinery v0.23.6 - k8s.io/apiserver v0.23.6 - k8s.io/client-go v0.23.6 - k8s.io/component-base v0.23.6 + k8s.io/api v0.24.1 + k8s.io/apiextensions-apiserver v0.24.1 + k8s.io/apimachinery v0.24.1 + k8s.io/apiserver v0.24.1 + k8s.io/client-go v0.24.1 + k8s.io/component-base v0.24.1 k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 k8s.io/klog/v2 v2.60.1 - k8s.io/kube-aggregator v0.23.6 + k8s.io/kube-aggregator v0.24.1 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 sigs.k8s.io/yaml v1.3.0 ) @@ -99,6 +99,7 @@ require ( github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/blang/semver v3.5.1+incompatible // indirect + github.com/blang/semver/v4 v4.0.0 // indirect github.com/cespare/xxhash/v2 v2.1.2 // indirect github.com/coreos/go-oidc v2.2.1+incompatible // indirect github.com/coreos/go-semver v0.3.0 // indirect @@ -119,6 +120,7 @@ require ( github.com/golang/glog v1.0.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect + github.com/google/gnostic v0.5.7-v3refs // indirect github.com/googleapis/gnostic v0.5.5 // indirect github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect @@ -154,7 +156,7 @@ require ( github.com/spf13/cast v1.4.1 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/subosito/gotenv v1.2.0 // indirect - github.com/tdewolff/parse/v2 v2.5.29 // indirect + github.com/tdewolff/parse/v2 v2.5.33 // indirect go.etcd.io/etcd/api/v3 v3.5.4 // indirect go.etcd.io/etcd/client/pkg/v3 v3.5.4 // indirect go.etcd.io/etcd/client/v3 v3.5.4 // indirect @@ -184,7 +186,7 @@ require ( gopkg.in/natefinch/lumberjack.v2 v2.0.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect - k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf // indirect + k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 // indirect sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30 // indirect sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect diff --git a/go.sum b/go.sum index 86bc0ea4..75df4088 100644 --- a/go.sum +++ b/go.sum @@ -114,6 +114,7 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY= github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= +github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20200108200545-475eaeb16496/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= @@ -134,6 +135,8 @@ github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJm github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM= +github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ= github.com/bmatcuk/doublestar/v2 v2.0.3/go.mod h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQmTZRptLie8RgRw= github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= @@ -183,6 +186,8 @@ github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjs github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-oidc/v3 v3.1.0 h1:6avEvcdvTa1qYsOZ6I5PRkSYHzpTNWgKYmaJfaYbrRw= github.com/coreos/go-oidc/v3 v3.1.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo= +github.com/coreos/go-oidc/v3 v3.2.0 h1:2eR2MGR7thBXSQ2YbODlF0fcmgtliLCfr9iX6RW11fc= +github.com/coreos/go-oidc/v3 v3.2.0/go.mod h1:rEJ/idjfUyfkBit1eI1fvyr+64/g9dcKpAm8MJMesvo= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM= github.com/coreos/go-semver v0.3.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -258,6 +263,8 @@ github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/felixge/httpsnoop v1.0.2 h1:+nS9g82KMXccJ/wp0zyRW9ZBHFETmMGtkk+2CTTrW4o= github.com/felixge/httpsnoop v1.0.2/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= +github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk= +github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k= github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k= @@ -682,7 +689,10 @@ github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= github.com/google/btree v1.0.1/go.mod h1:xXMiIv4Fb/0kKde4SpL7qlzvu5cMJDRkFDxJfI9uaxA= github.com/google/cel-go v0.9.0/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= +github.com/google/cel-go v0.10.1/go.mod h1:U7ayypeSkw23szu4GaQTPJGx66c20mx8JklMSxrmI1w= github.com/google/cel-spec v0.6.0/go.mod h1:Nwjgxy5CbjlPrtCWjeDjUyKMl8w41YBYGjsyDdqk0xA= +github.com/google/gnostic v0.5.7-v3refs h1:FhTMOKj2VhjpouxvWJAV1TL304uMlb9zcDqkl6cEI54= +github.com/google/gnostic v0.5.7-v3refs/go.mod h1:73MKFl6jIHelAJNaBGFzt3SPtZULs9dYrGFt8OiIsHQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -986,6 +996,7 @@ github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8 github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= github.com/moby/term v0.0.0-20200915141129-7f0af18e79f2/go.mod h1:TjQg8pa4iejrUrjiz0MCtMV38jdMNW4doKSiBrEvCQQ= github.com/moby/term v0.0.0-20210610120745-9d4ed1856297/go.mod h1:vgPCkQMyxTZ7IDy8SXRufE172gr8+K/JE/7hHFxHW3A= +github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6/go.mod h1:E2VnQOmVuvZB6UYnnDB0qG5Nq/1tD9acaOpo6xmt0Kw= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -1269,8 +1280,12 @@ github.com/subosito/gotenv v1.2.0 h1:Slr1R9HxAlEKefgq5jn9U+DnETlIUa6HfgEzj0g5d7s github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw= github.com/tdewolff/minify/v2 v2.11.2 h1:PpaPWhNlMVjkAKaOj0bbPv6KCVnrm8jbVwG7OtSdAqw= github.com/tdewolff/minify/v2 v2.11.2/go.mod h1:NxozhBtgUVypPLzQdV96wkIu9J9vAiVmBcKhfC2zMfg= +github.com/tdewolff/minify/v2 v2.11.9 h1:1q5728c0QICKlp2X1n7OiaiiFFzCzsq7uxAkv+eykT8= +github.com/tdewolff/minify/v2 v2.11.9/go.mod h1:XHKhaRF/vTa3EP4JX8oZ2CO4crGEtVOiSoqUED953wM= github.com/tdewolff/parse/v2 v2.5.29 h1:Uf0OtZL9YaUXTuHEOitdo9lD90P0XTwCjZi+KbGChuM= github.com/tdewolff/parse/v2 v2.5.29/go.mod h1:WzaJpRSbwq++EIQHYIRTpbYKNA3gn9it1Ik++q4zyho= +github.com/tdewolff/parse/v2 v2.5.33 h1:D75KlhAeCSQg4Na8cWKehJdPJoZxwdpRbTZw7lZFWNQ= +github.com/tdewolff/parse/v2 v2.5.33/go.mod h1:WzaJpRSbwq++EIQHYIRTpbYKNA3gn9it1Ik++q4zyho= github.com/tdewolff/test v1.0.6 h1:76mzYJQ83Op284kMT+63iCNCI7NEERsIN8dLM+RiKr4= github.com/tdewolff/test v1.0.6/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE= github.com/tidwall/gjson v1.3.2/go.mod h1:P256ACg0Mn+j1RXIDXoss50DeIABTYK1PULOJHhxOls= @@ -1310,6 +1325,7 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= +github.com/yuin/goldmark v1.4.1/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q= github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0= go.elastic.co/apm v1.8.0/go.mod h1:tCw6CkOJgkWnzEthFN9HUP1uL3Gjc/Ur6m7gRPLaoH0= @@ -1320,14 +1336,17 @@ go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.6 h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU= go.etcd.io/bbolt v1.3.6/go.mod h1:qXsaaIqmgQH0T+OPdb99Bf+PKfBBQVAdyD6TY9G8XM4= go.etcd.io/etcd/api/v3 v3.5.0/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= +go.etcd.io/etcd/api/v3 v3.5.1/go.mod h1:cbVKeC6lCfl7j/8jBhAK6aIYO9XOjdptoxU/nLQcPvs= go.etcd.io/etcd/api/v3 v3.5.4 h1:OHVyt3TopwtUQ2GKdd5wu3PmmipR4FTwCqoEjSyRdIc= go.etcd.io/etcd/api/v3 v3.5.4/go.mod h1:5GB2vv4A4AOn3yk7MftYGHkUfGtDHnEraIjym4dYz5A= go.etcd.io/etcd/client/pkg/v3 v3.5.0/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= +go.etcd.io/etcd/client/pkg/v3 v3.5.1/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/pkg/v3 v3.5.4 h1:lrneYvz923dvC14R54XcA7FXoZ3mlGZAgmwhfm7HqOg= go.etcd.io/etcd/client/pkg/v3 v3.5.4/go.mod h1:IJHfcCEKxYu1Os13ZdwCwIUTUVGYTSAM3YSwc9/Ac1g= go.etcd.io/etcd/client/v2 v2.305.0 h1:ftQ0nOOHMcbMS3KIaDQ0g5Qcd6bhaBrQT6b89DfwLTs= go.etcd.io/etcd/client/v2 v2.305.0/go.mod h1:h9puh54ZTgAKtEbut2oe9P4L/oqKCVB6xsXlzd7alYQ= go.etcd.io/etcd/client/v3 v3.5.0/go.mod h1:AIKXXVX/DQXtfTEqBryiLTUXwON+GuvO6Z7lLS/oTh0= +go.etcd.io/etcd/client/v3 v3.5.1/go.mod h1:OnjH4M8OnAotwaB2l9bVgZzRFKru7/ZMoS46OtKyd3Q= go.etcd.io/etcd/client/v3 v3.5.4 h1:p83BUL3tAYS0OT/r0qglgc3M1JjhM0diV8DSWAhVXv4= go.etcd.io/etcd/client/v3 v3.5.4/go.mod h1:ZaRkVgBZC+L+dLCjTcF1hRXpgZXQPOvnA/Ak/gq3kiY= go.etcd.io/etcd/pkg/v3 v3.5.0 h1:ntrg6vvKRW26JRmHTE0iNlDgYK6JX3hg/4cD62X0ixk= @@ -1436,6 +1455,7 @@ golang.org/x/crypto v0.0.0-20210817164053-32db794688a5/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220331220935-ae2d96664a29/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f h1:OeJjE6G4dgCY4PIXvIRQbE8+RX+uXZyGhUy/ksMGJoc= golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= @@ -1545,6 +1565,7 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20210825183410-e898025ed96a/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= +golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211209124913-491a49abca63/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= @@ -1690,6 +1711,7 @@ golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211210111614-af8b64212486/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1723,6 +1745,7 @@ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.0.0-20220210224613-90d013bbcef8/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20220411224347-583f2d630306 h1:+gHMid33q6pen7kv9xvT+JRinntgeXO2AeZVd0AWD3w= golang.org/x/time v0.0.0-20220411224347-583f2d630306/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1829,6 +1852,7 @@ golang.org/x/tools v0.1.3/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.6-0.20210820212750-d4cc65f0b2ff/go.mod h1:YD9qOF0M9xpSpdWTBbzEl5e/RnCefISl8E5Noe10jFM= +golang.org/x/tools v0.1.10-0.20220218145154-897bd77cd717/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/tools v0.1.10 h1:QjFRCZxdOhBJ/UNgnBZLbNV13DlbnK0quyivTnXJM20= golang.org/x/tools v0.1.10/go.mod h1:Uh6Zz+xoGYZom868N8YTex3t7RhtHDBrE8Gzo9bV56E= golang.org/x/xerrors v0.0.0-20190410155217-1f06c39b4373/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1959,6 +1983,7 @@ google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ6 google.golang.org/genproto v0.0.0-20211206160659-862468c7d6e0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211208223120-3a66f561d7aa/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211221195035-429b39de9b1c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= +google.golang.org/genproto v0.0.0-20220107163113-42d7afdf6368/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220126215142-9970aeb2e350/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220207164111-0872dc986b00/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20220218161850-94dd64e39d7c/go.mod h1:kGP+zUP2Ddo0ayMi4YuN7C3WZyJvGLZRh8Z5wnAqvEI= @@ -2090,17 +2115,30 @@ honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= k8s.io/api v0.23.6 h1:yOK34wbYECH4RsJbQ9sfkFK3O7f/DUHRlzFehkqZyVw= k8s.io/api v0.23.6/go.mod h1:1kFaYxGCFHYp3qd6a85DAj/yW8aVD6XLZMqJclkoi9g= +k8s.io/api v0.24.1 h1:BjCMRDcyEYz03joa3K1+rbshwh1Ay6oB53+iUx2H8UY= +k8s.io/api v0.24.1/go.mod h1:JhoOvNiLXKTPQ60zh2g0ewpA+bnEYf5q44Flhquh4vQ= k8s.io/apiextensions-apiserver v0.23.6 h1:v58cQ6Z0/GK1IXYr+oW0fnYl52o9LTY0WgoWvI8uv5Q= k8s.io/apiextensions-apiserver v0.23.6/go.mod h1:YVh17Mphv183THQJA5spNFp9XfoidFyL3WoDgZxQIZU= +k8s.io/apiextensions-apiserver v0.24.1 h1:5yBh9+ueTq/kfnHQZa0MAo6uNcPrtxPMpNQgorBaKS0= +k8s.io/apiextensions-apiserver v0.24.1/go.mod h1:A6MHfaLDGfjOc/We2nM7uewD5Oa/FnEbZ6cD7g2ca4Q= k8s.io/apimachinery v0.23.6 h1:RH1UweWJkWNTlFx0D8uxOpaU1tjIOvVVWV/bu5b3/NQ= k8s.io/apimachinery v0.23.6/go.mod h1:BEuFMMBaIbcOqVIJqNZJXGFTP4W6AycEpb5+m/97hrM= +k8s.io/apimachinery v0.24.1 h1:ShD4aDxTQKN5zNf8K1RQ2u98ELLdIW7jEnlO9uAMX/I= +k8s.io/apimachinery v0.24.1/go.mod h1:82Bi4sCzVBdpYjyI4jY6aHX+YCUchUIrZrXKedjd2UM= k8s.io/apiserver v0.23.6 h1:p94LiXcsSnpSDIl4cv98liBuFKcaygSCNopFNfMg/Ac= k8s.io/apiserver v0.23.6/go.mod h1:5PU32F82tfErXPmf7FXhd/UcuLfh97tGepjKUgJ2atg= +k8s.io/apiserver v0.24.1 h1:LAA5UpPOeaREEtFAQRUQOI3eE5So/j5J3zeQJjeLdz4= +k8s.io/apiserver v0.24.1/go.mod h1:dQWNMx15S8NqJMp0gpYfssyvhYnkilc1LpExd/dkLh0= k8s.io/client-go v0.23.6 h1:7h4SctDVQAQbkHQnR4Kzi7EyUyvla5G1pFWf4+Od7hQ= k8s.io/client-go v0.23.6/go.mod h1:Umt5icFOMLV/+qbtZ3PR0D+JA6lvvb3syzodv4irpK4= +k8s.io/client-go v0.24.1 h1:w1hNdI9PFrzu3OlovVeTnf4oHDt+FJLd9Ndluvnb42E= +k8s.io/client-go v0.24.1/go.mod h1:f1kIDqcEYmwXS/vTbbhopMUbhKp2JhOeVTfxgaCIlF8= k8s.io/code-generator v0.23.6/go.mod h1:S0Q1JVA+kSzTI1oUvbKAxZY/DYbA/ZUb4Uknog12ETk= +k8s.io/code-generator v0.24.1/go.mod h1:dpVhs00hTuTdTY6jvVxvTFCk6gSMrtfRydbhZwHI15w= k8s.io/component-base v0.23.6 h1:8dhVZ4VrRcNdV2EGjl8tj8YOHwX6ysgCGMJ2Oyy0NW8= k8s.io/component-base v0.23.6/go.mod h1:FGMPeMrjYu0UZBSAFcfloVDplj9IvU+uRMTOdE23Fj0= +k8s.io/component-base v0.24.1 h1:APv6W/YmfOWZfo+XJ1mZwep/f7g7Tpwvdbo9CQLDuts= +k8s.io/component-base v0.24.1/go.mod h1:DW5vQGYVCog8WYpNob3PMmmsY8A3L9QZNg4j/dV3s38= k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI= k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -2111,9 +2149,13 @@ k8s.io/klog/v2 v2.60.1 h1:VW25q3bZx9uE3vvdL6M8ezOX79vA2Aq1nEWLqNQclHc= k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-aggregator v0.23.6 h1:/p1FvmG3je8kSv+i6uJoK+LkViOgu1vhV+BpGgibdCk= k8s.io/kube-aggregator v0.23.6/go.mod h1:cubFdoSJRMEN+ilg1ErhNIoplJwyYbmgn3bUlen8KjA= +k8s.io/kube-aggregator v0.24.1 h1:OXnkMFY20gaVV4cwKSayOZobdETOvRhgDxCHxriBygU= +k8s.io/kube-aggregator v0.24.1/go.mod h1:vZvRALCO32hrIuREhkYwLq5Crc0zh6SxzJDAKrQM1+k= k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf h1:M9XBsiMslw2lb2ZzglC0TOkBPK5NQi0/noUrdnoFwUg= k8s.io/kube-openapi v0.0.0-20220124234850-424119656bbf/go.mod h1:sX9MT8g7NVZM5lVL/j8QyCCJe8YSMW30QvGZWaCIDIk= +k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42 h1:Gii5eqf+GmIEwGNKQYQClCayuJCe2/4fZUvF7VG99sU= +k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk= k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20211116205334-6203023598ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9 h1:HNSDgDCrr/6Ly3WEGKZftiE7IY19Vz2GdbOCyI4qqhc= diff --git a/hack/Dockerfile_fips b/hack/Dockerfile_fips index c8017953..ce77f805 100644 --- a/hack/Dockerfile_fips +++ b/hack/Dockerfile_fips @@ -12,7 +12,7 @@ # any type of fips certification. # use go-boringcrypto rather than main go -FROM us-docker.pkg.dev/google.com/api-project-999119582588/go-boringcrypto/golang:1.18.1b7 as build-env +FROM us-docker.pkg.dev/google.com/api-project-999119582588/go-boringcrypto/golang:1.18.3b7 as build-env WORKDIR /work COPY . . diff --git a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go index d394c913..61354f61 100644 --- a/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go +++ b/internal/controller/authenticator/webhookcachefiller/webhookcachefiller.go @@ -14,6 +14,7 @@ import ( "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/util/net" "k8s.io/apiserver/pkg/authentication/authenticator" + webhookutil "k8s.io/apiserver/pkg/util/webhook" "k8s.io/apiserver/plugin/pkg/authenticator/token/webhook" "k8s.io/client-go/tools/clientcmd" clientcmdapi "k8s.io/client-go/tools/clientcmd/api" @@ -118,7 +119,28 @@ func newWebhookAuthenticator( // custom proxy stuff used by the API server. var customDial net.DialFunc + // TODO refactor this code to directly construct the rest.Config + // ideally we would keep rest config generation contained to the kubeclient package + // but this will require some form of a new WithTLSConfigFunc kubeclient.Option + // ex: + // _, caBundle, err := pinnipedauthenticator.CABundle(spec.TLS) + // ... + // restConfig := &rest.Config{ + // Host: spec.Endpoint, + // TLSClientConfig: rest.TLSClientConfig{CAData: caBundle}, + // // copied from k8s.io/apiserver/pkg/util/webhook + // Timeout: 30 * time.Second, + // QPS: -1, + // } + // client, err := kubeclient.New(kubeclient.WithConfig(restConfig), kubeclient.WithTLSConfigFunc(ptls.Default)) + // ... + // then use client.JSONConfig as clientConfig + clientConfig, err := webhookutil.LoadKubeconfig(temp.Name(), customDial) + if err != nil { + return nil, err + } + // this uses a http client that does not honor our TLS config // TODO fix when we pick up https://github.com/kubernetes/kubernetes/pull/106155 - return webhook.New(temp.Name(), version, implicitAuds, *webhook.DefaultRetryBackoff(), customDial) + return webhook.New(clientConfig, version, implicitAuds, *webhook.DefaultRetryBackoff()) } diff --git a/internal/controller/kubecertagent/mocks/mockdynamiccert.go b/internal/controller/kubecertagent/mocks/mockdynamiccert.go index fda36b65..4fc00e1a 100644 --- a/internal/controller/kubecertagent/mocks/mockdynamiccert.go +++ b/internal/controller/kubecertagent/mocks/mockdynamiccert.go @@ -9,6 +9,7 @@ package mocks import ( + context "context" reflect "reflect" gomock "github.com/golang/mock/gomock" @@ -80,7 +81,7 @@ func (mr *MockDynamicCertPrivateMockRecorder) Name() *gomock.Call { } // Run mocks base method. -func (m *MockDynamicCertPrivate) Run(arg0 int, arg1 <-chan struct{}) { +func (m *MockDynamicCertPrivate) Run(arg0 context.Context, arg1 int) { m.ctrl.T.Helper() m.ctrl.Call(m, "Run", arg0, arg1) } @@ -92,17 +93,17 @@ func (mr *MockDynamicCertPrivateMockRecorder) Run(arg0, arg1 interface{}) *gomoc } // RunOnce mocks base method. -func (m *MockDynamicCertPrivate) RunOnce() error { +func (m *MockDynamicCertPrivate) RunOnce(arg0 context.Context) error { m.ctrl.T.Helper() - ret := m.ctrl.Call(m, "RunOnce") + ret := m.ctrl.Call(m, "RunOnce", arg0) ret0, _ := ret[0].(error) return ret0 } // RunOnce indicates an expected call of RunOnce. -func (mr *MockDynamicCertPrivateMockRecorder) RunOnce() *gomock.Call { +func (mr *MockDynamicCertPrivateMockRecorder) RunOnce(arg0 interface{}) *gomock.Call { mr.mock.ctrl.T.Helper() - return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RunOnce", reflect.TypeOf((*MockDynamicCertPrivate)(nil).RunOnce)) + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "RunOnce", reflect.TypeOf((*MockDynamicCertPrivate)(nil).RunOnce), arg0) } // SetCertKeyContent mocks base method. diff --git a/internal/dynamiccert/provider.go b/internal/dynamiccert/provider.go index d5c76847..560dff55 100644 --- a/internal/dynamiccert/provider.go +++ b/internal/dynamiccert/provider.go @@ -1,9 +1,10 @@ -// Copyright 2020-2021 the Pinniped contributors. All Rights Reserved. +// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 package dynamiccert import ( + "context" "crypto/tls" "crypto/x509" "fmt" @@ -148,10 +149,10 @@ func (p *provider) AddListener(listener dynamiccertificates.Listener) { p.listeners = append(p.listeners, listener) } -func (p *provider) RunOnce() error { +func (p *provider) RunOnce(_ context.Context) error { return nil // no-op, but we want to make sure to stay in sync with dynamiccertificates.ControllerRunner } -func (p *provider) Run(workers int, stopCh <-chan struct{}) { +func (p *provider) Run(_ context.Context, workers int) { // no-op, but we want to make sure to stay in sync with dynamiccertificates.ControllerRunner } diff --git a/internal/kubeclient/kubeclient_test.go b/internal/kubeclient/kubeclient_test.go index 9b35c761..b3640a43 100644 --- a/internal/kubeclient/kubeclient_test.go +++ b/internal/kubeclient/kubeclient_test.go @@ -37,7 +37,7 @@ import ( ) const ( - someClusterName = "some cluster name" + someUID = "some fake UID" ) var ( @@ -115,13 +115,13 @@ func TestKubeclient(t *testing.T) { require.EqualError(t, err, `couldn't find object for path "/api/v1/namespaces/good-namespace/pods/this-pod-does-not-exist"`) // update - goodPodWithAnnotationsAndLabelsAndClusterName := with(goodPod, annotations(), labels(), clusterName()).(*corev1.Pod) + goodPodWithAnnotationsAndLabelsAndUID := with(goodPod, annotations(), labels(), uid()).(*corev1.Pod) pod, err = c.Kubernetes. CoreV1(). Pods(pod.Namespace). - Update(context.Background(), goodPodWithAnnotationsAndLabelsAndClusterName, metav1.UpdateOptions{}) + Update(context.Background(), goodPodWithAnnotationsAndLabelsAndUID, metav1.UpdateOptions{}) require.NoError(t, err) - require.Equal(t, goodPodWithAnnotationsAndLabelsAndClusterName, pod) + require.Equal(t, goodPodWithAnnotationsAndLabelsAndUID, pod) // delete err = c.Kubernetes. @@ -135,14 +135,14 @@ func TestKubeclient(t *testing.T) { with(goodPod, gvk(podGVK)), with(&metav1.PartialObjectMetadata{}, gvk(podGVK)), with(&metav1.PartialObjectMetadata{}, gvk(podGVK)), - with(goodPod, annotations(), labels(), clusterName(), gvk(podGVK)), + with(goodPod, annotations(), labels(), uid(), gvk(podGVK)), with(&metav1.PartialObjectMetadata{}, gvk(podGVK)), }, { with(goodPod, annotations(), gvk(podGVK)), with(&metav1.PartialObjectMetadata{}, gvk(podGVK)), with(&metav1.PartialObjectMetadata{}, gvk(podGVK)), - with(goodPod, annotations(), labels(), clusterName(), gvk(podGVK)), + with(goodPod, annotations(), labels(), uid(), gvk(podGVK)), with(&metav1.PartialObjectMetadata{}, gvk(podGVK)), }, }, @@ -150,12 +150,12 @@ func TestKubeclient(t *testing.T) { { with(goodPod, annotations(), labels(), gvk(podGVK)), with(goodPod, annotations(), labels(), gvk(podGVK)), - with(goodPod, annotations(), labels(), clusterName(), gvk(podGVK)), + with(goodPod, annotations(), labels(), uid(), gvk(podGVK)), }, { with(goodPod, emptyAnnotations(), labels(), gvk(podGVK)), with(goodPod, annotations(), labels(), gvk(podGVK)), - with(goodPod, annotations(), labels(), clusterName(), gvk(podGVK)), + with(goodPod, annotations(), labels(), uid(), gvk(podGVK)), }, }, }, @@ -217,13 +217,13 @@ func TestKubeclient(t *testing.T) { require.Equal(t, with(goodAPIService, annotations(), labels()), apiService) // update - goodAPIServiceWithAnnotationsAndLabelsAndClusterName := with(goodAPIService, annotations(), labels(), clusterName()).(*apiregistrationv1.APIService) + goodAPIServiceWithAnnotationsAndLabelsAndUID := with(goodAPIService, annotations(), labels(), uid()).(*apiregistrationv1.APIService) apiService, err = c.Aggregation. ApiregistrationV1(). APIServices(). - Update(context.Background(), goodAPIServiceWithAnnotationsAndLabelsAndClusterName, metav1.UpdateOptions{}) + Update(context.Background(), goodAPIServiceWithAnnotationsAndLabelsAndUID, metav1.UpdateOptions{}) require.NoError(t, err) - require.Equal(t, goodAPIServiceWithAnnotationsAndLabelsAndClusterName, apiService) + require.Equal(t, goodAPIServiceWithAnnotationsAndLabelsAndUID, apiService) // delete err = c.Aggregation. @@ -236,13 +236,13 @@ func TestKubeclient(t *testing.T) { { with(goodAPIService, gvk(apiServiceGVK)), with(&metav1.PartialObjectMetadata{}, gvk(apiServiceGVK)), - with(goodAPIService, annotations(), labels(), clusterName(), gvk(apiServiceGVK)), + with(goodAPIService, annotations(), labels(), uid(), gvk(apiServiceGVK)), with(&metav1.PartialObjectMetadata{}, gvk(apiServiceGVK)), }, { with(goodAPIService, annotations(), gvk(apiServiceGVK)), with(&metav1.PartialObjectMetadata{}, gvk(apiServiceGVK)), - with(goodAPIService, annotations(), labels(), clusterName(), gvk(apiServiceGVK)), + with(goodAPIService, annotations(), labels(), uid(), gvk(apiServiceGVK)), with(&metav1.PartialObjectMetadata{}, gvk(apiServiceGVK)), }, }, @@ -250,12 +250,12 @@ func TestKubeclient(t *testing.T) { { with(goodAPIService, annotations(), labels(), gvk(apiServiceGVK)), with(goodAPIService, annotations(), labels(), gvk(apiServiceGVK)), - with(goodAPIService, annotations(), labels(), clusterName(), gvk(apiServiceGVK)), + with(goodAPIService, annotations(), labels(), uid(), gvk(apiServiceGVK)), }, { with(goodAPIService, emptyAnnotations(), labels(), gvk(apiServiceGVK)), with(goodAPIService, annotations(), labels(), gvk(apiServiceGVK)), - with(goodAPIService, annotations(), labels(), clusterName(), gvk(apiServiceGVK)), + with(goodAPIService, annotations(), labels(), uid(), gvk(apiServiceGVK)), }, }, }, @@ -282,13 +282,13 @@ func TestKubeclient(t *testing.T) { require.Equal(t, with(goodCredentialIssuer, annotations(), labels()), tokenCredentialRequest) // update - goodCredentialIssuerWithAnnotationsAndLabelsAndClusterName := with(goodCredentialIssuer, annotations(), labels(), clusterName()).(*conciergeconfigv1alpha1.CredentialIssuer) + goodCredentialIssuerWithAnnotationsAndLabelsAndUID := with(goodCredentialIssuer, annotations(), labels(), uid()).(*conciergeconfigv1alpha1.CredentialIssuer) tokenCredentialRequest, err = c.PinnipedConcierge. ConfigV1alpha1(). CredentialIssuers(). - Update(context.Background(), goodCredentialIssuerWithAnnotationsAndLabelsAndClusterName, metav1.UpdateOptions{}) + Update(context.Background(), goodCredentialIssuerWithAnnotationsAndLabelsAndUID, metav1.UpdateOptions{}) require.NoError(t, err) - require.Equal(t, goodCredentialIssuerWithAnnotationsAndLabelsAndClusterName, tokenCredentialRequest) + require.Equal(t, goodCredentialIssuerWithAnnotationsAndLabelsAndUID, tokenCredentialRequest) // delete err = c.PinnipedConcierge. @@ -301,13 +301,13 @@ func TestKubeclient(t *testing.T) { { with(goodCredentialIssuer, gvk(credentialIssuerGVK)), with(&metav1.PartialObjectMetadata{}, gvk(credentialIssuerGVK)), - with(goodCredentialIssuer, annotations(), labels(), clusterName(), gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), uid(), gvk(credentialIssuerGVK)), with(&metav1.PartialObjectMetadata{}, gvk(credentialIssuerGVK)), }, { with(goodCredentialIssuer, annotations(), gvk(credentialIssuerGVK)), with(&metav1.PartialObjectMetadata{}, gvk(credentialIssuerGVK)), - with(goodCredentialIssuer, annotations(), labels(), clusterName(), gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), uid(), gvk(credentialIssuerGVK)), with(&metav1.PartialObjectMetadata{}, gvk(credentialIssuerGVK)), }, }, @@ -315,12 +315,12 @@ func TestKubeclient(t *testing.T) { { with(goodCredentialIssuer, annotations(), labels(), gvk(credentialIssuerGVK)), with(goodCredentialIssuer, annotations(), labels(), gvk(credentialIssuerGVK)), - with(goodCredentialIssuer, annotations(), labels(), clusterName(), gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), uid(), gvk(credentialIssuerGVK)), }, { with(goodCredentialIssuer, emptyAnnotations(), labels(), gvk(credentialIssuerGVK)), with(goodCredentialIssuer, annotations(), labels(), gvk(credentialIssuerGVK)), - with(goodCredentialIssuer, annotations(), labels(), clusterName(), gvk(credentialIssuerGVK)), + with(goodCredentialIssuer, annotations(), labels(), uid(), gvk(credentialIssuerGVK)), }, }, }, @@ -347,13 +347,13 @@ func TestKubeclient(t *testing.T) { require.Equal(t, with(goodFederationDomain, annotations(), labels()), federationDomain) // update - goodFederationDomainWithAnnotationsAndLabelsAndClusterName := with(goodFederationDomain, annotations(), labels(), clusterName()).(*supervisorconfigv1alpha1.FederationDomain) + goodFederationDomainWithAnnotationsAndLabelsAndUID := with(goodFederationDomain, annotations(), labels(), uid()).(*supervisorconfigv1alpha1.FederationDomain) federationDomain, err = c.PinnipedSupervisor. ConfigV1alpha1(). FederationDomains(federationDomain.Namespace). - Update(context.Background(), goodFederationDomainWithAnnotationsAndLabelsAndClusterName, metav1.UpdateOptions{}) + Update(context.Background(), goodFederationDomainWithAnnotationsAndLabelsAndUID, metav1.UpdateOptions{}) require.NoError(t, err) - require.Equal(t, goodFederationDomainWithAnnotationsAndLabelsAndClusterName, federationDomain) + require.Equal(t, goodFederationDomainWithAnnotationsAndLabelsAndUID, federationDomain) // delete err = c.PinnipedSupervisor. @@ -366,13 +366,13 @@ func TestKubeclient(t *testing.T) { { with(goodFederationDomain, gvk(federationDomainGVK)), with(&metav1.PartialObjectMetadata{}, gvk(federationDomainGVK)), - with(goodFederationDomain, annotations(), labels(), clusterName(), gvk(federationDomainGVK)), + with(goodFederationDomain, annotations(), labels(), uid(), gvk(federationDomainGVK)), with(&metav1.PartialObjectMetadata{}, gvk(federationDomainGVK)), }, { with(goodFederationDomain, annotations(), gvk(federationDomainGVK)), with(&metav1.PartialObjectMetadata{}, gvk(federationDomainGVK)), - with(goodFederationDomain, annotations(), labels(), clusterName(), gvk(federationDomainGVK)), + with(goodFederationDomain, annotations(), labels(), uid(), gvk(federationDomainGVK)), with(&metav1.PartialObjectMetadata{}, gvk(federationDomainGVK)), }, }, @@ -380,12 +380,12 @@ func TestKubeclient(t *testing.T) { { with(goodFederationDomain, annotations(), labels(), gvk(federationDomainGVK)), with(goodFederationDomain, annotations(), labels(), gvk(federationDomainGVK)), - with(goodFederationDomain, annotations(), labels(), clusterName(), gvk(federationDomainGVK)), + with(goodFederationDomain, annotations(), labels(), uid(), gvk(federationDomainGVK)), }, { with(goodFederationDomain, emptyAnnotations(), labels(), gvk(federationDomainGVK)), with(goodFederationDomain, annotations(), labels(), gvk(federationDomainGVK)), - with(goodFederationDomain, annotations(), labels(), clusterName(), gvk(federationDomainGVK)), + with(goodFederationDomain, annotations(), labels(), uid(), gvk(federationDomainGVK)), }, }, }, @@ -428,7 +428,7 @@ func TestKubeclient(t *testing.T) { FederationDomains(goodFederationDomain.Namespace). Create(context.Background(), goodFederationDomain, metav1.CreateOptions{}) require.NoError(t, err) - require.Equal(t, with(goodFederationDomain, clusterName()), federationDomain) + require.Equal(t, with(goodFederationDomain, uid()), federationDomain) // read federationDomain, err = c.PinnipedSupervisor. @@ -436,7 +436,7 @@ func TestKubeclient(t *testing.T) { FederationDomains(federationDomain.Namespace). Get(context.Background(), federationDomain.Name, metav1.GetOptions{}) require.NoError(t, err) - require.Equal(t, with(goodFederationDomain, clusterName()), federationDomain) + require.Equal(t, with(goodFederationDomain, uid()), federationDomain) }, wantMiddlewareReqs: [][]Object{ { @@ -444,7 +444,7 @@ func TestKubeclient(t *testing.T) { with(&metav1.PartialObjectMetadata{}, gvk(federationDomainGVK)), }, { - with(goodFederationDomain, clusterName(), gvk(federationDomainGVK)), + with(goodFederationDomain, uid(), gvk(federationDomainGVK)), with(&metav1.PartialObjectMetadata{}, gvk(federationDomainGVK)), }, }, @@ -502,7 +502,7 @@ func TestKubeclient(t *testing.T) { name: "non-pertinent mutater", t: t, mutateReq: func(rt RoundTrip, obj Object) error { - clusterName()(obj) + uid()(obj) return nil }, }} @@ -728,7 +728,7 @@ func newSimpleMiddleware(t *testing.T, hasMutateReqFunc, mutatedReq, hasMutateRe m.mutateReq = func(rt RoundTrip, obj Object) error { if mutatedReq { if rt.Verb() == VerbCreate { - obj.SetClusterName(someClusterName) + obj.SetUID(someUID) } } return nil @@ -916,9 +916,9 @@ func labels() withFunc { } } -func clusterName() withFunc { +func uid() withFunc { return func(obj Object) { - obj.SetClusterName(someClusterName) + obj.SetUID(someUID) } } diff --git a/internal/oidc/provider/formposthtml/formposthtml_test.go b/internal/oidc/provider/formposthtml/formposthtml_test.go index e28714c0..e7d82b75 100644 --- a/internal/oidc/provider/formposthtml/formposthtml_test.go +++ b/internal/oidc/provider/formposthtml/formposthtml_test.go @@ -30,7 +30,7 @@ var ( - + @@ -61,7 +61,7 @@ var ( // It's okay if this changes in the future, but this gives us a chance to eyeball the formatting. // Our browser-based integration tests should find any incompatibilities. testExpectedCSP = `default-src 'none'; ` + - `script-src 'sha256-1LS3gM7wTGc0dYXZiqW6HK1LHk74YSG8GsJBC/j1/i8='; ` + + `script-src 'sha256-uIWC0J7wd7tWtcXmugZCkKsQpqOsQzqBI/mfQMtUde0='; ` + `style-src 'sha256-kXh6OrB2z7wkx7v1N3ay9deQhV5edwuogARaUtvNYN4='; ` + `img-src data:; ` + `connect-src *; ` +